405 files changed, 153261 insertions, 10 deletions
diff --git a/docs/OID/allocated-arcs.txt b/docs/OID/allocated-arcs.txt
new file mode 100755
index 00000000000..acef4930eae
--- /dev/null
+++ b/docs/OID/allocated-arcs.txt
@@ -0,0 +1,19 @@
+!===========================================================================================
+!==
+!==	Allocated Arcs from the Samba Team Private Enterprise Number
+!==	ISO(1) org(3) dod(6) internet(1) private(4) enterprise(1) Samba(7165)
+!==	
+!==	Arc allocation is maintained by jerry carter <jerry@samba.org>.  Please notify
+!==	me if you need an OID and update this file.
+!==
+!==	File Created	: Tue May  8 09:33:31 CDT 2001
+!==
+!===========================================================================================
+
+ARC	Owner			Contact				Purpose
+---	-----			-------				-------
+.1	Plainjoe.org		Jerry Carter <jerry@samba.org>	Use for Plainjoe.org domain
+								and examples in O'Reilly LDAP book
+.2	Samba 2.2. Release	jerry@samba.org			schema for representing smbpasswd
+.3	Jean-Francois.Micouleau@dalalu.fr			Experiemental SNMP fun
+
diff --git a/docs/OID/samba-oid.mail b/docs/OID/samba-oid.mail
new file mode 100755
index 00000000000..d1ad668f880
--- /dev/null
+++ b/docs/OID/samba-oid.mail
@@ -0,0 +1,27 @@
+From gruiz@icann.org Tue May  8 04:27:07 2001
+Date: Tue, 26 Sep 2000 15:29:02 -0700
+From: GIGI RUIZ <gruiz@icann.org>
+To: jerry@samba.org
+Cc: "Iana-Mib (E-mail)" <iana-mib@iana.org>
+Subject: PEN 7165 RE: Application for Enterprise-number
+
+    [ The following text is in the "iso-8859-1" character set. ]
+    [ Your display is set for the "US-ASCII" character set.  ]
+    [ Some characters may be displayed incorrectly. ]
+
+Gerald,
+
+We have assigned Private Enterprise Number 7165 to SAMBA Team, with you as
+the point of contact. Please confirm the information listed below.
+
+7165  SAMBA Team          Gerald Carter              jerry@samba.org
+
+Sincerely,
+
+Gigi Ruiz
+Internet Assigned Numbers Authority - MIB
+
+Voice: (310) 823-9358
+Fax:   (310) 823-8649
+EMAIL: iana-mib@iana.org
+
diff --git a/docs/README-NOW b/docs/README-NOW
deleted file mode 100644
index 46a772385cc..00000000000
--- a/docs/README-NOW
+++ /dev/null
@@ -1,10 +0,0 @@
-                ATTENTION
-            DOCS TREE REMOVED
----------------------------------------------------
-
-This docs tree has been moved to a separate CVS 
-module on cvs.samba.org name 'samba-docs'.  
-See http://cvs.samba.org/ for details on accessing 
-Samba cvs trees.
-
-
diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2
new file mode 100755
index 00000000000..49a8fbf4ae1
--- /dev/null
+++ b/docs/README.Win2kSP2
@@ -0,0 +1,56 @@
+!==
+!== README.Win2kSP2
+!==
+
+Author:		Gerald (Jerry) Carter <jerry@samba.org>
+
+==================================================================
+
+There are several annoyances with Windows 2000 SP2. One of which
+only appears when using a Samba server to host user profiles
+to Windows 2000 SP2 clients in a Windows domain.  This assumes
+that Samba is a member of the domain, but the problem will
+likely occur if it is not.
+
+In order to server profiles successfully to Windows 2000 SP2 
+clients (when not operating as a PDC), Samba must have 
+
+	nt acl support = no
+
+added to the file share which houses the roaming profiles.
+If this is not done, then the Windows 2000 SP2 client will
+complain about not being able to access the profile (Access 
+Denied) and create multiple copies of it on disk (DOMAIN.user.001,
+DOMAIN.user.002, etc...).  See the smb.conf(5) man page
+for more details on this option.  Also note that the "nt acl support"
+parameter was formally a global parameter in releases prior
+to Samba 2.2.2.
+
+The following is a minimal profile share
+
+	[profile]
+		path = /export/profile
+		create mask = 0600
+		directory mask = 0700
+		nt acl support = no
+		read only = no
+
+The reason for this bug is that the Win2k SP2 client copies
+the security descriptor for the profile which contains
+the Samba server's SID, and not the domain SID.  The client
+compares the SID for SAMBA\user and realizes it is
+different that the one assigned to DOMAIN\user.  Hence the reason
+for the "access denied" message.
+
+By disabling the "nt acl support" parameter, Samba will send
+the Win2k client a response to the QuerySecurityDescriptor
+trans2 call which causes the client to set a default ACL
+for the profile. This default ACL includes 
+
+	DOMAIN\user 	"Full Control"
+
+
+NOTE : This bug does not occur when using winbind to
+create accounts on the Samba host for Domain users.
+
+
diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses
new file mode 100755
index 00000000000..07f03360cbc
--- /dev/null
+++ b/docs/README.Win32-Viruses
@@ -0,0 +1,58 @@
+While this article is specific to the recent Nimda worm, 
+the information can be applied to preventing the spread
+of many Win32 viruses.  Thanks to the Samba Users Group of Japan
+(SUGJ) for this article.
+===============================================================================
+Steps againt Nimba Worm for Samba
+
+Author: HASEGAWA Yosuke
+Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>
+
+The information in this article applies to
+    Samba 2.0.x
+    Samba 2.2.x
+    Windows 95/98/Me/NT/2000
+
+SYMPTOMS
+  This article has described the measure against Nimba Worm for Samba
+  server.
+
+DESCRIPTION
+  Nimba Worm is infected through the shared disk on a network besides
+  Microsoft IIS, Internet Explorer and mailer of Outlook series.
+
+  At this time, the worm copies itself by the name *.nws and *.eml on
+  the shared disk, moreover, by the name of Riched20.dll in the folder
+  where *.doc file is included.
+
+  To prevent infection through the shared disk offered by Samba, set
+  up as follows:
+
+-----
+[global]
+  ...
+  # This can break Administration installations of Office2k.
+  # in that case, don't veto the riched20.dll
+  veto files = /*.eml/*.nws/riched20.dll/
+-----
+
+  Setting up "veto files" parameter, the matched files on the Samba
+  server are completely hidden from the clients and become impossible
+  to access them at all.
+
+  In addition to it, the following setting are also pointed out by the
+  samba-jp:09448 thread: when the
+  "(Jreadme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}"(B file exists on
+  a Samba server, it is visible only with "readme.txt" and a dangerous
+  code may be performed when this file is double-clicked.
+
+  Setting the following,
+-----
+  veto files = /*.{*}/
+-----
+  no files having CLSID in its file extension can be accessed from any
+  clients.
+
+This technical article is created based on the discussion of
+samba-jp:09448 and samba-jp:10900 threads.
+
diff --git a/docs/README.ldap b/docs/README.ldap
new file mode 100755
index 00000000000..451e27b8bf3
--- /dev/null
+++ b/docs/README.ldap
@@ -0,0 +1 @@
+The schema file is stored in ../examples/LDAP/samba.schema
diff --git a/docs/Registry/NT4-Locking.reg b/docs/Registry/NT4-Locking.reg
new file mode 100755
index 00000000000..6175fd51459
--- /dev/null
+++ b/docs/Registry/NT4-Locking.reg
@@ -0,0 +1,24 @@
+REGEDIT4
+
+;Contributor:   John H Terpstra <jht@samba.org>
+;Corrected: Stefan Kanthak <skanthak@nexgo.de>
+;Updated: Jun 25, 2001
+;
+;Subject:	Registry Entries That Affect Locking and Caching
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
+"BufFilesDenyWrite"=dword:00000000
+"BufNamedPipes"=dword:00000000
+"UseOpportunisticLocking"=dword:00000000
+"DormantFileLimit"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Linkage]
+"UtilizeNtCaching"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem]
+"Win95TruncatedExtensions"=dword:00000000
+"NTFSDisable8dot3NameCreation"=dword:00000001
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters]
+"EnableOpLockForceClose"=dword:00000001
+"EnableOpLocks"=dword:00000000
diff --git a/docs/Registry/NT4_PlainPassword.reg b/docs/Registry/NT4_PlainPassword.reg
new file mode 100755
index 00000000000..b30db150c24
--- /dev/null
+++ b/docs/Registry/NT4_PlainPassword.reg
@@ -0,0 +1,11 @@
+REGEDIT4
+
+;Contributor:   Tim Small (tim.small@virgin.net)
+;Updated:	20 August 1997
+;Status:	Current
+;
+;Subject:	Registry file to enable plain text passwords in NT4-SP3 and later
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
+"EnablePlainTextPassword"=dword:00000001
+
diff --git a/docs/Registry/Win2000_PlainPassword.reg b/docs/Registry/Win2000_PlainPassword.reg
new file mode 100755
index 00000000000..e0ae280b1c2
--- /dev/null
+++ b/docs/Registry/Win2000_PlainPassword.reg
@@ -0,0 +1,11 @@
+REGEDIT4
+
+;Contributor:   Herb Lewis (herb@sgi.com)
+;Updated:	16 July 1999
+;Status:	Current
+;
+;Subject:	Registry file to enable plain text passwords in Windows 2000
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters]
+"EnablePlainTextPassword"=dword:00000001
+
diff --git a/docs/Registry/Win95_PlainPassword.reg b/docs/Registry/Win95_PlainPassword.reg
new file mode 100755
index 00000000000..9dd3103689c
--- /dev/null
+++ b/docs/Registry/Win95_PlainPassword.reg
@@ -0,0 +1,4 @@
+REGEDIT4
+
+[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
+"EnablePlainTextPassword"=dword:00000001
diff --git a/docs/Registry/Win98_PlainPassword.reg b/docs/Registry/Win98_PlainPassword.reg
new file mode 100755
index 00000000000..9dd3103689c
--- /dev/null
+++ b/docs/Registry/Win98_PlainPassword.reg
@@ -0,0 +1,4 @@
+REGEDIT4
+
+[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
+"EnablePlainTextPassword"=dword:00000001
diff --git a/docs/Registry/Win9X-CacheHandling.reg b/docs/Registry/Win9X-CacheHandling.reg
new file mode 100755
index 00000000000..265e335b402
--- /dev/null
+++ b/docs/Registry/Win9X-CacheHandling.reg
@@ -0,0 +1,7 @@
+REGEDIT4
+
+; Contributor:	John H Terpstra <jht@samba.org>
+; Date:		Feb 15, 1999
+
+[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VREDIR]
+"DiscardCacheOnOpen"=string:00000001
diff --git a/docs/Registry/WinME_PlainPassword.reg b/docs/Registry/WinME_PlainPassword.reg
new file mode 100755
index 00000000000..9dd3103689c
--- /dev/null
+++ b/docs/Registry/WinME_PlainPassword.reg
@@ -0,0 +1,4 @@
+REGEDIT4
+
+[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
+"EnablePlainTextPassword"=dword:00000001
diff --git a/docs/Registry/WinXP_SignOrSeal.reg b/docs/Registry/WinXP_SignOrSeal.reg
new file mode 100755
index 00000000000..f6f4b4cd91c
--- /dev/null
+++ b/docs/Registry/WinXP_SignOrSeal.reg
@@ -0,0 +1,11 @@
+Windows Registry Editor Version 5.00
+
+;
+; This registry key is needed for a Windows XP Client to join
+; and logon to a Samba domain. Note: Samba 2.2.3a contained 
+; this key in a broken format which did nothing to the registry - 
+; however XP reported "registry key imported". If in doubt
+; check the key by hand with regedit.
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
+"requiresignorseal"=dword:00000000
diff --git a/docs/Registry/WindowsTerminalServer.reg b/docs/Registry/WindowsTerminalServer.reg
new file mode 100755
index 00000000000..73c3b177d20
--- /dev/null
+++ b/docs/Registry/WindowsTerminalServer.reg
@@ -0,0 +1,7 @@
+REGEDIT4
+
+;Subject:	Registry file to force multiple NT terminal server users to have their own connections.
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
+"MultipleUsersOnConnection"=dword:00000000
+
diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf
new file mode 100755
index 00000000000..72beba7291d
--- /dev/null
+++ b/docs/Samba-HOWTO-Collection.pdf
@@ -0,0 +1,3173 @@
+%PDF-1.3
+%����
+1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20030201112407+0600)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj
+2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj
+3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj
+4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj
+5 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Oblique/Encoding 2 0 R>>endobj
+6 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-BoldOblique/Encoding 2 0 R>>endobj
+7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Roman/Encoding 2 0 R>>endobj
+8 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Bold/Encoding 2 0 R>>endobj
+9 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Italic/Encoding 2 0 R>>endobj
+10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
+11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
+12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
+13 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+14 0 obj<</Subtype/Link/Rect[185.6 463.0 289.8 476.0]/Border[0 0 0]/A 13 0 R>>endobj
+15 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
+16 0 obj<</Subtype/Link/Rect[72.0 449.8 148.4 462.8]/Border[0 0 0]/A 15 0 R>>endobj
+17 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
+18 0 obj<</Subtype/Link/Rect[72.0 397.0 223.3 410.0]/Border[0 0 0]/A 17 0 R>>endobj
+19 0 obj[14 0 R
+16 0 R
+18 0 R]endobj
+20 0 obj<</Subtype/Link/Rect[72.0 684.0 277.3 697.0]/Border[0 0 0]/Dest[700 0 R/XYZ 0 734 0]>>endobj
+21 0 obj<</Subtype/Link/Rect[108.0 670.8 249.2 683.8]/Border[0 0 0]/Dest[700 0 R/XYZ 0 696 0]>>endobj
+22 0 obj<</Subtype/Link/Rect[108.0 657.6 255.0 670.6]/Border[0 0 0]/Dest[700 0 R/XYZ 0 572 0]>>endobj
+23 0 obj<</Subtype/Link/Rect[108.0 644.4 257.7 657.4]/Border[0 0 0]/Dest[700 0 R/XYZ 0 170 0]>>endobj
+24 0 obj<</Subtype/Link/Rect[108.0 631.2 309.0 644.2]/Border[0 0 0]/Dest[702 0 R/XYZ 0 734 0]>>endobj
+25 0 obj<</Subtype/Link/Rect[108.0 618.0 313.9 631.0]/Border[0 0 0]/Dest[702 0 R/XYZ 0 385 0]>>endobj
+26 0 obj<</Subtype/Link/Rect[108.0 604.8 284.9 617.8]/Border[0 0 0]/Dest[702 0 R/XYZ 0 287 0]>>endobj
+27 0 obj<</Subtype/Link/Rect[108.0 591.6 280.0 604.6]/Border[0 0 0]/Dest[702 0 R/XYZ 0 137 0]>>endobj
+28 0 obj<</Subtype/Link/Rect[108.0 578.4 328.6 591.4]/Border[0 0 0]/Dest[704 0 R/XYZ 0 313 0]>>endobj
+29 0 obj<</Subtype/Link/Rect[108.0 565.2 362.2 578.2]/Border[0 0 0]/Dest[706 0 R/XYZ 0 734 0]>>endobj
+30 0 obj<</Subtype/Link/Rect[108.0 552.0 315.8 565.0]/Border[0 0 0]/Dest[706 0 R/XYZ 0 569 0]>>endobj
+31 0 obj<</Subtype/Link/Rect[108.0 538.8 511.6 551.8]/Border[0 0 0]/Dest[706 0 R/XYZ 0 405 0]>>endobj
+32 0 obj<</Subtype/Link/Rect[108.0 525.6 259.4 538.6]/Border[0 0 0]/Dest[706 0 R/XYZ 0 198 0]>>endobj
+33 0 obj<</Subtype/Link/Rect[108.0 512.4 236.0 525.4]/Border[0 0 0]/Dest[708 0 R/XYZ 0 692 0]>>endobj
+34 0 obj<</Subtype/Link/Rect[108.0 499.2 186.5 512.2]/Border[0 0 0]/Dest[708 0 R/XYZ 0 633 0]>>endobj
+35 0 obj<</Subtype/Link/Rect[108.0 486.0 267.2 499.0]/Border[0 0 0]/Dest[708 0 R/XYZ 0 549 0]>>endobj
+36 0 obj<</Subtype/Link/Rect[108.0 472.8 295.6 485.8]/Border[0 0 0]/Dest[708 0 R/XYZ 0 239 0]>>endobj
+37 0 obj<</Subtype/Link/Rect[108.0 459.6 177.7 472.6]/Border[0 0 0]/Dest[708 0 R/XYZ 0 128 0]>>endobj
+38 0 obj<</Subtype/Link/Rect[108.0 446.4 232.3 459.4]/Border[0 0 0]/Dest[710 0 R/XYZ 0 335 0]>>endobj
+39 0 obj<</Subtype/Link/Rect[108.0 433.2 232.6 446.2]/Border[0 0 0]/Dest[710 0 R/XYZ 0 264 0]>>endobj
+40 0 obj<</Subtype/Link/Rect[72.0 406.8 348.8 419.8]/Border[0 0 0]/Dest[712 0 R/XYZ 0 734 0]>>endobj
+41 0 obj<</Subtype/Link/Rect[108.0 393.6 161.5 406.6]/Border[0 0 0]/Dest[712 0 R/XYZ 0 672 0]>>endobj
+42 0 obj<</Subtype/Link/Rect[108.0 380.4 327.7 393.4]/Border[0 0 0]/Dest[712 0 R/XYZ 0 442 0]>>endobj
+43 0 obj<</Subtype/Link/Rect[108.0 367.2 177.1 380.2]/Border[0 0 0]/Dest[712 0 R/XYZ 0 318 0]>>endobj
+44 0 obj<</Subtype/Link/Rect[108.0 354.0 203.6 367.0]/Border[0 0 0]/Dest[714 0 R/XYZ 0 441 0]>>endobj
+45 0 obj<</Subtype/Link/Rect[108.0 340.8 195.1 353.8]/Border[0 0 0]/Dest[714 0 R/XYZ 0 303 0]>>endobj
+46 0 obj<</Subtype/Link/Rect[108.0 327.6 215.2 340.6]/Border[0 0 0]/Dest[714 0 R/XYZ 0 155 0]>>endobj
+47 0 obj<</Subtype/Link/Rect[108.0 314.4 382.4 327.4]/Border[0 0 0]/Dest[716 0 R/XYZ 0 336 0]>>endobj
+48 0 obj<</Subtype/Link/Rect[108.0 301.2 255.6 314.2]/Border[0 0 0]/Dest[718 0 R/XYZ 0 285 0]>>endobj
+49 0 obj<</Subtype/Link/Rect[108.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[720 0 R/XYZ 0 734 0]>>endobj
+50 0 obj<</Subtype/Link/Rect[108.0 274.8 187.8 287.8]/Border[0 0 0]/Dest[722 0 R/XYZ 0 456 0]>>endobj
+51 0 obj<</Subtype/Link/Rect[108.0 261.6 194.5 274.6]/Border[0 0 0]/Dest[722 0 R/XYZ 0 358 0]>>endobj
+52 0 obj<</Subtype/Link/Rect[108.0 248.4 200.6 261.4]/Border[0 0 0]/Dest[722 0 R/XYZ 0 221 0]>>endobj
+53 0 obj<</Subtype/Link/Rect[108.0 235.2 523.2 248.2]/Border[0 0 0]/Dest[724 0 R/XYZ 0 667 0]>>endobj
+54 0 obj<</Subtype/Link/Rect[108.0 222.0 497.9 235.0]/Border[0 0 0]/Dest[724 0 R/XYZ 0 130 0]>>endobj
+55 0 obj<</Subtype/Link/Rect[108.0 208.8 353.3 221.8]/Border[0 0 0]/Dest[728 0 R/XYZ 0 734 0]>>endobj
+56 0 obj<</Subtype/Link/Rect[108.0 195.6 419.0 208.6]/Border[0 0 0]/Dest[728 0 R/XYZ 0 481 0]>>endobj
+57 0 obj<</Subtype/Link/Rect[108.0 182.4 332.5 195.4]/Border[0 0 0]/Dest[728 0 R/XYZ 0 126 0]>>endobj
+58 0 obj<</Subtype/Link/Rect[108.0 169.2 181.6 182.2]/Border[0 0 0]/Dest[730 0 R/XYZ 0 228 0]>>endobj
+59 0 obj<</Subtype/Link/Rect[72.0 142.8 460.7 155.8]/Border[0 0 0]/Dest[732 0 R/XYZ 0 734 0]>>endobj
+60 0 obj<</Subtype/Link/Rect[108.0 129.6 202.4 142.6]/Border[0 0 0]/Dest[732 0 R/XYZ 0 672 0]>>endobj
+61 0 obj<</Subtype/Link/Rect[108.0 116.4 244.9 129.4]/Border[0 0 0]/Dest[734 0 R/XYZ 0 140 0]>>endobj
+62 0 obj<</Subtype/Link/Rect[108.0 103.2 270.2 116.2]/Border[0 0 0]/Dest[736 0 R/XYZ 0 692 0]>>endobj
+63 0 obj[20 0 R
+21 0 R
+22 0 R
+23 0 R
+24 0 R
+25 0 R
+26 0 R
+27 0 R
+28 0 R
+29 0 R
+30 0 R
+31 0 R
+32 0 R
+33 0 R
+34 0 R
+35 0 R
+36 0 R
+37 0 R
+38 0 R
+39 0 R
+40 0 R
+41 0 R
+42 0 R
+43 0 R
+44 0 R
+45 0 R
+46 0 R
+47 0 R
+48 0 R
+49 0 R
+50 0 R
+51 0 R
+52 0 R
+53 0 R
+54 0 R
+55 0 R
+56 0 R
+57 0 R
+58 0 R
+59 0 R
+60 0 R
+61 0 R
+62 0 R]endobj
+64 0 obj<</Subtype/Link/Rect[72.0 684.0 402.3 697.0]/Border[0 0 0]/Dest[738 0 R/XYZ 0 734 0]>>endobj
+65 0 obj<</Subtype/Link/Rect[108.0 670.8 179.2 683.8]/Border[0 0 0]/Dest[738 0 R/XYZ 0 672 0]>>endobj
+66 0 obj<</Subtype/Link/Rect[108.0 657.6 161.2 670.6]/Border[0 0 0]/Dest[740 0 R/XYZ 0 652 0]>>endobj
+67 0 obj<</Subtype/Link/Rect[72.0 631.2 412.7 644.2]/Border[0 0 0]/Dest[742 0 R/XYZ 0 734 0]>>endobj
+68 0 obj<</Subtype/Link/Rect[108.0 618.0 444.7 631.0]/Border[0 0 0]/Dest[742 0 R/XYZ 0 672 0]>>endobj
+69 0 obj<</Subtype/Link/Rect[108.0 604.8 319.1 617.8]/Border[0 0 0]/Dest[742 0 R/XYZ 0 505 0]>>endobj
+70 0 obj<</Subtype/Link/Rect[108.0 591.6 231.1 604.6]/Border[0 0 0]/Dest[742 0 R/XYZ 0 341 0]>>endobj
+71 0 obj<</Subtype/Link/Rect[108.0 578.4 292.2 591.4]/Border[0 0 0]/Dest[744 0 R/XYZ 0 665 0]>>endobj
+72 0 obj<</Subtype/Link/Rect[108.0 565.2 208.5 578.2]/Border[0 0 0]/Dest[744 0 R/XYZ 0 435 0]>>endobj
+73 0 obj<</Subtype/Link/Rect[108.0 552.0 233.6 565.0]/Border[0 0 0]/Dest[744 0 R/XYZ 0 192 0]>>endobj
+74 0 obj<</Subtype/Link/Rect[108.0 538.8 301.4 551.8]/Border[0 0 0]/Dest[746 0 R/XYZ 0 692 0]>>endobj
+75 0 obj<</Subtype/Link/Rect[108.0 525.6 392.1 538.6]/Border[0 0 0]/Dest[746 0 R/XYZ 0 264 0]>>endobj
+76 0 obj<</Subtype/Link/Rect[108.0 512.4 384.2 525.4]/Border[0 0 0]/Dest[750 0 R/XYZ 0 652 0]>>endobj
+77 0 obj<</Subtype/Link/Rect[72.0 486.0 277.1 499.0]/Border[0 0 0]/Dest[752 0 R/XYZ 0 734 0]>>endobj
+78 0 obj<</Subtype/Link/Rect[108.0 472.8 181.6 485.8]/Border[0 0 0]/Dest[752 0 R/XYZ 0 696 0]>>endobj
+79 0 obj<</Subtype/Link/Rect[108.0 459.6 189.0 472.6]/Border[0 0 0]/Dest[752 0 R/XYZ 0 281 0]>>endobj
+80 0 obj<</Subtype/Link/Rect[108.0 446.4 209.7 459.4]/Border[0 0 0]/Dest[754 0 R/XYZ 0 718 0]>>endobj
+81 0 obj<</Subtype/Link/Rect[108.0 433.2 294.4 446.2]/Border[0 0 0]/Dest[756 0 R/XYZ 0 490 0]>>endobj
+82 0 obj<</Subtype/Link/Rect[108.0 420.0 275.7 433.0]/Border[0 0 0]/Dest[758 0 R/XYZ 0 734 0]>>endobj
+83 0 obj<</Subtype/Link/Rect[108.0 406.8 287.3 419.8]/Border[0 0 0]/Dest[758 0 R/XYZ 0 464 0]>>endobj
+84 0 obj<</Subtype/Link/Rect[108.0 393.6 350.9 406.6]/Border[0 0 0]/Dest[760 0 R/XYZ 0 734 0]>>endobj
+85 0 obj<</Subtype/Link/Rect[108.0 380.4 242.1 393.4]/Border[0 0 0]/Dest[760 0 R/XYZ 0 464 0]>>endobj
+86 0 obj<</Subtype/Link/Rect[108.0 367.2 220.1 380.2]/Border[0 0 0]/Dest[760 0 R/XYZ 0 287 0]>>endobj
+87 0 obj<</Subtype/Link/Rect[108.0 354.0 214.3 367.0]/Border[0 0 0]/Dest[760 0 R/XYZ 0 136 0]>>endobj
+88 0 obj<</Subtype/Link/Rect[108.0 340.8 281.2 353.8]/Border[0 0 0]/Dest[762 0 R/XYZ 0 679 0]>>endobj
+89 0 obj<</Subtype/Link/Rect[108.0 327.6 222.3 340.6]/Border[0 0 0]/Dest[762 0 R/XYZ 0 594 0]>>endobj
+90 0 obj<</Subtype/Link/Rect[108.0 314.4 234.5 327.4]/Border[0 0 0]/Dest[762 0 R/XYZ 0 496 0]>>endobj
+91 0 obj<</Subtype/Link/Rect[108.0 301.2 300.2 314.2]/Border[0 0 0]/Dest[764 0 R/XYZ 0 613 0]>>endobj
+92 0 obj<</Subtype/Link/Rect[108.0 288.0 383.0 301.0]/Border[0 0 0]/Dest[764 0 R/XYZ 0 232 0]>>endobj
+93 0 obj<</Subtype/Link/Rect[72.0 261.6 290.8 274.6]/Border[0 0 0]/Dest[766 0 R/XYZ 0 734 0]>>endobj
+94 0 obj<</Subtype/Link/Rect[108.0 248.4 284.0 261.4]/Border[0 0 0]/Dest[766 0 R/XYZ 0 696 0]>>endobj
+95 0 obj<</Subtype/Link/Rect[108.0 235.2 270.2 248.2]/Border[0 0 0]/Dest[766 0 R/XYZ 0 611 0]>>endobj
+96 0 obj<</Subtype/Link/Rect[108.0 222.0 537.9 235.0]/Border[0 0 0]/Dest[766 0 R/XYZ 0 268 0]>>endobj
+97 0 obj<</Subtype/Link/Rect[108.0 208.8 525.3 221.8]/Border[0 0 0]/Dest[768 0 R/XYZ 0 734 0]>>endobj
+98 0 obj<</Subtype/Link/Rect[108.0 195.6 319.5 208.6]/Border[0 0 0]/Dest[768 0 R/XYZ 0 734 0]>>endobj
+99 0 obj<</Subtype/Link/Rect[108.0 182.4 355.2 195.4]/Border[0 0 0]/Dest[768 0 R/XYZ 0 183 0]>>endobj
+100 0 obj<</Subtype/Link/Rect[108.0 169.2 293.2 182.2]/Border[0 0 0]/Dest[770 0 R/XYZ 0 639 0]>>endobj
+101 0 obj<</Subtype/Link/Rect[108.0 156.0 270.6 169.0]/Border[0 0 0]/Dest[772 0 R/XYZ 0 734 0]>>endobj
+102 0 obj<</Subtype/Link/Rect[108.0 142.8 189.9 155.8]/Border[0 0 0]/Dest[772 0 R/XYZ 0 213 0]>>endobj
+103 0 obj<</Subtype/Link/Rect[72.0 116.4 272.9 129.4]/Border[0 0 0]/Dest[778 0 R/XYZ 0 734 0]>>endobj
+104 0 obj<</Subtype/Link/Rect[108.0 103.2 299.9 116.2]/Border[0 0 0]/Dest[778 0 R/XYZ 0 696 0]>>endobj
+105 0 obj<</Subtype/Link/Rect[108.0 90.0 288.0 103.0]/Border[0 0 0]/Dest[780 0 R/XYZ 0 362 0]>>endobj
+106 0 obj<</Subtype/Link/Rect[108.0 76.8 307.9 89.8]/Border[0 0 0]/Dest[780 0 R/XYZ 0 158 0]>>endobj
+107 0 obj[64 0 R
+65 0 R
+66 0 R
+67 0 R
+68 0 R
+69 0 R
+70 0 R
+71 0 R
+72 0 R
+73 0 R
+74 0 R
+75 0 R
+76 0 R
+77 0 R
+78 0 R
+79 0 R
+80 0 R
+81 0 R
+82 0 R
+83 0 R
+84 0 R
+85 0 R
+86 0 R
+87 0 R
+88 0 R
+89 0 R
+90 0 R
+91 0 R
+92 0 R
+93 0 R
+94 0 R
+95 0 R
+96 0 R
+97 0 R
+98 0 R
+99 0 R
+100 0 R
+101 0 R
+102 0 R
+103 0 R
+104 0 R
+105 0 R
+106 0 R]endobj
+108 0 obj<</Subtype/Link/Rect[72.0 684.0 416.3 697.0]/Border[0 0 0]/Dest[784 0 R/XYZ 0 734 0]>>endobj
+109 0 obj<</Subtype/Link/Rect[108.0 670.8 219.2 683.8]/Border[0 0 0]/Dest[784 0 R/XYZ 0 672 0]>>endobj
+110 0 obj<</Subtype/Link/Rect[108.0 657.6 181.0 670.6]/Border[0 0 0]/Dest[784 0 R/XYZ 0 587 0]>>endobj
+111 0 obj<</Subtype/Link/Rect[108.0 644.4 316.1 657.4]/Border[0 0 0]/Dest[786 0 R/XYZ 0 718 0]>>endobj
+112 0 obj<</Subtype/Link/Rect[108.0 631.2 430.0 644.2]/Border[0 0 0]/Dest[788 0 R/XYZ 0 613 0]>>endobj
+113 0 obj<</Subtype/Link/Rect[108.0 618.0 333.2 631.0]/Border[0 0 0]/Dest[788 0 R/XYZ 0 251 0]>>endobj
+114 0 obj<</Subtype/Link/Rect[108.0 604.8 362.5 617.8]/Border[0 0 0]/Dest[790 0 R/XYZ 0 409 0]>>endobj
+115 0 obj<</Subtype/Link/Rect[108.0 591.6 279.4 604.6]/Border[0 0 0]/Dest[790 0 R/XYZ 0 196 0]>>endobj
+116 0 obj<</Subtype/Link/Rect[108.0 578.4 261.4 591.4]/Border[0 0 0]/Dest[792 0 R/XYZ 0 520 0]>>endobj
+117 0 obj<</Subtype/Link/Rect[108.0 565.2 252.8 578.2]/Border[0 0 0]/Dest[794 0 R/XYZ 0 271 0]>>endobj
+118 0 obj<</Subtype/Link/Rect[108.0 552.0 243.6 565.0]/Border[0 0 0]/Dest[796 0 R/XYZ 0 269 0]>>endobj
+119 0 obj<</Subtype/Link/Rect[108.0 538.8 292.9 551.8]/Border[0 0 0]/Dest[802 0 R/XYZ 0 639 0]>>endobj
+120 0 obj<</Subtype/Link/Rect[108.0 525.6 332.0 538.6]/Border[0 0 0]/Dest[804 0 R/XYZ 0 652 0]>>endobj
+121 0 obj<</Subtype/Link/Rect[108.0 512.4 406.2 525.4]/Border[0 0 0]/Dest[804 0 R/XYZ 0 219 0]>>endobj
+122 0 obj<</Subtype/Link/Rect[108.0 499.2 431.0 512.2]/Border[0 0 0]/Dest[812 0 R/XYZ 0 207 0]>>endobj
+123 0 obj<</Subtype/Link/Rect[72.0 472.8 518.1 485.8]/Border[0 0 0]/Dest[818 0 R/XYZ 0 734 0]>>endobj
+124 0 obj<</Subtype/Link/Rect[108.0 459.6 224.7 472.6]/Border[0 0 0]/Dest[818 0 R/XYZ 0 672 0]>>endobj
+125 0 obj<</Subtype/Link/Rect[108.0 446.4 186.5 459.4]/Border[0 0 0]/Dest[818 0 R/XYZ 0 601 0]>>endobj
+126 0 obj<</Subtype/Link/Rect[108.0 433.2 364.6 446.2]/Border[0 0 0]/Dest[818 0 R/XYZ 0 187 0]>>endobj
+127 0 obj<</Subtype/Link/Rect[108.0 420.0 369.8 433.0]/Border[0 0 0]/Dest[820 0 R/XYZ 0 734 0]>>endobj
+128 0 obj<</Subtype/Link/Rect[108.0 406.8 256.5 419.8]/Border[0 0 0]/Dest[820 0 R/XYZ 0 609 0]>>endobj
+129 0 obj<</Subtype/Link/Rect[108.0 393.6 331.3 406.6]/Border[0 0 0]/Dest[820 0 R/XYZ 0 524 0]>>endobj
+130 0 obj<</Subtype/Link/Rect[108.0 380.4 273.6 393.4]/Border[0 0 0]/Dest[820 0 R/XYZ 0 387 0]>>endobj
+131 0 obj<</Subtype/Link/Rect[108.0 367.2 315.1 380.2]/Border[0 0 0]/Dest[822 0 R/XYZ 0 495 0]>>endobj
+132 0 obj<</Subtype/Link/Rect[72.0 340.8 484.2 353.8]/Border[0 0 0]/Dest[824 0 R/XYZ 0 734 0]>>endobj
+133 0 obj<</Subtype/Link/Rect[108.0 327.6 168.2 340.6]/Border[0 0 0]/Dest[824 0 R/XYZ 0 672 0]>>endobj
+134 0 obj<</Subtype/Link/Rect[108.0 314.4 187.1 327.4]/Border[0 0 0]/Dest[824 0 R/XYZ 0 403 0]>>endobj
+135 0 obj<</Subtype/Link/Rect[108.0 301.2 245.2 314.2]/Border[0 0 0]/Dest[826 0 R/XYZ 0 560 0]>>endobj
+136 0 obj<</Subtype/Link/Rect[108.0 288.0 384.2 301.0]/Border[0 0 0]/Dest[826 0 R/XYZ 0 462 0]>>endobj
+137 0 obj<</Subtype/Link/Rect[108.0 274.8 273.0 287.8]/Border[0 0 0]/Dest[828 0 R/XYZ 0 599 0]>>endobj
+138 0 obj<</Subtype/Link/Rect[108.0 261.6 255.6 274.6]/Border[0 0 0]/Dest[828 0 R/XYZ 0 569 0]>>endobj
+139 0 obj<</Subtype/Link/Rect[108.0 248.4 227.5 261.4]/Border[0 0 0]/Dest[830 0 R/XYZ 0 672 0]>>endobj
+140 0 obj<</Subtype/Link/Rect[108.0 235.2 270.5 248.2]/Border[0 0 0]/Dest[832 0 R/XYZ 0 734 0]>>endobj
+141 0 obj<</Subtype/Link/Rect[108.0 222.0 287.0 235.0]/Border[0 0 0]/Dest[832 0 R/XYZ 0 543 0]>>endobj
+142 0 obj<</Subtype/Link/Rect[108.0 208.8 256.2 221.8]/Border[0 0 0]/Dest[832 0 R/XYZ 0 353 0]>>endobj
+143 0 obj<</Subtype/Link/Rect[108.0 195.6 330.7 208.6]/Border[0 0 0]/Dest[834 0 R/XYZ 0 633 0]>>endobj
+144 0 obj<</Subtype/Link/Rect[108.0 182.4 324.3 195.4]/Border[0 0 0]/Dest[836 0 R/XYZ 0 626 0]>>endobj
+145 0 obj<</Subtype/Link/Rect[108.0 169.2 185.9 182.2]/Border[0 0 0]/Dest[838 0 R/XYZ 0 734 0]>>endobj
+146 0 obj<</Subtype/Link/Rect[72.0 142.8 431.7 155.8]/Border[0 0 0]/Dest[840 0 R/XYZ 0 734 0]>>endobj
+147 0 obj<</Subtype/Link/Rect[108.0 129.6 170.0 142.6]/Border[0 0 0]/Dest[840 0 R/XYZ 0 672 0]>>endobj
+148 0 obj<</Subtype/Link/Rect[108.0 116.4 187.1 129.4]/Border[0 0 0]/Dest[840 0 R/XYZ 0 548 0]>>endobj
+149 0 obj<</Subtype/Link/Rect[108.0 103.2 239.1 116.2]/Border[0 0 0]/Dest[840 0 R/XYZ 0 239 0]>>endobj
+150 0 obj<</Subtype/Link/Rect[108.0 90.0 193.8 103.0]/Border[0 0 0]/Dest[842 0 R/XYZ 0 560 0]>>endobj
+151 0 obj<</Subtype/Link/Rect[108.0 76.8 227.5 89.8]/Border[0 0 0]/Dest[842 0 R/XYZ 0 409 0]>>endobj
+152 0 obj<</Subtype/Link/Rect[108.0 63.6 294.1 76.6]/Border[0 0 0]/Dest[842 0 R/XYZ 0 298 0]>>endobj
+153 0 obj[108 0 R
+109 0 R
+110 0 R
+111 0 R
+112 0 R
+113 0 R
+114 0 R
+115 0 R
+116 0 R
+117 0 R
+118 0 R
+119 0 R
+120 0 R
+121 0 R
+122 0 R
+123 0 R
+124 0 R
+125 0 R
+126 0 R
+127 0 R
+128 0 R
+129 0 R
+130 0 R
+131 0 R
+132 0 R
+133 0 R
+134 0 R
+135 0 R
+136 0 R
+137 0 R
+138 0 R
+139 0 R
+140 0 R
+141 0 R
+142 0 R
+143 0 R
+144 0 R
+145 0 R
+146 0 R
+147 0 R
+148 0 R
+149 0 R
+150 0 R
+151 0 R
+152 0 R]endobj
+154 0 obj<</Subtype/Link/Rect[72.0 684.0 431.7 697.0]/Border[0 0 0]/Dest[840 0 R/XYZ 0 734 0]>>endobj
+155 0 obj<</Subtype/Link/Rect[108.0 670.8 236.3 683.8]/Border[0 0 0]/Dest[844 0 R/XYZ 0 734 0]>>endobj
+156 0 obj<</Subtype/Link/Rect[108.0 657.6 294.4 670.6]/Border[0 0 0]/Dest[844 0 R/XYZ 0 292 0]>>endobj
+157 0 obj<</Subtype/Link/Rect[108.0 644.4 274.8 657.4]/Border[0 0 0]/Dest[846 0 R/XYZ 0 665 0]>>endobj
+158 0 obj<</Subtype/Link/Rect[108.0 631.2 208.5 644.2]/Border[0 0 0]/Dest[846 0 R/XYZ 0 488 0]>>endobj
+159 0 obj<</Subtype/Link/Rect[108.0 618.0 265.4 631.0]/Border[0 0 0]/Dest[846 0 R/XYZ 0 351 0]>>endobj
+160 0 obj<</Subtype/Link/Rect[108.0 604.8 195.4 617.8]/Border[0 0 0]/Dest[846 0 R/XYZ 0 266 0]>>endobj
+161 0 obj<</Subtype/Link/Rect[108.0 591.6 202.1 604.6]/Border[0 0 0]/Dest[848 0 R/XYZ 0 639 0]>>endobj
+162 0 obj<</Subtype/Link/Rect[108.0 578.4 226.6 591.4]/Border[0 0 0]/Dest[848 0 R/XYZ 0 369 0]>>endobj
+163 0 obj<</Subtype/Link/Rect[108.0 565.2 183.5 578.2]/Border[0 0 0]/Dest[856 0 R/XYZ 0 346 0]>>endobj
+164 0 obj<</Subtype/Link/Rect[108.0 552.0 182.9 565.0]/Border[0 0 0]/Dest[856 0 R/XYZ 0 195 0]>>endobj
+165 0 obj<</Subtype/Link/Rect[72.0 525.6 228.8 538.6]/Border[0 0 0]/Dest[858 0 R/XYZ 0 734 0]>>endobj
+166 0 obj<</Subtype/Link/Rect[108.0 512.4 159.0 525.4]/Border[0 0 0]/Dest[858 0 R/XYZ 0 696 0]>>endobj
+167 0 obj<</Subtype/Link/Rect[108.0 499.2 496.3 512.2]/Border[0 0 0]/Dest[858 0 R/XYZ 0 666 0]>>endobj
+168 0 obj<</Subtype/Link/Rect[108.0 486.0 501.5 499.0]/Border[0 0 0]/Dest[858 0 R/XYZ 0 327 0]>>endobj
+169 0 obj<</Subtype/Link/Rect[108.0 472.8 452.9 485.8]/Border[0 0 0]/Dest[860 0 R/XYZ 0 734 0]>>endobj
+170 0 obj<</Subtype/Link/Rect[108.0 459.6 422.7 472.6]/Border[0 0 0]/Dest[860 0 R/XYZ 0 619 0]>>endobj
+171 0 obj<</Subtype/Link/Rect[72.0 433.2 342.4 446.2]/Border[0 0 0]/Dest[862 0 R/XYZ 0 734 0]>>endobj
+172 0 obj<</Subtype/Link/Rect[108.0 420.0 187.1 433.0]/Border[0 0 0]/Dest[862 0 R/XYZ 0 672 0]>>endobj
+173 0 obj<</Subtype/Link/Rect[108.0 406.8 247.6 419.8]/Border[0 0 0]/Dest[862 0 R/XYZ 0 561 0]>>endobj
+174 0 obj<</Subtype/Link/Rect[108.0 393.6 230.8 406.6]/Border[0 0 0]/Dest[862 0 R/XYZ 0 476 0]>>endobj
+175 0 obj<</Subtype/Link/Rect[108.0 380.4 205.8 393.4]/Border[0 0 0]/Dest[862 0 R/XYZ 0 365 0]>>endobj
+176 0 obj<</Subtype/Link/Rect[72.0 367.2 97.0 380.2]/Border[0 0 0]/Dest[864 0 R/XYZ 0 533 0]>>endobj
+177 0 obj[154 0 R
+155 0 R
+156 0 R
+157 0 R
+158 0 R
+159 0 R
+160 0 R
+161 0 R
+162 0 R
+163 0 R
+164 0 R
+165 0 R
+166 0 R
+167 0 R
+168 0 R
+169 0 R
+170 0 R
+171 0 R
+172 0 R
+173 0 R
+174 0 R
+175 0 R
+176 0 R]endobj
+178 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+179 0 obj<</Subtype/Link/Rect[367.1 587.8 468.3 600.8]/Border[0 0 0]/A 178 0 R>>endobj
+180 0 obj[179 0 R]endobj
+181 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+182 0 obj<</Subtype/Link/Rect[174.0 575.8 270.6 588.8]/Border[0 0 0]/A 181 0 R>>endobj
+183 0 obj<</S/Launch/F(#PASSWORDLEVEL)>>endobj
+184 0 obj<</Subtype/Link/Rect[73.4 312.4 154.4 323.4]/Border[0 0 0]/A 183 0 R>>endobj
+185 0 obj<</S/Launch/F(#USERNAMELEVEL)>>endobj
+186 0 obj<</Subtype/Link/Rect[73.4 301.6 149.0 312.6]/Border[0 0 0]/A 185 0 R>>endobj
+187 0 obj[182 0 R
+184 0 R
+186 0 R]endobj
+188 0 obj<</S/Launch/F(winbind.html)>>endobj
+189 0 obj<</Subtype/Link/Rect[503.4 155.3 544.6 168.3]/Border[0 0 0]/A 188 0 R>>endobj
+190 0 obj<</S/Launch/F(winbind.html)>>endobj
+191 0 obj<</Subtype/Link/Rect[72.0 142.1 115.4 155.1]/Border[0 0 0]/A 190 0 R>>endobj
+192 0 obj[189 0 R
+191 0 R]endobj
+193 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj
+194 0 obj<</Subtype/Link/Rect[118.1 84.0 222.3 97.0]/Border[0 0 0]/A 193 0 R>>endobj
+195 0 obj[194 0 R]endobj
+196 0 obj<</S/Launch/F(#OBEYPAMRESTRICTIONS)>>endobj
+197 0 obj<</Subtype/Link/Rect[235.4 649.4 332.9 662.4]/Border[0 0 0]/A 196 0 R>>endobj
+198 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+199 0 obj<</Subtype/Link/Rect[338.7 570.2 449.4 583.2]/Border[0 0 0]/A 198 0 R>>endobj
+200 0 obj[197 0 R
+199 0 R]endobj
+201 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
+202 0 obj<</Subtype/Link/Rect[72.0 590.2 183.5 603.2]/Border[0 0 0]/A 201 0 R>>endobj
+203 0 obj<</S/Launch/F(#HOSTMSDFS)>>endobj
+204 0 obj<</Subtype/Link/Rect[345.1 511.0 417.7 524.0]/Border[0 0 0]/A 203 0 R>>endobj
+205 0 obj<</S/Launch/F(#MSDFSROOT)>>endobj
+206 0 obj<</Subtype/Link/Rect[380.8 497.8 453.4 510.8]/Border[0 0 0]/A 205 0 R>>endobj
+207 0 obj[202 0 R
+204 0 R
+206 0 R]endobj
+208 0 obj<</S/Launch/F(#NTACLSUPPORT)>>endobj
+209 0 obj<</Subtype/Link/Rect[339.9 533.8 438.9 546.8]/Border[0 0 0]/A 208 0 R>>endobj
+210 0 obj[209 0 R]endobj
+211 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
+212 0 obj<</Subtype/Link/Rect[493.0 76.2 545.8 89.2]/Border[0 0 0]/A 211 0 R>>endobj
+213 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
+214 0 obj<</Subtype/Link/Rect[72.0 63.0 98.4 76.0]/Border[0 0 0]/A 213 0 R>>endobj
+215 0 obj[212 0 R
+214 0 R]endobj
+216 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
+217 0 obj<</Subtype/Link/Rect[356.1 655.0 428.7 668.0]/Border[0 0 0]/A 216 0 R>>endobj
+218 0 obj<</S/Launch/F(#FORCESECURITYMODE)>>endobj
+219 0 obj<</Subtype/Link/Rect[424.3 602.2 549.7 615.2]/Border[0 0 0]/A 218 0 R>>endobj
+220 0 obj<</S/Launch/F(#FORCECREATEMODE)>>endobj
+221 0 obj<</Subtype/Link/Rect[356.1 523.0 468.3 536.0]/Border[0 0 0]/A 220 0 R>>endobj
+222 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+223 0 obj<</Subtype/Link/Rect[72.0 245.8 144.6 258.8]/Border[0 0 0]/A 222 0 R>>endobj
+224 0 obj[217 0 R
+219 0 R
+221 0 R
+223 0 R]endobj
+225 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
+226 0 obj<</Subtype/Link/Rect[143.7 548.2 280.3 561.2]/Border[0 0 0]/A 225 0 R>>endobj
+227 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
+228 0 obj<</Subtype/Link/Rect[218.6 521.8 341.1 534.8]/Border[0 0 0]/A 227 0 R>>endobj
+229 0 obj<</S/URI/URI(http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP)>>endobj
+230 0 obj<</Subtype/Link/Rect[72.0 297.4 355.9 310.4]/Border[0 0 0]/A 229 0 R>>endobj
+231 0 obj<</Subtype/Link/Rect[454.1 76.3 534.8 89.3]/Border[0 0 0]/Dest[764 0 R/XYZ 0 613 0]>>endobj
+232 0 obj[226 0 R
+228 0 R
+230 0 R
+231 0 R]endobj
+233 0 obj<</S/Launch/F(#WRITELIST)>>endobj
+234 0 obj<</Subtype/Link/Rect[91.9 370.5 157.9 383.5]/Border[0 0 0]/A 233 0 R>>endobj
+235 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+236 0 obj<</Subtype/Link/Rect[184.4 357.3 285.8 370.3]/Border[0 0 0]/A 235 0 R>>endobj
+237 0 obj<</S/Launch/F(#GUESTOK)>>endobj
+238 0 obj<</Subtype/Link/Rect[160.6 330.9 228.6 343.9]/Border[0 0 0]/A 237 0 R>>endobj
+239 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
+240 0 obj<</Subtype/Link/Rect[393.2 225.3 511.3 238.3]/Border[0 0 0]/A 239 0 R>>endobj
+241 0 obj[234 0 R
+236 0 R
+238 0 R
+240 0 R]endobj
+242 0 obj<</S/Launch/F(#PRINTERADMIN)>>endobj
+243 0 obj<</Subtype/Link/Rect[430.5 626.2 516.3 639.2]/Border[0 0 0]/A 242 0 R>>endobj
+244 0 obj[243 0 R]endobj
+245 0 obj<</S/Launch/F(#DEFAULTDEVMODE)>>endobj
+246 0 obj<</Subtype/Link/Rect[300.8 519.4 377.2 532.4]/Border[0 0 0]/A 245 0 R>>endobj
+247 0 obj<</S/Launch/F(rpcclient.1.html)>>endobj
+248 0 obj<</Subtype/Link/Rect[233.6 395.0 330.1 408.0]/Border[0 0 0]/A 247 0 R>>endobj
+249 0 obj[246 0 R
+248 0 R]endobj
+250 0 obj<</S/Launch/F(#SHOWADDPRINTERWIZARD)>>endobj
+251 0 obj<</Subtype/Link/Rect[108.0 625.0 299.4 638.0]/Border[0 0 0]/A 250 0 R>>endobj
+252 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
+253 0 obj<</Subtype/Link/Rect[453.9 598.6 526.5 611.6]/Border[0 0 0]/A 252 0 R>>endobj
+254 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
+255 0 obj<</Subtype/Link/Rect[72.0 585.4 118.2 598.4]/Border[0 0 0]/A 254 0 R>>endobj
+256 0 obj<</S/Launch/F(#DELETEPRINTERCOMMAND)>>endobj
+257 0 obj<</Subtype/Link/Rect[189.3 479.8 334.5 492.8]/Border[0 0 0]/A 256 0 R>>endobj
+258 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
+259 0 obj<</Subtype/Link/Rect[451.4 315.8 510.8 328.8]/Border[0 0 0]/A 258 0 R>>endobj
+260 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
+261 0 obj<</Subtype/Link/Rect[72.0 302.6 118.2 315.6]/Border[0 0 0]/A 260 0 R>>endobj
+262 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+263 0 obj<</Subtype/Link/Rect[297.8 231.0 437.4 244.0]/Border[0 0 0]/A 262 0 R>>endobj
+264 0 obj[251 0 R
+253 0 R
+255 0 R
+257 0 R
+259 0 R
+261 0 R
+263 0 R]endobj
+265 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+266 0 obj<</Subtype/Link/Rect[409.9 372.2 549.5 385.2]/Border[0 0 0]/A 265 0 R>>endobj
+267 0 obj[266 0 R]endobj
+268 0 obj<</S/URI/URI(http://www.cups.org/)>>endobj
+269 0 obj<</Subtype/Link/Rect[72.0 653.8 99.5 666.8]/Border[0 0 0]/A 268 0 R>>endobj
+270 0 obj[269 0 R]endobj
+271 0 obj<</S/URI/URI(http://wwwl.easysw.com/printpro/)>>endobj
+272 0 obj<</Subtype/Link/Rect[108.0 651.4 327.4 664.4]/Border[0 0 0]/A 271 0 R>>endobj
+273 0 obj<</S/URI/URI(http://gimp-print.sourceforge.net/)>>endobj
+274 0 obj<</Subtype/Link/Rect[121.4 585.4 374.1 598.4]/Border[0 0 0]/A 273 0 R>>endobj
+275 0 obj<</S/URI/URI(http://www.turboprint.com/)>>endobj
+276 0 obj<</Subtype/Link/Rect[108.0 545.8 288.0 558.8]/Border[0 0 0]/A 275 0 R>>endobj
+277 0 obj<</S/URI/URI(http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)>>endobj
+278 0 obj<</Subtype/Link/Rect[108.0 519.4 444.5 532.4]/Border[0 0 0]/A 277 0 R>>endobj
+279 0 obj<</S/URI/URI(http://hpinkjet.sourceforge.net/)>>endobj
+280 0 obj<</Subtype/Link/Rect[108.0 466.6 282.5 479.6]/Border[0 0 0]/A 279 0 R>>endobj
+281 0 obj<</S/URI/URI(http://www.linuxprinting.org/)>>endobj
+282 0 obj<</Subtype/Link/Rect[108.0 440.2 343.6 453.2]/Border[0 0 0]/A 281 0 R>>endobj
+283 0 obj[272 0 R
+274 0 R
+276 0 R
+278 0 R
+280 0 R
+282 0 R]endobj
+284 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
+285 0 obj<</Subtype/Link/Rect[218.7 455.8 284.9 468.8]/Border[0 0 0]/A 284 0 R>>endobj
+286 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+287 0 obj<</Subtype/Link/Rect[350.3 139.0 422.9 152.0]/Border[0 0 0]/A 286 0 R>>endobj
+288 0 obj<</S/Launch/F(#SECURITY)>>endobj
+289 0 obj<</Subtype/Link/Rect[169.1 99.4 235.1 112.4]/Border[0 0 0]/A 288 0 R>>endobj
+290 0 obj[285 0 R
+287 0 R
+289 0 R]endobj
+291 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
+292 0 obj<</Subtype/Link/Rect[146.2 721.0 225.4 734.0]/Border[0 0 0]/A 291 0 R>>endobj
+293 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+294 0 obj<</Subtype/Link/Rect[224.7 641.8 336.9 654.8]/Border[0 0 0]/A 293 0 R>>endobj
+295 0 obj<</S/Launch/F(#PASSWORDSERVER)>>endobj
+296 0 obj<</Subtype/Link/Rect[188.7 602.2 300.9 615.2]/Border[0 0 0]/A 295 0 R>>endobj
+297 0 obj<</S/Launch/F(#SECURITYEQUALSSERVER)>>endobj
+298 0 obj<</Subtype/Link/Rect[275.2 76.2 351.3 89.2]/Border[0 0 0]/A 297 0 R>>endobj
+299 0 obj[292 0 R
+294 0 R
+296 0 R
+298 0 R]endobj
+300 0 obj<</S/Launch/F(winbind.html)>>endobj
+301 0 obj<</Subtype/Link/Rect[151.1 694.6 219.5 707.6]/Border[0 0 0]/A 300 0 R>>endobj
+302 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
+303 0 obj<</Subtype/Link/Rect[438.0 377.8 495.1 390.8]/Border[0 0 0]/A 302 0 R>>endobj
+304 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
+305 0 obj<</Subtype/Link/Rect[72.0 364.6 186.6 377.6]/Border[0 0 0]/A 304 0 R>>endobj
+306 0 obj[301 0 R
+303 0 R
+305 0 R]endobj
+307 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+308 0 obj<</Subtype/Link/Rect[153.2 603.4 225.8 616.4]/Border[0 0 0]/A 307 0 R>>endobj
+309 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+310 0 obj<</Subtype/Link/Rect[303.1 603.4 389.9 616.4]/Border[0 0 0]/A 309 0 R>>endobj
+311 0 obj<</S/Launch/F(UNIX_INSTALL.html)>>endobj
+312 0 obj<</Subtype/Link/Rect[333.5 452.6 438.0 465.6]/Border[0 0 0]/A 311 0 R>>endobj
+313 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+314 0 obj<</Subtype/Link/Rect[440.4 439.4 541.8 452.4]/Border[0 0 0]/A 313 0 R>>endobj
+315 0 obj[308 0 R
+310 0 R
+312 0 R
+314 0 R]endobj
+316 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+317 0 obj<</Subtype/Link/Rect[465.5 662.6 546.8 675.6]/Border[0 0 0]/A 316 0 R>>endobj
+318 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+319 0 obj<</Subtype/Link/Rect[72.0 649.4 92.8 662.4]/Border[0 0 0]/A 318 0 R>>endobj
+320 0 obj<</S/Launch/F(#NETBIOSNAME)>>endobj
+321 0 obj<</Subtype/Link/Rect[95.0 575.6 159.8 586.6]/Border[0 0 0]/A 320 0 R>>endobj
+322 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
+323 0 obj<</Subtype/Link/Rect[95.0 564.8 143.6 575.8]/Border[0 0 0]/A 322 0 R>>endobj
+324 0 obj<</S/Launch/F(#OSLEVEL)>>endobj
+325 0 obj<</Subtype/Link/Rect[95.0 532.4 138.2 543.4]/Border[0 0 0]/A 324 0 R>>endobj
+326 0 obj<</S/Launch/F(#PERFERREDMASTER)>>endobj
+327 0 obj<</Subtype/Link/Rect[95.0 521.6 181.4 532.6]/Border[0 0 0]/A 326 0 R>>endobj
+328 0 obj<</S/Launch/F(#DOMAINMASTER)>>endobj
+329 0 obj<</Subtype/Link/Rect[95.0 510.8 165.2 521.8]/Border[0 0 0]/A 328 0 R>>endobj
+330 0 obj<</S/Launch/F(#LOCALMASTER)>>endobj
+331 0 obj<</Subtype/Link/Rect[95.0 500.0 159.8 511.0]/Border[0 0 0]/A 330 0 R>>endobj
+332 0 obj<</S/Launch/F(#SECURITYEQUALSUSER)>>endobj
+333 0 obj<</Subtype/Link/Rect[95.0 467.6 138.2 478.6]/Border[0 0 0]/A 332 0 R>>endobj
+334 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+335 0 obj<</Subtype/Link/Rect[95.0 435.2 186.8 446.2]/Border[0 0 0]/A 334 0 R>>endobj
+336 0 obj<</S/Launch/F(#DOMAINLOGONS)>>endobj
+337 0 obj<</Subtype/Link/Rect[95.0 402.8 165.2 413.8]/Border[0 0 0]/A 336 0 R>>endobj
+338 0 obj<</S/Launch/F(#LOGONPATH)>>endobj
+339 0 obj<</Subtype/Link/Rect[95.0 370.4 149.0 381.4]/Border[0 0 0]/A 338 0 R>>endobj
+340 0 obj<</S/Launch/F(#LOGONDRIVE)>>endobj
+341 0 obj<</Subtype/Link/Rect[95.0 327.2 154.4 338.2]/Border[0 0 0]/A 340 0 R>>endobj
+342 0 obj<</S/Launch/F(#LOGONHOME)>>endobj
+343 0 obj<</Subtype/Link/Rect[95.0 316.4 149.0 327.4]/Border[0 0 0]/A 342 0 R>>endobj
+344 0 obj<</S/Launch/F(#LOGONSCRIPT)>>endobj
+345 0 obj<</Subtype/Link/Rect[95.0 273.2 159.8 284.2]/Border[0 0 0]/A 344 0 R>>endobj
+346 0 obj<</S/Launch/F(#PATH)>>endobj
+347 0 obj<</Subtype/Link/Rect[95.0 230.0 116.6 241.0]/Border[0 0 0]/A 346 0 R>>endobj
+348 0 obj<</S/Launch/F(#READONLY)>>endobj
+349 0 obj<</Subtype/Link/Rect[95.0 219.2 143.6 230.2]/Border[0 0 0]/A 348 0 R>>endobj
+350 0 obj<</S/Launch/F(#WRITELIST)>>endobj
+351 0 obj<</Subtype/Link/Rect[95.0 208.4 149.0 219.4]/Border[0 0 0]/A 350 0 R>>endobj
+352 0 obj<</S/Launch/F(#PATH)>>endobj
+353 0 obj<</Subtype/Link/Rect[95.0 165.2 116.6 176.2]/Border[0 0 0]/A 352 0 R>>endobj
+354 0 obj<</S/Launch/F(#READONLY)>>endobj
+355 0 obj<</Subtype/Link/Rect[95.0 154.4 143.6 165.4]/Border[0 0 0]/A 354 0 R>>endobj
+356 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
+357 0 obj<</Subtype/Link/Rect[95.0 143.6 154.4 154.6]/Border[0 0 0]/A 356 0 R>>endobj
+358 0 obj<</S/Launch/F(#DIRECTORYMASK)>>endobj
+359 0 obj<</Subtype/Link/Rect[95.0 132.8 170.6 143.8]/Border[0 0 0]/A 358 0 R>>endobj
+360 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+361 0 obj<</Subtype/Link/Rect[108.0 65.7 200.6 78.7]/Border[0 0 0]/A 360 0 R>>endobj
+362 0 obj[317 0 R
+319 0 R
+321 0 R
+323 0 R
+325 0 R
+327 0 R
+329 0 R
+331 0 R
+333 0 R
+335 0 R
+337 0 R
+339 0 R
+341 0 R
+343 0 R
+345 0 R
+347 0 R
+349 0 R
+351 0 R
+353 0 R
+355 0 R
+357 0 R
+359 0 R
+361 0 R]endobj
+363 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
+364 0 obj<</Subtype/Link/Rect[494.2 641.8 530.0 654.8]/Border[0 0 0]/A 363 0 R>>endobj
+365 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
+366 0 obj<</Subtype/Link/Rect[72.0 628.6 127.9 641.6]/Border[0 0 0]/A 365 0 R>>endobj
+367 0 obj[364 0 R
+366 0 R]endobj
+368 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
+369 0 obj<</Subtype/Link/Rect[72.0 601.7 138.6 614.7]/Border[0 0 0]/A 368 0 R>>endobj
+370 0 obj<</S/Launch/F(#ADDUSERSCRIPT)>>endobj
+371 0 obj<</Subtype/Link/Rect[420.0 313.2 486.9 326.2]/Border[0 0 0]/A 370 0 R>>endobj
+372 0 obj[369 0 R
+371 0 R]endobj
+373 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
+374 0 obj<</Subtype/Link/Rect[139.8 202.5 387.6 215.5]/Border[0 0 0]/A 373 0 R>>endobj
+375 0 obj[374 0 R]endobj
+376 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
+377 0 obj<</Subtype/Link/Rect[285.2 325.0 540.0 338.0]/Border[0 0 0]/A 376 0 R>>endobj
+378 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
+379 0 obj<</Subtype/Link/Rect[230.8 285.4 505.8 298.4]/Border[0 0 0]/A 378 0 R>>endobj
+380 0 obj[377 0 R
+379 0 R]endobj
+381 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
+382 0 obj<</Subtype/Link/Rect[349.4 562.6 455.4 575.6]/Border[0 0 0]/A 381 0 R>>endobj
+383 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
+384 0 obj<</Subtype/Link/Rect[424.5 549.4 536.6 562.4]/Border[0 0 0]/A 383 0 R>>endobj
+385 0 obj[382 0 R
+384 0 R]endobj
+386 0 obj<</S/URI/URI(http://samba.org)>>endobj
+387 0 obj<</Subtype/Link/Rect[233.5 681.4 308.1 694.4]/Border[0 0 0]/A 386 0 R>>endobj
+388 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
+389 0 obj<</Subtype/Link/Rect[144.0 628.6 346.1 641.6]/Border[0 0 0]/A 388 0 R>>endobj
+390 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
+391 0 obj<</Subtype/Link/Rect[179.7 602.2 342.3 615.2]/Border[0 0 0]/A 390 0 R>>endobj
+392 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
+393 0 obj<</Subtype/Link/Rect[282.1 589.0 378.7 602.0]/Border[0 0 0]/A 392 0 R>>endobj
+394 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
+395 0 obj<</Subtype/Link/Rect[241.5 575.8 408.5 588.8]/Border[0 0 0]/A 394 0 R>>endobj
+396 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
+397 0 obj<</Subtype/Link/Rect[277.5 562.6 469.1 575.6]/Border[0 0 0]/A 396 0 R>>endobj
+398 0 obj<</S/URI/URI(http://samba.org)>>endobj
+399 0 obj<</Subtype/Link/Rect[358.2 509.8 432.8 522.8]/Border[0 0 0]/A 398 0 R>>endobj
+400 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
+401 0 obj<</Subtype/Link/Rect[298.4 470.2 422.8 483.2]/Border[0 0 0]/A 400 0 R>>endobj
+402 0 obj[387 0 R
+389 0 R
+391 0 R
+393 0 R
+395 0 R
+397 0 R
+399 0 R
+401 0 R]endobj
+403 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
+404 0 obj<</Subtype/Link/Rect[132.8 707.8 227.8 720.8]/Border[0 0 0]/A 403 0 R>>endobj
+405 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
+406 0 obj<</Subtype/Link/Rect[306.3 694.6 328.0 707.6]/Border[0 0 0]/A 405 0 R>>endobj
+407 0 obj[404 0 R
+406 0 R]endobj
+408 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
+409 0 obj<</Subtype/Link/Rect[210.4 616.6 317.8 629.6]/Border[0 0 0]/A 408 0 R>>endobj
+410 0 obj[409 0 R]endobj
+411 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
+412 0 obj<</Subtype/Link/Rect[239.2 172.6 308.6 185.6]/Border[0 0 0]/A 411 0 R>>endobj
+413 0 obj[412 0 R]endobj
+414 0 obj<</S/Launch/F(Samba-LDAP-HOWTO.html)>>endobj
+415 0 obj<</Subtype/Link/Rect[72.0 306.9 184.0 319.9]/Border[0 0 0]/A 414 0 R>>endobj
+416 0 obj[415 0 R]endobj
+417 0 obj<</S/URI/URI(http://www.openldap.org/)>>endobj
+418 0 obj<</Subtype/Link/Rect[169.5 563.8 285.9 576.8]/Border[0 0 0]/A 417 0 R>>endobj
+419 0 obj<</S/URI/URI(http://iplanet.netscape.com/directory)>>endobj
+420 0 obj<</Subtype/Link/Rect[223.9 550.6 387.9 563.6]/Border[0 0 0]/A 419 0 R>>endobj
+421 0 obj<</S/URI/URI(http://www.ora.com/)>>endobj
+422 0 obj<</Subtype/Link/Rect[112.6 524.2 202.0 537.2]/Border[0 0 0]/A 421 0 R>>endobj
+423 0 obj<</S/URI/URI(http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html)>>endobj
+424 0 obj<</Subtype/Link/Rect[125.1 458.2 267.5 471.2]/Border[0 0 0]/A 423 0 R>>endobj
+425 0 obj<</S/URI/URI(http://samba.idealx.org/)>>endobj
+426 0 obj<</Subtype/Link/Rect[243.7 445.0 287.3 458.0]/Border[0 0 0]/A 425 0 R>>endobj
+427 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+428 0 obj<</Subtype/Link/Rect[212.8 360.2 332.5 373.2]/Border[0 0 0]/A 427 0 R>>endobj
+429 0 obj[418 0 R
+420 0 R
+422 0 R
+424 0 R
+426 0 R
+428 0 R]endobj
+430 0 obj<</S/URI/URI(http://www.padl.com/)>>endobj
+431 0 obj<</Subtype/Link/Rect[284.3 589.0 380.9 602.0]/Border[0 0 0]/A 430 0 R>>endobj
+432 0 obj<</S/Launch/F(samba-patches@samba.org)>>endobj
+433 0 obj<</Subtype/Link/Rect[332.3 477.8 458.0 490.8]/Border[0 0 0]/A 432 0 R>>endobj
+434 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
+435 0 obj<</Subtype/Link/Rect[476.6 477.8 555.8 490.8]/Border[0 0 0]/A 434 0 R>>endobj
+436 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
+437 0 obj<</Subtype/Link/Rect[301.4 248.5 380.6 261.5]/Border[0 0 0]/A 436 0 R>>endobj
+438 0 obj[431 0 R
+433 0 R
+435 0 R
+437 0 R]endobj
+439 0 obj<</S/Launch/F(#LDAPSSL)>>endobj
+440 0 obj<</Subtype/Link/Rect[108.0 590.1 141.3 603.1]/Border[0 0 0]/A 439 0 R>>endobj
+441 0 obj<</S/Launch/F(#LDAPSERVER)>>endobj
+442 0 obj<</Subtype/Link/Rect[108.0 576.9 156.6 589.9]/Border[0 0 0]/A 441 0 R>>endobj
+443 0 obj<</S/Launch/F(#LDAPADMINDN)>>endobj
+444 0 obj<</Subtype/Link/Rect[108.0 563.7 170.9 576.7]/Border[0 0 0]/A 443 0 R>>endobj
+445 0 obj<</S/Launch/F(#LDAPSUFFIX)>>endobj
+446 0 obj<</Subtype/Link/Rect[108.0 550.5 155.4 563.5]/Border[0 0 0]/A 445 0 R>>endobj
+447 0 obj<</S/Launch/F(#LDAPFILTER)>>endobj
+448 0 obj<</Subtype/Link/Rect[108.0 537.3 151.1 550.3]/Border[0 0 0]/A 447 0 R>>endobj
+449 0 obj<</S/Launch/F(#LDAPPORT)>>endobj
+450 0 obj<</Subtype/Link/Rect[108.0 524.1 147.4 537.1]/Border[0 0 0]/A 449 0 R>>endobj
+451 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+452 0 obj<</Subtype/Link/Rect[186.9 497.7 243.1 510.7]/Border[0 0 0]/A 451 0 R>>endobj
+453 0 obj[440 0 R
+442 0 R
+444 0 R
+446 0 R
+448 0 R
+450 0 R
+452 0 R]endobj
+454 0 obj<</S/URI/URI(http://search.cpan.org/)>>endobj
+455 0 obj<</Subtype/Link/Rect[192.3 598.6 293.4 611.6]/Border[0 0 0]/A 454 0 R>>endobj
+456 0 obj<</S/URI/URI(http://perl-ldap.sf.net/)>>endobj
+457 0 obj<</Subtype/Link/Rect[108.0 585.4 206.5 598.4]/Border[0 0 0]/A 456 0 R>>endobj
+458 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+459 0 obj<</Subtype/Link/Rect[72.0 204.6 176.8 217.6]/Border[0 0 0]/A 458 0 R>>endobj
+460 0 obj[455 0 R
+457 0 R
+459 0 R]endobj
+461 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
+462 0 obj<</Subtype/Link/Rect[72.0 154.5 176.7 167.5]/Border[0 0 0]/A 461 0 R>>endobj
+463 0 obj[462 0 R]endobj
+464 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
+465 0 obj<</Subtype/Link/Rect[302.7 691.0 381.8 704.0]/Border[0 0 0]/A 464 0 R>>endobj
+466 0 obj[465 0 R]endobj
+467 0 obj<</S/URI/URI(mailto:jtrostel@snapserver.com)>>endobj
+468 0 obj<</Subtype/Link/Rect[197.9 308.2 310.1 321.2]/Border[0 0 0]/A 467 0 R>>endobj
+469 0 obj[468 0 R]endobj
+470 0 obj<</S/URI/URI(http://samba.org/)>>endobj
+471 0 obj<</Subtype/Link/Rect[472.8 491.0 539.4 504.0]/Border[0 0 0]/A 470 0 R>>endobj
+472 0 obj<</S/URI/URI(http://samba.org/)>>endobj
+473 0 obj<</Subtype/Link/Rect[72.0 477.8 113.8 490.8]/Border[0 0 0]/A 472 0 R>>endobj
+474 0 obj[471 0 R
+473 0 R]endobj
+475 0 obj<</S/Launch/F(winbindd.8.html)>>endobj
+476 0 obj<</Subtype/Link/Rect[306.3 351.7 363.4 364.7]/Border[0 0 0]/A 475 0 R>>endobj
+477 0 obj<</S/Launch/F(#WINBINDSEPARATOR)>>endobj
+478 0 obj<</Subtype/Link/Rect[100.4 280.3 192.2 291.3]/Border[0 0 0]/A 477 0 R>>endobj
+479 0 obj<</S/Launch/F(#WINBINDUID)>>endobj
+480 0 obj<</Subtype/Link/Rect[100.4 258.7 159.8 269.7]/Border[0 0 0]/A 479 0 R>>endobj
+481 0 obj<</S/Launch/F(#WINBINDGID)>>endobj
+482 0 obj<</Subtype/Link/Rect[100.4 237.1 159.8 248.1]/Border[0 0 0]/A 481 0 R>>endobj
+483 0 obj<</S/Launch/F(#WINBINDENUMUSERS)>>endobj
+484 0 obj<</Subtype/Link/Rect[100.4 193.9 197.6 204.9]/Border[0 0 0]/A 483 0 R>>endobj
+485 0 obj<</S/Launch/F(#WINBINDENUMGROUP)>>endobj
+486 0 obj<</Subtype/Link/Rect[100.4 183.1 203.0 194.1]/Border[0 0 0]/A 485 0 R>>endobj
+487 0 obj<</S/Launch/F(#TEMPLATEHOMEDIR)>>endobj
+488 0 obj<</Subtype/Link/Rect[100.4 161.5 186.8 172.5]/Border[0 0 0]/A 487 0 R>>endobj
+489 0 obj<</S/Launch/F(#TEMPLATESHELL)>>endobj
+490 0 obj<</Subtype/Link/Rect[100.4 150.7 176.0 161.7]/Border[0 0 0]/A 489 0 R>>endobj
+491 0 obj[476 0 R
+478 0 R
+480 0 R
+482 0 R
+484 0 R
+486 0 R
+488 0 R
+490 0 R]endobj
+492 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
+493 0 obj<</Subtype/Link/Rect[325.6 607.0 544.5 620.0]/Border[0 0 0]/A 492 0 R>>endobj
+494 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
+495 0 obj<</Subtype/Link/Rect[72.0 254.6 319.2 267.6]/Border[0 0 0]/A 494 0 R>>endobj
+496 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
+497 0 obj<</Subtype/Link/Rect[340.6 254.6 538.7 267.6]/Border[0 0 0]/A 496 0 R>>endobj
+498 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
+499 0 obj<</Subtype/Link/Rect[173.1 129.3 363.5 142.3]/Border[0 0 0]/A 498 0 R>>endobj
+500 0 obj[493 0 R
+495 0 R
+497 0 R
+499 0 R]endobj
+501 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
+502 0 obj<</Subtype/Link/Rect[220.2 661.0 429.3 674.0]/Border[0 0 0]/A 501 0 R>>endobj
+503 0 obj[502 0 R]endobj
+504 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj
+505 0 obj<</Subtype/Link/Rect[354.3 577.0 500.7 590.0]/Border[0 0 0]/A 504 0 R>>endobj
+506 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj
+507 0 obj<</Subtype/Link/Rect[135.9 381.0 283.2 394.0]/Border[0 0 0]/A 506 0 R>>endobj
+508 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj
+509 0 obj<</Subtype/Link/Rect[391.6 269.8 498.2 282.8]/Border[0 0 0]/A 508 0 R>>endobj
+510 0 obj[505 0 R
+507 0 R
+509 0 R]endobj
+511 0 obj<</S/Launch/F(x1242.htm)>>endobj
+512 0 obj<</Subtype/Link/Rect[198.8 487.4 255.3 500.4]/Border[0 0 0]/A 511 0 R>>endobj
+513 0 obj[512 0 R]endobj
+514 0 obj<</Dests 515 0 R>>endobj
+515 0 obj<</Kids[516 0 R]>>endobj
+516 0 obj<</Limits[(aen1003)(winbind)]/Names[(aen1003)517 0 R(aen1022)518 0 R(aen1025)519 0 R(aen1046)520 0 R(aen1050)521 0 R(aen1062)522 0 R(aen1089)523 0 R(aen1134)524 0 R(aen119)525 0 R(aen1198)526 0 R(aen1203)527 0 R(aen1236)528 0 R(aen1242)529 0 R(aen1281)530 0 R(aen1324)531 0 R(aen1343)532 0 R(aen135)533 0 R(aen1378)534 0 R(aen1387)535 0 R(aen1402)536 0 R(aen144)537 0 R(aen1450)538 0 R(aen1494)539 0 R(aen160)540 0 R(aen1608)541 0 R(aen1634)542 0 R(aen1653)543 0 R(aen1661)544 0 R(aen1669)545 0 R(aen1677)546 0 R(aen1684)547 0 R(aen1720)548 0 R(aen1733)549 0 R(aen1736)550 0 R(aen174)551 0 R(aen1746)552 0 R(aen1782)553 0 R(aen1786)554 0 R(aen179)555 0 R(aen1794)556 0 R(aen1797)557 0 R(aen1800)558 0 R(aen1803)559 0 R(aen1807)560 0 R(aen183)561 0 R(aen1836)562 0 R(aen186)563 0 R(aen1867)564 0 R(aen1888)565 0 R(aen1919)566 0 R(aen1924)567 0 R(aen1945)568 0 R(aen1947)569 0 R(aen195)570 0 R(aen1964)571 0 R(aen199)572 0 R(aen1992)573 0 R(aen20)574 0 R(aen2008)575 0 R(aen2013)576 0 R(aen2033)577 0 R(aen208)578 0 R(aen2103)579 0 R(aen211)580 0 R(aen2111)581 0 R(aen2140)582 0 R(aen2144)583 0 R(aen2157)584 0 R(aen2164)585 0 R(aen2168)586 0 R(aen2173)587 0 R(aen2177)588 0 R(aen2193)589 0 R(aen2201)590 0 R(aen2205)591 0 R(aen2208)592 0 R(aen2212)593 0 R(aen2225)594 0 R(aen2241)595 0 R(aen225)596 0 R(aen2254)597 0 R(aen2267)598 0 R(aen2289)599 0 R(aen2306)600 0 R(aen2317)601 0 R(aen2358)602 0 R(aen2411)603 0 R(aen2419)604 0 R(aen2433)605 0 R(aen2435)606 0 R(aen2450)607 0 R(aen2459)608 0 R(aen2463)609 0 R(aen247)610 0 R(aen2479)611 0 R(aen2484)612 0 R(aen2487)613 0 R(aen2492)614 0 R(aen2520)615 0 R(aen263)616 0 R(aen279)617 0 R(aen28)618 0 R(aen290)619 0 R(aen298)620 0 R(aen310)621 0 R(aen322)622 0 R(aen327)623 0 R(aen335)624 0 R(aen340)625 0 R(aen343)626 0 R(aen355)627 0 R(aen365)628 0 R(aen393)629 0 R(aen4)630 0 R(aen401)631 0 R(aen418)632 0 R(aen425)633 0 R(aen430)634 0 R(aen435)635 0 R(aen456)636 0 R(aen500)637 0 R(aen507)638 0 R(aen527)639 0 R(aen56)640 0 R(aen562)641 0 R(aen582)642 0 R(aen591)643 0 R(aen60)644 0 R(aen602)645 0 R(aen622)646 0 R(aen637)647 0 R(aen651)648 0 R(aen658)649 0 R(aen680)650 0 R(aen74)651 0 R(aen744)652 0 R(aen765)653 0 R(aen787)654 0 R(aen798)655 0 R(aen8)656 0 R(aen80)657 0 R(aen833)658 0 R(aen851)659 0 R(aen862)660 0 R(aen873)661 0 R(aen898)662 0 R(aen90)663 0 R(aen906)664 0 R(aen911)665 0 R(aen921)666 0 R(aen924)667 0 R(aen928)668 0 R(aen950)669 0 R(aen983)670 0 R(aen999)671 0 R(body.html)672 0 R(cups)673 0 R(cvs-access)674 0 R(domain-security)675 0 R(install)676 0 R(integrate-ms-networks)677 0 R(migration)678 0 R(msdfs)679 0 R(os2)680 0 R(pam)681 0 R(printing)682 0 R(samba-bdc)683 0 R(samba-ldap-howto)684 0 R(samba-pdc)685 0 R(samba-project-documentation)686 0 R(unix-permissions)687 0 R(winbind)688 0 R]>>endobj
+517 0 obj<</D[766 0 R/XYZ 0 611 0]>>endobj
+518 0 obj<</D[766 0 R/XYZ 0 268 0]>>endobj
+519 0 obj<</D[768 0 R/XYZ 0 734 0]>>endobj
+520 0 obj<</D[768 0 R/XYZ 0 183 0]>>endobj
+521 0 obj<</D[770 0 R/XYZ 0 639 0]>>endobj
+522 0 obj<</D[772 0 R/XYZ 0 734 0]>>endobj
+523 0 obj<</D[772 0 R/XYZ 0 213 0]>>endobj
+524 0 obj<</D[778 0 R/XYZ 0 696 0]>>endobj
+525 0 obj<</D[704 0 R/XYZ 0 313 0]>>endobj
+526 0 obj<</D[780 0 R/XYZ 0 362 0]>>endobj
+527 0 obj<</D[780 0 R/XYZ 0 158 0]>>endobj
+528 0 obj<</D[784 0 R/XYZ 0 672 0]>>endobj
+529 0 obj<</D[784 0 R/XYZ 0 587 0]>>endobj
+530 0 obj<</D[786 0 R/XYZ 0 718 0]>>endobj
+531 0 obj<</D[788 0 R/XYZ 0 613 0]>>endobj
+532 0 obj<</D[788 0 R/XYZ 0 251 0]>>endobj
+533 0 obj<</D[706 0 R/XYZ 0 734 0]>>endobj
+534 0 obj<</D[790 0 R/XYZ 0 409 0]>>endobj
+535 0 obj<</D[790 0 R/XYZ 0 196 0]>>endobj
+536 0 obj<</D[792 0 R/XYZ 0 520 0]>>endobj
+537 0 obj<</D[706 0 R/XYZ 0 569 0]>>endobj
+538 0 obj<</D[794 0 R/XYZ 0 271 0]>>endobj
+539 0 obj<</D[796 0 R/XYZ 0 269 0]>>endobj
+540 0 obj<</D[706 0 R/XYZ 0 405 0]>>endobj
+541 0 obj<</D[802 0 R/XYZ 0 639 0]>>endobj
+542 0 obj<</D[804 0 R/XYZ 0 652 0]>>endobj
+543 0 obj<</D[804 0 R/XYZ 0 219 0]>>endobj
+544 0 obj<</D[806 0 R/XYZ 0 692 0]>>endobj
+545 0 obj<</D[806 0 R/XYZ 0 505 0]>>endobj
+546 0 obj<</D[806 0 R/XYZ 0 278 0]>>endobj
+547 0 obj<</D[806 0 R/XYZ 0 133 0]>>endobj
+548 0 obj<</D[810 0 R/XYZ 0 481 0]>>endobj
+549 0 obj<</D[812 0 R/XYZ 0 599 0]>>endobj
+550 0 obj<</D[812 0 R/XYZ 0 518 0]>>endobj
+551 0 obj<</D[706 0 R/XYZ 0 198 0]>>endobj
+552 0 obj<</D[812 0 R/XYZ 0 207 0]>>endobj
+553 0 obj<</D[818 0 R/XYZ 0 672 0]>>endobj
+554 0 obj<</D[818 0 R/XYZ 0 601 0]>>endobj
+555 0 obj<</D[708 0 R/XYZ 0 692 0]>>endobj
+556 0 obj<</D[818 0 R/XYZ 0 187 0]>>endobj
+557 0 obj<</D[820 0 R/XYZ 0 734 0]>>endobj
+558 0 obj<</D[820 0 R/XYZ 0 609 0]>>endobj
+559 0 obj<</D[820 0 R/XYZ 0 524 0]>>endobj
+560 0 obj<</D[820 0 R/XYZ 0 387 0]>>endobj
+561 0 obj<</D[708 0 R/XYZ 0 633 0]>>endobj
+562 0 obj<</D[822 0 R/XYZ 0 495 0]>>endobj
+563 0 obj<</D[708 0 R/XYZ 0 549 0]>>endobj
+564 0 obj<</D[824 0 R/XYZ 0 672 0]>>endobj
+565 0 obj<</D[824 0 R/XYZ 0 403 0]>>endobj
+566 0 obj<</D[826 0 R/XYZ 0 560 0]>>endobj
+567 0 obj<</D[826 0 R/XYZ 0 462 0]>>endobj
+568 0 obj<</D[828 0 R/XYZ 0 599 0]>>endobj
+569 0 obj<</D[828 0 R/XYZ 0 569 0]>>endobj
+570 0 obj<</D[708 0 R/XYZ 0 239 0]>>endobj
+571 0 obj<</D[830 0 R/XYZ 0 672 0]>>endobj
+572 0 obj<</D[708 0 R/XYZ 0 128 0]>>endobj
+573 0 obj<</D[832 0 R/XYZ 0 734 0]>>endobj
+574 0 obj<</D[700 0 R/XYZ 0 696 0]>>endobj
+575 0 obj<</D[832 0 R/XYZ 0 543 0]>>endobj
+576 0 obj<</D[832 0 R/XYZ 0 353 0]>>endobj
+577 0 obj<</D[834 0 R/XYZ 0 633 0]>>endobj
+578 0 obj<</D[710 0 R/XYZ 0 335 0]>>endobj
+579 0 obj<</D[836 0 R/XYZ 0 626 0]>>endobj
+580 0 obj<</D[710 0 R/XYZ 0 264 0]>>endobj
+581 0 obj<</D[838 0 R/XYZ 0 734 0]>>endobj
+582 0 obj<</D[840 0 R/XYZ 0 672 0]>>endobj
+583 0 obj<</D[840 0 R/XYZ 0 548 0]>>endobj
+584 0 obj<</D[840 0 R/XYZ 0 239 0]>>endobj
+585 0 obj<</D[842 0 R/XYZ 0 560 0]>>endobj
+586 0 obj<</D[842 0 R/XYZ 0 409 0]>>endobj
+587 0 obj<</D[842 0 R/XYZ 0 298 0]>>endobj
+588 0 obj<</D[844 0 R/XYZ 0 734 0]>>endobj
+589 0 obj<</D[844 0 R/XYZ 0 292 0]>>endobj
+590 0 obj<</D[846 0 R/XYZ 0 665 0]>>endobj
+591 0 obj<</D[846 0 R/XYZ 0 488 0]>>endobj
+592 0 obj<</D[846 0 R/XYZ 0 351 0]>>endobj
+593 0 obj<</D[846 0 R/XYZ 0 266 0]>>endobj
+594 0 obj<</D[848 0 R/XYZ 0 639 0]>>endobj
+595 0 obj<</D[848 0 R/XYZ 0 369 0]>>endobj
+596 0 obj<</D[712 0 R/XYZ 0 672 0]>>endobj
+597 0 obj<</D[848 0 R/XYZ 0 179 0]>>endobj
+598 0 obj<</D[850 0 R/XYZ 0 692 0]>>endobj
+599 0 obj<</D[850 0 R/XYZ 0 404 0]>>endobj
+600 0 obj<</D[850 0 R/XYZ 0 134 0]>>endobj
+601 0 obj<</D[852 0 R/XYZ 0 665 0]>>endobj
+602 0 obj<</D[854 0 R/XYZ 0 560 0]>>endobj
+603 0 obj<</D[856 0 R/XYZ 0 346 0]>>endobj
+604 0 obj<</D[856 0 R/XYZ 0 195 0]>>endobj
+605 0 obj<</D[858 0 R/XYZ 0 696 0]>>endobj
+606 0 obj<</D[858 0 R/XYZ 0 666 0]>>endobj
+607 0 obj<</D[858 0 R/XYZ 0 327 0]>>endobj
+608 0 obj<</D[860 0 R/XYZ 0 734 0]>>endobj
+609 0 obj<</D[860 0 R/XYZ 0 619 0]>>endobj
+610 0 obj<</D[712 0 R/XYZ 0 442 0]>>endobj
+611 0 obj<</D[862 0 R/XYZ 0 672 0]>>endobj
+612 0 obj<</D[862 0 R/XYZ 0 561 0]>>endobj
+613 0 obj<</D[862 0 R/XYZ 0 476 0]>>endobj
+614 0 obj<</D[862 0 R/XYZ 0 365 0]>>endobj
+615 0 obj<</D[864 0 R/XYZ 0 533 0]>>endobj
+616 0 obj<</D[712 0 R/XYZ 0 318 0]>>endobj
+617 0 obj<</D[714 0 R/XYZ 0 441 0]>>endobj
+618 0 obj<</D[700 0 R/XYZ 0 572 0]>>endobj
+619 0 obj<</D[714 0 R/XYZ 0 303 0]>>endobj
+620 0 obj<</D[714 0 R/XYZ 0 155 0]>>endobj
+621 0 obj<</D[716 0 R/XYZ 0 336 0]>>endobj
+622 0 obj<</D[718 0 R/XYZ 0 285 0]>>endobj
+623 0 obj<</D[720 0 R/XYZ 0 734 0]>>endobj
+624 0 obj<</D[722 0 R/XYZ 0 456 0]>>endobj
+625 0 obj<</D[722 0 R/XYZ 0 358 0]>>endobj
+626 0 obj<</D[722 0 R/XYZ 0 221 0]>>endobj
+627 0 obj<</D[724 0 R/XYZ 0 667 0]>>endobj
+628 0 obj<</D[724 0 R/XYZ 0 130 0]>>endobj
+629 0 obj<</D[728 0 R/XYZ 0 734 0]>>endobj
+630 0 obj<</D[690 0 R/XYZ 0 613 0]>>endobj
+631 0 obj<</D[728 0 R/XYZ 0 481 0]>>endobj
+632 0 obj<</D[728 0 R/XYZ 0 126 0]>>endobj
+633 0 obj<</D[730 0 R/XYZ 0 493 0]>>endobj
+634 0 obj<</D[730 0 R/XYZ 0 345 0]>>endobj
+635 0 obj<</D[730 0 R/XYZ 0 228 0]>>endobj
+636 0 obj<</D[732 0 R/XYZ 0 672 0]>>endobj
+637 0 obj<</D[734 0 R/XYZ 0 140 0]>>endobj
+638 0 obj<</D[736 0 R/XYZ 0 692 0]>>endobj
+639 0 obj<</D[738 0 R/XYZ 0 672 0]>>endobj
+640 0 obj<</D[700 0 R/XYZ 0 170 0]>>endobj
+641 0 obj<</D[740 0 R/XYZ 0 652 0]>>endobj
+642 0 obj<</D[742 0 R/XYZ 0 672 0]>>endobj
+643 0 obj<</D[742 0 R/XYZ 0 505 0]>>endobj
+644 0 obj<</D[702 0 R/XYZ 0 734 0]>>endobj
+645 0 obj<</D[742 0 R/XYZ 0 341 0]>>endobj
+646 0 obj<</D[744 0 R/XYZ 0 665 0]>>endobj
+647 0 obj<</D[744 0 R/XYZ 0 435 0]>>endobj
+648 0 obj<</D[744 0 R/XYZ 0 192 0]>>endobj
+649 0 obj<</D[746 0 R/XYZ 0 692 0]>>endobj
+650 0 obj<</D[746 0 R/XYZ 0 264 0]>>endobj
+651 0 obj<</D[702 0 R/XYZ 0 385 0]>>endobj
+652 0 obj<</D[750 0 R/XYZ 0 652 0]>>endobj
+653 0 obj<</D[752 0 R/XYZ 0 696 0]>>endobj
+654 0 obj<</D[752 0 R/XYZ 0 281 0]>>endobj
+655 0 obj<</D[754 0 R/XYZ 0 718 0]>>endobj
+656 0 obj<</D[690 0 R/XYZ 0 565 0]>>endobj
+657 0 obj<</D[702 0 R/XYZ 0 287 0]>>endobj
+658 0 obj<</D[756 0 R/XYZ 0 490 0]>>endobj
+659 0 obj<</D[758 0 R/XYZ 0 734 0]>>endobj
+660 0 obj<</D[758 0 R/XYZ 0 464 0]>>endobj
+661 0 obj<</D[760 0 R/XYZ 0 734 0]>>endobj
+662 0 obj<</D[760 0 R/XYZ 0 464 0]>>endobj
+663 0 obj<</D[702 0 R/XYZ 0 137 0]>>endobj
+664 0 obj<</D[760 0 R/XYZ 0 287 0]>>endobj
+665 0 obj<</D[760 0 R/XYZ 0 136 0]>>endobj
+666 0 obj<</D[762 0 R/XYZ 0 679 0]>>endobj
+667 0 obj<</D[762 0 R/XYZ 0 594 0]>>endobj
+668 0 obj<</D[762 0 R/XYZ 0 496 0]>>endobj
+669 0 obj<</D[764 0 R/XYZ 0 613 0]>>endobj
+670 0 obj<</D[764 0 R/XYZ 0 232 0]>>endobj
+671 0 obj<</D[766 0 R/XYZ 0 696 0]>>endobj
+672 0 obj<</D[700 0 R/XYZ 0 734 0]>>endobj
+673 0 obj<</D[766 0 R/XYZ 0 734 0]>>endobj
+674 0 obj<</D[862 0 R/XYZ 0 734 0]>>endobj
+675 0 obj<</D[778 0 R/XYZ 0 734 0]>>endobj
+676 0 obj<</D[700 0 R/XYZ 0 734 0]>>endobj
+677 0 obj<</D[712 0 R/XYZ 0 734 0]>>endobj
+678 0 obj<</D[764 0 R/XYZ 0 613 0]>>endobj
+679 0 obj<</D[738 0 R/XYZ 0 734 0]>>endobj
+680 0 obj<</D[858 0 R/XYZ 0 734 0]>>endobj
+681 0 obj<</D[732 0 R/XYZ 0 734 0]>>endobj
+682 0 obj<</D[752 0 R/XYZ 0 734 0]>>endobj
+683 0 obj<</D[818 0 R/XYZ 0 734 0]>>endobj
+684 0 obj<</D[824 0 R/XYZ 0 734 0]>>endobj
+685 0 obj<</D[784 0 R/XYZ 0 734 0]>>endobj
+686 0 obj<</D[690 0 R/XYZ 0 689 0]>>endobj
+687 0 obj<</D[742 0 R/XYZ 0 734 0]>>endobj
+688 0 obj<</D[840 0 R/XYZ 0 734 0]>>endobj
+689 0 obj<</Type/Pages/Count 88/Kids[690 0 R
+692 0 R
+694 0 R
+696 0 R
+698 0 R
+700 0 R
+702 0 R
+704 0 R
+706 0 R
+708 0 R
+710 0 R
+712 0 R
+714 0 R
+716 0 R
+718 0 R
+720 0 R
+722 0 R
+724 0 R
+726 0 R
+728 0 R
+730 0 R
+732 0 R
+734 0 R
+736 0 R
+738 0 R
+740 0 R
+742 0 R
+744 0 R
+746 0 R
+748 0 R
+750 0 R
+752 0 R
+754 0 R
+756 0 R
+758 0 R
+760 0 R
+762 0 R
+764 0 R
+766 0 R
+768 0 R
+770 0 R
+772 0 R
+774 0 R
+776 0 R
+778 0 R
+780 0 R
+782 0 R
+784 0 R
+786 0 R
+788 0 R
+790 0 R
+792 0 R
+794 0 R
+796 0 R
+798 0 R
+800 0 R
+802 0 R
+804 0 R
+806 0 R
+808 0 R
+810 0 R
+812 0 R
+814 0 R
+816 0 R
+818 0 R
+820 0 R
+822 0 R
+824 0 R
+826 0 R
+828 0 R
+830 0 R
+832 0 R
+834 0 R
+836 0 R
+838 0 R
+840 0 R
+842 0 R
+844 0 R
+846 0 R
+848 0 R
+850 0 R
+852 0 R
+854 0 R
+856 0 R
+858 0 R
+860 0 R
+862 0 R
+864 0 R
+]>>endobj
+690 0 obj<</Type/Page/Parent 689 0 R/Contents 691 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 19 0 R>>endobj
+691 0 obj<</Filter/FlateDecode/Length 592       >>stream
+xmRMs�0��+��Df���r*I[����L/�ȶ
+��Es��6(�#��h��·�*�-eE>D�eO��>�?����d�qQ�;^�Ɇ������JDf���JԆ�Bַ����谭���$�z����GMBؒE���9����q+�
+=797�\u5C�ӣ�i�(�����t���I0��bH	��I���Tʟ�'�L�%�x�[���#y��<9I^����3��-�����J3�BF�l��u�
+endobj
+692 0 obj<</Type/Page/Parent 689 0 R/Contents 693 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 63 0 R>>endobj
+693 0 obj<</Filter/FlateDecode/Length 4565      >>stream
+x�[�rG}�W�m�U+�s!��/[���u�o)�}�(�b̋������
+_&�0�Q%����پ��� :�8�ssg��ΦvE_G�I��v�0��@,,aQe�i���!�$U�*�ӾG0�����E��ݩ*�"���d
+K��vX�`�cmMQȬ��P4q��s��Ι��]�oD'��}؝X�`��)��H #���A!X�`�B����6B�@A�!q��s��33�vEY��N23�ҝ`	��7��-�%,� �3ښ����a_�F�(J�T"�9��^�b^GPT�5 HƢJ!c�b˘�:�u1G��NAt6q�;�jg�CΡ��;6s�d�����I���z����:X�ª��w�U�D[3fF#ᜉ3ot�`vN��9S��_�s:)c�Y,��`	�	q�`	���%E1)���2�PŽb�������b�WfB�\�|4(&�l��lB�̄�]2��Ʉ�H2�,�H�H�Z�%,~VK �0E���e��53��a6��0C�Lo�f38gfH��LfȬ�,a1��`	�'52݂%,fPu�1X$�ܖ1XLxa�%�4��Jf^ǒ��dp\2�E�FhF�p�1X,������0t'
+�����hA�B�����ː"B�E�䦌mpj�~V#���-Y����+C4�-H�`���r����C	�&GA�M\+#Z;GP>YcȂ4��ZL���8���s'C�&��M����d�LS뒂�R�dzA'K����%N4b�0�F��Ԗ���7fcB!僲�+�`��W�l)^��U�&��6.�5�u67T
+W �@C'CL�X[��p2.6s�=}��E�B��� �'��T��US�p�a��H%�i/cb/
+G2uo$c��b5e�)�"�1�C2c�Ȥf	�m$��f\x��g+����
+"�Ir���Pt��D��!�@;�B�J�� ��Z	yS�`a�N[�b�JLm	��7Ɍ�b����Z����W
+DU�j�p�JT
+. :��Wq҄j։�*EA͜J	. ��~p['M(��aJ�*��S)��P���IZ�V�Оp�Ή�B(Ʋ$҄"���D�@��7�ۉ�GPz:�0�X>)'���b�
+f	���Am	�A�'�-cqɋ�-cd E:k��%%�A� ����d��CHF$c��G�����]}ŇJѡ�Y�#��$'ѐ�t��{S�$��m� >�8�v(�AE�:iBK�W�
+Bh�\b��#�(�1iB���
+Bh�Z����m�4�}�M�
+D�ͅ�!t��sE�,�A2�̫�,a��RF�3�?#�aɌe.H������:b.�1X]��-a���0S�-a�#H��v�1X�e����#Uo�,�Ɏd��e��;U><�C�P��#cW�$c��
+Cj�X�G���(c�Is�`�-%{!�0X�ĚY�`1*f	K ��IHf�Qֈ1�F����
+T�Qz���<� �~��M{d��x{3����"��R�!�g��S@�ۣ6�~{�'�4'�;��<� žA����W��Q��r���Q�ϖ���l 1o�^�>�����;���@�o��4����G�y��6[ܮ���R�	�+��Mn�I��JF��N��!y͐�(sT��8[O�[����ä�!o�,.�鏚��d���}�[����N \��yB^��S��ݤ6�1�t�D6J]Ge�z�2$9&����x��vDN��|+ax��/q�V{��<�ިK
+S[����z�"�N���@�ʦ��
+��H�_��t��Ji��곭-��c���g&b���6��%z��ťNi�ɃA*M�f��W#����sʆ��)۳��u)v=�ڏ��^�:A����^��
+f�
+N�#�I)���;P{'q] 2��5鼕�`r}�D�t��d��CG27�&���A_Mo�+-l�����T�� ���Ї Ar��:��Q�S�{U��
+J	�O�<�G�ڎv�PE�qK~<ՙ�{��_��l����lk�#�����-���n�;d�#-��_�ЏU-:i��Cp��ݧ1��f:]̧�
+.fyA@~���w7u���g\�˛�E����y��B
+�7�Vi�M��L��b5�[`
+�n�\�#5�V^�Ɍ��œ�<�?#A�endstream
+endobj
+694 0 obj<</Type/Page/Parent 689 0 R/Contents 695 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 107 0 R>>endobj
+695 0 obj<</Filter/FlateDecode/Length 4752      >>stream
+x�\]s[Ǒ}ׯ@��A�
+�{/���d)N��vqCz��x �
+'p=���FH��A]է3a���N[�`G�Ӊ�vZu&��l�U1t�T�q�1،�!�TS�@�����B��u}:FñM�
+4���s\��l���%�V8[���ˡw�v1OL�G ��h�e��P�T1����l[wY�`'#C��z��(�*�V�9��G���%K��ڒn���Q�C,y������
+;��I[�TDu�
+��xB5��9a�`�9 X�PDU�ڂU��v�*;��D�9)q<�%fn2��	�N���	��k*�I�`k�a���:mS��m�V0�)��
+���a�g�\��II�"��ɴ��2�L�9��а��N*�Q�MC�
+d(C�!3��pN��d2��aB�
+F�q�E
+V0�W�ȜMӅO�;3�72��
+����:'C�L�����tj :�ܰ2_�bJ2��:���1y���
+qr�9�����$�`�b�F[�`'-W;X�T�M��Qs��	��
+�T�A��GX�`�!V0X�-V0&<�8�V1w�����b�vX�pW�3e�*p<��h
+�*2�EwR��"ؤ��6��`WE�I�m�Y�V0Ĕ��T\�h+��#��9�
+�����M��Wܿ6b����T�)�P�v�HSX�4��æ)M�
+�)eJn����b��t�b��/&�`N�G����N�a	+�X�lf45�4�j�0�C0'C�bHo�숧���9][�h+,<�C��!L�R��*��%+�d
+GlR<�o��@("s�^0#�b�H�l�H]X�T�`�iB
+j�8�N���ȸ9!��	)�	�	M9�7MC"F��f t�9D�лs-��!/�2Z	2
+W[�@����'�[��V0���`��5<��6�����	��
+gaap1$6��={aC�`q�5¦!�M��j1d���	�WEC����`Ӑpsn\�iƕ VsƩ:Xg�N�-@J'sB<@��	�.��*+�K�-m��y��D��<\m ����7�T�)�q��b�cNI��`�dX�`SXڧ��!��y�*f���*X��s��Z��
+kQX��4�J `��@�9Ɩ����)#
+as����
+;�v{�B�hk��<'L�	����cdʨ�
+,Ӎ�i��e�^���s9J#3�-����=��`
+�`OX�����*�f�FV0X,(��^�
+�`)��
+�fE�7V1X��H1�)�M��x�П5�`�ŜU�����<�a��شҙ�֜�sqh��'귂E���"���ޭb���:�`(�vG�U���U�*�q�Œ�@�����x�U%VU�b�F��*�� *�1:�,�Bٴt8�,r1S4@SL��9sFC�rxz��*f�b�C�wޱb�8��M�Ň^&�qњ�H��9� ���`�b��
+D1���}¯W�
+�-˝}^fV�������^�&��_�Qia���	�r}���}7�6�(�{��V�w� �7����)>[\�oߔ/��0)�S^7�ܹ�M08���fq�w����U��6o�`��&���j�\�oW�_M��c���j~�yS�޴yy>J�Iu'
+<LGa�����yǁ�T���~�#9$|�}�*�F�T!Nv�����k>1��W���z�M~'�(��Gi�Ӿ�u��!<(V�Pc�X�66�n�������&C������d��v��ʗO�8!>M>;�a*3����v��o�fи'h˶:�A��y����}V7��	_t�B9�@)�=J-S?��զ���|��.��Iu�Śu�ǿ��������{V�cEz�P�����:��0�������⸱R�����(�*�o錄Ƈu��qwG���y��y;�Ѝ-������V�k~�[�p�}�n�H`��`
+����׹䥕��u�	�m+�%����:��e?��}DQ���Hq�����e1VL��\ڱ�oW��N��h)!�'#=����WT&R������O�����zYw�$���815��5�N�"=g�˓H��p6[��x�ne���eyqˣ�%���H����k�_��a��.6����߀�/����g֫�M� ��+����W��(^�8s�����Ȉ+�Ύ�]Y��v��������ͬ7	�p6_�c�&X����<yc�>�<�����$��-�8�ͯ�)�6.)B�uR�G#?Z�^)qG0���@R��oV��1A�>���e�>N���M��Q5��՛��Y�.�PO��j��KX|C�]5n�sr#�=]F$��K���h�j]�av_�묛��7Du���$/�J�n�~}�@�����/�� x����/V�{�
+
+��":�Y���^�nr����;&	��p�q�-�����؋,�J��z���9���kqA�yI��K>ʚ����;���(�@&���K �V�J\b���A
+�8�о*E��q��I%8��I��C5��:k7�x��b�9��εS���S�G-�~���䚯�-ʡ�?�uj~ǆ�;O����2��2_�h���C��UI���d`q!��6v���8v�O���xˌ7�i)��������T���[�ņ5/��K\��i�����祤��q�s����*���,XVz-��<n�5�g�����r�n��Z,~�=��Q��b������f~����g�4����c��
+zW�����0�ţ���඀��é�3}a!����(̾݅^3�`'�I���<��^���vn���4<-9�`�蔜~y���<����1�^�P����Wͮ�2�[+�jq}|���*m�v	��1�J��0�b7\&��OK�}
+���?B�n�
+5�#=l�x�a[M���z��f��=�^~�V�����+΍��Q�;<�J�����n7���Qm��i���NBH�ʟ��¡��>����.Q�>#aE�=ؿS^����ܬ�)>���Ã�OY�V�h�<�[+�j�z��Ȼw�nV��Xҫ��-u	"��)�PE��޳��h����7�/a���r?��Z�'�W}|�h�sc[�`I]�np�������m*���b)�ۇB���)�ܾ�>���⥘Ǥ�qw��;�d��닇vQ��}�
+Y!����~X���F��w?�)|z,��{Άx�m?��k��g?~�lp����w/6��5*=^���j������Պ�����?�OM'�endstream
+endobj
+696 0 obj<</Type/Page/Parent 689 0 R/Contents 697 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 153 0 R>>endobj
+697 0 obj<</Filter/FlateDecode/Length 4681      >>stream
+x�\�rG�}�Wt�î���
+`^6dJ�ՆuY���6E�
+T���*-8����Mk�sN ^Y7�I�`��LX���ZvV1ت�U��ޫ,,G߫�4�O��^�`�)��W�,�;R�V�Nj�w	�s�*Qಘ����	��\P&�E���NG�+�(��lWb�}l����'a�0�+���Ϥb���`�c����%U#.)�U���
++,Do�
+ⴝ�r�.N�-��9�Xnɠ�b�Mɽ�C�mi�
+!!��a����a�?Ƹ�po��9�s�\�P����!�C��0�9Ts�҂��"7��3'�ZtsR1�[sc�P�\��[fÂʱ���
+n��ɬ-���yj����
+�x�9��/��+�/mc��{tlXҘ^��d�����L*�Kr6,)�
+�ɬb,	���
+;�1$�`�8!je�±5��a;���1��%@�c�����N`��:ƒp"C�yb�`[eS�	U�c��m3+/�*�X�<�y�8kV���civc��-�\P�"�6Q2'9S'�+K8�����~��<�b��pb�ܙ�;�cC�x����v<5|�b�L;H1X��J���� �3+��0�+xY4#�Rg��ɮl0p(��r�`�3p����N*�%����0-�g���c���\Y6�4�6��N��q`
+1��"�2=�
+P�7�)�B�4'SMLq�LE0F	+,��UV0�����*�"xx+��`�q6(�bɳ)+"rH/�Μ@,w��TLE0�+l�R+,,Oǆ墚��Ҧ+܀#ub\�bR��I�\.+va��K���
+��;tQ���D��Q����5r���	���FpN ;b�vR1X�+8���D�$Lv�=�1X��`f�TSJ�
+�0�yx[f�E���bPÕr
+ƙ�9����y;`aJ	���@�yU��Z�$�`��(s�L�&�5B�G���-
+�_r1)RL�I�|%�Ka�Ez5UV0
+��a�,�q�Y1͌
+2+����v6(�a�m�WD�BTeR1ıf�������"��[8�b
+���lXR+)��p�m`�p*d�ک�YhZ�Cô�7�,�i
+���+�ٝ C��aZǐ��d6L������U�Ȱ��1����T�i�x����@{�
+k����$�����g�01Ў/'��lKX�`Ѡ*�Y<C1���:�'�fF���9�V�yk���i��%TyN%lx%z9�aSZ�
+c����)� ��V2���N���) M&y~�k�*v��BA��	��sv~�9Kk:��*`=(�`�4�>g���V0�q��B��(k-6a3d3�uV1X�:��~*��;[Qd1FEfl�Dja�w�ppg�!9�����A����V�O�qe���\������٫�ǹҴsB���A�`GO�q�W�8˔M��}�E����X�G���*�����[�.����
+�V8
+R���p(��N�@p��Q�!8�`c�6�S)D����G��#�WX$��67�ť]]���w�w7}��*�֫]��m����-9�$;�8컳�������&��$���S��!���1*�qzb�O�N�:>�7^-��mz2�7�9�-���+2o��y$16CVx��VE��4��G`_�7��r������t���l��_~�h*a���	"�b���ӏ����܏�Ç����dB
+}AuAa.ʛM���[l��T�q\��~v�X��(�Q���-�=d;A��U�}?����f}���۸!_l�3Q�
+��w֛��A���=7�q{��O��7��5�?9<̐UI��]J�y˝�ʀ�����2%[��8��6�:'�U�E��7��J�@�!iM,�*y������������8��b�_�y���"�/������*����>�f�,��3nt2&1�O���[��R���PO�A�͂W]�W��j�'�A|���T���������)�v�!����Eݜ�j^&�9��B[+fT�7V0�tsTvM�T0�"=�|qh��`y��A7��Dn�)��[�8ƝT_��)��l(����b�I�ik�(�X�V�޴�����(�W1�<fh�<4�7�Xȑ�36a�}��25?�e׫p�X���,�Z*4��,W��kN�'	9�+.�!�C9�u���p>nw�lEP���/�sp3�ζ�64��xU�q�;-j�<v���O�7?�_]�u!v�;04{�����u�29З�'��������v���3��r�����҄b��VeQ�U+�7��c��ߜ�,x��^�u�.�����ilE��;��s��p�SᏚ�Bs�3���a�o��
+�b��q/����T	�>�����|��W�:���:X��߮�H�
+�쁷|��6�-
+�Y�)3W��~̭��w������a��4hyV��ϰ�{�vV�HFV!�3��nFt�~l�t��&5�7��Pp�J e�S��҂�U�8'N��I��EOn�-V����5e6�cɖ�<|C�5�O������始M?�����8�|�(���F��	�'�`�,*;ݛ���zk�E�{&�~��l���M��P�����&����X��+��
+��p��w���ͮ7��:�,�p٢��Ϳ��Cr�ˠ�W]�5�4�k����s���~i�-��/:�{�ߘm�V"�C	���E�>I*�tO��ɰ
+O;���/���.������|P?��.�Mb\�(?�>,v��7�Ѽ��1����?th�C��y�K�#����~�V�lٯ�ڭo��@���L��'k��0W}ض��>T�_�.\U��de�C����Œ�'���9�%��
+�\�Ú�}��ly{���=������Q��˓g�ڙ;&�Aݣ�sf|�T��H�p}R�_Q
+���5���)G?�Ua���WN��ц�y��7��"$R���b3�һ�=�\v���s
+���>�Ew#�S��_]
+ʱ�����
+S��.�i|����u
+endobj
+698 0 obj<</Type/Page/Parent 689 0 R/Contents 699 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 177 0 R>>endobj
+699 0 obj<</Filter/FlateDecode/Length 2506      >>stream
+x�Y�r�F��+p�"��P8M���f�-�bk4]�M����!�Bz�~^fUe%��15��v��W��U��I�d�?O�")�d�:��#�Ǜh$�M�?WI٦����D�URUi�8WI[���\%y��H��6yj�T�WI���\�����UlU��ZYc��I+�*=���T������*,��B�5���PA��JK�!q
+��rY�H���f4�mY0IؒA��sy^ҲBj�emN�����aaݦY���)����lU��)�-3K�
+�1i�%9#�0ت$���8nV����V-���9n��J���t�~I��%�"$,��Т
+bb�A�H.<[شլ�`@F�nӚ�$a%�\^�D!�D��I� N�%t ��hh��#�8�s9��1i�<^�
+��Y�)���[Q����"���7�(�Dϑ�v!)��6c�p�s��)�s_�8��y��Y"� $�~aZTc���E�T�4
+���#p�UX�?�R�1�����'p����S�Ḍ5&A����� ��0X[���0�6/�"��l��V�lM�@�U,�N��YcJ���T�-�HU�����5�`hթ4�����1XKE+J��*18�h_6<TD��Y�A4�眥�SP/�7���
+Y��u����b��:������j��UdkHf�*L�縊s���p���1X�aĈ���iȴ�U,�G�DVa�
+;Md���&÷#m�LQ6� ��ơE��y�"ERc�\��0X�n(Q֘O��b�yP��&��1X�=Wc��mj��`Q�qe���&�
+�1X�X��,L�Jcb�H"��Z*:j_�Z��e��:���S���3CiDH��´PSd[p����`Qy`��*�g�*L�3�2Wc�
+��U�K�q��P"��#��`��Ҧ�Tu˖���N�
+CRخQ+k�f5�0XS��*��
+��<Q"�[u��
+F�r\x�%���D>J��:N�%�8�s��y�)-�ĆUh��`jt�T�I�t݌��'��)к\��Č��Hj�TjG,���ea�)4,]p� n�9���˦�u���eI�
+˾[R��=�r%�����W-�'��qӕ�
+ۘdv�Wz/Ng�e�w�Ű�u�����7̪`
+�uF���4��������7 ���)���Fޮ�����/��m��i�ּ	�����t�Ǯ[��:�֏��׷�#o��jz��
+_�x?\����|ͻ��Y�������V�h�m���Qx���t�t��h��+�/�����DagH�R���}"��z��xIh+������_�8�T#B]?���>���t��_����#�Qz��G�Y����Wh�"H~��}�����؀�M��x�<�38<&����A.C=�L{�u���p%���Z$�a3�?�Ѵ3]~OCTmĿΗ�!j-_i�G|7��~*y5��M��/wA��[&��/>�
+��HI!t�EWkX���Y�U�uu]�B��ޢCs��ŲGxq^G{ф��ǫw�+5�<��Z���6�C�kⓥ�~⓯�egD�����߂p��G1Y$�4��8<��p��b1_�B3���4w�}w�,|�r
+�I�,T����	�x
+X�n��f*ï6�3���[8���2���=^�[z���N�YŹߜM5ZlN�4��Z����� ɝ?^��Ў\�W7���F2s���F(��0*�d�i��f(�h���z`���E�)�������s��ltr�8���[)�I��^*a0u��A;����e�ݧ��@?�>
+�i%=߰7Ӊ�r�ۄ��L�2����3�|�Oi���}�����7�Bo������o���S��jц{�C��j��-Rڴ�w��{�\r�[w�,���pގW���S-O���\g������w�C�;�
+�JC3IA�{)%���M�w6�2Q�����X��J���z9����[d́���ߡ�ҩ�+4�K)[�;����L1՞�85��\�������X�P�����|���/xŉ�s;nBC���z�h[�5������s,`����5�o�����ʡ؂�VU��D#����=�_��4gM�na�G����h�#ݹ`B�kl���Æ_�����i���yAs�R��I�i�rD��k1
+@7��
+������Wx�9��  Rg�P�x���[<�$_!h��l"r�^z�/׷�r~��^������_\s�*b�Ǝ}K���?w���~C3�|?,��x �6%5��w�����Z���_O�0�"
+endstream
+endobj
+700 0 obj<</Type/Page/Parent 689 0 R/Contents 701 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 180 0 R>>endobj
+701 0 obj<</Filter/FlateDecode/Length 1061      >>stream
+x�VMo�F��WL�q��a˾�E����u�qEŭ�]vwE@|��R��8Z�	��1oޛy�F9M����T��i6ŗ�ǧ����2�i��e+ji~u�͇���d?-s<�K<g�uLU\�y�xn��~�M�]�lJ�
+�..W�.#|)�~�U�Q��/vO���jR��5�@w7������3ޓ/�=�y��p�Y���]�����UI�fj��Nm٧s�����RN�O�P�}pz�.i�C�BRaMP�Pc�'[Q��Ҧ���g�M'���`{z��2�Pɻ
+�IK��UA[C
+%�Ym�'d�9D��T�Q��
+y������d��g^�2�)����C�A���n{ݔ��Hx��r��
+Z*E�ϩ�u�z����[��r9�rF�zVz�?e��ƃ)kT��"Xw�h���׶oJR}��C��<Hm<�u�o"����l�g��?����*�V��z��^5d�K/L��VPZ���TJ�坵���zT��.�O��X�4m=��8��W>������R޾�B��D}��&6jӰ�����^2��0[�{Z�O��.+�&��L��02�h
+&�B��@�z�gԦ�t��v�h�W�CyDGz�>7�{2�ZPd����*ϝBq0��u�`
+���0 ��\`��_
+v�K7<���wg���$#W��uA�>���.�Λ���'������V�Z^����N-(rT:mvqD�n�&zcF�9D�.��|�,�tމt.�.�g�n1� Fx�;��c�m�`�:D��Ud���2��4��� [�-'�r���q*��x����a(/i���k�i�Z-��������
+endobj
+702 0 obj<</Type/Page/Parent 689 0 R/Contents 703 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+703 0 obj<</Filter/FlateDecode/Length 1533      >>stream
+x�Wko�6��_q�/u�F~?�a�.-��I׸�f(���H�KRI��w.)Ů�X�8Nty��K=��cZNh���>%��_l�?F4�L�9�VK�_���J*`;�����v:_��N`ߙ�d�'����G�d��j}4|��3ZHq�<D�:��YB�^nizB��^��HruJ�х*+�2�
+U������h<��'K��7�	�8Qo+��QGJ��[0q�4WVf��]�0W�[�61�3ؔ�t�v�AD�jNbD��i2���MU�ș`�	MNJژ��lٝ�Ґ7����Vd^e�Ø��qp+J��XUux:����E���).�5�3x�j�3M�S
+[S#��%U��)w�9��LLb:��y��oD���sY�TTweU��aug�MiM��_����߷Ɠq��� ��78,�����6?��0����t�㶤�*�Ē�6*۴=A1`La>鎄�-�N�
+ޓ�2�hd�㤽��9��}�0�$�,U��H��%�e��I��		�^0�`��������
+r��}[�O/E�
+R�H���y���������󽸌�\z�*w��H������y˨0t(�<��ul�-��6�{N��	�'r
+}<m���d�J��֭
+�Vdb�O<�A��c�
+�|�B{뭱^�J�<$>2��ʹJS��l����{��D*r�]�USZQC���?m�]o��sxͳ����!�ʈ�iyꂣ��ְT�X6���<;�4�?�=z៣�	�\�;�c,d�h�by�@�T��@���-��O�F!�L�{��!�ƛ�[w?�+��nPu�1
+endobj
+704 0 obj<</Type/Page/Parent 689 0 R/Contents 705 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+705 0 obj<</Filter/FlateDecode/Length 1363      >>stream
+x�W�RG}�+���V����
+���U1v@I�U�J�vGҘݙ��,����]tA�&@-����9ݣoG��{@gCJ'��G�d:���.�O㴟��hz���8I�JZ���ӏ��v8%��v������d_��h�Z�Cn�Qr������nD��(c2=�Y2��,���r�f_a4x4�'�f-�\�uN� =��������N���X��XX��꼢��ɭL]�w��&��]S�n��k�zz6�|�$s�9��h�~��;=鳞By�����A:9�<'o�����)%@�ː!m�ӧs�p���!u��d��
+����D9���=W�s
+βO�8�_
+HΥ��RS�Ճt	�n�-	H%<l`[*���E�>�� M��Z�2i�ز�����ݠaM��בj�3��L��)�
+��p%��N9����Q�X��S�.�k�"�~C����(��]|B���po��A?l�*���:
+��V�¬��,&��M�����d@Z��
+�ު����E�p���ݼ�)�;/�A2I�	�xY�x��e&h�՝��
+�0<'*k0:\�w7���{R���X��G�?4�m��_�#@��Js�aaF�ZA��,�n41~K�nPeUH�swv�
+��O����l�\�����L8��b
+ѧ��L�ic��d�&i��������>Y�k�ޘ,XH=*�۞��q����a4�@#L8I�����?���3ڜendstream
+endobj
+706 0 obj<</Type/Page/Parent 689 0 R/Contents 707 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+707 0 obj<</Filter/FlateDecode/Length 1368      >>stream
+x�V�n�F}�WL����9����[ǅ��n*BP�aE�ȍ�]������]R�d�
+�ڰMk�3gfΙ�O'��{@�!��'��O���јΧ<�SI����d���`<�Ώo��8�]�hpN�
+���xH�}ZĝA4�h�dI�ZT;ʕuJ��2I6��$���:�d4�L]��Ճ�Na��vw8��η��A��,��c�b�JjGݷ^5/u�lf�Ӣ���9�z�����S���R�h-�{5��?!��f�Pb���c�dM!]�!+KJǦ�d���tu1�>u�h��o���'�2��&�Xh�5��T[��3�.i�/�YD2iྡྷ�B�Z�xɱ���:�H�#���2]���ڄ4ř1�{�(�2����ۅ09�B�h�4�1��(���TK�Pe*��[S%�bc�V9ڪ<��#8!.��6����mAi_��rv�B�U
+:���@.!hFȉ�Ǳw�$2�x�ĭB�kw
+��c��}Adh�O��'���Z��	�/�;V�5t EQ�������C�P�"��������pS!\�|��ە����Y|Eo�����
+vZ�7��3�g
+�ψ��L�^��ψ�~+={�n������s��є{�ݼ7<#��(����Õ*L���e��@d���X��7�Ww��j�C���O�A4k��@A�)�����9��������lbXe�<��P^���Jc�ѷ����=vL�\�0��M�\�+����V���	��u��R��}s��3s���<�0�Єuj�ʏ�%z���⳪�]�i?��UcdE:N�1�^�{z��m�0����nU	��⾠�l��|^:	�5�@C���V�n��L~�:%�#���6Z`���c=���=�
+�f�<q1�����/�w�y�1�]_���&ع���XWc��x��/��<Y�`4~{�p��ڴ2u�rc��6�ۛ˫wo�\���	4ɋP���M��a��ɯ:���j����<n�(G�lU2`	�9�{�ђ$(��i)�>��WY,���vI�e��}���Y�*�#ǽ\.��a���Y�3�5PY�U��K�כn��ȾB��i3�c,�����R9�|��%�Z��h�`b\XS�w��.t'�w���5�O����_���ś�����
+endobj
+708 0 obj<</Type/Page/Parent 689 0 R/Contents 709 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+709 0 obj<</Filter/FlateDecode/Length 1419      >>stream
+x�V]o�8|ϯX�.���8N�{p>z0���Z�\���m��HW����w��[M�C%�H����.���OL�}:RZ��
+��xF�x��[JZ��A4|��Y|�^{я{�︸��
+��чO�cJ�@5�S��z�����Դ3-����Mi�,hv{3�ߐ�:�B�5xT�L8i��43iUH�SF�}ǔXV����d��=>a�p��}��G��4�#~G�'GYZl|Ty����Ia�,#^���Ń
+
+�GGpmt�@����E�Rf�r�㝖n��
+�ߑ-Qj���l�@��fW��@�O���(�c�0�c��є@O�L��JMof�\�?�r���Gq$�ʙ��t+�2?��o%X8�|�E��)���Y�Z�%�l%m�٘�Y:;�,���/_oN�sv�m~B�����4>i���@Z�$�	1�a(��!�RNC�#W^!�TQ/
+����ny�����r˝������e���W�^w�ۘ�V�|�O�޸���O�B�;ú���C�y�
+��c
+������I���;d�U L^cv�/7�4�c�.�ƭ��B�Z�0���]*�_���n�ӄ)������mds)�
+M�w�Xu%rHyJ�le�	�����q�#%/��)���JV,;7��G��z����l蔡c'W��AX&��'��-���l��>��6�
+#4�<C���R�c�F����u�F���8vg�,�,C����B,Pc"8|Q�<�o�	Z6xbj��)��t�MЕW�fW����t�f�yȨ
+1�6p3�N���ED߹4�2�������i�6����<���dЖוU��a\7��g��B�a���
+endobj
+710 0 obj<</Type/Page/Parent 689 0 R/Contents 711 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+711 0 obj<</Filter/FlateDecode/Length 1584      >>stream
+x�Wmo�H��_1ʗ+Rk�4��Zڞ��H8�T�ic��R{����yf��Aw'T�4μ</3ӯG�߄Χt6��>gc:ϳ9��x=ŏ�T�ӳgx��&���t������͌&Z�H2_�Ӫ $�i��6�~��Q�5:�+�r����i�1����EGkM����5ޯw�h�撂��g�PT"�@#�s�>�����јN'g�pU�����6 L^m#�����W���Bֻ�����\�-T:�
+H`��xTh���:������ܔF?�G(%�8
+m�8��.��}�IFK +�f�YW�{�
+	7��1��%��U��@���P���k���ƀ�C�Н[Y�;>P�[o�S�"��M������eȷ&n��A?(���[��;�}`?`dJ�BD��^�4}�gL@�D��
+.���*���e5T�Ua���{��셐�w T^�{����$���
+�	��JL��C�Ïm�������n
+����¸G'68k@
+M��o��k�!��lvtywZ,z�Xa��	$�#T�>2$K�B�V��[�,܃�a�o�y�@�W���
+��&r��1�l��Э��R��U�/p
+�;_�(��K�Ye�ἆ����D*h��=�|I@r���C_��<���A�r6M?��~7SC��j׆��Dn
+��G �U���W�o?������	����W�ˏ�_��y���_.ђ8X�<����T&vg� 
+SkH����bRys����>�yN�>|%�b/�4�&�l�� �T}��gU��ćw����c,�,.������~-�{������ܐ�*D�ㅷ��%
+��>�،�-3�+��)�:�G�^g8
+Kޙ�(ܑ<�A�2U��V�3�EBO/�(\*x����t�3��ٜ�K�Js��cyk�}\9j����*����ߡ=eO��$�����%�
+endobj
+712 0 obj<</Type/Page/Parent 689 0 R/Contents 713 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+713 0 obj<</Filter/FlateDecode/Length 1319      >>stream
+x�V]s�6}ϯ��df1�px��f�3�tۥ�/y��jlɵ�$���+�@;m���&`�G�s?��MHs����h�����s��ES���9��Z��/D�/_.$	̓�W}��7�e�5�G�ݎqp���gw�N����	�2��'��>��5h�'��N�#}�Jߔ�̫%-ݫ��-�*���~���4�2�*ʽ�'|@�G|�t�FA��(u��)�=њw��Lj�'r��gy�C�S���2ͅV��dy:CR�}!=@&�J@�=������$
+�o�TZnxnO�n�Q���
+�FJ�E���_�z���t�F��/�O_΋��� f
+�`T6���_�`.a\ce���"�3L�~���y�}
+�Y����3ʱ�[��:/;/�	��.�6`�`cq}䈧�iS+w"S�Pg�FԑE�t�_Vʲ��B�.w�>�0�>��A�Ê>OH�+۶�Φ�0Z��E�-�<X$q��Nh
+�l����"x�Ũ�!�̔.��������kҀ�T����������oq��MQ��#�i�?]��U��epO�,����<��4M⾜�->�~��DF�(2�i�p]�]��f�&L��@_�/Dq�����H�mE��H}��L�t��l{d�홮����)Z�}��#���,����%`f����8�Z��4��X}�FI��V��S�f܆v�zr�ܕY�BHQn�(�R*���}j�eP��7n�$���X�;n�a/"��e��/r��a�ه���^�T�
+����f�]S��q�k��Wǽy
+��!R���0̑x�;Uި��x2bLS��$~�ńJU�a7�l���������+Y+�=���&�c�kAؙ�Ov�`&nd-i����Hι�1f�Ke��F\�H	+G�S\It[{�7����&�6�x�\]���D8
+��Ь�H%�
+J/-<W��l�5���"��9�`@)N�G�`J?!G�Ql8K]Bu�j��'G�g��U�*%F���J7>�
+� ۤ`c�:��R����K��-��/��%���'|��&����������5��endstream
+endobj
+714 0 obj<</Type/Page/Parent 689 0 R/Contents 715 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+715 0 obj<</Filter/FlateDecode/Length 1669      >>stream
+x�WMo�8��W�æ@�؎c;�S�l��n�u��\h���H�KRI���
+)ʲ�m�K�|�7oF?�&4�ׄS��S^���1�&�lJ��O�m%���t1��/o,�4��������E::ˮ:#������p��/Y�ۣS���l���_qt�g4�ЪD~��VEp<�U~.���k�ݓ�T(�[��|Ai��7Vft��o%��yZ�r�䣬HTi韌}���u�U.�yG^<HG�J�������٘F�K�tU���@�(�t|3�oJ�d�*���'iS�5\�	�6�-	]�Fji�U+k��Tϲ�����	�U�T�"//m��ކ���ZjO�ē��.FuH�I�
+���󡛯w����)��<�1F�m�FʍCp\U879
+�B�����p��4�Q�"K��#p�^|e\��q���We�D�y�;4a#Q��,�s��N7�y�+�Є(�l:6(\��ӵ5��@4V�?�����(!RG�o����;s�Vx����d��
+c�~䜭���bw�r�O�[Ԧk_'7�w�4�r����_������3΢�>��PX��� $)�|�hFW�?ٝBG=�Vк6e]c�Sۖ������Yi'� uI3<ש@���P�`�'�|�+e�>>�v��be���
+�q@��4��-xߵz��[���>��{@΁H�8~��M���i�60�Ԃ�<��ò�s�ݰ,3h�==mj
+
+�
+��p��V�V	����Elc̻Nl����UP���Y8����yc��]ź|͍�����FW��Qbj�E�auy�V�c*^6����
+s5r3t��.�y�Eu��B�����'-��UR`����
+�oзv�0w:�ç��8��V�0�~�Z�����A���	bt�9��:E��a �qEꯅ-,^�Z!��_�
+endobj
+716 0 obj<</Type/Page/Parent 689 0 R/Contents 717 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+717 0 obj<</Filter/FlateDecode/Length 1705      >>stream
+x�WmS7�ί�q>�L���d��@R�1��L�0ӑ�d[�,]$����Jw~��/0��j��G��J����o��z�P�8�$�!m���t��I��dx����OV��,_����6��=,�L_������N?9����<��:tN�)u��~��r:�8
+k�IM^/Y��co�t����w��k��x�W'��r;�~:�B�NASi�<")�8fJH�IZ�t.
+�jfs/AO�V�^�"�TyN"����3��(��A/䳗�M��	\��(%�M���2�%�Ŗq�΃�4WH�Ř GLrɮ���������D�,�Hy}{�3`�Y�2p�%464��~��}Uŝ�:�>������Y��g؇��|�����nF[���~�ʢ�C5�}uZ��!�Ec+5���@;W|�J�g�j�	���J	���̈́���Ň:�\MX�E�xC���#���R���2�K�
+�1p��h5��B�08P>~P\�q�[Q�Z@�Kp�D }ڮ�N���xX�P�ܼ��(�I��&���s�����z�]������M��Ϲ`��&sË��,�[��}W��IbÈ�_��hbP#�΅>��Դnl�j"9nh���9u�)S{���>��^�O�a{�8*]U� y�m%6�a�Tx읱�m�i�2c%�[11eT���Aik����Ԡ��9���6KMO�*S�����!3
+�Ge"
+�׊v���ͼ��<+㳇F� N�9TM vC��<���ŮRr�,x�Q��9z<.�͋�3��;��F̵1��C��` �{�Op�+�q�nA�'���>��*��3�d��8�.��p$�z;��C�qq����z"�T0i�X	��mmg(���WE�8K<)�<(
+sGV;�o��t���sA�� *<#�|��q��|a#�xp��ݸ`�N�!.h����Y�o����N������Ż_�o��\�޿�t~��µ�~_�Nx[K�9[�5)��ɋ������Ҫ�F�3>L�.s���_x����).P�[�_Q���ۇO����v'���خ#�\����!m��y���w� ��e}��CM�d�$Q]h}��b��QY��Qk���t+�w=�"{ks��f�m��SQ�jX���dp��U�����฿]^Н5_qV
+endobj
+718 0 obj<</Type/Page/Parent 689 0 R/Contents 719 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+719 0 obj<</Filter/FlateDecode/Length 2016      >>stream
+x�X]o۸}ϯ�)���I����I��
+6_��>�(��$�$e��~ϐ��*@��	W&9gfΜ��ф����|Jg3J��qryI����4��%t~9���9�I9֎���k�ɼ[���R��&�������1�B˜&��ٔf0r1��e��2=���/�������ӯ��w���t*J��IC�Fo�4����јF8��~v��3nkl���QIz�V��x��s�L�(`M�+��udݖ�$��Ɍ\!����oT��P���Zy���ʐ��TÚ%a�t<&���вP����
+��9K��L�kg𘜦凧��',�F�S���-$�5���`�O�;دHd����
+m�f��d��T�����Y�f`?.����L8�V�$܎����V�Jp@��$N�eFZ�����=z��50l�Ѫv�sJKaT�R��0��=J>��s�>�wB�*���Hb�F��d�2�y������Q^ܥ�}#�k8B�6U@�}��/��@<`V�F�2�HX���u،���
+ݨ���av+��l�2�YBW5�WQ5��}.Ç�
+��t�p��࠭`0{�VB�?K�R�$MB uw��h�}����]A[G�s���5֕Z��
+}=�(Ab`����h��`��w��$붒`)8쭁�}5��b#���Ň2���_'�� �ÿ�M#��5�*Cb�{��05x�EF�
+�u�aÓ������6�/��%B:�]@�
+�ـ38c	a
+t��1i��e���+���[m^�F��1j��C��a�@
+�@� yk�h�xJ��$�B��#�ֵ/=^�� ��J��yB���QnG�@�L�HZy�M�,#e�C@v�y<�G�Mm0�ƨJ�|><?
+�l��u���� K����f����<�CPuC}?a����M�(WyU+�"�h��w�����5Xˢk[P����BdP[�Z�Ⱦ� �� �'b��^^jnh�?��o����M��wޅ
+2�����V��������ʶ��
+gty�X��VA�v�_)�3���Ph|^@�j�m|�K?/n�=�A����1�d�o���ʰ1x�ߘ@V(}p�n�ԅp�jD� *�*���nl�}���
+�3��zU/}�����;ix�o��EJ�+���t�H>}'���K0��=��/�����$�����B5���q
+�6�?�K�� A�l}��$�D�
+�m�;����A�U9��$�:N��?�d(���#����\ᱟ~��&s�SFg��yZ�&g�$R��7�2}�Gv��y�RtP���nk����Y:˪�sP��+
+�NF9`�Q������	����F�}`ԩJ�4#���!y*���B;�8"�b�7��sth�m����e*���g`��8a|����.�>��"ԏ�
+50�M|dH=��F� 0�\�
+���c���,�Ҡ%�>X�r|K�����z>���"�@���������_�j5��x2؈���1�W���*���8��K��3��ϒ�삕bqu}EOF�4~�)� 5�,u�m�����_����<��;�1��������_G�
+endobj
+720 0 obj<</Type/Page/Parent 689 0 R/Contents 721 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+721 0 obj<</Filter/FlateDecode/Length 1744      >>stream
+x�XaO�H�ί(�/��$0!�V'w� ��V�t�������mr��^u�$p��F����U�ޫ*珣!
+�3����))��Ʉ��Ƈ�F�\L.q�2�'d%eG��`����hxAQ��	�H��E�ɨ��)�H��۷e��L��S����ö��%��D��s����"�w��DT2%��aIߕN���"��f,�p�M��m��|�����"���o�h�p>��ۧ�?fO�8�E7�}8!�S�5��!|fw�+���
+��i��V:�+��B$�%iQH��U����Pօ�?8�`��h��Ji3c�&�����7���ʰ��e�� (�Q�Y=�9'�]��F��(W��k���?�_���l��?�o���1ݘrg�zSQ|�ğhxu5��X�LV�-�#� лͭ��
+�-�r�(�!/�t��yx�'!�nr��4�t�`^�������N�J$�d[�\M�vv�>�$��D��#��E�/������+i����[<�կ��@,B�vGnc��Hz�eEF�}�Z�^T
+} �Zv&���0{ce.��)�v�V�7�
+���l����xb,�P��߲�U�h�费w��RX�{�AT�K
+��J��¯�*��;�Q����;m�sk���j�<C�R�M%=�@�20��kN���5����D�$`�?u&�ӱwU�Q�ZA[Um�v?]Ѓ�b
+v���
+�)/6�U�n1mC�2Y&m(f!ǜ7�ZI�80_��}�l��P?>�~������_RS����'K狛�_og���r�ن��_�N���b�̓���]ǃW�Qn��g�U��4oiF�.Kc��SWD]�����	�kd�����?�q�Q�a�yN�
+U���D,��f-eF&*S����zýJJ*G����Ũ,��f����E%�x%7��O
+�S!�e��ó�iQ�t�#g���BMC�`HN��*n�Z�\'�S@�;\ҔD�}f/�s|��ݤE·�|+v�uH��B�Zo�DOU���>��r�մ����=/�����B�)K���w����t�����m�B3���%M<�l�������3e_�|ʽ(��'��H�ݼP��}�����l%Xg��)�F��u���-r�/lj:E�
+;=��y��O*�u�/�9��%���!Ʀ��I�DۼF���y
+���ǹЅ�!Sq�3Z!Q�]k�B��A��5��pw��&�Ɓz���&��� Ύ��ng��z����wC
+endobj
+722 0 obj<</Type/Page/Parent 689 0 R/Contents 723 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+723 0 obj<</Filter/FlateDecode/Length 1673      >>stream
+x�Wmo�6��_qH>�Œ��)�yq7����Z�c�������=GI~[��Ma�y�{��?�|��ǧA@�K����7��xƗ.�{����\�O��96wq|��n^�݌�V�Wo������O��	.om�=r�o�7\9�إ+
+��{�^@�p��rHa�<�Rw��wBQ�}њ�)E���Ґ�e��$h!_h)�
+!�ߵ�gy�t��3�Q�����k���Kg>��-��)\��45+6$_D���T�V�,D)-�4%3�r!�ĆRj��C&���
+���w��t�Pڴ����ӈN�>=|в\��;;D'�Bυ��_,�ݾ�8�a��"ϵ�$9\������_N�"%l&+��,�sC�c�ɫT[��v���X��m�a��X��Xn�r�l}ghd"Gd����*��8�N'7��Ǔ�������:�8�����(j=�����*�J�0���;�r�gG�������cT3�d;�����&�M�(6�J��u�����u�zR�%�[c�!�1	��q��މ+��٢�����3��;�vl���H(0��A��4�TY�tڒ��:is*(�%����
+�}�jK��w�K�R1K�ϫ�Ĕi���ja�D퉥\��a�SA�e��S�xA�1߫������K��Y�WW��@���`�)��*�T�T�L�\�L��pX,���6 W2�v�RYF��;�o��͙P �hط�!H�ˉ3�30��W�����}������օ���4��l��c�|��w�ᢱ�rh+��q�0��)}Q:1+K���h�hKA��P�DOw6;����x2	�h�u�zA�=��=M�h:U���a·����YW%'j�H�IRH�
+B����|8��2^��\��z4�)
+������
+����>k�r~�t����,���nC�)��x��2��M�t���l�E.f*U��nX�
+�	�ʲ�Y�D�������Ǜ���1�g̸$�s
+	�0<�8q�J��G%Q~�L=��<��f-\�
+endobj
+724 0 obj<</Type/Page/Parent 689 0 R/Contents 725 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+725 0 obj<</Filter/FlateDecode/Length 1873      >>stream
+x�XMO�H��+J{b��|A`V�,�i�c��p�؝����	������i/"@����ޫ��:���s�\�rEiy2K����Ro�όV���ί.���֚6X;����[��:���n)�g�d��=�y<����#=nh��/�����=fr���S�_;c=���\����}x�y2��9<Ɔ�:]���^__���ޝ�|�FςճťX�!�\��jW���Yo�8%��5�'�e����F��q����x��Mi~Ά�����Er��g��u�v��-mZ�6�!Ze3��q��p{�ZZ�m3����D�B"��Z9�A�k��g,^\��kd�Q��H�݋�З�alO�Tin��(����D���������@V�x�tj��.���6�&�#:�ɂ-r:L���W��%W�Zq�O�Y��m����&��r���J*u����{��&��
+�NE�ñ#�z��U���gq��2��#'<�����H�m3
+�������5/xU4(��fD�~�9��/��=<>P��s[�;�r9�	{`6t�p�Gp�-g��ݤ�1.�* ��J��M���m��_RE�>s�����#���G�>ɜ՜�n����T�MB�\��6��@5W�p�*@��̈́Z[0���`�Q�-
+qZ{v�L�$�Cdtv瑽��J�Ϻ�*ˉ�]+�j�և�@kH��䝺�Jk�J��1%��؁���Y�/�L#0�$�� �1�#�XZk��
+~�U�HX#�}wkr��Cр"FYbB���|~6� ���-���\"M}��h���] ���1p��UӲ+a~�ѝ�º6j@������ls
+J�UcJtr��F�K�^[���Q�RW����l�@��Z�&/��h<��1y����.b|�X�A��Ж�I�FZY:'�n��^F:]}ԋ2�Z��A/�k��(�#��&�<+V���6=t�xJ'>�v�ؘm�	�hYC*�ߋ�=E^{Ң#@��I9�F��{���!U2�����#�s��
+I��	۹`5�(ͦ�
+hCf(T��Q0rG2��,Ÿ��-��2������>��Gܭ�y:�p>�!���?\?Oq�!qΊtN�^/����w|��;��q�����ˡ׺�	ꤷ�;����r����w�R����1T)�V|K
+>�@�_�'��tbƆ�K��������kendstream
+endobj
+726 0 obj<</Type/Page/Parent 689 0 R/Contents 727 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 187 0 R>>endobj
+727 0 obj<</Filter/FlateDecode/Length 1946      >>stream
+x�X�o�8~�_1�'��ql�}h���M�w�@^h����H�H������H�]5�]��-����|3̟�M�oF�9]-)�F�l�����f�y6���4[SE��2��Jz�?���:[��ř5�ŏ�E�|�Ȯh�^��EvM���h�-h�Z᳢�<=�~Z.!�"�`	���N�ʯ^��*[E�.�o7�˻�f�����zE�B\��&?�U����>o>ݿ�ߑkH������Z5�k c�<���MU��j���5m���6�
+&W�8���8�wm��ƨ��W�6��4�]es2{�`p��o�n\p�+e!i0^�A�{Ѱ��P�L��d,ե§X#�͛ctqA�6�ua�{렖@�W�8
+�=]e���~���_!�e9��˺r��4'�
+Y�}Y�Tb�1R|;��iM�YG ���b�_ׄs*��Q�G�q���!'�)�K��_�;�U4��;��*@Z��l�0��Yv6��ؖa���ܨ8�'T�D���ʹ�.�`5(��1P�J�=2�e&�����t.
+u��-w�q�J��+1����n�ȇ�E��)��
+�8b_�G���~���:����1�=�TZ����m����AO���E�D�"(rA��D� �a��,(�2�u��$Ѫ�K="�<����	�R+�C!��\mt���ۢx��
+�(��.�"�d�sd��@)x�7�]E��'�
+2�V�EB2P|�CҐ����6��X���n���r9�)�X��-�F&
+�-��"�d8��`�̹MdG�ڪ{�Ҿ�K�$}}�z�r��ҹ�N�0+��xJ��!������s����\Aa��픹n����*Lg��C�����L�AGn��˻y?���
+���w���'rI4�����t��dHp?���	Ph��C�!h}p�RωL*�����Iv�U�-�@&���'���:��T�J�8A�Om������w�W�>p�z-��m�^M�Vd�j�V���G��������.m˘6x��E�1<��d9;*WfHf�����&��y`huK���t���1N00O����w
+rgDTȩ�!	뮒�a�k��=4�zm=L@ώᔇ�
+endobj
+728 0 obj<</Type/Page/Parent 689 0 R/Contents 729 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 192 0 R>>endobj
+729 0 obj<</Filter/FlateDecode/Length 1501      >>stream
+x�W�n�F}�W��!-��yp�5[i-#(P�X�+��Uv����=���LFE��������3gF����wB�>
+Ɣ�g�x:��?z���{�x@���#|Ԓ������`;��Q���>��r;��q�4�-��v6$�~�KN��8<��iPқ�8�
+��=�W'2��.sH������%C�/��x���\����'1=Iw�5�2�3t?'aHT$j����SasU��z+�/�g�D:���'�y1_�Ji�*��ڪb+
+�8�,���!�t?X��P��Z�Fh�#Rq�L��SU-i��W�GW	X
+��G��#"�_�J�~c�͘�ҙ�w��4|�GQ����62�un�0:��]�-X���^������
+I?��ӗ��m4�&ɉK��"���v�h'��<cX�{a�hR��T)K�j��!P��p)|�5�ڊ"ςuL�J�us�A���rS��R��p���3./��ME:u.�1b�
+�U����6ʥ�=��"=�5�NU&��?U��	l�"��>���5�W��y�3e)R��R�PZ
+��y�B�./
+�Cl�ܸ[3A��M��c�Ge��lJ�y����Y��֮8��?�
+١��
+x���
+��L���Mʝ��J���Q�%b�D*�訪.�,���uo7��V���Y-M]XnGD�Į��t���p�����+��^�L~w@�p7��K����D����Egp`f\�W����~�.�-��(��b�,���
+2U��--r��ۼ���)1X˂؏�N|��o�֠�v�<p4S%
+endobj
+730 0 obj<</Type/Page/Parent 689 0 R/Contents 731 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+731 0 obj<</Filter/FlateDecode/Length 1303      >>stream
+x�Vko�6��_q��CT�%9~t���M�-*��Z�c�銒]��>d�n�n�ۑ��<����$�^	�S�FT�'6���?:OR6��d��I��sj$�qx��۷px8�?��B8�-�Y:dY8:��f��|�w̦�1���9<<`6�NY�u�<b������Ր���9�6��)�ʋ3��f�l��%7f�A벪h&�3x:�
+�\>��*�j�w��e��R+�s��d@Q:��\���P-ۅT���V����I�	�a����Tw��p����V��L=c�Vs���|b�ǯ4��'l��pu�&���G�hYIn$J5�Mo��3No_<�߯���T,8�k����TbN��`��aK.P�s��
+���zzJ�C#�i#��)�
+����B��W�N����B\��
+Ur%+[�,�>d��B׵TB�#��	w��j8�&ldk���e�����ձܗ�] ���Z���q�b���lL+�#>�iU�*l|�v���Ώ*����Q�ys@��8�S��>���]%�pH�����$/����ZK���/}�(ߗ7��TB�
+]�q:��Ը_*�(�C�i��h;����sW6R8�į�[>F��,C�X�F�
+Q
+v#��wM�z���>e��.������
+��������VG���^'-���YW�K���.au���1t��VE�̳o�Î�3_��G[�y%���Jb2r�7DJ/e���0檇Ef;D/�#^i%	�_�]i2KY�` �c
+-��� �UB��=��t°�Fm�4%	��>`AW��VJ�l�����)i�4,Ճ�8�CZV�
+���
+�Vf�ev�S����
+endobj
+732 0 obj<</Type/Page/Parent 689 0 R/Contents 733 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+733 0 obj<</Filter/FlateDecode/Length 1506      >>stream
+x�W�n�F}�W�U��%�r�!I��Ha�̀�"W�6䮲����̒)�N]��ݝۙ33�o)���jN�kʪ�YrsC݇��͗irE˛~�W�$%+i��3��IV��r�,�kބ��4M?�����[��^��:��X�&����"��Fo�.X�w���g�K�rުM�2'|�Z�s1�7�%tL2��ey�Jh��	|�E�	����l:�i6�f�&s\$iB���:g[��%�ist���I�j�̖�����yY9����;�
+�nM)�rw�^�pt�e��p��|�����R�-��tx|M�(xU��O6A��ڻ/e��Ħ���,�l�PJ6��^Aq�H��ޚ�K����GP�V:l6��
+�FU��-��g�D9�Nb!q��r�KP%�Bh�"� ��e�#����.��5|ZRй��%<@�4��Tzk
+�
+V�vpH9���P�RA;�XXv�6�P"5NC�T	��{-�=�&���7G����w��
+)�2�oX"��Ҡ����5:d��5
+Xk����� �|:Ə4uM3	�`��+�!�n�\��6RFf�`:3U�~�Q9N�m���Qȱ��)O΋��.{d�U�:��: 0M�mC�ST�(L`�Ę�"$��sܶc/g�{F2`��<�!v!z�BWE&x��ɽ�̠y3���Ž����oלi)2�	�~��[i�\�1l��|c\�b�I�Y�e\�2��el���w8�c̿��u�b�?���������Pzl��^"�M���e��%j����
+�����jj���|*������1C��j
+��OY�}	��wA�h����g�e.�)�U��ݩ-V�*��#.Ն�$�k���oDˡ���f��hy�Et__qtDn�6��݃���ڮE_��Ԩ�Q�����5�
+�_�x�f=_��F�{&o����dWy�6�~���4;���
+��54DU��M��X&����^0�%/���2Y]�u���bۿ�/���&�mendstream
+endobj
+734 0 obj<</Type/Page/Parent 689 0 R/Contents 735 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 195 0 R>>endobj
+735 0 obj<</Filter/FlateDecode/Length 1634      >>stream
+x�X]o�6}ϯ��0�b�r��)��]���-�[���(��$��d���;��,YN:�À-��"/�ǹ���EHS������
+E��4X.��c6x3���4X�|����epMFR��S��ۧ��f�x>_.���=81�6�a�#+3�j��������&i~�9����ʿ������b�vNaH��,���ASZE#���̩�)�X+�����#�"	n�h"�h����IkttIO-������r���Kک*�*������!S�W���J��f�5�X=�C�TE)�VZg�A�kх�F���*��{muR���9�"2����!G|@��T�TڀV���]�o+m�M$�4'Y���d:�ĲS�Ҩ��䤉ew��g3�j�<���a_�m����A����R�*6��.��L���d.��JaY���6�k�'?��~$7N�z��*z�Z�U1�ޓ/�V��̂�>dȩ	�]E�(h-)�y�2o��2Rɞ#C�|r�[��x��\�+�']r�(���(ؒs��k��ApKԦ6�y�5UV���9Ѓ�!���g��c�}�}�9�$+��Y���+�p��	-*I4�����ced��I'&�o�X�ʨu��	Z�o���`~5�1Xp�W��7߾������q����s<C�|�`�x]�~��F/�٪�e�ob`RԠ�ޏ��k�����P�c����H麨�= �0>b��3#�n̜�I7�x_��{E޹9�ez�`F�q��Pj4���L:��X&���}☁ɸ�D;��ؼ���S*�Wa�8�+`t��I��+�ڨj�z���������p$Q##ϣ�L��Jkz`��3�=���δӄ��׾�-˝��)���Q�I��s�
+��E�G�G�[q�x���[���)�"r�mӈf�*9N	衆J�0h�C�g1�,����d��
+^� ���(bڹ�UZ[lA������m.�X�x��b�m3�'�q�D{��	���O$|ă�N�yM��?�J�r,�
+�=�A8�0�@e�UF���:�ͤ�3��M���.x_�V y�ŕ9Om��TT�B��a�V�� &�1��Fd�@�<����FV���i�r�P�{��8��3/Tt��6y�#u����V(��s��9'��@⨁F[��B�fh��%������I��'��0�X'��f�|w
+endobj
+736 0 obj<</Type/Page/Parent 689 0 R/Contents 737 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 200 0 R>>endobj
+737 0 obj<</Filter/FlateDecode/Length 806       >>stream
+x�T�n�:��+fW�=lɾ]8M�U���M6�DYl)R%����Jr��wqa�
+����Vע=��Ö���h�� Xi���y�Hﵪű7c��la��c����s�,�K�Ew�,lI	�#֢l�
+�!!�j-�>	u�Ij�ہ+�)���.������ۮ�w�&���7�O{�4����'��+v�|h��]���"�!��bi1,��0@�X>ݼ��B`-w�`Rzg��*��pL�ZQ�M��F�rb��e�{/$U�����LAQ���A*�D^�k�KGI
+m�@�4Z����4��C?���k�h{XD��Ҡ�)|�
+B�����	��]!��3ybg;��/E\!C/�R���Ҝ;Z���+K��|i���7�7�o��U/��1�y��v
+endobj
+738 0 obj<</Type/Page/Parent 689 0 R/Contents 739 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 207 0 R>>endobj
+739 0 obj<</Filter/FlateDecode/Length 1448      >>stream
+x�Wێ�6}�WЇ:����k��nR7y�v]E�J�m&銔�}ϐ��U�(t�W�p����?��&��i��tAY9�D��>~����|>�*i6�f�CA���ǒ�8��7��r�4[.p���d�=���g���Ѳ�
+��hE�E�O>]�lx�7�8]�ON'�j�ڏj��P2K��j�����T�v��M?b�߭_R2���Y,W��}F�&�9����"zg�SzO�>��2���U�U*���i�
+�b�i0�q2�����:Y���$��Q��`�C�퍧12
+�YG�^C]�9e�
+�3乑L�,�9ȯ�Rci;4����:V�ri�m)��dvd�QT��ࠥ0{���NJ��x�!�s�U%3g*%��2�/�A8���,�!��A|�%2WC��p�^ga2B�V"���U���ҝM�Q;EaΖv����Y5�l튓P�HU��eD�4*�pR�%�/G�{#D%rJE!t�Œ.�h
+��A(
+���DjjpgGpme��^˜��.�v�fԈ%������J�+�P�`�P�/���N������";(-i;�!0g'�B��
+��"Q��"��{���rƐ�"-$=~x�¢1߮}f��eF�Ծ�t8:+w��`�w�i��x�'���^'�����3Ii�
+7B�]{ߴ��fBS*p�N�h���u�/*G�1z�z.�T~�#��R2NU�p����2�8���Smq�G���	�Q{-{j\� ��U�P	��pZȓ|�eﭿ����:�#�ﴳ�M�Z^:��9�^�P��m������)TF����h�v�M
+f|Ml@��"�c!Q��i{���D��O��5������a������X����]�i �ht�4�U��t[���Y�����G���+AQ��g`ĺ/�U�d0< l�%���
+��uPh��t(ѯ�WR�C��Oi�^F��vJ�+o63�Y%1�Fg�"�(W��g�
+kHy ~>�ƒ���w��bc�sc��
+T�R�
+	̄�1`�'�"���8�.>BP!��c#)S���3�K{���y�KC]�+x��h9�3@�sIo��#��e��E���`�Ʉ��y3�m�/*�Mendstream
+endobj
+740 0 obj<</Type/Page/Parent 689 0 R/Contents 741 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+741 0 obj<</Filter/FlateDecode/Length 684       >>stream
+xu�As�0��������6�cҔ[;�N/\���J��J2��>�&m�����}��[~�2Z��Q��rM��-���e��UY�9��1���Y������vEYF�#r�˂v��g����o��SO��
+����������6�����j�C<6:�^�W±�޶�	nIE>�I����^fJ�5�����g��z<�Dt&y�l�')������P�(8��)�ҝّ����2��:���d�yUO��%��v�D�u����Ҳ"�4,�ΓҎe�N����Q����x��v�?���28�8-��@F�W&h���2 ��H��Hg�f��W���?3���<m�S@o���B,B�#	j��m=tֶ5�&�Q$iO�P���Ch�s֒�t����!�|'���p����1��nJ=P�i�c������"-3�Lg��������:�Z�`���b�<j�{�i������__�a�5��+۞����v��������W�E��<����SӺ�z��c���z�'�W����8<?^l=)���0W��+t5��]�alk�
+v��%D�ր�b��
+��&{�E���ǁ��&�q�.^���pi�/�4�lY��fIY��e��t��ើ9���G+�cq&��$[�?�\RR,6����W�*-�%�
+endobj
+742 0 obj<</Type/Page/Parent 689 0 R/Contents 743 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 210 0 R>>endobj
+743 0 obj<</Filter/FlateDecode/Length 1702      >>stream
+x�WMo�8��WrrG��N��I7@�v��C.�DG�R�JJ����R�e9)�(�5���M���������bt�����ç�l�L>���erI�.�ɲ���q��^��t�L{O���t��,�pC����a��f��$m�������������j���KZe!\����sQV��EB��������{e
+}T�'a2��Lf���W�V����t6���U�J��ښ�YM���<`wS�`w���dƇ/�iBߕ�*����0��%�-;��j�?W��C�2���v����\���ύ�9M���ْ���-)L<�b-�L���RxIʇGb�4,�ƺ^��j%
+2�,"�|R92�R/���
+Q�
+�o��Vڒ�H8���Hp�t�\&�*a�`�w-O�5�I[U��N=��������vp���L9���;fV�/�JfA����A4
+�~���RTyB?r�;]HSSiKZ��
+��!�l]��:�bVJ�>&��z h���3l�E^���h혵T�!
+c]!tLj� Uf������-(�!SAD��l�Q��l	����T�o��=����m�ބ��5A��8���5c/�2c���p{I��:�GG��L��
+ϱ6�~��|�����r��
+7-�B^�`J��z�s@P�A#�%]A���sTe�&~E}X	s�3��+��({�e)�#���9��o�*W}�0zE��m�Ҝ�+`2�1?�� *=x1<Ɇ�M�C�P猈D>Gр��^B�
+\C�tS��UH�<p�%n���W�BbD/��O>0[��}���*����A�!��)�\S%���)����kƵ��2�﷈�L�ñS�@�8�^�⤃��
+��ʜE��<�<|�yxz
+�}f�a;O���^��b9�6��
+�e0d����c��F�=z�n2���a+DR�/"��m>$fW?�j\Jq����L�ԩ2�jk=���ş9æ~Q��
+FX�l�l�'�n�Q��b]�P
+��e�	�26ʧwz}ĕkm���f��P���	�̭��ݿ�z��*��Mf��1�b���g������=�:��}j�j��~+���
+[d/��"S��*�N
+���m�����9	cÉ+*v8��M��V��Ś7>�1�؛���=Z�9�p5ᵥ�f��y��|�d��aQƻ_������m�8�f�D*7��L�v��q�A�fߍz:ƕ��k���Zpq�7���u9��.���<Y..q��ٌ3�Y���	3]endstream
+endobj
+744 0 obj<</Type/Page/Parent 689 0 R/Contents 745 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+745 0 obj<</Filter/FlateDecode/Length 1794      >>stream
+x�XMs�6��W��beF�%Y��^:�cw�I7R�|�H�BM,
+�׹1�
+��"h�[�2w*��gƹ�/�P�-p/�+��/�W�"Q2�[)�Z�SL�pb%,j໠���o[na��/�drG"JɖE��{%+�����~"R[����UE!�9����+���b©C��jp�V��5�p�s�aT��&��H7]�|濾r_������,C�B@���JS�|eLV�%퀬��cx
+�F��F��A�G���g�y�2ֽ�_�!ݰ���Ĵ��5߉�u�
+��j[	����sk#%�Tf@�)0��F'cvl�t������V��ږ7��:(����A�|�!��Y3��4=�z��(y������f��
+���M�^��d
+���t��D�K�U�!اdwzY���=�X��X�XhE�ڃ8��0*����{Yb��mc͍�������r�
+�ﾈ�9,�r��2��X���#��uA�w��n��s�%��A������K��ҐiH��{cX	4�E�E\O��:.�SW;���j�K�AѰ�Iz�o�
+��Ȥ��4�=������d��T�����h����a9�
+�ȴ��
+,��b
+��H��bit��5���㋠������o�h,�g��"n���4��5ޒQ�������>A	�d�!}ܭ���:��g1myc7��U�l��
+endobj
+746 0 obj<</Type/Page/Parent 689 0 R/Contents 747 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 215 0 R>>endobj
+747 0 obj<</Filter/FlateDecode/Length 1689      >>stream
+x�W�r�6��+vt�2c˖,�NoNݴ�$v��|�HPBL@�����iҾt<�P"�x������ќ��7����(ʎ�fg�Z��syu�����D^,�/^}������G�Ŝ��g�hyy>�
+_R�f��:��j��?���OK��i�
+VjS��_b�rq��� �)��t��T�M���TY:��/�Q0>Hǖ�Q� /�"[�$n#O�AR(�2
+�"�hc��^QJ�*
+��aؘX����T���4ӕ̔��Ӟ��Y!�x��Q�yA+�M�R�L:pI���p^���ui��F�FǓ!���6P���4J���X�m����Et�x|P<6�0�@S�(���6Rǌ�HD�i�*�ajʰg�rDd�j�Pu
+tXAa�Ng��p6�qF�	���M�N�~F�K=����Y!2� L���V0�����
+jI�N���8�HH*���^$�E56wʿBy��F((֞��F]�ؗcg�		��3)8�Op%q6m~��6~BȃB
+"�z�{s��O���}f�(�P8p���p��(R���s�۞o~� 	P��7��J	�@O}O}����hd�G3�J�#����O#��Tm!��b�#������nI����\�.~ɰ����Wz��#-�v
+E�f(��F58��Cd����pH�ks#�>А����1Mꉔ��yBS�u�ｶ=N�b�L
+Ү8bo�[v^[�X���;������&x�4��G�c/)���u�R<u�/*(Lʣ
+�ϝ֧���
+}JZ��:�
+��F8_fk�f`
+��s܌q!�����>^ӟ��@��U�_.R��]~ry���\:������
+Wq�X����G���4endstream
+endobj
+748 0 obj<</Type/Page/Parent 689 0 R/Contents 749 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R>>/XObject<<>>>>/Annots 224 0 R>>endobj
+749 0 obj<</Filter/FlateDecode/Length 1303      >>stream
+x�WKo�8��W�-.�*�lK�{H�͢�.v7>�BST�VU�����;C�A+^')�0`�"9�of���- ����)�jG1~���}�lV��?B�deݪ��Y���uz��N�%��,J��f=���`]�j�»�,�k�Ͳ�]o�j��V-2�ѯ��`�z�%�
+v�5�~HOv��dG�8K��[�؏����
+�[��`�;�b��y#t%���6ѻ��Y�4Z��'cDm%+��5�#����d
+v/���%������b�����7�;�N�ՂY�3����rIhk�i����
+��S�h�:��h�^,1^h5߳�A\�sP��F�{e����|.H��R<5��ҖG!
+4L�JXg�;`��m�+<��������,L�L�h�(s1�NU
+�r'K�� ��Y�c�D1F���S2pl��w��2Y[��<���P`@\
+��3ş'�����D��[� O_�?f�)��I�����a0�PP{������p�ꫩ��GU�
+s,p�ҹ�S���Rn�>v�q�HN�yhX�8"V�����̅�Z���ԣ+ŞK��E��4ǔ�j��)0�1�˙HD%v�b*��5���B?�X:��X�m�+";�ș|�9��`0�;bx
+֖�����PU$.룜&��
+���E�'v]<��G�.�F����r�Ė�	�ža�!�t�����srO(�uM�B^�Z"w1,a������*~�1{��F�4SV0�j�
+oT�4��ցJ)��~�BiPr-�x`�4��3U�N�8U(gS� E8k�a��ԚNiѢ!\�(U�����~��MGHHu>�Fw)�.�J��������[�ے�n.qM���F{M�=���P4#DC���;)���GT�*�S�"t��:_}�O�c<Mu=Sw��FpYHN�B<��K�� xN�̄���9��Ϫ3�C'�z��Au� ��,�^�X^���Aø&��A�ŷ�^�#I����~(�M�>@��l�Ys���-���7~S���q�z��?�>�?�3h�#���v�
+endobj
+750 0 obj<</Type/Page/Parent 689 0 R/Contents 751 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+751 0 obj<</Filter/FlateDecode/Length 800       >>stream
+x��Oo�@��|�QND
+bȱ�"EU�Vq�rY���ޥ�� �}߬
+5$�JU	��̛߼Y��4�_J�	M3��`��)�L��s|���)Z��q�d�>�˛	�)�+��s�B��r9,�S2X��Z����y0��$C������z!�Pry3;$<o�4^��JdWJE�D��r��l<ǔ�N�\ה��MӶ�U2O�����A[C[ʘ�a
+�
+z�R�JW�DN/����f����Fnz�A�'ok�������b�����odI�ә���jw�t�΂�2�n�F�Z{}�s�j�K�;��4�p�Z	�
+'�ۉ\pQCwy��aq�}8{�dd�t�DX���i۲�m<69D����[lm���v-i����X�z!lG`�}�W���*�g�=��'w�9A��h�n��y*uDw4�O�HU���蓷L��9:�����
+���B��)�+�N�U9��B���˛E�4�kf1��u�w_��}�@ߝ}�{�>[��
+�ŷ4�7��������|�̳^�7ɸ̗|�c��*>�endstream
+endobj
+752 0 obj<</Type/Page/Parent 689 0 R/Contents 753 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 232 0 R>>endobj
+753 0 obj<</Filter/FlateDecode/Length 1827      >>stream
+x�W�v�H��+j�"9'�-��.<2����a1aі�V3�Z�%'���V?G�pHr�Z�ǭ[�J�Nb�_L��3J˓Q4ß����hN�x%TR2ZDcU��$�̢M�h���e�+>��K�	�-���_Φ�}{��᷑�u/�3\Ns���p/��·�����ǐ�'����/4F.%M�l���g�~�p�S�6�i4u�ͧ
+���tE k�+�L1@��mWY�D��{�{�����e-o)�轢i�e�<g�h�A�ʵ�
+���"c�-P(m�
+�򰏓�q������S���
+�x	�7��v�HSi��,�U$Cm_����B���L[���G9&�ޣ�B�0������$�Z�]��h�Fw;�C����hi[n�L�bU2KS�u?��W�9������D��A
+��S�UHN�Ǯ
+�vmZx
+
+�E�t�زL</��<�6)�(�q�����c�!y���bD7�=�Ai�wA�QF�`�0S�7�`<Sǧ�dB������V`Fi�mc��p�%���u.�I��]�
+��A�@DS?�C|�Ae�"�*
+}�]����Ӫ�@�%"
+G���f�c��oY�6�,:~:;��gp�S ��c�<�z�������Ud�
+7�x���[�$��i��}��68�@rd�B`����[u	������[E�ه�E�y�wep5N��3֏��)7��_�Sv.԰�J�i	��Ӧ��ںM6�ne���2
+�t�lE�'��G��a�q��������U�-��M���-�g9�&��
+endobj
+754 0 obj<</Type/Page/Parent 689 0 R/Contents 755 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 241 0 R>>endobj
+755 0 obj<</Filter/FlateDecode/Length 1867      >>stream
+x�Xao�6��_q�bْmE^P`i�l֬[<�C3�D[J$Q%�������l�M��M,�<����s>��4�?�.��'coLa4��4�.��GKZa"�h�K�1�h�]�K�(�f��1���_�|�Ͻ9M&3�(h�9ݝ�E��9���$�	�0��vĖ�1f�c�rk�lo\P�O��7�V�����?äY�������g{c��{���~��Y�;�w�>V;W�L��ύ�lo�Ykۛ�1q@������p�7.h�O���m�YD4��r���q��i�YK��&L?����zN��+0+D�"Z$�cZă�<ߣ7Z�:+����YY�����dt=E&��0����$���Vd��R��:��T�	o�Vd���DgOx[e�4�U
+��1���r���-�
+2����Lv^x�Ƙ��J��/p��S�43�`�`��YIw�X�S��Z�R�X������ז���eM�6a��1R?e�<:�1�}��Y����ۅ�.��
+��,�-8+���m�hݟu�!.���T5yB�J��v�Ԉ�K�asx�0�$v�:WK�S%4�AĆD�E1�U�5+��j��|E氿
+Y,K�Ir��j���b�����E���ajd�K'�.u�I�Eu`����O`Y��Y�����ºr����zE?�n�K!W�
+����9%05F�r�|d�:�ڝ��v��֤a�}6���%#��P-!U"̗6�DN˘�X����	���Y[�y�2y�K�s���3S�zDoR?:���d���!IEfL�J{C��A����Mĸ��X�p���+c��8�P��AϺ��4cQ�ʡ�C�q[Vw,�B)�_Ƴ���C�=HAǛs>�wݫ���F�:���֠Z��7;40��rh�)���]��<!�I�,w@Z�R�9�+>���y_L�*�tѷro+8eSj	�ѝtz։��`vF2U�5:#�G��Ȭ�c�`���:t�3�
+�F��M�e!�
+U*�3�>��t���-�&�-8i[綟3�2�Bŵ��>l��*�Z�ث��d��b0CH��
+��G�)::��W�y����ė	�"�>D��8U�}��v�N`n�T�}�y��VCǗ��ǡ��[
+endobj
+756 0 obj<</Type/Page/Parent 689 0 R/Contents 757 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 244 0 R>>endobj
+757 0 obj<</Filter/FlateDecode/Length 1971      >>stream
+x�Xko�X��_Q�VjZ
+����"�Y��0@�h��ƾ���}_;4���s��
+���g;�$ؾ�8u�T9�^u���
+���)L���pH�o���z�-�������L�϶q���z�o{=yv����������:�7tם�o��r��97U�:��w;DH���ץ���>w�bZ\�?㮘<��#7t�!a�x��I�E��;l�]�:b���;ܭl�^���w˫��6�h�����u������
+��J՞�L���S�"HVm�ͯɤ�̚�=�4ҹ6����9�#ʳB��
+�0�y����L�9�Q��s�M��ͽ�	�+��`|]�"��Z|FpV�Jl��v�Ze-��@���ֱ��-V��`�dWW*UA��K����b���U�{�
+P8asd�A���FVI=?d*@�����V��:(b�z�5Y��b��P��4T�,�r�C�8�L�Z ���g��)r�քZ>O䚬Nv�sl6��/���C�
+��MŬ��ɾ��o��3��LM�^�����X��<zݩ�S���>_�2Uz�]��[c���/*��Y��
+I|�Al0��y�����	�X�T�/��������	3�_�y^bH�G�Bq���n�|�)�>��ь��d>���H�<�2�Pƪ'O."
+���Π]fv*�Y������V�[Ԃ	��9��
+�4�P�x�����AE-a�$Bժv�B�ր�b
+��:�9�TE<_�\vgL����k�K������>��x�II�#5��׼��}�CѤS�M�
+qO��<*�@cY�Y���v
+bk�;�֕�Dz}(���s[�ۋ�+��g�8 zt��nyp���ae�|:���06�i�&I�p9iAH.�
+endobj
+758 0 obj<</Type/Page/Parent 689 0 R/Contents 759 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 249 0 R>>endobj
+759 0 obj<</Filter/FlateDecode/Length 1596      >>stream
+x�WkO�H��_q�vU*c;!I��R�fU K҇���Ğ�㝱	��=w�IBR+uA�83s�{���V@>~���Q��|��'����0x��^�2
+{�4O)MZ��u�/�Y�!�vN�u��k�?-i�
+z�׃K�
+�4]��
+qHaD�I�[i�8ֱ�����$P���f�U��e���1NyP>��#��|.�=�@����LP�;Zj�m*���ѕ��"+�(
+�/�w8���Zʜ����֞G��)�H$*���
+Y�QY�d��+RI��$��`�L"�PkO���b����&�=�"Β����
+3�ϬT������C�*C#Z��[�
+�
+&"[(��ɣ���
+�h�]��L�Jb���RT)t)2�ܫ�X!�n`#n�~܎X�&����f��)-�<�ZX&�~�ʭ�q��ޱ%ף��
+e�ia�
+endobj
+760 0 obj<</Type/Page/Parent 689 0 R/Contents 761 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 264 0 R>>endobj
+761 0 obj<</Filter/FlateDecode/Length 1966      >>stream
+x�W[o�8~ϯ8�S
+Ċ�,�L��b��L=�<䅖(�S���������
+PLo)E�\�����i��9-'4]P�\��1�����?�E6��ߨ��$�u��>_��
+�V٪��[6���l��쯱�Z���_74�gXi����I�U��i��B_C3�]v+��_cw>��]�q>C�٤[��<_fS��f0�PWa��f��P���_c��{��t6��aL������r
+K&�qP9�2�q�*��d��^��qqޚ3�����5G�A��W�Z>f��m.n>�C�T`�b����$c�WP��3�-K�w�I���*��utT��^��Ksr�iC��_�l��@�Σ��d	�W��hkM�E�d������CIn/�t|PiY�����Aڕk�Yat�R��dK.�mY�]Re�RZ�^;C�Q9�.(͗�4ʧ����r�Y����e���OX�2�@ܥ��[	�͉���H�q��1�
+>�KZn�NZ�$��$oȵE!�����,Z/Ih�� u���Ǉ���ͣ�o���I���p�
+�������GU�
+䌎��C�u�j���s��z��#�M��e��n$�(�=��(
+�j?��f/�5�fBns�e�0��-縖��p-��J0+
+	�B �Vv�٢~��68����aaY`@H��8�Q��mܭ�)�[2�\��wa
+Q��n\pN��dn0G)��9,�B_Q�V�B�op��&��a��͓i�T��h��4�q�8�H����m��rL�U�	���J��
+IP���,��Pآy�>F�A��E�C;�%����x&t�alC���4v�&���qu�����{��9�8���l�Q���?>��I::�@N��B��;3�
+�"t�F ��7f��Ƹ@������}eg!�İ��A�a
+�+� w(s"4}�<���'�3�=���:�R������Ĺ�� JGS��Jiϼ(*��<���%Y!��r�?�F^{�����0��	���"yF_����ۿ_ɐ��g���u�`�	�2�؊X;[�3hP@�e�_W�!��DR�1���X<Ǟs�wx���^�1����z�J<��� ����������wx����_Oi�\�K����w��	"y~�K�x�WS-�k>���۳�,[.Vx�C�4g��7�]��w�endstream
+endobj
+762 0 obj<</Type/Page/Parent 689 0 R/Contents 763 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+763 0 obj<</Filter/FlateDecode/Length 1628      >>stream
+x�W�r�F��+�|�*&̗H�7�![?�.��X�kXxͤ����HA��b�,
+�bg���g��lH�i6����l�h:�L�4���������q1����)�}tc>�A�
+.k<Ifa�p8H.��/�ɴ�������CZ�9��|F��-�2�-��W�*7To%�Z�J�Jk���ZJ�u\pSTF��%�!
+eF����H��/��=�NC��,�38ˬw;���ߍ鸛��8�C&�$U�Z�9��\ɲ��V�[ک<'���*I�Y\�I��3�е�ϢX	^������L�,}X��?NV���)b�G���q������I2�L�)���c�^y���h �s�[���h�����@N��J�5�`
+m�+���[��t��m��5R�5E��GM"����*Ӽ�d����#�)[�j'��BCӪğ�#��<����V��)
+��	g��|J ��H,�X	z����{0G�i�W���2&����
+�nE�laz-�m��(��ZE=0�m��
+���^ݪW��nLz��L}�<(�S)ki]�;����y4�v_�����r�JIir��QUr���"����߈�/�����y-p.��ǒhCW�:v�cpNarۃ�W��
+S�5�%N��q�7��G���U���`�`��+Z�Û�����0�?q������x=P�yJ���a�Ӏ�l���x�'!�/B�(W�V�:6)@�	!�6��V�K4d`�厓��
+4&t��ںAA�3��:��e��!�C0�lx�'�gS+(7S"�f�POGǈe�� #�N���<�k}�N։;�ۜ���
+x�Ƽ&�y0�!���4�͒�������W��7�=�
+c��9z?>ҟ
+�Y��d2û�/���x�۽^��q�/��!endstream
+endobj
+764 0 obj<</Type/Page/Parent 689 0 R/Contents 765 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 267 0 R>>endobj
+765 0 obj<</Filter/FlateDecode/Length 1738      >>stream
+x�W�n�F}�WL�h��Eꞗ��m
+�V�Ŋ\Y�I.�]Y����^$�V�(�8�v9�s����EBC�Ih��hJy}1��4���9��3���_'i��z���ǋ�h/��T�x6�'���{kh4\�Skh�WgC�.F��%S����3'�{��5u� I��y��q������35L��� �ǯn��PԄ�kw:�Ѳ���2�>����,��k#�,{��:٘��1����G��,�����SM�k��o�=>���x�Ѯ�*��I���F�Z6��i�cI�ډ����g�?*��IvԈZƴܔ��W=��g^���m�ٗ��`H�d���*)���O|º.UCjmOZ��_8ka	��I�vwE��^	*5��F<I~�S>q��b��و��s��k��+ڨ墡��r�gr�r�	o�.�U'E����
+�j����{%�B!9%]�m�<�<LUe]a8e<,l�p��}�m8��hE�(�t��ն��Rfs&��(`������z1�Y�$pb��FP��h]v�ĎKJ@ ��`�8.�R�0�/�C�BF�N�$�B��Y�q?�&%>��5.�^ʵh����!�7�y�e�N�VR�Z�'Yd�����:�Su�,3N�+�Cx=��HA
+,��<tL+�F���	��.i��媒�s�x�z}�a���C~^[��r
+A�XK�ܝ�f�:Ao�Vu���p����%�J���
+�2�%ڊ��ҴSݣ����$�׉�,�'Z6K�3r����~";��F<�*�����!�Ӡ�� j[���Ub����{�p͹R�+�
+pvp����5�a踐�)E`y��}݀��^$�5���ʅAVt��
+CmY��4���[�]kQV�(CVw�N�H{�;
+��Dr���@n�J���K�/���Dێpf�V�\JcD5��Ǜ=��Q�r�J��qs*+��Nt`V�j��\�Ui�x�˦�z��5w ��C�����c���؄'-z���N�ط�W$�&��%$�*Լ��Q8Y�C�����쒙S��e�"�N�l���A�,d��V1���ū�yf�GPB��|h0hX��f�kvP?�,�0��C�ec��â�x�:���Y�J���t
+�3���l�t�m,�߱#��yU�ڌ"F��k�wc���aF��c�K��Ӿ������X��9o2n��f��
+ͭg�u1r�?`{~�.�*<Jh0���ݶn��6�8CA�i��u:�V6����ٸ!��t��@��\5���<q�f:��y$�eX�l�x�`��R��jbz���`�'��,',����z�!�*w:R�ԅaɊ����]��$������_�d����B�#ȟ4֯A�OS,aPP6�aILw����1���$�h�1
+;ܪ��_��`G+���QX�%�K�*�O��h�EY�
+�EE��ݿZ�5�YB���h�k7q������=��Ge�N����Y���ל���t�e�AL�����8���ZVI(��tlu��*L"�fi��b��k���-h��	�^l+|U��}��1��6V����}�$P��|D����͗����7��g����J;�h�7���3����?����Ƕ�h�&�//�������endstream
+endobj
+766 0 obj<</Type/Page/Parent 689 0 R/Contents 767 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 270 0 R>>endobj
+767 0 obj<</Filter/FlateDecode/Length 1768      >>stream
+x�Wao�6��_q��bY���)�m�t�5[�u�2��D�l$Q�8��{GR����֢i+���w��?�)��1M�QZ��Q�'����'t4�E3*)�F��?]�W��$:����%��H��b6J��Y0$M�8��O������і��drM�či:^���{}�3:=�$���9���*s���tp���
+M#�hTeU����K:���$Uѥ(����~���x��d%@L��^~@�qX�Ly��Ȑ�J�R]���KI׿��Iu�ʤ����Z�tIKa(�՝�R�Q)����Im�+�Uc,�F��D�H�=D�>��x�9��W�N6���C��*+A"�+&���mi�Kq+��L�lde)otIDRj$�6"SV�
+�v�{��ceiN�v(Ueщ�r�hq����×S�#<���q)�Ͽ�ӹ� ����Ұ4��۪�����{� ]���ٕ�oXJ��s�a��B/��V>Ҷ6��HTٓ�SQ�KzbED�
+"�F9eZ��G��!�.1
+K�/�������ǜm�R9�U�3o��m��\R�R�((V��KLVJ��H�x���j��u]�ԝ�Dt��aP/\"�p��#��Ȥ����S�5�2�T؝|���Y8��N���ht�E���r�|u����8jFb!T�j�Ivٯ�\�\<-2j
+���q2{uqFV�n�l
+�ǻy/"�'�P��%tʯ�c�S��ǡx�����̭��
+�P]��	�3L����xjQ�mg��&]&��� ��hP�ֈ��o����Cڅ�m�9nG�ȗ?�`w�4��`�XU�=3�i�����~T�#4������$�*-�X�3�ඞ�skn ޓ�S�΂C�5�\����:4OtO͢@�)��PJ���.o���u��T&�}��W��p�n�]���� �
++�E�R�8)1u����Y�T�:��\:��C���T�x��B�n�Q�~�����SZ�*\nr�ʛ=d�(�;�hPL�O���Sio��pw�s4�S�
+X�sJH�ޱ��FZʢ��w8T����*4A��p	�s�쾆��}�3#w�`�qos�l�Q��@�8d<ąH�|������#�6(nHݵY�zm��X1/�$�ݔ���Dt��F�
+endobj
+768 0 obj<</Type/Page/Parent 689 0 R/Contents 769 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+769 0 obj<</Filter/FlateDecode/Length 2145      >>stream
+x�X]s�|ׯ����?DI&e�I'����}LD��AU)p$�
+^?;�e1��/�r�eq/ʋ�Z�G����p_��	�ﻅ�F��U{���ވ��,����h:_a߁�/庴+}�KZ)�U�ƭF��/�}��U�.%X)L������R����|έc���F��.�9�Z�u��Q������08
+~�:h'���T��o�|�K�j)l�5����/K��U���.�(�M�ұ,��ַXs�"����� a�e��v���:ܪ�l+H���"��,"�*H���2��ÔyT֧����@I��޼�t��|��?�{�N��`}R��q/����e�;�����.�I�TU���ٍ�6@?B�����yӤB�g�
+����#cY��c�@��J/k|L�rRE�8���F����R�n��jox�	99��OFks8�ʪ
+E읍s�mF$��ʇ�0�1����1E�I����m�Q����P������vv_��0���V��kp���Qm{�f��Q������S�W�r�?r�*
+�@�e�����w�yζ�m.v����^n!���T�<��SBU]�Q��떮�֊_�y����<�6�h�l��v�<V<���[~��R{�]ȼ���8m	Ơ�v_��0��TYV�K�/��]tnZ�Nt�d9����ژ��!
+�^�3Ds;@!�N�k�z�(�(b�'���F���Mnϟ;�4����m�me
+h�R%m]�7����9�-�XF���T:�<���^�?�G������s[GU�1V���6hҜΡ1���~�Y�l��L:�7��!} I�џ�M/[��4�c�`w��<�)m��K��
+��/^{�$�`��̺����b�'�@g�kPH�Nnt���i��W��T�t/�<g;��ȋ�$AĔI�ט��?�QG������xƱ1q�S?=
+�ꭩJ����a�;���S
+���ί��w2����v>~;�4-K�v:��G��~���]����^W�tk�j�:�
+">��h
+Ѧ�et`���h����q
+,�ҝ��L�R�x�
+�����0��C��Xk̮1r
+"����pG�7N���#�3V����J����f1��q�d��aW��#��F�n��@��3���FרZ��(z
+endobj
+770 0 obj<</Type/Page/Parent 689 0 R/Contents 771 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+771 0 obj<</Filter/FlateDecode/Length 1331      >>stream
+x�V]O�8}�W\�}M?i�H<J5H0d����v��i
+i��:��s�$m�na�Pb�~�{��~֤~��kQ�K����7��l�-��{���Gq�����������m����i�{�F[W~�\�_���
+<���Q��u���J��vzVu�٤i���M#w�A�Лi�.��4��S ���Jd�"%޸�$��E�#��"Fw�`R��%i�ך�$�c��[�	_��Іm���P�����A�fxL#�%	�ל�J*��A�4]�G
+L�#�I#fn�:��*7���&�(����5�/�Ѭ�`��R�
+����{�l��F���R�{.״��z�P��ƃ'�^rml��O�?WlC:�2A���7��S����E���*Ԗ�#�������XbV2_�l�w1�т���)_.��ka����5X]S�S���n��y=��Ӥ@��e�K�`/E M"���a�Z�
+<0�0}U6�Ga�i���X�:ǣ�L�{z%����%s�+�!���B� H�
+�m�z���%�`oA$'�G� q�;��rd������w%,+$�u�����)��2I��:�����P��"�][$�b�E5HL���D.X�O�ʾ���bYP�FuC[�c���]#�8LOYt�B�Q��-���V�ﺠ*N�	Y�&����R��N�dP���1Uw��k�^�S�Jn4wp):�-��?�d������5H·�l��Ϫ`�"�� ��j���������Ѝ�O��&,���x��;�?H�
+��q��E焣���o����}���3\BvD�����)I��lP[r���TN9[R��`t)#�G��lyp��r����s�[���W�
+�%k�]\��m�B��-��ț�n6����2��`��BP���z
+����&:�����.o�����������}�endstream
+endobj
+772 0 obj<</Type/Page/Parent 689 0 R/Contents 773 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 283 0 R>>endobj
+773 0 obj<</Filter/FlateDecode/Length 2336      >>stream
+x�Xko�:��_1�.��䷝t?��M��>�u�{���-�6�T))���+n�(�8�HgΜy��ɐ��|D�%�� ���Ǘ���,�l8�'��t��������[�F^�<�4��������@�'�x�<���sN��(vVE��p�C��I<���';��::�rp�-l�l���vq�|O;���x����L�A��|\SX��p<��4�'���sX�h]G�c��G����p��9�~�
+{��1GvN��l}ss�N��_^�pB7k�}v�Rq��n��y<�i�j��ܚ~�],)��A����X�-_�|=�_Nh8"��"�>[�����������)Q��Ʀdݎre����R�
+� ���;ۙj����兲����ʻ�=	|������V�*�Se�nj��e�ʺ(����P�
+�ܪ2�����4������84��,
+LE�Zz)|���ǹ�0fm�����Zn|�|������I:��Sy����h3xʡ�>K�z�='�6.�A}ԛ�������3�dU�>ԫ����$$O�v��i� ~��f%jS��iG�\/�B1C	3���w,=�7�UEy*t��9^��!��(i�����q=5�B�A�F<�7�߹gC���(
+�gN���ƾ#u�PT�ɵ��q�&
+��f�Z+ĮF���a��A���a�Sh�a6�	^�58����4�[��؈�z���X�;�[x��v7��G�
+�+�9��ij�ܛ텃<2 �K����G$�8��
+��<���40
+_7�H��U�8�E����[�O�]�Wp�xȧ�9�����Uk�Þ1�+|�E���ݢ�GV1v�*���z9��R";���|��؊B�AE9����a�CI���2����B0����7�_=����j_pZEm�(5F���_O͎Z��b$O6mԡ,�|
+3m�@�x撘�F-��Df��A�a��*��������,��!���9�l�Iv6e@�@|ofԷ.�yd���
+D�h>
+endobj
+774 0 obj<</Type/Page/Parent 689 0 R/Contents 775 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+775 0 obj<</Filter/FlateDecode/Length 2023      >>stream
+x�Yks�F��_qC�2Sez �S��_�޲1k ��a�%��V,��d��~O�$X�;I%b�1t��>}�݇/:u�S� �&/:�h�C���:d���#��1�>Y��ׄ���t�T�_ о�H�i��f����W��x�Q���<|���ʍSJ9	�h�覇�x?�5�
+F�#���ڗF���z��%��t7b)K����K�g��9��,]f�q.֡��k�iP��j�O�f�y��Z�I^���hN�gjMINR/xʼ����1zR[�Z:,%�	?#W�O|Z�$Iؗ,H�/���Ǆ��{n��EJρK����@!��u�ű4�ǣȍ�c/��n�u��I���O�����`^��Cjyt=�ABM�7��F�����Œ�-w�N�e��|��l���^�x���[m4:��3�G7a���0�h�oO/F�v~}]����#<�Vc�	��z���T��a���\8�c����8R��fui�"-�L]3�]�#W<�����"~O�}jMw�T]�Q��Uޓ�5��������y��ɧ�����b�n�'��q��3�Y�|���%C34ӕ˰�
+]�Y|�1�pr?�&�����/�&�������������vH��$#<aҊ��Ky�B�Y�5*���Y!�#�]�VV�4k�=�oi6=��b�.v�>0�pr1�.�}��
+��F���4��nZ&�o��;a��U#��5��ʞ+��H��w��iZBN̚�c8�4�<�7�B|������-�WC��o���ք�;E��v8k7�7�Q)��GޑT�����~]�n���U��X����7e�/.Gw�;Cv�b���7e��n��W�yyW�VF�)9��+r�Ͽ�Sַ����U֥�߭�P�����!ժ�k��%DN8�mՐ�n���Y�׉ZԱ"�6è�a�����麣8</�M�o����m�R�²{}���PlJza�MM��M7�n=
+��8���x��*T���8��a�ńn�-�;l��U!T�a��a�V�n��=���ú4Vl��c����V��n�({n��7{k�����*��
+G���@��A��ᄾ:v���{\=o�ɮSΫ�����x8��>�|Tou���|:��
+��4qc�`���b{��2�{%"y�n�G$8��
+���~M�l\2��GT
+Ҭ�NX{{ݦ�o��Ǵ���
+x����7MrÄ������v*i�O����s�yT�8�O�4B�Y$<C�L�s�3Q>WT:7
+x<�Pln��*X�<E���`t�.� m���|�;_a�g!�?|���
+�#W�MG�vN|E�_2��`����F��#J��Ǵ���L�Sh��s���xP�*��5g<�1�>Ϛ>�z~Ή*HE�Y^�p���lKZPZ�'y���=f+�$G��\���Uus�le�C_Fw�Շ� ��,
+���vs��'�̓�/R�}iobG��g������o����6��
+��<FkLX("��H�����$�l�k��J�>�i�ܙ*%�ei���;{�9�aJR7\�HZ(�Y
+�,
+��
+���"p�(+���|U'�sc��	���}פE2�%ՖJ��˷�%�$�#�~�P{I�L�|�S%�mBLKp����Ip(v�].�%c�:r��Sy�d��8Eԡj�&9}�	�"�6;�Q�`LV���n���c�k����ŉ�'�]��9����*n�i�:���fO�i4F��.����EP�`2�M�gi=_mHӑ�.&�9�/)�|pendstream
+endobj
+776 0 obj<</Type/Page/Parent 689 0 R/Contents 777 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+777 0 obj<</Filter/FlateDecode/Length 191       >>stream
+x5��J1�{��?�C�$�d�ck<э i�Ѝ&Y��	(��0��0�BCqi��`�BIKV��x6�%a� �#�F��XGWp\)���)�����c��ؖ�V�n�Ԗ��ư�M���	��[�
+��{Z�g�����{RǞ'IS�JLy�㇟p-�O*x�ݍ4J���d3��)�7��=�endstream
+endobj
+778 0 obj<</Type/Page/Parent 689 0 R/Contents 779 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 290 0 R>>endobj
+779 0 obj<</Filter/FlateDecode/Length 1417      >>stream
+x�V]o�6|��X�(�
+$��"��g�/u(��t�D�����w����$@6�H$wgggw�o/�>M�4�PR��
+k��6�y�fѻ�zE�-V�7��h�:Tx��3��R�,$#�Z�vG�(U��+�w.�X�0|9[|w���7�E���Y���ʫ�Z���aA���6�����S5�S>~mL]Jک�2�,I�O�
+�
+m�U��N�@�jJ�	�m��*Q�9�|1xQVrK�
+�d2�N�n��)�������M�zHC�V�u�5�^x���d�[��#jo���j\��q�����ǐ�_E`�G�	�fP��䖇.r܌��-Ѓa���H���՞�O~��@�wțC�{]�X�����¸�zʛ�8_��F��Ͱ?���Q���v�����C��tN'3���E��.�rendstream
+endobj
+780 0 obj<</Type/Page/Parent 689 0 R/Contents 781 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 299 0 R>>endobj
+781 0 obj<</Filter/FlateDecode/Length 1715      >>stream
+x�W]o�6}ϯ��K�!Qm��ǀb��:X�nqQ�h���J�JRq��w.I9��{�:�Iޏs�=��v2�>�
+h��pLYy�O��f��ǯ'�Q��x:N�T�`��=t���Ջa2�{��E�Lh�'S>;�&���W��KJǣ���g/�����,��O���3�.v{yu��)�
+�x��p8��h:�g��F��/�R�,��!�
+|() ������F�õ�#�&�d�|�j~��݈�/Q��tB��#ߧyֻ�O����V��Z����O��m���2���mXjM��P�$U�c�
+���de�Ɨ����p�b��<#�y��3L7n��i�OX8P����U������\��7�p��U��U����*�HV�Z<�<ka`�I��XV��֎ja-b��ad=d�8��58��m��F����Ԇ��1�Xi��&� �ʩL8�p�V9ϻ9}���&�NU�(�g$�z�[�\-��Iti@��Q���;2�UD�����z����f��6T��*�ْ�rZ��+˛��]ݽ(�6�(H8'K�	x��9�b
+:�^N�qN3�JT�����趩�5�&��F�l�8��i4K��%�G���u���̹��-���; �)�˧(w��
+��b�Y��ph�猀�AxAѭc]�M]ksԍ�]��pﱸ��v�8��k�,��lK-�-WEo93{�&h�����3F�"�kS����i-�8��� �dmC����)UJ�xL͈M,�3;,}p:(1��L��F����a�EC��S&k?��䞆���>�
+hZ��攖F�<��л������vH�-\b�ÌuFgN�b�� �u �.���=���k�/�*3�ꥣ��aƮ��Bb���R�A}��EQ&�y�
+�!�@��D�t*tw�4z�� n���������3¿;
+�Fa�MP�r�CJ�y\0Lz���<w,}������Ԝ��
+endobj
+782 0 obj<</Type/Page/Parent 689 0 R/Contents 783 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>/XObject<<>>>>/Annots 306 0 R>>endobj
+783 0 obj<</Filter/FlateDecode/Length 1262      >>stream
+x}VMo�6��W��ٖ�)�C���l��"=�BK�ōD�"e'��}Cʶ�v�|�9o�{3ÿFs��kN�+J��,��ӯ����WќV�Wъ*�ǳh٭Jz��x�\G�����*��bG�]��V�Qh�sc����ľE��=�-+�̣�޳�h�K`>��ͯ�e�Y#v��FR>�IFӻ%ާ$�͚�̓0�$L[f�O��ь.��O��S)��؟ˆ�!WHzQz�tF���anR�+�фoA��:Y��:�ORQ��$�U;M����Ve����?�t��(�Ȉ����Ǆnq���Z�t;��6��P�R�I�_���M����ԕԎ���i!-�1瓨?��n[GU���T���8�FN�Xc���Ĉl/�;ɻ2��d de�6ʽ3NWt@M��Ǩ��q
+>azw���l�_:N�Ǫ�Ҽw�gBV��
+2�K�^��<5P9
+eWKX��u/{�;��e��J���L6D�֝�d
+Wًw$��
+HT�kr7~�+�
+�0�@���f�^�
+����O~�C�]�a�Js7E@h���:��+.|/���!����<�닙�7��~�Ț�'�
+�vұ���դ2no������m�"��{���6�W*t����v��Oߢ���Ä�K#�F�v<���ws��V�"u4w����-;��ֵ���bW<`8�n��B;o��*6u]*L���}�#�Մ�A��=���[7ƎS��+o�A�ؿ�����l8����m����V������;Tt
+
+[zOg�M��l�Qetw$^�-��=��D��p]s�z��yȢ����\T��؃LO#uz�:�PN���/��y���2��P0+9�����I[?�hl�j৺��W�Y��Er;�Ғ~S�}{1M�-�Z9yk|�����),���:��t��+\�6Z�7�
+�|�psMO���V��L
+endobj
+784 0 obj<</Type/Page/Parent 689 0 R/Contents 785 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 315 0 R>>endobj
+785 0 obj<</Filter/FlateDecode/Length 1682      >>stream
+x�W]s�H|����圪X�e����G� b�{H��ZZ[�V�J1��׳+ٲsTqPEޝ�����ވ��3�YH�)�yo��?���GAH��<�(��d̛��z�x��o�yx����x4���B��<�R4�����u/���	E��!��)^�'9v�D��%�_���m�9�(�����3�NH�p�jٻx��pH�5P���L�MܿNEYIC��^�-U��u�V�I?�|%PAH8[~�
+iF8߿7*fG7:��3��Y&
+���1�7
++)_$YN�JE��
+<�:�]�Xe���J�BW"��JX7���>׵ʤ%+͓����|�)EB�J�F��HrU(�@��ڭ6	�"6��R���-Siqc�Հ�T�=���}J��R��|v���L��ǳc��
+(Y��'Q�
+�H�>J*4�lPBF�(�Je�R�rM"����*�(K�`�b:�� -z��ǳ
+)-��lH�$nW��B�B��:�N�T<�r�ྰ��	.+�m���L1���;k�Ŝ�����<��fвLo��CM]N��n�����ay��M�Vy�G:��f�� Yv��x�hd��h�m���d���8��:�,nA��'�ƨ�=���6���,���!9*�l��,q��`�SuW'�xƨ�#>p�����`��z����ZOp/��.3s�bϽŷ�f�Z�FS&�$�-�ڠu?���(���e�rV:G
+͠�������b��g<�=��;N�"N���0v�K�i�Yc�획�M�cxT�`3u���ȁ@&����O���J�[}��g7<Z;=?u�s�U�K�9��
+��W���̍�Wl)c���maX8dބ�U;w�NT�U�l���z����,�N�3[�e`W܉�6,�	���1�����f��7���|;�����}'���w�h��ܷ;sj/�������endstream
+endobj
+786 0 obj<</Type/Page/Parent 689 0 R/Contents 787 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 362 0 R>>endobj
+787 0 obj<</Filter/FlateDecode/Length 1468      >>stream
+x�WIo�V��W̥�cD7�T��p'>�vc]�8�|��p�d����f)R���6,s8�>�~損_�B�����̶l
+����xv��(Z1���Oμ�g�(pC+��|{n�����v�Y�;��
+}+a�Ǉ�6�`��"��4k���3Xb����d�j��b��:���;�˂B$3�8�� �\2������gC2��PD��`�
+c|��P�P�g�V��8D5C{��k�B8o&^��KO�=Ν�"4rAb�9�+���"��j]�8�`}�`�E��I�\�
+��g�72pg�ˠ#���#	�����!�2��g�x�F#�.�`ԛ�q��Wsr|Z��BAA�"��i���-Ϣ�U����&+פ7���bӻ��������\5/_ϦW>�k�M����XeM��ժ&�$��5�iW5��Ɉ�{����tE�2U`��T4�qJ��*Qm7O,�-�V�,��]��l�M����JS��*j�B5Q?ꜭf7FB7
+�C�F=Q�����O��m�U�DI���3����<R\�ke�UՀ�|Te��D�<�?*Z*UR��� x��ŉ����!Um�d�Ϊ��T�j>~d���$�#.�\�I&�$⼷Ӽ��sN+�E����[�:��{<�&.F�C��u^-��Kg��S
+�	?��M�f	��A��O���)]L���Tz�U�#��sz��h=���p{`g�S���n�m�<��姛���Q/�{[w�ަ��)�K<������*A���в�vp���/r����؍�g���u�V��1�z���fD���/��]G��U	�V?��A�����Cx�a_����Ş�W�|���6y�Tk�[�m�T�(+n,t��m֨B�ڔ۩�N��ޫ����v[�U����պ*���.��3�3�;
+��a ��j�����v���7�?��<<�L���{����X4��Ҧ*��Z��J(KC�Un�Yب�L.yxmK�B���δ����Q�~$����}aش�O=ik�d+LkU�3��3̤?����.0�
+� �hT�E�!yq�����B�˓���gL����2cS�s��wD�YI��L�-)�v��A>�s�`
+v�Z0.��m���Ӗ�4ϖ��f�ĂL�*���Ӊ�C_+,�V��t��:N�L��
+�%�/��y���U��J�p�O�eёS,�i�;�#Y'���\	(���G�l��jh����Ȅoe�f���6[��/*�J��VTWY���ٰ�N���,�x��7�\C��n�KǤ_��2qї����J�a F�t��-R�v�qe�\�Y�#�oz������O�-�oo��.r��WI��'��ϟ7��u.�h����-;����7�t�T_1ip�%[���8���ȣIh����}���0��f�eE�_��y�m���endstream
+endobj
+788 0 obj<</Type/Page/Parent 689 0 R/Contents 789 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 367 0 R>>endobj
+789 0 obj<</Filter/FlateDecode/Length 1832      >>stream
+x�X�r�F}�Wt)�U%��}���nRq���ڇ������d���==�)'[�e�����
+�~1�1�Lh9�����8�J�㷿]̦�dJ��"YQI��*�O}��i~w�,p6]&����:K�ϓ�Ι{lu���&��g$m���t�����b�4�Ʉ�[�u�Z�:s��i��;IV�Wi�llM��*mj�t)rE�~�ʒP	�^�1��
+��d������ٝ0�_L���e�b����y�X[�w8��1�Џi#�F�!�R��n��#pB��d�e�
+�3W.SZ�R�Tk$���?�H�cS���cB
+)��[���U�\7�~��^����>s��PҦ�Q�Z!��h2��>�wx0���6��q爬�0������h�Hfo�4����
+�S@�[�(ʍ
+��s����ҋ�ME��*�f���T-z?��
+������/��y�rE�F��8��Mw�oΰg��RL%�`��V"���7t�
+_j��x_�k����C��&I��R%�(�����u髂4S�Us���<��ل�$[
+I"Mu��X�;�
+�
+��`���u��Ꝩ�zc=��=U�@�J{�Gs�#p������5b������G
+������R�|�۞gS��T �yh	�����%�g�V� �;^�^�[�=P=���X�pw�����#�\�#�dmAOpbI�ZE~�/,ۇ��C_��
+����	{����=H&L�� �-H�	�6�Y<<���0� x�b|�|n�1�a��C?	���HB��F�;d�<@�p�8������	D�=��;�@
+���o�6��(���%B��D��pv������?j�n+�2n7sZl�C�q�
+�P:Mq0�u::�Z`���F��o!&EA0(_�*��a(%��y"�{�����\����Gx�
+}�8�o�"���������^���x΋�W,[Q���UBڭ+m�Qַ�wνÌ64��Ζ���x���!�3���NHGڝM�)ySc���ct"
+=��o��N���D
+�"�b���׽�8v`����8��#yIśV���PWn�m��70,��V4&N'8.]���Y`c{t�'�,�.s,�L�[&	��?�ҁ!�����
+E��ƚ���
+��;����4���
+�HÙ_h��a��(��#�@�i��6Br;
+��g^m�7z:b6�4b�[Q��Z���>�����������
+/9g3��Mâ���R8������|p�}�#��2�D���>��`�����������Z]Ր�Wht;�q�'_e���Z`P���b�i�r��� O`e�ɱ�܌�2]U�+��7'����J'�O*��ܙ�_LFO�@���1�n�������џ#6��+0�7����(B�����r�,+���l���������hxnendstream
+endobj
+790 0 obj<</Type/Page/Parent 689 0 R/Contents 791 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 372 0 R>>endobj
+791 0 obj<</Filter/FlateDecode/Length 1791      >>stream
+x�Wio�F��_1u[T,J�A���I�M�XEQ�E�"WҦ�.�ò���fw)Q���mY�c�7o��\�4�OH����8H:|Tk<�)Jf��fI���4������1n�?�~�+4�"(�"�����a/x�D^pI�4����0
+���?��z�:�9+���4I��ՑL�u��an�����:'8h�3�%�:�YK��r@����]kwo��\�,�׽���o>�a<��Έ��;���l������ݘ�i��0�M'H|̣��M��� 3e�����f>��/�y�x�{woP�t���K��o-
+�v����(��#����h��h%���Q��S=��քE6x�4��:=��3�:)J���$�w��:�T٨GIl�LE�FR�+��+R���VԲ��+S�m#��X��M�KX�wr��A�X�&��|GE[7l��Q6���t���UO=5��3[�|<3�P:��_~rɖ��{��,���>�ߋb)h��i
+N��45�nlT`�$
+f��D�<2U%���L�5����k�������J�FfW���O
+Ս,	&�w�i����u��ĞC)5�A�X'�ne���f�	����c{�JQ�[Seg���Ɍ���^��ܣ����X���� yx�`���:���d#+�k,j�ދbeL���5�Pа�0��?��-�}�v����z$|V!���w��CX�mwtUHXK-+��I�V�)��_"�g1���}8C��ƀ^$`'��{���*��zH����w���30�x����q4gQo�nE����䟔�޿���d�����U�"�px��s��FC�oJgf��/��ׯ ��{Y=ʊ`�X��2��.�������nl0:�iWl�s�îg{�p���ȁ��84�t#�Z��l�hg��s��9���bp��U��+�`
+��uUы�V5Ο�9��m���Q�ѭd�2V}����RVu֞;�k�)����\TkЮ\WK+�v*
+�)D��8T��R���A
+A���6ż��{̂I@�?�!�nx��.���57��҂��^:�^��:��b��@��#[�3<J�;��ڊ�,���w�i�UQrH��<��.}�{����]0�i)�+�{����v9�����+�����z�Rx�rC�A򞧐+Ɠ+Rn��m�X�r���e_�LG�v��#��-K
+��(4,�m@�Wj݂�|�X��2�#7~����*���m�,���r��2<����6�[��H�_$����T��cڲ�F�z��~e����k!��A
+endobj
+792 0 obj<</Type/Page/Parent 689 0 R/Contents 793 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+793 0 obj<</Filter/FlateDecode/Length 1743      >>stream
+x�W]o�F|����-ɲ>���T(j�����^N�QbL�1wd���ޑ
+��E
+$�C�voggf��O����>�t1�(?�=N�ᐆ�1~௑��\/N�o����"᳣ɘ1�|�G�(��(������"�;��2:/��6��4Q��4�%ڐ�Qe�r�l�jeC>��Qw0�eq��H�6Պ��tB%=�|%H�y�R[Q�_$�(ҕ*�oiI��B��슲��OY��ZsN�\��p���m���$��6��T��rT=$�ҳ�6�2ZI�P
+C�UY�I�j�9�V�;�&�"z���;�_Q����vT�ٺ��T�zk�nq�j����;��~�P���픃u�7i�F
+\F��H�ԇ$p�I؟B��=��ix2�r���U&s�zLo���zY4ʁeulY�|R��TEY�-�����z0��6n�������.�rW@.�����������妾�(
+�b�tk��~��X�U-�X����1ٝ-����V�3����`ڡ�"R�{,���^1��k�n����^[�x�3�|��ZEl�1$;�j�d��&�Q��Bz��+ײ���ypD���|7/��B_�b�5
+X�2F��eD���B�7Mv>��謾�G����̴��'�j�&"?õЦJ��+I��
+��ou������b:�w���p�ٹ��@g1����8��ki�
+�Ar�}6���\b�i�a����c�}�m<%/[ܻ��q�5���0��+��fx���˚���VO�<:\�L�]i��2�aF���k5��Mk\�՘�C��=��Q<�
+s��L"�b�띋���H�߃�7Ҙ`s��:�l+�ƺC�n��С�;8o�<�@6�VY�Uc[w����Zµ���{���}DS����ho��t���z�i��G���w����6�	
+H�������{��!��C��r��3uȯ"/���<�����$�Ѿ)��#�$�k�md�5t
+6���ֈ��}���N�,ŲUn��\�6$����_��q�w�<�q�?�^���m��`��dgr;��^Q���
+�٣<�68�fkڣSF:�U�IשY�0rO
+endobj
+794 0 obj<</Type/Page/Parent 689 0 R/Contents 795 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 375 0 R>>endobj
+795 0 obj<</Filter/FlateDecode/Length 1972      >>stream
+x�X�n�H}�W3�ح�u�����;��N�V`,``�$[R�$[�&-���TuS���b}�Ivw]NU�*���!
+�=�و�SJ�������Q��\
+h<�M��M�%U�V�<���6��#l��g|�߿�z����L�i��K*h8�q����{�����j��д���4]BC�Ò��X�w��ڹ��|�fݳ�{�.j�]��4^�ig���=�ᐖ+�z:��2��L{�S�
+�՞jGߝ-���\�qyCkS˃�x�׆~Yb���Ɩ�t����i�*l��RWl��Td,�Tc�����]�jͽ��d^��	�p��!�m��_=nt��Ӯr����h�&|x�J���΂���&��ì���)�6�Ŗk��[k�=\W
+G�ݬh��H���Ha���QD�c��2�S>���Zd{T�z�21����xʠ�ܝk�l�ٔw��lM`ع��d��ϥo` ;����	��}���p�=�"v�#�����d���S�)����F���6{�b�����_�`W�I�|/:/:P��g��j�������۳1s~  E�H���]F+�@:I��t�h��1�Y��`um����Lfkd^���Y�G��w�5��m�?ϒ���u5��0����-�;S���@��CM )�����vkJ1�q<��*ӆ�������ӿ��{EK���	|�7�&pJ��M��#\�
+=�V�JL�O�b�f�.����d�ktlɞ^�	.uC�;@?��
+a�̕��ľ�?3`�ʖ���Z}S�'f�JNRɏ��e%��<8�X�u��m��E���c��r9�r���1�����LR���]O��m��{	J�z@3�j2!�/�Ѷ)~E���5�B��/΀��
+[+�ު����s5
+�b��iP���L*�N�w�⮄��m"���~��+�������bˣ�΃U]Nٺ0����I�e���Zgb���(_dQh�q������?
+���piL��u���9�:?V�(�
+�)��Ar�V!�8��PӖP171d��|z�A}MgL���V�\
+�g�Fa�BM�s���6��Y�k�X���Ǫb^��wۤ�`�j	�/�������0��]�`�Ný�1�J����(r>C���Hj�4I������t��ձ ���"Ĩ����yp'M��*�j�o�o1J�:jY�n)�E�
+endobj
+796 0 obj<</Type/Page/Parent 689 0 R/Contents 797 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 380 0 R>>endobj
+797 0 obj<</Filter/FlateDecode/Length 1843      >>stream
+x�W]sۺ}���7)�%Yy���n=��4R���"A	7$��%���H�f2��4�����ٳ��\�4����sZ�(ίf��t/_�v5���[�H9-W��o��M����,X��Ţ��Oy�|9V�ܬ�3�JI������nIaH��=�6k�'�����q���Ԥ�L���O�G�n��0�LTȋ����сHr���:&��yVZW?Y�}E�~�ZI]Qe���v�T�
+۞��a�O�a��LZRz_�6���(R:�u>�����'	0��AiQ>�Yee�|�Ԕ� �ZÅE0YB��gee0���T�Df
+�/�*e\X���I%�ԣv�|�t�{��]�Ĝ-=�	����[��>gS�8�dᬪ�w'�'K�"�ﴠh�Hg��e�ƅ�bs�2�t{�J{h=��U��q�i�L�{)�D�\��2@�T wܑ�~���X	���d���q@�V" ��f&�D���z�G�Al�|�	kM��MB��F��M�Y������A���`�
+c�:d`�!dPgFp��i��!��s�"s۵��(+�|�L&�o�h�Ғ��v���qfbQ)��[r�[���%���"���?=	�	���h��49=��4֤�s9�[5$����L��
+��&�����Q�ĵԾ׶('��X��hA9���,[�n/��(�5��0�'.F����
+}����n[=�EE�1���R�慠"-+(��Q�p�u�c�	��kv*��ř��������﨟�
+9����A|�#r�:�����1�b6��ƅm�$�6�/���A(���F��Z���3Ѓ�����1���D�|�(�B��O
+?;��-�;�G�ٜ�kuO�c7��Φ�Jt�AY���(->���٭��i4.�H޺]x���pL@'kQ�uۋ�&���8��p@U:�OeO����q���:؄�̽��W�&�m%�h?s~�ws�*����t��GY�\�F,н9�v�+��]ʵZNP�3�;�6�k:��2h�|���hr0Ɏ��Rð\����T
+�R�Y+�6A��[��<
+�l�u@�����IfH�}]Z�	��<��)��L��e�*Am@�M�{�w(�t�Jd��ՙ��>�k�z�a�U>1q��En7
+�Z@�9\dY��V��R�\���+�'Nݏ�$�k0��ੋ�(�,��Q�h*�ʘ��+���C��7���a�<���%��؊M�Ҿw����;%�P{�O�Ra�>"�4@�#��r����H@3�Ir���376?K�cz�4� >�#�~��s\",����2K�݇cpq#����7��@ ��S#���8�-d�R�*8g#�7C�@Wt�,+k@��:NaFw��������u7�
+}?yg��S"SQg:1�
+g�n���pĘ�>���M��̴S+�WZg���F"I/}��V6�hw'aP8���˽��4in+�̏)�đS��4��Sc��܈]�������f��np�v������w��4�:G�Uʶ'�
+�͂&���Ue�^����������y�_�,�endstream
+endobj
+798 0 obj<</Type/Page/Parent 689 0 R/Contents 799 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 385 0 R>>endobj
+799 0 obj<</Filter/FlateDecode/Length 1908      >>stream
+x�X[o�F~��8/��B����,;i��I��6(��9�&&9��Њ�����̐M�e�[�-^����sF�/�4¿1-&4�S�]���4?~��b�XD3��,�9e4]N�O)�.�W�芮�3\�h6�����^_��h<���̗Z'�����e"��T��&N��;Hڪ\%-�<!���HϺ$�I8'��-�gM��*ߓͶ	
+)�_�ѱ�6������ň�i4��Kmi�
+�<�_�H�������<Z���N�h/��ܺ�3�(�z�c��\Ɯ]D?D���Τ��A"S��s��N���AH-љ@E��)K���T�d�hs)�RX�'T��iԩL��}�ir��y��2�F�s꽳�M^fkSZ'�;���"Z��b��wS�ɑ:�瞑.dN���>?Di$
+닄�G�����_־n(���̸(� \��� �d�sd�A4M����%��JR8Ct��J�`[���f
+=�\9��?��P�L���*�&�Ov��LA7�X���!#���I+�@`
+R���ՌDGV�؃V�Ϥ�ա�'"�
+�T����g��M�*��ۆj"&��/J��E�*j8Q�s��E�\
+_$��4;K��9S6.ui��Dn^��OP
+*�>O���C/|���{����st�5�e �E%̩�E�Ӂ��Y�5�M=nZ������#z
+�;
+/�����1L<X<i���b@r
+,���P�O��1O��u����?	\~��y�~����6��34!�N6�<L������Z{.����k�Ur�Y��B�& 2�^��e	���M�r#$��ʵľ�=]�g�{��F��R�3��PKy�e�G`� ;Ģp%��,ߋ�
+5�N)u�<�:��Fp[�;��u�������Vj*pt�b>T�HEs����-�-4���?�^%�w"x�'�K���2������
+endobj
+800 0 obj<</Type/Page/Parent 689 0 R/Contents 801 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 402 0 R>>endobj
+801 0 obj<</Filter/FlateDecode/Length 2177      >>stream
+x�X�r�
+}�W`��I���n{^R�ĳ��'κw���<P�͵DjE�=��|{@ɗ��$���)�"E
+���(9�]����h�ϓ�蝞.Y�<���g�F�.XF|��	_e6��Uӹ���W3�iU0&��%�r�dD���j����k*�������(w6�'t����T�R{*W���k�]�G*2�U�"$y���`0��x
+�V�ъ��t[>a<���2mtYmI?��W,ۜ45ض�=ˁ��"�|�*M��;U���	�6!��C�+�k�	��E����2M��Z5�s-}��WY�`<NF�)"��'����n��-��N�]�G]���6�>{����Q/�M�0m�	��:�k�n\Z�*�낼;&#"_�؟Q,P��Gt���vH7��n�/ܸ��NKD�]�B��4�,�{���E��j�m
+).��њO=X-7
+w7��k���TH��gR��q��:��h�y�2:����$Y.�4�1�
+,��پLNƠ��$-\�e����F@��"1r�3(�{�8���Āp�����Ud�*����ќa�kQ	}
+y����nM�/Z0͛�wVnՎ��������+[4��1��!ȬÍ8�s���Q7{Ȭ[�(>˦�$�m��Y�&���P�Uh9h���`*�ЙE����+�����5��Y�˘d[`؆�]�F��)�5=�y�aԗ�-WJ\�Ks��*Aʞb�Zϊ�y�պA�%��AWR6��Z,���ZRB�@�G�)s��*-w�e�*Y?L�:������P��V���꘡䘐������Qc��ҥ��'�3�E�\��ǌ�z�-�<7Ҕt��a�~$�K*R+��Qt���S+�a���
+���V��`�됗`��F�[���a�ʤw��y[��4���
+�kT!� ;���{��=��0��;u��ǣ�RB��m����ź�TѦE������?�q����,L��F!8��M{���
+��|S�bYpͮ�*�'�7}R?��&|%��`3[���=�����1T_�u_��E�7���餛&�ӓ��tJ�~������3�mܯ\�.;��g#�h��k��)
+��S~�4Y�й߉�d�Ⱃ�Kl�oa��I��3�����~���endstream
+endobj
+802 0 obj<</Type/Page/Parent 689 0 R/Contents 803 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 407 0 R>>endobj
+803 0 obj<</Filter/FlateDecode/Length 2098      >>stream
+x�X]o��}ׯ���$Z�e�n�حc��\Ki����7����R���=�2˴H�aX܏�9s��P���.�t6�|3gc<9�x����%�/��������SM���l�����*�cuz>������O�ٔf��}��FR9�YN��h2�eɆ��,��1-󓥦J�$tk��c���FoH�����P�j�T+놴��𯒼*i[���@{�8��i-醔��-��4����eqr�W�m>=��l�mdڬ���*��!)���6�mH4[m�������1�Z�ۭ6.<NQ���ܨ��kd-0�m{�f���V�Jl-Y)��F�X��lƱ~����
+���h�9i�XK�
+�ڞ1��UM�v��K�|�Ʈ��q�w)s[(aH�,G�����@O*��)h��[���C��r
+�x����ڼ��n�� �*rWފ�UlYA<ˈ5��Z$�1ԅ*�٠B�g��V��F�Z'V�V�\bN��'�x�$�ia�\_=zJ �-<�5rF"���"9��um��;��?TA8��W�R.��ڈ����JcIyjȶ~{��@��3X3�p_�!�8���g���qW�Jh�n���
+�"z�
+����7	�]����s�ql���2[/�aC`A�;Xq�匪��=�(De����r0]FK�8����_X��c�wb���R	v�<}��������Q�	o��051�3W;����W�O�00��
+I�}om��$1�v��(�L5�х�}���ֲ0pm!�I�����
+�(t"�E�3ۍ��Q��H����S*�m��?���[dS����z�فj��TX�Br
+-m���ái�b�������g�E��gAC��%���G���k��x~��ʍ����A�®2���0���h���}^�T&3��Ų�C��$�8�=
+���ON��qdce�0�����\mQ����1�y���������^,}kBM�m��?F%�5�P
+;
+�Q��m��B���%�C?�~�a5߈�8g&�":U���Ld�N�NJj����i��^nW�~6�3�=�����SArEarij����2���"��B���t�|1<�5m?�	ʣ�	�cl���R�[`���^B9���yv�ī1e �h>+G�SU��H1q�4�S�7?_��+ΜKTS�/�J�y0�w��S�iZ��mW�)��T�������G�/�
+-�������>f�_'��Mq��/�� M��p^i�-(B�h���\ id.Q8�5(�q���o41�(šq�Sq�xVJn�,�����}���ɧ|������8f<��[�ְ����
+��.�W��_��.f���������/�]�7�?�g�endstream
+endobj
+804 0 obj<</Type/Page/Parent 689 0 R/Contents 805 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+805 0 obj<</Filter/FlateDecode/Length 1990      >>stream
+x�XmO�H�ί��ZF"&qB^N:�`�]���͝�/��=��ۆɿߧ�݉�ɞt�主�������Ɉ���,���di��	M�3<��T�Y�,&�����0�cy5�s�ޝ�Ya�=�9*���h�u��ᡒ�K��-6_@�3�����8�BϮј��^�]<�"���1����qGVD����^�\�Mh4�e�i��g��!w8�2:[���<�eMu�K�LYꨶT~A���O�RSh��B�U�ժ�Rm)1Uwۦ2I�뀮,e��T�%����_O�4���϶��H�d7:ʒmWDW�%唖
+�Y�F�i@wЪ��b��sZ�F��j�J*�V�Ό��:�٧v�ͦ)�s�`+�3�Z :�0BNu�=
+�_��`���jً_��]���];g*���F�Q׿����P��ύyua���xw�K���7��6&Ϣ�s"�O�:Cx�����K�U,ڏ9��3s�^�-h���4�L�ϋ`��h�${i*Ug����u�D�l�Np��T�$�Xvb�Bd#dJ�
+��gI�+]F��8��CE�n>����del�--�Q�#�f�v�ou�j��|�>)kaJL_m7b+���F(�h2 FP��jwQ[C�Y0g����p:@�}�����_<ܶef)6�}c���R��4+5!z�&E�Vm�'��	Y�}(+��Du(zV��E�=�sR�5�M\]{B�j�l}M��9�-�������*��T�ؕf�l�+ZWH��z9�.��t���1���6�L'��D�#�םPO�^5Hdrud�
+Y�!Ԁ��glW)�3k�M�D)�z�jM����/����	����HB\}�WV硥��I�n����+��8	��
+6e�`��c�[bv����B��Yx����X�����З��P��'
+�A�}�������z��;ː^����}HFk���h`^0��EQ
+��\kJ�a~^}8g�ZT�bLLY�l�`M@�A���i�P+t���R21XZ�X��M;��\�?=wpF��M".=�E��-z��ђ�L�rqQs�$�mO�;ZRu~�4�Mw���^"��2A�H�J��lQ{���T� �P�u`��=Z�;�U$t�[v��E2����Pu�#t�k��!Ur��'��X�y�"�^����`��ZsPcރ]�}Sys�y�c!<rw�V�mme�([����H��#�!4����!��Vg��t㻳3�t��^K����5fGg3�p�g�}��вX�Ȭ�r�@:+x?�]�z�o-�ę�F���O��|$=�Ow�p��ع<�X�Zq󴠾��7�ǥ�ju�_�<�m��y�Yc�L��S����ϫ~����;@tA�6�<e�#P�.�Q�g�1�IVf�n��h�W��I���ŵ��M"<�,��w�퀴�X
+endobj
+806 0 obj<</Type/Page/Parent 689 0 R/Contents 807 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+807 0 obj<</Filter/FlateDecode/Length 1591      >>stream
+x�Wk��H����/ҊEJ�y?����ql�B{k{�̘��������V�;t�$�����Η���g@�!��g��O������C�o$��b>�����M�&�E�h�F�,����(�4gǳ	<��������6��v0D��8��*�AM��
+#��_R�����>�
+!tJ����<��5:U��-3�R �˄#[m��8��=E8��4��oP��=	�k�8����E�7�Gc�aͣa4��\�w�
+md�x\d/D�����Dg��*��u���U�_�������K�(d~￳�X4�g���ڬ��ҟ�9�;����b�I�qb#�'��r�@wb�#����;Ӆ���:�)��
+���5���9Y\]@���%m�n,J�Qye�8)�+&:}��
+�]K����*7�vݘW�ѡ�?����`��C�w�*��C��e�,����*�yD�t8����/:�c
+u;}����۩��u���4�zZd�R�w���j��L�SJw�&/�gv��Y�;��]o<
+V���8a��K�
+?ɡ�=���}�Y&�>�}�uuLFS6*f]����9�:,	Pj���ஜ7he�m�=O�wU9�	�~c]"
+�46��,�P%����ng�����
+[�2�h�X˲�I��~\����~~�����%�a����!*�
+\"��έXL_ɲ�tO��<����m�K��豝�س3�����Pr�(��r`Sº��so
+endobj
+808 0 obj<</Type/Page/Parent 689 0 R/Contents 809 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+809 0 obj<</Filter/FlateDecode/Length 1885      >>stream
+x�W�o�6�����/N[M��,0i�aŚ4[�C]�D۬%Q#�:����Q�u�a(��"�޻w���9��zvNyu�br���S:>����_^Ф�����&��ڔ%�Z,�^SXj��(�L���6���Ӡq�k�US�����~0��_Z�~$U4�����	�x2�rpD��g�	�8��LM��q�J�:��4&��J�v�?�Py�T�!;�\g��4�%n�Y��<;��,�����|�[��I9�埇�Q̵�u�}F�紱-��_rb��[�kR�u��{��T%��C�8t��e��w#!��
+�oJ��
+��K�CC��'H}�h6a��WՌ}�y�m�+Ipz�.oƇ.��B��<����a��Å���=���V�e���
+s[뵆%�B�.��
+endobj
+810 0 obj<</Type/Page/Parent 689 0 R/Contents 811 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+811 0 obj<</Filter/FlateDecode/Length 2056      >>stream
+x�X�o�6���b`��,`+v~8q�)������EpX/Z�-�%Q%)������d[Y��m�đ83o�{3�g��	�^�Ք��l����f�����-��ė��:�e~v�yJ�	�W�������������o�O���4����s�4��\i���B:U���R]9Y9Kz�Δ���fO��Nf�*����+U��rZ��\Y����bON�l�7���*�D:���b�SU�wv��������T���OCv�g��|�=�b+IT{Re���#j�"#�}.ʠ�q�&m�_/0N��	㨔U����ߔ{Z`)6����H7M�r^$�T/�
+��g+ʥ@k2�l�`��O]����<&c	�\��LSA 5"9#RI�'=6�4`ޥu֔^� [��D�)Á���V�4�����i�VK(d��hi*�OST�<'0l+͐�VDc>r�-J�Yl�=T�L|�����s<�G��El�N'�'�����A�cT,G�*8<
+u_'c��a\��`
+Oۈ)���-��|��A�6�u��2�0Y���ؐc؝|b)�����Z�j���ˍnֹw���&%�1Tss������Ş��b�4�f=�ŤT
+t[,r]�Ð]͔M�ȳW��^��.@H�Y�2��xf�BU_��1�+
+n�`|�����A�^�]� �L�;�v��>�8�7o)���3�yI���<�{G~,��v�}��@�����<�۞����c�߂�a���n�,Â�]ŋ�	>c:�-\L,�56JF��K\6�[gΌ���
+��\7EƤbk@���~Ы�i��k��Q�ݻ��W#��{S��t��
+��*h-�53TI1����!L���E
+��ă
+[[BO�{`�Pׅ���Q8VT�Z�RsXs{5Ý����ê���	_pO��.�#��'�	x[Y�X��.|���[+�vì�ۭ�k��~Qa�	��t��>e�`T7�f�FĴ1X8�Tx_��im�X�xR����O��.�ET�����Y�ݿ��9�GZܠp�m�O�[�[��ED�
+�`�b����٤���
+�X��dFc��ʯm
+�~�f�~ju@)�yG��?�f�_�L	^	��⡙L�[/�ѽ��,���\��Q���``y�eP1��B��1�R��'�T`���$<m��pR��c���/����<��H|�Y�uc��őFG{.���gi��s�\�)\C�O�jzg�o�C�����L�O��J�!��<��ou��Yp���wqu�\M������oү_~y h�;3�Q�pYlH<�|�)�T��G��_{��KP¡^z��3����^���o	��N� �=���:����48�fʡ�5?���_��Γendstream
+endobj
+812 0 obj<</Type/Page/Parent 689 0 R/Contents 813 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+813 0 obj<</Filter/FlateDecode/Length 1987      >>stream
+x}Xko�8��_qa`v[ V,Ƕ�
+.ݣp��soxrℝ��|礩S���|�8q>����h��'a0u�����s��O��s���sg���b����%����[#:q�7�㞝����/
+CZ�L�l�*���hD�����8��H�O���$R++2"�Jԓ4�b]UҔ�Hd�s҅���V��"9'Q$����b]���er�~��و��e0��wv+,��NU&
+Ţ����i�Ȅ�J�$���[u���F�u��>8��p�X�}i{nJa�NW���4Z�3Rb#�L���������~�W�~O�:r�]7.Zc=MxH��H`c�i��u�\,�/���Y9ht�aI��J�v*�Hd�޹��+�3�`�D��|��&ǌ���iq2�x�?����B<��ڦ`���num��^B�LU��Y8o��rD�����UC�=-Wԍ(tq&E5��ܶ��/h̏�7��Fb�Vb�4��s83�K�b���I��+�j,2�]{B�����<���T������>��b���g�\�@�9�[An�+VW���y{��z����h�g����>�E0��,��H��p�N���[Ł���C�2ĥ�RcuI�
+�R�*��cQ a��%Ç�zFZ����t�L8%��6x����MT)^���:KZO�:l�f�s
+��"jp!._�w�k�oG��D�8��7��e�+~B���7��#�����bt��-d#�Nʂ�/��!���z�#�Ĵ�/G������kI_�e�;�CzP�^�*\ǋ-�����25��CP��hr�`4���o��*��o�\�8m�S���@�[�"�Jd&ٝ�Z�7#��%Y��{�3�	���r�^*���'��d/k��m�^��[�B�����%/Q���J")𛠬c�~��s�e�[�Yf��e���a@*�*��&�@��0p]Ƚ��]���	/t�;X_ɾW�q��bp\�U�e�~�x�nd>p5��x�	N���`������̹�o\��m���9��ܶ�[#�+h'
+G��
+�����,�ɢ���晻�q���Ӹ:||���sv��w�Y
+��� V�z�J�6"~6W�1�u�٢�c�.���
+i�*�K���{7Ԉ����?�YF��z�SEa!���%�� �����ߌ�޼(]��]�
+XyRr��%:8τE������v���~��v�/�t�]nt.�'�Fg�z���ݪ��R�q�c;ÌQ��};�u��aE�x��Ϊ�(Q��H�+z�RO�pQ�����w�-�_��Ui�F����T`s���qV�:� Ds�\��0Q�����ݭ~v���g�A�+�
+9
+���d�wv�u��Pp���$�z����S.q�>%N��W�D�Ԍ�t�DV
+�AbK÷�W�Sxg<�5v{�e�.d3|��/i͂�t���p}��W����
+endobj
+814 0 obj<</Type/Page/Parent 689 0 R/Contents 815 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+815 0 obj<</Filter/FlateDecode/Length 1766      >>stream
+x�W�n�8}�W�K�p��$���u,r��AP�/�D�l$QKRq�_�g���(��(�Zə9s���=���������tk��!���t�/G'�4�h���c���+���*�RUR�\0��T�dJ��R��arsN�-�)=͕�ْ�J9�RuX��T0x���x	�t�����2��5����d���
+��L�ٵ��)M�n�v��Qr���_�{�����*�ٺ'm�)�r8H�kReF�3e 7ζ����������=c��k�����/=W�p9��Х`B���4۾��9���Bs�Ft�L�\ӭK�޾�{���z�r�%�)��@ܞ��5-���dw����h"!���,
+`�{V�� ��7���0��٬N��$���ʤ���0�T�\���R8L��R�ʆ*m+�Y-�v���@�7�rD�R��g��`)͵r�e���+p��Y&���$�mn��!�+ɥ�K��@�҈��5'HHB;�r��ʹO�	���4�����dJd���9G�*ʤ8k�k����E�0�x?��]*]���K!��KA���^I���8[8j�ʁ懱
+�4��������lgٱE��BS��)����܊�N�o�������t6�#.�z�2���Dh�`m�4�Ň��ٌ��,[���8�%���<�O����ʨ�3�"�m_���te�x��_ȉy�"�h����7��X4�V(���
+I��i�Lh�4
+��<��URd��)��d��E����������7�PMy�G#A�@\a���b���z�J�DGi2{'�`M�
+I��kٻ�h�A�Է����F��#��R��� =�L@P(0ך5��$	��
+endobj
+816 0 obj<</Type/Page/Parent 689 0 R/Contents 817 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+817 0 obj<</Filter/FlateDecode/Length 389       >>stream
+xm�Oo�0��|�9���@X {K�G�aw�[z��՘றY�i�o�礭�j��,<�͌��9?��r�r��.W�B�6�.��
+C�����
+E�n�#u۠���<G'3����E�&�/�������n���7/���F�Q��ˋ�3��Ы�==�8#I��ĳ�)˱,V����eF�;��%�w?��g{�y'�5�dB7*p
+endobj
+818 0 obj<</Type/Page/Parent 689 0 R/Contents 819 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 410 0 R>>endobj
+819 0 obj<</Filter/FlateDecode/Length 1579      >>stream
+x�W]o�J}ϯ��"%n��I@B����K"�J����${k{]������WQ��;gΜ�<�b�OL�����a4ē��o���<���<����hr�ç�|�.f1�M�3�����5^��0���6l�FË�M8:�G����l|1�fO�i2�Ŏ��e���
+��r����9-S��$g�[QZYQ<��ޑ�t�X�]��.�F�B�����4Mp��Z��Y����ɻ��YC���_�GW9�w9��8�FlN��*Y��Ze%}�"Uņ���N(�Õь/\ɵ���)A��%�r78�U��Q��L
+#)��ka�]���aˊU&i��
+�զ���D�6�@}bw7�L*MR��L�K��������������
+��"��u����=ǉLD��h��>�W�H��I�aN��١,����<��XC�J��Ճ��*]W�N���H��Зep��V��	��7�W��?X�f zx��2A|���s�(Ağ�C[����*g��"��D)���t��lS��0tU�cDK�rB߶�{�V��̔4��Y�k�v�+@�k���'�!�[� �{Zf"A���H
+��^+�P�����p�q�G�u���
+�>~�%�:J�����}��T�� �7l� hP�1�\�����'���H�{��4=��xZ��p7��)�
+S�{K��c���yz����3�ʏ׮��9w���Q�Џ�+����]��M�
+��j�)M���uNX9C�\�����Xf"��2�(t�
+Z��:�[��a�6�is�,-���$cI��6h��>�ꗏ����.�%�B�U(��
+b(�����J|4�e��
+��!e*_]�{��vD�W�"F���pmᄞM�dz%��e��C��|���F��H������
+�8��GP�8���Zk}c����?��<�Jz��P�4��;j�IǶNK��1Y$US�}��~�"�ym����b����o�A���L<EF��|��`(SX5}ߢ�e������O2[��
+�j��@�5V���#�Xb�q��i���w{<?������d�v�g����۽�Ku��7�1�*��Zdj͓򙽤�T���
+��}���wV��#c@ ��Vi+�QN��/�^}�� �8�X��8���O_@�B0��9�^��)t��kv�1A)dt�=�|m�m;�Ba����zb�l޶;�[��W^s��� U����t������8�����0�v<��f)�x�öS4��w�?�)lh�y
+endobj
+820 0 obj<</Type/Page/Parent 689 0 R/Contents 821 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 413 0 R>>endobj
+821 0 obj<</Filter/FlateDecode/Length 1930      >>stream
+x�X�n�F}�WЇ:�E��-�y	�K��F*�~Y�+�1��pI+�����R��8	���eɹ�9sfV_�b�_L�!�ƔG�h@g�A4���?�UjZ����Yt�����$�~�
+`'����ܮ��x.5l��E��dlEv�
+9��eV�ics�_�j#��u`㜡ӹN�������k)=ⳫKJ6�is����;���D�(#��*.%��m�c���{�r��()uʥV�C<\&�I�7G�䰔޿b2��o":!����
+����ؓ���aE��-���:J����1X��G���n���V��g���zTY��Y��T�:�x���B��,\X<��H ��!Z��x���H����Yh�3?��Y3��N�B4��%��`f�Df��0C���X0��3��,�����ddo��#��~v����:��\�'��zL���g�5/hГ�`t��Hw��b����	Ϡ�u����TEI���{(j��
+Yx-KI�!������_����5���O�y�neڲ
+ʘ�͔�������J#Z̓�K�H�ug��=�
+�䠭v"��e�2a��n�#L��*��)�<�W��o4�K���J��ҥ�RK��Ý�3��8�ė:Q���w���������wi4���x����C��m�3������Yč���Y��K ��6�Zf����A_�T�2�	҉��&Cӊ�Ȫ �J�Z�aLr�h�]�紂�H�2捆��{�}G���,��:��gt�dO�X��I~�yZX��~Q,mt���H*P�%T��Y'��6]��+����S�K�����Y�&���@%���M/|gEd�m�bn�ׄu���80�G���ඪD�*
+֬����J���"�򻿋�&�K����!_"�'޲:������Ӌ=�8$�P�>!�ۤ��0
+���f�gdqS'��,�H���rޥ��C�~�.�=�r���O'y��
+�S����!ml���^+��Kr�q�w$R�]�$��Mj
+�t�!��p����c��K(��W�,y���}�b�����&K`��8uU��{���I�0���7���E�M�=;�{~�V�v�\����P�}�4�_`�Ж��&36��b�J�쾕!�_�y�b�R��M���4�f<�F����C|���t�P��0��?�e��-�'��z����*��?�8��F�����8f׋�������+endstream
+endobj
+822 0 obj<</Type/Page/Parent 689 0 R/Contents 823 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 416 0 R>>endobj
+823 0 obj<</Filter/FlateDecode/Length 1272      >>stream
+x�V�N�H��W�A�&v�,Z�
+�J����ŏ�>� ����K��/�ReH��l�,q�$j#W�
+e�M0Q:]�"y7�
+�2��l��
+kw�N6�WIj�����V!���Mj�I8�(�C��)O�2h�
+�i]R0��)��f�8o�>�h�K��%�";m~Z�S�#���J�2��������ALA<
+���tnr��_MS`?&�p����>�|��jv�h�
+Y��!J���6��~�m�9���!�4m�^� ^�n,���o�]��ϩ��O�R��e!�r p'�_��@,�Qh,�Ьߥ$͔�2$�7(�z�~����&9h^iN׶����!Z�.͒�[T�칔m�|Tn������LV����d�Z9��hUs��{��J�����Q��Y� t��,>b�Ŵ�r�[��E��Y�z���eB��ޑq�R��e/�������V�*��2�
+/D�XI�ān}
+��ͧ�]�Z��	TM�r��Ʋ�Y�3�u$���4��}:�*}55���;#b(H@[����y̕Rs!�Q�����N*ή$�b1¦�F	g�;�X55A�9����%���E�R9{��]p��=0�p`U��f���v�y�ϗ�;�J�JIP��b���qqwp���4��r�QŧQ-�=2|:<�����L���X�5:��zH�
+omz,x�d�e�ڸw���6SxZ������\r�*�q��]��j7��a]��t`�h�r�W*�߂����(9D�C�x����*��ᚠu^=�¶�`Rn����c��#�x���f����u��F;�R`���� `� _��E�i���7�%��_[BUK���ql�	S�_�z��j��9P����ɏ[C{1��Ͽ0fP�Bߜ�!ͥ�l��i��f�|������C��vZW�qߜ��9���U�+=4[��!
+�N�e�+
+'�`��e��H�p2'c܁�}s�O��?N���e�endstream
+endobj
+824 0 obj<</Type/Page/Parent 689 0 R/Contents 825 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 429 0 R>>endobj
+825 0 obj<</Filter/FlateDecode/Length 2006      >>stream
+x�W]s�F}�W��K�$��������3I�ƴ�/����%��+��{��t�NƱ���_�s�� �)�ŴLhvMi9�FS�9�����2Z�"YE+*)�g�M�T�� ^��/�k���;<��|����M�`q5�/��k�ǒ�L��(�y2s�<�O��2��4��{��f�����ro�%�N�c$�ެh�,���&������K�x~^�?cu��t�����)�=��a=���P2�u�\_/W��\��&�ً����8��FU��I�[�߬4�w"ݫJ^��Li��qzx����RU�M)�+�M���w��t��Lqב�����x#z\
+U5��Gz�U"U��趖�u^����_�T���t���}�]��ݏ�o�������M��O%v�5����n\�"��:�e��@z�9�^5���|�ڵރ��: 8��ݐ��w"w(>�_�\� |P:GqC�*J4���#��ǸѺ�]�������
+�ъ�E�{v�HǨ�5:
+녋Y������f�7PBՖ[��+����i���f�[�P���A沯sb�r��B�綶T�X
+F[4�EH�2ô�*ȃ!�E�Y�R���V��`~ܵͶ�f8�i��\�Su��̖�+y/��/�����0������]o�8f��X�
+��ݮy`�`E�mQ|
+�5+���g�l�n�V�
+��4	C(�/���5����}2�
+����_SPG���#�s:�6�ߓ�UW'81[x������_>���y��^������z���o�_c�endstream
+endobj
+826 0 obj<</Type/Page/Parent 689 0 R/Contents 827 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 438 0 R>>endobj
+827 0 obj<</Filter/FlateDecode/Length 1971      >>stream
+x�X]s۶}����d����(Y��t+N�k��%O��@$$!&	�
+�Z[:pa/V�qZ%�'���&�)�[2K�ϕZ}� WV�$��T��t�!�!�ei2N�g�'fc)����鯊�M�	����ǯs�h�ĘяH>G�Q�&~q��#�8�lTG����D����]�]��Z�<!�TF1�Y �p8�v��.�5�|�g38����2�T���n?=�ܴ���R`O��E)U�h1'u
+>���-���mVϭ�s�O��f��LR�:���l6
+���4'
+"R�N,��*�xxc���\A;�_�-��H��)��2uT/��sI��3����� �x��ϲ=F2E\�\-5|e�,(6�b�F��m--�Q9%p+�-���S��k(t���B�^�\@���Uz��.֡vPd*��kS��)r�d��٘�%pýr6��:��
+�h����,��M*/(}�!�Wkh)C�j�
+�B�,LfB��,���~t�<ѿ5��/r�3��S�*	98l+��R1P�@��
+�b����B����w�٢/�n��C|��̤?��ROv����|������8�~�v���ت,5u�Z�U����ڸ�o�X҂d�Z�_Z�U����0�:�� �؄���'<��cr���=T�2hA/5��&�Ħ��B�ڷ�Y�$�i�����$�"�BG�O��-��Ef�=,N����@�9q[�޹��%W.���/��Q���[X@|F=��P�����t~��fO�`A���on'�4�a*`����gWt�V�z��}wO�9h�*��[*q}~��}�?���9���w{쾥����VZ7S������7���Ho'�]�e�F/:~1�;H����Z�+� ��U�����u*W���mѯ��L>oyR���ok����&�4.u?0�@Mi����'*C��)nПAb6�*�	�t���T�����Ab2�D8�x?k�|�<Nj�f݌��^~P!~��sx����)����{�����c��
+�?tX.����z
+�+�C�
+�V�k�z�V��N�TT�Э��YЕe@<���:
+g���i:{��&M[-2f�}Y�
+̒�B٠��E6��lG��+�ÉRyn�ܺ�i9v|�p6��p���T�,���c��wSU���t�C��!^����	k-�s��C(�Ϛ�=�풏FY��LT��E�Go����Ø���g2�*
+l3�,��Ń�P+\Û���-���bLqU#�!��J<�{�J33���-�dN�Q��]��wx��m��S�m�����_�$
+�0�Ǿ�.��
+R|j�a���O먏�����ǉg��,^����B�GS �D����}O�ao��,���v�X4%V���:7RY���[�o�'��K�¸�c�ᑇ)h���\������/U4�?>]͟'�G�!U���M�~;�㚦{C�
+`ܧ��Rଡ଼�lr�aB��Q�����lh�9�u1,$������
+�W
+endobj
+828 0 obj<</Type/Page/Parent 689 0 R/Contents 829 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+829 0 obj<</Filter/FlateDecode/Length 1418      >>stream
+x�W�n�6}�W�q
+i*���~s�í�6�L(��X�(d��+͋4A�`<����MsN#H
+<D�R��$�X��#�V3��i���p�RH�Id�X_a��J�Ax��������V O��A���β���
+�,�U�͍Vn
+m�t*ٴ�^)�%�p�p��Z}�(ĺ����O`��
+#�2����~�UG���=��T�O�颳�d�S8&���.1�]t���8�nǓ�\��cL��
+̈���)�4�wa 6�8*��۾�=lY������鄄��;?@�j4�`>��4��Q4�wʐ���`Hc�#xj�����8��	��ɬJ$ԛZ��H����12���t�"��n�0��f��A���ѬQ	cg�b�e�`�h[��-k��D��y�8�Z[��k�£��)�367|q�ûe}B��Y0��4_̂�2�n~�xC_���I�%�a,�s|GZNh���z����g���9�L������ϋ
+endobj
+830 0 obj<</Type/Page/Parent 689 0 R/Contents 831 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 453 0 R>>endobj
+831 0 obj<</Filter/FlateDecode/Length 1333      >>stream
+x�W]s�F}ׯ�cM+y� �
+Vpw�5v���ٙ�ٮ�����VԲ��
+�eogg�V��K~/�8�
+5�^��t|��}���g+�G~/k��.�r0��]+[�P��;/�[����u���xg����z�k�w�4'my��ֶ.��/|݂�>v-_���6����V�ّc{���B�$�4s����8-���4y��K�?�����hN�D�����O-.����_��\G�#M�b�6�_��i�V��Z�=P8�
+n��(v龖i��G�GL���{�8��ݥF�9`JD����,�d9��T�PK����2NiA*��^Iى�iu�Ƨ���Z�~je	+˟�ґ)���:�1��
+hK���A�ݭ?P�JWB�(u�+ASM�OF�r};�
+
+����b�i;���nr^TLVTe
+l��(&��yl��^e@�����bu]��j���Q)�I�T/�էs�ߐ	�!���;(M�[Z��a��m�4��͵¾����c=�i���4�~�a{^p�2�[��0�YO
+=P���n��
+endobj
+832 0 obj<</Type/Page/Parent 689 0 R/Contents 833 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 460 0 R>>endobj
+833 0 obj<</Filter/FlateDecode/Length 1819      >>stream
+x�Wko�6��_q�/s�X~�i�~��:�i6h���J�FRq��w.������ ��s/����3��i�����fS�9�����|�-h�^dk�i>�e�xU��b�Φ�ZMq���b���?�>��-�9-�6�=��H:���"�z��l�Λ�׆�oֻ�����~���|xG�%�h}���cJ�|4�e�l��Ǻ�Ʃ����bW�l�o���"�O;�H6�(i��%�f��x���Q؏�7e����&-���5�&�B��ڡ���r���{OJTՉ
+�H�,�+�N��lnT�����m�4�-�h8�|��C����#RM^u�,��\)�.�o�n+i'�~������is"}𫷢���3���0j�9�����<ە�����Z���wدF�m�O��5�*��5Ѕ�n�
+�ƒӜ�(��%G��X�YG�x�1z�*��G�`+���d��3ڕ0S/��F�+Y�:��P��T�|����4.ԙ��<H�����w��*�1��G �7���v?_ob"��s���=�~�Gm�2LTc�#8��:��]_s!�eպ�*I�R�e�{��;Ti�
+��讵
+	�x #φ��!vv:r�s�b}�m���d�n?2u+���������}�`�%)���1��CƗ�8�*����
+X�D���H��E��������^r�Fw�C/��}[�,�Z�op���z���;�����ć�ѯ���h���z�
+0\�u���,��H�O��oAi�Pg����I�S
+?6Qʌ|�g�lq����7�(AD����V[�-����W
+����a^;F$��{�,�Q��p��G��������#&8�������{ N�$5�*f�?H����h+��(w��3�w}ַ3�!�p25��ZF���ʭ��C���l�N�w�w|ϒd0�[;��ƃ��m0��:6�~+�e&�tz_x�A�d�U}��6()R��Wg�sg�@0���K��&7���P`�MS���a,+F=�NN�����n����7c�Z�#���������d�Z�Z��$����%~l�,���/vڠ��o�x�A��x������@"��B�Y
+m]����_����2�AW�P�|�9�ދ���AH�MW�v2���+��zC�b�p��@��d!��}����{_�����Q��*
+����d��R���Ɖ��
+���q�k0��b�"
+%���"H��L�8�7���
+c����nm,i?�0y�@
+endobj
+834 0 obj<</Type/Page/Parent 689 0 R/Contents 835 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 463 0 R>>endobj
+835 0 obj<</Filter/FlateDecode/Length 1704      >>stream
+x�X[O�H~�Wч
+��	$�)�	([Ri�{�lO:3����wf�8�Х� Ab���;߹��VH-���kS�KQ��
+�}���)�������{���
+BҒ&8����?��V'�g�8�����0��A�O��=<⿥t��v���dh8�y�~����Ԣa��$�<��N��ZF����)1d_����\�MgI���M�$FjC�2�	}'�M�)ͅ1�JǸff����l��v�6,hX(�h�J/Π*9�qY�,��JSu��Gg��Ē^����Säbpa�oT�6�T�\�u��l�}���^�`�N�v�99�(ηID�4f�ƅ�X�z�������%�Ì��V��4�,��m�q��������JdcAwW�s��܍��y*��F��JO��1Z7��'���|}r@���,�
+`m�񗲐B�F�^��g2w���I�dtI��~
+ƕrRS��%�$Hha����!��I*�k)��yt�C`�bp��I�}Hn�0f�Jk��jrA�|�0�T:V<2E4c�Q���hg���(���3��\�9
+tUo�yY�|��<5�Ĉq*��ί����ʇ��#2��D�i!	mD#��9,���)��7�̟*�X�d�*o����u"͎D~4��尅�����:S�<֘qȵ�I��F>C��\��X�g	�2�i>�����3���K8'~9U���������?�ꘋG�h��
+�팫ɵ�p�4��h^�7*�Or�le���,p��׾
+���${V�3��
+0���h.�82ufP�N�cl���)\��'�st9�L��9F;{�?�S��̧�Rc���qq���sU�Ðw�?�K���1���~�KJ�E x;�$I%|P�Zl5��E���N	&-S?ebF1��T����f	��c{M���8pd�7B^C+<�K?K`�G�Ḭ�~D�h�
+�I9�ԛ��8���x����긬aX,r��Qit�N���ƞg�\cGы��5�Ǐ0a��Q\��BSS]t�%~d��h��AxP/n����Q�]�oF�=;:��y<���m~�ENaSs�1on��Gl���K0`�e�e��x�$4�H���/Ï.�ciE���ތ�|��4�$�x�nC��`ұWs�r��΁G�M��~1Qj�r��+����	�bu�&�@/(�K�#���߮�r"�Ԓ���՝sB]���Vu��$�e�\���1�U�z
+���~�{��~�?�P����}g��ot��x@��"��{���h�ߡf��w@?��c��j]��c�>�}7��k�_B�|endstream
+endobj
+836 0 obj<</Type/Page/Parent 689 0 R/Contents 837 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+837 0 obj<</Filter/FlateDecode/Length 1182      >>stream
+x�V�n�6}�W��,�.y�5	�즍��h�@K��D&]�Z�-���V�(�]okò-�3g�9C���B�
+K�"8\�������߳H3ن�0�x�忌`F��_�abb�턣y�?��/c�0O�6̓�|�JT��/*�J�S�|��Ka��
+ԊAI�:LY	L�b|Y�|�y�_)��lI�\��m�L�zĵ��e�t���9в����������h	Bna���D�%�*
+oS�����SR��g���.�2�V�]��~��Oe�5�waK��f��*�,@)k���zai�8K�3~Y!J
+U�
+t�Q�,yڝ8%(Y��5���m"9M��v��6`��A0ׅ6�=<Թ-�6� �+Mǋ���y�%b�Z�ZA��H����u�sY]l��"��E-��!��L��K�.���\�-�̊s�	�}țJ4��h
+��A�k@�]@�'Ӵ�2�P�=�F�MN��^�M����ۂ+Vp
+��(|߉m�v�h:�Ƙ}8qG��|���t�Z�(nh����6�Ø8^kR��s�F�vkȰ<�Y~#���=Q��
+endobj
+838 0 obj<</Type/Page/Parent 689 0 R/Contents 839 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 466 0 R>>endobj
+839 0 obj<</Filter/FlateDecode/Length 286       >>stream
+xm��N�0E�����E��v���A-�k��%�Ӏ�
+�����
+Y�q�d���)�4��	.��/�<�R	n�g��Pb�����zh�(V��XҎ[����~Y�n	�k:�������K�q3��?����I^Aʳ�(
+�/���ѣw]��$'��Ŷ;�޻��W�B��1~_��s|�;��ۡ9�0�r#���K�%OFR�2#���$���y���ψx���+��J���kE9�7����8�s�ۉ�R7����F�3�1T��F�43�7"��,{f?sendstream
+endobj
+840 0 obj<</Type/Page/Parent 689 0 R/Contents 841 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+841 0 obj<</Filter/FlateDecode/Length 1614      >>stream
+x�WMo�F��WrrP[�dG�{K�0�8n� =�"����.�%�(����M-��_0�;o޼}=����Z��R���bv!��7�}u���~j-Yx����]O_�]��z#�Yg��\]�:ع����]��F�2_��5�ѩ���z�����gcS�y�[�\�yr!�+�8U6�Ow�H����y���8C��ق��`>�7��*i�+���c���Fok�g�e�<�|0I��˚Q0��k��(i��.�b�<A&�5RR�"w�^`�/�<�14�; ���ڵ˪m���;S;[j�x�\
+C���Ɣz&��T��x�Y���J7FcH���i�Y\a�M��A�5�ȷ��<P!�Z�^���
+���>�g7�.Vt��h�
+E2e�wp;�;�xD���w����gr_�ۭ�Qy�"Tۘ$^��Ҷ�8��0�;U"]�L���i��A�F5�8M]�
+: ���uz�kP͟�,
+݀
+:HZ�!A��mhC?�?��nL�����B��k���Oqok��5�ۀ�v��$�J�n��6�n[�=���'yO<�td�8{鐐!���P�԰�C5���r�s�E���Z�/���!֟ �񑁛�ג�w�C�a�LZ��_�O�aq��]s�c�}Y,W��^�k,è�ě����:J�+�%g�������o�ݦ���}�ց�m=�=�ҹ�H{-�s��R�����@���&wm�#�O۪89�8����ʓ㽥(���Iq@H�<����n$#��Ti���U��.�2�I7�$� �n�ш�樣�	�?��#������ɷ�r2�"\$�*
+endobj
+842 0 obj<</Type/Page/Parent 689 0 R/Contents 843 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+843 0 obj<</Filter/FlateDecode/Length 1655      >>stream
+x�WMs�H��Wtq2U�c;!GC�Z	Yb
+����4D�3�������v��@�Lw�~�u��ќf�5���]PZͦ3zw6���K�\��S��]ͦ��>X\\�~�z>�x�::�xN�9��~quI��x6�U:���d
+5���w��S�i�����CC�Wt�����(w���p�<���[�l[f��7��Qo�e���Տ����P�*���\��3��%n�7q�c���TF�Vbg�b2�d��2T��97J]�t������o�d�#��ר5�a�!�����O
+�So��N�2/#��O���\s�K�l��r���X���Y��p��_���˄MM����%4��������o,z0^�'r`R���I/��~|�s��栽x�	�)(`���M稍]��
+�H���r�_�H�	/>
+$�3�m����
+J1��վ���q�"��Af�؃ViӢ���j��ĝ�� ��"=q1
+ř�'f*�_�p����B����w*���+"�)�����`D���^���u,u��:���0H���LX���'��e8���
+m��C�nuꬷ�獁Z�1Z����E�A�#X�@^qg��rJA�"�]ڑ��(��%s>��1fI|��$�+�Y�Ʈ�"�%�@�:�!Ș�0Z���
+-A,eBz��C�פ���c7b�Tp�g����s���Z��D,*WF��D
+z��b:U��ZZ
+��'D��ˋ����--�Lx�"��C�����8��r!�(bo
+��%�J����`�P��큵���e3\�`� ;��;]�NuW��mhč�nMب8�w*4�X�B��b�ժ�@7��f�#�:=U��B�h�u�j�9;���&�����;l� ��L[�
+�T��z
++d�'^�ISQAH�
+P���DF�,�X�Z�{�����p�g�&���O���ϭ���i�&����)��R�c�]x��
+�X|6Pm	�$��W0x�ڎwnPq=���M��y=×
+endobj
+844 0 obj<</Type/Page/Parent 689 0 R/Contents 845 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+845 0 obj<</Filter/FlateDecode/Length 1829      >>stream
+x�XMo�F��W|r��lWrrs����[)hoŊ\J��\fwiU��}3��(�APFdjw>߼y���	]�߄f�t3��>�ʮ�zz����݌?��i*O>,N.?���--J\���CA8~uE��lr��f�=�Z�\��*���*��__q��&�x��z��g��~��9YGO��9U��Z���
+��u���U��/O��&�j�Bլ�o}е��s e��x�~E��욽��^ZW�m�w�������A���+����A4u^��K��R�2ޚW]P�lMEU��!��O۹\#�OHM�����s��L+c��X��gT�����ԁ{��U�ЖT5v[V��`D�76W���TF�����qh@Y9�:��
+��S�oD4JY�8C��""h(�������9*�%�L��q��L�ǧ9'���M#���f��)`�#m>'ն��c}[gWN�5��j�v�`#dhS5ˊ�{��M�0Aե�\���GB�8V�=	ZK�3���ٮ6�J>�G�
+�-�s41�m�ZsH[�`f�`pkƌ�S���U�Z��Mp6����|�W.?�b���.u�/�3�B��x 0dRM����������`G%*,�5־t�������C����F2�Q��f]�'���Z�\L�a�j��q�R��8C��$��V�
+��-
+T��1�=>̑��5�}�59�K��g�����`mqj	���0t�OxZw����*~�cc���]�������Q�*��[6�y��۶��a����,�1�������ȍ�3�(^
+̎m�&�$�̰��lF��y�i�P�^�L�lI{�ѳ�V+�Ā�wl>��Q�N��~�xvE������^�A�<=�?&͛4*�@-}p
+��V�ޑǨJ|���{T8A��������g�*�i�}ŹB��v�c�.k
+�"��I�^F!�����+�s[����8*�(�V�zVv�#�;:��P��娵�yq�Jr,�E���ZnU~��f�'�W�����
+�awa�KvT׬F���E_�،��J�%"9�i����xa�>�� �r�r�
+������E�����D�Ǩ�63�����`,_�f%P��&hK���|�EG�QF�}y��
+endobj
+846 0 obj<</Type/Page/Parent 689 0 R/Contents 847 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 469 0 R>>endobj
+847 0 obj<</Filter/FlateDecode/Length 1838      >>stream
+x�W�r�6}�W웝��.��։��msi�����D�"l`
+Lqj�����^�)/btn[�l�2�i
+2	�̒*`�}
+^���f�-��P
+�^Q�
+��;��k�>�A�(�A����,��a��`Ym��?D�uB_CR�V�9rap�C���s���V�;dWR��6�(Q@�
+P�E�{������c+
+a{��KnuT	�C���\�*	���^Aӽ��(?Q<�7�Z��;V4iK�]�9P�|��>���˨�NՍ3pS��\�
+}�x�GEa1=���qj΀����ˣY����/�;m �<D��ŷ��}"L�Ž���^J�c5�$��0��
+����(�q@x�G�pТ��
+�0��j�sb����
+��Ja?��g=�I�Cy�<�h0td-�Ov D-��D+�X����
+)7�^̸P�l���1���D��������x�[n�c�#W둹s�w�Z9��*���7��e[�
+"
+1��auc���m0��Ԧy�%��
+�@�O{�qG`�C
+/tg��s��?!.@�V���m�u2�BX�/�?(Kؕ#P���0�dPi�V�>d������ؒ�壦b}�;�
+z�"ݼ:�J�҈e����ʬ��H!캶T[~	�L���`$G���1�Ŏ���M�W�~��w�s�`��d�5^p�<e��?�=��D�RN^`?d+h�]7E{M˅*U
+)Ҿ�����(�dP?V}���
+X�]x9rH`�02��1����d�,�4=Ã����|Ѿ��1^�˳)�˸�Ŵ�8{^�E�!ƦO�s<��S:Y����G�l1K�%�d1c[���:��%9�endstream
+endobj
+848 0 obj<</Type/Page/Parent 689 0 R/Contents 849 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 474 0 R>>endobj
+849 0 obj<</Filter/FlateDecode/Length 2021      >>stream
+x�X]sۺ}���N�2#Ѣ��t��&��Ա��ㇺӁHHBL�
+cZg�e�֕#���K�~u�ኜ�O�&��?..?/���F������ސۛ��i#�Z�J�`��&�K��_�q�z��
+���0m��*I��h5���d�L�&������ 3�\�A�k/�$�q��ʌު]�T
+lj��W�}������������;�:ׯ`N�zNGwW7�`��j@�=R}`X#���RV��A�I�7z
+���+��Rd{�eBk�G�}��MG�+6A�x���Wm��2����Cn*
+c�ֲ�R<�!�^o^U�Q��ؗ�;���F��X��
+%��!4��X�SZ�*�_��DG��I���
+�[{%�ĴH�	瑎�3�x��S�5\l�uU�+���[鬨}kU�����r!Kt�Q8��Cw���-@���zň.]=�
+H��Ԇ�KU��$�a
+�4��3�n��9��4�,�A�2	~� ���xtP�I-�(@.�?)���T,�]
+s�ߌ�!h,�/6�P�Y��h����:�k�ZnH�z�E�����a�@0��{��yR9�ڜ�A�c�Y�@�CQ�v����m�9z	���
+�`���$�$7$�ν���v�FM�@�̔� �����v��}��� ��P@��jc�U�=��y@z>Eoǐ�PM�3X䏾��wh��/��aK#�3����ΔR�P�.��e�
+�R6�5
+�'��L��xIGLC�fNܳê5�O0$饍;����!��2�1���*��"ȗ1v�pY;{�u>h���^
+��R��QH�W,�	ޓ8=|lXc=N��T�6��P`��@�Ԫ��Љ�
+�q�#-g���T�d0��N5m2�ш����ۛ�_�����i�#��P�n��1����Vt���䩄K���`�
+�R@�?G�}�T҆��"��)0#�(�v��}�z�x6~Q�iҾ��9z��䁷�@����AiT�S�)uz�A�7��?h�\�k�Z�b�,���CZ{���$���Ї`�U1�9䟏Q�ӄ>�%`��Xm��4b���y.�9�}��Gt�8�ݾB��"a���<���@�
+endobj
+850 0 obj<</Type/Page/Parent 689 0 R/Contents 851 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 491 0 R>>endobj
+851 0 obj<</Filter/FlateDecode/Length 1661      >>stream
+x�Wmo�6��_q@P�Ecɒ_Slҷ������>,�@K��V=Q����HQ�����1������N��E4�oD��3J��Q0��l���b����56:|T,F4^��i+:�c/;���x��$����KY��~<���G�`NŗQ0iW9]?�FY7.كh>�I�s���x�O��Q�+��6�5��.(����("t{v��E���J�����9Y؃�8B�"�:l�3D'�	LFvu،�wl�&|Үx�K��
+(K�	���Y�v���\#��Ŝ��Mƈ��`�)C;����S*ע��R��ESW�_^aEϖ���}`=��1U��D��J�mofе�Tg�
+��NK����e-j�KRk��ύh�t�pk�eM�>1ot!w�D
+end@�j�1��hZ5*O���*W�LS�_e��b�KeJ��)W�JT���yمch��Q
+5�[b,I�p]�pi���K�7���ZfҠ5�E�>��
+�����Oj�r^��mrқ������7�����}�'�v¶��k��n��*��IO)�C����M�W"���
+��T�[=2~�����Ät ��Wi�Jej
+endobj
+852 0 obj<</Type/Page/Parent 689 0 R/Contents 853 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+853 0 obj<</Filter/FlateDecode/Length 1203      >>stream
+x�Vmo�6��_q��CmY�{C�$m���>�m3�D���؏�s��Z����D����g���h:����,B�'��F�)��2�VX���ۛY���� ��N�����h�(
+��j�݂=���
+�����b(�ٔ�_iw���ǟOg��q��C�Қ~�c���Ȗ��Ty�f�BX�M��D����>Q�����z��*�T��3�iS����`���FRat!
+��B�V����8�Y&��F�iBKyIo~�*��_Nt&TN��A����v�yCۍDN�g/)K;]z�!��a0`�ux��dP��8fV
+�q0ċ�0���#ݪ�JJ��tN��֑r?���a���g��R���xh�Ҕ�"w��L'j��8	U �����F~�(��*��H������a�a"O�ߦ��P����>����tiY2tNT��U˴*G���T�ˁ+�2N!�2��Е!���{�(��<�X�.!���V:M5��������U
+�z�L�_=\->���_��v��`4���&���d�:����C�;�H�[�C��V��C��<(���-�U���m���)�)����ta�'$�Ck#�=�`�����Q��I�2�\�E�
+���|�o��k�Ҧ"�I>3R�qZ&�H��&.�)З�(l��]P���X�t�rݯ=�����D��]+�r�|�wə�x-��$b�(�Yr�0��G��UsCK_�l�4�4+M��
+�
+X�"D�՗�Kw>�V�2���6����?Q0�z�`�O��������f0	��ei�������%T���'�ɉ�_�ҭOX�;��\��(����ۺ=���~��tiY��h#�%�H(�Q=��׹ou<���gV�.�ki�a^��=?f�_�
+������`mC݆�f��h̆C�����!��q���|ɆL;/����������C=�U��j��b�^<�r���e�W����ΠW�������ӛ��E�D`$���od&�ϩ�fRa�?�}�k��S�h�
+����-ݗ�F�Q0����[�S�p�8���_��(�endstream
+endobj
+854 0 obj<</Type/Page/Parent 689 0 R/Contents 855 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+855 0 obj<</Filter/FlateDecode/Length 1633      >>stream
+x�Wko�6��_q�}���+~d@0��
+X�n50�0�m��H������\R�%�I��q ��}�sϽ��bDC��h>�Ɍ��b�i:��z1���V�/:}�
+�z8OF���$�ǵ8s:Inξ����ǳd��]�i8s�����k�h����Ŝ��?�e�[n�U��RMo6���|C�Ф͞V�*'3*
+�UZ�s�JGfM+Sn)7��I�>����Ok��KhiTn����Ő�ozk��f��RS��=/|@ȵ�}�u�K�1�w���~�c�*�s�,�<Ey�����mM�g>
+{u�R�+�S�Z��P~O*�`أ�;���`
+U�L�I�����2�8
+/
+N���p��\c��ېo�&��.ڸ�@��	�G,a ���	��'��
+������JB{�͂�I-V\�[�N:
+!�/�<��R+g�z�T�wr���<��W�8���{a�Y�K�7���1��G��������Mr�����*
+<F=��řPr�v��@���(˧��٨@?[E������YT���]G��d��a�,��ẅ��7��ҹ߂�����~㨃�-�41??��S��ȹ�=�К1��+�N/�"ǰ+1�h[�$��L��W�����m�%�9Lrl�܉�[���Ra��t��
+d�[�%FFY�rQ��&0ki��؍:��w���6S�N�������y���a/mr��u.�C���f��r
+��[f��褊���g��-�^tj�jxė�pG�t�"�g1k�V�S�V���V��R�8�$詐�[0j'o3�Y�ry��Y�ȃh��[H}
+͋�&˥ذ��Z���I���,�~4�&����Qr3�������}��nG�ޤU�S}g���7�ń��!���
+endobj
+856 0 obj<</Type/Page/Parent 689 0 R/Contents 857 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+857 0 obj<</Filter/FlateDecode/Length 1478      >>stream
+x�WKo�F��W�\��DI��=8I�
+7V�
++r)mL�2�K����fIZ�,yjN$��3�=f��$�~c��i�PZ�������F�L�(��y��<�d%�wD���M�3�?�G�K��y4o/M<�=�#�Q��=`Ϣq{���[)N�hz�B2������݈��)���1%H�<��2g�h����o����c���§a�VC'��*�V��s^���3�}P���휗�#���p2�J���t#��!�a�45������\�J�O���*�R:�b��W���)�9�:|7G�A��`<(�ˍ$n���s:�>e�lX�����.�)媐�
+M+��z
+��ؑG4'JI[���ғ6[*��wT�{�����ףˀ)�|�L��� {�}7�_����Z;y�+��]%�;d�>���]��&@y�S�S�s�ƲC��~�<I�@�5��bE�������L![���K��9yF�$�"���wR��=�??�s��z
+Ej�H8�87�jO�
+b�'������M��B¦2���Ȼ��1�l��S�!k���!�d&!B�`tZX�:��*(
+>���������_�
+�}}�/��tX6<n� �bm�LnJ��ov�eF����}�L�=ebРN�ݨtC��SQF��#����Z���I0w���-��b��P�x�(ʠ/igm��Kb�ؗ�UK*oƫ��^(ͶD�4dU6Gթ���<�E��tޚ��ZY���7��1u}�o��ZS�#\LQ�4x�`�ntm�tsqE��j���X�F	��$*���Gl���1�;7_���G�*��W`}m?W�j{e�`9Za7�z>�b<��
+�ӦFHb�ÞƼe��(�9�5����
+����S�]�m�qP��*�n�覨�k����v!p2��*tҝ1;�YSY%0
+�Tj�3���7o����L
+�4p�	���(�90&rm����>̾��f��:γ�q5EGč��1��:IH ���: ���&��W(�F��q��ck,�T���ps��ր�yK�8���|B�x�aR�^\���k>���[��%�*�g�#�����Q�Φ�/�xC�Ng~����_'�
+endobj
+858 0 obj<</Type/Page/Parent 689 0 R/Contents 859 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>/Annots 500 0 R>>endobj
+859 0 obj<</Filter/FlateDecode/Length 1501      >>stream
+x�V]o�6}ϯ��K��,��G�aH�d
+�|���
+�%ѶZ�tI*�_��w.%%���� vD����{.��4�oL���cʪ��`����/G��P��|��U4��y�TҜ�S2���F�	��?�hռ�gXZQ2�`B�xQ2�b�yƖ㱘�z;�) tv�x(&���E�D�1���Đ��b`-��Gi���0�
+t�'SZ��d'W������yBWe������Oam<j֞
+cu��`r,����):b�v/ޚeR�-eF��u
+��QB��ҕ�Ze��}58"�H���c� O��
+3�J��
+��q(���Bd�ږ�+���p$o�o
+G_j�|at��"��9�y���MeҚR�
+�D�$�.��J��]�8h�h��U)Zx�X����R�"�e����Ԥ��Ъ���ѽ�5P�Y�h�QtS�2�G[��������=*e����Q���g1e9#�2O�["��3$%$gq��>o��Y�<�z�5���m�w����Ü��m�(�?" F.����qΒ��g/�j�Ak�נ�*���wȦY+�X�~ޥ�)2[e���nＪ8���R���T��nKYh��a-���hG]%u-KA��F�ei����*��4@Sy���7i��wi����a{�3�s���ߧhq�����*Q �ڣC���u�A�L��K�Eޛ7�+_o{�\����"�;��6P���\���=
+A��j$ �V�������Ar��T�d-h��t�����?���r�>sr~}�Ѓ����q�����$�;8��^!>�~��Y�����o2S�cA�~�I��>��Ej��������0cM�̖>,�~A��kE��Re؅� $�𴲦B�"q.��`F�#6��w�
+;����y�k���� @>f�p�8���+�U�6�Y�N���������J�[?5���.��4��\��<^̒1�p�5��?�[Q��Tɍ�J}ĩ�H;�n%2����L��
+endobj
+860 0 obj<</Type/Page/Parent 689 0 R/Contents 861 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 503 0 R>>endobj
+861 0 obj<</Filter/FlateDecode/Length 1076      >>stream
+x�UQo�6~��8�)ڲ�	�I�)�4���:�D��(Q�x~�o�w��8.�61$�x��w���݋h���f#O)�{C1ė矇�{�d.F4MŐr��ĸ}3�d{:���9M�3<��_)���x<�Ã��7�>�hBq���9�rHqr�E$Ƃ.��o~e�#ˏ������F�y9��c>|R�Ӷ��T;��t$���zC:����ǉѪ�?�������	2���#��ٚRK��1}�Y<���㠣kmKJ��.<���A9[W����n����TXZ�|%	����n�.E�h>3�
+3��(Uo��pWl|n���\�jcد.S�*=�2҃Ӗ<�Y�ZЍ'i�
+��#%�.�:�*��]��>�H�uY)�Uk2?�*dޖ� �]}S��c�6��z��C����*��ˍB
+����4�+�dAe 4Hg"�#�Foh�<��Z�3�4R��ma�Li�H8C�����)�ZW��)�h+n�	$�������.�������u�&=�u*�����ܱ��h-f�5:tg��0�Ĉ�埁WGy�<9�VةRV��jؠ�P�B���k+�օ4���ܸ�=֣�@)���	��˪�Y ��Wy�j̇P��6
++
+nS<՝�K@�ឦ<rR�ӌcP����n4����m��=���8o�"�b'����f./����<��M�[Qz�O��m�\8�
+ϞG����io�Nf1�α�1��^Ľ_{�����endstream
+endobj
+862 0 obj<</Type/Page/Parent 689 0 R/Contents 863 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 510 0 R>>endobj
+863 0 obj<</Filter/FlateDecode/Length 1453      >>stream
+x�V]o�6}ϯ��KS��cٱ�<m떶@�n��`@_h��XK�FRV��w.)9��bC����qι��]�oF���K���ur�7�__��4���"M���E�NV�SI���n�i��b��o�e�aa�X%���r����b̥��Ƨ��|�|jn>{�,)�/�u����'>���bz���k���g�Z�&i���zU��+K�EBo><l>ЯR*��^T[AδV*�&S�7_/�i�.p����|����/��d�1c�f	���5Y+�6uܺ�٬ߚ�xct�e�JӨ�tM�&��I�mM]��'�{��:j�b���ꕩek-6�ge�zG�G�U��9yӇ=���.e��^ח8+Jgh_�]JSU�_�T���̓�3Ga�i]𽵢�1G�n���6#��6����C�B�����.c��
+	���1V���c���NYs}
+��* h<�f����B��1p�+�ǡև������~���n�����V�\'^~V(�3&q�h	���!�k��T[u�"Y����;}
+-7��.5��X�ZfPw!{es�Ɏh9g����v���u0t����x����0p4~�(��sk��Ⱦ�s\��nǍ��P�Ns��ϱ�;Zh�^5���bR�D����s�9�H���H�fi�#�0�0�����s=6C
+�a@.\<�X]�E��m ����~$�~RQ-�p��Us2��-���`y��
+t�pVVa�w�:�XvqF����Ԅ=�'�����kZBO��ch_��<��9�����<�趉��Ͽ�n��>�A٢��P*ӻ�r0�[do�@]�򱽅�O�p�3�B�����`:F5�:%u����И���K~�N ����ݺ�0Iop�]ES����!ʆ=/V�d�\G��)��cs��ſ	���endstream
+endobj
+864 0 obj<</Type/Page/Parent 689 0 R/Contents 865 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 513 0 R>>endobj
+865 0 obj<</Filter/FlateDecode/Length 655       >>stream
+x�T�n�@}�W�ɑ
+�f ~�s�塒۠�%R���®�,q�����έ���̙9g��0�/D!NQ����?E�gtѥ8js@�ǿ�ga��9�E�'��OOnf����a��6�i���,B������
+����#WKz�8�~�|���=*)5J	����'�d��xT=!�y�m�ۮC�8�U�x��zBɺ�W���f�hE���(x��� GUr
+�8n��}��zueJS�0�#SO��!H��F1QnoO}�&�Q).tGe%�
+;)�ZZ�����#�䮧 hŹo�_r��y3����T0
+�
+�ܘ����	�p�ᤉ&i�z��LTT�v��
+]K
+�z*���
+�k9�����3��XC����{���j[��}Oi�?�Fr��o�9n6LDz+�q6��T�cG
+pTR��JԲ����b
+m+���ؚ�_?O�f��bu�E�����k����$G왙�D�I�:�&jv��-
+�y$~f�u�ZɞV[o]�Ŝ��]_��,��븫�7�q���D����ۉwx���Z���2볯���i:횩��̵j{F���=�(.�j����\��w����|�S���1���aX��V��KH�h��t+���	^��n�%Y�giN_2z��&���}��lu�endstream
+endobj
+866 0 obj<</Count 16/First 867 0 R/Last 1019 0 R>>endobj
+867 0 obj<</Parent 866 0 R/Title(Table of Contents)/Dest[692 0 R/XYZ 0 756 0]/Next 868 0 R>>endobj
+868 0 obj<</Parent 866 0 R/Count -19/First 869 0 R/Last 887 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[700 0 R/XYZ 0 786 0]/Prev 867 0 R/Next 888 0 R>>endobj
+869 0 obj<</Parent 868 0 R/Title(1.1. Step 0: Read the man pages)/Dest[700 0 R/XYZ 0 762 0]/Next 870 0 R>>endobj
+870 0 obj<</Parent 868 0 R/Title(1.2. Step 1: Building the Binaries)/Dest[700 0 R/XYZ 0 625 0]/Prev 869 0 R/Next 871 0 R>>endobj
+871 0 obj<</Parent 868 0 R/Title(1.3. Step 2: The all important step)/Dest[700 0 R/XYZ 0 223 0]/Prev 870 0 R/Next 872 0 R>>endobj
+872 0 obj<</Parent 868 0 R/Title(1.4. Step 3: Create the smb configuration file.)/Dest[702 0 R/XYZ 0 786 0]/Prev 871 0 R/Next 873 0 R>>endobj
+873 0 obj<</Parent 868 0 R/Title(1.5. Step 4: Test your config file with testparm)/Dest[702 0 R/XYZ 0 438 0]/Prev 872 0 R/Next 874 0 R>>endobj
+874 0 obj<</Parent 868 0 R/Title(1.6. Step 5: Starting the smbd and nmbd)/Dest[702 0 R/XYZ 0 340 0]/Prev 873 0 R/Next 875 0 R>>endobj
+875 0 obj<</Parent 868 0 R/Title(1.6.1. Step 5a: Starting from inetd.conf)/Dest[702 0 R/XYZ 0 189 0]/Prev 874 0 R/Next 876 0 R>>endobj
+876 0 obj<</Parent 868 0 R/Title(1.6.2. Step 5b. Alternative: starting it as a daemon)/Dest[704 0 R/XYZ 0 366 0]/Prev 875 0 R/Next 877 0 R>>endobj
+877 0 obj<</Parent 868 0 R/Title(1.7. Step 6: Try listing the shares available on your server)/Dest[706 0 R/XYZ 0 786 0]/Prev 876 0 R/Next 878 0 R>>endobj
+878 0 obj<</Parent 868 0 R/Title(1.8. Step 7: Try connecting with the unix client)/Dest[706 0 R/XYZ 0 622 0]/Prev 877 0 R/Next 879 0 R>>endobj
+879 0 obj<</Parent 868 0 R/Title(1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client)/Dest[706 0 R/XYZ 0 458 0]/Prev 878 0 R/Next 880 0 R>>endobj
+880 0 obj<</Parent 868 0 R/Title(1.10. What If Things Don't Work?)/Dest[706 0 R/XYZ 0 251 0]/Prev 879 0 R/Next 881 0 R>>endobj
+881 0 obj<</Parent 868 0 R/Title(1.10.1. Diagnosing Problems)/Dest[708 0 R/XYZ 0 745 0]/Prev 880 0 R/Next 882 0 R>>endobj
+882 0 obj<</Parent 868 0 R/Title(1.10.2. Scope IDs)/Dest[708 0 R/XYZ 0 686 0]/Prev 881 0 R/Next 883 0 R>>endobj
+883 0 obj<</Parent 868 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[708 0 R/XYZ 0 601 0]/Prev 882 0 R/Next 884 0 R>>endobj
+884 0 obj<</Parent 868 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[708 0 R/XYZ 0 292 0]/Prev 883 0 R/Next 885 0 R>>endobj
+885 0 obj<</Parent 868 0 R/Title(1.10.5. Locking)/Dest[708 0 R/XYZ 0 181 0]/Prev 884 0 R/Next 886 0 R>>endobj
+886 0 obj<</Parent 868 0 R/Title(1.10.6. Mapping Usernames)/Dest[710 0 R/XYZ 0 388 0]/Prev 885 0 R/Next 887 0 R>>endobj
+887 0 obj<</Parent 868 0 R/Title(1.10.7. Other Character Sets)/Dest[710 0 R/XYZ 0 317 0]/Prev 886 0 R>>endobj
+888 0 obj<</Parent 866 0 R/Count -18/First 889 0 R/Last 906 0 R/Title(Chapter 2. Integrating MS Windows networks with Samba)/Dest[712 0 R/XYZ 0 786 0]/Prev 868 0 R/Next 907 0 R>>endobj
+889 0 obj<</Parent 888 0 R/Title(2.1. Agenda)/Dest[712 0 R/XYZ 0 738 0]/Next 890 0 R>>endobj
+890 0 obj<</Parent 888 0 R/Title(2.2. Name Resolution in a pure Unix/Linux world)/Dest[712 0 R/XYZ 0 495 0]/Prev 889 0 R/Next 891 0 R>>endobj
+891 0 obj<</Parent 888 0 R/Title(2.2.1. /etc/hosts)/Dest[712 0 R/XYZ 0 371 0]/Prev 890 0 R/Next 892 0 R>>endobj
+892 0 obj<</Parent 888 0 R/Title(2.2.2. /etc/resolv.conf)/Dest[714 0 R/XYZ 0 494 0]/Prev 891 0 R/Next 893 0 R>>endobj
+893 0 obj<</Parent 888 0 R/Title(2.2.3. /etc/host.conf)/Dest[714 0 R/XYZ 0 356 0]/Prev 892 0 R/Next 894 0 R>>endobj
+894 0 obj<</Parent 888 0 R/Title(2.2.4. /etc/nsswitch.conf)/Dest[714 0 R/XYZ 0 207 0]/Prev 893 0 R/Next 895 0 R>>endobj
+895 0 obj<</Parent 888 0 R/Title(2.3. Name resolution as used within MS Windows networking)/Dest[716 0 R/XYZ 0 389 0]/Prev 894 0 R/Next 896 0 R>>endobj
+896 0 obj<</Parent 888 0 R/Title(2.3.1. The NetBIOS Name Cache)/Dest[718 0 R/XYZ 0 337 0]/Prev 895 0 R/Next 897 0 R>>endobj
+897 0 obj<</Parent 888 0 R/Title(2.3.2. The LMHOSTS file)/Dest[720 0 R/XYZ 0 786 0]/Prev 896 0 R/Next 898 0 R>>endobj
+898 0 obj<</Parent 888 0 R/Title(2.3.3. HOSTS file)/Dest[722 0 R/XYZ 0 509 0]/Prev 897 0 R/Next 899 0 R>>endobj
+899 0 obj<</Parent 888 0 R/Title(2.3.4. DNS Lookup)/Dest[722 0 R/XYZ 0 411 0]/Prev 898 0 R/Next 900 0 R>>endobj
+900 0 obj<</Parent 888 0 R/Title(2.3.5. WINS Lookup)/Dest[722 0 R/XYZ 0 273 0]/Prev 899 0 R/Next 901 0 R>>endobj
+901 0 obj<</Parent 888 0 R/Title(2.4. How browsing functions and how to deploy stable and dependable browsing using Samba)/Dest[724 0 R/XYZ 0 720 0]/Prev 900 0 R/Next 902 0 R>>endobj
+902 0 obj<</Parent 888 0 R/Title(2.5. MS Windows security options and how to configure Samba for seemless integration)/Dest[724 0 R/XYZ 0 183 0]/Prev 901 0 R/Next 903 0 R>>endobj
+903 0 obj<</Parent 888 0 R/Title(2.5.1. Use MS Windows NT as an authentication server)/Dest[728 0 R/XYZ 0 786 0]/Prev 902 0 R/Next 904 0 R>>endobj
+904 0 obj<</Parent 888 0 R/Title(2.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[728 0 R/XYZ 0 534 0]/Prev 903 0 R/Next 905 0 R>>endobj
+905 0 obj<</Parent 888 0 R/Title(2.5.3. Configure Samba as an authentication server)/Dest[728 0 R/XYZ 0 179 0]/Prev 904 0 R/Next 906 0 R>>endobj
+906 0 obj<</Parent 888 0 R/Title(2.6. Conclusions)/Dest[730 0 R/XYZ 0 281 0]/Prev 905 0 R>>endobj
+907 0 obj<</Parent 866 0 R/Count -3/First 908 0 R/Last 910 0 R/Title(Chapter 3. Configuring PAM for distributed but centrally managed authentication)/Dest[732 0 R/XYZ 0 786 0]/Prev 888 0 R/Next 911 0 R>>endobj
+908 0 obj<</Parent 907 0 R/Title(3.1. Samba and PAM)/Dest[732 0 R/XYZ 0 738 0]/Next 909 0 R>>endobj
+909 0 obj<</Parent 907 0 R/Title(3.2. Distributed Authentication)/Dest[734 0 R/XYZ 0 193 0]/Prev 908 0 R/Next 910 0 R>>endobj
+910 0 obj<</Parent 907 0 R/Title(3.3. PAM Configuration in smb.conf)/Dest[736 0 R/XYZ 0 745 0]/Prev 909 0 R>>endobj
+911 0 obj<</Parent 866 0 R/Count -2/First 912 0 R/Last 913 0 R/Title(Chapter 4. Hosting a Microsoft Distributed File System tree on Samba)/Dest[738 0 R/XYZ 0 786 0]/Prev 907 0 R/Next 914 0 R>>endobj
+912 0 obj<</Parent 911 0 R/Title(4.1. Instructions)/Dest[738 0 R/XYZ 0 738 0]/Next 913 0 R>>endobj
+913 0 obj<</Parent 911 0 R/Title(4.1.1. Notes)/Dest[740 0 R/XYZ 0 705 0]/Prev 912 0 R>>endobj
+914 0 obj<</Parent 866 0 R/Count -9/First 915 0 R/Last 923 0 R/Title(Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[742 0 R/XYZ 0 786 0]/Prev 911 0 R/Next 924 0 R>>endobj
+915 0 obj<</Parent 914 0 R/Title(5.1. Viewing and changing UNIX permissions using the NT security dialogs)/Dest[742 0 R/XYZ 0 738 0]/Next 916 0 R>>endobj
+916 0 obj<</Parent 914 0 R/Title(5.2. How to view file security on a Samba share)/Dest[742 0 R/XYZ 0 557 0]/Prev 915 0 R/Next 917 0 R>>endobj
+917 0 obj<</Parent 914 0 R/Title(5.3. Viewing file ownership)/Dest[742 0 R/XYZ 0 393 0]/Prev 916 0 R/Next 918 0 R>>endobj
+918 0 obj<</Parent 914 0 R/Title(5.4. Viewing file or directory permissions)/Dest[744 0 R/XYZ 0 718 0]/Prev 917 0 R/Next 919 0 R>>endobj
+919 0 obj<</Parent 914 0 R/Title(5.4.1. File Permissions)/Dest[744 0 R/XYZ 0 488 0]/Prev 918 0 R/Next 920 0 R>>endobj
+920 0 obj<</Parent 914 0 R/Title(5.4.2. Directory Permissions)/Dest[744 0 R/XYZ 0 245 0]/Prev 919 0 R/Next 921 0 R>>endobj
+921 0 obj<</Parent 914 0 R/Title(5.5. Modifying file or directory permissions)/Dest[746 0 R/XYZ 0 745 0]/Prev 920 0 R/Next 922 0 R>>endobj
+922 0 obj<</Parent 914 0 R/Title(5.6. Interaction with the standard Samba create mask parameters)/Dest[746 0 R/XYZ 0 317 0]/Prev 921 0 R/Next 923 0 R>>endobj
+923 0 obj<</Parent 914 0 R/Title(5.7. Interaction with the standard Samba file attribute mapping)/Dest[750 0 R/XYZ 0 705 0]/Prev 922 0 R>>endobj
+924 0 obj<</Parent 866 0 R/Count -15/First 925 0 R/Last 939 0 R/Title(Chapter 6. Printing Support in Samba 2.2.x)/Dest[752 0 R/XYZ 0 786 0]/Prev 914 0 R/Next 940 0 R>>endobj
+925 0 obj<</Parent 924 0 R/Title(6.1. Introduction)/Dest[752 0 R/XYZ 0 762 0]/Next 926 0 R>>endobj
+926 0 obj<</Parent 924 0 R/Title(6.2. Configuration)/Dest[752 0 R/XYZ 0 334 0]/Prev 925 0 R/Next 927 0 R>>endobj
+927 0 obj<</Parent 924 0 R/Title(6.2.1. Creating [print$])/Dest[754 0 R/XYZ 0 771 0]/Prev 926 0 R/Next 928 0 R>>endobj
+928 0 obj<</Parent 924 0 R/Title(6.2.2. Setting Drivers for Existing Printers)/Dest[756 0 R/XYZ 0 543 0]/Prev 927 0 R/Next 929 0 R>>endobj
+929 0 obj<</Parent 924 0 R/Title(6.2.3. DeviceModes and New Printers)/Dest[758 0 R/XYZ 0 786 0]/Prev 928 0 R/Next 930 0 R>>endobj
+930 0 obj<</Parent 924 0 R/Title(6.2.4. Support a large number of printers)/Dest[758 0 R/XYZ 0 517 0]/Prev 929 0 R/Next 931 0 R>>endobj
+931 0 obj<</Parent 924 0 R/Title(6.2.5. Adding New Printers via the Windows NT APW)/Dest[760 0 R/XYZ 0 786 0]/Prev 930 0 R/Next 932 0 R>>endobj
+932 0 obj<</Parent 924 0 R/Title(6.2.6. Samba and Printer Ports)/Dest[760 0 R/XYZ 0 517 0]/Prev 931 0 R/Next 933 0 R>>endobj
+933 0 obj<</Parent 924 0 R/Title(6.3. The Imprints Toolset)/Dest[760 0 R/XYZ 0 339 0]/Prev 932 0 R/Next 934 0 R>>endobj
+934 0 obj<</Parent 924 0 R/Title(6.3.1. What is Imprints?)/Dest[760 0 R/XYZ 0 189 0]/Prev 933 0 R/Next 935 0 R>>endobj
+935 0 obj<</Parent 924 0 R/Title(6.3.2. Creating Printer Driver Packages)/Dest[762 0 R/XYZ 0 731 0]/Prev 934 0 R/Next 936 0 R>>endobj
+936 0 obj<</Parent 924 0 R/Title(6.3.3. The Imprints server)/Dest[762 0 R/XYZ 0 647 0]/Prev 935 0 R/Next 937 0 R>>endobj
+937 0 obj<</Parent 924 0 R/Title(6.3.4. The Installation Client)/Dest[762 0 R/XYZ 0 549 0]/Prev 936 0 R/Next 938 0 R>>endobj
+938 0 obj<</Parent 924 0 R/Title(6.4. Migration to from Samba 2.0.x to 2.2.x)/Dest[764 0 R/XYZ 0 665 0]/Prev 937 0 R/Next 939 0 R>>endobj
+939 0 obj<</Parent 924 0 R/Title(6.4.1. Parameters in smb.conf\(5\) for Backwards Compatibility)/Dest[764 0 R/XYZ 0 285 0]/Prev 938 0 R>>endobj
+940 0 obj<</Parent 866 0 R/Count -8/First 941 0 R/Last 948 0 R/Title(Chapter 7. Printing with CUPS in Samba 2.2.x)/Dest[766 0 R/XYZ 0 786 0]/Prev 924 0 R/Next 949 0 R>>endobj
+941 0 obj<</Parent 940 0 R/Title(7.1. Printing with CUPS in Samba 2.2.x)/Dest[766 0 R/XYZ 0 762 0]/Next 942 0 R>>endobj
+942 0 obj<</Parent 940 0 R/Title(7.2. Configuring smb.conf for CUPS)/Dest[766 0 R/XYZ 0 664 0]/Prev 941 0 R/Next 943 0 R>>endobj
+943 0 obj<</Parent 940 0 R/Title(7.3. Using CUPS as a mere spooling print server -- "raw" printing with vendor drivers download)/Dest[766 0 R/XYZ 0 321 0]/Prev 942 0 R/Next 944 0 R>>endobj
+944 0 obj<</Parent 940 0 R/Title(7.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients)/Dest[768 0 R/XYZ 0 786 0]/Prev 943 0 R/Next 945 0 R>>endobj
+945 0 obj<</Parent 940 0 R/Title(7.5. Windows Terminal Servers \(WTS\) as CUPS clients)/Dest[768 0 R/XYZ 0 236 0]/Prev 944 0 R/Next 946 0 R>>endobj
+946 0 obj<</Parent 940 0 R/Title(7.6. Setting up CUPS for driver download)/Dest[770 0 R/XYZ 0 692 0]/Prev 945 0 R/Next 947 0 R>>endobj
+947 0 obj<</Parent 940 0 R/Title(7.7. Sources of CUPS drivers / PPDs)/Dest[772 0 R/XYZ 0 786 0]/Prev 946 0 R/Next 948 0 R>>endobj
+948 0 obj<</Parent 940 0 R/Title(7.7.1. cupsaddsmb)/Dest[772 0 R/XYZ 0 266 0]/Prev 947 0 R>>endobj
+949 0 obj<</Parent 866 0 R/Count -3/First 950 0 R/Last 952 0 R/Title(Chapter 8. security = domain in Samba 2.x)/Dest[778 0 R/XYZ 0 786 0]/Prev 940 0 R/Next 953 0 R>>endobj
+950 0 obj<</Parent 949 0 R/Title(8.1. Joining an NT Domain with Samba 2.2)/Dest[778 0 R/XYZ 0 762 0]/Next 951 0 R>>endobj
+951 0 obj<</Parent 949 0 R/Title(8.2. Samba and Windows 2000 Domains)/Dest[780 0 R/XYZ 0 415 0]/Prev 950 0 R/Next 952 0 R>>endobj
+952 0 obj<</Parent 949 0 R/Title(8.3. Why is this better than security = server?)/Dest[780 0 R/XYZ 0 211 0]/Prev 951 0 R>>endobj
+953 0 obj<</Parent 866 0 R/Count -14/First 954 0 R/Last 967 0 R/Title(Chapter 9. How to Configure Samba 2.2 as a Primary Domain Controller)/Dest[784 0 R/XYZ 0 786 0]/Prev 949 0 R/Next 968 0 R>>endobj
+954 0 obj<</Parent 953 0 R/Title(9.1. Prerequisite Reading)/Dest[784 0 R/XYZ 0 738 0]/Next 955 0 R>>endobj
+955 0 obj<</Parent 953 0 R/Title(9.2. Background)/Dest[784 0 R/XYZ 0 640 0]/Prev 954 0 R/Next 956 0 R>>endobj
+956 0 obj<</Parent 953 0 R/Title(9.3. Configuring the Samba Domain Controller)/Dest[786 0 R/XYZ 0 771 0]/Prev 955 0 R/Next 957 0 R>>endobj
+957 0 obj<</Parent 953 0 R/Title(9.4. Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[788 0 R/XYZ 0 665 0]/Prev 956 0 R/Next 958 0 R>>endobj
+958 0 obj<</Parent 953 0 R/Title(9.4.1. Manual Creation of Machine Trust Accounts)/Dest[788 0 R/XYZ 0 303 0]/Prev 957 0 R/Next 959 0 R>>endobj
+959 0 obj<</Parent 953 0 R/Title(9.4.2. "On-the-Fly" Creation of Machine Trust Accounts)/Dest[790 0 R/XYZ 0 461 0]/Prev 958 0 R/Next 960 0 R>>endobj
+960 0 obj<</Parent 953 0 R/Title(9.4.3. Joining the Client to the Domain)/Dest[790 0 R/XYZ 0 249 0]/Prev 959 0 R/Next 961 0 R>>endobj
+961 0 obj<</Parent 953 0 R/Title(9.5. Common Problems and Errors)/Dest[792 0 R/XYZ 0 573 0]/Prev 960 0 R/Next 962 0 R>>endobj
+962 0 obj<</Parent 953 0 R/Title(9.6. System Policies and Profiles)/Dest[794 0 R/XYZ 0 324 0]/Prev 961 0 R/Next 963 0 R>>endobj
+963 0 obj<</Parent 953 0 R/Title(9.7. What other help can I get?)/Dest[796 0 R/XYZ 0 322 0]/Prev 962 0 R/Next 964 0 R>>endobj
+964 0 obj<</Parent 953 0 R/Title(9.8. Domain Control for Windows 9x/ME)/Dest[802 0 R/XYZ 0 692 0]/Prev 963 0 R/Next 965 0 R>>endobj
+965 0 obj<</Parent 953 0 R/Title(9.8.1. Configuration Instructions: Network Logons)/Dest[804 0 R/XYZ 0 705 0]/Prev 964 0 R/Next 966 0 R>>endobj
+966 0 obj<</Parent 953 0 R/Title(9.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[804 0 R/XYZ 0 271 0]/Prev 965 0 R/Next 967 0 R>>endobj
+967 0 obj<</Parent 953 0 R/Title(9.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[812 0 R/XYZ 0 260 0]/Prev 966 0 R>>endobj
+968 0 obj<</Parent 866 0 R/Count -8/First 969 0 R/Last 976 0 R/Title(Chapter 10. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain)/Dest[818 0 R/XYZ 0 786 0]/Prev 953 0 R/Next 977 0 R>>endobj
+969 0 obj<</Parent 968 0 R/Title(10.1. Prerequisite Reading)/Dest[818 0 R/XYZ 0 738 0]/Next 970 0 R>>endobj
+970 0 obj<</Parent 968 0 R/Title(10.2. Background)/Dest[818 0 R/XYZ 0 653 0]/Prev 969 0 R/Next 971 0 R>>endobj
+971 0 obj<</Parent 968 0 R/Title(10.3. What qualifies a Domain Controller on the network?)/Dest[818 0 R/XYZ 0 239 0]/Prev 970 0 R/Next 972 0 R>>endobj
+972 0 obj<</Parent 968 0 R/Title(10.3.1. How does a Workstation find its domain controller?)/Dest[820 0 R/XYZ 0 786 0]/Prev 971 0 R/Next 973 0 R>>endobj
+973 0 obj<</Parent 968 0 R/Title(10.3.2. When is the PDC needed?)/Dest[820 0 R/XYZ 0 662 0]/Prev 972 0 R/Next 974 0 R>>endobj
+974 0 obj<</Parent 968 0 R/Title(10.4. Can Samba be a Backup Domain Controller?)/Dest[820 0 R/XYZ 0 577 0]/Prev 973 0 R/Next 975 0 R>>endobj
+975 0 obj<</Parent 968 0 R/Title(10.5. How do I set up a Samba BDC?)/Dest[820 0 R/XYZ 0 439 0]/Prev 974 0 R/Next 976 0 R>>endobj
+976 0 obj<</Parent 968 0 R/Title(10.5.1. How do I replicate the smbpasswd file?)/Dest[822 0 R/XYZ 0 547 0]/Prev 975 0 R>>endobj
+977 0 obj<</Parent 866 0 R/Count -13/First 978 0 R/Last 990 0 R/Title(Chapter 11. Storing Samba's User/Machine Account information in an LDAP Directory)/Dest[824 0 R/XYZ 0 786 0]/Prev 968 0 R/Next 991 0 R>>endobj
+978 0 obj<</Parent 977 0 R/Title(11.1. Purpose)/Dest[824 0 R/XYZ 0 738 0]/Next 979 0 R>>endobj
+979 0 obj<</Parent 977 0 R/Title(11.2. Introduction)/Dest[824 0 R/XYZ 0 455 0]/Prev 978 0 R/Next 980 0 R>>endobj
+980 0 obj<</Parent 977 0 R/Title(11.3. Supported LDAP Servers)/Dest[826 0 R/XYZ 0 613 0]/Prev 979 0 R/Next 981 0 R>>endobj
+981 0 obj<</Parent 977 0 R/Title(11.4. Schema and Relationship to the RFC 2307 posixAccount)/Dest[826 0 R/XYZ 0 515 0]/Prev 980 0 R/Next 982 0 R>>endobj
+982 0 obj<</Parent 977 0 R/Title(11.5. Configuring Samba with LDAP)/Dest[828 0 R/XYZ 0 652 0]/Prev 981 0 R/Next 983 0 R>>endobj
+983 0 obj<</Parent 977 0 R/Title(11.5.1. OpenLDAP configuration)/Dest[828 0 R/XYZ 0 635 0]/Prev 982 0 R/Next 984 0 R>>endobj
+984 0 obj<</Parent 977 0 R/Title(11.5.2. Configuring Samba)/Dest[830 0 R/XYZ 0 725 0]/Prev 983 0 R/Next 985 0 R>>endobj
+985 0 obj<</Parent 977 0 R/Title(11.5.3. Importing smbpasswd entries)/Dest[832 0 R/XYZ 0 786 0]/Prev 984 0 R/Next 986 0 R>>endobj
+986 0 obj<</Parent 977 0 R/Title(11.6. Accounts and Groups management)/Dest[832 0 R/XYZ 0 596 0]/Prev 985 0 R/Next 987 0 R>>endobj
+987 0 obj<</Parent 977 0 R/Title(11.7. Security and sambaAccount)/Dest[832 0 R/XYZ 0 405 0]/Prev 986 0 R/Next 988 0 R>>endobj
+988 0 obj<</Parent 977 0 R/Title(11.8. LDAP specials attributes for sambaAccounts)/Dest[834 0 R/XYZ 0 685 0]/Prev 987 0 R/Next 989 0 R>>endobj
+989 0 obj<</Parent 977 0 R/Title(11.9. Example LDIF Entries for a sambaAccount)/Dest[836 0 R/XYZ 0 679 0]/Prev 988 0 R/Next 990 0 R>>endobj
+990 0 obj<</Parent 977 0 R/Title(11.10. Comments)/Dest[838 0 R/XYZ 0 786 0]/Prev 989 0 R>>endobj
+991 0 obj<</Parent 866 0 R/Count -16/First 992 0 R/Last 1007 0 R/Title(Chapter 12. Unified Logons between Windows NT and UNIX using Winbind)/Dest[840 0 R/XYZ 0 786 0]/Prev 977 0 R/Next 1008 0 R>>endobj
+992 0 obj<</Parent 991 0 R/Title(12.1. Abstract)/Dest[840 0 R/XYZ 0 738 0]/Next 993 0 R>>endobj
+993 0 obj<</Parent 991 0 R/Title(12.2. Introduction)/Dest[840 0 R/XYZ 0 601 0]/Prev 992 0 R/Next 994 0 R>>endobj
+994 0 obj<</Parent 991 0 R/Title(12.3. What Winbind Provides)/Dest[840 0 R/XYZ 0 291 0]/Prev 993 0 R/Next 995 0 R>>endobj
+995 0 obj<</Parent 991 0 R/Title(12.3.1. Target Uses)/Dest[842 0 R/XYZ 0 613 0]/Prev 994 0 R/Next 996 0 R>>endobj
+996 0 obj<</Parent 991 0 R/Title(12.4. How Winbind Works)/Dest[842 0 R/XYZ 0 462 0]/Prev 995 0 R/Next 997 0 R>>endobj
+997 0 obj<</Parent 991 0 R/Title(12.4.1. Microsoft Remote Procedure Calls)/Dest[842 0 R/XYZ 0 351 0]/Prev 996 0 R/Next 998 0 R>>endobj
+998 0 obj<</Parent 991 0 R/Title(12.4.2. Name Service Switch)/Dest[844 0 R/XYZ 0 786 0]/Prev 997 0 R/Next 999 0 R>>endobj
+999 0 obj<</Parent 991 0 R/Title(12.4.3. Pluggable Authentication Modules)/Dest[844 0 R/XYZ 0 345 0]/Prev 998 0 R/Next 1000 0 R>>endobj
+1000 0 obj<</Parent 991 0 R/Title(12.4.4. User and Group ID Allocation)/Dest[846 0 R/XYZ 0 718 0]/Prev 999 0 R/Next 1001 0 R>>endobj
+1001 0 obj<</Parent 991 0 R/Title(12.4.5. Result Caching)/Dest[846 0 R/XYZ 0 541 0]/Prev 1000 0 R/Next 1002 0 R>>endobj
+1002 0 obj<</Parent 991 0 R/Title(12.5. Installation and Configuration)/Dest[846 0 R/XYZ 0 403 0]/Prev 1001 0 R/Next 1003 0 R>>endobj
+1003 0 obj<</Parent 991 0 R/Title(12.5.1. Introduction)/Dest[846 0 R/XYZ 0 319 0]/Prev 1002 0 R/Next 1004 0 R>>endobj
+1004 0 obj<</Parent 991 0 R/Title(12.5.2. Requirements)/Dest[848 0 R/XYZ 0 692 0]/Prev 1003 0 R/Next 1005 0 R>>endobj
+1005 0 obj<</Parent 991 0 R/Title(12.5.3. Testing Things Out)/Dest[848 0 R/XYZ 0 422 0]/Prev 1004 0 R/Next 1006 0 R>>endobj
+1006 0 obj<</Parent 991 0 R/Title(12.6. Limitations)/Dest[856 0 R/XYZ 0 399 0]/Prev 1005 0 R/Next 1007 0 R>>endobj
+1007 0 obj<</Parent 991 0 R/Title(12.7. Conclusion)/Dest[856 0 R/XYZ 0 248 0]/Prev 1006 0 R>>endobj
+1008 0 obj<</Parent 866 0 R/Count -5/First 1009 0 R/Last 1013 0 R/Title(Chapter 13. OS2 Client HOWTO)/Dest[858 0 R/XYZ 0 786 0]/Prev 991 0 R/Next 1014 0 R>>endobj
+1009 0 obj<</Parent 1008 0 R/Title(13.1. FAQs)/Dest[858 0 R/XYZ 0 762 0]/Next 1010 0 R>>endobj
+1010 0 obj<</Parent 1008 0 R/Title(13.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[858 0 R/XYZ 0 732 0]/Prev 1009 0 R/Next 1011 0 R>>endobj
+1011 0 obj<</Parent 1008 0 R/Title(13.1.2. How can I configure OS/2 Warp 3 \(not Connect\), OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[858 0 R/XYZ 0 380 0]/Prev 1010 0 R/Next 1012 0 R>>endobj
+1012 0 obj<</Parent 1008 0 R/Title(13.1.3. Are there any other issues when OS/2 \(any version\) is used as a client?)/Dest[860 0 R/XYZ 0 786 0]/Prev 1011 0 R/Next 1013 0 R>>endobj
+1013 0 obj<</Parent 1008 0 R/Title(13.1.4. How do I get printer driver download working for OS/2 clients?)/Dest[860 0 R/XYZ 0 671 0]/Prev 1012 0 R>>endobj
+1014 0 obj<</Parent 866 0 R/Count -4/First 1015 0 R/Last 1018 0 R/Title(Chapter 14. HOWTO Access Samba source code via CVS)/Dest[862 0 R/XYZ 0 786 0]/Prev 1008 0 R/Next 1019 0 R>>endobj
+1015 0 obj<</Parent 1014 0 R/Title(14.1. Introduction)/Dest[862 0 R/XYZ 0 738 0]/Next 1016 0 R>>endobj
+1016 0 obj<</Parent 1014 0 R/Title(14.2. CVS Access to samba.org)/Dest[862 0 R/XYZ 0 614 0]/Prev 1015 0 R/Next 1017 0 R>>endobj
+1017 0 obj<</Parent 1014 0 R/Title(14.2.1. Access via CVSweb)/Dest[862 0 R/XYZ 0 529 0]/Prev 1016 0 R/Next 1018 0 R>>endobj
+1018 0 obj<</Parent 1014 0 R/Title(14.2.2. Access via cvs)/Dest[862 0 R/XYZ 0 418 0]/Prev 1017 0 R>>endobj
+1019 0 obj<</Parent 866 0 R/Title(Index)/Dest[864 0 R/XYZ 0 586 0]/Prev 1014 0 R>>endobj
+1020 0 obj<</Type/Catalog/Pages 689 0 R/PageLayout/SinglePage/Outlines 866 0 R/OpenAction[690 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>5<</S/D/St 1/P()>>11<</S/D/St 7/P()>>21<</S/D/St 17/P()>>24<</S/D/St 20/P()>>26<</S/D/St 22/P()>>31<</S/D/St 27/P()>>38<</S/D/St 34/P()>>44<</S/D/St 40/P()>>47<</S/D/St 43/P()>>64<</S/D/St 60/P()>>67<</S/D/St 63/P()>>75<</S/D/St 71/P()>>84<</S/D/St 80/P()>>86<</S/D/St 82/P()>>]>>>>endobj
+xref
+0 1021 
+0000000000 65535 f 
+0000000015 00000 n 
+0000000248 00000 n 
+0000001814 00000 n 
+0000001888 00000 n 
+0000001967 00000 n 
+0000002049 00000 n 
+0000002135 00000 n 
+0000002213 00000 n 
+0000002290 00000 n 
+0000002369 00000 n 
+0000002446 00000 n 
+0000002528 00000 n 
+0000002587 00000 n 
+0000002639 00000 n 
+0000002724 00000 n 
+0000002777 00000 n 
+0000002861 00000 n 
+0000002927 00000 n 
+0000003011 00000 n 
+0000003048 00000 n 
+0000003149 00000 n 
+0000003251 00000 n 
+0000003353 00000 n 
+0000003455 00000 n 
+0000003557 00000 n 
+0000003659 00000 n 
+0000003761 00000 n 
+0000003863 00000 n 
+0000003965 00000 n 
+0000004067 00000 n 
+0000004169 00000 n 
+0000004271 00000 n 
+0000004373 00000 n 
+0000004475 00000 n 
+0000004577 00000 n 
+0000004679 00000 n 
+0000004781 00000 n 
+0000004883 00000 n 
+0000004985 00000 n 
+0000005087 00000 n 
+0000005188 00000 n 
+0000005290 00000 n 
+0000005392 00000 n 
+0000005494 00000 n 
+0000005596 00000 n 
+0000005698 00000 n 
+0000005800 00000 n 
+0000005902 00000 n 
+0000006004 00000 n 
+0000006106 00000 n 
+0000006208 00000 n 
+0000006310 00000 n 
+0000006412 00000 n 
+0000006514 00000 n 
+0000006616 00000 n 
+0000006718 00000 n 
+0000006820 00000 n 
+0000006922 00000 n 
+0000007024 00000 n 
+0000007125 00000 n 
+0000007227 00000 n 
+0000007329 00000 n 
+0000007431 00000 n 
+0000007748 00000 n 
+0000007849 00000 n 
+0000007951 00000 n 
+0000008053 00000 n 
+0000008154 00000 n 
+0000008256 00000 n 
+0000008358 00000 n 
+0000008460 00000 n 
+0000008562 00000 n 
+0000008664 00000 n 
+0000008766 00000 n 
+0000008868 00000 n 
+0000008970 00000 n 
+0000009072 00000 n 
+0000009173 00000 n 
+0000009275 00000 n 
+0000009377 00000 n 
+0000009479 00000 n 
+0000009581 00000 n 
+0000009683 00000 n 
+0000009785 00000 n 
+0000009887 00000 n 
+0000009989 00000 n 
+0000010091 00000 n 
+0000010193 00000 n 
+0000010295 00000 n 
+0000010397 00000 n 
+0000010499 00000 n 
+0000010601 00000 n 
+0000010703 00000 n 
+0000010804 00000 n 
+0000010906 00000 n 
+0000011008 00000 n 
+0000011110 00000 n 
+0000011212 00000 n 
+0000011314 00000 n 
+0000011416 00000 n 
+0000011519 00000 n 
+0000011622 00000 n 
+0000011725 00000 n 
+0000011827 00000 n 
+0000011930 00000 n 
+0000012032 00000 n 
+0000012133 00000 n 
+0000012458 00000 n 
+0000012560 00000 n 
+0000012663 00000 n 
+0000012766 00000 n 
+0000012869 00000 n 
+0000012972 00000 n 
+0000013075 00000 n 
+0000013178 00000 n 
+0000013281 00000 n 
+0000013384 00000 n 
+0000013487 00000 n 
+0000013590 00000 n 
+0000013693 00000 n 
+0000013796 00000 n 
+0000013899 00000 n 
+0000014002 00000 n 
+0000014104 00000 n 
+0000014207 00000 n 
+0000014310 00000 n 
+0000014413 00000 n 
+0000014516 00000 n 
+0000014619 00000 n 
+0000014722 00000 n 
+0000014825 00000 n 
+0000014928 00000 n 
+0000015030 00000 n 
+0000015133 00000 n 
+0000015236 00000 n 
+0000015339 00000 n 
+0000015442 00000 n 
+0000015545 00000 n 
+0000015648 00000 n 
+0000015751 00000 n 
+0000015854 00000 n 
+0000015957 00000 n 
+0000016060 00000 n 
+0000016163 00000 n 
+0000016266 00000 n 
+0000016369 00000 n 
+0000016471 00000 n 
+0000016574 00000 n 
+0000016677 00000 n 
+0000016780 00000 n 
+0000016882 00000 n 
+0000016983 00000 n 
+0000017084 00000 n 
+0000017461 00000 n 
+0000017563 00000 n 
+0000017666 00000 n 
+0000017769 00000 n 
+0000017872 00000 n 
+0000017975 00000 n 
+0000018078 00000 n 
+0000018181 00000 n 
+0000018284 00000 n 
+0000018387 00000 n 
+0000018490 00000 n 
+0000018593 00000 n 
+0000018695 00000 n 
+0000018798 00000 n 
+0000018901 00000 n 
+0000019004 00000 n 
+0000019107 00000 n 
+0000019210 00000 n 
+0000019312 00000 n 
+0000019415 00000 n 
+0000019518 00000 n 
+0000019621 00000 n 
+0000019724 00000 n 
+0000019825 00000 n 
+0000020026 00000 n 
+0000020079 00000 n 
+0000020166 00000 n 
+0000020191 00000 n 
+0000020239 00000 n 
+0000020326 00000 n 
+0000020373 00000 n 
+0000020459 00000 n 
+0000020506 00000 n 
+0000020592 00000 n 
+0000020633 00000 n 
+0000020678 00000 n 
+0000020765 00000 n 
+0000020810 00000 n 
+0000020896 00000 n 
+0000020929 00000 n 
+0000020984 00000 n 
+0000021069 00000 n 
+0000021094 00000 n 
+0000021147 00000 n 
+0000021234 00000 n 
+0000021284 00000 n 
+0000021371 00000 n 
+0000021404 00000 n 
+0000021523 00000 n 
+0000021609 00000 n 
+0000021652 00000 n 
+0000021739 00000 n 
+0000021782 00000 n 
+0000021869 00000 n 
+0000021910 00000 n 
+0000021956 00000 n 
+0000022043 00000 n 
+0000022068 00000 n 
+0000022114 00000 n 
+0000022199 00000 n 
+0000022245 00000 n 
+0000022328 00000 n 
+0000022361 00000 n 
+0000022405 00000 n 
+0000022492 00000 n 
+0000022543 00000 n 
+0000022630 00000 n 
+0000022679 00000 n 
+0000022766 00000 n 
+0000022814 00000 n 
+0000022900 00000 n 
+0000022949 00000 n 
+0000023012 00000 n 
+0000023099 00000 n 
+0000023157 00000 n 
+0000023244 00000 n 
+0000023338 00000 n 
+0000023424 00000 n 
+0000023525 00000 n 
+0000023574 00000 n 
+0000023617 00000 n 
+0000023703 00000 n 
+0000023751 00000 n 
+0000023838 00000 n 
+0000023879 00000 n 
+0000023966 00000 n 
+0000024010 00000 n 
+0000024097 00000 n 
+0000024146 00000 n 
+0000024192 00000 n 
+0000024279 00000 n 
+0000024304 00000 n 
+0000024352 00000 n 
+0000024439 00000 n 
+0000024488 00000 n 
+0000024575 00000 n 
+0000024608 00000 n 
+0000024662 00000 n 
+0000024749 00000 n 
+0000024800 00000 n 
+0000024887 00000 n 
+0000024938 00000 n 
+0000025024 00000 n 
+0000025078 00000 n 
+0000025165 00000 n 
+0000025215 00000 n 
+0000025302 00000 n 
+0000025352 00000 n 
+0000025438 00000 n 
+0000025502 00000 n 
+0000025589 00000 n 
+0000025662 00000 n 
+0000025726 00000 n 
+0000025813 00000 n 
+0000025838 00000 n 
+0000025890 00000 n 
+0000025975 00000 n 
+0000026000 00000 n 
+0000026064 00000 n 
+0000026151 00000 n 
+0000026217 00000 n 
+0000026304 00000 n 
+0000026362 00000 n 
+0000026449 00000 n 
+0000026543 00000 n 
+0000026630 00000 n 
+0000026694 00000 n 
+0000026781 00000 n 
+0000026842 00000 n 
+0000026929 00000 n 
+0000026994 00000 n 
+0000027043 00000 n 
+0000027130 00000 n 
+0000027178 00000 n 
+0000027265 00000 n 
+0000027307 00000 n 
+0000027393 00000 n 
+0000027434 00000 n 
+0000027477 00000 n 
+0000027564 00000 n 
+0000027614 00000 n 
+0000027701 00000 n 
+0000027749 00000 n 
+0000027836 00000 n 
+0000027890 00000 n 
+0000027975 00000 n 
+0000028024 00000 n 
+0000028069 00000 n 
+0000028156 00000 n 
+0000028213 00000 n 
+0000028300 00000 n 
+0000028396 00000 n 
+0000028482 00000 n 
+0000028523 00000 n 
+0000028571 00000 n 
+0000028658 00000 n 
+0000028706 00000 n 
+0000028793 00000 n 
+0000028843 00000 n 
+0000028930 00000 n 
+0000028978 00000 n 
+0000029065 00000 n 
+0000029114 00000 n 
+0000029162 00000 n 
+0000029249 00000 n 
+0000029297 00000 n 
+0000029382 00000 n 
+0000029427 00000 n 
+0000029513 00000 n 
+0000029556 00000 n 
+0000029642 00000 n 
+0000029683 00000 n 
+0000029769 00000 n 
+0000029818 00000 n 
+0000029904 00000 n 
+0000029950 00000 n 
+0000030036 00000 n 
+0000030081 00000 n 
+0000030167 00000 n 
+0000030219 00000 n 
+0000030305 00000 n 
+0000030355 00000 n 
+0000030441 00000 n 
+0000030487 00000 n 
+0000030573 00000 n 
+0000030616 00000 n 
+0000030702 00000 n 
+0000030746 00000 n 
+0000030832 00000 n 
+0000030875 00000 n 
+0000030961 00000 n 
+0000031006 00000 n 
+0000031092 00000 n 
+0000031130 00000 n 
+0000031216 00000 n 
+0000031258 00000 n 
+0000031344 00000 n 
+0000031387 00000 n 
+0000031473 00000 n 
+0000031511 00000 n 
+0000031597 00000 n 
+0000031639 00000 n 
+0000031725 00000 n 
+0000031769 00000 n 
+0000031855 00000 n 
+0000031902 00000 n 
+0000031988 00000 n 
+0000032036 00000 n 
+0000032121 00000 n 
+0000032322 00000 n 
+0000032372 00000 n 
+0000032459 00000 n 
+0000032509 00000 n 
+0000032595 00000 n 
+0000032628 00000 n 
+0000032677 00000 n 
+0000032763 00000 n 
+0000032810 00000 n 
+0000032897 00000 n 
+0000032930 00000 n 
+0000033045 00000 n 
+0000033132 00000 n 
+0000033157 00000 n 
+0000033239 00000 n 
+0000033326 00000 n 
+0000033411 00000 n 
+0000033498 00000 n 
+0000033531 00000 n 
+0000033586 00000 n 
+0000033673 00000 n 
+0000033729 00000 n 
+0000033816 00000 n 
+0000033849 00000 n 
+0000033897 00000 n 
+0000033984 00000 n 
+0000034058 00000 n 
+0000034145 00000 n 
+0000034213 00000 n 
+0000034300 00000 n 
+0000034354 00000 n 
+0000034441 00000 n 
+0000034509 00000 n 
+0000034596 00000 n 
+0000034670 00000 n 
+0000034757 00000 n 
+0000034805 00000 n 
+0000034892 00000 n 
+0000034949 00000 n 
+0000035036 00000 n 
+0000035117 00000 n 
+0000035172 00000 n 
+0000035259 00000 n 
+0000035340 00000 n 
+0000035427 00000 n 
+0000035460 00000 n 
+0000035513 00000 n 
+0000035600 00000 n 
+0000035625 00000 n 
+0000035674 00000 n 
+0000035761 00000 n 
+0000035786 00000 n 
+0000035840 00000 n 
+0000035926 00000 n 
+0000035951 00000 n 
+0000036007 00000 n 
+0000036094 00000 n 
+0000036163 00000 n 
+0000036250 00000 n 
+0000036301 00000 n 
+0000036388 00000 n 
+0000036475 00000 n 
+0000036562 00000 n 
+0000036618 00000 n 
+0000036705 00000 n 
+0000036755 00000 n 
+0000036842 00000 n 
+0000036907 00000 n 
+0000036959 00000 n 
+0000037046 00000 n 
+0000037102 00000 n 
+0000037189 00000 n 
+0000037237 00000 n 
+0000037324 00000 n 
+0000037372 00000 n 
+0000037459 00000 n 
+0000037508 00000 n 
+0000037549 00000 n 
+0000037636 00000 n 
+0000037680 00000 n 
+0000037767 00000 n 
+0000037812 00000 n 
+0000037899 00000 n 
+0000037943 00000 n 
+0000038030 00000 n 
+0000038074 00000 n 
+0000038161 00000 n 
+0000038203 00000 n 
+0000038290 00000 n 
+0000038338 00000 n 
+0000038425 00000 n 
+0000038498 00000 n 
+0000038553 00000 n 
+0000038640 00000 n 
+0000038696 00000 n 
+0000038783 00000 n 
+0000038831 00000 n 
+0000038917 00000 n 
+0000038958 00000 n 
+0000039011 00000 n 
+0000039097 00000 n 
+0000039122 00000 n 
+0000039176 00000 n 
+0000039263 00000 n 
+0000039288 00000 n 
+0000039350 00000 n 
+0000039437 00000 n 
+0000039462 00000 n 
+0000039511 00000 n 
+0000039598 00000 n 
+0000039647 00000 n 
+0000039733 00000 n 
+0000039766 00000 n 
+0000039814 00000 n 
+0000039901 00000 n 
+0000039951 00000 n 
+0000040038 00000 n 
+0000040082 00000 n 
+0000040169 00000 n 
+0000040213 00000 n 
+0000040300 00000 n 
+0000040350 00000 n 
+0000040437 00000 n 
+0000040487 00000 n 
+0000040574 00000 n 
+0000040623 00000 n 
+0000040710 00000 n 
+0000040757 00000 n 
+0000040844 00000 n 
+0000040925 00000 n 
+0000041004 00000 n 
+0000041091 00000 n 
+0000041173 00000 n 
+0000041259 00000 n 
+0000041334 00000 n 
+0000041421 00000 n 
+0000041494 00000 n 
+0000041581 00000 n 
+0000041630 00000 n 
+0000041708 00000 n 
+0000041795 00000 n 
+0000041820 00000 n 
+0000041883 00000 n 
+0000041970 00000 n 
+0000042033 00000 n 
+0000042120 00000 n 
+0000042174 00000 n 
+0000042261 00000 n 
+0000042302 00000 n 
+0000042344 00000 n 
+0000042431 00000 n 
+0000042456 00000 n 
+0000042490 00000 n 
+0000042524 00000 n 
+0000045308 00000 n 
+0000045351 00000 n 
+0000045394 00000 n 
+0000045437 00000 n 
+0000045480 00000 n 
+0000045523 00000 n 
+0000045566 00000 n 
+0000045609 00000 n 
+0000045652 00000 n 
+0000045695 00000 n 
+0000045738 00000 n 
+0000045781 00000 n 
+0000045824 00000 n 
+0000045867 00000 n 
+0000045910 00000 n 
+0000045953 00000 n 
+0000045996 00000 n 
+0000046039 00000 n 
+0000046082 00000 n 
+0000046125 00000 n 
+0000046168 00000 n 
+0000046211 00000 n 
+0000046254 00000 n 
+0000046297 00000 n 
+0000046340 00000 n 
+0000046383 00000 n 
+0000046426 00000 n 
+0000046469 00000 n 
+0000046512 00000 n 
+0000046555 00000 n 
+0000046598 00000 n 
+0000046641 00000 n 
+0000046684 00000 n 
+0000046727 00000 n 
+0000046770 00000 n 
+0000046813 00000 n 
+0000046856 00000 n 
+0000046899 00000 n 
+0000046942 00000 n 
+0000046985 00000 n 
+0000047028 00000 n 
+0000047071 00000 n 
+0000047114 00000 n 
+0000047157 00000 n 
+0000047200 00000 n 
+0000047243 00000 n 
+0000047286 00000 n 
+0000047329 00000 n 
+0000047372 00000 n 
+0000047415 00000 n 
+0000047458 00000 n 
+0000047501 00000 n 
+0000047544 00000 n 
+0000047587 00000 n 
+0000047630 00000 n 
+0000047673 00000 n 
+0000047716 00000 n 
+0000047759 00000 n 
+0000047802 00000 n 
+0000047845 00000 n 
+0000047888 00000 n 
+0000047931 00000 n 
+0000047974 00000 n 
+0000048017 00000 n 
+0000048060 00000 n 
+0000048103 00000 n 
+0000048146 00000 n 
+0000048189 00000 n 
+0000048232 00000 n 
+0000048275 00000 n 
+0000048318 00000 n 
+0000048361 00000 n 
+0000048404 00000 n 
+0000048447 00000 n 
+0000048490 00000 n 
+0000048533 00000 n 
+0000048576 00000 n 
+0000048619 00000 n 
+0000048662 00000 n 
+0000048705 00000 n 
+0000048748 00000 n 
+0000048791 00000 n 
+0000048834 00000 n 
+0000048877 00000 n 
+0000048920 00000 n 
+0000048963 00000 n 
+0000049006 00000 n 
+0000049049 00000 n 
+0000049092 00000 n 
+0000049135 00000 n 
+0000049178 00000 n 
+0000049221 00000 n 
+0000049264 00000 n 
+0000049307 00000 n 
+0000049350 00000 n 
+0000049393 00000 n 
+0000049436 00000 n 
+0000049479 00000 n 
+0000049522 00000 n 
+0000049565 00000 n 
+0000049608 00000 n 
+0000049651 00000 n 
+0000049694 00000 n 
+0000049737 00000 n 
+0000049780 00000 n 
+0000049823 00000 n 
+0000049866 00000 n 
+0000049909 00000 n 
+0000049952 00000 n 
+0000049995 00000 n 
+0000050038 00000 n 
+0000050081 00000 n 
+0000050124 00000 n 
+0000050167 00000 n 
+0000050210 00000 n 
+0000050253 00000 n 
+0000050296 00000 n 
+0000050339 00000 n 
+0000050382 00000 n 
+0000050425 00000 n 
+0000050468 00000 n 
+0000050511 00000 n 
+0000050554 00000 n 
+0000050597 00000 n 
+0000050640 00000 n 
+0000050683 00000 n 
+0000050726 00000 n 
+0000050769 00000 n 
+0000050812 00000 n 
+0000050855 00000 n 
+0000050898 00000 n 
+0000050941 00000 n 
+0000050984 00000 n 
+0000051027 00000 n 
+0000051070 00000 n 
+0000051113 00000 n 
+0000051156 00000 n 
+0000051199 00000 n 
+0000051242 00000 n 
+0000051285 00000 n 
+0000051328 00000 n 
+0000051371 00000 n 
+0000051414 00000 n 
+0000051457 00000 n 
+0000051500 00000 n 
+0000051543 00000 n 
+0000051586 00000 n 
+0000051629 00000 n 
+0000051672 00000 n 
+0000051715 00000 n 
+0000051758 00000 n 
+0000051801 00000 n 
+0000051844 00000 n 
+0000051887 00000 n 
+0000051930 00000 n 
+0000051973 00000 n 
+0000052016 00000 n 
+0000052059 00000 n 
+0000052102 00000 n 
+0000052145 00000 n 
+0000052188 00000 n 
+0000052231 00000 n 
+0000052274 00000 n 
+0000052317 00000 n 
+0000052360 00000 n 
+0000052403 00000 n 
+0000052446 00000 n 
+0000052489 00000 n 
+0000052532 00000 n 
+0000052575 00000 n 
+0000052618 00000 n 
+0000052661 00000 n 
+0000052704 00000 n 
+0000053455 00000 n 
+0000053645 00000 n 
+0000054311 00000 n 
+0000054501 00000 n 
+0000059140 00000 n 
+0000059331 00000 n 
+0000064157 00000 n 
+0000064348 00000 n 
+0000069103 00000 n 
+0000069294 00000 n 
+0000071874 00000 n 
+0000072083 00000 n 
+0000073218 00000 n 
+0000073403 00000 n 
+0000075010 00000 n 
+0000075204 00000 n 
+0000076641 00000 n 
+0000076853 00000 n 
+0000078295 00000 n 
+0000078471 00000 n 
+0000079964 00000 n 
+0000080131 00000 n 
+0000081789 00000 n 
+0000081984 00000 n 
+0000083377 00000 n 
+0000083572 00000 n 
+0000085315 00000 n 
+0000085500 00000 n 
+0000087279 00000 n 
+0000087455 00000 n 
+0000089545 00000 n 
+0000089721 00000 n 
+0000091539 00000 n 
+0000091715 00000 n 
+0000093462 00000 n 
+0000093647 00000 n 
+0000095594 00000 n 
+0000095803 00000 n 
+0000097823 00000 n 
+0000098033 00000 n 
+0000099608 00000 n 
+0000099794 00000 n 
+0000101171 00000 n 
+0000101356 00000 n 
+0000102936 00000 n 
+0000103136 00000 n 
+0000104844 00000 n 
+0000105044 00000 n 
+0000105924 00000 n 
+0000106133 00000 n 
+0000107655 00000 n 
+0000107832 00000 n 
+0000108590 00000 n 
+0000108808 00000 n 
+0000110584 00000 n 
+0000110787 00000 n 
+0000112655 00000 n 
+0000112864 00000 n 
+0000114627 00000 n 
+0000114826 00000 n 
+0000116203 00000 n 
+0000116388 00000 n 
+0000117262 00000 n 
+0000117490 00000 n 
+0000119391 00000 n 
+0000119600 00000 n 
+0000121541 00000 n 
+0000121769 00000 n 
+0000123814 00000 n 
+0000124024 00000 n 
+0000125694 00000 n 
+0000125913 00000 n 
+0000127953 00000 n 
+0000128157 00000 n 
+0000129859 00000 n 
+0000130087 00000 n 
+0000131899 00000 n 
+0000132117 00000 n 
+0000133959 00000 n 
+0000134172 00000 n 
+0000136391 00000 n 
+0000136576 00000 n 
+0000137981 00000 n 
+0000138218 00000 n 
+0000140628 00000 n 
+0000140821 00000 n 
+0000142918 00000 n 
+0000143075 00000 n 
+0000143340 00000 n 
+0000143567 00000 n 
+0000145058 00000 n 
+0000145267 00000 n 
+0000147056 00000 n 
+0000147246 00000 n 
+0000148582 00000 n 
+0000148801 00000 n 
+0000150557 00000 n 
+0000150767 00000 n 
+0000152309 00000 n 
+0000152528 00000 n 
+0000154434 00000 n 
+0000154671 00000 n 
+0000156536 00000 n 
+0000156740 00000 n 
+0000158557 00000 n 
+0000158785 00000 n 
+0000160831 00000 n 
+0000161050 00000 n 
+0000162967 00000 n 
+0000163167 00000 n 
+0000165149 00000 n 
+0000165349 00000 n 
+0000167600 00000 n 
+0000167800 00000 n 
+0000169972 00000 n 
+0000170176 00000 n 
+0000172240 00000 n 
+0000172425 00000 n 
+0000174090 00000 n 
+0000174247 00000 n 
+0000176206 00000 n 
+0000176391 00000 n 
+0000178521 00000 n 
+0000178715 00000 n 
+0000180776 00000 n 
+0000180942 00000 n 
+0000182782 00000 n 
+0000182939 00000 n 
+0000183402 00000 n 
+0000183593 00000 n 
+0000185246 00000 n 
+0000185465 00000 n 
+0000187469 00000 n 
+0000187697 00000 n 
+0000189043 00000 n 
+0000189262 00000 n 
+0000191342 00000 n 
+0000191552 00000 n 
+0000193597 00000 n 
+0000193782 00000 n 
+0000195274 00000 n 
+0000195484 00000 n 
+0000196891 00000 n 
+0000197119 00000 n 
+0000199012 00000 n 
+0000199213 00000 n 
+0000200991 00000 n 
+0000201185 00000 n 
+0000202441 00000 n 
+0000202623 00000 n 
+0000202983 00000 n 
+0000203169 00000 n 
+0000204857 00000 n 
+0000205033 00000 n 
+0000206762 00000 n 
+0000206947 00000 n 
+0000208850 00000 n 
+0000209060 00000 n 
+0000210972 00000 n 
+0000211209 00000 n 
+0000213304 00000 n 
+0000213522 00000 n 
+0000215257 00000 n 
+0000215460 00000 n 
+0000216737 00000 n 
+0000216922 00000 n 
+0000218629 00000 n 
+0000218824 00000 n 
+0000220376 00000 n 
+0000220577 00000 n 
+0000222152 00000 n 
+0000222343 00000 n 
+0000223493 00000 n 
+0000223693 00000 n 
+0000225220 00000 n 
+0000225429 00000 n 
+0000226158 00000 n 
+0000226215 00000 n 
+0000226314 00000 n 
+0000226486 00000 n 
+0000226599 00000 n 
+0000226728 00000 n 
+0000226858 00000 n 
+0000227000 00000 n 
+0000227143 00000 n 
+0000227277 00000 n 
+0000227412 00000 n 
+0000227559 00000 n 
+0000227714 00000 n 
+0000227857 00000 n 
+0000228038 00000 n 
+0000228165 00000 n 
+0000228287 00000 n 
+0000228399 00000 n 
+0000228529 00000 n 
+0000228665 00000 n 
+0000228775 00000 n 
+0000228895 00000 n 
+0000229005 00000 n 
+0000229190 00000 n 
+0000229283 00000 n 
+0000229425 00000 n 
+0000229537 00000 n 
+0000229655 00000 n 
+0000229771 00000 n 
+0000229891 00000 n 
+0000230043 00000 n 
+0000230167 00000 n 
+0000230285 00000 n 
+0000230397 00000 n 
+0000230509 00000 n 
+0000230622 00000 n 
+0000230805 00000 n 
+0000230984 00000 n 
+0000231131 00000 n 
+0000231288 00000 n 
+0000231433 00000 n 
+0000231531 00000 n 
+0000231741 00000 n 
+0000231841 00000 n 
+0000231967 00000 n 
+0000232083 00000 n 
+0000232282 00000 n 
+0000232381 00000 n 
+0000232475 00000 n 
+0000232673 00000 n 
+0000232827 00000 n 
+0000232969 00000 n 
+0000233091 00000 n 
+0000233228 00000 n 
+0000233346 00000 n 
+0000233469 00000 n 
+0000233608 00000 n 
+0000233766 00000 n 
+0000233911 00000 n 
+0000234085 00000 n 
+0000234184 00000 n 
+0000234297 00000 n 
+0000234416 00000 n 
+0000234555 00000 n 
+0000234685 00000 n 
+0000234821 00000 n 
+0000234965 00000 n 
+0000235090 00000 n 
+0000235210 00000 n 
+0000235329 00000 n 
+0000235463 00000 n 
+0000235584 00000 n 
+0000235709 00000 n 
+0000235847 00000 n 
+0000235991 00000 n 
+0000236166 00000 n 
+0000236286 00000 n 
+0000236415 00000 n 
+0000236604 00000 n 
+0000236832 00000 n 
+0000236980 00000 n 
+0000237115 00000 n 
+0000237245 00000 n 
+0000237344 00000 n 
+0000237516 00000 n 
+0000237638 00000 n 
+0000237768 00000 n 
+0000237897 00000 n 
+0000238097 00000 n 
+0000238204 00000 n 
+0000238314 00000 n 
+0000238453 00000 n 
+0000238618 00000 n 
+0000238761 00000 n 
+0000238910 00000 n 
+0000239044 00000 n 
+0000239170 00000 n 
+0000239298 00000 n 
+0000239424 00000 n 
+0000239556 00000 n 
+0000239700 00000 n 
+0000239862 00000 n 
+0000240003 00000 n 
+0000240222 00000 n 
+0000240330 00000 n 
+0000240441 00000 n 
+0000240592 00000 n 
+0000240745 00000 n 
+0000240871 00000 n 
+0000241012 00000 n 
+0000241141 00000 n 
+0000241269 00000 n 
+0000241482 00000 n 
+0000241577 00000 n 
+0000241690 00000 n 
+0000241813 00000 n 
+0000241966 00000 n 
+0000242094 00000 n 
+0000242219 00000 n 
+0000242339 00000 n 
+0000242469 00000 n 
+0000242600 00000 n 
+0000242726 00000 n 
+0000242869 00000 n 
+0000243009 00000 n 
+0000243106 00000 n 
+0000243308 00000 n 
+0000243404 00000 n 
+0000243517 00000 n 
+0000243639 00000 n 
+0000243753 00000 n 
+0000243871 00000 n 
+0000244006 00000 n 
+0000244128 00000 n 
+0000244264 00000 n 
+0000244397 00000 n 
+0000244517 00000 n 
+0000244651 00000 n 
+0000244769 00000 n 
+0000244887 00000 n 
+0000245011 00000 n 
+0000245126 00000 n 
+0000245226 00000 n 
+0000245389 00000 n 
+0000245484 00000 n 
+0000245666 00000 n 
+0000245853 00000 n 
+0000246033 00000 n 
+0000246188 00000 n 
+0000246374 00000 n 
+0000246477 00000 n 
+0000246605 00000 n 
+0000246729 00000 n 
+0000246836 00000 n 
+0000246925 00000 n 
+trailer
+<</Size 1021/Root 1020 0 R/Info 1 0 R/ID[<a1f72d1f02ec5c904fa524f9b1183212><a1f72d1f02ec5c904fa524f9b1183212>]>>
+startxref
+247391
+%%EOF
diff --git a/docs/THANKS b/docs/THANKS
new file mode 100755
index 00000000000..789042f78e1
--- /dev/null
+++ b/docs/THANKS
@@ -0,0 +1,137 @@
+=====================================================================
+This file is for thanks to individuals or organisations who have
+helped with the development of Samba, other than by coding or bug
+reports. Their contributions are gratefully acknowledged.
+
+Please refer to the manual pages and change-log for a list of those
+who have contributed in the form of patches, bug fixes or other 
+direct changes to the package.
+
+Contributions of any kind are welcomed. If you want to help then
+please contact Andrew.Tridgell@anu.edu.au, or via normal mail at 
+
+	Andrew Tridgell
+	3 Ballow Crescent
+	Macgregor, A.C.T
+	2615 Australia
+=====================================================================
+
+
+Lee Fisher (leefi@microsoft.com)
+Charles Fox (cfox@microsoft.com)
+Dan Perry (danp@exchnge.microsoft.com)
+Paul Leach (paulle@microsoft.com)
+Isaac Heizer (isaache@microsoft.com)
+
+    These Microsoft people have been very helpful and supportive of
+    the development of Samba over some years.
+
+    Lee very kindly supplied me with a copy of the X/Open SMB
+    specs. These have been invaluable in getting the details of the
+    implementation right. They will become even more important as we move
+    towards a Lanman 2.1 compliant server. Lee has provided very
+    useful advice on several aspects of the server.
+    Lee has also provided me with copies of Windows NTAS 3.1, Visual C
+    and a developers CD-ROM. Being able to run NT at home is a
+    great help.
+
+    Charles has helped out in numerous ways with the provision of SMB
+    specifications and helpful advice. He has been following the
+    discussion of Samba on the mailing list and has stepped in
+    regularly to clarify points and to offer help.
+    
+    Dan has put me in touch with NT developers to help sort out bugs and
+    compatability issues. He has also supplied me with a copy of the
+    NT browsing spec, which will help a lot in the development of the
+    Samba browser code.
+
+    Paul was responsible for Microsoft paying my flight to Seattle for the
+    first CIFS conference (see http://samba.org/cifs) and has been
+    generally helpful and cooperative as the SMB community moves towards
+    an Internet-ready specification. Isaac has regularly provided help on
+    the behaviour of NT networks.
+
+Bruce Perens (bruce@pixar.com)
+
+    In appreciation of his effort on Samba we have sent Andrew copies of
+    various Pixar computer-graphics software products. Pixar is best known
+    for its "Renderman" product, the 3-D renderer used by ILM to make special
+    effects for "Terminator II" and "Jurassic Park". We won the first Oscar
+    given to a computer graphic animated feature for our short film "Tin Toy".
+    Our retail products "Typestry" and "Showplace", incorporate the same
+    renderer used on the films, and are available on Windows and the
+    Macintosh.
+
+
+
+Henry Lee (hyl@microplex.co)
+
+    Henry sent me a M202 ethernet print server, making my little lan
+    one of the few home networks to have it's own print server!
+
+  ``Microplex Systems Ltd. is a manufacturer of local and wide area
+    network communications equipment based in beautiful Vancouver, British
+    Columbia, Canada.  Microplex's first products were synchronous wide
+    area network devices used in the mainframe communication networks.  In
+    August 1991 Microplex introduced its first LAN product, the M200 print
+    server, the first high performance print server under US$1,000.''
+
+
+Tom Haapanen (tomh@metrics.com)
+
+    Tom sent me two 16 bit SMC ethernet cards to replace my ancient 8
+    bit ones. The performance is much better!
+
+    Software Metrics Inc. is a small custom software development and
+    consulting firm located in Waterloo, Ontario, Canada.  We work
+    with a variety of environments (such as Windows, Windows NT and
+    Unix), tools and application areas, and can provide assistance for
+    development work ranging from a few days to to multiple man-year
+    projects.  You can find more information at http://www.metrics.com/.
+    
+
+Steve Kennedy (steve@gbnet.net)
+
+	Steve sent me 16Mb of ram so that I could install/test
+	NT3.5. I previous had only 8Mb ram in my test machine, which
+	wasn't enough to install a properly functioning copy of
+	NTAS. Being able to directly test NT3.5 allowed me to solve
+	several long standing NT<->Samba problems. Thanks Steve!
+
+John Terpstra (jht@aquasoft.com.au)
+
+        Aquasoft are a specialist consulting company whose Samba-using
+        customers span the world.
+
+        Aquasoft have been avid supporters of the Samba project. As a
+        token of appreciation Aquasoft have donated a 486DX2/66 PC with
+        a 540MB EIDE drive and 20MB RAM.
+
+        John has helped to isolate quite a few little glitches over time
+        and has managed to implement some very interesting installations
+        of Samba.
+
+        The donation of the new PC will make it possible to more fully
+        diagnose and observe the behaviour of Samba in conjuction with
+        other SMB protocol utilising systems.
+
+
+Timothy F. Sipples (tsipple@vnet.IBM.COM)
+Steve Withers (swithers@vnet.IBM.COM)
+
+	Tim and Steve from IBM organised a copy of the OS/2 developers
+	connection CD set for me, and gave lots of help in getting
+	OS/2 Warp installed. I hope this will allow me to finally fix
+	up those annoying OS/2 related Samba bugs that I have been
+	receiving reports of.
+
+Keith Wilkins (wilki1k@nectech.co.uk)
+
+	Keith from NEC in England very generously supplied a PC to
+	Luke Leighton to help with his nmbd development work. At the
+	same time Keith offered to help me with some new hardware, and
+	he sent me a pentium motherboard with 32MB of ram
+	onboard. This was very helpful as it allowed me to upgrade
+	my aging server to be a very powerful system. Thanks!
+
+
diff --git a/docs/announce b/docs/announce
new file mode 100755
index 00000000000..f5716556ba0
--- /dev/null
+++ b/docs/announce
@@ -0,0 +1,150 @@
+		Announcing Samba version 2.2
+		============================
+
+What is Samba?
+--------------
+
+Samba is a SMB file server that runs on Unix and other operating
+systems.  It allows these operating systems (currently Unix, Netware,
+OS/2 and AmigaDOS) to act as a file and print server for SMB and CIFS
+clients. There are many Lan-Manager compatible clients such as
+LanManager for DOS, Windows for Workgroups, Windows NT, Windows 95,
+Linux smbfs, OS/2, Pathworks and more.
+
+The package also includes a SMB client for accessing other SMB servers,
+and an advanced netbios/WINS nameserver for browsing support.
+
+
+What can it do for me?
+----------------------
+
+If you have any PCs running SMB clients, such as a PC running Windows
+for Workgroups, then you can mount file space or printers on a Samba
+host, so that directories, files and printers on the host are
+available on the PC.
+
+If you have any SMB servers such as Windows NT Server, Warp Server or
+Pathworks you may be able to replace them by or supplement them with
+Samba. One of Samba's big strengths is integration, so you can use it
+to tie together your Unix (or VMS etc) hosts and PC clients. If you
+are tired of the insecurity, expense and instability of PCNFS then Samba 
+may be for you.
+
+The client part of the package will also allow you to attach to other
+SMB-based servers (such as windows NT and windows for workgroups) so
+that you can copy files to and from your unix host. The client also
+allows you to access a SMB printer (such as one attached to an OS/2 or
+WfWg server) from Unix, using an entry in /etc/printcap, or by
+explicitly specifying the command used to print files.
+
+
+What are its features?
+------------------------
+
+Samba supports many features that are not supported in other SMB
+implementations (all of which are commercial). These include host as
+well as username/password security, a client, automatic home directory
+exporting, automatic printer exporting, dead connection timeouts,
+umask support, guest connections, name mangling and hidden and system
+attribute mapping. Look at the FAQs included with the package for
+a full list of features.
+
+
+What's new since 2.0?
+---------------------
+
+Lots of stuff. See the change log and man pages for details.
+In particular, please check the WHATSNEW.txt file in the root directory
+of each release. This file has current change/update information.
+
+
+Where can I get a client for my PC?
+-----------------------------------
+
+There is a free client for MS-DOS based PCs available from
+ftp.microsoft.com in the directory bussys/Clients/MSCLIENT/. Please
+read the licencing information before downloading. The add-on 32-bit
+TCP/IP Windows for Workgroups client is also very good. Windows 95/98/ME,
+Windows NT/2000 and OS/2 come with suitable clients by default.
+
+
+What network protocols are supported?
+-------------------------------------
+
+Currently only TCP/IP is supported. There has been some discussion
+about ports to other protocols but nothing is yet available.
+
+There is a free TCP/IP implementation for Windows for Workgroups
+available from ftp.microsoft.com (it's small, fast and quite reliable). 
+
+
+How much does it cost?
+----------------------
+
+Samba software is free software. It is available under the
+GNU Public licence in source code form at no cost. Please read the
+file COPYING that comes with the package for more information.
+
+
+What operating systems does it support?
+---------------------------------------
+
+The code has been written to be as portable as possible. It has been
+"ported" to many unixes, which mostly required changing only a few
+lines of code. It has been run (to my knowledge) on at least these
+unixes:
+
+Linux, SunOS, Solaris, SVR4, Ultrix, OSF1, AIX, BSDI, NetBSD,
+Sequent, HP-UX, SGI, FreeBSD, NeXT, ISC, A/UX, SCO, Intergraph,
+Silicon Graphics Inc., Domain/OS and DGUX.
+
+Some of these have received more testing than others. If it doesn't
+work with your unix then it should be easy to fix. It has also been ported
+to Netware, OS/2 and the Amiga. A VMS port is available too. See the web site
+for more details.
+
+
+Who wrote it?
+-------------
+
+Many people on the internet have contributed to the development of
+Samba. The maintainer and original author is Andrew Tridgell, but
+large parts of the package were contributed by several people from all
+over the world. Please look at the file `change-log' for information
+on who did what bits.
+
+
+Where can I get it?
+-------------------
+
+The package is available via anonymous ftp from samba.org in
+the directory pub/samba/. 
+
+
+What about SMBServer?
+---------------------
+
+Samba used to be known as SMBServer, until it was pointed out that
+Syntax, who make a commercial Unix SMB based server, have trademarked
+that name. The name was then changed to Samba. Also, in 1992 a very
+early incarnation of Samba was distributed as nbserver.
+
+If you see any copies of nbserver or smbserver on ftp sites please let
+me or the ftp archive maintainer know, as I want to get them deleted.
+
+
+Where can I get more info?
+---------------------------
+
+Please join the mailing list if you want to discuss the development or
+use of Samba. To join the mailing list, please read the instructions
+at http://lists.samba.org/
+
+There is also often quite a bit of discussion about Samba on the
+newsgroup comp.protocols.smb.
+
+A WWW site with lots of Samba info can be found at 
+http://samba.org/samba/
+
+The Samba Team (Contact: samba@samba.org)
+March 2001
diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in
new file mode 100755
index 00000000000..7e5bca566de
--- /dev/null
+++ b/docs/docbook/Makefile.in
@@ -0,0 +1,383 @@
+#################################################################
+# Makefile.in for Samba Documentation
+# Authors:	James Moore <jmoore@php.net>
+#               Gerald Carter <jerry@samba.org>
+#
+# Please see http://www.samba.org/samba/cvs.html
+# for information on getting the latest  
+# source and documentation source files.  
+#
+
+# Autoconf Variables
+SRCDIR = @srcdir@
+JADE = @JADE@
+NSGMLS = @NSGMLS@
+SGMLSPL=@SGMLSPL@
+HTMLDOC=@HTMLDOC@
+PERL=@PERL@
+#CATALOG = @CATALOG@
+MANDIR=../manpages
+HTMLDIR=../htmldocs
+
+#Stylesheets and Dependicies
+SGML_SHARE=@SGML_SHARE@
+#SGML_CATALOG_FILES=$(SGML_CATALOG_FILES):./dbsgml/catalog
+HTML_STYLESHEET = $(srcdir)/stylesheets/html.dsl
+HTML_DEPS = $(srcdir)/stylesheets/html-common.dsl $(srcdir)/stylesheets/common.dsl
+
+MANPAGES=$(MANDIR)/findsmb.1 $(MANDIR)/smbclient.1 \
+	$(MANDIR)/smbspool.8 $(MANDIR)/lmhosts.5 \
+	$(MANDIR)/smbcontrol.1  $(MANDIR)/smbstatus.1 \
+	$(MANDIR)/make_smbcodepage.1  $(MANDIR)/smbd.8 \
+	$(MANDIR)/smbtar.1 $(MANDIR)/nmbd.8 $(MANDIR)/smbmnt.8 \
+	$(MANDIR)/smbumount.8 $(MANDIR)/nmblookup.1 \
+	$(MANDIR)/smbmount.8 $(MANDIR)/swat.8 $(MANDIR)/rpcclient.1	 \
+	$(MANDIR)/smbpasswd.5 $(MANDIR)/testparm.1 $(MANDIR)/samba.7 \
+	$(MANDIR)/smbpasswd.8 $(MANDIR)/testprns.1 \
+	$(MANDIR)/smb.conf.5 $(MANDIR)/wbinfo.1 $(MANDIR)/pdbedit.8 \
+	$(MANDIR)/smbcacls.1 $(MANDIR)/smbsh.1 $(MANDIR)/winbindd.8 \
+	$(MANDIR)/make_unicodemap.1
+
+SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \
+	manpages/smbspool.8.sgml manpages/lmhosts.5.sgml \
+	manpages/smbcontrol.1.sgml manpages/smbstatus.1.sgml \
+	manpages/make_smbcodepage.1.sgml  manpages/smbd.8.sgml \
+	manpages/smbtar.1.sgml manpages/nmbd.8.sgml manpages/smbmnt.8.sgml \
+	manpages/smbumount.8.sgml manpages/nmblookup.1.sgml \
+	manpages/smbmount.8.sgml manpages/swat.8.sgml \
+	manpages/rpcclient.1.sgml manpages/smbpasswd.5.sgml \
+	manpages/testparm.1.sgml manpages/samba.7.sgml \
+	manpages/smbpasswd.8.sgml manpages/testprns.1.sgml \
+	manpages/smb.conf.5.sgml manpages/pdbedit.8.sgml \
+	manpages/wbinfo.1.sgml manpages/smbcacls.1.sgml \
+	manpages/smbsh.1.sgml manpages/winbindd.8.sgml \
+	manpages/make_unicodemap.1.sgml
+
+HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \
+	projdoc/msdfs_setup.sgml projdoc/printer_driver2.sgml \
+	projdoc/UNIX_INSTALL.sgml projdoc/winbind.sgml projdoc/OS2-Client-HOWTO.sgml \
+	projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \
+	projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \
+	projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \
+	projdoc/Samba-BDC-HOWTO.sgml projdoc/cups.sgml
+
+
+
+######################################################################
+# Make instructions
+######################################################################
+all: 
+	@echo "Possible options to the Makefile include:"
+	@echo "   all-docs  - Force a rebuild of all documentation"
+	@echo "   HOWTO     - Build all individual HOWTOs in html format"
+	@echo "   proj-doc  - Build the Samba-HOWTO-Collection.[pdf|html] file"
+	@echo "   man       - Rebuild html and nroff versions of man pages as necessary"
+	@echo "   syntax    - Check the SGML/DocBook syntax of all source files"
+
+all-docs: HOWTO proj-doc man-all man-html-all
+
+syntax: $(SGMLMANSRC) projdoc/samba-doc.sgml
+	@echo Checking syntax of all SGML/DocBook source files...
+	@(for i in $?; do \
+	   echo "$$i..."; \
+	   $(NSGMLS) -sv $$i 2>&1 | grep -v "DTDDECL catalog entries are not supported" ; \
+	done)
+	
+
+
+man: $(MANPAGES)
+
+HOWTO: $(HOWTOSRC)
+	@echo Building HOWTO pages...
+	@(for i in $?; do \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
+	   echo "Making $$htmlfile"; \
+	   cat $$i | $(PERL) scripts/make-article.pl > /tmp/`echo $$i | sed 's,.*/,,'`; \
+	   $(JADE) -t sgml -V nochunks -d  $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \
+	      -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'` > ../htmldocs/$$htmlfile; \
+	   cat /tmp/jade.log | grep -v DTDDECL; \
+	   /bin/rm -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'`; \
+	done)
+
+
+## I'm using htmldoc here to produc the PDF output.  If you want
+## Postscript output, you can run 
+##
+##           sgmltools -b ps projdoc/samba-doc.sgml
+##
+proj-doc: 
+	echo Building Samba-HOWTO-Collections...
+	@$(PERL) scripts/collateindex.pl -N -o projdoc/index.sgml
+	@$(JADE) -t sgml -V html-index -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl projdoc/samba-doc.sgml
+	@$(PERL) scripts/collateindex.pl -o projdoc/index.sgml HTML.index
+	@/bin/rm HTML.index *.htm
+	@$(JADE) -t sgml -i html -V nochunks -d stylesheets/ldp.dsl\#html projdoc/samba-doc.sgml > samba-doc.html
+	@(cd scripts; ./ldp_print ../samba-doc.html)
+	@mv -f samba-doc.pdf ../Samba-HOWTO-Collection.pdf
+	@/bin/mv -f samba-doc.html ../htmldocs/Samba-HOWTO-Collection.html
+
+proj-doc-ps:
+	sgmltools -b ps projdoc/samba-doc.sgml
+	mv projdoc/samba-doc.ps .
+
+
+## generate all HTML man pages
+man-html-all: $(SGMLMANSRC)
+	@echo Building HTML formatted man pages...
+	@(for i in $?; do \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
+	   echo "Making $$htmlfile"; \
+	   $(JADE) -t sgml -i html -V nochunks -d  ./stylesheets/ldp.dsl\#html -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \
+	   cat /tmp/jade.log | grep -v DTDDECL; \
+	   /bin/rm -f /tmp/jade.log; \
+	done)
+
+## generate all man pages
+man-all: $(SGMLMANSRC)
+	@echo Building man pages...
+	@(for i in $?; do \
+		manfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml//g"`; \
+		echo "Making $$manfile"; \
+		$(NSGMLS) -f /tmp/docbook2x.log $$i | $(SGMLSPL) \
+	           $(SGML_SHARE)/docbook2X/docbook2man-spec.pl; \
+		cat /tmp/docbook2x.log | grep -v DTDDECL; \
+		/bin/rm -f /tmp/docbook2x.log; \
+		cat $$manfile | $(PERL) scripts/strip-links.pl > $(MANDIR)/$$manfile; \
+		/bin/rm -f $$manfile; \
+	  done)
+
+
+
+
+##
+## these rules are for building individual files
+##
+$(MANDIR)/findsmb.1:  manpages/findsmb.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbclient.1: manpages/smbclient.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbspool.8: manpages/smbspool.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/lmhosts.5: manpages/lmhosts.5.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbcontrol.1: manpages/smbcontrol.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbstatus.1: manpages/smbstatus.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/make_smbcodepage.1: manpages/make_smbcodepage.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/make_unicodemap.1: manpages/make_unicodemap.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbd.8: manpages/smbd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbtar.1: manpages/smbtar.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/nmbd.8: manpages/nmbd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbmnt.8: manpages/smbmnt.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbumount.8: manpages/smbumount.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/nmblookup.1: manpages/nmblookup.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbmount.8: manpages/smbmount.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/swat.8: manpages/swat.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/rpcclient.1: manpages/rpcclient.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbpasswd.5: manpages/smbpasswd.5.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/testparm.1: manpages/testparm.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/samba.7: manpages/samba.7.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbpasswd.8: manpages/smbpasswd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/testprns.1: manpages/testprns.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smb.conf.5: manpages/smb.conf.5.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/wbinfo.1: manpages/wbinfo.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbcacls.1: manpages/smbcacls.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbsh.1 : manpages/smbsh.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/winbindd.8: manpages/winbindd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+
+$(MANDIR)/pdbedit.8: manpages/pdbedit.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+
+## Clean Rule
+clean: 
+	/bin/rm -f manpage.*
diff --git a/docs/docbook/configure b/docs/docbook/configure
new file mode 100755
index 00000000000..73d54a817f6
--- /dev/null
+++ b/docs/docbook/configure
@@ -0,0 +1,1065 @@
+#! /bin/sh
+
+# Guess values for system-dependent variables and create Makefiles.
+# Generated automatically using autoconf version 2.13 
+# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+
+# Defaults:
+ac_help=
+ac_default_prefix=/usr/local
+# Any additions from configure.in:
+ac_help="$ac_help
+  --with-sgml-share=DIR   change the default location of SGML stylesheets"
+
+# Initialize some variables set by options.
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+build=NONE
+cache_file=./config.cache
+exec_prefix=NONE
+host=NONE
+no_create=
+nonopt=NONE
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+target=NONE
+verbose=
+x_includes=NONE
+x_libraries=NONE
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+# Initialize some other variables.
+subdirs=
+MFLAGS= MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+# Maximum number of lines to put in a shell here document.
+ac_max_here_lines=12
+
+ac_prev=
+for ac_option
+do
+
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval "$ac_prev=\$ac_option"
+    ac_prev=
+    continue
+  fi
+
+  case "$ac_option" in
+  -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) ac_optarg= ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case "$ac_option" in
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir="$ac_optarg" ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build="$ac_optarg" ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file="$ac_optarg" ;;
+
+  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+  | --da=*)
+    datadir="$ac_optarg" ;;
+
+  -disable-* | --disable-*)
+    ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
+      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+    fi
+    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+    eval "enable_${ac_feature}=no" ;;
+
+  -enable-* | --enable-*)
+    ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
+      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+    fi
+    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+    case "$ac_option" in
+      *=*) ;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "enable_${ac_feature}='$ac_optarg'" ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix="$ac_optarg" ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he)
+    # Omit some internal or obsolete options to make the list less imposing.
+    # This message is too long to be a string in the A/UX 3.1 sh.
+    cat << EOF
+Usage: configure [options] [host]
+Options: [defaults in brackets after descriptions]
+Configuration:
+  --cache-file=FILE       cache test results in FILE
+  --help                  print this message
+  --no-create             do not create output files
+  --quiet, --silent       do not print \`checking...' messages
+  --version               print the version of autoconf that created configure
+Directory and file names:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [same as prefix]
+  --bindir=DIR            user executables in DIR [EPREFIX/bin]
+  --sbindir=DIR           system admin executables in DIR [EPREFIX/sbin]
+  --libexecdir=DIR        program executables in DIR [EPREFIX/libexec]
+  --datadir=DIR           read-only architecture-independent data in DIR
+                          [PREFIX/share]
+  --sysconfdir=DIR        read-only single-machine data in DIR [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data in DIR
+                          [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data in DIR [PREFIX/var]
+  --libdir=DIR            object code libraries in DIR [EPREFIX/lib]
+  --includedir=DIR        C header files in DIR [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc in DIR [/usr/include]
+  --infodir=DIR           info documentation in DIR [PREFIX/info]
+  --mandir=DIR            man documentation in DIR [PREFIX/man]
+  --srcdir=DIR            find the sources in DIR [configure dir or ..]
+  --program-prefix=PREFIX prepend PREFIX to installed program names
+  --program-suffix=SUFFIX append SUFFIX to installed program names
+  --program-transform-name=PROGRAM
+                          run sed PROGRAM on installed program names
+EOF
+    cat << EOF
+Host type:
+  --build=BUILD           configure for building on BUILD [BUILD=HOST]
+  --host=HOST             configure for HOST [guessed]
+  --target=TARGET         configure for TARGET [TARGET=HOST]
+Features and packages:
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --x-includes=DIR        X include files are in DIR
+  --x-libraries=DIR       X library files are in DIR
+EOF
+    if test -n "$ac_help"; then
+      echo "--enable and --with options recognized:$ac_help"
+    fi
+    exit 0 ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host="$ac_optarg" ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir="$ac_optarg" ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir="$ac_optarg" ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir="$ac_optarg" ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir="$ac_optarg" ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst \
+  | --locals | --local | --loca | --loc | --lo)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+    localstatedir="$ac_optarg" ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir="$ac_optarg" ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir="$ac_optarg" ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix="$ac_optarg" ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix="$ac_optarg" ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix="$ac_optarg" ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name="$ac_optarg" ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir="$ac_optarg" ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir="$ac_optarg" ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site="$ac_optarg" ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir="$ac_optarg" ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir="$ac_optarg" ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target="$ac_optarg" ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers)
+    echo "configure generated by autoconf version 2.13"
+    exit 0 ;;
+
+  -with-* | --with-*)
+    ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
+      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+    fi
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    case "$ac_option" in
+      *=*) ;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "with_${ac_package}='$ac_optarg'" ;;
+
+  -without-* | --without-*)
+    ac_package=`echo $ac_option|sed -e 's/-*without-//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
+      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+    fi
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    eval "with_${ac_package}=no" ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes="$ac_optarg" ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries="$ac_optarg" ;;
+
+  -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
+    ;;
+
+  *)
+    if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
+      echo "configure: warning: $ac_option: invalid host type" 1>&2
+    fi
+    if test "x$nonopt" != xNONE; then
+      { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
+    fi
+    nonopt="$ac_option"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
+fi
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+# File descriptor usage:
+# 0 standard input
+# 1 file creation
+# 2 errors and warnings
+# 3 some systems may open it to /dev/tty
+# 4 used on the Kubota Titan
+# 6 checking for... messages and results
+# 5 compiler messages saved in config.log
+if test "$silent" = yes; then
+  exec 6>/dev/null
+else
+  exec 6>&1
+fi
+exec 5>./config.log
+
+echo "\
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+" 1>&5
+
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Also quote any args containing shell metacharacters.
+ac_configure_args=
+for ac_arg
+do
+  case "$ac_arg" in
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c) ;;
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
+  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
+  ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+  *) ac_configure_args="$ac_configure_args $ac_arg" ;;
+  esac
+done
+
+# NLS nuisances.
+# Only set these to C if already set.  These must not be set unconditionally
+# because not all systems understand e.g. LANG=C (notably SCO).
+# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
+# Non-C LC_CTYPE values break the ctype check.
+if test "${LANG+set}"   = set; then LANG=C;   export LANG;   fi
+if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
+if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
+if test "${LC_CTYPE+set}"    = set; then LC_CTYPE=C;    export LC_CTYPE;    fi
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo > confdefs.h
+
+# A filename unique to this package, relative to the directory that
+# configure is in, which we can look for to find out if srcdir is correct.
+ac_unique_file=global.ent
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then its parent.
+  ac_prog=$0
+  ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
+  test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
+  srcdir=$ac_confdir
+  if test ! -r $srcdir/$ac_unique_file; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+  if test "$ac_srcdir_defaulted" = yes; then
+    { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
+  else
+    { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
+  fi
+fi
+srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`
+
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+  if test "x$prefix" != xNONE; then
+    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+  else
+    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+  fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+  if test -r "$ac_site_file"; then
+    echo "loading site script $ac_site_file"
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  echo "loading cache $cache_file"
+  . $cache_file
+else
+  echo "creating cache $cache_file"
+  > $cache_file
+fi
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+ac_exeext=
+ac_objext=o
+if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+  # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
+  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+    ac_n= ac_c='
+' ac_t='	'
+  else
+    ac_n=-n ac_c= ac_t=
+  fi
+else
+  ac_n= ac_c='\c' ac_t=
+fi
+
+
+
+## check for the necesary install tools
+# Extract the first word of "openjade", so it can be a program name with args.
+set dummy openjade; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:532: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$JADE" in
+  /*)
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_JADE="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+JADE="$ac_cv_path_JADE"
+if test -n "$JADE"; then
+  echo "$ac_t""$JADE" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+if test -z "$JADE"; then
+	# Extract the first word of "jade", so it can be a program name with args.
+set dummy jade; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:569: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$JADE" in
+  /*)
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_JADE="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+JADE="$ac_cv_path_JADE"
+if test -n "$JADE"; then
+  echo "$ac_t""$JADE" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+	# Extract the first word of "nsgmls", so it can be a program name with args.
+set dummy nsgmls; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:604: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$NSGMLS" in
+  /*)
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_NSGMLS="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+NSGMLS="$ac_cv_path_NSGMLS"
+if test -n "$NSGMLS"; then
+  echo "$ac_t""$NSGMLS" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+else
+	# Extract the first word of "onsgmls", so it can be a program name with args.
+set dummy onsgmls; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:640: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$NSGMLS" in
+  /*)
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_NSGMLS="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+NSGMLS="$ac_cv_path_NSGMLS"
+if test -n "$NSGMLS"; then
+  echo "$ac_t""$NSGMLS" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+
+# Extract the first word of "htmldoc", so it can be a program name with args.
+set dummy htmldoc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:677: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$HTMLDOC" in
+  /*)
+  ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_HTMLDOC="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+HTMLDOC="$ac_cv_path_HTMLDOC"
+if test -n "$HTMLDOC"; then
+  echo "$ac_t""$HTMLDOC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+# Extract the first word of "sgmlspl", so it can be a program name with args.
+set dummy sgmlspl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:712: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_SGMLSPL'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$SGMLSPL" in
+  /*)
+  ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_SGMLSPL="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+SGMLSPL="$ac_cv_path_SGMLSPL"
+if test -n "$SGMLSPL"; then
+  echo "$ac_t""$SGMLSPL" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+# Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:747: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$PERL" in
+  /*)
+  ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_PERL="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+PERL="$ac_cv_path_PERL"
+if test -n "$PERL"; then
+  echo "$ac_t""$PERL" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+SGML_SHARE="/usr/local/share/sgml"
+
+# Check whether --with-sgml-share or --without-sgml-share was given.
+if test "${with_sgml_share+set}" = set; then
+  withval="$with_sgml_share"
+  case "$withval" in
+        no) SGML_SHARE=""
+                ;;
+        yes)
+                ;;
+        /*|\\*)
+                SGML_SHARE="$withval"
+                ;;
+        *)
+                SGML_SHARE="/$withval"
+                ;;
+esac
+
+fi
+
+# The Makefile requires docbook2X in the share/sgml directory
+if  ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ; then
+	{ echo "configure: error: "Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct."" 1>&2; exit 1; }
+fi
+
+
+DOC_BUILD_DATE=`date '+%d-%m-%Y'`
+
+
+trap '' 1 2 15
+cat > confcache <<\EOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs.  It is not useful on other systems.
+# If it contains results you don't want to keep, you may remove or edit it.
+#
+# By default, configure uses ./config.cache as the cache file,
+# creating it if it does not exist already.  You can give configure
+# the --cache-file=FILE option to use a different cache file; that is
+# what configure does when it calls configure scripts in
+# subdirectories, so they share the cache.
+# Giving --cache-file=/dev/null disables caching, for debugging configure.
+# config.status only pays attention to the cache file if you give it the
+# --recheck option to rerun configure.
+#
+EOF
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(set) 2>&1 |
+  case `(ac_space=' '; set | grep ac_space) 2>&1` in
+  *ac_space=\ *)
+    # `set' does not quote correctly, so add quotes (double-quote substitution
+    # turns \\\\ into \\, and sed turns \\ into \).
+    sed -n \
+      -e "s/'/'\\\\''/g" \
+      -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
+    ;;
+  *)
+    # `set' quotes correctly as required by POSIX, so do not add quotes.
+    sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
+    ;;
+  esac >> confcache
+if cmp -s $cache_file confcache; then
+  :
+else
+  if test -w $cache_file; then
+    echo "updating cache $cache_file"
+    cat confcache > $cache_file
+  else
+    echo "not updating unwritable cache $cache_file"
+  fi
+fi
+rm -f confcache
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Any assignment to VPATH causes Sun make to only execute
+# the first set of double-colon rules, so remove it if not needed.
+# If there is a colon in the path, we need to keep it.
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[ 	]*VPATH[ 	]*=[^:]*$/d'
+fi
+
+trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15
+
+# Transform confdefs.h into DEFS.
+# Protect against shell expansion while executing Makefile rules.
+# Protect against Makefile macro expansion.
+cat > conftest.defs <<\EOF
+s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g
+s%[ 	`~#$^&*(){}\\|;'"<>?]%\\&%g
+s%\[%\\&%g
+s%\]%\\&%g
+s%\$%$$%g
+EOF
+DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '`
+rm -f conftest.defs
+
+
+# Without the "./", some shells look in PATH for config.status.
+: ${CONFIG_STATUS=./config.status}
+
+echo creating $CONFIG_STATUS
+rm -f $CONFIG_STATUS
+cat > $CONFIG_STATUS <<EOF
+#! /bin/sh
+# Generated automatically by configure.
+# Run this file to recreate the current configuration.
+# This directory was configured as follows,
+# on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+#
+# $0 $ac_configure_args
+#
+# Compiler output produced by configure, useful for debugging
+# configure, is in ./config.log if it exists.
+
+ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]"
+for ac_option
+do
+  case "\$ac_option" in
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
+    exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
+  -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
+    echo "$CONFIG_STATUS generated by autoconf version 2.13"
+    exit 0 ;;
+  -help | --help | --hel | --he | --h)
+    echo "\$ac_cs_usage"; exit 0 ;;
+  *) echo "\$ac_cs_usage"; exit 1 ;;
+  esac
+done
+
+ac_given_srcdir=$srcdir
+
+trap 'rm -fr `echo "Makefile stylesheets/ldp.dsl " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+# Protect against being on the right side of a sed subst in config.status.
+sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
+ s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
+$ac_vpsub
+$extrasub
+s%@SHELL@%$SHELL%g
+s%@CFLAGS@%$CFLAGS%g
+s%@CPPFLAGS@%$CPPFLAGS%g
+s%@CXXFLAGS@%$CXXFLAGS%g
+s%@FFLAGS@%$FFLAGS%g
+s%@DEFS@%$DEFS%g
+s%@LDFLAGS@%$LDFLAGS%g
+s%@LIBS@%$LIBS%g
+s%@exec_prefix@%$exec_prefix%g
+s%@prefix@%$prefix%g
+s%@program_transform_name@%$program_transform_name%g
+s%@bindir@%$bindir%g
+s%@sbindir@%$sbindir%g
+s%@libexecdir@%$libexecdir%g
+s%@datadir@%$datadir%g
+s%@sysconfdir@%$sysconfdir%g
+s%@sharedstatedir@%$sharedstatedir%g
+s%@localstatedir@%$localstatedir%g
+s%@libdir@%$libdir%g
+s%@includedir@%$includedir%g
+s%@oldincludedir@%$oldincludedir%g
+s%@infodir@%$infodir%g
+s%@mandir@%$mandir%g
+s%@JADE@%$JADE%g
+s%@NSGMLS@%$NSGMLS%g
+s%@HTMLDOC@%$HTMLDOC%g
+s%@SGMLSPL@%$SGMLSPL%g
+s%@PERL@%$PERL%g
+s%@SGML_SHARE@%$SGML_SHARE%g
+s%@DOC_BUILD_DATE@%$DOC_BUILD_DATE%g
+
+CEOF
+EOF
+
+cat >> $CONFIG_STATUS <<\EOF
+
+# Split the substitutions into bite-sized pieces for seds with
+# small command number limits, like on Digital OSF/1 and HP-UX.
+ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script.
+ac_file=1 # Number of current file.
+ac_beg=1 # First line for current file.
+ac_end=$ac_max_sed_cmds # Line after last line for current file.
+ac_more_lines=:
+ac_sed_cmds=""
+while $ac_more_lines; do
+  if test $ac_beg -gt 1; then
+    sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file
+  else
+    sed "${ac_end}q" conftest.subs > conftest.s$ac_file
+  fi
+  if test ! -s conftest.s$ac_file; then
+    ac_more_lines=false
+    rm -f conftest.s$ac_file
+  else
+    if test -z "$ac_sed_cmds"; then
+      ac_sed_cmds="sed -f conftest.s$ac_file"
+    else
+      ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file"
+    fi
+    ac_file=`expr $ac_file + 1`
+    ac_beg=$ac_end
+    ac_end=`expr $ac_end + $ac_max_sed_cmds`
+  fi
+done
+if test -z "$ac_sed_cmds"; then
+  ac_sed_cmds=cat
+fi
+EOF
+
+cat >> $CONFIG_STATUS <<EOF
+
+CONFIG_FILES=\${CONFIG_FILES-"Makefile stylesheets/ldp.dsl "}
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case "$ac_file" in
+  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+  *) ac_file_in="${ac_file}.in" ;;
+  esac
+
+  # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.
+
+  # Remove last slash and all that follows it.  Not all systems have dirname.
+  ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+  if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+    # The file is in a subdirectory.
+    test ! -d "$ac_dir" && mkdir "$ac_dir"
+    ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`"
+    # A "../" for each directory in $ac_dir_suffix.
+    ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'`
+  else
+    ac_dir_suffix= ac_dots=
+  fi
+
+  case "$ac_given_srcdir" in
+  .)  srcdir=.
+      if test -z "$ac_dots"; then top_srcdir=.
+      else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;;
+  /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;;
+  *) # Relative path.
+    srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix"
+    top_srcdir="$ac_dots$ac_given_srcdir" ;;
+  esac
+
+
+  echo creating "$ac_file"
+  rm -f "$ac_file"
+  configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure."
+  case "$ac_file" in
+  *Makefile*) ac_comsub="1i\\
+# $configure_input" ;;
+  *) ac_comsub= ;;
+  esac
+
+  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+  sed -e "$ac_comsub
+s%@configure_input@%$configure_input%g
+s%@srcdir@%$srcdir%g
+s%@top_srcdir@%$top_srcdir%g
+" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file
+fi; done
+rm -f conftest.s*
+
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+
+exit 0
+EOF
+chmod +x $CONFIG_STATUS
+rm -fr confdefs* $ac_clean_files
+test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
+
diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in
new file mode 100755
index 00000000000..ad0613f2be8
--- /dev/null
+++ b/docs/docbook/configure.in
@@ -0,0 +1,49 @@
+AC_INIT(global.ent)
+
+## check for the necesary install tools
+## Openjade includes 'onsgmls' while
+## the older jade package includes 'nsgmls'
+AC_PATH_PROG(JADE,openjade)
+
+if test -z "$JADE"; then
+	AC_PATH_PROG(JADE,jade)
+	AC_PATH_PROG(NSGMLS, nsgmls)
+else
+	AC_PATH_PROG(NSGMLS, onsgmls)
+fi
+
+AC_PATH_PROG(HTMLDOC, htmldoc)
+AC_PATH_PROG(SGMLSPL, sgmlspl)
+AC_PATH_PROG(PERL, perl)
+
+dnl ----------------------------------------------------------------
+dnl --with-sgml-share
+SGML_SHARE="/usr/local/share/sgml"
+
+AC_ARG_WITH(sgml-share,
+[  --with-sgml-share=DIR   change the default location of SGML stylesheets],
+[case "$withval" in
+        no) SGML_SHARE=""
+                ;;
+        yes)
+                ;;
+        /*|\\*)
+                SGML_SHARE="$withval"
+                ;;
+        *)
+                SGML_SHARE="/$withval"
+                ;;
+esac
+])dnl
+
+# The Makefile requires docbook2X in the share/sgml directory
+if [ ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ]; then
+	AC_MSG_ERROR("Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct.")
+fi
+
+AC_SUBST(SGML_SHARE)dnl
+
+DOC_BUILD_DATE=`date '+%d-%m-%Y'`
+AC_SUBST(DOC_BUILD_DATE)
+
+AC_OUTPUT( Makefile stylesheets/ldp.dsl )
diff --git a/docs/docbook/dbsgml/40chg.txt b/docs/docbook/dbsgml/40chg.txt
new file mode 100755
index 00000000000..2d2467d9ebc
--- /dev/null
+++ b/docs/docbook/dbsgml/40chg.txt
@@ -0,0 +1,45 @@
+19 June 2000
+
+Changes from DocBook V3.1 to DocBook V4.1:
+
+Markup:
+
+- RFE  17: Added a common attribute 'Condition' for generic effectivity
+- RFE  38: The nav.class elements (ToC|LoT|Index|Glossary|Bibliography) are
+           now allowed at the beginning and end of components and sections
+- RFE  58: The 'optmult' and 'reqmult' attribute values have been
+           removed from Group
+- RFE  65: Added several class attribute values to Filename and SystemItem
+           at the request of the Linux community
+- RFE  73: Removed BookBiblio and SeriesInfo
+- RFE  81: Added SidebarInfo to Sidebar
+- RFE  87: Added 'xmlpi' and 'emptytag' as class values of SGMLTag
+- RFE  92: Added 'CO' to Synopsis and LiteralLayout
+- RFE  99: Added SimpleMsgEntry as an alternative to MsgEntry in order
+           to provide a simpler MsgSet construct
+- RFE 103: Added RevDescription as an alternative to RevRemark in
+           RevHistory; this allows longer descriptive text in a revision
+- RFE 104: Added 'Specification' to the list of document classes on Article
+- RFE 108: Allow admonitions in Answers
+- RFE 110: Allow a RevHistory on QandAEntry
+- RFE 115: Allow optional Title on OrderedList and ItemizedList
+- RFE 116: Added LineNumbering attribute to linespecific environments for
+           presentation of line numbers
+- Added a common attribute 'Security' for effectivity
+- Added synopsis markup for modern programming languages (e.g, object
+  oriented languages like Java, C++, and IDL)
+- Renamed DocInfo to PrefaceInfo, ChapterInfo, AppendixInfo, etc.
+- Comment was renamed Remark
+- InterfaceDefinition was removed
+
+Other:
+
+- RFE  88: Added PEs to include/ignore dbnotn.mod and dbcent.mod
+- RFE 102: Fixed some outstanding namecase problems
+- RFE 105: Added PNG notation
+- RFE 106: Removed some odd *.content PEs that interfered with
+           customization layers
+- RFE 109: Added FPI to content of dbgenent.mod (for consistency)
+- RFE 111: Added the Euro symbol
+- Fixed bug in cals-tbl.dtd; a model group was used for the element
+  declaration, but the attlist declaration used "Table" literally.
diff --git a/docs/docbook/dbsgml/41chg.txt b/docs/docbook/dbsgml/41chg.txt
new file mode 100755
index 00000000000..d2a91478878
--- /dev/null
+++ b/docs/docbook/dbsgml/41chg.txt
@@ -0,0 +1,7 @@
+19 June 2000
+
+Changes from DocBook V4.0 to DocBook V4.1:
+
+No user-visible changes; removed some 4.0 future use comments that had
+accidentally been left in the DTD and fixed a couple of incorrect FPIs.
+See 40chg.txt for a list of the significant changes.
diff --git a/docs/docbook/dbsgml/50issues.txt b/docs/docbook/dbsgml/50issues.txt
new file mode 100755
index 00000000000..31497420f0d
--- /dev/null
+++ b/docs/docbook/dbsgml/50issues.txt
@@ -0,0 +1,39 @@
+19 June 2000
+
+Backwards-incompatible changes to DocBook that are planned for V5.0:
+
+- DocBook V5.0 will be an XML DTD. This will require a wide range of
+  changes. As a result, DocBook V5.0 will more closely resemble
+  The XML version of DocBook V4.1 than the SGML version.
+
+- Parameter entity reorganization may greatly reduce many
+  content models.  The goal of this effort is to remove a large
+  number of spurious elements that snuck into content models
+  during the first PE reorg, in practice these changes should have
+  very little "real world" impact.
+
+- The Coords attribute will be removed from AreaSet.
+
+- ArtHeader will be dropped from BiblioEntry
+
+- Contents attribute will be removed from BookInfo and SetInfo
+
+- The %indexdivcomponent.mix; will be restricted.  Numbered figures
+  and other elements inappropriate for an Index or SetIndex will be
+  removed.
+
+- RevHistory will be removed from GlossTerm
+
+- Constant Class will be removed from SystemItem
+
+- Graphic and InlineGraphic will be removed
+
+- Tables will be restricted from full CALS to the OASIS Exchange model
+
+- An experimental XML Schema version of DocBook 5.0 will be
+  produced in parallel with the DTD version. It will be
+  backwards-incompatible in an unspecified number of ways. The
+  goal of the effort will be that most DocBook documents that
+  validate under the DTD will also validate under the Schema,
+  but the committee does not feel bound to guarantee this
+  condition.
diff --git a/docs/docbook/dbsgml/ChangeLog b/docs/docbook/dbsgml/ChangeLog
new file mode 100755
index 00000000000..c4673db15a9
--- /dev/null
+++ b/docs/docbook/dbsgml/ChangeLog
@@ -0,0 +1,85 @@
+2000-06-19  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt: Added notes about comment and interfacedefinition
+
+	* 41chg.txt: New file.
+
+	* 50issues.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, readme.txt: 
+	Updated version numbers to 4.1
+
+	* dbhier.mod, dbpool.mod: Removed 4.0 future use comments
+
+	* docbook.cat: Fixed version number in comment
+
+	* docbook.dtd: DocBook V4.1 released.
+
+2000-05-18  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Removed references to beta6
+
+	* docbook.dtd: DocBook V4.0 released.
+
+2000-04-10  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated release date and version to 4.0beta6
+
+	* dbpool.mod: Added support for EBNF hook; fixed equation content bug
+
+2000-04-03  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt: Added note about renaming DocInfo to *Info.
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated version numbers
+
+2000-03-24  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated version numbers
+
+	* 50issues.txt: Added note about PE reorg
+
+	* dbefsyn.mod: Removed
+
+	* dbpool.mod: Removed ELEMENT from comments to ease text searching of the DTD.
+	Merged dbefsyn.mod into dbpool.mod
+	Added Modifier as an optional element at the end of MethodSynopsis
+	and MethodParam.
+
+2000-03-07  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated internal versions to beta3
+
+2000-03-03  Norman Walsh  <ndw@nwalsh.com>
+
+	* dbpool.mod: Removed erroneous comment about inline synopses
+
+2000-03-02  Norman Walsh  <ndw@nwalsh.com>
+
+	* 30chg.txt, 31chg.txt, 40issues.txt, 50issues.txt, announce.txt, cals-tbl.dtd, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Version 3.1
+
+	* 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: 
+	branches:  1.1.1;
+	Initial revision
+
+	* 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: 
+	New file.
+
+	* 31chg.txt, 40chg.txt, 40issues.txt, 50issues.txt, cals-tbl.dtd, dbcent.mod, dbefsyn.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Version 4.0beta2
+
+	* 50issues.txt: Added warning about exchange table model
+
+	* dbefsyn.mod, dbpool.mod: Added ooclass, oointerface, and ooexception as wrappers for modifiers
+	and names in classsynopsis. Also allow them inline.
+	
+	Fixed SGML PE parsing problem with hook PEs.
+
+	* dbhier.mod, dbpool.mod: Added hook PEs for future module extension
+
+	* dbpool.mod, docbook.dtd: Removed reference to sgml-features PE
+
diff --git a/docs/docbook/dbsgml/cals-tbl.dtd b/docs/docbook/dbsgml/cals-tbl.dtd
new file mode 100755
index 00000000000..78c7d5a3ae1
--- /dev/null
+++ b/docs/docbook/dbsgml/cals-tbl.dtd
@@ -0,0 +1,330 @@
+<!-- CALS TABLE MODEL DECLARATION MODULE -->
+
+<!-- This set of declarations defines the CALS Table Model as of the
+     date shown in the Formal Public Identifier (FPI) for this entity.
+
+     This set of declarations may be referred to using a public external
+     entity declaration and reference as shown in the following two lines:
+
+<!ENTITY % calstbls PUBLIC "-//USA-DOD//DTD Table Model 951010//EN">
+%calstbls;
+
+     If various parameter entities used within this set of declarations
+     are to be given non-default values, the appropriate declarations
+     should be given before calling in this package (i.e., before the
+     "%calstbls;" reference).
+
+     NOTE:  This set of declarations assumes a NAMELEN of 32 as is used in
+     the standard CALS defined SGML declaration.
+-->
+
+<!-- This entity includes a set of element and attribute declarations
+     that partially defines the CALS table model.  However, the model
+     is not well-defined without the accompanying natural language
+     description of the semantics (meanings) of these various elements,
+     attributes, and attribute values.  The semantic writeup, available
+     as a separate entity, should be used in conjunction with this entity.
+-->
+
+<!-- In order to use the CALS table model, various parameter entity
+     declarations are required.  A brief description is as follows:
+
+     ENTITY NAME      WHERE USED              WHAT IT IS
+
+     %bodyatt         In ATTLIST of:          Additional (non-table related)
+                      table element(s)        attributes on the overall
+                                              (wrapper) table element(s)
+
+     %secur           In ATTLIST of:          Additional (non-table related)
+                      table element(s)        attributes on all the listed
+                      <tgroup>                elements
+                      <tbody>
+                      table head and foot element(s)
+                      <row>
+                      <entrytbl>
+                      <entry>
+
+     %yesorno         In ATTLIST of:          An attribute declared value
+                      almost all elements     for a "boolean" attribute
+
+     %titles          In content model of:    The "title" part of the model
+                      table element(s)        group for the table element(s)
+
+     %paracon         In content model of:    The "text" (data content) part
+                      <entry>                 of the model group for <entry>
+
+     %tbl.table.name  In declaration of:      The name(s) of the "table"
+                      table element(s)        element(s)
+
+     %tbl.table-titles.mdl In content model of: The model group for the title
+                      table elements(s)       part of the content model for 
+                                              table element(s)
+
+     %tbl.table-main.mdl In content model of: The model group for the main part
+                      table elements(s)       (not including titles) of the
+                                              content model for table element(s)
+
+     %tbl.table.mdl   In content model of:    The model group for the content
+                      table elements(s)       model for table element(s),
+                                              often (and by default) defined
+                                              in terms of %tbl.table-titles.mdl
+                                              and %tbl.table-main.mdl
+
+     %tbl.table.excep In content model of:    The exceptions for the content
+                      table element(s)        model for table element(s)
+
+     %tbl.table.att   In ATTLIST of:          Additional attributes on the
+                      table element(s)        table element(s)
+
+     %tbl.tgroup.mdl  In content model of:    The model group for the content
+                      <tgroup>                model for <tgroup>
+
+     %tbl.tgroup.att  In ATTLIST of:          Additional attributes on the
+                      <tgroup>                <tgroup> and <entrytbl> elements
+                      <entrytbl>
+
+     %tbl.hdft.name   In declaration of:      The name(s) of the table
+                      head/foot element(s)    head and foot element(s)
+
+     %tbl.hdft.mdl    In content model of:    The model group for the content
+                      head/foot element(s)    model for head/foot element(s)
+
+     %tbl.hdft.excep  In content model of:    The exceptions for the content
+                      head/foot element(s)    model for head/foot element(s)
+
+     %tbl.row.mdl     In content model of:    The model group for the content
+                      <row>                   model for <row>
+
+     %tbl.row.excep   In content model of:    The exceptions for the content
+                      <row>                   model for <row>
+
+     %tbl.entrytbl.mdl In content model of:   The model group for the content
+                      <entrytbl>              model for <entrytbl>
+
+     %tbl.entrytbl.excep In content model of: The exceptions for the content
+                      <entrytbl>              model for <entrytbl>
+
+     %tbl.entry.mdl   In content model of:    The model group for the content
+                      <entry>                 model for <entry>
+
+     %tbl.entry.excep In content model of:    The exceptions for the content
+                      <entry>                 model for <entry>
+
+     If any of these parameter entities are not declared before this set of
+     declarations is referenced, this set of declarations will make the
+     following default definitions for all of these have parameter entities.
+-->
+
+<!-- These definitions are not directly related to the table model, but are 
+     used in the default CALS table model and are usually defined elsewhere 
+     (and prior to the inclusion of this table module) in a CALS DTD. -->
+
+<!ENTITY % bodyatt "">
+<!ENTITY % secur "">
+<!ENTITY % yesorno 'NUMBER'  -- no if zero(s),
+                                yes if any other digits value -->
+<!ENTITY % titles  'title?'>
+<!ENTITY % paracon '#PCDATA' -- default for use in entry content -->
+
+<!--
+The parameter entities as defined below provide the CALS table model
+as published (as part of the Example DTD) in MIL-HDBK-28001.
+
+These following declarations provide the CALS-compliant default definitions
+for these entities.  However, these entities can and should be redefined
+(by giving the appropriate parameter entity declaration(s) prior to the
+reference to this Table Model declaration set entity) to fit the needs
+of the current application.
+-->
+
+<!ENTITY % tbl.table.name       "(table|chart)">
+<!ENTITY % tbl.table-titles.mdl "%titles,">
+<!ENTITY % tbl.table-main.mdl   "(tgroup+|graphic+)">
+<!ENTITY % tbl.table.mdl        "%tbl.table-titles.mdl; %tbl.table-main.mdl;">
+<!ENTITY % tbl.table.excep      "-(table|chart|figure)">
+<!ENTITY % tbl.table.att        '
+    tabstyle    NMTOKEN         #IMPLIED
+    tocentry    %yesorno;       #IMPLIED
+    shortentry  %yesorno;       #IMPLIED
+    orient      (port|land)     #IMPLIED
+    pgwide      %yesorno;       #IMPLIED '>
+<!ENTITY % tbl.tgroup.mdl       "colspec*,spanspec*,thead?,tfoot?,tbody">
+<!ENTITY % tbl.tgroup.att       '
+    tgroupstyle NMTOKEN         #IMPLIED '>
+<!ENTITY % tbl.hdft.name        "(thead|tfoot)">
+<!ENTITY % tbl.hdft.mdl         "colspec*,row+">
+<!ENTITY % tbl.hdft.excep       "-(entrytbl)">
+<!ENTITY % tbl.row.mdl          "(entry|entrytbl)+">
+<!ENTITY % tbl.row.excep        "-(pgbrk)">
+<!ENTITY % tbl.entrytbl.mdl     "colspec*,spanspec*,thead?,tbody">
+<!ENTITY % tbl.entrytbl.excep   "-(entrytbl|pgbrk)">
+<!ENTITY % tbl.entry.mdl        "(para|warning|caution|note|legend|%paracon;)*">
+<!ENTITY % tbl.entry.excep      "-(pgbrk)">
+
+<!-- =====  Element and attribute declarations follow. =====  -->
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.table.name       "(table|chart)"
+     ENTITY % tbl.table-titles.mdl "%titles,"
+     ENTITY % tbl.table-main.mdl   "(tgroup+|graphic+)"
+     ENTITY % tbl.table.mdl        "%tbl.table-titles; %tbl.table-main.mdl;"
+     ENTITY % tbl.table.excep      "-(table|chart|figure)"
+     ENTITY % tbl.table.att        '
+                        tabstyle        NMTOKEN         #IMPLIED
+                        tocentry        %yesorno;       #IMPLIED
+                        shortentry      %yesorno;       #IMPLIED
+                        orient          (port|land)     #IMPLIED
+                        pgwide          %yesorno;       #IMPLIED '
+-->
+
+<!ELEMENT %tbl.table.name; - - (%tbl.table.mdl;) %tbl.table.excep; >
+
+<!ATTLIST %tbl.table.name;
+        frame           (top|bottom|topbot|all|sides|none)      #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        %tbl.table.att;
+        %bodyatt;
+        %secur;
+>
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.tgroup.mdl    "colspec*,spanspec*,thead?,tfoot?,tbody"
+     ENTITY % tbl.tgroup.att    '
+                        tgroupstyle     NMTOKEN         #IMPLIED '
+-->
+
+<!ELEMENT tgroup - O (%tbl.tgroup.mdl;) >
+
+<!ATTLIST tgroup
+        cols            NUMBER                                  #REQUIRED
+        %tbl.tgroup.att;
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+        %secur;
+>
+
+<!ELEMENT colspec - O EMPTY >
+
+<!ATTLIST colspec
+        colnum          NUMBER                                  #IMPLIED
+        colname         NMTOKEN                                 #IMPLIED
+        colwidth        CDATA                                   #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+>
+
+<!ELEMENT spanspec - O EMPTY >
+
+<!ATTLIST spanspec
+        namest          NMTOKEN                                 #REQUIRED
+        nameend         NMTOKEN                                 #REQUIRED
+        spanname        NMTOKEN                                 #REQUIRED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+>
+
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.hdft.name     "(thead|tfoot)"
+     ENTITY % tbl.hdft.mdl      "colspec*,row+"
+     ENTITY % tbl.hdft.excep    "-(entrytbl)"
+-->
+
+<!ELEMENT %tbl.hdft.name; - O (%tbl.hdft.mdl;)  %tbl.hdft.excep;>
+
+<!ATTLIST %tbl.hdft.name;
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
+
+
+<!ELEMENT tbody - O (row+)>
+
+<!ATTLIST tbody
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.row.mdl       "(entry|entrytbl)+"
+     ENTITY % tbl.row.excep     "-(pgbrk)"
+-->
+
+<!ELEMENT row - O (%tbl.row.mdl;) %tbl.row.excep;>
+
+<!ATTLIST row
+        rowsep          %yesorno;                               #IMPLIED
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.entrytbl.mdl  "colspec*,spanspec*,thead?,tbody"
+     ENTITY % tbl.entrytbl.excep "-(entrytbl|pgbrk)"
+     ENTITY % tbl.tgroup.att    '
+                        tgroupstyle     NMTOKEN         #IMPLIED '
+-->
+
+<!ELEMENT entrytbl - - (%tbl.entrytbl.mdl) %tbl.entrytbl.excep; >
+
+<!ATTLIST entrytbl
+        cols            NUMBER                                  #REQUIRED
+        %tbl.tgroup.att;
+        colname         NMTOKEN                                 #IMPLIED
+        spanname        NMTOKEN                                 #IMPLIED
+        namest          NMTOKEN                                 #IMPLIED
+        nameend         NMTOKEN                                 #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+        %secur;
+>
+
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % paracon           "#PCDATA"
+     ENTITY % tbl.entry.mdl     "(para|warning|caution|note|legend|%paracon;)*"
+     ENTITY % tbl.entry.excep   "-(pgbrk)"
+-->
+
+<!ELEMENT entry - O (%tbl.entry.mdl;) %tbl.entry.excep; >
+
+<!ATTLIST entry
+        colname         NMTOKEN                                 #IMPLIED
+        namest          NMTOKEN                                 #IMPLIED
+        nameend         NMTOKEN                                 #IMPLIED
+        spanname        NMTOKEN                                 #IMPLIED
+        morerows        NUMBER                                  #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+        rotate          %yesorno;                               #IMPLIED
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
diff --git a/docs/docbook/dbsgml/catalog b/docs/docbook/dbsgml/catalog
new file mode 100755
index 00000000000..521e8201c8c
--- /dev/null
+++ b/docs/docbook/dbsgml/catalog
@@ -0,0 +1,63 @@
+  -- ...................................................................... --
+  -- Catalog data for DocBook V4.1 ........................................ --
+  -- File docbook.cat ..................................................... --
+
+  -- Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/.
+  --
+
+  -- This is the catalog data file for DocBook V4.1. It is provided as
+     a convenience in building your own catalog files. You need not use
+     the filenames listed here, and need not use the filename method of
+     identifying storage objects at all.  See the documentation for
+     detailed information on the files associated with the DocBook DTD.
+     See SGML Open Technical Resolution 9401 for detailed information
+     on supplying and using catalog data.
+  --
+
+  -- ...................................................................... --
+  -- SGML declaration associated with DocBook ............................. --
+
+DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl"
+
+  -- ...................................................................... --
+  -- DocBook driver file .................................................. --
+
+PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd"
+
+  -- ...................................................................... --
+  -- DocBook modules ...................................................... --
+
+PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd"
+PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod"
+PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod"
+
+  -- ...................................................................... --
+  -- ISO entity sets ...................................................... --
+
+PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ent/ISOdia"
+PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ent/ISOnum"
+PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ent/ISOpub"
+PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ent/ISOtech"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ent/ISOlat1"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ent/ISOlat2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ent/ISOgrk1"
+PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ent/ISOgrk2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ent/ISOgrk3"
+PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ent/ISOgrk4"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ent/ISOamsa"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ent/ISOamsb"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ent/ISOamsc"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ent/ISOamsn"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ent/ISOamso"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ent/ISOamsr"
+PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ent/ISObox"
+PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ent/ISOcyr1"
+PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ent/ISOcyr2"
+
+  -- End of catalog data for DocBook V4.1 ................................. --
+  -- ...................................................................... --
diff --git a/docs/docbook/dbsgml/dbcent.mod b/docs/docbook/dbsgml/dbcent.mod
new file mode 100755
index 00000000000..3c213d8a53f
--- /dev/null
+++ b/docs/docbook/dbsgml/dbcent.mod
@@ -0,0 +1,181 @@
+<!-- ...................................................................... -->
+<!-- DocBook character entities module V4.1 ............................... -->
+<!-- File dbcent.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbcent.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the entity declarations for the standard ISO
+     entity sets used by DocBook.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbcent PUBLIC
+     "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN">
+     %dbcent;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+
+<!ENTITY % ISOamsa.module "INCLUDE">
+<![ %ISOamsa.module; [
+<!ENTITY % ISOamsa PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN">
+%ISOamsa;
+<!--end of ISOamsa.module-->]]>
+
+<!ENTITY % ISOamsb.module "INCLUDE">
+<![ %ISOamsb.module; [
+<!ENTITY % ISOamsb PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN">
+%ISOamsb;
+<!--end of ISOamsb.module-->]]>
+
+<!ENTITY % ISOamsc.module "INCLUDE">
+<![ %ISOamsc.module; [
+<!ENTITY % ISOamsc PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN">
+%ISOamsc;
+<!--end of ISOamsc.module-->]]>
+
+<!ENTITY % ISOamsn.module "INCLUDE">
+<![ %ISOamsn.module; [
+<!ENTITY % ISOamsn PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN">
+%ISOamsn;
+<!--end of ISOamsn.module-->]]>
+
+<!ENTITY % ISOamso.module "INCLUDE">
+<![ %ISOamso.module; [
+<!ENTITY % ISOamso PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN">
+%ISOamso;
+<!--end of ISOamso.module-->]]>
+
+<!ENTITY % ISOamsr.module "INCLUDE">
+<![ %ISOamsr.module; [
+<!ENTITY % ISOamsr PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN">
+%ISOamsr;
+<!--end of ISOamsr.module-->]]>
+
+<!ENTITY % ISObox.module "INCLUDE">
+<![ %ISObox.module; [
+<!ENTITY % ISObox PUBLIC
+"ISO 8879:1986//ENTITIES Box and Line Drawing//EN">
+%ISObox;
+<!--end of ISObox.module-->]]>
+
+<!ENTITY % ISOcyr1.module "INCLUDE">
+<![ %ISOcyr1.module; [
+<!ENTITY % ISOcyr1 PUBLIC
+"ISO 8879:1986//ENTITIES Russian Cyrillic//EN">
+%ISOcyr1;
+<!--end of ISOcyr1.module-->]]>
+
+<!ENTITY % ISOcyr2.module "INCLUDE">
+<![ %ISOcyr2.module; [
+<!ENTITY % ISOcyr2 PUBLIC
+"ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN">
+%ISOcyr2;
+<!--end of ISOcyr2.module-->]]>
+
+<!ENTITY % ISOdia.module "INCLUDE">
+<![ %ISOdia.module; [
+<!ENTITY % ISOdia PUBLIC
+"ISO 8879:1986//ENTITIES Diacritical Marks//EN">
+%ISOdia;
+<!--end of ISOdia.module-->]]>
+
+<!ENTITY % ISOgrk1.module "INCLUDE">
+<![ %ISOgrk1.module; [
+<!ENTITY % ISOgrk1 PUBLIC
+"ISO 8879:1986//ENTITIES Greek Letters//EN">
+%ISOgrk1;
+<!--end of ISOgrk1.module-->]]>
+
+<!ENTITY % ISOgrk2.module "INCLUDE">
+<![ %ISOgrk2.module; [
+<!ENTITY % ISOgrk2 PUBLIC
+"ISO 8879:1986//ENTITIES Monotoniko Greek//EN">
+%ISOgrk2;
+<!--end of ISOgrk2.module-->]]>
+
+<!ENTITY % ISOgrk3.module "INCLUDE">
+<![ %ISOgrk3.module; [
+<!ENTITY % ISOgrk3 PUBLIC
+"ISO 8879:1986//ENTITIES Greek Symbols//EN">
+%ISOgrk3;
+<!--end of ISOgrk3.module-->]]>
+
+<!ENTITY % ISOgrk4.module "INCLUDE">
+<![ %ISOgrk4.module; [
+<!ENTITY % ISOgrk4 PUBLIC
+"ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN">
+%ISOgrk4;
+<!--end of ISOgrk4.module-->]]>
+
+<!ENTITY % ISOlat1.module "INCLUDE">
+<![ %ISOlat1.module; [
+<!ENTITY % ISOlat1 PUBLIC
+"ISO 8879:1986//ENTITIES Added Latin 1//EN">
+%ISOlat1;
+<!--end of ISOlat1.module-->]]>
+
+<!ENTITY % ISOlat2.module "INCLUDE">
+<![ %ISOlat2.module; [
+<!ENTITY % ISOlat2 PUBLIC
+"ISO 8879:1986//ENTITIES Added Latin 2//EN">
+%ISOlat2;
+<!--end of ISOlat2.module-->]]>
+
+<!ENTITY % ISOnum.module "INCLUDE">
+<![ %ISOnum.module; [
+<!ENTITY % ISOnum PUBLIC
+"ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN">
+%ISOnum;
+<!--end of ISOnum.module-->]]>
+
+<!ENTITY % ISOpub.module "INCLUDE">
+<![ %ISOpub.module; [
+<!ENTITY % ISOpub PUBLIC
+"ISO 8879:1986//ENTITIES Publishing//EN">
+%ISOpub;
+<!--end of ISOpub.module-->]]>
+
+<!ENTITY % ISOtech.module "INCLUDE">
+<![ %ISOtech.module; [
+<!ENTITY % ISOtech PUBLIC
+"ISO 8879:1986//ENTITIES General Technical//EN">
+%ISOtech;
+<!--end of ISOtech.module-->]]>
diff --git a/docs/docbook/dbsgml/dbgenent.mod b/docs/docbook/dbsgml/dbgenent.mod
new file mode 100755
index 00000000000..b60c5b27140
--- /dev/null
+++ b/docs/docbook/dbsgml/dbgenent.mod
@@ -0,0 +1,39 @@
+<!-- ...................................................................... -->
+<!-- DocBook additional general entities V4.1 ............................. -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbgenent PUBLIC
+     "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN"
+     %dbgenent;
+-->
+
+<!-- File dbgenent.mod .................................................... -->
+
+<!-- You can edit this file to add the following:
+
+     o General entity declarations of any kind.  For example:
+
+       <!ENTITY happyface SDATA "insert-face">    (system-specific data)
+       <!ENTITY productname "WinWidget">          (small boilerplate)
+       <!ENTITY legal-notice SYSTEM "notice.sgm"> (large boilerplate)
+
+     o Notation declarations.  For example:
+
+       <!NOTATION chicken-scratch SYSTEM>
+
+     o Declarations for and references to external parameter entities
+       containing collections of any of the above.  For example:
+
+       <!ENTITY % all-titles PUBLIC "-//DocTools//ELEMENTS Book Titles//EN">
+       %all-titles;
+-->
+
+<!-- End of DocBook additional general entities V4.1 ...................... -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/dbhier.mod b/docs/docbook/dbsgml/dbhier.mod
new file mode 100755
index 00000000000..a7d9bdf6928
--- /dev/null
+++ b/docs/docbook/dbsgml/dbhier.mod
@@ -0,0 +1,2100 @@
+<!-- ...................................................................... -->
+<!-- DocBook document hierarchy module V4.1 ............................... -->
+<!-- File dbhier.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbhier.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the definitions for the overall document
+     hierarchies of DocBook documents.  It covers computer documentation
+     manuals and manual fragments, as well as reference entries (such as
+     man pages) and technical journals or anthologies containing
+     articles.
+
+     This module depends on the DocBook information pool module.  All
+     elements and entities referenced but not defined here are assumed
+     to be defined in the information pool module.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbhier PUBLIC
+     "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN">
+     %dbhier;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+<!-- Entities for module inclusions ....................................... -->
+
+<!ENTITY % dbhier.redecl.module		"IGNORE">
+<!ENTITY % dbhier.redecl2.module	"IGNORE">
+
+<!-- ...................................................................... -->
+<!-- Entities for element classes ......................................... -->
+
+<!ENTITY % local.appendix.class "">
+<!ENTITY % appendix.class	"Appendix %local.appendix.class;">
+
+<!ENTITY % local.article.class "">
+<!ENTITY % article.class	"Article %local.article.class;">
+
+<!ENTITY % local.book.class "">
+<!ENTITY % book.class		"Book %local.book.class;">
+
+<!ENTITY % local.chapter.class "">
+<!ENTITY % chapter.class	"Chapter %local.chapter.class;">
+
+<!ENTITY % local.index.class "">
+<!ENTITY % index.class		"Index|SetIndex %local.index.class;">
+
+<!ENTITY % local.refentry.class "">
+<!ENTITY % refentry.class	"RefEntry %local.refentry.class;">
+
+<!ENTITY % local.nav.class "">
+<!ENTITY % nav.class		"ToC|LoT|Index|Glossary|Bibliography 
+				%local.nav.class;">
+
+<!-- Redeclaration placeholder ............................................ -->
+
+<!-- For redeclaring entities that are declared after this point while
+     retaining their references to the entities that are declared before
+     this point -->
+
+<![ %dbhier.redecl.module; [
+%rdbhier;
+<!--end of dbhier.redecl.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Entities for element mixtures ........................................ -->
+
+<!-- The DocBook TC may produce an official forms module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % forms.hook "">
+
+<!ENTITY % local.divcomponent.mix "">
+<!ENTITY % divcomponent.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|%compound.class;
+		|%genobj.class;		|%descobj.class;
+		|%ndxterm.class;
+                %forms.hook;
+		%local.divcomponent.mix;">
+
+<!ENTITY % local.refcomponent.mix "">
+<!ENTITY % refcomponent.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|%compound.class;
+		|%genobj.class;		|%descobj.class;
+		|%ndxterm.class;
+		%local.refcomponent.mix;">
+
+<!ENTITY % local.indexdivcomponent.mix "">
+<!ENTITY % indexdivcomponent.mix
+		"ItemizedList|OrderedList|VariableList|SimpleList
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|Anchor|Remark
+		|%link.char.class;
+		%local.indexdivcomponent.mix;">
+
+<!ENTITY % local.refname.char.mix "">
+<!ENTITY % refname.char.mix
+		"#PCDATA
+		|%tech.char.class;
+		%local.refname.char.mix;">
+
+<!ENTITY % local.partcontent.mix "">
+<!ENTITY % partcontent.mix
+		"%appendix.class;|%chapter.class;|%nav.class;|%article.class;
+		|Preface|%refentry.class;|Reference %local.partcontent.mix;">
+
+<!ENTITY % local.refinline.char.mix "">
+<!ENTITY % refinline.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;
+		|%ndxterm.class;
+		%local.refinline.char.mix;">
+
+<!ENTITY % local.refclass.char.mix "">
+<!ENTITY % refclass.char.mix
+		"#PCDATA
+		|Application
+		%local.refclass.char.mix;">
+
+<!-- Redeclaration placeholder 2 .......................................... -->
+
+<!-- For redeclaring entities that are declared after this point while
+     retaining their references to the entities that are declared before
+     this point -->
+
+<![ %dbhier.redecl2.module; [
+%rdbhier2;
+<!--end of dbhier.redecl2.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Entities for content models .......................................... -->
+
+<!ENTITY % div.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % bookcomponent.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % sect.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % refsect.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % bookcomponent.content
+	"((%divcomponent.mix;)+, 
+	    (Sect1*|(%refentry.class;)*|SimpleSect*|Section*))
+         | (Sect1+|(%refentry.class;)+|SimpleSect+|Section+)">
+
+<!-- ...................................................................... -->
+<!-- Set and SetInfo ...................................................... -->
+
+<!ENTITY % set.content.module "INCLUDE">
+<![ %set.content.module; [
+<!ENTITY % set.module "INCLUDE">
+<![ %set.module; [
+<!ENTITY % local.set.attrib "">
+<!ENTITY % set.role.attrib "%role.attrib;">
+
+<!ENTITY % set.element "INCLUDE">
+<![ %set.element; [
+<!ELEMENT Set - O ((%div.title.content;)?, SetInfo?, ToC?, (%book.class;)+,
+		SetIndex?) %ubiq.inclusion;>
+<!--end of set.element-->]]>
+
+<!ENTITY % set.attlist "INCLUDE">
+<![ %set.attlist; [
+<!ATTLIST Set
+		--
+		FPI: SGML formal public identifier
+		--
+		FPI		CDATA		#IMPLIED
+		%status.attrib;
+		%common.attrib;
+		%set.role.attrib;
+		%local.set.attrib;
+>
+<!--end of set.attlist-->]]>
+<!--end of set.module-->]]>
+
+<!ENTITY % setinfo.module "INCLUDE">
+<![ %setinfo.module; [
+<!ENTITY % local.setinfo.attrib "">
+<!ENTITY % setinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % setinfo.element "INCLUDE">
+<![ %setinfo.element; [
+<!ELEMENT SetInfo - - ((Graphic | MediaObject
+		| LegalNotice | ModeSpec | SubjectSet 
+		| KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of setinfo.element-->]]>
+
+<!ENTITY % setinfo.attlist "INCLUDE">
+<![ %setinfo.attlist; [
+<!--FUTURE USE (V5.0):
+......................
+The Contents attribute will be removed from SetInfo
+......................
+-->
+<!ATTLIST SetInfo
+		--
+		Contents: IDs of the ToC, Books, and SetIndex that comprise 
+		the set, in the order of their appearance
+		--
+		Contents	IDREFS		#IMPLIED
+		%common.attrib;
+		%setinfo.role.attrib;
+		%local.setinfo.attrib;
+>
+<!--end of setinfo.attlist-->]]>
+<!--end of setinfo.module-->]]>
+<!--end of set.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Book and BookInfo .................................................... -->
+
+<!ENTITY % book.content.module "INCLUDE">
+<![ %book.content.module; [
+<!ENTITY % book.module "INCLUDE">
+<![ %book.module; [
+
+<!ENTITY % local.book.attrib "">
+<!ENTITY % book.role.attrib "%role.attrib;">
+
+<!ENTITY % book.element "INCLUDE">
+<![ %book.element; [
+<!ELEMENT Book - O ((%div.title.content;)?, BookInfo?,
+ 		(Dedication | ToC | LoT
+ 		| Glossary | Bibliography | Preface
+		| %chapter.class; | Reference | Part
+		| %article.class;
+ 		| %appendix.class;
+		| %index.class;
+		| Colophon)*)
+		%ubiq.inclusion;>
+<!--end of book.element-->]]>
+
+<!ENTITY % book.attlist "INCLUDE">
+<![ %book.attlist; [
+<!ATTLIST Book	
+		--
+		FPI: SGML formal public identifier
+		--
+		FPI		CDATA		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%book.role.attrib;
+		%local.book.attrib;
+>
+<!--end of book.attlist-->]]>
+<!--end of book.module-->]]>
+
+<!ENTITY % bookinfo.module "INCLUDE">
+<![ %bookinfo.module; [
+<!ENTITY % local.bookinfo.attrib "">
+<!ENTITY % bookinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % bookinfo.element "INCLUDE">
+<![ %bookinfo.element; [
+<!ELEMENT BookInfo - - ((Graphic | MediaObject
+		| LegalNotice | ModeSpec | SubjectSet 
+		| KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of bookinfo.element-->]]>
+
+<!ENTITY % bookinfo.attlist "INCLUDE">
+<![ %bookinfo.attlist; [
+<!--FUTURE USE (V5.0):
+......................
+The Contents attribute will be removed from BookInfo
+......................
+-->
+<!ATTLIST BookInfo
+		--
+		Contents: IDs of the ToC, LoTs, Prefaces, Parts, Chapters,
+		Appendixes, References, GLossary, Bibliography, and indexes
+		comprising the Book, in the order of their appearance
+		--
+		Contents	IDREFS		#IMPLIED
+		%common.attrib;
+		%bookinfo.role.attrib;
+		%local.bookinfo.attrib;
+>
+<!--end of bookinfo.attlist-->]]>
+<!--end of bookinfo.module-->]]>
+<!--end of book.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Dedication, ToC, and LoT ............................................. -->
+
+<!ENTITY % dedication.module "INCLUDE">
+<![ %dedication.module; [
+<!ENTITY % local.dedication.attrib "">
+<!ENTITY % dedication.role.attrib "%role.attrib;">
+
+<!ENTITY % dedication.element "INCLUDE">
+<![ %dedication.element; [
+<!ELEMENT Dedication - O ((%sect.title.content;)?, (%legalnotice.mix;)+)>
+<!--end of dedication.element-->]]>
+
+<!ENTITY % dedication.attlist "INCLUDE">
+<![ %dedication.attlist; [
+<!ATTLIST Dedication
+		%status.attrib;
+		%common.attrib;
+		%dedication.role.attrib;
+		%local.dedication.attrib;
+>
+<!--end of dedication.attlist-->]]>
+<!--end of dedication.module-->]]>
+
+<!ENTITY % colophon.module "INCLUDE">
+<![ %colophon.module; [
+<!ENTITY % local.colophon.attrib "">
+<!ENTITY % colophon.role.attrib "%role.attrib;">
+
+<!ENTITY % colophon.element "INCLUDE">
+<![ %colophon.element; [
+<!ELEMENT Colophon - O ((%sect.title.content;)?, (%textobject.mix;)+)>
+<!--end of colophon.element-->]]>
+
+<!ENTITY % colophon.attlist "INCLUDE">
+<![ %colophon.attlist; [
+<!ATTLIST Colophon
+		%status.attrib;
+		%common.attrib;
+		%colophon.role.attrib;
+		%local.colophon.attrib;>
+<!--end of colophon.attlist-->]]>
+<!--end of colophon.module-->]]>
+
+<!ENTITY % toc.content.module "INCLUDE">
+<![ %toc.content.module; [
+<!ENTITY % toc.module "INCLUDE">
+<![ %toc.module; [
+<!ENTITY % local.toc.attrib "">
+<!ENTITY % toc.role.attrib "%role.attrib;">
+
+<!ENTITY % toc.element "INCLUDE">
+<![ %toc.element; [
+<!ELEMENT ToC - O ((%bookcomponent.title.content;)?, ToCfront*,
+		(ToCpart | ToCchap)*, ToCback*)>
+<!--end of toc.element-->]]>
+
+<!ENTITY % toc.attlist "INCLUDE">
+<![ %toc.attlist; [
+<!ATTLIST ToC
+		%pagenum.attrib;
+		%common.attrib;
+		%toc.role.attrib;
+		%local.toc.attrib;
+>
+<!--end of toc.attlist-->]]>
+<!--end of toc.module-->]]>
+
+<!ENTITY % tocfront.module "INCLUDE">
+<![ %tocfront.module; [
+<!ENTITY % local.tocfront.attrib "">
+<!ENTITY % tocfront.role.attrib "%role.attrib;">
+
+<!ENTITY % tocfront.element "INCLUDE">
+<![ %tocfront.element; [
+<!ELEMENT ToCfront - O ((%para.char.mix;)+)>
+<!--end of tocfront.element-->]]>
+
+<!ENTITY % tocfront.attlist "INCLUDE">
+<![ %tocfront.attlist; [
+<!ATTLIST ToCfront
+		%label.attrib;
+		%linkend.attrib; --to element that this entry represents--
+		%pagenum.attrib;
+		%common.attrib;
+		%tocfront.role.attrib;
+		%local.tocfront.attrib;
+>
+<!--end of tocfront.attlist-->]]>
+<!--end of tocfront.module-->]]>
+
+<!ENTITY % tocentry.module "INCLUDE">
+<![ %tocentry.module; [
+<!ENTITY % local.tocentry.attrib "">
+<!ENTITY % tocentry.role.attrib "%role.attrib;">
+
+<!ENTITY % tocentry.element "INCLUDE">
+<![ %tocentry.element; [
+<!ELEMENT ToCentry - - ((%para.char.mix;)+)>
+<!--end of tocentry.element-->]]>
+
+<!ENTITY % tocentry.attlist "INCLUDE">
+<![ %tocentry.attlist; [
+<!ATTLIST ToCentry
+		%linkend.attrib; --to element that this entry represents--
+		%pagenum.attrib;
+		%common.attrib;
+		%tocentry.role.attrib;
+		%local.tocentry.attrib;
+>
+<!--end of tocentry.attlist-->]]>
+<!--end of tocentry.module-->]]>
+
+<!ENTITY % tocpart.module "INCLUDE">
+<![ %tocpart.module; [
+<!ENTITY % local.tocpart.attrib "">
+<!ENTITY % tocpart.role.attrib "%role.attrib;">
+
+<!ENTITY % tocpart.element "INCLUDE">
+<![ %tocpart.element; [
+<!ELEMENT ToCpart - O (ToCentry+, ToCchap*)>
+<!--end of tocpart.element-->]]>
+
+<!ENTITY % tocpart.attlist "INCLUDE">
+<![ %tocpart.attlist; [
+<!ATTLIST ToCpart
+		%common.attrib;
+		%tocpart.role.attrib;
+		%local.tocpart.attrib;
+>
+<!--end of tocpart.attlist-->]]>
+<!--end of tocpart.module-->]]>
+
+<!ENTITY % tocchap.module "INCLUDE">
+<![ %tocchap.module; [
+<!ENTITY % local.tocchap.attrib "">
+<!ENTITY % tocchap.role.attrib "%role.attrib;">
+
+<!ENTITY % tocchap.element "INCLUDE">
+<![ %tocchap.element; [
+<!ELEMENT ToCchap - O (ToCentry+, ToClevel1*)>
+<!--end of tocchap.element-->]]>
+
+<!ENTITY % tocchap.attlist "INCLUDE">
+<![ %tocchap.attlist; [
+<!ATTLIST ToCchap
+		%label.attrib;
+		%common.attrib;
+		%tocchap.role.attrib;
+		%local.tocchap.attrib;
+>
+<!--end of tocchap.attlist-->]]>
+<!--end of tocchap.module-->]]>
+
+<!ENTITY % toclevel1.module "INCLUDE">
+<![ %toclevel1.module; [
+<!ENTITY % local.toclevel1.attrib "">
+<!ENTITY % toclevel1.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel1.element "INCLUDE">
+<![ %toclevel1.element; [
+<!ELEMENT ToClevel1 - O (ToCentry+, ToClevel2*)>
+<!--end of toclevel1.element-->]]>
+
+<!ENTITY % toclevel1.attlist "INCLUDE">
+<![ %toclevel1.attlist; [
+<!ATTLIST ToClevel1
+		%common.attrib;
+		%toclevel1.role.attrib;
+		%local.toclevel1.attrib;
+>
+<!--end of toclevel1.attlist-->]]>
+<!--end of toclevel1.module-->]]>
+
+<!ENTITY % toclevel2.module "INCLUDE">
+<![ %toclevel2.module; [
+<!ENTITY % local.toclevel2.attrib "">
+<!ENTITY % toclevel2.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel2.element "INCLUDE">
+<![ %toclevel2.element; [
+<!ELEMENT ToClevel2 - O (ToCentry+, ToClevel3*)>
+<!--end of toclevel2.element-->]]>
+
+<!ENTITY % toclevel2.attlist "INCLUDE">
+<![ %toclevel2.attlist; [
+<!ATTLIST ToClevel2
+		%common.attrib;
+		%toclevel2.role.attrib;
+		%local.toclevel2.attrib;
+>
+<!--end of toclevel2.attlist-->]]>
+<!--end of toclevel2.module-->]]>
+
+<!ENTITY % toclevel3.module "INCLUDE">
+<![ %toclevel3.module; [
+<!ENTITY % local.toclevel3.attrib "">
+<!ENTITY % toclevel3.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel3.element "INCLUDE">
+<![ %toclevel3.element; [
+<!ELEMENT ToClevel3 - O (ToCentry+, ToClevel4*)>
+<!--end of toclevel3.element-->]]>
+
+<!ENTITY % toclevel3.attlist "INCLUDE">
+<![ %toclevel3.attlist; [
+<!ATTLIST ToClevel3
+		%common.attrib;
+		%toclevel3.role.attrib;
+		%local.toclevel3.attrib;
+>
+<!--end of toclevel3.attlist-->]]>
+<!--end of toclevel3.module-->]]>
+
+<!ENTITY % toclevel4.module "INCLUDE">
+<![ %toclevel4.module; [
+<!ENTITY % local.toclevel4.attrib "">
+<!ENTITY % toclevel4.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel4.element "INCLUDE">
+<![ %toclevel4.element; [
+<!ELEMENT ToClevel4 - O (ToCentry+, ToClevel5*)>
+<!--end of toclevel4.element-->]]>
+
+<!ENTITY % toclevel4.attlist "INCLUDE">
+<![ %toclevel4.attlist; [
+<!ATTLIST ToClevel4
+		%common.attrib;
+		%toclevel4.role.attrib;
+		%local.toclevel4.attrib;
+>
+<!--end of toclevel4.attlist-->]]>
+<!--end of toclevel4.module-->]]>
+
+<!ENTITY % toclevel5.module "INCLUDE">
+<![ %toclevel5.module; [
+<!ENTITY % local.toclevel5.attrib "">
+<!ENTITY % toclevel5.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel5.element "INCLUDE">
+<![ %toclevel5.element; [
+<!ELEMENT ToClevel5 - O (ToCentry+)>
+<!--end of toclevel5.element-->]]>
+
+<!ENTITY % toclevel5.attlist "INCLUDE">
+<![ %toclevel5.attlist; [
+<!ATTLIST ToClevel5
+		%common.attrib;
+		%toclevel5.role.attrib;
+		%local.toclevel5.attrib;
+>
+<!--end of toclevel5.attlist-->]]>
+<!--end of toclevel5.module-->]]>
+
+<!ENTITY % tocback.module "INCLUDE">
+<![ %tocback.module; [
+<!ENTITY % local.tocback.attrib "">
+<!ENTITY % tocback.role.attrib "%role.attrib;">
+
+<!ENTITY % tocback.element "INCLUDE">
+<![ %tocback.element; [
+<!ELEMENT ToCback - O ((%para.char.mix;)+)>
+<!--end of tocback.element-->]]>
+
+<!ENTITY % tocback.attlist "INCLUDE">
+<![ %tocback.attlist; [
+<!ATTLIST ToCback
+		%label.attrib;
+		%linkend.attrib; --to element that this entry represents--
+		%pagenum.attrib;
+		%common.attrib;
+		%tocback.role.attrib;
+		%local.tocback.attrib;
+>
+<!--end of tocback.attlist-->]]>
+<!--end of tocback.module-->]]>
+<!--end of toc.content.module-->]]>
+
+<!ENTITY % lot.content.module "INCLUDE">
+<![ %lot.content.module; [
+<!ENTITY % lot.module "INCLUDE">
+<![ %lot.module; [
+<!ENTITY % local.lot.attrib "">
+<!ENTITY % lot.role.attrib "%role.attrib;">
+
+<!ENTITY % lot.element "INCLUDE">
+<![ %lot.element; [
+<!ELEMENT LoT - O ((%bookcomponent.title.content;)?, LoTentry*)>
+<!--end of lot.element-->]]>
+
+<!ENTITY % lot.attlist "INCLUDE">
+<![ %lot.attlist; [
+<!ATTLIST LoT
+		%label.attrib;
+		%common.attrib;
+		%lot.role.attrib;
+		%local.lot.attrib;
+>
+<!--end of lot.attlist-->]]>
+<!--end of lot.module-->]]>
+
+<!ENTITY % lotentry.module "INCLUDE">
+<![ %lotentry.module; [
+<!ENTITY % local.lotentry.attrib "">
+<!ENTITY % lotentry.role.attrib "%role.attrib;">
+
+<!ENTITY % lotentry.element "INCLUDE">
+<![ %lotentry.element; [
+<!ELEMENT LoTentry - - ((%para.char.mix;)+ )>
+<!--end of lotentry.element-->]]>
+
+<!ENTITY % lotentry.attlist "INCLUDE">
+<![ %lotentry.attlist; [
+<!ATTLIST LoTentry
+		--
+		SrcCredit: Information about the source of the entry, 
+		as for a list of illustrations
+		--
+		SrcCredit	CDATA		#IMPLIED
+		%pagenum.attrib;
+		%common.attrib;
+		%linkend.attrib; --to element that this entry represents--
+		%lotentry.role.attrib;
+		%local.lotentry.attrib;
+>
+<!--end of lotentry.attlist-->]]>
+<!--end of lotentry.module-->]]>
+<!--end of lot.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Appendix, Chapter, Part, Preface, Reference, PartIntro ............... -->
+
+<!ENTITY % appendix.module "INCLUDE">
+<![ %appendix.module; [
+<!ENTITY % local.appendix.attrib "">
+<!ENTITY % appendix.role.attrib "%role.attrib;">
+
+<!ENTITY % appendix.element "INCLUDE">
+<![ %appendix.element; [
+<!ELEMENT Appendix - O (AppendixInfo?,
+                         (%bookcomponent.title.content;), 
+                         (%nav.class)*,
+                         ToCchap?,
+                         (%bookcomponent.content;),
+                         (%nav.class)*)
+                         %ubiq.inclusion;>
+<!--end of appendix.element-->]]>
+
+<!ENTITY % appendix.attlist "INCLUDE">
+<![ %appendix.attlist; [
+<!ATTLIST Appendix
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%appendix.role.attrib;
+		%local.appendix.attrib;
+>
+<!--end of appendix.attlist-->]]>
+<!--end of appendix.module-->]]>
+
+<!ENTITY % chapter.module "INCLUDE">
+<![ %chapter.module; [
+<!ENTITY % local.chapter.attrib "">
+<!ENTITY % chapter.role.attrib "%role.attrib;">
+
+<!ENTITY % chapter.element "INCLUDE">
+<![ %chapter.element; [
+<!ELEMENT Chapter - O (ChapterInfo?,
+                        (%bookcomponent.title.content;),
+                        (%nav.class)*,
+                        ToCchap?,
+                        (%bookcomponent.content;),
+                        (%nav.class)*)
+                        %ubiq.inclusion;>
+<!--end of chapter.element-->]]>
+
+<!ENTITY % chapter.attlist "INCLUDE">
+<![ %chapter.attlist; [
+<!ATTLIST Chapter
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%chapter.role.attrib;
+		%local.chapter.attrib;
+>
+<!--end of chapter.attlist-->]]>
+<!--end of chapter.module-->]]>
+
+<!ENTITY % part.module "INCLUDE">
+<![ %part.module; [
+
+<!-- Note that Part was to have its content model reduced in V4.1.  This
+change will not be made after all. -->
+
+<!ENTITY % local.part.attrib "">
+<!ENTITY % part.role.attrib "%role.attrib;">
+
+<!ENTITY % part.element "INCLUDE">
+<![ %part.element; [
+<!ELEMENT Part - - (PartInfo?, (%bookcomponent.title.content;), PartIntro?,
+		(%partcontent.mix;)+) %ubiq.inclusion;>
+<!--end of part.element-->]]>
+
+<!ENTITY % part.attlist "INCLUDE">
+<![ %part.attlist; [
+<!ATTLIST Part
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%part.role.attrib;
+		%local.part.attrib;
+>
+<!--end of part.attlist-->]]>
+<!--ELEMENT PartIntro (defined below)-->
+<!--end of part.module-->]]>
+
+<!ENTITY % preface.module "INCLUDE">
+<![ %preface.module; [
+<!ENTITY % local.preface.attrib "">
+<!ENTITY % preface.role.attrib "%role.attrib;">
+
+<!ENTITY % preface.element "INCLUDE">
+<![ %preface.element; [
+<!ELEMENT Preface - O (PrefaceInfo?,
+                        (%bookcomponent.title.content;),
+                        (%nav.class)*,
+                        ToCchap?,
+                        (%bookcomponent.content;),
+                        (%nav.class)*)
+                        %ubiq.inclusion;>
+<!--end of preface.element-->]]>
+
+<!ENTITY % preface.attlist "INCLUDE">
+<![ %preface.attlist; [
+<!ATTLIST Preface
+		%status.attrib;
+		%common.attrib;
+		%preface.role.attrib;
+		%local.preface.attrib;
+>
+<!--end of preface.attlist-->]]>
+<!--end of preface.module-->]]>
+
+<!ENTITY % reference.module "INCLUDE">
+<![ %reference.module; [
+<!ENTITY % local.reference.attrib "">
+<!ENTITY % reference.role.attrib "%role.attrib;">
+
+<!ENTITY % reference.element "INCLUDE">
+<![ %reference.element; [
+<!ELEMENT Reference - O (ReferenceInfo?, (%bookcomponent.title.content;),
+		 PartIntro?,
+		(%refentry.class;)+) %ubiq.inclusion;>
+<!--end of reference.element-->]]>
+
+<!ENTITY % reference.attlist "INCLUDE">
+<![ %reference.attlist; [
+<!ATTLIST Reference
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%reference.role.attrib;
+		%local.reference.attrib;
+>
+<!--end of reference.attlist-->]]>
+<!--ELEMENT PartIntro (defined below)-->
+<!--end of reference.module-->]]>
+
+<!ENTITY % partintro.module "INCLUDE">
+<![ %partintro.module; [
+<!ENTITY % local.partintro.attrib "">
+<!ENTITY % partintro.role.attrib "%role.attrib;">
+
+<!ENTITY % partintro.element "INCLUDE">
+<![ %partintro.element; [
+<!ELEMENT PartIntro - O ((%div.title.content;)?, (%bookcomponent.content;))
+		%ubiq.inclusion;>
+<!--end of partintro.element-->]]>
+
+<!ENTITY % partintro.attlist "INCLUDE">
+<![ %partintro.attlist; [
+<!ATTLIST PartIntro	
+		%label.attrib;
+		%common.attrib;
+		%local.partintro.attrib;
+		%partintro.role.attrib;
+>
+<!--end of partintro.attlist-->]]>
+<!--end of partintro.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Other Info elements .................................................. -->
+
+<!ENTITY % appendixinfo.module "INCLUDE">
+<![ %appendixinfo.module; [
+<!ENTITY % local.appendixinfo.attrib "">
+<!ENTITY % appendixinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % appendixinfo.element "INCLUDE">
+<![ %appendixinfo.element; [
+<!ELEMENT AppendixInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of appendixinfo.element-->]]>
+
+<!ENTITY % appendixinfo.attlist "INCLUDE">
+<![ %appendixinfo.attlist; [
+<!ATTLIST AppendixInfo
+		%common.attrib;
+		%appendixinfo.role.attrib;
+		%local.appendixinfo.attrib;
+>
+<!--end of appendixinfo.attlist-->]]>
+<!--end of appendixinfo.module-->]]>
+
+
+<!ENTITY % bibliographyinfo.module "INCLUDE">
+<![ %bibliographyinfo.module; [
+<!ENTITY % local.bibliographyinfo.attrib "">
+<!ENTITY % bibliographyinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliographyinfo.element "INCLUDE">
+<![ %bibliographyinfo.element; [
+<!ELEMENT BibliographyInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of bibliographyinfo.element-->]]>
+
+<!ENTITY % bibliographyinfo.attlist "INCLUDE">
+<![ %bibliographyinfo.attlist; [
+<!ATTLIST BibliographyInfo
+		%common.attrib;
+		%bibliographyinfo.role.attrib;
+		%local.bibliographyinfo.attrib;
+>
+<!--end of bibliographyinfo.attlist-->]]>
+<!--end of bibliographyinfo.module-->]]>
+
+<!ENTITY % chapterinfo.module "INCLUDE">
+<![ %chapterinfo.module; [
+<!ENTITY % local.chapterinfo.attrib "">
+<!ENTITY % chapterinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % chapterinfo.element "INCLUDE">
+<![ %chapterinfo.element; [
+<!ELEMENT ChapterInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of chapterinfo.element-->]]>
+
+<!ENTITY % chapterinfo.attlist "INCLUDE">
+<![ %chapterinfo.attlist; [
+<!ATTLIST ChapterInfo
+		%common.attrib;
+		%chapterinfo.role.attrib;
+		%local.chapterinfo.attrib;
+>
+<!--end of chapterinfo.attlist-->]]>
+<!--end of chapterinfo.module-->]]>
+
+<!ENTITY % glossaryinfo.module "INCLUDE">
+<![ %glossaryinfo.module; [
+<!ENTITY % local.glossaryinfo.attrib "">
+<!ENTITY % glossaryinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % glossaryinfo.element "INCLUDE">
+<![ %glossaryinfo.element; [
+<!ELEMENT GlossaryInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of glossaryinfo.element-->]]>
+
+<!ENTITY % glossaryinfo.attlist "INCLUDE">
+<![ %glossaryinfo.attlist; [
+<!ATTLIST GlossaryInfo
+		%common.attrib;
+		%glossaryinfo.role.attrib;
+		%local.glossaryinfo.attrib;
+>
+<!--end of glossaryinfo.attlist-->]]>
+<!--end of glossaryinfo.module-->]]>
+
+
+<!ENTITY % indexinfo.module "INCLUDE">
+<![ %indexinfo.module; [
+<!ENTITY % local.indexinfo.attrib "">
+<!ENTITY % indexinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % indexinfo.element "INCLUDE">
+<![ %indexinfo.element; [
+<!ELEMENT IndexInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of indexinfo.element-->]]>
+
+<!ENTITY % indexinfo.attlist "INCLUDE">
+<![ %indexinfo.attlist; [
+<!ATTLIST IndexInfo
+		%common.attrib;
+		%indexinfo.role.attrib;
+		%local.indexinfo.attrib;
+>
+<!--end of indexinfo.attlist-->]]>
+<!--end of indexinfo.module-->]]>
+
+<!ENTITY % partinfo.module "INCLUDE">
+<![ %partinfo.module; [
+<!ENTITY % local.partinfo.attrib "">
+<!ENTITY % partinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % partinfo.element "INCLUDE">
+<![ %partinfo.element; [
+<!ELEMENT PartInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of partinfo.element-->]]>
+
+<!ENTITY % partinfo.attlist "INCLUDE">
+<![ %partinfo.attlist; [
+<!ATTLIST PartInfo
+		%common.attrib;
+		%partinfo.role.attrib;
+		%local.partinfo.attrib;
+>
+<!--end of partinfo.attlist-->]]>
+<!--end of partinfo.module-->]]>
+
+
+<!ENTITY % prefaceinfo.module "INCLUDE">
+<![ %prefaceinfo.module; [
+<!ENTITY % local.prefaceinfo.attrib "">
+<!ENTITY % prefaceinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % prefaceinfo.element "INCLUDE">
+<![ %prefaceinfo.element; [
+<!ELEMENT PrefaceInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of prefaceinfo.element-->]]>
+
+<!ENTITY % prefaceinfo.attlist "INCLUDE">
+<![ %prefaceinfo.attlist; [
+<!ATTLIST PrefaceInfo
+		%common.attrib;
+		%prefaceinfo.role.attrib;
+		%local.prefaceinfo.attrib;
+>
+<!--end of prefaceinfo.attlist-->]]>
+<!--end of prefaceinfo.module-->]]>
+
+
+<!ENTITY % refentryinfo.module "INCLUDE">
+<![ %refentryinfo.module; [
+<!ENTITY % local.refentryinfo.attrib "">
+<!ENTITY % refentryinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % refentryinfo.element "INCLUDE">
+<![ %refentryinfo.element; [
+<!ELEMENT RefEntryInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refentryinfo.element-->]]>
+
+<!ENTITY % refentryinfo.attlist "INCLUDE">
+<![ %refentryinfo.attlist; [
+<!ATTLIST RefEntryInfo
+		%common.attrib;
+		%refentryinfo.role.attrib;
+		%local.refentryinfo.attrib;
+>
+<!--end of refentryinfo.attlist-->]]>
+<!--end of refentryinfo.module-->]]>
+
+
+<!ENTITY % refsect1info.module "INCLUDE">
+<![ %refsect1info.module; [
+<!ENTITY % local.refsect1info.attrib "">
+<!ENTITY % refsect1info.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect1info.element "INCLUDE">
+<![ %refsect1info.element; [
+<!ELEMENT RefSect1Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsect1info.element-->]]>
+
+<!ENTITY % refsect1info.attlist "INCLUDE">
+<![ %refsect1info.attlist; [
+<!ATTLIST RefSect1Info
+		%common.attrib;
+		%refsect1info.role.attrib;
+		%local.refsect1info.attrib;
+>
+<!--end of refsect1info.attlist-->]]>
+<!--end of refsect1info.module-->]]>
+
+
+<!ENTITY % refsect2info.module "INCLUDE">
+<![ %refsect2info.module; [
+<!ENTITY % local.refsect2info.attrib "">
+<!ENTITY % refsect2info.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect2info.element "INCLUDE">
+<![ %refsect2info.element; [
+<!ELEMENT RefSect2Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsect2info.element-->]]>
+
+<!ENTITY % refsect2info.attlist "INCLUDE">
+<![ %refsect2info.attlist; [
+<!ATTLIST RefSect2Info
+		%common.attrib;
+		%refsect2info.role.attrib;
+		%local.refsect2info.attrib;
+>
+<!--end of refsect2info.attlist-->]]>
+<!--end of refsect2info.module-->]]>
+
+
+<!ENTITY % refsect3info.module "INCLUDE">
+<![ %refsect3info.module; [
+<!ENTITY % local.refsect3info.attrib "">
+<!ENTITY % refsect3info.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect3info.element "INCLUDE">
+<![ %refsect3info.element; [
+<!ELEMENT RefSect3Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsect3info.element-->]]>
+
+<!ENTITY % refsect3info.attlist "INCLUDE">
+<![ %refsect3info.attlist; [
+<!ATTLIST RefSect3Info
+		%common.attrib;
+		%refsect3info.role.attrib;
+		%local.refsect3info.attrib;
+>
+<!--end of refsect3info.attlist-->]]>
+<!--end of refsect3info.module-->]]>
+
+
+<!ENTITY % refsynopsisdivinfo.module "INCLUDE">
+<![ %refsynopsisdivinfo.module; [
+<!ENTITY % local.refsynopsisdivinfo.attrib "">
+<!ENTITY % refsynopsisdivinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % refsynopsisdivinfo.element "INCLUDE">
+<![ %refsynopsisdivinfo.element; [
+<!ELEMENT RefSynopsisDivInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsynopsisdivinfo.element-->]]>
+
+<!ENTITY % refsynopsisdivinfo.attlist "INCLUDE">
+<![ %refsynopsisdivinfo.attlist; [
+<!ATTLIST RefSynopsisDivInfo
+		%common.attrib;
+		%refsynopsisdivinfo.role.attrib;
+		%local.refsynopsisdivinfo.attrib;
+>
+<!--end of refsynopsisdivinfo.attlist-->]]>
+<!--end of refsynopsisdivinfo.module-->]]>
+
+
+<!ENTITY % referenceinfo.module "INCLUDE">
+<![ %referenceinfo.module; [
+<!ENTITY % local.referenceinfo.attrib "">
+<!ENTITY % referenceinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % referenceinfo.element "INCLUDE">
+<![ %referenceinfo.element; [
+<!ELEMENT ReferenceInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of referenceinfo.element-->]]>
+
+<!ENTITY % referenceinfo.attlist "INCLUDE">
+<![ %referenceinfo.attlist; [
+<!ATTLIST ReferenceInfo
+		%common.attrib;
+		%referenceinfo.role.attrib;
+		%local.referenceinfo.attrib;
+>
+<!--end of referenceinfo.attlist-->]]>
+<!--end of referenceinfo.module-->]]>
+
+
+<!ENTITY % sect1info.module "INCLUDE">
+<![ %sect1info.module; [
+<!ENTITY % local.sect1info.attrib "">
+<!ENTITY % sect1info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect1info.element "INCLUDE">
+<![ %sect1info.element; [
+<!ELEMENT Sect1Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect1info.element-->]]>
+
+<!ENTITY % sect1info.attlist "INCLUDE">
+<![ %sect1info.attlist; [
+<!ATTLIST Sect1Info
+		%common.attrib;
+		%sect1info.role.attrib;
+		%local.sect1info.attrib;
+>
+<!--end of sect1info.attlist-->]]>
+<!--end of sect1info.module-->]]>
+
+
+<!ENTITY % sect2info.module "INCLUDE">
+<![ %sect2info.module; [
+<!ENTITY % local.sect2info.attrib "">
+<!ENTITY % sect2info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect2info.element "INCLUDE">
+<![ %sect2info.element; [
+<!ELEMENT Sect2Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect2info.element-->]]>
+
+<!ENTITY % sect2info.attlist "INCLUDE">
+<![ %sect2info.attlist; [
+<!ATTLIST Sect2Info
+		%common.attrib;
+		%sect2info.role.attrib;
+		%local.sect2info.attrib;
+>
+<!--end of sect2info.attlist-->]]>
+<!--end of sect2info.module-->]]>
+
+
+<!ENTITY % sect3info.module "INCLUDE">
+<![ %sect3info.module; [
+<!ENTITY % local.sect3info.attrib "">
+<!ENTITY % sect3info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect3info.element "INCLUDE">
+<![ %sect3info.element; [
+<!ELEMENT Sect3Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect3info.element-->]]>
+
+<!ENTITY % sect3info.attlist "INCLUDE">
+<![ %sect3info.attlist; [
+<!ATTLIST Sect3Info
+		%common.attrib;
+		%sect3info.role.attrib;
+		%local.sect3info.attrib;
+>
+<!--end of sect3info.attlist-->]]>
+<!--end of sect3info.module-->]]>
+
+
+<!ENTITY % sect4info.module "INCLUDE">
+<![ %sect4info.module; [
+<!ENTITY % local.sect4info.attrib "">
+<!ENTITY % sect4info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect4info.element "INCLUDE">
+<![ %sect4info.element; [
+<!ELEMENT Sect4Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect4info.element-->]]>
+
+<!ENTITY % sect4info.attlist "INCLUDE">
+<![ %sect4info.attlist; [
+<!ATTLIST Sect4Info
+		%common.attrib;
+		%sect4info.role.attrib;
+		%local.sect4info.attrib;
+>
+<!--end of sect4info.attlist-->]]>
+<!--end of sect4info.module-->]]>
+
+
+<!ENTITY % sect5info.module "INCLUDE">
+<![ %sect5info.module; [
+<!ENTITY % local.sect5info.attrib "">
+<!ENTITY % sect5info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect5info.element "INCLUDE">
+<![ %sect5info.element; [
+<!ELEMENT Sect5Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect5info.element-->]]>
+
+<!ENTITY % sect5info.attlist "INCLUDE">
+<![ %sect5info.attlist; [
+<!ATTLIST Sect5Info
+		%common.attrib;
+		%sect5info.role.attrib;
+		%local.sect5info.attrib;
+>
+<!--end of sect5info.attlist-->]]>
+<!--end of sect5info.module-->]]>
+
+
+<!ENTITY % setindexinfo.module "INCLUDE">
+<![ %setindexinfo.module; [
+<!ENTITY % local.setindexinfo.attrib "">
+<!ENTITY % setindexinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % setindexinfo.element "INCLUDE">
+<![ %setindexinfo.element; [
+<!ELEMENT SetIndexInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of setindexinfo.element-->]]>
+
+<!ENTITY % setindexinfo.attlist "INCLUDE">
+<![ %setindexinfo.attlist; [
+<!ATTLIST SetIndexInfo
+		%common.attrib;
+		%setindexinfo.role.attrib;
+		%local.setindexinfo.attrib;
+>
+<!--end of setindexinfo.attlist-->]]>
+<!--end of setindexinfo.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Section (parallel to Sect*) ......................................... -->
+
+<!ENTITY % section.content.module "INCLUDE">
+<![ %section.content.module; [
+<!ENTITY % section.module "INCLUDE">
+<![ %section.module; [
+<!ENTITY % local.section.attrib "">
+<!ENTITY % section.role.attrib "%role.attrib;">
+
+<!ENTITY % section.element "INCLUDE">
+<![ %section.element; [
+<!ELEMENT Section - - (SectionInfo?,
+			(%sect.title.content;),
+			(%nav.class;)*,
+			(((%divcomponent.mix;)+,
+ 			  ((%refentry.class;)*|Section*))
+			 | (%refentry.class;)+|Section+),
+			(%nav.class;)*)
+			%ubiq.inclusion;>
+<!--end of section.element-->]]>
+
+<!ENTITY % section.attlist "INCLUDE">
+<![ %section.attlist; [
+<!ATTLIST Section
+		--
+		What did we decide about RenderAs?
+		Renderas	(Sect1
+ 				|Sect2
+				|Sect3
+ 				|Sect4
+ 				|Sect5)		#IMPLIED
+		--
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%section.role.attrib;
+		%local.section.attrib;
+>
+<!--end of section.attlist-->]]>
+<!--end of section.module-->]]>
+
+<!ENTITY % sectioninfo.module "INCLUDE">
+<![ %sectioninfo.module; [
+<!ENTITY % sectioninfo.role.attrib "%role.attrib;">
+<!ENTITY % local.sectioninfo.attrib "">
+
+<!ENTITY % sectioninfo.element "INCLUDE">
+<![ %sectioninfo.element; [
+<!ELEMENT SectionInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of sectioninfo.element-->]]>
+
+<!ENTITY % sectioninfo.attlist "INCLUDE">
+<![ %sectioninfo.attlist; [
+<!ATTLIST SectionInfo
+		%common.attrib;
+		%sectioninfo.role.attrib;
+		%local.sectioninfo.attrib;
+>
+<!--end of sectioninfo.attlist-->]]>
+<!--end of sectioninfo.module-->]]>
+<!--end of section.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Sect1, Sect2, Sect3, Sect4, Sect5 .................................... -->
+
+<!ENTITY % sect1.module "INCLUDE">
+<![ %sect1.module; [
+<!ENTITY % local.sect1.attrib "">
+<!ENTITY % sect1.role.attrib "%role.attrib;">
+
+<!ENTITY % sect1.element "INCLUDE">
+<![ %sect1.element; [
+<!ELEMENT Sect1 - O (Sect1Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect2* | SimpleSect*))
+		| (%refentry.class;)+ | Sect2+ | SimpleSect+), (%nav.class;)*)
+		%ubiq.inclusion;>
+<!--end of sect1.element-->]]>
+
+<!ENTITY % sect1.attlist "INCLUDE">
+<![ %sect1.attlist; [
+<!ATTLIST Sect1
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect2
+				|Sect3
+				|Sect4
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect1.role.attrib;
+		%local.sect1.attrib;
+>
+<!--end of sect1.attlist-->]]>
+<!--end of sect1.module-->]]>
+
+<!ENTITY % sect2.module "INCLUDE">
+<![ %sect2.module; [
+<!ENTITY % local.sect2.attrib "">
+<!ENTITY % sect2.role.attrib "%role.attrib;">
+
+<!ENTITY % sect2.element "INCLUDE">
+<![ %sect2.element; [
+<!ELEMENT Sect2 - O (Sect2Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect3* | SimpleSect*))
+		| (%refentry.class;)+ | Sect3+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect2.element-->]]>
+
+<!ENTITY % sect2.attlist "INCLUDE">
+<![ %sect2.attlist; [
+<!ATTLIST Sect2
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect3
+				|Sect4
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect2.role.attrib;
+		%local.sect2.attrib;
+>
+<!--end of sect2.attlist-->]]>
+<!--end of sect2.module-->]]>
+
+<!ENTITY % sect3.module "INCLUDE">
+<![ %sect3.module; [
+<!ENTITY % local.sect3.attrib "">
+<!ENTITY % sect3.role.attrib "%role.attrib;">
+
+<!ENTITY % sect3.element "INCLUDE">
+<![ %sect3.element; [
+<!ELEMENT Sect3 - O (Sect3Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect4* | SimpleSect*))
+		| (%refentry.class;)+ | Sect4+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect3.element-->]]>
+
+<!ENTITY % sect3.attlist "INCLUDE">
+<![ %sect3.attlist; [
+<!ATTLIST Sect3
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect2
+				|Sect4
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect3.role.attrib;
+		%local.sect3.attrib;
+>
+<!--end of sect3.attlist-->]]>
+<!--end of sect3.module-->]]>
+
+<!ENTITY % sect4.module "INCLUDE">
+<![ %sect4.module; [
+<!ENTITY % local.sect4.attrib "">
+<!ENTITY % sect4.role.attrib "%role.attrib;">
+
+<!ENTITY % sect4.element "INCLUDE">
+<![ %sect4.element; [
+<!ELEMENT Sect4 - O (Sect4Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect5* | SimpleSect*))
+		| (%refentry.class;)+ | Sect5+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect4.element-->]]>
+
+<!ENTITY % sect4.attlist "INCLUDE">
+<![ %sect4.attlist; [
+<!ATTLIST Sect4
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect2
+				|Sect3
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect4.role.attrib;
+		%local.sect4.attrib;
+>
+<!--end of sect4.attlist-->]]>
+<!--end of sect4.module-->]]>
+
+<!ENTITY % sect5.module "INCLUDE">
+<![ %sect5.module; [
+<!ENTITY % local.sect5.attrib "">
+<!ENTITY % sect5.role.attrib "%role.attrib;">
+
+<!ENTITY % sect5.element "INCLUDE">
+<![ %sect5.element; [
+<!ELEMENT Sect5 - O (Sect5Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, ((%refentry.class;)* | SimpleSect*))
+		| (%refentry.class;)+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect5.element-->]]>
+
+<!ENTITY % sect5.attlist "INCLUDE">
+<![ %sect5.attlist; [
+<!ATTLIST Sect5
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect2
+				|Sect3
+				|Sect4)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect5.role.attrib;
+		%local.sect5.attrib;
+>
+<!--end of sect5.attlist-->]]>
+<!--end of sect5.module-->]]>
+
+<!ENTITY % simplesect.module "INCLUDE">
+<![ %simplesect.module; [
+<!ENTITY % local.simplesect.attrib "">
+<!ENTITY % simplesect.role.attrib "%role.attrib;">
+
+<!ENTITY % simplesect.element "INCLUDE">
+<![ %simplesect.element; [
+<!ELEMENT SimpleSect - O ((%sect.title.content;), (%divcomponent.mix;)+)
+		%ubiq.inclusion;>
+<!--end of simplesect.element-->]]>
+
+<!ENTITY % simplesect.attlist "INCLUDE">
+<![ %simplesect.attlist; [
+<!ATTLIST SimpleSect
+		%common.attrib;
+		%simplesect.role.attrib;
+		%local.simplesect.attrib;
+>
+<!--end of simplesect.attlist-->]]>
+<!--end of simplesect.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Bibliography ......................................................... -->
+
+<!ENTITY % bibliography.content.module "INCLUDE">
+<![ %bibliography.content.module; [
+<!ENTITY % bibliography.module "INCLUDE">
+<![ %bibliography.module; [
+<!ENTITY % local.bibliography.attrib "">
+<!ENTITY % bibliography.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliography.element "INCLUDE">
+<![ %bibliography.element; [
+<!ELEMENT Bibliography - O (BibliographyInfo?,
+		(%bookcomponent.title.content;)?,
+		(%component.mix;)*, 
+		(BiblioDiv+ | (BiblioEntry|BiblioMixed)+))>
+<!--end of bibliography.element-->]]>
+
+<!ENTITY % bibliography.attlist "INCLUDE">
+<![ %bibliography.attlist; [
+<!ATTLIST Bibliography
+		%status.attrib;
+		%common.attrib;
+		%bibliography.role.attrib;
+		%local.bibliography.attrib;
+>
+<!--end of bibliography.attlist-->]]>
+<!--end of bibliography.module-->]]>
+
+<!ENTITY % bibliodiv.module "INCLUDE">
+<![ %bibliodiv.module; [
+<!ENTITY % local.bibliodiv.attrib "">
+<!ENTITY % bibliodiv.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliodiv.element "INCLUDE">
+<![ %bibliodiv.element; [
+<!ELEMENT BiblioDiv - O ((%sect.title.content;)?, (%component.mix;)*,
+		(BiblioEntry|BiblioMixed)+)>
+<!--end of bibliodiv.element-->]]>
+
+<!ENTITY % bibliodiv.attlist "INCLUDE">
+<![ %bibliodiv.attlist; [
+<!ATTLIST BiblioDiv
+		%status.attrib;
+		%common.attrib;
+		%bibliodiv.role.attrib;
+		%local.bibliodiv.attrib;
+>
+<!--end of bibliodiv.attlist-->]]>
+<!--end of bibliodiv.module-->]]>
+<!--end of bibliography.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Glossary ............................................................. -->
+
+<!ENTITY % glossary.content.module "INCLUDE">
+<![ %glossary.content.module; [
+<!ENTITY % glossary.module "INCLUDE">
+<![ %glossary.module; [
+<!ENTITY % local.glossary.attrib "">
+<!ENTITY % glossary.role.attrib "%role.attrib;">
+
+<!ENTITY % glossary.element "INCLUDE">
+<![ %glossary.element; [
+<!ELEMENT Glossary - O (GlossaryInfo?,
+		(%bookcomponent.title.content;)?, (%component.mix;)*,
+		(GlossDiv+ | GlossEntry+), Bibliography?)>
+<!--end of glossary.element-->]]>
+
+<!ENTITY % glossary.attlist "INCLUDE">
+<![ %glossary.attlist; [
+<!ATTLIST Glossary
+		%status.attrib;
+		%common.attrib;
+		%glossary.role.attrib;
+		%local.glossary.attrib;
+>
+<!--end of glossary.attlist-->]]>
+<!--end of glossary.module-->]]>
+
+<!ENTITY % glossdiv.module "INCLUDE">
+<![ %glossdiv.module; [
+<!ENTITY % local.glossdiv.attrib "">
+<!ENTITY % glossdiv.role.attrib "%role.attrib;">
+
+<!ENTITY % glossdiv.element "INCLUDE">
+<![ %glossdiv.element; [
+<!ELEMENT GlossDiv - O ((%sect.title.content;), (%component.mix;)*,
+		GlossEntry+)>
+<!--end of glossdiv.element-->]]>
+
+<!ENTITY % glossdiv.attlist "INCLUDE">
+<![ %glossdiv.attlist; [
+<!ATTLIST GlossDiv
+		%status.attrib;
+		%common.attrib;
+		%glossdiv.role.attrib;
+		%local.glossdiv.attrib;
+>
+<!--end of glossdiv.attlist-->]]>
+<!--end of glossdiv.module-->]]>
+<!--end of glossary.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Index and SetIndex ................................................... -->
+
+<!ENTITY % index.content.module "INCLUDE">
+<![ %index.content.module; [
+<!ENTITY % index.module "INCLUDE">
+<![ %index.module; [
+<!ENTITY % local.index.attrib "">
+<!ENTITY % index.role.attrib "%role.attrib;">
+
+<!ENTITY % index.element "INCLUDE">
+<![ %index.element; [
+<!ELEMENT Index - O (IndexInfo?, (%bookcomponent.title.content;)?,
+		(%component.mix;)*, (IndexDiv* | IndexEntry*))
+		%ndxterm.exclusion;>
+<!--end of index.element-->]]>
+
+<!ENTITY % index.attlist "INCLUDE">
+<![ %index.attlist; [
+<!ATTLIST Index
+		%common.attrib;
+		%index.role.attrib;
+		%local.index.attrib;
+>
+<!--end of index.attlist-->]]>
+<!--end of index.module-->]]>
+
+<!ENTITY % setindex.module "INCLUDE">
+<![ %setindex.module; [
+<!ENTITY % local.setindex.attrib "">
+<!ENTITY % setindex.role.attrib "%role.attrib;">
+
+<!ENTITY % setindex.element "INCLUDE">
+<![ %setindex.element; [
+<!ELEMENT SetIndex - O (SetIndexInfo?, (%bookcomponent.title.content;)?,
+		(%component.mix;)*, (IndexDiv* | IndexEntry*))
+		%ndxterm.exclusion;>
+<!--end of setindex.element-->]]>
+
+<!ENTITY % setindex.attlist "INCLUDE">
+<![ %setindex.attlist; [
+<!ATTLIST SetIndex
+		%common.attrib;
+		%setindex.role.attrib;
+		%local.setindex.attrib;
+>
+<!--end of setindex.attlist-->]]>
+<!--end of setindex.module-->]]>
+
+<!ENTITY % indexdiv.module "INCLUDE">
+<![ %indexdiv.module; [
+
+<!-- SegmentedList in this content is useful for marking up permuted
+     indices. -->
+
+<!ENTITY % local.indexdiv.attrib "">
+<!ENTITY % indexdiv.role.attrib "%role.attrib;">
+
+<!ENTITY % indexdiv.element "INCLUDE">
+<![ %indexdiv.element; [
+<!ELEMENT IndexDiv - O ((%sect.title.content;)?, ((%indexdivcomponent.mix;)*,
+		(IndexEntry+ | SegmentedList)))>
+<!--end of indexdiv.element-->]]>
+
+<!ENTITY % indexdiv.attlist "INCLUDE">
+<![ %indexdiv.attlist; [
+<!ATTLIST IndexDiv
+		%common.attrib;
+		%indexdiv.role.attrib;
+		%local.indexdiv.attrib;
+>
+<!--end of indexdiv.attlist-->]]>
+<!--end of indexdiv.module-->]]>
+
+<!ENTITY % indexentry.module "INCLUDE">
+<![ %indexentry.module; [
+<!-- Index entries appear in the index, not the text. -->
+
+<!ENTITY % local.indexentry.attrib "">
+<!ENTITY % indexentry.role.attrib "%role.attrib;">
+
+<!ENTITY % indexentry.element "INCLUDE">
+<![ %indexentry.element; [
+<!ELEMENT IndexEntry - O (PrimaryIE, (SeeIE|SeeAlsoIE)*,
+		(SecondaryIE, (SeeIE|SeeAlsoIE|TertiaryIE)*)*)>
+<!--end of indexentry.element-->]]>
+
+<!ENTITY % indexentry.attlist "INCLUDE">
+<![ %indexentry.attlist; [
+<!ATTLIST IndexEntry
+		%common.attrib;
+		%indexentry.role.attrib;
+		%local.indexentry.attrib;
+>
+<!--end of indexentry.attlist-->]]>
+<!--end of indexentry.module-->]]>
+
+<!ENTITY % primsecterie.module "INCLUDE">
+<![ %primsecterie.module; [
+<!ENTITY % local.primsecterie.attrib "">
+<!ENTITY % primsecterie.role.attrib "%role.attrib;">
+
+<!ENTITY % primsecterie.elements "INCLUDE">
+<![ %primsecterie.elements; [
+<!ELEMENT (PrimaryIE | SecondaryIE | TertiaryIE) - O ((%ndxterm.char.mix;)+)>
+<!--end of primsecterie.elements-->]]>
+
+<!ENTITY % primsecterie.attlists "INCLUDE">
+<![ %primsecterie.attlists; [
+<!ATTLIST (PrimaryIE | SecondaryIE | TertiaryIE)
+		%linkends.attrib; --to IndexTerms that these entries represent--
+		%common.attrib;
+		%primsecterie.role.attrib;
+		%local.primsecterie.attrib;
+>
+<!--end of primsecterie.attlists-->]]>
+<!--end of primsecterie.module-->]]>
+	
+<!ENTITY % seeie.module "INCLUDE">
+<![ %seeie.module; [
+<!ENTITY % local.seeie.attrib "">
+<!ENTITY % seeie.role.attrib "%role.attrib;">
+
+<!ENTITY % seeie.element "INCLUDE">
+<![ %seeie.element; [
+<!ELEMENT SeeIE - O ((%ndxterm.char.mix;)+)>
+<!--end of seeie.element-->]]>
+
+<!ENTITY % seeie.attlist "INCLUDE">
+<![ %seeie.attlist; [
+<!ATTLIST SeeIE
+		%linkend.attrib; --to IndexEntry to look up--
+		%common.attrib;
+		%seeie.role.attrib;
+		%local.seeie.attrib;
+>
+<!--end of seeie.attlist-->]]>
+<!--end of seeie.module-->]]>
+
+<!ENTITY % seealsoie.module "INCLUDE">
+<![ %seealsoie.module; [
+<!ENTITY % local.seealsoie.attrib "">
+<!ENTITY % seealsoie.role.attrib "%role.attrib;">
+
+<!ENTITY % seealsoie.element "INCLUDE">
+<![ %seealsoie.element; [
+<!ELEMENT SeeAlsoIE - O ((%ndxterm.char.mix;)+)>
+<!--end of seealsoie.element-->]]>
+
+<!ENTITY % seealsoie.attlist "INCLUDE">
+<![ %seealsoie.attlist; [
+<!ATTLIST SeeAlsoIE
+		%linkends.attrib; --to related IndexEntries--
+		%common.attrib;
+		%seealsoie.role.attrib;
+		%local.seealsoie.attrib;
+>
+<!--end of seealsoie.attlist-->]]>
+<!--end of seealsoie.module-->]]>
+<!--end of index.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- RefEntry ............................................................. -->
+
+<!ENTITY % refentry.content.module "INCLUDE">
+<![ %refentry.content.module; [
+<!ENTITY % refentry.module "INCLUDE">
+<![ %refentry.module; [
+<!ENTITY % local.refentry.attrib "">
+<!ENTITY % refentry.role.attrib "%role.attrib;">
+
+<!ENTITY % refentry.element "INCLUDE">
+<![ %refentry.element; [
+<!ELEMENT RefEntry - O (RefEntryInfo?, RefMeta?, (Remark|%link.char.class;)*,
+		RefNameDiv, RefSynopsisDiv?, RefSect1+) %ubiq.inclusion;>
+<!--end of refentry.element-->]]>
+
+<!ENTITY % refentry.attlist "INCLUDE">
+<![ %refentry.attlist; [
+<!ATTLIST RefEntry
+		%status.attrib;
+		%common.attrib;
+		%refentry.role.attrib;
+		%local.refentry.attrib;
+>
+<!--end of refentry.attlist-->]]>
+<!--end of refentry.module-->]]>
+
+<!ENTITY % refmeta.module "INCLUDE">
+<![ %refmeta.module; [
+<!ENTITY % local.refmeta.attrib "">
+<!ENTITY % refmeta.role.attrib "%role.attrib;">
+
+<!ENTITY % refmeta.element "INCLUDE">
+<![ %refmeta.element; [
+<!ELEMENT RefMeta - - (RefEntryTitle, ManVolNum?, RefMiscInfo*)
+		%beginpage.exclusion;>
+<!--end of refmeta.element-->]]>
+
+<!ENTITY % refmeta.attlist "INCLUDE">
+<![ %refmeta.attlist; [
+<!ATTLIST RefMeta
+		%common.attrib;
+		%refmeta.role.attrib;
+		%local.refmeta.attrib;
+>
+<!--end of refmeta.attlist-->]]>
+<!--end of refmeta.module-->]]>
+
+<!ENTITY % refmiscinfo.module "INCLUDE">
+<![ %refmiscinfo.module; [
+<!ENTITY % local.refmiscinfo.attrib "">
+<!ENTITY % refmiscinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % refmiscinfo.element "INCLUDE">
+<![ %refmiscinfo.element; [
+<!ELEMENT RefMiscInfo - - ((%docinfo.char.mix;)+)>
+<!--end of refmiscinfo.element-->]]>
+
+<!ENTITY % refmiscinfo.attlist "INCLUDE">
+<![ %refmiscinfo.attlist; [
+<!ATTLIST RefMiscInfo
+		--
+		Class: Freely assignable parameter; no default
+		--
+		Class		CDATA		#IMPLIED
+		%common.attrib;
+		%refmiscinfo.role.attrib;
+		%local.refmiscinfo.attrib;
+>
+<!--end of refmiscinfo.attlist-->]]>
+<!--end of refmiscinfo.module-->]]>
+
+<!ENTITY % refnamediv.module "INCLUDE">
+<![ %refnamediv.module; [
+<!ENTITY % local.refnamediv.attrib "">
+<!ENTITY % refnamediv.role.attrib "%role.attrib;">
+
+<!ENTITY % refnamediv.element "INCLUDE">
+<![ %refnamediv.element; [
+<!ELEMENT RefNameDiv - O (RefDescriptor?, RefName+, RefPurpose, RefClass*,
+		(Remark|%link.char.class;)*)>
+<!--end of refnamediv.element-->]]>
+
+<!ENTITY % refnamediv.attlist "INCLUDE">
+<![ %refnamediv.attlist; [
+<!ATTLIST RefNameDiv
+		%common.attrib;
+		%refnamediv.role.attrib;
+		%local.refnamediv.attrib;
+>
+<!--end of refnamediv.attlist-->]]>
+<!--end of refnamediv.module-->]]>
+	
+<!ENTITY % refdescriptor.module "INCLUDE">
+<![ %refdescriptor.module; [
+<!ENTITY % local.refdescriptor.attrib "">
+<!ENTITY % refdescriptor.role.attrib "%role.attrib;">
+
+<!ENTITY % refdescriptor.element "INCLUDE">
+<![ %refdescriptor.element; [
+<!ELEMENT RefDescriptor - O ((%refname.char.mix;)+)>
+<!--end of refdescriptor.element-->]]>
+
+<!ENTITY % refdescriptor.attlist "INCLUDE">
+<![ %refdescriptor.attlist; [
+<!ATTLIST RefDescriptor
+		%common.attrib;
+		%refdescriptor.role.attrib;
+		%local.refdescriptor.attrib;
+>
+<!--end of refdescriptor.attlist-->]]>
+<!--end of refdescriptor.module-->]]>
+
+<!ENTITY % refname.module "INCLUDE">
+<![ %refname.module; [
+<!ENTITY % local.refname.attrib "">
+<!ENTITY % refname.role.attrib "%role.attrib;">
+
+<!ENTITY % refname.element "INCLUDE">
+<![ %refname.element; [
+<!ELEMENT RefName - O ((%refname.char.mix;)+)>
+<!--end of refname.element-->]]>
+
+<!ENTITY % refname.attlist "INCLUDE">
+<![ %refname.attlist; [
+<!ATTLIST RefName
+		%common.attrib;
+		%refname.role.attrib;
+		%local.refname.attrib;
+>
+<!--end of refname.attlist-->]]>
+<!--end of refname.module-->]]>
+
+<!ENTITY % refpurpose.module "INCLUDE">
+<![ %refpurpose.module; [
+<!ENTITY % local.refpurpose.attrib "">
+<!ENTITY % refpurpose.role.attrib "%role.attrib;">
+
+<!ENTITY % refpurpose.element "INCLUDE">
+<![ %refpurpose.element; [
+<!ELEMENT RefPurpose - O ((%refinline.char.mix;)+)>
+<!--end of refpurpose.element-->]]>
+
+<!ENTITY % refpurpose.attlist "INCLUDE">
+<![ %refpurpose.attlist; [
+<!ATTLIST RefPurpose
+		%common.attrib;
+		%refpurpose.role.attrib;
+		%local.refpurpose.attrib;
+>
+<!--end of refpurpose.attlist-->]]>
+<!--end of refpurpose.module-->]]>
+
+<!ENTITY % refclass.module "INCLUDE">
+<![ %refclass.module; [
+<!ENTITY % local.refclass.attrib "">
+<!ENTITY % refclass.role.attrib "%role.attrib;">
+
+<!ENTITY % refclass.element "INCLUDE">
+<![ %refclass.element; [
+<!ELEMENT RefClass - O ((%refclass.char.mix;)+)>
+<!--end of refclass.element-->]]>
+
+<!ENTITY % refclass.attlist "INCLUDE">
+<![ %refclass.attlist; [
+<!ATTLIST RefClass
+		%common.attrib;
+		%refclass.role.attrib;
+		%local.refclass.attrib;
+>
+<!--end of refclass.attlist-->]]>
+<!--end of refclass.module-->]]>
+
+<!ENTITY % refsynopsisdiv.module "INCLUDE">
+<![ %refsynopsisdiv.module; [
+<!ENTITY % local.refsynopsisdiv.attrib "">
+<!ENTITY % refsynopsisdiv.role.attrib "%role.attrib;">
+
+<!ENTITY % refsynopsisdiv.element "INCLUDE">
+<![ %refsynopsisdiv.element; [
+<!ELEMENT RefSynopsisDiv - O (RefSynopsisDivInfo?, (%refsect.title.content;)?,
+		(((%refcomponent.mix;)+, RefSect2*) | (RefSect2+)))>
+<!--end of refsynopsisdiv.element-->]]>
+
+<!ENTITY % refsynopsisdiv.attlist "INCLUDE">
+<![ %refsynopsisdiv.attlist; [
+<!ATTLIST RefSynopsisDiv
+		%common.attrib;
+		%refsynopsisdiv.role.attrib;
+		%local.refsynopsisdiv.attrib;
+>
+<!--end of refsynopsisdiv.attlist-->]]>
+<!--end of refsynopsisdiv.module-->]]>
+
+<!ENTITY % refsect1.module "INCLUDE">
+<![ %refsect1.module; [
+<!ENTITY % local.refsect1.attrib "">
+<!ENTITY % refsect1.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect1.element "INCLUDE">
+<![ %refsect1.element; [
+<!ELEMENT RefSect1 - O (RefSect1Info?, (%refsect.title.content;),
+		(((%refcomponent.mix;)+, RefSect2*) | RefSect2+))>
+<!--end of refsect1.element-->]]>
+
+<!ENTITY % refsect1.attlist "INCLUDE">
+<![ %refsect1.attlist; [
+<!ATTLIST RefSect1
+		%status.attrib;
+		%common.attrib;
+		%refsect1.role.attrib;
+		%local.refsect1.attrib;
+>
+<!--end of refsect1.attlist-->]]>
+<!--end of refsect1.module-->]]>
+
+<!ENTITY % refsect2.module "INCLUDE">
+<![ %refsect2.module; [
+<!ENTITY % local.refsect2.attrib "">
+<!ENTITY % refsect2.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect2.element "INCLUDE">
+<![ %refsect2.element; [
+<!ELEMENT RefSect2 - O (RefSect2Info?, (%refsect.title.content;),
+	(((%refcomponent.mix;)+, RefSect3*) | RefSect3+))>
+<!--end of refsect2.element-->]]>
+
+<!ENTITY % refsect2.attlist "INCLUDE">
+<![ %refsect2.attlist; [
+<!ATTLIST RefSect2
+		%status.attrib;
+		%common.attrib;
+		%refsect2.role.attrib;
+		%local.refsect2.attrib;
+>
+<!--end of refsect2.attlist-->]]>
+<!--end of refsect2.module-->]]>
+
+<!ENTITY % refsect3.module "INCLUDE">
+<![ %refsect3.module; [
+<!ENTITY % local.refsect3.attrib "">
+<!ENTITY % refsect3.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect3.element "INCLUDE">
+<![ %refsect3.element; [
+<!ELEMENT RefSect3 - O (RefSect3Info?, (%refsect.title.content;), 
+	(%refcomponent.mix;)+)>
+<!--end of refsect3.element-->]]>
+
+<!ENTITY % refsect3.attlist "INCLUDE">
+<![ %refsect3.attlist; [
+<!ATTLIST RefSect3
+		%status.attrib;
+		%common.attrib;
+		%refsect3.role.attrib;
+		%local.refsect3.attrib;
+>
+<!--end of refsect3.attlist-->]]>
+<!--end of refsect3.module-->]]>
+<!--end of refentry.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Article .............................................................. -->
+
+<!ENTITY % article.module "INCLUDE">
+<![ %article.module; [
+<!-- An Article is a chapter-level, stand-alone document that is often,
+     but need not be, collected into a Book. -->
+
+<!ENTITY % local.article.attrib "">
+<!ENTITY % article.role.attrib "%role.attrib;">
+
+<!ENTITY % article.element "INCLUDE">
+<![ %article.element; [
+<!ELEMENT Article - O ((%div.title.content;)?, ArticleInfo?, ToCchap?, LoT*,
+		       (%bookcomponent.content;),
+		       ((%nav.class;) | (%appendix.class;) | Ackno)*)
+		       %ubiq.inclusion;>
+<!--end of article.element-->]]>
+
+<!ENTITY % article.attlist "INCLUDE">
+<![ %article.attlist; [
+<!ATTLIST Article
+		--
+		Class: Indicates the type of a particular article;
+		all articles have the same structure and general purpose.
+		No default.
+		--
+		Class		(JournalArticle
+				|ProductSheet
+				|WhitePaper
+				|TechReport
+				|Specification
+				|FAQ)		#IMPLIED
+		--
+		ParentBook: ID of the enclosing Book
+		--
+		ParentBook	IDREF		#IMPLIED
+		%status.attrib;
+		%common.attrib;
+		%article.role.attrib;
+		%local.article.attrib;
+>
+<!--end of article.attlist-->]]>
+<!--end of article.module-->]]>
+
+<!-- End of DocBook document hierarchy module V4.1 ........................ -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/dbnotn.mod b/docs/docbook/dbsgml/dbnotn.mod
new file mode 100755
index 00000000000..32d80dd91d5
--- /dev/null
+++ b/docs/docbook/dbsgml/dbnotn.mod
@@ -0,0 +1,97 @@
+<!-- ...................................................................... -->
+<!-- DocBook notations module V4.1 ........................................ -->
+<!-- File dbnotn.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbnotn.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the entity declarations for the standard
+     notations used by DocBook.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbnotn PUBLIC
+     "-//OASIS//ENTITIES DocBook Notations V4.1//EN">
+     %dbnotn;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!ENTITY % local.notation.class "">
+<!ENTITY % notation.class
+		"BMP| CGM-CHAR | CGM-BINARY | CGM-CLEAR | DITROFF | DVI
+		| EPS | EQN | FAX | GIF | GIF87a | GIF89a 
+		| JPG | JPEG | IGES | PCX
+		| PIC | PNG | PS | SGML | TBL | TEX | TIFF | WMF | WPG
+		| linespecific
+		%local.notation.class;">
+
+<!NOTATION BMP		PUBLIC
+"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows bitmap//EN">
+<!NOTATION CGM-CHAR	PUBLIC "ISO 8632/2//NOTATION Character encoding//EN">
+<!NOTATION CGM-BINARY	PUBLIC "ISO 8632/3//NOTATION Binary encoding//EN">
+<!NOTATION CGM-CLEAR	PUBLIC "ISO 8632/4//NOTATION Clear text encoding//EN">
+<!NOTATION DITROFF	SYSTEM "DITROFF">
+<!NOTATION DVI		SYSTEM "DVI">
+<!NOTATION EPS		PUBLIC 
+"+//ISBN 0-201-18127-4::Adobe//NOTATION PostScript Language Ref. Manual//EN">
+<!-- EQN was SYSTEM "-//AT&T//NOTATION EQN-1//EN" -->
+<!NOTATION EQN		SYSTEM>
+<!NOTATION FAX		PUBLIC 
+"-//USA-DOD//NOTATION CCITT Group 4 Facsimile Type 1 Untiled Raster//EN">
+<!NOTATION GIF		SYSTEM "GIF">
+<!NOTATION GIF87a               PUBLIC
+"-//CompuServe//NOTATION Graphics Interchange Format 87a//EN">
+
+<!NOTATION GIF89a               PUBLIC
+"-//CompuServe//NOTATION Graphics Interchange Format 89a//EN">
+<!NOTATION JPG		SYSTEM "JPG">
+<!NOTATION JPEG		SYSTEM "JPG">
+<!NOTATION IGES		PUBLIC 
+"-//USA-DOD//NOTATION (ASME/ANSI Y14.26M-1987) Initial Graphics Exchange Specification//EN">
+<!NOTATION PCX		PUBLIC 
+"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION ZSoft PCX bitmap//EN">
+<!-- PIC was SYSTEM "-//AT&T//NOTATION EQN-1//EN" -->
+<!NOTATION PIC		SYSTEM>
+<!NOTATION PNG          SYSTEM "http://www.w3.org/TR/REC-png">
+<!NOTATION PS		SYSTEM "PS">
+<!NOTATION SGML		PUBLIC 
+"ISO 8879:1986//NOTATION Standard Generalized Markup Language//EN">
+<!-- TBL was SYSTEM "-//AT&T//NOTATION EQN-1//EN" -->
+<!NOTATION TBL		SYSTEM>
+<!NOTATION TEX		PUBLIC 
+"+//ISBN 0-201-13448-9::Knuth//NOTATION The TeXbook//EN">
+<!NOTATION TIFF		SYSTEM "TIFF">
+<!NOTATION WMF		PUBLIC 
+"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows Metafile//EN">
+<!NOTATION WPG		SYSTEM "WPG" --WordPerfect Graphic format-->
+<!NOTATION linespecific	SYSTEM 
+"line ends and leading white space must be preserved in output">
diff --git a/docs/docbook/dbsgml/dbpool.mod b/docs/docbook/dbsgml/dbpool.mod
new file mode 100755
index 00000000000..14dfb6a7cb8
--- /dev/null
+++ b/docs/docbook/dbsgml/dbpool.mod
@@ -0,0 +1,7396 @@
+<!-- ...................................................................... -->
+<!-- DocBook information pool module V4.1 ................................. -->
+<!-- File dbpool.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbpool.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the definitions for the objects, inline
+     elements, and so on that are available to be used as the main
+     content of DocBook documents.  Some elements are useful for general
+     publishing, and others are useful specifically for computer
+     documentation.
+
+     This module has the following dependencies on other modules:
+
+     o It assumes that a %notation.class; entity is defined by the
+       driver file or other high-level module.  This entity is
+       referenced in the NOTATION attributes for the graphic-related and
+       ModeSpec elements.
+
+     o It assumes that an appropriately parameterized table module is
+       available for use with the table-related elements.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbpool PUBLIC
+     "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN">
+     %dbpool;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+<!-- General-purpose semantics entities ................................... -->
+
+<!ENTITY % yesorno.attvals	"NUMBER">
+
+<![IGNORE[
+<!ENTITY % yes.attval		"1"> <!-- never actually used -->
+]]>
+
+<!ENTITY % no.attval		"0">
+
+<!-- ...................................................................... -->
+<!-- Entities for module inclusions ....................................... -->
+
+<!ENTITY % dbpool.redecl.module "IGNORE">
+
+<!-- ...................................................................... -->
+<!-- Entities for element classes and mixtures ............................ -->
+
+<!-- Object-level classes ................................................. -->
+
+<!ENTITY % local.list.class "">
+<!ENTITY % list.class
+		"CalloutList|GlossList|ItemizedList|OrderedList|SegmentedList
+		|SimpleList|VariableList %local.list.class;">
+
+<!ENTITY % local.admon.class "">
+<!ENTITY % admon.class
+		"Caution|Important|Note|Tip|Warning %local.admon.class;">
+
+<!ENTITY % local.linespecific.class "">
+<!ENTITY % linespecific.class
+		"LiteralLayout|ProgramListing|ProgramListingCO|Screen
+		|ScreenCO|ScreenShot %local.linespecific.class;">
+
+<!ENTITY % local.method.synop.class "">
+<!ENTITY % method.synop.class
+		"ConstructorSynopsis
+                 |DestructorSynopsis
+                 |MethodSynopsis %local.method.synop.class;">
+
+<!ENTITY % local.synop.class "">
+<!ENTITY % synop.class
+		"Synopsis|CmdSynopsis|FuncSynopsis
+                 |ClassSynopsis|FieldSynopsis
+                 |%method.synop.class; %local.synop.class;">
+
+<!ENTITY % local.para.class "">
+<!ENTITY % para.class
+		"FormalPara|Para|SimPara %local.para.class;">
+
+<!ENTITY % local.informal.class "">
+<!ENTITY % informal.class
+		"Address|BlockQuote
+		|Graphic|GraphicCO|MediaObject|MediaObjectCO
+		|InformalEquation
+		|InformalExample
+		|InformalFigure
+		|InformalTable %local.informal.class;">
+
+<!ENTITY % local.formal.class "">
+<!ENTITY % formal.class
+		"Equation|Example|Figure|Table %local.formal.class;">
+
+<!-- The DocBook TC may produce an official EBNF module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % ebnf.block.hook "">
+
+<!ENTITY % local.compound.class "">
+<!ENTITY % compound.class
+		"MsgSet|Procedure|Sidebar|QandASet
+                 %ebnf.block.hook;
+                 %local.compound.class;">
+
+<!ENTITY % local.genobj.class "">
+<!ENTITY % genobj.class
+		"Anchor|BridgeHead|Remark|Highlights
+		%local.genobj.class;">
+
+<!ENTITY % local.descobj.class "">
+<!ENTITY % descobj.class
+		"Abstract|AuthorBlurb|Epigraph
+		%local.descobj.class;">
+
+<!-- Character-level classes .............................................. -->
+
+<!ENTITY % local.ndxterm.class "">
+<!ENTITY % ndxterm.class
+		"IndexTerm %local.ndxterm.class;">
+
+<!ENTITY % local.xref.char.class "">
+<!ENTITY % xref.char.class
+		"FootnoteRef|XRef %local.xref.char.class;">
+
+<!ENTITY % local.gen.char.class "">
+<!ENTITY % gen.char.class
+		"Abbrev|Acronym|Citation|CiteRefEntry|CiteTitle|Emphasis
+		|FirstTerm|ForeignPhrase|GlossTerm|Footnote|Phrase
+		|Quote|Trademark|WordAsWord %local.gen.char.class;">
+
+<!ENTITY % local.link.char.class "">
+<!ENTITY % link.char.class
+		"Link|OLink|ULink %local.link.char.class;">
+
+<!-- The DocBook TC may produce an official EBNF module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % ebnf.inline.hook "">
+
+<!ENTITY % local.tech.char.class "">
+<!ENTITY % tech.char.class
+		"Action|Application
+                |ClassName|MethodName|InterfaceName|ExceptionName
+                |OOClass|OOInterface|OOException
+                |Command|ComputerOutput
+		|Database|Email|EnVar|ErrorCode|ErrorName|ErrorType|Filename
+		|Function|GUIButton|GUIIcon|GUILabel|GUIMenu|GUIMenuItem
+		|GUISubmenu|Hardware|Interface|KeyCap
+		|KeyCode|KeyCombo|KeySym|Literal|Constant|Markup|MediaLabel
+		|MenuChoice|MouseButton|Option|Optional|Parameter
+		|Prompt|Property|Replaceable|ReturnValue|SGMLTag|StructField
+		|StructName|Symbol|SystemItem|Token|Type|UserInput|VarName
+                %ebnf.inline.hook;
+		%local.tech.char.class;">
+
+<!ENTITY % local.base.char.class "">
+<!ENTITY % base.char.class
+		"Anchor %local.base.char.class;">
+
+<!ENTITY % local.docinfo.char.class "">
+<!ENTITY % docinfo.char.class
+		"Author|AuthorInitials|CorpAuthor|ModeSpec|OtherCredit
+		|ProductName|ProductNumber|RevHistory
+		%local.docinfo.char.class;">
+
+<!ENTITY % local.other.char.class "">
+<!ENTITY % other.char.class
+		"Remark|Subscript|Superscript %local.other.char.class;">
+
+<!ENTITY % local.inlineobj.char.class "">
+<!ENTITY % inlineobj.char.class
+		"InlineGraphic|InlineMediaObject|InlineEquation %local.inlineobj.char.class;">
+
+<!-- Redeclaration placeholder ............................................ -->
+
+<!-- For redeclaring entities that are declared after this point while
+     retaining their references to the entities that are declared before
+     this point -->
+
+<![ %dbpool.redecl.module; [
+%rdbpool;
+<!--end of dbpool.redecl.module-->]]>
+
+<!-- Object-level mixtures ................................................ -->
+
+<!--
+                      list admn line synp para infm form cmpd gen  desc
+Component mixture       X    X    X    X    X    X    X    X    X    X
+Sidebar mixture         X    X    X    X    X    X    X    a    X
+Footnote mixture        X         X    X    X    X
+Example mixture         X         X    X    X    X
+Highlights mixture      X    X              X
+Paragraph mixture       X         X    X         X
+Admonition mixture      X         X    X    X    X    X    b    c
+Figure mixture                    X    X         X
+Table entry mixture     X    X    X         X    d
+Glossary def mixture    X         X    X    X    X         e
+Legal notice mixture    X    X    X         X    f
+
+a. Just Procedure; not Sidebar itself or MsgSet.
+b. No MsgSet.
+c. No Highlights.
+d. Just Graphic; no other informal objects.
+e. No Anchor, BridgeHead, or Highlights.
+f. Just BlockQuote; no other informal objects.
+-->
+
+<!ENTITY % local.component.mix "">
+<!ENTITY % component.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|%compound.class;
+		|%genobj.class;		|%descobj.class;
+		|%ndxterm.class;
+		%local.component.mix;">
+
+<!ENTITY % local.sidebar.mix "">
+<!ENTITY % sidebar.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure
+		|%genobj.class;
+		|%ndxterm.class;
+		%local.sidebar.mix;">
+
+<!ENTITY % local.qandaset.mix "">
+<!ENTITY % qandaset.mix
+		"%list.class;           |%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure
+		|%genobj.class;
+		|%ndxterm.class;
+		%local.qandaset.mix;">
+
+<!ENTITY % local.revdescription.mix "">
+<!ENTITY % revdescription.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure
+		|%genobj.class;
+		|%ndxterm.class;
+		%local.revdescription.mix;">
+
+<!ENTITY % local.footnote.mix "">
+<!ENTITY % footnote.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		%local.footnote.mix;">
+
+<!ENTITY % local.example.mix "">
+<!ENTITY % example.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%ndxterm.class;
+		%local.example.mix;">
+
+<!ENTITY % local.highlights.mix "">
+<!ENTITY % highlights.mix
+		"%list.class;		|%admon.class;
+		|%para.class;
+		|%ndxterm.class;
+		%local.highlights.mix;">
+
+<!-- %formal.class; is explicitly excluded from many contexts in which
+     paragraphs are used -->
+
+<!ENTITY % local.para.mix "">
+<!ENTITY % para.mix
+		"%list.class;           |%admon.class;
+		|%linespecific.class;
+					|%informal.class;
+		|%formal.class;
+		%local.para.mix;">
+
+<!ENTITY % local.admon.mix "">
+<!ENTITY % admon.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure|Sidebar
+		|Anchor|BridgeHead|Remark
+		|%ndxterm.class;
+		%local.admon.mix;">
+
+<!ENTITY % local.figure.mix "">
+<!ENTITY % figure.mix
+		"%linespecific.class;	|%synop.class;
+					|%informal.class;
+		|%ndxterm.class;
+		%local.figure.mix;">
+
+<!ENTITY % local.tabentry.mix "">
+<!ENTITY % tabentry.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;
+		|%para.class;		|Graphic|MediaObject
+		%local.tabentry.mix;">
+
+<!ENTITY % local.glossdef.mix "">
+<!ENTITY % glossdef.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;
+		|Remark
+		|%ndxterm.class;
+		%local.glossdef.mix;">
+
+<!ENTITY % local.legalnotice.mix "">
+<!ENTITY % legalnotice.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;
+		|%para.class;		|BlockQuote
+		|%ndxterm.class;
+		%local.legalnotice.mix;">
+
+<!ENTITY % local.textobject.mix "">
+<!ENTITY % textobject.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;
+		|%para.class;		|BlockQuote
+		%local.textobject.mix;">
+
+<!ENTITY % local.mediaobject.mix "">
+<!ENTITY % mediaobject.mix 
+		"VideoObject|AudioObject|ImageObject %local.mediaobject.mix">
+
+<!-- Character-level mixtures ............................................. -->
+
+<!ENTITY % local.ubiq.mix "">
+<!ENTITY % ubiq.mix
+		"%ndxterm.class;|BeginPage %local.ubiq.mix;">
+
+<!ENTITY % ubiq.exclusion "-(%ubiq.mix)">
+<!ENTITY % ubiq.inclusion "+(%ubiq.mix)">
+
+<!ENTITY % footnote.exclusion "-(Footnote|%formal.class;)">
+<!ENTITY % highlights.exclusion "-(%ubiq.mix;|%formal.class;)">
+<!ENTITY % admon.exclusion "-(%admon.class;)">
+<!ENTITY % formal.exclusion "-(%formal.class;)">
+<!ENTITY % acronym.exclusion "-(Acronym)">
+<!ENTITY % beginpage.exclusion "-(BeginPage)">
+<!ENTITY % ndxterm.exclusion "-(%ndxterm.class;)">
+<!ENTITY % blockquote.exclusion "-(Epigraph)">
+<!ENTITY % remark.exclusion "-(Remark|%ubiq.mix;)">
+<!ENTITY % glossterm.exclusion "-(GlossTerm)">
+<!ENTITY % links.exclusion "-(Link|OLink|ULink|XRef)">
+
+<!--
+                    #PCD xref word link cptr base dnfo othr inob (synop)
+para.char.mix         X    X    X    X    X    X    X    X    X
+title.char.mix        X    X    X    X    X    X    X    X    X
+ndxterm.char.mix      X    X    X    X    X    X    X    X    a
+cptr.char.mix         X              X    X    X         X    a
+smallcptr.char.mix    X                   b                   a
+word.char.mix         X         c    X         X         X    a
+docinfo.char.mix      X         d    X    b              X    a
+
+a. Just InlineGraphic; no InlineEquation.
+b. Just Replaceable; no other computer terms.
+c. Just Emphasis and Trademark; no other word elements.
+d. Just Acronym, Emphasis, and Trademark; no other word elements.
+-->
+
+<!-- The DocBook TC may produce an official forms module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % forminlines.hook "">
+
+<!ENTITY % local.para.char.mix "">
+<!ENTITY % para.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;	|%inlineobj.char.class;
+		|%synop.class;
+		|%ndxterm.class;
+                %forminlines.hook;
+		%local.para.char.mix;">
+
+<!ENTITY % local.title.char.mix "">
+<!ENTITY % title.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;	|%inlineobj.char.class;
+		|%ndxterm.class;
+		%local.title.char.mix;">
+
+<!ENTITY % local.ndxterm.char.mix "">
+<!ENTITY % ndxterm.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		%local.ndxterm.char.mix;">
+
+<!ENTITY % local.cptr.char.mix "">
+<!ENTITY % cptr.char.mix
+		"#PCDATA
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.cptr.char.mix;">
+
+<!ENTITY % local.smallcptr.char.mix "">
+<!ENTITY % smallcptr.char.mix
+		"#PCDATA
+					|Replaceable
+					|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.smallcptr.char.mix;">
+
+<!ENTITY % local.word.char.mix "">
+<!ENTITY % word.char.mix
+		"#PCDATA
+					|Acronym|Emphasis|Trademark
+		|%link.char.class;
+		|%base.char.class;
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.word.char.mix;">
+
+<!ENTITY % local.docinfo.char.mix "">
+<!ENTITY % docinfo.char.mix
+		"#PCDATA
+		|%link.char.class;
+					|Emphasis|Trademark
+					|Replaceable
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.docinfo.char.mix;">
+<!--ENTITY % bibliocomponent.mix (see Bibliographic section, below)-->
+<!--ENTITY % person.ident.mix (see Bibliographic section, below)-->
+
+<!-- ...................................................................... -->
+<!-- Entities for content models .......................................... -->
+
+<!ENTITY % formalobject.title.content "Title, TitleAbbrev?">
+
+<!-- ...................................................................... -->
+<!-- Entities for attributes and attribute components ..................... -->
+
+<!-- Effectivity attributes ............................................... -->
+
+<!ENTITY % arch.attrib
+	--Arch: Computer or chip architecture to which element applies; no 
+	default--
+	"Arch		CDATA		#IMPLIED">
+
+<!ENTITY % condition.attrib
+	--Condition: General-purpose effectivity attribute--
+	"Condition	CDATA		#IMPLIED">
+
+<!ENTITY % conformance.attrib
+	--Conformance: Standards conformance characteristics--
+	"Conformance	NMTOKENS	#IMPLIED">
+
+<!ENTITY % os.attrib
+	--OS: Operating system to which element applies; no default--
+	"OS		CDATA		#IMPLIED">
+
+<!ENTITY % revision.attrib
+	--Revision: Editorial revision to which element belongs; no default--
+	"Revision	CDATA		#IMPLIED">
+
+<!ENTITY % security.attrib
+	--Security: Security classification; no default--
+	"Security	CDATA		#IMPLIED">
+
+<!ENTITY % userlevel.attrib
+	--UserLevel: Level of user experience to which element applies; no 
+	default--
+	"UserLevel	CDATA		#IMPLIED">
+
+<!ENTITY % vendor.attrib
+	--Vendor: Computer vendor to which element applies; no default--
+	"Vendor		CDATA		#IMPLIED">
+
+<!ENTITY % local.effectivity.attrib "">
+<!ENTITY % effectivity.attrib
+	"%arch.attrib;
+	%condition.attrib;
+	%conformance.attrib;
+	%os.attrib;
+	%revision.attrib;
+	%security.attrib;
+	%userlevel.attrib;
+	%vendor.attrib;
+	%local.effectivity.attrib;"
+>
+
+<!-- Common attributes .................................................... -->
+
+<!ENTITY % id.attrib
+	--Id: Unique identifier of element; no default--
+	"Id		ID		#IMPLIED">
+
+<!ENTITY % idreq.attrib
+	--Id: Unique identifier of element; a value must be supplied; no 
+	default--
+	"Id		ID		#REQUIRED">
+
+<!ENTITY % lang.attrib
+	--Lang: Indicator of language in which element is written, for
+	translation, character set management, etc.; no default--
+	"Lang		CDATA		#IMPLIED">
+
+<!ENTITY % remap.attrib
+	--Remap: Previous role of element before conversion; no default--
+	"Remap		CDATA		#IMPLIED">
+
+<!ENTITY % role.attrib
+	--Role: New role of element in local environment; no default--
+	"Role		CDATA		#IMPLIED">
+
+<!ENTITY % xreflabel.attrib
+	--XRefLabel: Alternate labeling string for XRef text generation;
+	default is usually title or other appropriate label text already
+	contained in element--
+	"XRefLabel	CDATA		#IMPLIED">
+
+<!ENTITY % revisionflag.attrib
+	--RevisionFlag: Revision status of element; default is that element
+	wasn't revised--
+	"RevisionFlag	(Changed
+			|Added
+			|Deleted
+			|Off)		#IMPLIED">
+
+<!ENTITY % local.common.attrib "">
+<!ENTITY % common.attrib
+	"%id.attrib;
+	%lang.attrib;
+	%remap.attrib;
+	--Role is included explicitly on each element--
+	%xreflabel.attrib;
+	%revisionflag.attrib;
+	%effectivity.attrib;
+	%local.common.attrib;"
+>
+
+<!ENTITY % idreq.common.attrib
+	"%idreq.attrib;
+	%lang.attrib;
+	%remap.attrib;
+	--Role is included explicitly on each element--
+	%xreflabel.attrib;
+	%revisionflag.attrib;
+	%effectivity.attrib;
+	%local.common.attrib;"
+>
+
+<!-- Semi-common attributes and other attribute entities .................. -->
+
+<!ENTITY % local.graphics.attrib "">
+<!ENTITY % graphics.attrib
+	"
+	--EntityRef: Name of an external entity containing the content
+	of the graphic--
+	EntityRef	ENTITY		#IMPLIED
+
+	--FileRef: Filename, qualified by a pathname if desired, 
+	designating the file containing the content of the graphic--
+	FileRef 	CDATA		#IMPLIED
+
+	--Format: Notation of the element content, if any--
+	Format		(%notation.class;)
+					#IMPLIED
+
+	--SrcCredit: Information about the source of the Graphic--
+	SrcCredit	CDATA		#IMPLIED
+
+	--Width: Same as CALS reprowid (desired width)--
+	Width		NUTOKEN		#IMPLIED
+
+	--Depth: Same as CALS reprodep (desired depth)--
+	Depth		NUTOKEN		#IMPLIED
+
+	--Align: Same as CALS hplace with 'none' removed; #IMPLIED means 
+	application-specific--
+	Align		(Left
+			|Right 
+			|Center)	#IMPLIED
+
+	--Scale: Conflation of CALS hscale and vscale--
+	Scale		NUMBER		#IMPLIED
+
+	--Scalefit: Same as CALS scalefit--
+	Scalefit	%yesorno.attvals;
+					#IMPLIED
+	%local.graphics.attrib;"
+>
+
+<!ENTITY % local.keyaction.attrib "">
+<!ENTITY % keyaction.attrib
+	"
+	--Action: Key combination type; default is unspecified if one 
+	child element, Simul if there is more than one; if value is 
+	Other, the OtherAction attribute must have a nonempty value--
+	Action		(Click
+			|Double-Click
+			|Press
+			|Seq
+			|Simul
+			|Other)		#IMPLIED
+
+	--OtherAction: User-defined key combination type--
+	OtherAction	CDATA		#IMPLIED
+	%local.keyaction.attrib;"
+>
+
+<!ENTITY % label.attrib
+	--Label: Identifying number or string; default is usually the
+	appropriate number or string autogenerated by a formatter--
+	"Label		CDATA		#IMPLIED">
+
+<!ENTITY % linespecific.attrib
+	--Format: whether element is assumed to contain significant white
+	space--
+	"Format		NOTATION
+			(linespecific)	linespecific
+         LineNumbering	(Numbered|Unnumbered) 	#IMPLIED">
+
+<!ENTITY % linkend.attrib
+	--Linkend: link to related information; no default--
+	"Linkend	IDREF		#IMPLIED">
+
+<!ENTITY % linkendreq.attrib
+	--Linkend: required link to related information--
+	"Linkend	IDREF		#REQUIRED">
+
+<!ENTITY % linkends.attrib
+	--Linkends: link to one or more sets of related information; no 
+	default--
+	"Linkends	IDREFS		#IMPLIED">
+
+<![IGNORE[
+<!-- Declared for completeness, but never used -->
+<!ENTITY % linkendsreq.attrib
+	--Linkends: required link to one or more sets of related information--
+	"Linkends	IDREFS		#REQUIRED">
+]]>
+
+<!ENTITY % local.mark.attrib "">
+<!ENTITY % mark.attrib
+	"Mark		CDATA		#IMPLIED
+	%local.mark.attrib;"
+>
+
+<!ENTITY % moreinfo.attrib
+	--MoreInfo: whether element's content has an associated RefEntry--
+	"MoreInfo	(RefEntry|None)	None">
+
+<!ENTITY % pagenum.attrib
+	--Pagenum: number of page on which element appears; no default--
+	"Pagenum	CDATA		#IMPLIED">
+
+<!ENTITY % local.status.attrib "">
+<!ENTITY % status.attrib
+	--Status: Editorial or publication status of the element
+	it applies to, such as "in review" or "approved for distribution"--
+	"Status		CDATA		#IMPLIED
+	%local.status.attrib;"
+>
+
+<!ENTITY % width.attrib
+	--Width: width of the longest line in the element to which it
+	pertains, in number of characters--
+	"Width		NUMBER		#IMPLIED">
+
+<!-- ...................................................................... -->
+<!-- Title elements ....................................................... -->
+
+<!ENTITY % title.module "INCLUDE">
+<![ %title.module; [
+<!ENTITY % local.title.attrib "">
+<!ENTITY % title.role.attrib "%role.attrib;">
+
+<!ENTITY % title.element "INCLUDE">
+<![ %title.element; [
+<!ELEMENT Title - O ((%title.char.mix;)+)>
+<!--end of title.element-->]]>
+
+<!ENTITY % title.attlist "INCLUDE">
+<![ %title.attlist; [
+<!ATTLIST Title
+		%pagenum.attrib;
+		%common.attrib;
+		%title.role.attrib;
+		%local.title.attrib;
+>
+<!--end of title.attlist-->]]>
+<!--end of title.module-->]]>
+
+<!ENTITY % titleabbrev.module "INCLUDE">
+<![ %titleabbrev.module; [
+<!ENTITY % local.titleabbrev.attrib "">
+<!ENTITY % titleabbrev.role.attrib "%role.attrib;">
+
+<!ENTITY % titleabbrev.element "INCLUDE">
+<![ %titleabbrev.element; [
+<!ELEMENT TitleAbbrev - O ((%title.char.mix;)+)>
+<!--end of titleabbrev.element-->]]>
+
+<!ENTITY % titleabbrev.attlist "INCLUDE">
+<![ %titleabbrev.attlist; [
+<!ATTLIST TitleAbbrev
+		%common.attrib;
+		%titleabbrev.role.attrib;
+		%local.titleabbrev.attrib;
+>
+<!--end of titleabbrev.attlist-->]]>
+<!--end of titleabbrev.module-->]]>
+
+<!ENTITY % subtitle.module "INCLUDE">
+<![ %subtitle.module; [
+<!ENTITY % local.subtitle.attrib "">
+<!ENTITY % subtitle.role.attrib "%role.attrib;">
+
+<!ENTITY % subtitle.element "INCLUDE">
+<![ %subtitle.element; [
+<!ELEMENT Subtitle - O ((%title.char.mix;)+)>
+<!--end of subtitle.element-->]]>
+
+<!ENTITY % subtitle.attlist "INCLUDE">
+<![ %subtitle.attlist; [
+<!ATTLIST Subtitle
+		%common.attrib;
+		%subtitle.role.attrib;
+		%local.subtitle.attrib;
+>
+<!--end of subtitle.attlist-->]]>
+<!--end of subtitle.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Bibliographic entities and elements .................................. -->
+
+<!-- The bibliographic elements are typically used in the document
+     hierarchy. They do not appear in content models of information
+     pool elements.  See also the document information elements,
+     below. -->
+
+<!ENTITY % local.person.ident.mix "">
+<!ENTITY % person.ident.mix
+		"Honorific|FirstName|Surname|Lineage|OtherName|Affiliation
+		|AuthorBlurb|Contrib %local.person.ident.mix;">
+
+<!ENTITY % local.bibliocomponent.mix "">
+<!ENTITY % bibliocomponent.mix
+		"Abbrev|Abstract|Address|ArtPageNums|Author
+		|AuthorGroup|AuthorInitials|BiblioMisc|BiblioSet
+		|Collab|ConfGroup|ContractNum|ContractSponsor
+		|Copyright|CorpAuthor|CorpName|Date|Edition
+		|Editor|InvPartNumber|ISBN|ISSN|IssueNum|OrgName
+		|OtherCredit|PageNums|PrintHistory|ProductName
+		|ProductNumber|PubDate|Publisher|PublisherName
+		|PubsNumber|ReleaseInfo|RevHistory|SeriesVolNums
+		|Subtitle|Title|TitleAbbrev|VolumeNum|CiteTitle
+		|%person.ident.mix;
+		|%ndxterm.class;
+		%local.bibliocomponent.mix;">
+
+<!ENTITY % biblioentry.module "INCLUDE">
+<![ %biblioentry.module; [
+<!ENTITY % local.biblioentry.attrib "">
+
+<!ENTITY % biblioentry.role.attrib "%role.attrib;">
+
+<!ENTITY % biblioentry.element "INCLUDE">
+<![ %biblioentry.element; [
+<!--FUTURE USE (V5.0):
+......................
+ArticleInfo will be droped from BiblioEntry
+......................
+-->
+<!ELEMENT BiblioEntry - O ((ArticleInfo
+                            | (%bibliocomponent.mix;))+)
+                          %ubiq.exclusion;>
+<!--end of biblioentry.element-->]]>
+
+<!ENTITY % biblioentry.attlist "INCLUDE">
+<![ %biblioentry.attlist; [
+<!ATTLIST BiblioEntry
+		%common.attrib;
+		%biblioentry.role.attrib;
+		%local.biblioentry.attrib;
+>
+<!--end of biblioentry.attlist-->]]>
+<!--end of biblioentry.module-->]]>
+
+<!ENTITY % bibliomixed.module "INCLUDE">
+<![ %bibliomixed.module; [
+<!ENTITY % local.bibliomixed.attrib "">
+<!ENTITY % bibliomixed.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliomixed.element "INCLUDE">
+<![ %bibliomixed.element; [
+<!ELEMENT BiblioMixed - O ((%bibliocomponent.mix; | BiblioMSet | #PCDATA)+)
+	%ubiq.exclusion;>
+<!--end of bibliomixed.element-->]]>
+
+<!ENTITY % bibliomixed.attlist "INCLUDE">
+<![ %bibliomixed.attlist; [
+<!ATTLIST BiblioMixed
+		%common.attrib;
+		%bibliomixed.role.attrib;
+		%local.bibliomixed.attrib;
+>
+<!--end of bibliomixed.attlist-->]]>
+<!--end of bibliomixed.module-->]]>
+
+<!ENTITY % articleinfo.module "INCLUDE">
+<![ %articleinfo.module; [
+<!ENTITY % local.articleinfo.attrib "">
+<!ENTITY % articleinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % articleinfo.element "INCLUDE">
+<![ %articleinfo.element; [
+<!ELEMENT ArticleInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of articleinfo.element-->]]>
+
+<!ENTITY % articleinfo.attlist "INCLUDE">
+<![ %articleinfo.attlist; [
+<!ATTLIST ArticleInfo
+		%common.attrib;
+		%articleinfo.role.attrib;
+		%local.articleinfo.attrib;
+>
+<!--end of articleinfo.attlist-->]]>
+<!--end of articleinfo.module-->]]>
+
+<!ENTITY % biblioset.module "INCLUDE">
+<![ %biblioset.module; [
+<!ENTITY % local.biblioset.attrib "">
+<!ENTITY % biblioset.role.attrib "%role.attrib;">
+
+<!ENTITY % biblioset.element "INCLUDE">
+<![ %biblioset.element; [
+<!ELEMENT BiblioSet - - ((%bibliocomponent.mix;)+) %ubiq.exclusion;>
+<!--end of biblioset.element-->]]>
+
+<!ENTITY % biblioset.attlist "INCLUDE">
+<![ %biblioset.attlist; [
+<!ATTLIST BiblioSet
+		--
+		Relation: Relationship of elements contained within BiblioSet
+		--
+		Relation	CDATA		#IMPLIED
+		%common.attrib;
+		%biblioset.role.attrib;
+		%local.biblioset.attrib;
+>
+<!--end of biblioset.attlist-->]]>
+<!--end of biblioset.module-->]]>
+
+<!ENTITY % bibliomset.module "INCLUDE">
+<![ %bibliomset.module; [
+<!ENTITY % bibliomset.role.attrib "%role.attrib;">
+<!ENTITY % local.bibliomset.attrib "">
+
+<!ENTITY % bibliomset.element "INCLUDE">
+<![ %bibliomset.element; [
+<!ELEMENT BiblioMSet - - ((%bibliocomponent.mix; | BiblioMSet | #PCDATA)+)
+	%ubiq.exclusion;>
+<!--end of bibliomset.element-->]]>
+
+<!ENTITY % bibliomset.attlist "INCLUDE">
+<![ %bibliomset.attlist; [
+<!ATTLIST BiblioMSet
+		--
+		Relation: Relationship of elements contained within BiblioMSet
+		--
+		Relation	CDATA		#IMPLIED
+		%bibliomset.role.attrib;
+		%common.attrib;
+		%local.bibliomset.attrib;
+>
+<!--end of bibliomset.attlist-->]]>
+<!--end of bibliomset.module-->]]>
+
+<!ENTITY % bibliomisc.module "INCLUDE">
+<![ %bibliomisc.module; [
+<!ENTITY % local.bibliomisc.attrib "">
+<!ENTITY % bibliomisc.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliomisc.element "INCLUDE">
+<![ %bibliomisc.element; [
+<!ELEMENT BiblioMisc - - ((%para.char.mix;)+)>
+<!--end of bibliomisc.element-->]]>
+
+<!ENTITY % bibliomisc.attlist "INCLUDE">
+<![ %bibliomisc.attlist; [
+<!ATTLIST BiblioMisc
+		%common.attrib;
+		%bibliomisc.role.attrib;
+		%local.bibliomisc.attrib;
+>
+<!--end of bibliomisc.attlist-->]]>
+<!--end of bibliomisc.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Subject, Keyword, and ITermSet elements .............................. -->
+
+<!ENTITY % subjectset.content.module "INCLUDE">
+<![ %subjectset.content.module; [
+<!ENTITY % subjectset.module "INCLUDE">
+<![ %subjectset.module; [
+<!ENTITY % local.subjectset.attrib "">
+<!ENTITY % subjectset.role.attrib "%role.attrib;">
+
+<!ENTITY % subjectset.element "INCLUDE">
+<![ %subjectset.element; [
+<!ELEMENT SubjectSet - - (Subject+)>
+<!--end of subjectset.element-->]]>
+
+<!ENTITY % subjectset.attlist "INCLUDE">
+<![ %subjectset.attlist; [
+<!ATTLIST SubjectSet
+		--
+		Scheme: Controlled vocabulary employed in SubjectTerms
+		--
+		Scheme		NAME		#IMPLIED
+		%common.attrib;
+		%subjectset.role.attrib;
+		%local.subjectset.attrib;
+>
+<!--end of subjectset.attlist-->]]>
+<!--end of subjectset.module-->]]>
+
+<!ENTITY % subject.module "INCLUDE">
+<![ %subject.module; [
+<!ENTITY % local.subject.attrib "">
+<!ENTITY % subject.role.attrib "%role.attrib;">
+
+<!ENTITY % subject.element "INCLUDE">
+<![ %subject.element; [
+<!ELEMENT Subject - - (SubjectTerm+)>
+<!--end of subject.element-->]]>
+
+<!ENTITY % subject.attlist "INCLUDE">
+<![ %subject.attlist; [
+<!ATTLIST Subject
+		--
+		Weight: Ranking of this group of SubjectTerms relative 
+		to others, 0 is low, no highest value specified
+		--
+		Weight		NUMBER		#IMPLIED
+		%common.attrib;
+		%subject.role.attrib;
+		%local.subject.attrib;
+>
+<!--end of subject.attlist-->]]>
+<!--end of subject.module-->]]>
+
+<!ENTITY % subjectterm.module "INCLUDE">
+<![ %subjectterm.module; [
+<!ENTITY % local.subjectterm.attrib "">
+<!ENTITY % subjectterm.role.attrib "%role.attrib;">
+
+<!ENTITY % subjectterm.element "INCLUDE">
+<![ %subjectterm.element; [
+<!ELEMENT SubjectTerm - - (#PCDATA)>
+<!--end of subjectterm.element-->]]>
+
+<!ENTITY % subjectterm.attlist "INCLUDE">
+<![ %subjectterm.attlist; [
+<!ATTLIST SubjectTerm
+		%common.attrib;
+		%subjectterm.role.attrib;
+		%local.subjectterm.attrib;
+>
+<!--end of subjectterm.attlist-->]]>
+<!--end of subjectterm.module-->]]>
+<!--end of subjectset.content.module-->]]>
+
+<!ENTITY % keywordset.content.module "INCLUDE">
+<![ %keywordset.content.module; [
+<!ENTITY % local.keywordset.attrib "">
+<!ENTITY % keywordset.module "INCLUDE">
+<![ %keywordset.module; [
+<!ENTITY % local.keywordset.attrib "">
+<!ENTITY % keywordset.role.attrib "%role.attrib;">
+
+<!ENTITY % keywordset.element "INCLUDE">
+<![ %keywordset.element; [
+<!ELEMENT KeywordSet - - (Keyword+)>
+<!--end of keywordset.element-->]]>
+
+<!ENTITY % keywordset.attlist "INCLUDE">
+<![ %keywordset.attlist; [
+<!ATTLIST KeywordSet
+		%common.attrib;
+		%keywordset.role.attrib;
+		%local.keywordset.attrib;
+>
+<!--end of keywordset.attlist-->]]>
+<!--end of keywordset.module-->]]>
+
+<!ENTITY % keyword.module "INCLUDE">
+<![ %keyword.module; [
+<!ENTITY % local.keyword.attrib "">
+<!ENTITY % keyword.role.attrib "%role.attrib;">
+
+<!ENTITY % keyword.element "INCLUDE">
+<![ %keyword.element; [
+<!ELEMENT Keyword - - (#PCDATA)>
+<!--end of keyword.element-->]]>
+
+<!ENTITY % keyword.attlist "INCLUDE">
+<![ %keyword.attlist; [
+<!ATTLIST Keyword
+		%common.attrib;
+		%keyword.role.attrib;
+		%local.keyword.attrib;
+>
+<!--end of keyword.attlist-->]]>
+<!--end of keyword.module-->]]>
+<!--end of keywordset.content.module-->]]>
+
+<!ENTITY % itermset.module "INCLUDE">
+<![ %itermset.module; [
+<!ENTITY % local.itermset.attrib "">
+<!ENTITY % itermset.role.attrib "%role.attrib;">
+
+<!ENTITY % itermset.element "INCLUDE">
+<![ %itermset.element; [
+<!ELEMENT ITermSet - - (IndexTerm+)>
+<!--end of itermset.element-->]]>
+
+<!ENTITY % itermset.attlist "INCLUDE">
+<![ %itermset.attlist; [
+<!ATTLIST ITermSet
+		%common.attrib;
+		%itermset.role.attrib;
+		%local.itermset.attrib;
+>
+<!--end of itermset.attlist-->]]>
+<!--end of itermset.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Compound (section-ish) elements ...................................... -->
+
+<!-- Message set ...................... -->
+
+<!ENTITY % msgset.content.module "INCLUDE">
+<![ %msgset.content.module; [
+<!ENTITY % msgset.module "INCLUDE">
+<![ %msgset.module; [
+<!ENTITY % local.msgset.attrib "">
+<!ENTITY % msgset.role.attrib "%role.attrib;">
+
+<!ENTITY % msgset.element "INCLUDE">
+<![ %msgset.element; [
+<!ELEMENT MsgSet - - ((%formalobject.title.content;)?, (MsgEntry+|SimpleMsgEntry+))>
+<!--end of msgset.element-->]]>
+
+<!ENTITY % msgset.attlist "INCLUDE">
+<![ %msgset.attlist; [
+<!ATTLIST MsgSet
+		%common.attrib;
+		%msgset.role.attrib;
+		%local.msgset.attrib;
+>
+<!--end of msgset.attlist-->]]>
+<!--end of msgset.module-->]]>
+
+<!ENTITY % msgentry.module "INCLUDE">
+<![ %msgentry.module; [
+<!ENTITY % local.msgentry.attrib "">
+<!ENTITY % msgentry.role.attrib "%role.attrib;">
+
+<!ENTITY % msgentry.element "INCLUDE">
+<![ %msgentry.element; [
+<!ELEMENT MsgEntry - O (Msg+, MsgInfo?, MsgExplan*)>
+<!--end of msgentry.element-->]]>
+
+<!ENTITY % msgentry.attlist "INCLUDE">
+<![ %msgentry.attlist; [
+<!ATTLIST MsgEntry
+		%common.attrib;
+		%msgentry.role.attrib;
+		%local.msgentry.attrib;
+>
+<!--end of msgentry.attlist-->]]>
+<!--end of msgentry.module-->]]>
+
+<!ENTITY % simplemsgentry.module "INCLUDE">
+<![ %simplemsgentry.module; [
+<!ENTITY % local.simplemsgentry.attrib "">
+<!ENTITY % simplemsgentry.role.attrib "%role.attrib;">
+
+<!ENTITY % simplemsgentry.element "INCLUDE">
+<![ %simplemsgentry.element; [
+<!ELEMENT SimpleMsgEntry - O (MsgText, MsgExplan)>
+<!--end of simplemsgentry.element-->]]>
+
+<!ENTITY % simplemsgentry.attlist "INCLUDE">
+<![ %simplemsgentry.attlist; [
+<!ATTLIST SimpleMsgEntry
+		%common.attrib;
+		%simplemsgentry.role.attrib;
+		%local.simplemsgentry.attrib;
+		Audience	CDATA	#IMPLIED
+		Level		CDATA	#IMPLIED
+		Origin		CDATA	#IMPLIED
+>
+<!--end of simplemsgentry.attlist-->]]>
+<!--end of simplemsgentry.module-->]]>
+
+<!ENTITY % msg.module "INCLUDE">
+<![ %msg.module; [
+<!ENTITY % local.msg.attrib "">
+<!ENTITY % msg.role.attrib "%role.attrib;">
+
+<!ENTITY % msg.element "INCLUDE">
+<![ %msg.element; [
+<!ELEMENT Msg - O (Title?, MsgMain, (MsgSub | MsgRel)*)>
+<!--end of msg.element-->]]>
+
+<!ENTITY % msg.attlist "INCLUDE">
+<![ %msg.attlist; [
+<!ATTLIST Msg
+		%common.attrib;
+		%msg.role.attrib;
+		%local.msg.attrib;
+>
+<!--end of msg.attlist-->]]>
+<!--end of msg.module-->]]>
+
+<!ENTITY % msgmain.module "INCLUDE">
+<![ %msgmain.module; [
+<!ENTITY % local.msgmain.attrib "">
+<!ENTITY % msgmain.role.attrib "%role.attrib;">
+
+<!ENTITY % msgmain.element "INCLUDE">
+<![ %msgmain.element; [
+<!ELEMENT MsgMain - - (Title?, MsgText)>
+<!--end of msgmain.element-->]]>
+
+<!ENTITY % msgmain.attlist "INCLUDE">
+<![ %msgmain.attlist; [
+<!ATTLIST MsgMain
+		%common.attrib;
+		%msgmain.role.attrib;
+		%local.msgmain.attrib;
+>
+<!--end of msgmain.attlist-->]]>
+<!--end of msgmain.module-->]]>
+
+<!ENTITY % msgsub.module "INCLUDE">
+<![ %msgsub.module; [
+<!ENTITY % local.msgsub.attrib "">
+<!ENTITY % msgsub.role.attrib "%role.attrib;">
+
+<!ENTITY % msgsub.element "INCLUDE">
+<![ %msgsub.element; [
+<!ELEMENT MsgSub - - (Title?, MsgText)>
+<!--end of msgsub.element-->]]>
+
+<!ENTITY % msgsub.attlist "INCLUDE">
+<![ %msgsub.attlist; [
+<!ATTLIST MsgSub
+		%common.attrib;
+		%msgsub.role.attrib;
+		%local.msgsub.attrib;
+>
+<!--end of msgsub.attlist-->]]>
+<!--end of msgsub.module-->]]>
+
+<!ENTITY % msgrel.module "INCLUDE">
+<![ %msgrel.module; [
+<!ENTITY % local.msgrel.attrib "">
+<!ENTITY % msgrel.role.attrib "%role.attrib;">
+
+<!ENTITY % msgrel.element "INCLUDE">
+<![ %msgrel.element; [
+<!ELEMENT MsgRel - - (Title?, MsgText)>
+<!--end of msgrel.element-->]]>
+
+<!ENTITY % msgrel.attlist "INCLUDE">
+<![ %msgrel.attlist; [
+<!ATTLIST MsgRel
+		%common.attrib;
+		%msgrel.role.attrib;
+		%local.msgrel.attrib;
+>
+<!--end of msgrel.attlist-->]]>
+<!--end of msgrel.module-->]]>
+
+<!-- MsgText (defined in the Inlines section, below)-->
+
+<!ENTITY % msginfo.module "INCLUDE">
+<![ %msginfo.module; [
+<!ENTITY % local.msginfo.attrib "">
+<!ENTITY % msginfo.role.attrib "%role.attrib;">
+
+<!ENTITY % msginfo.element "INCLUDE">
+<![ %msginfo.element; [
+<!ELEMENT MsgInfo - - ((MsgLevel | MsgOrig | MsgAud)*)>
+<!--end of msginfo.element-->]]>
+
+<!ENTITY % msginfo.attlist "INCLUDE">
+<![ %msginfo.attlist; [
+<!ATTLIST MsgInfo
+		%common.attrib;
+		%msginfo.role.attrib;
+		%local.msginfo.attrib;
+>
+<!--end of msginfo.attlist-->]]>
+<!--end of msginfo.module-->]]>
+
+<!ENTITY % msglevel.module "INCLUDE">
+<![ %msglevel.module; [
+<!ENTITY % local.msglevel.attrib "">
+<!ENTITY % msglevel.role.attrib "%role.attrib;">
+
+<!ENTITY % msglevel.element "INCLUDE">
+<![ %msglevel.element; [
+<!ELEMENT MsgLevel - - ((%smallcptr.char.mix;)+)>
+<!--end of msglevel.element-->]]>
+
+<!ENTITY % msglevel.attlist "INCLUDE">
+<![ %msglevel.attlist; [
+<!ATTLIST MsgLevel
+		%common.attrib;
+		%msglevel.role.attrib;
+		%local.msglevel.attrib;
+>
+<!--end of msglevel.attlist-->]]>
+<!--end of msglevel.module-->]]>
+
+<!ENTITY % msgorig.module "INCLUDE">
+<![ %msgorig.module; [
+<!ENTITY % local.msgorig.attrib "">
+<!ENTITY % msgorig.role.attrib "%role.attrib;">
+
+<!ENTITY % msgorig.element "INCLUDE">
+<![ %msgorig.element; [
+<!ELEMENT MsgOrig - - ((%smallcptr.char.mix;)+)>
+<!--end of msgorig.element-->]]>
+
+<!ENTITY % msgorig.attlist "INCLUDE">
+<![ %msgorig.attlist; [
+<!ATTLIST MsgOrig
+		%common.attrib;
+		%msgorig.role.attrib;
+		%local.msgorig.attrib;
+>
+<!--end of msgorig.attlist-->]]>
+<!--end of msgorig.module-->]]>
+
+<!ENTITY % msgaud.module "INCLUDE">
+<![ %msgaud.module; [
+<!ENTITY % local.msgaud.attrib "">
+<!ENTITY % msgaud.role.attrib "%role.attrib;">
+
+<!ENTITY % msgaud.element "INCLUDE">
+<![ %msgaud.element; [
+<!ELEMENT MsgAud - - ((%para.char.mix;)+)>
+<!--end of msgaud.element-->]]>
+
+<!ENTITY % msgaud.attlist "INCLUDE">
+<![ %msgaud.attlist; [
+<!ATTLIST MsgAud
+		%common.attrib;
+		%msgaud.role.attrib;
+		%local.msgaud.attrib;
+>
+<!--end of msgaud.attlist-->]]>
+<!--end of msgaud.module-->]]>
+
+<!ENTITY % msgexplan.module "INCLUDE">
+<![ %msgexplan.module; [
+<!ENTITY % local.msgexplan.attrib "">
+<!ENTITY % msgexplan.role.attrib "%role.attrib;">
+
+<!ENTITY % msgexplan.element "INCLUDE">
+<![ %msgexplan.element; [
+<!ELEMENT MsgExplan - - (Title?, (%component.mix;)+)>
+<!--end of msgexplan.element-->]]>
+
+<!ENTITY % msgexplan.attlist "INCLUDE">
+<![ %msgexplan.attlist; [
+<!ATTLIST MsgExplan
+		%common.attrib;
+		%msgexplan.role.attrib;
+		%local.msgexplan.attrib;
+>
+<!--end of msgexplan.attlist-->]]>
+<!--end of msgexplan.module-->]]>
+<!--end of msgset.content.module-->]]>
+
+<!-- QandASet ........................ -->
+<!ENTITY % qandset.content.module "INCLUDE">
+<![ %qandset.content.module; [
+<!ENTITY % qandset.module "INCLUDE">
+<![ %qandset.module; [
+<!ENTITY % local.qandset.attrib "">
+<!ENTITY % qandset.role.attrib "%role.attrib;">
+
+<!ENTITY % qandset.element "INCLUDE">
+<![ %qandset.element; [
+<!ELEMENT QandASet - - ((%formalobject.title.content;)?,
+			(%qandaset.mix;)*,
+                        (QandADiv+|QandAEntry+))>
+<!--end of qandset.element-->]]>
+
+<!ENTITY % qandset.attlist "INCLUDE">
+<![ %qandset.attlist; [
+<!ATTLIST QandASet
+		DefaultLabel	(qanda|number|none)       #IMPLIED
+		%common.attrib;
+		%qandset.role.attrib;
+		%local.qandset.attrib;>
+<!--end of qandset.attlist-->]]>
+<!--end of qandset.module-->]]>
+
+<!ENTITY % qandadiv.module "INCLUDE">
+<![ %qandadiv.module; [
+<!ENTITY % local.qandadiv.attrib "">
+<!ENTITY % qandadiv.role.attrib "%role.attrib;">
+
+<!ENTITY % qandadiv.element "INCLUDE">
+<![ %qandadiv.element; [
+<!ELEMENT QandADiv - - ((%formalobject.title.content;)?, 
+			(%qandaset.mix;)*,
+			(QandADiv+|QandAEntry+))>
+<!--end of qandadiv.element-->]]>
+
+<!ENTITY % qandadiv.attlist "INCLUDE">
+<![ %qandadiv.attlist; [
+<!ATTLIST QandADiv
+		%common.attrib;
+		%qandadiv.role.attrib;
+		%local.qandadiv.attrib;>
+<!--end of qandadiv.attlist-->]]>
+<!--end of qandadiv.module-->]]>
+
+<!ENTITY % qandaentry.module "INCLUDE">
+<![ %qandaentry.module; [
+<!ENTITY % local.qandaentry.attrib "">
+<!ENTITY % qandaentry.role.attrib "%role.attrib;">
+
+<!ENTITY % qandaentry.element "INCLUDE">
+<![ %qandaentry.element; [
+<!ELEMENT QandAEntry - - (RevHistory?, Question, Answer*)>
+<!--end of qandaentry.element-->]]>
+
+<!ENTITY % qandaentry.attlist "INCLUDE">
+<![ %qandaentry.attlist; [
+<!ATTLIST QandAEntry
+		%common.attrib;
+		%qandaentry.role.attrib;
+		%local.qandaentry.attrib;>
+<!--end of qandaentry.attlist-->]]>
+<!--end of qandaentry.module-->]]>
+
+<!ENTITY % question.module "INCLUDE">
+<![ %question.module; [
+<!ENTITY % local.question.attrib "">
+<!ENTITY % question.role.attrib "%role.attrib;">
+
+<!ENTITY % question.element "INCLUDE">
+<![ %question.element; [
+<!ELEMENT Question - - (Label?, (%qandaset.mix;)+)>
+<!--end of question.element-->]]>
+
+<!ENTITY % question.attlist "INCLUDE">
+<![ %question.attlist; [
+<!ATTLIST Question
+		%common.attrib;
+		%question.role.attrib;
+		%local.question.attrib;
+>
+<!--end of question.attlist-->]]>
+<!--end of question.module-->]]>
+
+<!ENTITY % answer.module "INCLUDE">
+<![ %answer.module; [
+<!ENTITY % local.answer.attrib "">
+<!ENTITY % answer.role.attrib "%role.attrib;">
+
+<!ENTITY % answer.element "INCLUDE">
+<![ %answer.element; [
+<!ELEMENT Answer - - (Label?, (%qandaset.mix;)*, QandAEntry*)>
+<!--end of answer.element-->]]>
+
+<!ENTITY % answer.attlist "INCLUDE">
+<![ %answer.attlist; [
+<!ATTLIST Answer
+		%common.attrib;
+		%answer.role.attrib;
+		%local.answer.attrib;
+>
+<!--end of answer.attlist-->]]>
+<!--end of answer.module-->]]>
+
+<!ENTITY % label.module "INCLUDE">
+<![ %label.module; [
+<!ENTITY % local.label.attrib "">
+<!ENTITY % label.role.attrib "%role.attrib;">
+
+<!ENTITY % label.element "INCLUDE">
+<![ %label.element; [
+<!ELEMENT Label - - (%word.char.mix;)*>
+<!--end of label.element-->]]>
+
+<!ENTITY % label.attlist "INCLUDE">
+<![ %label.attlist; [
+<!ATTLIST Label
+		%common.attrib;
+		%label.role.attrib;
+		%local.label.attrib;
+>
+<!--end of label.attlist-->]]>
+<!--end of label.module-->]]>
+<!--end of qandset.content.module-->]]>
+
+<!-- Procedure ........................ -->
+
+<!ENTITY % procedure.content.module "INCLUDE">
+<![ %procedure.content.module; [
+<!ENTITY % procedure.module "INCLUDE">
+<![ %procedure.module; [
+<!ENTITY % local.procedure.attrib "">
+<!ENTITY % procedure.role.attrib "%role.attrib;">
+
+<!ENTITY % procedure.element "INCLUDE">
+<![ %procedure.element; [
+<!ELEMENT Procedure - - ((%formalobject.title.content;)?,
+	(%component.mix;)*, Step+)>
+<!--end of procedure.element-->]]>
+
+<!ENTITY % procedure.attlist "INCLUDE">
+<![ %procedure.attlist; [
+<!ATTLIST Procedure
+		%common.attrib;
+		%procedure.role.attrib;
+		%local.procedure.attrib;
+>
+<!--end of procedure.attlist-->]]>
+<!--end of procedure.module-->]]>
+
+<!ENTITY % step.module "INCLUDE">
+<![ %step.module; [
+<!ENTITY % local.step.attrib "">
+<!ENTITY % step.role.attrib "%role.attrib;">
+
+<!ENTITY % step.element "INCLUDE">
+<![ %step.element; [
+<!ELEMENT Step - O (Title?, (((%component.mix;)+, (SubSteps,
+		(%component.mix;)*)?) | (SubSteps, (%component.mix;)*)))>
+<!--end of step.element-->]]>
+
+<!ENTITY % step.attlist "INCLUDE">
+<![ %step.attlist; [
+<!ATTLIST Step
+		--
+		Performance: Whether the Step must be performed
+		--
+		Performance	(Optional
+				|Required)	Required -- not #REQUIRED! --
+		%common.attrib;
+		%step.role.attrib;
+		%local.step.attrib;
+>
+<!--end of step.attlist-->]]>
+<!--end of step.module-->]]>
+
+<!ENTITY % substeps.module "INCLUDE">
+<![ %substeps.module; [
+<!ENTITY % local.substeps.attrib "">
+<!ENTITY % substeps.role.attrib "%role.attrib;">
+
+<!ENTITY % substeps.element "INCLUDE">
+<![ %substeps.element; [
+<!ELEMENT SubSteps - - (Step+)>
+<!--end of substeps.element-->]]>
+
+<!ENTITY % substeps.attlist "INCLUDE">
+<![ %substeps.attlist; [
+<!ATTLIST SubSteps
+		--
+		Performance: whether entire set of substeps must be performed
+		--
+		Performance	(Optional
+				|Required)	Required -- not #REQUIRED! --
+		%common.attrib;
+		%substeps.role.attrib;
+		%local.substeps.attrib;
+>
+<!--end of substeps.attlist-->]]>
+<!--end of substeps.module-->]]>
+<!--end of procedure.content.module-->]]>
+
+<!-- Sidebar .......................... -->
+
+<!ENTITY % sidebar.content.model "INCLUDE">
+<![ %sidebar.content.model; [
+
+<!ENTITY % sidebarinfo.module "INCLUDE">
+<![ %sidebarinfo.module; [
+<!ENTITY % local.sidebarinfo.attrib "">
+<!ENTITY % sidebarinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % sidebarinfo.element "INCLUDE">
+<![ %sidebarinfo.element; [
+<!ELEMENT SidebarInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of sidebarinfo.element-->]]>
+
+<!ENTITY % sidebarinfo.attlist "INCLUDE">
+<![ %sidebarinfo.attlist; [
+<!ATTLIST SidebarInfo
+		%common.attrib;
+		%sidebarinfo.role.attrib;
+		%local.sidebarinfo.attrib;
+>
+<!--end of sidebarinfo.attlist-->]]>
+<!--end of sidebarinfo.module-->]]>
+
+<!ENTITY % sidebar.module "INCLUDE">
+<![ %sidebar.module; [
+<!ENTITY % local.sidebar.attrib "">
+<!ENTITY % sidebar.role.attrib "%role.attrib;">
+
+<!ENTITY % sidebar.element "INCLUDE">
+<![ %sidebar.element; [
+<!ELEMENT Sidebar - - (SidebarInfo?,
+		       (%formalobject.title.content;)?, (%sidebar.mix;)+)>
+<!--end of sidebar.element-->]]>
+
+<!ENTITY % sidebar.attlist "INCLUDE">
+<![ %sidebar.attlist; [
+<!ATTLIST Sidebar
+		%common.attrib;
+		%sidebar.role.attrib;
+		%local.sidebar.attrib;
+>
+<!--end of sidebar.attlist-->]]>
+<!--end of sidebar.module-->]]>
+<!--end of sidebar.content.model-->]]>
+
+<!-- ...................................................................... -->
+<!-- Paragraph-related elements ........................................... -->
+
+<!ENTITY % abstract.module "INCLUDE">
+<![ %abstract.module; [
+<!ENTITY % local.abstract.attrib "">
+<!ENTITY % abstract.role.attrib "%role.attrib;">
+
+<!ENTITY % abstract.element "INCLUDE">
+<![ %abstract.element; [
+<!ELEMENT Abstract - - (Title?, (%para.class;)+)>
+<!--end of abstract.element-->]]>
+
+<!ENTITY % abstract.attlist "INCLUDE">
+<![ %abstract.attlist; [
+<!ATTLIST Abstract
+		%common.attrib;
+		%abstract.role.attrib;
+		%local.abstract.attrib;
+>
+<!--end of abstract.attlist-->]]>
+<!--end of abstract.module-->]]>
+
+<!ENTITY % authorblurb.module "INCLUDE">
+<![ %authorblurb.module; [
+<!ENTITY % local.authorblurb.attrib "">
+<!ENTITY % authorblurb.role.attrib "%role.attrib;">
+
+<!ENTITY % authorblurb.element "INCLUDE">
+<![ %authorblurb.element; [
+<!ELEMENT AuthorBlurb - - (Title?, (%para.class;)+)>
+<!--end of authorblurb.element-->]]>
+
+<!ENTITY % authorblurb.attlist "INCLUDE">
+<![ %authorblurb.attlist; [
+<!ATTLIST AuthorBlurb
+		%common.attrib;
+		%authorblurb.role.attrib;
+		%local.authorblurb.attrib;
+>
+<!--end of authorblurb.attlist-->]]>
+<!--end of authorblurb.module-->]]>
+
+<!ENTITY % blockquote.module "INCLUDE">
+<![ %blockquote.module; [
+<!ENTITY % local.blockquote.attrib "">
+<!ENTITY % blockquote.role.attrib "%role.attrib;">
+
+<!ENTITY % blockquote.element "INCLUDE">
+<![ %blockquote.element; [
+<!ELEMENT BlockQuote - - (Title?, Attribution?, (%component.mix;)+)
+                         %blockquote.exclusion;>
+<!--end of blockquote.element-->]]>
+
+<!ENTITY % blockquote.attlist "INCLUDE">
+<![ %blockquote.attlist; [
+<!ATTLIST BlockQuote
+		%common.attrib;
+		%blockquote.role.attrib;
+		%local.blockquote.attrib;
+>
+<!--end of blockquote.attlist-->]]>
+<!--end of blockquote.module-->]]>
+
+<!ENTITY % attribution.module "INCLUDE">
+<![ %attribution.module; [
+<!ENTITY % local.attribution.attrib "">
+<!ENTITY % attribution.role.attrib "%role.attrib;">
+
+<!ENTITY % attribution.element "INCLUDE">
+<![ %attribution.element; [
+<!ELEMENT Attribution - O ((%para.char.mix;)+)>
+<!--end of attribution.element-->]]>
+
+<!ENTITY % attribution.attlist "INCLUDE">
+<![ %attribution.attlist; [
+<!ATTLIST Attribution
+		%common.attrib;
+		%attribution.role.attrib;
+		%local.attribution.attrib;
+>
+<!--end of attribution.attlist-->]]>
+<!--end of attribution.module-->]]>
+
+<!ENTITY % bridgehead.module "INCLUDE">
+<![ %bridgehead.module; [
+<!ENTITY % local.bridgehead.attrib "">
+<!ENTITY % bridgehead.role.attrib "%role.attrib;">
+
+<!ENTITY % bridgehead.element "INCLUDE">
+<![ %bridgehead.element; [
+<!ELEMENT BridgeHead - - ((%title.char.mix;)+)>
+<!--end of bridgehead.element-->]]>
+
+<!ENTITY % bridgehead.attlist "INCLUDE">
+<![ %bridgehead.attlist; [
+<!ATTLIST BridgeHead
+		--
+		Renderas: Indicates the format in which the BridgeHead
+		should appear
+		--
+		Renderas	(Other
+				|Sect1
+				|Sect2
+				|Sect3
+				|Sect4
+				|Sect5)		#IMPLIED
+		%common.attrib;
+		%bridgehead.role.attrib;
+		%local.bridgehead.attrib;
+>
+<!--end of bridgehead.attlist-->]]>
+<!--end of bridgehead.module-->]]>
+
+<!ENTITY % remark.module "INCLUDE">
+<![ %remark.module; [
+<!ENTITY % local.remark.attrib "">
+<!ENTITY % remark.role.attrib "%role.attrib;">
+
+<!ENTITY % remark.element "INCLUDE">
+<![ %remark.element; [
+<!ELEMENT Remark - - ((%para.char.mix;)+) %remark.exclusion;>
+<!--end of remark.element-->]]>
+
+<!ENTITY % remark.attlist "INCLUDE">
+<![ %remark.attlist; [
+<!ATTLIST Remark
+		%common.attrib;
+		%remark.role.attrib;
+		%local.remark.attrib;
+>
+<!--end of remark.attlist-->]]>
+<!--end of remark.module-->]]>
+
+<!ENTITY % epigraph.module "INCLUDE">
+<![ %epigraph.module; [
+<!ENTITY % local.epigraph.attrib "">
+<!ENTITY % epigraph.role.attrib "%role.attrib;">
+
+<!ENTITY % epigraph.element "INCLUDE">
+<![ %epigraph.element; [
+<!ELEMENT Epigraph - - (Attribution?, (%para.class;)+)>
+<!--end of epigraph.element-->]]>
+
+<!ENTITY % epigraph.attlist "INCLUDE">
+<![ %epigraph.attlist; [
+<!ATTLIST Epigraph
+		%common.attrib;
+		%epigraph.role.attrib;
+		%local.epigraph.attrib;
+>
+<!--end of epigraph.attlist-->]]>
+<!-- Attribution (defined above)-->
+<!--end of epigraph.module-->]]>
+
+<!ENTITY % footnote.module "INCLUDE">
+<![ %footnote.module; [
+<!ENTITY % local.footnote.attrib "">
+<!ENTITY % footnote.role.attrib "%role.attrib;">
+
+<!ENTITY % footnote.element "INCLUDE">
+<![ %footnote.element; [
+<!ELEMENT Footnote - - ((%footnote.mix;)+) %footnote.exclusion;>
+<!--end of footnote.element-->]]>
+
+<!ENTITY % footnote.attlist "INCLUDE">
+<![ %footnote.attlist; [
+<!ATTLIST Footnote
+		%label.attrib;
+		%common.attrib;
+		%footnote.role.attrib;
+		%local.footnote.attrib;
+>
+<!--end of footnote.attlist-->]]>
+<!--end of footnote.module-->]]>
+
+<!ENTITY % highlights.module "INCLUDE">
+<![ %highlights.module; [
+<!ENTITY % local.highlights.attrib "">
+<!ENTITY % highlights.role.attrib "%role.attrib;">
+
+<!ENTITY % highlights.element "INCLUDE">
+<![ %highlights.element; [
+<!ELEMENT Highlights - - ((%highlights.mix;)+) %highlights.exclusion;>
+<!--end of highlights.element-->]]>
+
+<!ENTITY % highlights.attlist "INCLUDE">
+<![ %highlights.attlist; [
+<!ATTLIST Highlights
+		%common.attrib;
+		%highlights.role.attrib;
+		%local.highlights.attrib;
+>
+<!--end of highlights.attlist-->]]>
+<!--end of highlights.module-->]]>
+
+<!ENTITY % formalpara.module "INCLUDE">
+<![ %formalpara.module; [
+<!ENTITY % local.formalpara.attrib "">
+<!ENTITY % formalpara.role.attrib "%role.attrib;">
+
+<!ENTITY % formalpara.element "INCLUDE">
+<![ %formalpara.element; [
+<!ELEMENT FormalPara - O (Title, (%ndxterm.class;)*, Para)>
+<!--end of formalpara.element-->]]>
+
+<!ENTITY % formalpara.attlist "INCLUDE">
+<![ %formalpara.attlist; [
+<!ATTLIST FormalPara
+		%common.attrib;
+		%formalpara.role.attrib;
+		%local.formalpara.attrib;
+>
+<!--end of formalpara.attlist-->]]>
+<!--end of formalpara.module-->]]>
+
+<!ENTITY % para.module "INCLUDE">
+<![ %para.module; [
+<!ENTITY % local.para.attrib "">
+<!ENTITY % para.role.attrib "%role.attrib;">
+
+<!ENTITY % para.element "INCLUDE">
+<![ %para.element; [
+<!ELEMENT Para - O ((%para.char.mix; | %para.mix;)+)>
+<!--end of para.element-->]]>
+
+<!ENTITY % para.attlist "INCLUDE">
+<![ %para.attlist; [
+<!ATTLIST Para
+		%common.attrib;
+		%para.role.attrib;
+		%local.para.attrib;
+>
+<!--end of para.attlist-->]]>
+<!--end of para.module-->]]>
+
+<!ENTITY % simpara.module "INCLUDE">
+<![ %simpara.module; [
+<!ENTITY % local.simpara.attrib "">
+<!ENTITY % simpara.role.attrib "%role.attrib;">
+
+<!ENTITY % simpara.element "INCLUDE">
+<![ %simpara.element; [
+<!ELEMENT SimPara - O ((%para.char.mix;)+)>
+<!--end of simpara.element-->]]>
+
+<!ENTITY % simpara.attlist "INCLUDE">
+<![ %simpara.attlist; [
+<!ATTLIST SimPara
+		%common.attrib;
+		%simpara.role.attrib;
+		%local.simpara.attrib;
+>
+<!--end of simpara.attlist-->]]>
+<!--end of simpara.module-->]]>
+
+<!ENTITY % admon.module "INCLUDE">
+<![ %admon.module; [
+<!ENTITY % local.admon.attrib "">
+<!ENTITY % admon.role.attrib "%role.attrib;">
+
+<!ENTITY % admon.elements "INCLUDE">
+<![ %admon.elements; [
+<!ELEMENT (%admon.class;) - - (Title?, (%admon.mix;)+) %admon.exclusion;>
+<!--end of admon.elements-->]]>
+
+<!ENTITY % admon.attlists "INCLUDE">
+<![ %admon.attlists; [
+<!ATTLIST (%admon.class;)
+		%common.attrib;
+		%admon.role.attrib;
+		%local.admon.attrib;
+>
+<!--end of admon.attlists-->]]>
+<!--end of admon.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Lists ................................................................ -->
+
+<!-- GlossList ........................ -->
+
+<!ENTITY % glosslist.module "INCLUDE">
+<![ %glosslist.module; [
+<!ENTITY % local.glosslist.attrib "">
+<!ENTITY % glosslist.role.attrib "%role.attrib;">
+
+<!ENTITY % glosslist.element "INCLUDE">
+<![ %glosslist.element; [
+<!ELEMENT GlossList - - (GlossEntry+)>
+<!--end of glosslist.element-->]]>
+
+<!ENTITY % glosslist.attlist "INCLUDE">
+<![ %glosslist.attlist; [
+<!ATTLIST GlossList
+		%common.attrib;
+		%glosslist.role.attrib;
+		%local.glosslist.attrib;
+>
+<!--end of glosslist.attlist-->]]>
+<!--end of glosslist.module-->]]>
+
+<!ENTITY % glossentry.content.module "INCLUDE">
+<![ %glossentry.content.module; [
+<!ENTITY % glossentry.module "INCLUDE">
+<![ %glossentry.module; [
+<!ENTITY % local.glossentry.attrib "">
+<!ENTITY % glossentry.role.attrib "%role.attrib;">
+
+<!ENTITY % glossentry.element "INCLUDE">
+<![ %glossentry.element; [
+<!ELEMENT GlossEntry - O (GlossTerm, Acronym?, Abbrev?,
+			  (%ndxterm.class;)*,
+			  RevHistory?, (GlossSee|GlossDef+))>
+<!--end of glossentry.element-->]]>
+
+<!ENTITY % glossentry.attlist "INCLUDE">
+<![ %glossentry.attlist; [
+<!ATTLIST GlossEntry
+		--
+		SortAs: String by which the GlossEntry is to be sorted
+		(alphabetized) in lieu of its proper content
+		--
+		SortAs		CDATA		#IMPLIED
+		%common.attrib;
+		%glossentry.role.attrib;
+		%local.glossentry.attrib;
+>
+<!--end of glossentry.attlist-->]]>
+<!--end of glossentry.module-->]]>
+
+<!-- GlossTerm (defined in the Inlines section, below)-->
+<!ENTITY % glossdef.module "INCLUDE">
+<![ %glossdef.module; [
+<!ENTITY % local.glossdef.attrib "">
+<!ENTITY % glossdef.role.attrib "%role.attrib;">
+
+<!ENTITY % glossdef.element "INCLUDE">
+<![ %glossdef.element; [
+<!ELEMENT GlossDef - O ((%glossdef.mix;)+, GlossSeeAlso*)>
+<!--end of glossdef.element-->]]>
+
+<!ENTITY % glossdef.attlist "INCLUDE">
+<![ %glossdef.attlist; [
+<!ATTLIST GlossDef
+		--
+		Subject: List of subjects; keywords for the definition
+		--
+		Subject		CDATA		#IMPLIED
+		%common.attrib;
+		%glossdef.role.attrib;
+		%local.glossdef.attrib;
+>
+<!--end of glossdef.attlist-->]]>
+<!--end of glossdef.module-->]]>
+
+<!ENTITY % glosssee.module "INCLUDE">
+<![ %glosssee.module; [
+<!ENTITY % local.glosssee.attrib "">
+<!ENTITY % glosssee.role.attrib "%role.attrib;">
+
+<!ENTITY % glosssee.element "INCLUDE">
+<![ %glosssee.element; [
+<!ELEMENT GlossSee - O ((%para.char.mix;)+)>
+<!--end of glosssee.element-->]]>
+
+<!ENTITY % glosssee.attlist "INCLUDE">
+<![ %glosssee.attlist; [
+<!ATTLIST GlossSee
+		--
+		OtherTerm: Reference to the GlossEntry whose GlossTerm
+		should be displayed at the point of the GlossSee
+		--
+		OtherTerm	IDREF		#CONREF
+		%common.attrib;
+		%glosssee.role.attrib;
+		%local.glosssee.attrib;
+>
+<!--end of glosssee.attlist-->]]>
+<!--end of glosssee.module-->]]>
+
+<!ENTITY % glossseealso.module "INCLUDE">
+<![ %glossseealso.module; [
+<!ENTITY % local.glossseealso.attrib "">
+<!ENTITY % glossseealso.role.attrib "%role.attrib;">
+
+<!ENTITY % glossseealso.element "INCLUDE">
+<![ %glossseealso.element; [
+<!ELEMENT GlossSeeAlso - O ((%para.char.mix;)+)>
+<!--end of glossseealso.element-->]]>
+
+<!ENTITY % glossseealso.attlist "INCLUDE">
+<![ %glossseealso.attlist; [
+<!ATTLIST GlossSeeAlso
+		--
+		OtherTerm: Reference to the GlossEntry whose GlossTerm
+		should be displayed at the point of the GlossSeeAlso
+		--
+		OtherTerm	IDREF		#CONREF
+		%common.attrib;
+		%glossseealso.role.attrib;
+		%local.glossseealso.attrib;
+>
+<!--end of glossseealso.attlist-->]]>
+<!--end of glossseealso.module-->]]>
+<!--end of glossentry.content.module-->]]>
+
+<!-- ItemizedList and OrderedList ..... -->
+
+<!ENTITY % itemizedlist.module "INCLUDE">
+<![ %itemizedlist.module; [
+<!ENTITY % local.itemizedlist.attrib "">
+<!ENTITY % itemizedlist.role.attrib "%role.attrib;">
+
+<!ENTITY % itemizedlist.element "INCLUDE">
+<![ %itemizedlist.element; [
+<!ELEMENT ItemizedList - - ((%formalobject.title.content;)?, ListItem+)>
+<!--end of itemizedlist.element-->]]>
+
+<!ENTITY % itemizedlist.attlist "INCLUDE">
+<![ %itemizedlist.attlist; [
+<!ATTLIST ItemizedList	
+		--
+		Spacing: Whether the vertical space in the list should be
+		compressed
+		--
+		Spacing		(Normal
+				|Compact)	#IMPLIED
+		--
+		Mark: Keyword, e.g., bullet, dash, checkbox, none;
+		list of keywords and defaults are implementation specific
+		--
+		%mark.attrib;
+		%common.attrib;
+		%itemizedlist.role.attrib;
+		%local.itemizedlist.attrib;
+>
+<!--end of itemizedlist.attlist-->]]>
+<!--end of itemizedlist.module-->]]>
+
+<!ENTITY % orderedlist.module "INCLUDE">
+<![ %orderedlist.module; [
+<!ENTITY % local.orderedlist.attrib "">
+<!ENTITY % orderedlist.role.attrib "%role.attrib;">
+
+<!ENTITY % orderedlist.element "INCLUDE">
+<![ %orderedlist.element; [
+<!ELEMENT OrderedList - - ((%formalobject.title.content;)?, ListItem+)>
+<!--end of orderedlist.element-->]]>
+
+<!ENTITY % orderedlist.attlist "INCLUDE">
+<![ %orderedlist.attlist; [
+<!ATTLIST OrderedList
+		--
+		Numeration: Style of ListItem numbered; default is expected
+		to be Arabic
+		--
+		Numeration	(Arabic
+				|Upperalpha
+				|Loweralpha
+				|Upperroman
+				|Lowerroman)	#IMPLIED
+		--
+		InheritNum: Specifies for a nested list that the numbering
+		of ListItems should include the number of the item
+		within which they are nested (e.g., 1a and 1b within 1,
+		rather than a and b)--
+		InheritNum	(Inherit
+				|Ignore)	Ignore
+		--
+		Continuation: Where list numbering begins afresh (Restarts,
+		the default) or continues that of the immediately preceding 
+		list (Continues)
+		--
+		Continuation	(Continues
+				|Restarts)	Restarts
+		--
+		Spacing: Whether the vertical space in the list should be
+		compressed
+		--
+		Spacing		(Normal
+				|Compact)	#IMPLIED
+		%common.attrib;
+		%orderedlist.role.attrib;
+		%local.orderedlist.attrib;
+>
+<!--end of orderedlist.attlist-->]]>
+<!--end of orderedlist.module-->]]>
+
+<!ENTITY % listitem.module "INCLUDE">
+<![ %listitem.module; [
+<!ENTITY % local.listitem.attrib "">
+<!ENTITY % listitem.role.attrib "%role.attrib;">
+
+<!ENTITY % listitem.element "INCLUDE">
+<![ %listitem.element; [
+<!ELEMENT ListItem - O ((%component.mix;)+)>
+<!--end of listitem.element-->]]>
+
+<!ENTITY % listitem.attlist "INCLUDE">
+<![ %listitem.attlist; [
+<!ATTLIST ListItem
+		--
+		Override: Indicates the mark to be used for this ListItem
+		instead of the default mark or the mark specified by
+		the Mark attribute on the enclosing ItemizedList
+		--
+		Override	CDATA		#IMPLIED
+		%common.attrib;
+		%listitem.role.attrib;
+		%local.listitem.attrib;
+>
+<!--end of listitem.attlist-->]]>
+<!--end of listitem.module-->]]>
+
+<!-- SegmentedList .................... -->
+<!ENTITY % segmentedlist.content.module "INCLUDE">
+<![ %segmentedlist.content.module; [
+<!ENTITY % segmentedlist.module "INCLUDE">
+<![ %segmentedlist.module; [
+<!ENTITY % local.segmentedlist.attrib "">
+<!ENTITY % segmentedlist.role.attrib "%role.attrib;">
+
+<!ENTITY % segmentedlist.element "INCLUDE">
+<![ %segmentedlist.element; [
+<!ELEMENT SegmentedList - - ((%formalobject.title.content;)?, 
+                             SegTitle, SegTitle+,
+                             SegListItem+)>
+<!--end of segmentedlist.element-->]]>
+
+<!ENTITY % segmentedlist.attlist "INCLUDE">
+<![ %segmentedlist.attlist; [
+<!ATTLIST SegmentedList
+		%common.attrib;
+		%segmentedlist.role.attrib;
+		%local.segmentedlist.attrib;
+>
+<!--end of segmentedlist.attlist-->]]>
+<!--end of segmentedlist.module-->]]>
+
+<!ENTITY % segtitle.module "INCLUDE">
+<![ %segtitle.module; [
+<!ENTITY % local.segtitle.attrib "">
+<!ENTITY % segtitle.role.attrib "%role.attrib;">
+
+<!ENTITY % segtitle.element "INCLUDE">
+<![ %segtitle.element; [
+<!ELEMENT SegTitle - O ((%title.char.mix;)+)>
+<!--end of segtitle.element-->]]>
+
+<!ENTITY % segtitle.attlist "INCLUDE">
+<![ %segtitle.attlist; [
+<!ATTLIST SegTitle
+		%common.attrib;
+		%segtitle.role.attrib;
+		%local.segtitle.attrib;
+>
+<!--end of segtitle.attlist-->]]>
+<!--end of segtitle.module-->]]>
+
+<!ENTITY % seglistitem.module "INCLUDE">
+<![ %seglistitem.module; [
+<!ENTITY % local.seglistitem.attrib "">
+<!ENTITY % seglistitem.role.attrib "%role.attrib;">
+
+<!ENTITY % seglistitem.element "INCLUDE">
+<![ %seglistitem.element; [
+<!ELEMENT SegListItem - O (Seg, Seg+)>
+<!--end of seglistitem.element-->]]>
+
+<!ENTITY % seglistitem.attlist "INCLUDE">
+<![ %seglistitem.attlist; [
+<!ATTLIST SegListItem
+		%common.attrib;
+		%seglistitem.role.attrib;
+		%local.seglistitem.attrib;
+>
+<!--end of seglistitem.attlist-->]]>
+<!--end of seglistitem.module-->]]>
+
+<!ENTITY % seg.module "INCLUDE">
+<![ %seg.module; [
+<!ENTITY % local.seg.attrib "">
+<!ENTITY % seg.role.attrib "%role.attrib;">
+
+<!ENTITY % seg.element "INCLUDE">
+<![ %seg.element; [
+<!ELEMENT Seg - O ((%para.char.mix;)+)>
+<!--end of seg.element-->]]>
+
+<!ENTITY % seg.attlist "INCLUDE">
+<![ %seg.attlist; [
+<!ATTLIST Seg
+		%common.attrib;
+		%seg.role.attrib;
+		%local.seg.attrib;
+>
+<!--end of seg.attlist-->]]>
+<!--end of seg.module-->]]>
+<!--end of segmentedlist.content.module-->]]>
+
+<!-- SimpleList ....................... -->
+
+<!ENTITY % simplelist.content.module "INCLUDE">
+<![ %simplelist.content.module; [
+<!ENTITY % simplelist.module "INCLUDE">
+<![ %simplelist.module; [
+<!ENTITY % local.simplelist.attrib "">
+<!ENTITY % simplelist.role.attrib "%role.attrib;">
+
+<!ENTITY % simplelist.element "INCLUDE">
+<![ %simplelist.element; [
+<!ELEMENT SimpleList - - (Member+)>
+<!--end of simplelist.element-->]]>
+
+<!ENTITY % simplelist.attlist "INCLUDE">
+<![ %simplelist.attlist; [
+<!ATTLIST SimpleList
+		--
+		Columns: The number of columns the array should contain
+		--
+		Columns		NUMBER		#IMPLIED
+		--
+		Type: How the Members of the SimpleList should be
+		formatted: Inline (members separated with commas etc.
+		inline), Vert (top to bottom in n Columns), or Horiz (in
+		the direction of text flow) in n Columns.  If Column
+		is 1 or implied, Type=Vert and Type=Horiz give the same
+		results.
+		--
+		Type		(Inline
+				|Vert
+				|Horiz)		Vert
+		%common.attrib;
+		%simplelist.role.attrib;
+		%local.simplelist.attrib;
+>
+<!--end of simplelist.attlist-->]]>
+<!--end of simplelist.module-->]]>
+
+<!ENTITY % member.module "INCLUDE">
+<![ %member.module; [
+<!ENTITY % local.member.attrib "">
+<!ENTITY % member.role.attrib "%role.attrib;">
+
+<!ENTITY % member.element "INCLUDE">
+<![ %member.element; [
+<!ELEMENT Member - O ((%para.char.mix;)+)>
+<!--end of member.element-->]]>
+
+<!ENTITY % member.attlist "INCLUDE">
+<![ %member.attlist; [
+<!ATTLIST Member
+		%common.attrib;
+		%member.role.attrib;
+		%local.member.attrib;
+>
+<!--end of member.attlist-->]]>
+<!--end of member.module-->]]>
+<!--end of simplelist.content.module-->]]>
+
+<!-- VariableList ..................... -->
+
+<!ENTITY % variablelist.content.module "INCLUDE">
+<![ %variablelist.content.module; [
+<!ENTITY % variablelist.module "INCLUDE">
+<![ %variablelist.module; [
+<!ENTITY % local.variablelist.attrib "">
+<!ENTITY % variablelist.role.attrib "%role.attrib;">
+
+<!ENTITY % variablelist.element "INCLUDE">
+<![ %variablelist.element; [
+<!ELEMENT VariableList - - ((%formalobject.title.content;)?, VarListEntry+)>
+<!--end of variablelist.element-->]]>
+
+<!ENTITY % variablelist.attlist "INCLUDE">
+<![ %variablelist.attlist; [
+<!ATTLIST VariableList
+		--
+		TermLength: Length beyond which the presentation engine
+		may consider the Term too long and select an alternate
+		presentation of the Term and, or, its associated ListItem.
+		--
+		TermLength	CDATA		#IMPLIED
+		%common.attrib;
+		%variablelist.role.attrib;
+		%local.variablelist.attrib;
+>
+<!--end of variablelist.attlist-->]]>
+<!--end of variablelist.module-->]]>
+
+<!ENTITY % varlistentry.module "INCLUDE">
+<![ %varlistentry.module; [
+<!ENTITY % local.varlistentry.attrib "">
+<!ENTITY % varlistentry.role.attrib "%role.attrib;">
+
+<!ENTITY % varlistentry.element "INCLUDE">
+<![ %varlistentry.element; [
+<!ELEMENT VarListEntry - O (Term+, ListItem)>
+<!--end of varlistentry.element-->]]>
+
+<!ENTITY % varlistentry.attlist "INCLUDE">
+<![ %varlistentry.attlist; [
+<!ATTLIST VarListEntry
+		%common.attrib;
+		%varlistentry.role.attrib;
+		%local.varlistentry.attrib;
+>
+<!--end of varlistentry.attlist-->]]>
+<!--end of varlistentry.module-->]]>
+
+<!ENTITY % term.module "INCLUDE">
+<![ %term.module; [
+<!ENTITY % local.term.attrib "">
+<!ENTITY % term.role.attrib "%role.attrib;">
+
+<!ENTITY % term.element "INCLUDE">
+<![ %term.element; [
+<!ELEMENT Term - O ((%para.char.mix;)+)>
+<!--end of term.element-->]]>
+
+<!ENTITY % term.attlist "INCLUDE">
+<![ %term.attlist; [
+<!ATTLIST Term
+		%common.attrib;
+		%term.role.attrib;
+		%local.term.attrib;
+>
+<!--end of term.attlist-->]]>
+<!--end of term.module-->]]>
+
+<!-- ListItem (defined above)-->
+<!--end of variablelist.content.module-->]]>
+
+<!-- CalloutList ...................... -->
+
+<!ENTITY % calloutlist.content.module "INCLUDE">
+<![ %calloutlist.content.module; [
+<!ENTITY % calloutlist.module "INCLUDE">
+<![ %calloutlist.module; [
+<!ENTITY % local.calloutlist.attrib "">
+<!ENTITY % calloutlist.role.attrib "%role.attrib;">
+
+<!ENTITY % calloutlist.element "INCLUDE">
+<![ %calloutlist.element; [
+<!ELEMENT CalloutList - - ((%formalobject.title.content;)?, Callout+)>
+<!--end of calloutlist.element-->]]>
+
+<!ENTITY % calloutlist.attlist "INCLUDE">
+<![ %calloutlist.attlist; [
+<!ATTLIST CalloutList
+		%common.attrib;
+		%calloutlist.role.attrib;
+		%local.calloutlist.attrib;
+>
+<!--end of calloutlist.attlist-->]]>
+<!--end of calloutlist.module-->]]>
+
+<!ENTITY % callout.module "INCLUDE">
+<![ %callout.module; [
+<!ENTITY % local.callout.attrib "">
+<!ENTITY % callout.role.attrib "%role.attrib;">
+
+<!ENTITY % callout.element "INCLUDE">
+<![ %callout.element; [
+<!ELEMENT Callout - O ((%component.mix;)+)>
+<!--end of callout.element-->]]>
+
+<!ENTITY % callout.attlist "INCLUDE">
+<![ %callout.attlist; [
+<!ATTLIST Callout
+		--
+		AreaRefs: IDs of one or more Areas or AreaSets described
+		by this Callout
+		--
+		AreaRefs	IDREFS		#REQUIRED
+		%common.attrib;
+		%callout.role.attrib;
+		%local.callout.attrib;
+>
+<!--end of callout.attlist-->]]>
+<!--end of callout.module-->]]>
+<!--end of calloutlist.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Objects .............................................................. -->
+
+<!-- Examples etc. .................... -->
+
+<!ENTITY % example.module "INCLUDE">
+<![ %example.module; [
+<!ENTITY % local.example.attrib "">
+<!ENTITY % example.role.attrib "%role.attrib;">
+
+<!ENTITY % example.element "INCLUDE">
+<![ %example.element; [
+<!ELEMENT Example - - ((%formalobject.title.content;), (%example.mix;)+)
+		%formal.exclusion;>
+<!--end of example.element-->]]>
+
+<!ENTITY % example.attlist "INCLUDE">
+<![ %example.attlist; [
+<!ATTLIST Example
+		%label.attrib;
+		%width.attrib;
+		%common.attrib;
+		%example.role.attrib;
+		%local.example.attrib;
+>
+<!--end of example.attlist-->]]>
+<!--end of example.module-->]]>
+
+<!ENTITY % informalexample.module "INCLUDE">
+<![ %informalexample.module; [
+<!ENTITY % local.informalexample.attrib "">
+<!ENTITY % informalexample.role.attrib "%role.attrib;">
+
+<!ENTITY % informalexample.element "INCLUDE">
+<![ %informalexample.element; [
+<!ELEMENT InformalExample - - ((%example.mix;)+)>
+<!--end of informalexample.element-->]]>
+
+<!ENTITY % informalexample.attlist "INCLUDE">
+<![ %informalexample.attlist; [
+<!ATTLIST InformalExample
+		%width.attrib;
+		%common.attrib;
+		%informalexample.role.attrib;
+		%local.informalexample.attrib;
+>
+<!--end of informalexample.attlist-->]]>
+<!--end of informalexample.module-->]]>
+
+<!ENTITY % programlistingco.module "INCLUDE">
+<![ %programlistingco.module; [
+<!ENTITY % local.programlistingco.attrib "">
+<!ENTITY % programlistingco.role.attrib "%role.attrib;">
+
+<!ENTITY % programlistingco.element "INCLUDE">
+<![ %programlistingco.element; [
+<!ELEMENT ProgramListingCO - - (AreaSpec, ProgramListing, CalloutList*)>
+<!--end of programlistingco.element-->]]>
+
+<!ENTITY % programlistingco.attlist "INCLUDE">
+<![ %programlistingco.attlist; [
+<!ATTLIST ProgramListingCO
+		%common.attrib;
+		%programlistingco.role.attrib;
+		%local.programlistingco.attrib;
+>
+<!--end of programlistingco.attlist-->]]>
+<!-- CalloutList (defined above in Lists)-->
+<!--end of programlistingco.module-->]]>
+
+<!ENTITY % areaspec.content.module "INCLUDE">
+<![ %areaspec.content.module; [
+<!ENTITY % areaspec.module "INCLUDE">
+<![ %areaspec.module; [
+<!ENTITY % local.areaspec.attrib "">
+<!ENTITY % areaspec.role.attrib "%role.attrib;">
+
+<!ENTITY % areaspec.element "INCLUDE">
+<![ %areaspec.element; [
+<!ELEMENT AreaSpec - - ((Area|AreaSet)+)>
+<!--end of areaspec.element-->]]>
+
+<!ENTITY % areaspec.attlist "INCLUDE">
+<![ %areaspec.attlist; [
+<!ATTLIST AreaSpec
+		--
+		Units: global unit of measure in which coordinates in
+		this spec are expressed:
+
+		- CALSPair "x1,y1 x2,y2": lower-left and upper-right 
+		coordinates in a rectangle describing repro area in which 
+		graphic is placed, where X and Y dimensions are each some 
+		number 0..10000 (taken from CALS graphic attributes)
+
+		- LineColumn "line column": line number and column number
+		at which to start callout text in "linespecific" content
+
+		- LineRange "startline endline": whole lines from startline
+		to endline in "linespecific" content
+
+		- LineColumnPair "line1 col1 line2 col2": starting and ending
+		points of area in "linespecific" content that starts at
+		first position and ends at second position (including the
+		beginnings of any intervening lines)
+
+		- Other: directive to look at value of OtherUnits attribute
+		to get implementation-specific keyword
+
+		The default is implementation-specific; usually dependent on 
+		the parent element (GraphicCO gets CALSPair, ProgramListingCO
+		and ScreenCO get LineColumn)
+		--
+		Units		(CALSPair
+				|LineColumn
+				|LineRange
+				|LineColumnPair
+				|Other)		#IMPLIED
+		--
+		OtherUnits: User-defined units
+		--
+		OtherUnits	NAME		#IMPLIED
+		%common.attrib;
+		%areaspec.role.attrib;
+		%local.areaspec.attrib;
+>
+<!--end of areaspec.attlist-->]]>
+<!--end of areaspec.module-->]]>
+
+<!ENTITY % area.module "INCLUDE">
+<![ %area.module; [
+<!ENTITY % local.area.attrib "">
+<!ENTITY % area.role.attrib "%role.attrib;">
+
+<!ENTITY % area.element "INCLUDE">
+<![ %area.element; [
+<!ELEMENT Area - O EMPTY>
+<!--end of area.element-->]]>
+
+<!ENTITY % area.attlist "INCLUDE">
+<![ %area.attlist; [
+<!ATTLIST Area
+		%label.attrib; --bug number/symbol override or initialization--
+		%linkends.attrib; --to any related information--
+		--
+		Units: unit of measure in which coordinates in this
+		area are expressed; inherits from AreaSet and AreaSpec
+		--
+		Units		(CALSPair
+				|LineColumn
+				|LineRange
+				|LineColumnPair
+				|Other)		#IMPLIED
+		--
+		OtherUnits: User-defined units
+		--
+		OtherUnits	NAME		#IMPLIED
+		Coords		CDATA		#REQUIRED
+		%idreq.common.attrib;
+		%area.role.attrib;
+		%local.area.attrib;
+>
+<!--end of area.attlist-->]]>
+<!--end of area.module-->]]>
+
+<!ENTITY % areaset.module "INCLUDE">
+<![ %areaset.module; [
+<!ENTITY % local.areaset.attrib "">
+<!ENTITY % areaset.role.attrib "%role.attrib;">
+
+<!ENTITY % areaset.element "INCLUDE">
+<![ %areaset.element; [
+<!ELEMENT AreaSet - - (Area+)>
+<!--end of areaset.element-->]]>
+
+<!ENTITY % areaset.attlist "INCLUDE">
+<![ %areaset.attlist; [
+<!--FUTURE USE (V5.0):
+......................
+Coord attribute will be removed from AreaSet
+......................
+-->
+<!ATTLIST AreaSet
+		%label.attrib; --bug number/symbol override or initialization--
+
+		--
+		Units: unit of measure in which coordinates in this
+		area are expressed; inherits from AreaSpec
+		--
+		Units		(CALSPair
+				|LineColumn
+				|LineRange
+				|LineColumnPair
+				|Other)		#IMPLIED
+		OtherUnits	NAME		#IMPLIED
+		Coords		CDATA		#REQUIRED
+		%idreq.common.attrib;
+		%areaset.role.attrib;
+		%local.areaset.attrib;
+>
+<!--end of areaset.attlist-->]]>
+<!--end of areaset.module-->]]>
+<!--end of areaspec.content.module-->]]>
+
+<!ENTITY % programlisting.module "INCLUDE">
+<![ %programlisting.module; [
+<!ENTITY % local.programlisting.attrib "">
+<!ENTITY % programlisting.role.attrib "%role.attrib;">
+
+<!ENTITY % programlisting.element "INCLUDE">
+<![ %programlisting.element; [
+<!ELEMENT ProgramListing - - ((CO | LineAnnotation | %para.char.mix;)+)>
+<!--end of programlisting.element-->]]>
+
+<!ENTITY % programlisting.attlist "INCLUDE">
+<![ %programlisting.attlist; [
+<!ATTLIST ProgramListing
+		%width.attrib;
+		%linespecific.attrib;
+		%common.attrib;
+		%programlisting.role.attrib;
+		%local.programlisting.attrib;
+>
+<!--end of programlisting.attlist-->]]>
+<!--end of programlisting.module-->]]>
+
+<!ENTITY % literallayout.module "INCLUDE">
+<![ %literallayout.module; [
+<!ENTITY % local.literallayout.attrib "">
+<!ENTITY % literallayout.role.attrib "%role.attrib;">
+
+<!ENTITY % literallayout.element "INCLUDE">
+<![ %literallayout.element; [
+<!ELEMENT LiteralLayout - - ((CO | LineAnnotation | %para.char.mix;)+)>
+<!--end of literallayout.element-->]]>
+
+<!ENTITY % literallayout.attlist "INCLUDE">
+<![ %literallayout.attlist; [
+<!ATTLIST LiteralLayout
+		%width.attrib;
+		%linespecific.attrib;
+		Class	(Monospaced|Normal)	"Normal"
+		%common.attrib;
+		%literallayout.role.attrib;
+		%local.literallayout.attrib;
+>
+<!--end of literallayout.attlist-->]]>
+<!-- LineAnnotation (defined in the Inlines section, below)-->
+<!--end of literallayout.module-->]]>
+
+<!ENTITY % screenco.module "INCLUDE">
+<![ %screenco.module; [
+<!ENTITY % local.screenco.attrib "">
+<!ENTITY % screenco.role.attrib "%role.attrib;">
+
+<!ENTITY % screenco.element "INCLUDE">
+<![ %screenco.element; [
+<!ELEMENT ScreenCO - - (AreaSpec, Screen, CalloutList*)>
+<!--end of screenco.element-->]]>
+
+<!ENTITY % screenco.attlist "INCLUDE">
+<![ %screenco.attlist; [
+<!ATTLIST ScreenCO
+		%common.attrib;
+		%screenco.role.attrib;
+		%local.screenco.attrib;
+>
+<!--end of screenco.attlist-->]]>
+<!-- AreaSpec (defined above)-->
+<!-- CalloutList (defined above in Lists)-->
+<!--end of screenco.module-->]]>
+
+<!ENTITY % screen.module "INCLUDE">
+<![ %screen.module; [
+<!ENTITY % local.screen.attrib "">
+<!ENTITY % screen.role.attrib "%role.attrib;">
+
+<!ENTITY % screen.element "INCLUDE">
+<![ %screen.element; [
+<!ELEMENT Screen - - ((CO | LineAnnotation | %para.char.mix;)+)>
+<!--end of screen.element-->]]>
+
+<!ENTITY % screen.attlist "INCLUDE">
+<![ %screen.attlist; [
+<!ATTLIST Screen
+		%width.attrib;
+		%linespecific.attrib;
+		%common.attrib;
+		%screen.role.attrib;
+		%local.screen.attrib;
+>
+<!--end of screen.attlist-->]]>
+<!--end of screen.module-->]]>
+
+<!ENTITY % screenshot.content.module "INCLUDE">
+<![ %screenshot.content.module; [
+<!ENTITY % screenshot.module "INCLUDE">
+<![ %screenshot.module; [
+<!ENTITY % local.screenshot.attrib "">
+<!ENTITY % screenshot.role.attrib "%role.attrib;">
+
+<!ENTITY % screenshot.element "INCLUDE">
+<![ %screenshot.element; [
+<!ELEMENT ScreenShot - - (ScreenInfo?, 
+		(Graphic|GraphicCO
+		|MediaObject|MediaObjectCO))>
+<!--end of screenshot.element-->]]>
+
+<!ENTITY % screenshot.attlist "INCLUDE">
+<![ %screenshot.attlist; [
+<!ATTLIST ScreenShot
+		%common.attrib;
+		%screenshot.role.attrib;
+		%local.screenshot.attrib;
+>
+<!--end of screenshot.attlist-->]]>
+<!--end of screenshot.module-->]]>
+
+<!ENTITY % screeninfo.module "INCLUDE">
+<![ %screeninfo.module; [
+<!ENTITY % local.screeninfo.attrib "">
+<!ENTITY % screeninfo.role.attrib "%role.attrib;">
+
+<!ENTITY % screeninfo.element "INCLUDE">
+<![ %screeninfo.element; [
+<!ELEMENT ScreenInfo - O ((%para.char.mix;)+) %ubiq.exclusion;>
+<!--end of screeninfo.element-->]]>
+
+<!ENTITY % screeninfo.attlist "INCLUDE">
+<![ %screeninfo.attlist; [
+<!ATTLIST ScreenInfo
+		%common.attrib;
+		%screeninfo.role.attrib;
+		%local.screeninfo.attrib;
+>
+<!--end of screeninfo.attlist-->]]>
+<!--end of screeninfo.module-->]]>
+<!--end of screenshot.content.module-->]]>
+
+<!-- Figures etc. ..................... -->
+
+<!ENTITY % figure.module "INCLUDE">
+<![ %figure.module; [
+<!ENTITY % local.figure.attrib "">
+<!ENTITY % figure.role.attrib "%role.attrib;">
+
+<!ENTITY % figure.element "INCLUDE">
+<![ %figure.element; [
+<!ELEMENT Figure - - ((%formalobject.title.content;), (%figure.mix; |
+		%link.char.class;)+)>
+<!--end of figure.element-->]]>
+
+<!ENTITY % figure.attlist "INCLUDE">
+<![ %figure.attlist; [
+<!ATTLIST Figure
+		--
+		Float: Whether the Figure is supposed to be rendered
+		where convenient (yes (1) value) or at the place it occurs
+		in the text (no (0) value, the default)
+		--
+		Float		%yesorno.attvals;	%no.attval;
+		PgWide      	%yesorno.attvals;       #IMPLIED
+		%label.attrib;
+		%common.attrib;
+		%figure.role.attrib;
+		%local.figure.attrib;
+>
+<!--end of figure.attlist-->]]>
+<!--end of figure.module-->]]>
+
+<!ENTITY % informalfigure.module "INCLUDE">
+<![ %informalfigure.module; [
+<!ENTITY % local.informalfigure.attrib "">
+<!ENTITY % informalfigure.role.attrib "%role.attrib;">
+
+<!ENTITY % informalfigure.element "INCLUDE">
+<![ %informalfigure.element; [
+<!ELEMENT InformalFigure - - ((%figure.mix; | %link.char.class;)+)>
+<!--end of informalfigure.element-->]]>
+
+<!ENTITY % informalfigure.attlist "INCLUDE">
+<![ %informalfigure.attlist; [
+<!ATTLIST InformalFigure
+		--
+		Float: Whether the Figure is supposed to be rendered
+		where convenient (yes (1) value) or at the place it occurs
+		in the text (no (0) value, the default)
+		--
+		Float		%yesorno.attvals;	%no.attval;
+		PgWide      	%yesorno.attvals;       #IMPLIED
+		%label.attrib;
+		%common.attrib;
+		%informalfigure.role.attrib;
+		%local.informalfigure.attrib;
+>
+<!--end of informalfigure.attlist-->]]>
+<!--end of informalfigure.module-->]]>
+
+<!ENTITY % graphicco.module "INCLUDE">
+<![ %graphicco.module; [
+<!ENTITY % local.graphicco.attrib "">
+<!ENTITY % graphicco.role.attrib "%role.attrib;">
+
+<!ENTITY % graphicco.element "INCLUDE">
+<![ %graphicco.element; [
+<!ELEMENT GraphicCO - - (AreaSpec, Graphic, CalloutList*)>
+<!--end of graphicco.element-->]]>
+
+<!ENTITY % graphicco.attlist "INCLUDE">
+<![ %graphicco.attlist; [
+<!ATTLIST GraphicCO
+		%common.attrib;
+		%graphicco.role.attrib;
+		%local.graphicco.attrib;
+>
+<!--end of graphicco.attlist-->]]>
+<!-- AreaSpec (defined above in Examples)-->
+<!-- CalloutList (defined above in Lists)-->
+<!--end of graphicco.module-->]]>
+
+<!-- Graphical data can be the content of Graphic, or you can reference
+     an external file either as an entity (Entitref) or a filename
+     (Fileref). -->
+
+<!ENTITY % graphic.module "INCLUDE">
+<![ %graphic.module; [
+<!ENTITY % local.graphic.attrib "">
+<!ENTITY % graphic.role.attrib "%role.attrib;">
+
+<!ENTITY % graphic.element "INCLUDE">
+<![ %graphic.element; [
+<!ELEMENT Graphic - O EMPTY>
+<!--end of graphic.element-->]]>
+
+<!ENTITY % graphic.attlist "INCLUDE">
+<![ %graphic.attlist; [
+<!ATTLIST Graphic
+		%graphics.attrib;
+		%common.attrib;
+		%graphic.role.attrib;
+		%local.graphic.attrib;
+>
+<!--end of graphic.attlist-->]]>
+<!--end of graphic.module-->]]>
+
+<!ENTITY % inlinegraphic.module "INCLUDE">
+<![ %inlinegraphic.module; [
+<!ENTITY % local.inlinegraphic.attrib "">
+<!ENTITY % inlinegraphic.role.attrib "%role.attrib;">
+
+<!ENTITY % inlinegraphic.element "INCLUDE">
+<![ %inlinegraphic.element; [
+<!ELEMENT InlineGraphic - O EMPTY>
+<!--end of inlinegraphic.element-->]]>
+
+<!ENTITY % inlinegraphic.attlist "INCLUDE">
+<![ %inlinegraphic.attlist; [
+<!ATTLIST InlineGraphic
+		%graphics.attrib;
+		%common.attrib;
+		%inlinegraphic.role.attrib;
+		%local.inlinegraphic.attrib;
+>
+<!--end of inlinegraphic.attlist-->]]>
+<!--end of inlinegraphic.module-->]]>
+
+<!ENTITY % mediaobject.content.module "INCLUDE">
+<![ %mediaobject.content.module; [
+
+<!ENTITY % mediaobject.module "INCLUDE">
+<![ %mediaobject.module; [
+<!ENTITY % local.mediaobject.attrib "">
+<!ENTITY % mediaobject.role.attrib "%role.attrib;">
+
+<!ENTITY % mediaobject.element "INCLUDE">
+<![ %mediaobject.element; [
+<!ELEMENT MediaObject - - (ObjectInfo?,
+                           (%mediaobject.mix;),
+			   (%mediaobject.mix;|TextObject)*,
+			   Caption?)>
+<!--end of mediaobject.element-->]]>
+
+<!ENTITY % mediaobject.attlist "INCLUDE">
+<![ %mediaobject.attlist; [
+<!ATTLIST MediaObject
+		%common.attrib;
+		%mediaobject.role.attrib;
+		%local.mediaobject.attrib;
+>
+<!--end of mediaobject.attlist-->]]>
+<!--end of mediaobject.module-->]]>
+
+<!ENTITY % inlinemediaobject.module "INCLUDE">
+<![ %inlinemediaobject.module; [
+<!ENTITY % local.inlinemediaobject.attrib "">
+<!ENTITY % inlinemediaobject.role.attrib "%role.attrib;">
+
+<!ENTITY % inlinemediaobject.element "INCLUDE">
+<![ %inlinemediaobject.element; [
+<!ELEMENT InlineMediaObject - - (ObjectInfo?,
+                	         (%mediaobject.mix;),
+				 (%mediaobject.mix;|TextObject)*)>
+<!--end of inlinemediaobject.element-->]]>
+
+<!ENTITY % inlinemediaobject.attlist "INCLUDE">
+<![ %inlinemediaobject.attlist; [
+<!ATTLIST InlineMediaObject
+		%common.attrib;
+		%inlinemediaobject.role.attrib;
+		%local.inlinemediaobject.attrib;
+>
+<!--end of inlinemediaobject.attlist-->]]>
+<!--end of inlinemediaobject.module-->]]>
+
+<!ENTITY % videoobject.module "INCLUDE">
+<![ %videoobject.module; [
+<!ENTITY % local.videoobject.attrib "">
+<!ENTITY % videoobject.role.attrib "%role.attrib;">
+
+<!ENTITY % videoobject.element "INCLUDE">
+<![ %videoobject.element; [
+<!ELEMENT VideoObject - - (ObjectInfo?, VideoData)>
+<!--end of videoobject.element-->]]>
+
+<!ENTITY % videoobject.attlist "INCLUDE">
+<![ %videoobject.attlist; [
+<!ATTLIST VideoObject
+		%common.attrib;
+		%videoobject.role.attrib;
+		%local.videoobject.attrib;
+>
+<!--end of videoobject.attlist-->]]>
+<!--end of videoobject.module-->]]>
+
+<!ENTITY % audioobject.module "INCLUDE">
+<![ %audioobject.module; [
+<!ENTITY % local.audioobject.attrib "">
+<!ENTITY % audioobject.role.attrib "%role.attrib;">
+
+<!ENTITY % audioobject.element "INCLUDE">
+<![ %audioobject.element; [
+<!ELEMENT AudioObject - - (ObjectInfo?, AudioData)>
+<!--end of audioobject.element-->]]>
+
+<!ENTITY % audioobject.attlist "INCLUDE">
+<![ %audioobject.attlist; [
+<!ATTLIST AudioObject
+		%common.attrib;
+		%audioobject.role.attrib;
+		%local.audioobject.attrib;
+>
+<!--end of audioobject.attlist-->]]>
+<!--end of audioobject.module-->]]>
+
+<!ENTITY % imageobject.module "INCLUDE">
+<![ %imageobject.module; [
+<!ENTITY % local.imageobject.attrib "">
+<!ENTITY % imageobject.role.attrib "%role.attrib;">
+
+<!ENTITY % imageobject.element "INCLUDE">
+<![ %imageobject.element; [
+<!ELEMENT ImageObject - - (ObjectInfo?, ImageData)>
+<!--end of imageobject.element-->]]>
+
+<!ENTITY % imageobject.attlist "INCLUDE">
+<![ %imageobject.attlist; [
+<!ATTLIST ImageObject
+		%common.attrib;
+		%imageobject.role.attrib;
+		%local.imageobject.attrib;
+>
+<!--end of imageobject.attlist-->]]>
+<!--end of imageobject.module-->]]>
+
+<!ENTITY % textobject.module "INCLUDE">
+<![ %textobject.module; [
+<!ENTITY % local.textobject.attrib "">
+<!ENTITY % textobject.role.attrib "%role.attrib;">
+
+<!ENTITY % textobject.element "INCLUDE">
+<![ %textobject.element; [
+<!ELEMENT TextObject - - (ObjectInfo?, (Phrase|(%textobject.mix;)+))>
+<!--end of textobject.element-->]]>
+
+<!ENTITY % textobject.attlist "INCLUDE">
+<![ %textobject.attlist; [
+<!ATTLIST TextObject
+		%common.attrib;
+		%textobject.role.attrib;
+		%local.textobject.attrib;
+>
+<!--end of textobject.attlist-->]]>
+<!--end of textobject.module-->]]>
+
+<!ENTITY % objectinfo.module "INCLUDE">
+<![ %objectinfo.module; [
+<!ENTITY % local.objectinfo.attrib "">
+<!ENTITY % objectinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % objectinfo.element "INCLUDE">
+<![ %objectinfo.element; [
+<!ELEMENT ObjectInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of objectinfo.element-->]]>
+
+<!ENTITY % objectinfo.attlist "INCLUDE">
+<![ %objectinfo.attlist; [
+<!ATTLIST ObjectInfo
+		%common.attrib;
+		%objectinfo.role.attrib;
+		%local.objectinfo.attrib;
+>
+<!--end of objectinfo.attlist-->]]>
+<!--end of objectinfo.module-->]]>
+
+<!ENTITY % local.objectdata.attrib "">
+<!ENTITY % objectdata.attrib
+	"
+	--EntityRef: Name of an external entity containing the content
+	of the object data--
+	EntityRef	ENTITY		#IMPLIED
+
+	--FileRef: Filename, qualified by a pathname if desired, 
+	designating the file containing the content of the object data--
+	FileRef 	CDATA		#IMPLIED
+
+	--Format: Notation of the element content, if any--
+	Format		(%notation.class;)
+					#IMPLIED
+
+	--SrcCredit: Information about the source of the image--
+	SrcCredit	CDATA		#IMPLIED
+
+	%local.objectdata.attrib;"
+>
+
+<!ENTITY % videodata.module "INCLUDE">
+<![ %videodata.module; [
+<!ENTITY % local.videodata.attrib "">
+<!ENTITY % videodata.role.attrib "%role.attrib;">
+
+<!ENTITY % videodata.element "INCLUDE">
+<![ %videodata.element; [
+<!ELEMENT VideoData - O EMPTY>
+<!--end of videodata.element-->]]>
+
+<!ENTITY % videodata.attlist "INCLUDE">
+<![ %videodata.attlist; [
+<!ATTLIST VideoData
+		%common.attrib;
+		%objectdata.attrib;
+
+	--Width: Same as CALS reprowid (desired width)--
+	Width		NUTOKEN		#IMPLIED
+
+	--Depth: Same as CALS reprodep (desired depth)--
+	Depth		NUTOKEN		#IMPLIED
+
+	--Align: Same as CALS hplace with 'none' removed; #IMPLIED means 
+	application-specific--
+	Align		(Left
+			|Right 
+			|Center)	#IMPLIED
+
+	--Scale: Conflation of CALS hscale and vscale--
+	Scale		NUMBER		#IMPLIED
+
+	--Scalefit: Same as CALS scalefit--
+	Scalefit	%yesorno.attvals;
+					#IMPLIED
+
+		%videodata.role.attrib;
+		%local.videodata.attrib;
+>
+<!--end of videodata.attlist-->]]>
+<!--end of videodata.module-->]]>
+
+<!ENTITY % audiodata.module "INCLUDE">
+<![ %audiodata.module; [
+<!ENTITY % local.audiodata.attrib "">
+<!ENTITY % audiodata.role.attrib "%role.attrib;">
+
+<!ENTITY % audiodata.element "INCLUDE">
+<![ %audiodata.element; [
+<!ELEMENT AudioData - O EMPTY>
+<!--end of audiodata.element-->]]>
+
+<!ENTITY % audiodata.attlist "INCLUDE">
+<![ %audiodata.attlist; [
+<!ATTLIST AudioData
+		%common.attrib;
+		%objectdata.attrib;
+		%local.audiodata.attrib;
+		%audiodata.role.attrib;
+>
+<!--end of audiodata.attlist-->]]>
+<!--end of audiodata.module-->]]>
+
+<!ENTITY % imagedata.module "INCLUDE">
+<![ %imagedata.module; [
+<!ENTITY % local.imagedata.attrib "">
+<!ENTITY % imagedata.role.attrib "%role.attrib;">
+
+<!ENTITY % imagedata.element "INCLUDE">
+<![ %imagedata.element; [
+<!ELEMENT ImageData - O EMPTY>
+<!--end of imagedata.element-->]]>
+
+<!ENTITY % imagedata.attlist "INCLUDE">
+<![ %imagedata.attlist; [
+<!ATTLIST ImageData
+		%common.attrib;
+		%objectdata.attrib;
+
+	--Width: Same as CALS reprowid (desired width)--
+	Width		NUTOKEN		#IMPLIED
+
+	--Depth: Same as CALS reprodep (desired depth)--
+	Depth		NUTOKEN		#IMPLIED
+
+	--Align: Same as CALS hplace with 'none' removed; #IMPLIED means 
+	application-specific--
+	Align		(Left
+			|Right 
+			|Center)	#IMPLIED
+
+	--Scale: Conflation of CALS hscale and vscale--
+	Scale		NUMBER		#IMPLIED
+
+	--Scalefit: Same as CALS scalefit--
+	Scalefit	%yesorno.attvals;
+					#IMPLIED
+
+		%local.imagedata.attrib;
+		%imagedata.role.attrib;
+>
+<!--end of imagedata.attlist-->]]>
+<!--end of imagedata.module-->]]>
+
+<!ENTITY % caption.module "INCLUDE">
+<![ %caption.module; [
+<!ENTITY % local.caption.attrib "">
+<!ENTITY % caption.role.attrib "%role.attrib;">
+
+<!ENTITY % caption.element "INCLUDE">
+<![ %caption.element; [
+<!ELEMENT Caption - - (%textobject.mix;)*>
+<!--end of caption.element-->]]>
+
+<!ENTITY % caption.attlist "INCLUDE">
+<![ %caption.attlist; [
+<!ATTLIST Caption
+		%common.attrib;
+		%local.caption.attrib;
+		%caption.role.attrib;
+>
+<!--end of caption.attlist-->]]>
+<!--end of caption.module-->]]>
+
+<!ENTITY % mediaobjectco.module "INCLUDE">
+<![ %mediaobjectco.module; [
+<!ENTITY % local.mediaobjectco.attrib "">
+<!ENTITY % mediaobjectco.role.attrib "%role.attrib;">
+
+<!ENTITY % mediaobjectco.element "INCLUDE">
+<![ %mediaobjectco.element; [
+<!ELEMENT MediaObjectCO - - (ObjectInfo?, ImageObjectCO,
+			   (ImageObjectCO|TextObject)*)>
+<!--end of mediaobjectco.element-->]]>
+
+<!ENTITY % mediaobjectco.attlist "INCLUDE">
+<![ %mediaobjectco.attlist; [
+<!ATTLIST MediaObjectCO
+		%common.attrib;
+		%mediaobjectco.role.attrib;
+		%local.mediaobjectco.attrib;
+>
+<!--end of mediaobjectco.attlist-->]]>
+<!--end of mediaobjectco.module-->]]>
+
+<!ENTITY % imageobjectco.module "INCLUDE">
+<![ %imageobjectco.module; [
+<!ENTITY % local.imageobjectco.attrib "">
+<!ENTITY % imageobjectco.role.attrib "%role.attrib;">
+
+<!ENTITY % imageobjectco.element "INCLUDE">
+<![ %imageobjectco.element; [
+<!ELEMENT ImageObjectCO - - (AreaSpec, ImageObject, CalloutList*)>
+<!--end of imageobjectco.element-->]]>
+
+<!ENTITY % imageobjectco.attlist "INCLUDE">
+<![ %imageobjectco.attlist; [
+<!ATTLIST ImageObjectCO
+		%common.attrib;
+		%imageobjectco.role.attrib;
+		%local.imageobjectco.attrib;
+>
+<!--end of imageobjectco.attlist-->]]>
+<!--end of imageobjectco.module-->]]>
+<!--end of mediaobject.content.module-->]]>
+
+<!-- Equations ........................ -->
+
+<!-- This PE provides a mechanism for replacing equation content, -->
+<!-- perhaps adding a new or different model (e.g., MathML) -->
+<!ENTITY % equation.content "(Alt?, (Graphic+|MediaObject+))">
+<!ENTITY % inlineequation.content "(Alt?, (Graphic+|InlineMediaObject+))">
+
+<!ENTITY % equation.module "INCLUDE">
+<![ %equation.module; [
+<!ENTITY % local.equation.attrib "">
+<!ENTITY % equation.role.attrib "%role.attrib;">
+
+<!ENTITY % equation.element "INCLUDE">
+<![ %equation.element; [
+<!ELEMENT Equation - - ((%formalobject.title.content;)?, (InformalEquation |
+		%equation.content;))>
+<!--end of equation.element-->]]>
+
+<!ENTITY % equation.attlist "INCLUDE">
+<![ %equation.attlist; [
+<!ATTLIST Equation
+		%label.attrib;
+	 	%common.attrib;
+		%equation.role.attrib;
+		%local.equation.attrib;
+>
+<!--end of equation.attlist-->]]>
+<!--end of equation.module-->]]>
+
+<!ENTITY % informalequation.module "INCLUDE">
+<![ %informalequation.module; [
+<!ENTITY % local.informalequation.attrib "">
+<!ENTITY % informalequation.role.attrib "%role.attrib;">
+
+<!ENTITY % informalequation.element "INCLUDE">
+<![ %informalequation.element; [
+<!ELEMENT InformalEquation - - (%equation.content;)>
+<!--end of informalequation.element-->]]>
+
+<!ENTITY % informalequation.attlist "INCLUDE">
+<![ %informalequation.attlist; [
+<!ATTLIST InformalEquation
+		%common.attrib;
+		%informalequation.role.attrib;
+		%local.informalequation.attrib;
+>
+<!--end of informalequation.attlist-->]]>
+<!--end of informalequation.module-->]]>
+
+<!ENTITY % inlineequation.module "INCLUDE">
+<![ %inlineequation.module; [
+<!ENTITY % local.inlineequation.attrib "">
+<!ENTITY % inlineequation.role.attrib "%role.attrib;">
+
+<!ENTITY % inlineequation.element "INCLUDE">
+<![ %inlineequation.element; [
+<!ELEMENT InlineEquation - - (%inlineequation.content;)>
+<!--end of inlineequation.element-->]]>
+
+<!ENTITY % inlineequation.attlist "INCLUDE">
+<![ %inlineequation.attlist; [
+<!ATTLIST InlineEquation
+		%common.attrib;
+		%inlineequation.role.attrib;
+		%local.inlineequation.attrib;
+>
+<!--end of inlineequation.attlist-->]]>
+<!--end of inlineequation.module-->]]>
+
+<!ENTITY % alt.module "INCLUDE">
+<![ %alt.module; [
+<!ENTITY % local.alt.attrib "">
+<!ENTITY % alt.role.attrib "%role.attrib;">
+
+<!ENTITY % alt.element "INCLUDE">
+<![ %alt.element; [
+<!ELEMENT Alt - - (#PCDATA)>
+<!--end of alt.element-->]]>
+
+<!ENTITY % alt.attlist "INCLUDE">
+<![ %alt.attlist; [
+<!ATTLIST Alt 
+		%common.attrib;
+		%alt.role.attrib;
+		%local.alt.attrib;
+>
+<!--end of alt.attlist-->]]>
+<!--end of alt.module-->]]>
+
+<!-- Tables ........................... -->
+
+<!ENTITY % table.module "INCLUDE">
+<![ %table.module; [
+
+<!ENTITY % tables.role.attrib "%role.attrib;">
+
+<!-- Add Label attribute to Table element (and InformalTable element). -->
+<!ENTITY % bodyatt "%label.attrib;">
+
+<!-- Add common attributes to Table, TGroup, TBody, THead, TFoot, Row, 
+     EntryTbl, and Entry (and InformalTable element). -->
+<!ENTITY % secur
+	"%common.attrib;
+	%tables.role.attrib;">
+
+<!-- Remove Chart. -->
+<!ENTITY % tbl.table.name "Table">
+
+<!-- Content model for Table. -->
+<!ENTITY % tbl.table.mdl
+	"((%formalobject.title.content;),
+          (%ndxterm.class;)*,
+          (Graphic+|MediaObject+|tgroup+))">
+
+<!-- Exclude all DocBook tables and formal objects. -->
+<!ENTITY % tbl.table.excep "-(InformalTable|%formal.class;)">
+
+<!-- Remove pgbrk exception on Row. -->
+<!ENTITY % tbl.row.excep "">
+
+<!-- Allow either objects or inlines; beware of REs between elements. -->
+<!ENTITY % tbl.entry.mdl "((%tabentry.mix;)+ | (%para.char.mix;)+)">
+
+<!-- Remove pgbrk exception on Entry. -->
+<!ENTITY % tbl.entry.excep "">
+
+<!-- Remove pgbrk exception on EntryTbl, but leave exclusion of itself. -->
+<!ENTITY % tbl.entrytbl.excep "-(entrytbl)">
+
+<!-- Reference CALS table module. -->
+<!ENTITY % calstbls PUBLIC "-//USA-DOD//DTD Table Model 951010//EN">
+%calstbls;
+<!--end of table.module-->]]>
+
+<!ENTITY % informaltable.module "INCLUDE">
+<![ %informaltable.module; [
+
+<!-- Note that InformalTable is dependent on some of the entity
+     declarations that customize Table. -->
+
+<!ENTITY % local.informaltable.attrib "">
+
+<!ENTITY % informaltable.element "INCLUDE">
+<![ %informaltable.element; [
+<!ELEMENT InformalTable - - (Graphic+|MediaObject+|tgroup+) %tbl.table.excep;>
+<!--end of informaltable.element-->]]>
+
+<!ENTITY % informaltable.attlist "INCLUDE">
+<![ %informaltable.attlist; [
+<!ATTLIST InformalTable
+		--
+		Frame, Colsep, and Rowsep must be repeated because
+		they are not in entities in the table module.
+		--
+		Frame		(Top
+				|Bottom
+				|Topbot
+				|All
+				|Sides
+				|None)			#IMPLIED
+		Colsep		%yesorno.attvals;	#IMPLIED
+		Rowsep		%yesorno.attvals;	#IMPLIED
+		%tbl.table.att; -- includes TabStyle, ToCentry, ShortEntry, 
+				Orient, PgWide --
+		%bodyatt; -- includes Label --
+		%secur; -- includes common attributes --
+		%local.informaltable.attrib;
+>
+<!--end of informaltable.attlist-->]]>
+<!--end of informaltable.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Synopses ............................................................. -->
+
+<!-- Synopsis ......................... -->
+
+<!ENTITY % synopsis.module "INCLUDE">
+<![ %synopsis.module; [
+<!ENTITY % local.synopsis.attrib "">
+<!ENTITY % synopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % synopsis.element "INCLUDE">
+<![ %synopsis.element; [
+<!ELEMENT Synopsis - - ((CO | LineAnnotation | %para.char.mix;
+		| Graphic | MediaObject)+)>
+<!--end of synopsis.element-->]]>
+
+<!ENTITY % synopsis.attlist "INCLUDE">
+<![ %synopsis.attlist; [
+<!ATTLIST Synopsis
+		%label.attrib;
+		%linespecific.attrib;
+		%common.attrib;
+		%synopsis.role.attrib;
+		%local.synopsis.attrib;
+>
+<!--end of synopsis.attlist-->]]>
+
+<!-- LineAnnotation (defined in the Inlines section, below)-->
+<!--end of synopsis.module-->]]>
+
+<!-- CmdSynopsis ...................... -->
+
+<!ENTITY % cmdsynopsis.content.module "INCLUDE">
+<![ %cmdsynopsis.content.module; [
+<!ENTITY % cmdsynopsis.module "INCLUDE">
+<![ %cmdsynopsis.module; [
+<!ENTITY % local.cmdsynopsis.attrib "">
+<!ENTITY % cmdsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % cmdsynopsis.element "INCLUDE">
+<![ %cmdsynopsis.element; [
+<!ELEMENT CmdSynopsis - - ((Command | Arg | Group | SBR)+, SynopFragment*)>
+<!--end of cmdsynopsis.element-->]]>
+
+<!ENTITY % cmdsynopsis.attlist "INCLUDE">
+<![ %cmdsynopsis.attlist; [
+<!ATTLIST CmdSynopsis
+		%label.attrib;
+		--
+		Sepchar: Character that should separate command and all 
+		top-level arguments; alternate value might be e.g., &Delta;
+		--
+		Sepchar		CDATA		" "
+		--
+		CmdLength: Length beyond which the presentation engine
+		may consider a Command too long and select an alternate
+		presentation of the Command and, or, its associated
+		arguments.
+		--
+		CmdLength	CDATA		#IMPLIED
+		%common.attrib;
+		%cmdsynopsis.role.attrib;
+		%local.cmdsynopsis.attrib;
+>
+<!--end of cmdsynopsis.attlist-->]]>
+<!--end of cmdsynopsis.module-->]]>
+
+<!ENTITY % arg.module "INCLUDE">
+<![ %arg.module; [
+<!ENTITY % local.arg.attrib "">
+<!ENTITY % arg.role.attrib "%role.attrib;">
+
+<!ENTITY % arg.element "INCLUDE">
+<![ %arg.element; [
+<!ELEMENT Arg - - ((#PCDATA 
+		| Arg 
+		| Group 
+		| Option 
+		| SynopFragmentRef 
+		| Replaceable
+		| SBR)+)>
+<!--end of arg.element-->]]>
+
+<!ENTITY % arg.attlist "INCLUDE">
+<![ %arg.attlist; [
+<!ATTLIST Arg
+		--
+		Choice: Whether Arg must be supplied: Opt (optional to 
+		supply, e.g. [arg]; the default), Req (required to supply, 
+		e.g. {arg}), or Plain (required to supply, e.g. arg)
+		--
+		Choice		(Opt
+				|Req
+				|Plain)		Opt
+		--
+		Rep: whether Arg is repeatable: Norepeat (e.g. arg without 
+		ellipsis; the default), or Repeat (e.g. arg...)
+		--
+		Rep		(Norepeat
+				|Repeat)	Norepeat
+		%common.attrib;
+		%arg.role.attrib;
+		%local.arg.attrib;
+>
+<!--end of arg.attlist-->]]>
+<!--end of arg.module-->]]>
+
+<!ENTITY % group.module "INCLUDE">
+<![ %group.module; [
+
+<!ENTITY % local.group.attrib "">
+<!ENTITY % group.role.attrib "%role.attrib;">
+
+<!ENTITY % group.element "INCLUDE">
+<![ %group.element; [
+<!ELEMENT Group - - ((Arg | Group | Option | SynopFragmentRef 
+		| Replaceable | SBR)+)>
+<!--end of group.element-->]]>
+
+<!ENTITY % group.attlist "INCLUDE">
+<![ %group.attlist; [
+<!ATTLIST Group
+		--
+		Choice: Whether Group must be supplied: Opt (optional to
+		supply, e.g.  [g1|g2|g3]; the default), Req (required to
+		supply, e.g.  {g1|g2|g3}), Plain (required to supply,
+		e.g.  g1|g2|g3), OptMult (can supply zero or more, e.g.
+		[[g1|g2|g3]]), or ReqMult (must supply one or more, e.g.
+		{{g1|g2|g3}})
+		--
+		Choice		(Opt
+				|Req
+				|Plain)		Opt
+		--
+		Rep: whether Group is repeatable: Norepeat (e.g. group 
+		without ellipsis; the default), or Repeat (e.g. group...)
+		--
+		Rep		(Norepeat
+				|Repeat)	Norepeat
+		%common.attrib;
+		%group.role.attrib;
+		%local.group.attrib;
+>
+<!--end of group.attlist-->]]>
+<!--end of group.module-->]]>
+
+<!ENTITY % sbr.module "INCLUDE">
+<![ %sbr.module; [
+<!ENTITY % local.sbr.attrib "">
+<!-- Synopsis break -->
+<!ENTITY % sbr.role.attrib "%role.attrib;">
+
+<!ENTITY % sbr.element "INCLUDE">
+<![ %sbr.element; [
+<!ELEMENT SBR - O EMPTY>
+<!--end of sbr.element-->]]>
+
+<!ENTITY % sbr.attlist "INCLUDE">
+<![ %sbr.attlist; [
+<!ATTLIST SBR
+		%common.attrib;
+		%sbr.role.attrib;
+		%local.sbr.attrib;
+>
+<!--end of sbr.attlist-->]]>
+<!--end of sbr.module-->]]>
+
+<!ENTITY % synopfragmentref.module "INCLUDE">
+<![ %synopfragmentref.module; [
+<!ENTITY % local.synopfragmentref.attrib "">
+<!ENTITY % synopfragmentref.role.attrib "%role.attrib;">
+
+<!ENTITY % synopfragmentref.element "INCLUDE">
+<![ %synopfragmentref.element; [
+<!ELEMENT SynopFragmentRef - - RCDATA >
+<!--end of synopfragmentref.element-->]]>
+
+<!ENTITY % synopfragmentref.attlist "INCLUDE">
+<![ %synopfragmentref.attlist; [
+<!ATTLIST SynopFragmentRef
+		%linkendreq.attrib; --to SynopFragment of complex synopsis
+			material for separate referencing--
+		%common.attrib;
+		%synopfragmentref.role.attrib;
+		%local.synopfragmentref.attrib;
+>
+<!--end of synopfragmentref.attlist-->]]>
+<!--end of synopfragmentref.module-->]]>
+
+<!ENTITY % synopfragment.module "INCLUDE">
+<![ %synopfragment.module; [
+<!ENTITY % local.synopfragment.attrib "">
+<!ENTITY % synopfragment.role.attrib "%role.attrib;">
+
+<!ENTITY % synopfragment.element "INCLUDE">
+<![ %synopfragment.element; [
+<!ELEMENT SynopFragment - - ((Arg | Group)+)>
+<!--end of synopfragment.element-->]]>
+
+<!ENTITY % synopfragment.attlist "INCLUDE">
+<![ %synopfragment.attlist; [
+<!ATTLIST SynopFragment
+		%idreq.common.attrib;
+		%synopfragment.role.attrib;
+		%local.synopfragment.attrib;
+>
+<!--end of synopfragment.attlist-->]]>
+<!--end of synopfragment.module-->]]>
+
+<!-- Command (defined in the Inlines section, below)-->
+<!-- Option (defined in the Inlines section, below)-->
+<!-- Replaceable (defined in the Inlines section, below)-->
+<!--end of cmdsynopsis.content.module-->]]>
+
+<!-- FuncSynopsis ..................... -->
+
+<!ENTITY % funcsynopsis.content.module "INCLUDE">
+<![ %funcsynopsis.content.module; [
+<!ENTITY % funcsynopsis.module "INCLUDE">
+<![ %funcsynopsis.module; [
+
+<!ENTITY % local.funcsynopsis.attrib "">
+<!ENTITY % funcsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % funcsynopsis.element "INCLUDE">
+<![ %funcsynopsis.element; [
+<!ELEMENT FuncSynopsis - - (FuncSynopsisInfo|FuncPrototype)+>
+<!--end of funcsynopsis.element-->]]>
+
+<!ENTITY % funcsynopsis.attlist "INCLUDE">
+<![ %funcsynopsis.attlist; [
+<!ATTLIST FuncSynopsis
+		%label.attrib;
+		%common.attrib;
+		%funcsynopsis.role.attrib;
+		%local.funcsynopsis.attrib;
+>
+<!--end of funcsynopsis.attlist-->]]>
+<!--end of funcsynopsis.module-->]]>
+
+<!ENTITY % funcsynopsisinfo.module "INCLUDE">
+<![ %funcsynopsisinfo.module; [
+<!ENTITY % local.funcsynopsisinfo.attrib "">
+<!ENTITY % funcsynopsisinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % funcsynopsisinfo.element "INCLUDE">
+<![ %funcsynopsisinfo.element; [
+<!ELEMENT FuncSynopsisInfo - O ((LineAnnotation | %cptr.char.mix;)* )>
+<!--end of funcsynopsisinfo.element-->]]>
+
+<!ENTITY % funcsynopsisinfo.attlist "INCLUDE">
+<![ %funcsynopsisinfo.attlist; [
+<!ATTLIST FuncSynopsisInfo
+		%linespecific.attrib;
+		%common.attrib;
+		%funcsynopsisinfo.role.attrib;
+		%local.funcsynopsisinfo.attrib;
+>
+<!--end of funcsynopsisinfo.attlist-->]]>
+<!--end of funcsynopsisinfo.module-->]]>
+
+<!ENTITY % funcprototype.module "INCLUDE">
+<![ %funcprototype.module; [
+<!ENTITY % local.funcprototype.attrib "">
+<!ENTITY % funcprototype.role.attrib "%role.attrib;">
+
+<!ENTITY % funcprototype.element "INCLUDE">
+<![ %funcprototype.element; [
+<!ELEMENT FuncPrototype - O (FuncDef, (Void | VarArgs | ParamDef+))>
+<!--end of funcprototype.element-->]]>
+
+<!ENTITY % funcprototype.attlist "INCLUDE">
+<![ %funcprototype.attlist; [
+<!ATTLIST FuncPrototype
+		%common.attrib;
+		%funcprototype.role.attrib;
+		%local.funcprototype.attrib;
+>
+<!--end of funcprototype.attlist-->]]>
+<!--end of funcprototype.module-->]]>
+
+<!ENTITY % funcdef.module "INCLUDE">
+<![ %funcdef.module; [
+<!ENTITY % local.funcdef.attrib "">
+<!ENTITY % funcdef.role.attrib "%role.attrib;">
+
+<!ENTITY % funcdef.element "INCLUDE">
+<![ %funcdef.element; [
+<!ELEMENT FuncDef - - ((#PCDATA 
+		| Replaceable 
+		| Function)*)>
+<!--end of funcdef.element-->]]>
+
+<!ENTITY % funcdef.attlist "INCLUDE">
+<![ %funcdef.attlist; [
+<!ATTLIST FuncDef
+		%common.attrib;
+		%funcdef.role.attrib;
+		%local.funcdef.attrib;
+>
+<!--end of funcdef.attlist-->]]>
+<!--end of funcdef.module-->]]>
+
+<!ENTITY % void.module "INCLUDE">
+<![ %void.module; [
+<!ENTITY % local.void.attrib "">
+<!ENTITY % void.role.attrib "%role.attrib;">
+
+<!ENTITY % void.element "INCLUDE">
+<![ %void.element; [
+<!ELEMENT Void - O EMPTY>
+<!--end of void.element-->]]>
+
+<!ENTITY % void.attlist "INCLUDE">
+<![ %void.attlist; [
+<!ATTLIST Void
+		%common.attrib;
+		%void.role.attrib;
+		%local.void.attrib;
+>
+<!--end of void.attlist-->]]>
+<!--end of void.module-->]]>
+
+<!ENTITY % varargs.module "INCLUDE">
+<![ %varargs.module; [
+<!ENTITY % local.varargs.attrib "">
+<!ENTITY % varargs.role.attrib "%role.attrib;">
+
+<!ENTITY % varargs.element "INCLUDE">
+<![ %varargs.element; [
+<!ELEMENT VarArgs - O EMPTY>
+<!--end of varargs.element-->]]>
+
+<!ENTITY % varargs.attlist "INCLUDE">
+<![ %varargs.attlist; [
+<!ATTLIST VarArgs
+		%common.attrib;
+		%varargs.role.attrib;
+		%local.varargs.attrib;
+>
+<!--end of varargs.attlist-->]]>
+<!--end of varargs.module-->]]>
+
+<!-- Processing assumes that only one Parameter will appear in a
+     ParamDef, and that FuncParams will be used at most once, for
+     providing information on the "inner parameters" for parameters that
+     are pointers to functions. -->
+
+<!ENTITY % paramdef.module "INCLUDE">
+<![ %paramdef.module; [
+<!ENTITY % local.paramdef.attrib "">
+<!ENTITY % paramdef.role.attrib "%role.attrib;">
+
+<!ENTITY % paramdef.element "INCLUDE">
+<![ %paramdef.element; [
+<!ELEMENT ParamDef - - ((#PCDATA 
+		| Replaceable 
+		| Parameter 
+		| FuncParams)*)>
+<!--end of paramdef.element-->]]>
+
+<!ENTITY % paramdef.attlist "INCLUDE">
+<![ %paramdef.attlist; [
+<!ATTLIST ParamDef
+		%common.attrib;
+		%paramdef.role.attrib;
+		%local.paramdef.attrib;
+>
+<!--end of paramdef.attlist-->]]>
+<!--end of paramdef.module-->]]>
+
+<!ENTITY % funcparams.module "INCLUDE">
+<![ %funcparams.module; [
+<!ENTITY % local.funcparams.attrib "">
+<!ENTITY % funcparams.role.attrib "%role.attrib;">
+
+<!ENTITY % funcparams.element "INCLUDE">
+<![ %funcparams.element; [
+<!ELEMENT FuncParams - - ((%cptr.char.mix;)*)>
+<!--end of funcparams.element-->]]>
+
+<!ENTITY % funcparams.attlist "INCLUDE">
+<![ %funcparams.attlist; [
+<!ATTLIST FuncParams
+		%common.attrib;
+		%funcparams.role.attrib;
+		%local.funcparams.attrib;
+>
+<!--end of funcparams.attlist-->]]>
+<!--end of funcparams.module-->]]>
+
+<!-- LineAnnotation (defined in the Inlines section, below)-->
+<!-- Replaceable (defined in the Inlines section, below)-->
+<!-- Function (defined in the Inlines section, below)-->
+<!-- Parameter (defined in the Inlines section, below)-->
+<!--end of funcsynopsis.content.module-->]]>
+
+<!-- ClassSynopsis ..................... -->
+
+<!ENTITY % classsynopsis.content.module "INCLUDE">
+<![%classsynopsis.content.module;[
+
+<!ENTITY % classsynopsis.module "INCLUDE">
+<![%classsynopsis.module;[
+<!ENTITY % local.classsynopsis.attrib "">
+<!ENTITY % classsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % classsynopsis.element "INCLUDE">
+<![%classsynopsis.element;[
+<!ELEMENT ClassSynopsis - - ((OOClass|OOInterface|OOException)+,
+                             (ClassSynopsisInfo
+                              |FieldSynopsis|%method.synop.class;)*)>
+<!--end of classsynopsis.element-->]]>
+
+<!ENTITY % classsynopsis.attlist "INCLUDE">
+<![%classsynopsis.attlist;[
+<!ATTLIST ClassSynopsis
+	%common.attrib;
+	%classsynopsis.role.attrib;
+	%local.classsynopsis.attrib;
+	Language	CDATA	#IMPLIED
+	Class	(Class|Interface)	"Class"
+>
+<!--end of classsynopsis.attlist-->]]>
+<!--end of classsynopsis.module-->]]>
+
+<!ENTITY % classsynopsisinfo.module "INCLUDE">
+<![ %classsynopsisinfo.module; [
+<!ENTITY % local.classsynopsisinfo.attrib "">
+<!ENTITY % classsynopsisinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % classsynopsisinfo.element "INCLUDE">
+<![ %classsynopsisinfo.element; [
+<!ELEMENT ClassSynopsisInfo - O ((LineAnnotation | %cptr.char.mix;)* )>
+<!--end of classsynopsisinfo.element-->]]>
+
+<!ENTITY % classsynopsisinfo.attlist "INCLUDE">
+<![ %classsynopsisinfo.attlist; [
+<!ATTLIST ClassSynopsisInfo
+		%linespecific.attrib;
+		%common.attrib;
+		%classsynopsisinfo.role.attrib;
+		%local.classsynopsisinfo.attrib;
+>
+<!--end of classsynopsisinfo.attlist-->]]>
+<!--end of classsynopsisinfo.module-->]]>
+
+<!ENTITY % ooclass.module "INCLUDE">
+<![%ooclass.module;[
+<!ENTITY % local.ooclass.attrib "">
+<!ENTITY % ooclass.role.attrib "%role.attrib;">
+
+<!ENTITY % ooclass.element "INCLUDE">
+<![%ooclass.element;[
+<!ELEMENT OOClass - - (Modifier*, ClassName)>
+<!--end of ooclass.element-->]]>
+
+<!ENTITY % ooclass.attlist "INCLUDE">
+<![%ooclass.attlist;[
+<!ATTLIST OOClass
+	%common.attrib;
+	%ooclass.role.attrib;
+	%local.ooclass.attrib;
+>
+<!--end of ooclass.attlist-->]]>
+<!--end of ooclass.module-->]]>
+
+<!ENTITY % oointerface.module "INCLUDE">
+<![%oointerface.module;[
+<!ENTITY % local.oointerface.attrib "">
+<!ENTITY % oointerface.role.attrib "%role.attrib;">
+
+<!ENTITY % oointerface.element "INCLUDE">
+<![%oointerface.element;[
+<!ELEMENT OOInterface - - (Modifier*, InterfaceName)>
+<!--end of oointerface.element-->]]>
+
+<!ENTITY % oointerface.attlist "INCLUDE">
+<![%oointerface.attlist;[
+<!ATTLIST OOInterface
+	%common.attrib;
+	%oointerface.role.attrib;
+	%local.oointerface.attrib;
+>
+<!--end of oointerface.attlist-->]]>
+<!--end of oointerface.module-->]]>
+
+<!ENTITY % ooexception.module "INCLUDE">
+<![%ooexception.module;[
+<!ENTITY % local.ooexception.attrib "">
+<!ENTITY % ooexception.role.attrib "%role.attrib;">
+
+<!ENTITY % ooexception.element "INCLUDE">
+<![%ooexception.element;[
+<!ELEMENT OOException - - (Modifier*, ExceptionName)>
+<!--end of ooexception.element-->]]>
+
+<!ENTITY % ooexception.attlist "INCLUDE">
+<![%ooexception.attlist;[
+<!ATTLIST OOException
+	%common.attrib;
+	%ooexception.role.attrib;
+	%local.ooexception.attrib;
+>
+<!--end of ooexception.attlist-->]]>
+<!--end of ooexception.module-->]]>
+
+<!ENTITY % modifier.module "INCLUDE">
+<![%modifier.module;[
+<!ENTITY % local.modifier.attrib "">
+<!ENTITY % modifier.role.attrib "%role.attrib;">
+
+<!ENTITY % modifier.element "INCLUDE">
+<![%modifier.element;[
+<!ELEMENT Modifier - - (%smallcptr.char.mix;)*>
+<!--end of modifier.element-->]]>
+
+<!ENTITY % modifier.attlist "INCLUDE">
+<![%modifier.attlist;[
+<!ATTLIST Modifier
+	%common.attrib;
+	%modifier.role.attrib;
+	%local.modifier.attrib;
+>
+<!--end of modifier.attlist-->]]>
+<!--end of modifier.module-->]]>
+
+<!ENTITY % interfacename.module "INCLUDE">
+<![%interfacename.module;[
+<!ENTITY % local.interfacename.attrib "">
+<!ENTITY % interfacename.role.attrib "%role.attrib;">
+
+<!ENTITY % interfacename.element "INCLUDE">
+<![%interfacename.element;[
+<!ELEMENT InterfaceName - - (%smallcptr.char.mix;)*>
+<!--end of interfacename.element-->]]>
+
+<!ENTITY % interfacename.attlist "INCLUDE">
+<![%interfacename.attlist;[
+<!ATTLIST InterfaceName
+	%common.attrib;
+	%interfacename.role.attrib;
+	%local.interfacename.attrib;
+>
+<!--end of interfacename.attlist-->]]>
+<!--end of interfacename.module-->]]>
+
+<!ENTITY % exceptionname.module "INCLUDE">
+<![%exceptionname.module;[
+<!ENTITY % local.exceptionname.attrib "">
+<!ENTITY % exceptionname.role.attrib "%role.attrib;">
+
+<!ENTITY % exceptionname.element "INCLUDE">
+<![%exceptionname.element;[
+<!ELEMENT ExceptionName - - (%smallcptr.char.mix;)*>
+<!--end of exceptionname.element-->]]>
+
+<!ENTITY % exceptionname.attlist "INCLUDE">
+<![%exceptionname.attlist;[
+<!ATTLIST ExceptionName
+	%common.attrib;
+	%exceptionname.role.attrib;
+	%local.exceptionname.attrib;
+>
+<!--end of exceptionname.attlist-->]]>
+<!--end of exceptionname.module-->]]>
+
+<!ENTITY % fieldsynopsis.module "INCLUDE">
+<![%fieldsynopsis.module;[
+<!ENTITY % local.fieldsynopsis.attrib "">
+<!ENTITY % fieldsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % fieldsynopsis.element "INCLUDE">
+<![%fieldsynopsis.element;[
+<!ELEMENT FieldSynopsis - - (Modifier*, Type?, VarName, Initializer?)>
+<!--end of fieldsynopsis.element-->]]>
+
+<!ENTITY % fieldsynopsis.attlist "INCLUDE">
+<![%fieldsynopsis.attlist;[
+<!ATTLIST FieldSynopsis
+	%common.attrib;
+	%fieldsynopsis.role.attrib;
+	%local.fieldsynopsis.attrib;
+>
+<!--end of fieldsynopsis.attlist-->]]>
+<!--end of fieldsynopsis.module-->]]>
+
+<!ENTITY % initializer.module "INCLUDE">
+<![%initializer.module;[
+<!ENTITY % local.initializer.attrib "">
+<!ENTITY % initializer.role.attrib "%role.attrib;">
+
+<!ENTITY % initializer.element "INCLUDE">
+<![%initializer.element;[
+<!ELEMENT Initializer - - (%smallcptr.char.mix;)*>
+<!--end of initializer.element-->]]>
+
+<!ENTITY % initializer.attlist "INCLUDE">
+<![%initializer.attlist;[
+<!ATTLIST Initializer
+	%common.attrib;
+	%initializer.role.attrib;
+	%local.initializer.attrib;
+>
+<!--end of initializer.attlist-->]]>
+<!--end of initializer.module-->]]>
+
+<!ENTITY % constructorsynopsis.module "INCLUDE">
+<![%constructorsynopsis.module;[
+<!ENTITY % local.constructorsynopsis.attrib "">
+<!ENTITY % constructorsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % constructorsynopsis.element "INCLUDE">
+<![%constructorsynopsis.element;[
+<!ELEMENT ConstructorSynopsis - - (Modifier*,
+                                   MethodName?,
+                                   (MethodParam+|Void),
+                                   ExceptionName*)>
+<!--end of constructorsynopsis.element-->]]>
+
+<!ENTITY % constructorsynopsis.attlist "INCLUDE">
+<![%constructorsynopsis.attlist;[
+<!ATTLIST ConstructorSynopsis
+	%common.attrib;
+	%constructorsynopsis.role.attrib;
+	%local.constructorsynopsis.attrib;
+>
+<!--end of constructorsynopsis.attlist-->]]>
+<!--end of constructorsynopsis.module-->]]>
+
+<!ENTITY % destructorsynopsis.module "INCLUDE">
+<![%destructorsynopsis.module;[
+<!ENTITY % local.destructorsynopsis.attrib "">
+<!ENTITY % destructorsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % destructorsynopsis.element "INCLUDE">
+<![%destructorsynopsis.element;[
+<!ELEMENT DestructorSynopsis - - (Modifier*,
+                                  MethodName?,
+                                  (MethodParam+|Void),
+                                  ExceptionName*)>
+<!--end of destructorsynopsis.element-->]]>
+
+<!ENTITY % destructorsynopsis.attlist "INCLUDE">
+<![%destructorsynopsis.attlist;[
+<!ATTLIST DestructorSynopsis
+	%common.attrib;
+	%destructorsynopsis.role.attrib;
+	%local.destructorsynopsis.attrib;
+>
+<!--end of destructorsynopsis.attlist-->]]>
+<!--end of destructorsynopsis.module-->]]>
+
+<!ENTITY % methodsynopsis.module "INCLUDE">
+<![%methodsynopsis.module;[
+<!ENTITY % local.methodsynopsis.attrib "">
+<!ENTITY % methodsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % methodsynopsis.element "INCLUDE">
+<![%methodsynopsis.element;[
+<!ELEMENT MethodSynopsis - - (Modifier*,
+                              (Type|Void)?,
+                              MethodName,
+                              (MethodParam+|Void),
+                              ExceptionName*,
+                              Modifier*)>
+<!--end of methodsynopsis.element-->]]>
+
+<!ENTITY % methodsynopsis.attlist "INCLUDE">
+<![%methodsynopsis.attlist;[
+<!ATTLIST MethodSynopsis
+	%common.attrib;
+	%methodsynopsis.role.attrib;
+	%local.methodsynopsis.attrib;
+>
+<!--end of methodsynopsis.attlist-->]]>
+<!--end of methodsynopsis.module-->]]>
+
+<!ENTITY % methodname.module "INCLUDE">
+<![%methodname.module;[
+<!ENTITY % local.methodname.attrib "">
+<!ENTITY % methodname.role.attrib "%role.attrib;">
+
+<!ENTITY % methodname.element "INCLUDE">
+<![%methodname.element;[
+<!ELEMENT MethodName - - (%smallcptr.char.mix;)*>
+<!--end of methodname.element-->]]>
+
+<!ENTITY % methodname.attlist "INCLUDE">
+<![%methodname.attlist;[
+<!ATTLIST MethodName
+	%common.attrib;
+	%methodname.role.attrib;
+	%local.methodname.attrib;
+>
+<!--end of methodname.attlist-->]]>
+<!--end of methodname.module-->]]>
+
+<!ENTITY % methodparam.module "INCLUDE">
+<![%methodparam.module;[
+<!ENTITY % local.methodparam.attrib "">
+<!ENTITY % methodparam.role.attrib "%role.attrib;">
+
+<!ENTITY % methodparam.element "INCLUDE">
+<![%methodparam.element;[
+<!ELEMENT MethodParam - - (Modifier*,
+                           Type?, ((Parameter,Initializer?)|FuncParams),
+                           Modifier*)>
+<!--end of methodparam.element-->]]>
+
+<!ENTITY % methodparam.attlist "INCLUDE">
+<![%methodparam.attlist;[
+<!ATTLIST MethodParam
+	%common.attrib;
+	%methodparam.role.attrib;
+	%local.methodparam.attrib;
+	Choice		(Opt
+			|Req
+			|Plain)		"Req"
+	Rep		(Norepeat
+			|Repeat)	"Norepeat"
+>
+<!--end of methodparam.attlist-->]]>
+<!--end of methodparam.module-->]]>
+<!--end of classsynopsis.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Document information entities and elements ........................... -->
+
+<!-- The document information elements include some elements that are
+     currently used only in the document hierarchy module. They are
+     defined here so that they will be available for use in customized
+     document hierarchies. -->
+
+<!-- .................................. -->
+
+<!ENTITY % docinfo.content.module "INCLUDE">
+<![ %docinfo.content.module; [
+
+<!-- Ackno ............................ -->
+
+<!ENTITY % ackno.module "INCLUDE">
+<![ %ackno.module; [
+<!ENTITY % local.ackno.attrib "">
+<!ENTITY % ackno.role.attrib "%role.attrib;">
+
+<!ENTITY % ackno.element "INCLUDE">
+<![ %ackno.element; [
+<!ELEMENT Ackno - - ((%docinfo.char.mix;)+)>
+<!--end of ackno.element-->]]>
+
+<!ENTITY % ackno.attlist "INCLUDE">
+<![ %ackno.attlist; [
+<!ATTLIST Ackno
+		%common.attrib;
+		%ackno.role.attrib;
+		%local.ackno.attrib;
+>
+<!--end of ackno.attlist-->]]>
+<!--end of ackno.module-->]]>
+
+<!-- Address .......................... -->
+
+<!ENTITY % address.content.module "INCLUDE">
+<![ %address.content.module; [
+<!ENTITY % address.module "INCLUDE">
+<![ %address.module; [
+<!ENTITY % local.address.attrib "">
+<!ENTITY % address.role.attrib "%role.attrib;">
+
+<!ENTITY % address.element "INCLUDE">
+<![ %address.element; [
+<!ELEMENT Address - - (#PCDATA|%person.ident.mix;
+		       |Street|POB|Postcode|City|State|Country|Phone
+		       |Fax|Email|OtherAddr)*>
+<!--end of address.element-->]]>
+
+<!ENTITY % address.attlist "INCLUDE">
+<![ %address.attlist; [
+<!ATTLIST Address
+		%linespecific.attrib;
+		%common.attrib;
+		%address.role.attrib;
+		%local.address.attrib;
+>
+<!--end of address.attlist-->]]>
+<!--end of address.module-->]]>
+
+  <!ENTITY % street.module "INCLUDE">
+  <![ %street.module; [
+ <!ENTITY % local.street.attrib "">
+  <!ENTITY % street.role.attrib "%role.attrib;">
+  
+<!ENTITY % street.element "INCLUDE">
+<![ %street.element; [
+<!ELEMENT Street - - ((%docinfo.char.mix;)+)>
+<!--end of street.element-->]]>
+  
+<!ENTITY % street.attlist "INCLUDE">
+<![ %street.attlist; [
+<!ATTLIST Street
+		%common.attrib;
+		%street.role.attrib;
+		%local.street.attrib;
+>
+<!--end of street.attlist-->]]>
+  <!--end of street.module-->]]>
+
+  <!ENTITY % pob.module "INCLUDE">
+  <![ %pob.module; [
+  <!ENTITY % local.pob.attrib "">
+  <!ENTITY % pob.role.attrib "%role.attrib;">
+  
+<!ENTITY % pob.element "INCLUDE">
+<![ %pob.element; [
+<!ELEMENT POB - - ((%docinfo.char.mix;)+)>
+<!--end of pob.element-->]]>
+  
+<!ENTITY % pob.attlist "INCLUDE">
+<![ %pob.attlist; [
+<!ATTLIST POB
+		%common.attrib;
+		%pob.role.attrib;
+		%local.pob.attrib;
+>
+<!--end of pob.attlist-->]]>
+  <!--end of pob.module-->]]>
+
+  <!ENTITY % postcode.module "INCLUDE">
+  <![ %postcode.module; [
+  <!ENTITY % local.postcode.attrib "">
+  <!ENTITY % postcode.role.attrib "%role.attrib;">
+  
+<!ENTITY % postcode.element "INCLUDE">
+<![ %postcode.element; [
+<!ELEMENT Postcode - - ((%docinfo.char.mix;)+)>
+<!--end of postcode.element-->]]>
+  
+<!ENTITY % postcode.attlist "INCLUDE">
+<![ %postcode.attlist; [
+<!ATTLIST Postcode
+		%common.attrib;
+		%postcode.role.attrib;
+		%local.postcode.attrib;
+>
+<!--end of postcode.attlist-->]]>
+  <!--end of postcode.module-->]]>
+
+  <!ENTITY % city.module "INCLUDE">
+  <![ %city.module; [
+  <!ENTITY % local.city.attrib "">
+  <!ENTITY % city.role.attrib "%role.attrib;">
+  
+<!ENTITY % city.element "INCLUDE">
+<![ %city.element; [
+<!ELEMENT City - - ((%docinfo.char.mix;)+)>
+<!--end of city.element-->]]>
+  
+<!ENTITY % city.attlist "INCLUDE">
+<![ %city.attlist; [
+<!ATTLIST City
+		%common.attrib;
+		%city.role.attrib;
+		%local.city.attrib;
+>
+<!--end of city.attlist-->]]>
+  <!--end of city.module-->]]>
+
+  <!ENTITY % state.module "INCLUDE">
+  <![ %state.module; [
+  <!ENTITY % local.state.attrib "">
+  <!ENTITY % state.role.attrib "%role.attrib;">
+  
+<!ENTITY % state.element "INCLUDE">
+<![ %state.element; [
+<!ELEMENT State - - ((%docinfo.char.mix;)+)>
+<!--end of state.element-->]]>
+  
+<!ENTITY % state.attlist "INCLUDE">
+<![ %state.attlist; [
+<!ATTLIST State
+		%common.attrib;
+		%state.role.attrib;
+		%local.state.attrib;
+>
+<!--end of state.attlist-->]]>
+  <!--end of state.module-->]]>
+
+  <!ENTITY % country.module "INCLUDE">
+  <![ %country.module; [
+  <!ENTITY % local.country.attrib "">
+  <!ENTITY % country.role.attrib "%role.attrib;">
+  
+<!ENTITY % country.element "INCLUDE">
+<![ %country.element; [
+<!ELEMENT Country - - ((%docinfo.char.mix;)+)>
+<!--end of country.element-->]]>
+  
+<!ENTITY % country.attlist "INCLUDE">
+<![ %country.attlist; [
+<!ATTLIST Country
+		%common.attrib;
+		%country.role.attrib;
+		%local.country.attrib;
+>
+<!--end of country.attlist-->]]>
+  <!--end of country.module-->]]>
+
+  <!ENTITY % phone.module "INCLUDE">
+  <![ %phone.module; [
+  <!ENTITY % local.phone.attrib "">
+  <!ENTITY % phone.role.attrib "%role.attrib;">
+  
+<!ENTITY % phone.element "INCLUDE">
+<![ %phone.element; [
+<!ELEMENT Phone - - ((%docinfo.char.mix;)+)>
+<!--end of phone.element-->]]>
+  
+<!ENTITY % phone.attlist "INCLUDE">
+<![ %phone.attlist; [
+<!ATTLIST Phone
+		%common.attrib;
+		%phone.role.attrib;
+		%local.phone.attrib;
+>
+<!--end of phone.attlist-->]]>
+  <!--end of phone.module-->]]>
+
+  <!ENTITY % fax.module "INCLUDE">
+  <![ %fax.module; [
+  <!ENTITY % local.fax.attrib "">
+  <!ENTITY % fax.role.attrib "%role.attrib;">
+  
+<!ENTITY % fax.element "INCLUDE">
+<![ %fax.element; [
+<!ELEMENT Fax - - ((%docinfo.char.mix;)+)>
+<!--end of fax.element-->]]>
+  
+<!ENTITY % fax.attlist "INCLUDE">
+<![ %fax.attlist; [
+<!ATTLIST Fax
+		%common.attrib;
+		%fax.role.attrib;
+		%local.fax.attrib;
+>
+<!--end of fax.attlist-->]]>
+  <!--end of fax.module-->]]>
+
+  <!-- Email (defined in the Inlines section, below)-->
+
+  <!ENTITY % otheraddr.module "INCLUDE">
+  <![ %otheraddr.module; [
+  <!ENTITY % local.otheraddr.attrib "">
+  <!ENTITY % otheraddr.role.attrib "%role.attrib;">
+  
+<!ENTITY % otheraddr.element "INCLUDE">
+<![ %otheraddr.element; [
+<!ELEMENT OtherAddr - - ((%docinfo.char.mix;)+)>
+<!--end of otheraddr.element-->]]>
+  
+<!ENTITY % otheraddr.attlist "INCLUDE">
+<![ %otheraddr.attlist; [
+<!ATTLIST OtherAddr
+		%common.attrib;
+		%otheraddr.role.attrib;
+		%local.otheraddr.attrib;
+>
+<!--end of otheraddr.attlist-->]]>
+  <!--end of otheraddr.module-->]]>
+<!--end of address.content.module-->]]>
+
+<!-- Affiliation ...................... -->
+
+<!ENTITY % affiliation.content.module "INCLUDE">
+<![ %affiliation.content.module; [
+<!ENTITY % affiliation.module "INCLUDE">
+<![ %affiliation.module; [
+<!ENTITY % local.affiliation.attrib "">
+<!ENTITY % affiliation.role.attrib "%role.attrib;">
+
+<!ENTITY % affiliation.element "INCLUDE">
+<![ %affiliation.element; [
+<!ELEMENT Affiliation - - (ShortAffil?, JobTitle*, OrgName?, OrgDiv*,
+		Address*)>
+<!--end of affiliation.element-->]]>
+
+<!ENTITY % affiliation.attlist "INCLUDE">
+<![ %affiliation.attlist; [
+<!ATTLIST Affiliation
+		%common.attrib;
+		%affiliation.role.attrib;
+		%local.affiliation.attrib;
+>
+<!--end of affiliation.attlist-->]]>
+<!--end of affiliation.module-->]]>
+
+  <!ENTITY % shortaffil.module "INCLUDE">
+  <![ %shortaffil.module; [
+  <!ENTITY % local.shortaffil.attrib "">
+  <!ENTITY % shortaffil.role.attrib "%role.attrib;">
+  
+<!ENTITY % shortaffil.element "INCLUDE">
+<![ %shortaffil.element; [
+<!ELEMENT ShortAffil - - ((%docinfo.char.mix;)+)>
+<!--end of shortaffil.element-->]]>
+  
+<!ENTITY % shortaffil.attlist "INCLUDE">
+<![ %shortaffil.attlist; [
+<!ATTLIST ShortAffil
+		%common.attrib;
+		%shortaffil.role.attrib;
+		%local.shortaffil.attrib;
+>
+<!--end of shortaffil.attlist-->]]>
+  <!--end of shortaffil.module-->]]>
+
+  <!ENTITY % jobtitle.module "INCLUDE">
+  <![ %jobtitle.module; [
+  <!ENTITY % local.jobtitle.attrib "">
+  <!ENTITY % jobtitle.role.attrib "%role.attrib;">
+  
+<!ENTITY % jobtitle.element "INCLUDE">
+<![ %jobtitle.element; [
+<!ELEMENT JobTitle - - ((%docinfo.char.mix;)+)>
+<!--end of jobtitle.element-->]]>
+  
+<!ENTITY % jobtitle.attlist "INCLUDE">
+<![ %jobtitle.attlist; [
+<!ATTLIST JobTitle
+		%common.attrib;
+		%jobtitle.role.attrib;
+		%local.jobtitle.attrib;
+>
+<!--end of jobtitle.attlist-->]]>
+  <!--end of jobtitle.module-->]]>
+
+  <!-- OrgName (defined elsewhere in this section)-->
+
+  <!ENTITY % orgdiv.module "INCLUDE">
+  <![ %orgdiv.module; [
+  <!ENTITY % local.orgdiv.attrib "">
+  <!ENTITY % orgdiv.role.attrib "%role.attrib;">
+  
+<!ENTITY % orgdiv.element "INCLUDE">
+<![ %orgdiv.element; [
+<!ELEMENT OrgDiv - - ((%docinfo.char.mix;)+)>
+<!--end of orgdiv.element-->]]>
+  
+<!ENTITY % orgdiv.attlist "INCLUDE">
+<![ %orgdiv.attlist; [
+<!ATTLIST OrgDiv
+		%common.attrib;
+		%orgdiv.role.attrib;
+		%local.orgdiv.attrib;
+>
+<!--end of orgdiv.attlist-->]]>
+  <!--end of orgdiv.module-->]]>
+
+  <!-- Address (defined elsewhere in this section)-->
+<!--end of affiliation.content.module-->]]>
+
+<!-- ArtPageNums ...................... -->
+
+<!ENTITY % artpagenums.module "INCLUDE">
+<![ %artpagenums.module; [
+<!ENTITY % local.artpagenums.attrib "">
+<!ENTITY % argpagenums.role.attrib "%role.attrib;">
+
+<!ENTITY % artpagenums.element "INCLUDE">
+<![ %artpagenums.element; [
+<!ELEMENT ArtPageNums - - ((%docinfo.char.mix;)+)>
+<!--end of artpagenums.element-->]]>
+
+<!ENTITY % artpagenums.attlist "INCLUDE">
+<![ %artpagenums.attlist; [
+<!ATTLIST ArtPageNums
+		%common.attrib;
+		%argpagenums.role.attrib;
+		%local.artpagenums.attrib;
+>
+<!--end of artpagenums.attlist-->]]>
+<!--end of artpagenums.module-->]]>
+
+<!-- Author ........................... -->
+
+<!ENTITY % author.module "INCLUDE">
+<![ %author.module; [
+<!ENTITY % local.author.attrib "">
+<!ENTITY % author.role.attrib "%role.attrib;">
+
+<!ENTITY % author.element "INCLUDE">
+<![ %author.element; [
+<!ELEMENT Author - - ((%person.ident.mix;)+)>
+<!--end of author.element-->]]>
+
+<!ENTITY % author.attlist "INCLUDE">
+<![ %author.attlist; [
+<!ATTLIST Author
+		%common.attrib;
+		%author.role.attrib;
+		%local.author.attrib;
+>
+<!--end of author.attlist-->]]>
+<!--(see "Personal identity elements" for %person.ident.mix;)-->
+<!--end of author.module-->]]>
+
+<!-- AuthorGroup ...................... -->
+
+<!ENTITY % authorgroup.content.module "INCLUDE">
+<![ %authorgroup.content.module; [
+<!ENTITY % authorgroup.module "INCLUDE">
+<![ %authorgroup.module; [
+<!ENTITY % local.authorgroup.attrib "">
+<!ENTITY % authorgroup.role.attrib "%role.attrib;">
+
+<!ENTITY % authorgroup.element "INCLUDE">
+<![ %authorgroup.element; [
+<!ELEMENT AuthorGroup - - ((Author|Editor|Collab|CorpAuthor|OtherCredit)+)>
+<!--end of authorgroup.element-->]]>
+
+<!ENTITY % authorgroup.attlist "INCLUDE">
+<![ %authorgroup.attlist; [
+<!ATTLIST AuthorGroup
+		%common.attrib;
+		%authorgroup.role.attrib;
+		%local.authorgroup.attrib;
+>
+<!--end of authorgroup.attlist-->]]>
+<!--end of authorgroup.module-->]]>
+
+  <!-- Author (defined elsewhere in this section)-->
+  <!-- Editor (defined elsewhere in this section)-->
+
+  <!ENTITY % collab.content.module "INCLUDE">
+  <![ %collab.content.module; [
+  <!ENTITY % collab.module "INCLUDE">
+  <![ %collab.module; [
+  <!ENTITY % local.collab.attrib "">
+  <!ENTITY % collab.role.attrib "%role.attrib;">
+  
+<!ENTITY % collab.element "INCLUDE">
+<![ %collab.element; [
+<!ELEMENT Collab - - (CollabName, Affiliation*)>
+<!--end of collab.element-->]]>
+  
+<!ENTITY % collab.attlist "INCLUDE">
+<![ %collab.attlist; [
+<!ATTLIST Collab
+		%common.attrib;
+		%collab.role.attrib;
+		%local.collab.attrib;
+>
+<!--end of collab.attlist-->]]>
+  <!--end of collab.module-->]]>
+
+    <!ENTITY % collabname.module "INCLUDE">
+  <![ %collabname.module; [
+  <!ENTITY % local.collabname.attrib "">
+  <!ENTITY % collabname.role.attrib "%role.attrib;">
+    
+<!ENTITY % collabname.element "INCLUDE">
+<![ %collabname.element; [
+<!ELEMENT CollabName - - ((%docinfo.char.mix;)+)>
+<!--end of collabname.element-->]]>
+    
+<!ENTITY % collabname.attlist "INCLUDE">
+<![ %collabname.attlist; [
+<!ATTLIST CollabName
+		%common.attrib;
+		%collabname.role.attrib;
+		%local.collabname.attrib;
+>
+<!--end of collabname.attlist-->]]>
+    <!--end of collabname.module-->]]>
+
+    <!-- Affiliation (defined elsewhere in this section)-->
+  <!--end of collab.content.module-->]]>
+
+  <!-- CorpAuthor (defined elsewhere in this section)-->
+  <!-- OtherCredit (defined elsewhere in this section)-->
+
+<!--end of authorgroup.content.module-->]]>
+
+<!-- AuthorInitials ................... -->
+
+<!ENTITY % authorinitials.module "INCLUDE">
+<![ %authorinitials.module; [
+<!ENTITY % local.authorinitials.attrib "">
+<!ENTITY % authorinitials.role.attrib "%role.attrib;">
+
+<!ENTITY % authorinitials.element "INCLUDE">
+<![ %authorinitials.element; [
+<!ELEMENT AuthorInitials - - ((%docinfo.char.mix;)+)>
+<!--end of authorinitials.element-->]]>
+
+<!ENTITY % authorinitials.attlist "INCLUDE">
+<![ %authorinitials.attlist; [
+<!ATTLIST AuthorInitials
+		%common.attrib;
+		%authorinitials.role.attrib;
+		%local.authorinitials.attrib;
+>
+<!--end of authorinitials.attlist-->]]>
+<!--end of authorinitials.module-->]]>
+
+<!-- ConfGroup ........................ -->
+
+<!ENTITY % confgroup.content.module "INCLUDE">
+<![ %confgroup.content.module; [
+<!ENTITY % confgroup.module "INCLUDE">
+<![ %confgroup.module; [
+<!ENTITY % local.confgroup.attrib "">
+<!ENTITY % confgroup.role.attrib "%role.attrib;">
+
+<!ENTITY % confgroup.element "INCLUDE">
+<![ %confgroup.element; [
+<!ELEMENT ConfGroup - - ((ConfDates|ConfTitle|ConfNum|Address|ConfSponsor)*)>
+<!--end of confgroup.element-->]]>
+
+<!ENTITY % confgroup.attlist "INCLUDE">
+<![ %confgroup.attlist; [
+<!ATTLIST ConfGroup
+		%common.attrib;
+		%confgroup.role.attrib;
+		%local.confgroup.attrib;
+>
+<!--end of confgroup.attlist-->]]>
+<!--end of confgroup.module-->]]>
+
+  <!ENTITY % confdates.module "INCLUDE">
+  <![ %confdates.module; [
+  <!ENTITY % local.confdates.attrib "">
+  <!ENTITY % confdates.role.attrib "%role.attrib;">
+  
+<!ENTITY % confdates.element "INCLUDE">
+<![ %confdates.element; [
+<!ELEMENT ConfDates - - ((%docinfo.char.mix;)+)>
+<!--end of confdates.element-->]]>
+  
+<!ENTITY % confdates.attlist "INCLUDE">
+<![ %confdates.attlist; [
+<!ATTLIST ConfDates
+		%common.attrib;
+		%confdates.role.attrib;
+		%local.confdates.attrib;
+>
+<!--end of confdates.attlist-->]]>
+  <!--end of confdates.module-->]]>
+
+  <!ENTITY % conftitle.module "INCLUDE">
+  <![ %conftitle.module; [
+  <!ENTITY % local.conftitle.attrib "">
+  <!ENTITY % conftitle.role.attrib "%role.attrib;">
+  
+<!ENTITY % conftitle.element "INCLUDE">
+<![ %conftitle.element; [
+<!ELEMENT ConfTitle - - ((%docinfo.char.mix;)+)>
+<!--end of conftitle.element-->]]>
+  
+<!ENTITY % conftitle.attlist "INCLUDE">
+<![ %conftitle.attlist; [
+<!ATTLIST ConfTitle
+		%common.attrib;
+		%conftitle.role.attrib;
+		%local.conftitle.attrib;
+>
+<!--end of conftitle.attlist-->]]>
+  <!--end of conftitle.module-->]]>
+
+  <!ENTITY % confnum.module "INCLUDE">
+  <![ %confnum.module; [
+  <!ENTITY % local.confnum.attrib "">
+  <!ENTITY % confnum.role.attrib "%role.attrib;">
+  
+<!ENTITY % confnum.element "INCLUDE">
+<![ %confnum.element; [
+<!ELEMENT ConfNum - - ((%docinfo.char.mix;)+)>
+<!--end of confnum.element-->]]>
+  
+<!ENTITY % confnum.attlist "INCLUDE">
+<![ %confnum.attlist; [
+<!ATTLIST ConfNum
+		%common.attrib;
+		%confnum.role.attrib;
+		%local.confnum.attrib;
+>
+<!--end of confnum.attlist-->]]>
+  <!--end of confnum.module-->]]>
+
+  <!-- Address (defined elsewhere in this section)-->
+
+  <!ENTITY % confsponsor.module "INCLUDE">
+  <![ %confsponsor.module; [
+  <!ENTITY % local.confsponsor.attrib "">
+  <!ENTITY % confsponsor.role.attrib "%role.attrib;">
+  
+<!ENTITY % confsponsor.element "INCLUDE">
+<![ %confsponsor.element; [
+<!ELEMENT ConfSponsor - - ((%docinfo.char.mix;)+)>
+<!--end of confsponsor.element-->]]>
+  
+<!ENTITY % confsponsor.attlist "INCLUDE">
+<![ %confsponsor.attlist; [
+<!ATTLIST ConfSponsor
+		%common.attrib;
+		%confsponsor.role.attrib;
+		%local.confsponsor.attrib;
+>
+<!--end of confsponsor.attlist-->]]>
+  <!--end of confsponsor.module-->]]>
+<!--end of confgroup.content.module-->]]>
+
+<!-- ContractNum ...................... -->
+
+<!ENTITY % contractnum.module "INCLUDE">
+<![ %contractnum.module; [
+<!ENTITY % local.contractnum.attrib "">
+<!ENTITY % contractnum.role.attrib "%role.attrib;">
+
+<!ENTITY % contractnum.element "INCLUDE">
+<![ %contractnum.element; [
+<!ELEMENT ContractNum - - ((%docinfo.char.mix;)+)>
+<!--end of contractnum.element-->]]>
+
+<!ENTITY % contractnum.attlist "INCLUDE">
+<![ %contractnum.attlist; [
+<!ATTLIST ContractNum
+		%common.attrib;
+		%contractnum.role.attrib;
+		%local.contractnum.attrib;
+>
+<!--end of contractnum.attlist-->]]>
+<!--end of contractnum.module-->]]>
+
+<!-- ContractSponsor .................. -->
+
+<!ENTITY % contractsponsor.module "INCLUDE">
+<![ %contractsponsor.module; [
+<!ENTITY % local.contractsponsor.attrib "">
+<!ENTITY % contractsponsor.role.attrib "%role.attrib;">
+
+<!ENTITY % contractsponsor.element "INCLUDE">
+<![ %contractsponsor.element; [
+<!ELEMENT ContractSponsor - - ((%docinfo.char.mix;)+)>
+<!--end of contractsponsor.element-->]]>
+
+<!ENTITY % contractsponsor.attlist "INCLUDE">
+<![ %contractsponsor.attlist; [
+<!ATTLIST ContractSponsor
+		%common.attrib;
+		%contractsponsor.role.attrib;
+		%local.contractsponsor.attrib;
+>
+<!--end of contractsponsor.attlist-->]]>
+<!--end of contractsponsor.module-->]]>
+
+<!-- Copyright ........................ -->
+
+<!ENTITY % copyright.content.module "INCLUDE">
+<![ %copyright.content.module; [
+<!ENTITY % copyright.module "INCLUDE">
+<![ %copyright.module; [
+<!ENTITY % local.copyright.attrib "">
+<!ENTITY % copyright.role.attrib "%role.attrib;">
+
+<!ENTITY % copyright.element "INCLUDE">
+<![ %copyright.element; [
+<!ELEMENT Copyright - - (Year+, Holder*)>
+<!--end of copyright.element-->]]>
+
+<!ENTITY % copyright.attlist "INCLUDE">
+<![ %copyright.attlist; [
+<!ATTLIST Copyright
+		%common.attrib;
+		%copyright.role.attrib;
+		%local.copyright.attrib;
+>
+<!--end of copyright.attlist-->]]>
+<!--end of copyright.module-->]]>
+
+  <!ENTITY % year.module "INCLUDE">
+  <![ %year.module; [
+  <!ENTITY % local.year.attrib "">
+  <!ENTITY % year.role.attrib "%role.attrib;">
+  
+<!ENTITY % year.element "INCLUDE">
+<![ %year.element; [
+<!ELEMENT Year - - ((%docinfo.char.mix;)+)>
+<!--end of year.element-->]]>
+  
+<!ENTITY % year.attlist "INCLUDE">
+<![ %year.attlist; [
+<!ATTLIST Year
+		%common.attrib;
+		%year.role.attrib;
+		%local.year.attrib;
+>
+<!--end of year.attlist-->]]>
+  <!--end of year.module-->]]>
+
+  <!ENTITY % holder.module "INCLUDE">
+  <![ %holder.module; [
+  <!ENTITY % local.holder.attrib "">
+  <!ENTITY % holder.role.attrib "%role.attrib;">
+  
+<!ENTITY % holder.element "INCLUDE">
+<![ %holder.element; [
+<!ELEMENT Holder - - ((%docinfo.char.mix;)+)>
+<!--end of holder.element-->]]>
+  
+<!ENTITY % holder.attlist "INCLUDE">
+<![ %holder.attlist; [
+<!ATTLIST Holder
+		%common.attrib;
+		%holder.role.attrib;
+		%local.holder.attrib;
+>
+<!--end of holder.attlist-->]]>
+  <!--end of holder.module-->]]>
+<!--end of copyright.content.module-->]]>
+
+<!-- CorpAuthor ....................... -->
+
+<!ENTITY % corpauthor.module "INCLUDE">
+<![ %corpauthor.module; [
+<!ENTITY % local.corpauthor.attrib "">
+<!ENTITY % corpauthor.role.attrib "%role.attrib;">
+
+<!ENTITY % corpauthor.element "INCLUDE">
+<![ %corpauthor.element; [
+<!ELEMENT CorpAuthor - - ((%docinfo.char.mix;)+)>
+<!--end of corpauthor.element-->]]>
+
+<!ENTITY % corpauthor.attlist "INCLUDE">
+<![ %corpauthor.attlist; [
+<!ATTLIST CorpAuthor
+		%common.attrib;
+		%corpauthor.role.attrib;
+		%local.corpauthor.attrib;
+>
+<!--end of corpauthor.attlist-->]]>
+<!--end of corpauthor.module-->]]>
+
+<!-- CorpName ......................... -->
+
+<!ENTITY % corpname.module "INCLUDE">
+<![ %corpname.module; [
+<!ENTITY % local.corpname.attrib "">
+
+<!ENTITY % corpname.element "INCLUDE">
+<![ %corpname.element; [
+<!ELEMENT CorpName - - ((%docinfo.char.mix;)+)>
+<!--end of corpname.element-->]]>
+<!ENTITY % corpname.role.attrib "%role.attrib;">
+
+<!ENTITY % corpname.attlist "INCLUDE">
+<![ %corpname.attlist; [
+<!ATTLIST CorpName
+		%common.attrib;
+		%corpname.role.attrib;
+		%local.corpname.attrib;
+>
+<!--end of corpname.attlist-->]]>
+<!--end of corpname.module-->]]>
+
+<!-- Date ............................. -->
+
+<!ENTITY % date.module "INCLUDE">
+<![ %date.module; [
+<!ENTITY % local.date.attrib "">
+<!ENTITY % date.role.attrib "%role.attrib;">
+
+<!ENTITY % date.element "INCLUDE">
+<![ %date.element; [
+<!ELEMENT Date - - ((%docinfo.char.mix;)+)>
+<!--end of date.element-->]]>
+
+<!ENTITY % date.attlist "INCLUDE">
+<![ %date.attlist; [
+<!ATTLIST Date
+		%common.attrib;
+		%date.role.attrib;
+		%local.date.attrib;
+>
+<!--end of date.attlist-->]]>
+<!--end of date.module-->]]>
+
+<!-- Edition .......................... -->
+
+<!ENTITY % edition.module "INCLUDE">
+<![ %edition.module; [
+<!ENTITY % local.edition.attrib "">
+<!ENTITY % edition.role.attrib "%role.attrib;">
+
+<!ENTITY % edition.element "INCLUDE">
+<![ %edition.element; [
+<!ELEMENT Edition - - ((%docinfo.char.mix;)+)>
+<!--end of edition.element-->]]>
+
+<!ENTITY % edition.attlist "INCLUDE">
+<![ %edition.attlist; [
+<!ATTLIST Edition
+		%common.attrib;
+		%edition.role.attrib;
+		%local.edition.attrib;
+>
+<!--end of edition.attlist-->]]>
+<!--end of edition.module-->]]>
+
+<!-- Editor ........................... -->
+
+<!ENTITY % editor.module "INCLUDE">
+<![ %editor.module; [
+<!ENTITY % local.editor.attrib "">
+<!ENTITY % editor.role.attrib "%role.attrib;">
+
+<!ENTITY % editor.element "INCLUDE">
+<![ %editor.element; [
+<!ELEMENT Editor - - ((%person.ident.mix;)+)>
+<!--end of editor.element-->]]>
+
+<!ENTITY % editor.attlist "INCLUDE">
+<![ %editor.attlist; [
+<!ATTLIST Editor
+		%common.attrib;
+		%editor.role.attrib;
+		%local.editor.attrib;
+>
+<!--end of editor.attlist-->]]>
+  <!--(see "Personal identity elements" for %person.ident.mix;)-->
+<!--end of editor.module-->]]>
+
+<!-- ISBN ............................. -->
+
+<!ENTITY % isbn.module "INCLUDE">
+<![ %isbn.module; [
+<!ENTITY % local.isbn.attrib "">
+<!ENTITY % isbn.role.attrib "%role.attrib;">
+
+<!ENTITY % isbn.element "INCLUDE">
+<![ %isbn.element; [
+<!ELEMENT ISBN - - ((%docinfo.char.mix;)+)>
+<!--end of isbn.element-->]]>
+
+<!ENTITY % isbn.attlist "INCLUDE">
+<![ %isbn.attlist; [
+<!ATTLIST ISBN
+		%common.attrib;
+		%isbn.role.attrib;
+		%local.isbn.attrib;
+>
+<!--end of isbn.attlist-->]]>
+<!--end of isbn.module-->]]>
+
+<!-- ISSN ............................. -->
+
+<!ENTITY % issn.module "INCLUDE">
+<![ %issn.module; [
+<!ENTITY % local.issn.attrib "">
+<!ENTITY % issn.role.attrib "%role.attrib;">
+
+<!ENTITY % issn.element "INCLUDE">
+<![ %issn.element; [
+<!ELEMENT ISSN - - ((%docinfo.char.mix;)+)>
+<!--end of issn.element-->]]>
+
+<!ENTITY % issn.attlist "INCLUDE">
+<![ %issn.attlist; [
+<!ATTLIST ISSN
+		%common.attrib;
+		%issn.role.attrib;
+		%local.issn.attrib;
+>
+<!--end of issn.attlist-->]]>
+<!--end of issn.module-->]]>
+
+<!-- InvPartNumber .................... -->
+
+<!ENTITY % invpartnumber.module "INCLUDE">
+<![ %invpartnumber.module; [
+<!ENTITY % local.invpartnumber.attrib "">
+<!ENTITY % invpartnumber.role.attrib "%role.attrib;">
+
+<!ENTITY % invpartnumber.element "INCLUDE">
+<![ %invpartnumber.element; [
+<!ELEMENT InvPartNumber - - ((%docinfo.char.mix;)+)>
+<!--end of invpartnumber.element-->]]>
+
+<!ENTITY % invpartnumber.attlist "INCLUDE">
+<![ %invpartnumber.attlist; [
+<!ATTLIST InvPartNumber
+		%common.attrib;
+		%invpartnumber.role.attrib;
+		%local.invpartnumber.attrib;
+>
+<!--end of invpartnumber.attlist-->]]>
+<!--end of invpartnumber.module-->]]>
+
+<!-- IssueNum ......................... -->
+
+<!ENTITY % issuenum.module "INCLUDE">
+<![ %issuenum.module; [
+<!ENTITY % local.issuenum.attrib "">
+<!ENTITY % issuenum.role.attrib "%role.attrib;">
+
+<!ENTITY % issuenum.element "INCLUDE">
+<![ %issuenum.element; [
+<!ELEMENT IssueNum - - ((%docinfo.char.mix;)+)>
+<!--end of issuenum.element-->]]>
+
+<!ENTITY % issuenum.attlist "INCLUDE">
+<![ %issuenum.attlist; [
+<!ATTLIST IssueNum
+		%common.attrib;
+		%issuenum.role.attrib;
+		%local.issuenum.attrib;
+>
+<!--end of issuenum.attlist-->]]>
+<!--end of issuenum.module-->]]>
+
+<!-- LegalNotice ...................... -->
+
+<!ENTITY % legalnotice.module "INCLUDE">
+<![ %legalnotice.module; [
+<!ENTITY % local.legalnotice.attrib "">
+<!ENTITY % legalnotice.role.attrib "%role.attrib;">
+
+<!ENTITY % legalnotice.element "INCLUDE">
+<![ %legalnotice.element; [
+<!ELEMENT LegalNotice - - (Title?, (%legalnotice.mix;)+) %formal.exclusion;>
+<!--end of legalnotice.element-->]]>
+
+<!ENTITY % legalnotice.attlist "INCLUDE">
+<![ %legalnotice.attlist; [
+<!ATTLIST LegalNotice
+		%common.attrib;
+		%legalnotice.role.attrib;
+		%local.legalnotice.attrib;
+>
+<!--end of legalnotice.attlist-->]]>
+<!--end of legalnotice.module-->]]>
+
+<!-- ModeSpec ......................... -->
+
+<!ENTITY % modespec.module "INCLUDE">
+<![ %modespec.module; [
+<!ENTITY % local.modespec.attrib "">
+<!ENTITY % modespec.role.attrib "%role.attrib;">
+
+<!ENTITY % modespec.element "INCLUDE">
+<![ %modespec.element; [
+<!ELEMENT ModeSpec - - ((%docinfo.char.mix;)+) %ubiq.exclusion;>
+<!--end of modespec.element-->]]>
+
+<!ENTITY % modespec.attlist "INCLUDE">
+<![ %modespec.attlist; [
+<!ATTLIST ModeSpec
+		--
+		Application: Type of action required for completion
+		of the links to which the ModeSpec is relevant (e.g.,
+		retrieval query)
+		--
+		Application	NOTATION
+				(%notation.class;)	#IMPLIED
+		%common.attrib;
+		%modespec.role.attrib;
+		%local.modespec.attrib;
+>
+<!--end of modespec.attlist-->]]>
+<!--end of modespec.module-->]]>
+
+<!-- OrgName .......................... -->
+
+<!ENTITY % orgname.module "INCLUDE">
+<![ %orgname.module; [
+<!ENTITY % local.orgname.attrib "">
+<!ENTITY % orgname.role.attrib "%role.attrib;">
+
+<!ENTITY % orgname.element "INCLUDE">
+<![ %orgname.element; [
+<!ELEMENT OrgName - - ((%docinfo.char.mix;)+)>
+<!--end of orgname.element-->]]>
+
+<!ENTITY % orgname.attlist "INCLUDE">
+<![ %orgname.attlist; [
+<!ATTLIST OrgName
+		%common.attrib;
+		%orgname.role.attrib;
+		%local.orgname.attrib;
+>
+<!--end of orgname.attlist-->]]>
+<!--end of orgname.module-->]]>
+
+<!-- OtherCredit ...................... -->
+
+<!ENTITY % othercredit.module "INCLUDE">
+<![ %othercredit.module; [
+<!ENTITY % local.othercredit.attrib "">
+<!ENTITY % othercredit.role.attrib "%role.attrib;">
+
+<!ENTITY % othercredit.element "INCLUDE">
+<![ %othercredit.element; [
+<!ELEMENT OtherCredit - - ((%person.ident.mix;)+)>
+<!--end of othercredit.element-->]]>
+
+<!ENTITY % othercredit.attlist "INCLUDE">
+<![ %othercredit.attlist; [
+<!ATTLIST OtherCredit
+		%common.attrib;
+		%othercredit.role.attrib;
+		%local.othercredit.attrib;
+>
+<!--end of othercredit.attlist-->]]>
+  <!--(see "Personal identity elements" for %person.ident.mix;)-->
+<!--end of othercredit.module-->]]>
+
+<!-- PageNums ......................... -->
+
+<!ENTITY % pagenums.module "INCLUDE">
+<![ %pagenums.module; [
+<!ENTITY % local.pagenums.attrib "">
+<!ENTITY % pagenums.role.attrib "%role.attrib;">
+
+<!ENTITY % pagenums.element "INCLUDE">
+<![ %pagenums.element; [
+<!ELEMENT PageNums - - ((%docinfo.char.mix;)+)>
+<!--end of pagenums.element-->]]>
+
+<!ENTITY % pagenums.attlist "INCLUDE">
+<![ %pagenums.attlist; [
+<!ATTLIST PageNums
+		%common.attrib;
+		%pagenums.role.attrib;
+		%local.pagenums.attrib;
+>
+<!--end of pagenums.attlist-->]]>
+<!--end of pagenums.module-->]]>
+
+<!-- Personal identity elements ....... -->
+
+<!-- These elements are used only within Author, Editor, and 
+OtherCredit. -->
+
+<!ENTITY % person.ident.module "INCLUDE">
+<![ %person.ident.module; [
+  <!ENTITY % contrib.module "INCLUDE">
+  <![ %contrib.module; [
+  <!ENTITY % local.contrib.attrib "">
+  <!ENTITY % contrib.role.attrib "%role.attrib;">
+  
+<!ENTITY % contrib.element "INCLUDE">
+<![ %contrib.element; [
+<!ELEMENT Contrib - - ((%docinfo.char.mix;)+)>
+<!--end of contrib.element-->]]>
+  
+<!ENTITY % contrib.attlist "INCLUDE">
+<![ %contrib.attlist; [
+<!ATTLIST Contrib
+		%common.attrib;
+		%contrib.role.attrib;
+		%local.contrib.attrib;
+>
+<!--end of contrib.attlist-->]]>
+  <!--end of contrib.module-->]]>
+
+  <!ENTITY % firstname.module "INCLUDE">
+  <![ %firstname.module; [
+  <!ENTITY % local.firstname.attrib "">
+  <!ENTITY % firstname.role.attrib "%role.attrib;">
+  
+<!ENTITY % firstname.element "INCLUDE">
+<![ %firstname.element; [
+<!ELEMENT FirstName - - ((%docinfo.char.mix;)+)>
+<!--end of firstname.element-->]]>
+  
+<!ENTITY % firstname.attlist "INCLUDE">
+<![ %firstname.attlist; [
+<!ATTLIST FirstName
+		%common.attrib;
+		%firstname.role.attrib;
+		%local.firstname.attrib;
+>
+<!--end of firstname.attlist-->]]>
+  <!--end of firstname.module-->]]>
+
+  <!ENTITY % honorific.module "INCLUDE">
+  <![ %honorific.module; [
+  <!ENTITY % local.honorific.attrib "">
+  <!ENTITY % honorific.role.attrib "%role.attrib;">
+  
+<!ENTITY % honorific.element "INCLUDE">
+<![ %honorific.element; [
+<!ELEMENT Honorific - - ((%docinfo.char.mix;)+)>
+<!--end of honorific.element-->]]>
+  
+<!ENTITY % honorific.attlist "INCLUDE">
+<![ %honorific.attlist; [
+<!ATTLIST Honorific
+		%common.attrib;
+		%honorific.role.attrib;
+		%local.honorific.attrib;
+>
+<!--end of honorific.attlist-->]]>
+  <!--end of honorific.module-->]]>
+
+  <!ENTITY % lineage.module "INCLUDE">
+  <![ %lineage.module; [
+  <!ENTITY % local.lineage.attrib "">
+  <!ENTITY % lineage.role.attrib "%role.attrib;">
+  
+<!ENTITY % lineage.element "INCLUDE">
+<![ %lineage.element; [
+<!ELEMENT Lineage - - ((%docinfo.char.mix;)+)>
+<!--end of lineage.element-->]]>
+  
+<!ENTITY % lineage.attlist "INCLUDE">
+<![ %lineage.attlist; [
+<!ATTLIST Lineage
+		%common.attrib;
+		%lineage.role.attrib;
+		%local.lineage.attrib;
+>
+<!--end of lineage.attlist-->]]>
+  <!--end of lineage.module-->]]>
+
+  <!ENTITY % othername.module "INCLUDE">
+  <![ %othername.module; [
+  <!ENTITY % local.othername.attrib "">
+  <!ENTITY % othername.role.attrib "%role.attrib;">
+  
+<!ENTITY % othername.element "INCLUDE">
+<![ %othername.element; [
+<!ELEMENT OtherName - - ((%docinfo.char.mix;)+)>
+<!--end of othername.element-->]]>
+  
+<!ENTITY % othername.attlist "INCLUDE">
+<![ %othername.attlist; [
+<!ATTLIST OtherName
+		%common.attrib;
+		%othername.role.attrib;
+		%local.othername.attrib;
+>
+<!--end of othername.attlist-->]]>
+  <!--end of othername.module-->]]>
+
+  <!ENTITY % surname.module "INCLUDE">
+  <![ %surname.module; [
+  <!ENTITY % local.surname.attrib "">
+  <!ENTITY % surname.role.attrib "%role.attrib;">
+  
+<!ENTITY % surname.element "INCLUDE">
+<![ %surname.element; [
+<!ELEMENT Surname - - ((%docinfo.char.mix;)+)>
+<!--end of surname.element-->]]>
+  
+<!ENTITY % surname.attlist "INCLUDE">
+<![ %surname.attlist; [
+<!ATTLIST Surname
+		%common.attrib;
+		%surname.role.attrib;
+		%local.surname.attrib;
+>
+<!--end of surname.attlist-->]]>
+  <!--end of surname.module-->]]>
+<!--end of person.ident.module-->]]>
+
+<!-- PrintHistory ..................... -->
+
+<!ENTITY % printhistory.module "INCLUDE">
+<![ %printhistory.module; [
+<!ENTITY % local.printhistory.attrib "">
+<!ENTITY % printhistory.role.attrib "%role.attrib;">
+
+<!ENTITY % printhistory.element "INCLUDE">
+<![ %printhistory.element; [
+<!ELEMENT PrintHistory - - ((%para.class;)+)>
+<!--end of printhistory.element-->]]>
+
+<!ENTITY % printhistory.attlist "INCLUDE">
+<![ %printhistory.attlist; [
+<!ATTLIST PrintHistory
+		%common.attrib;
+		%printhistory.role.attrib;
+		%local.printhistory.attrib;
+>
+<!--end of printhistory.attlist-->]]>
+<!--end of printhistory.module-->]]>
+
+<!-- ProductName ...................... -->
+
+<!ENTITY % productname.module "INCLUDE">
+<![ %productname.module; [
+<!ENTITY % local.productname.attrib "">
+<!ENTITY % productname.role.attrib "%role.attrib;">
+
+<!ENTITY % productname.element "INCLUDE">
+<![ %productname.element; [
+<!ELEMENT ProductName - - ((%para.char.mix;)+)>
+<!--end of productname.element-->]]>
+
+<!ENTITY % productname.attlist "INCLUDE">
+<![ %productname.attlist; [
+<!ATTLIST ProductName
+		--
+		Class: More precisely identifies the item the element names
+		--
+		Class		(Service
+				|Trade
+				|Registered
+				|Copyright)	Trade
+		%common.attrib;
+		%productname.role.attrib;
+		%local.productname.attrib;
+>
+<!--end of productname.attlist-->]]>
+<!--end of productname.module-->]]>
+
+<!-- ProductNumber .................... -->
+
+<!ENTITY % productnumber.module "INCLUDE">
+<![ %productnumber.module; [
+<!ENTITY % local.productnumber.attrib "">
+<!ENTITY % productnumber.role.attrib "%role.attrib;">
+
+<!ENTITY % productnumber.element "INCLUDE">
+<![ %productnumber.element; [
+<!ELEMENT ProductNumber - - ((%docinfo.char.mix;)+)>
+<!--end of productnumber.element-->]]>
+
+<!ENTITY % productnumber.attlist "INCLUDE">
+<![ %productnumber.attlist; [
+<!ATTLIST ProductNumber
+		%common.attrib;
+		%productnumber.role.attrib;
+		%local.productnumber.attrib;
+>
+<!--end of productnumber.attlist-->]]>
+<!--end of productnumber.module-->]]>
+
+<!-- PubDate .......................... -->
+
+<!ENTITY % pubdate.module "INCLUDE">
+<![ %pubdate.module; [
+<!ENTITY % local.pubdate.attrib "">
+<!ENTITY % pubdate.role.attrib "%role.attrib;">
+
+<!ENTITY % pubdate.element "INCLUDE">
+<![ %pubdate.element; [
+<!ELEMENT PubDate - - ((%docinfo.char.mix;)+)>
+<!--end of pubdate.element-->]]>
+
+<!ENTITY % pubdate.attlist "INCLUDE">
+<![ %pubdate.attlist; [
+<!ATTLIST PubDate
+		%common.attrib;
+		%pubdate.role.attrib;
+		%local.pubdate.attrib;
+>
+<!--end of pubdate.attlist-->]]>
+<!--end of pubdate.module-->]]>
+
+<!-- Publisher ........................ -->
+
+<!ENTITY % publisher.content.module "INCLUDE">
+<![ %publisher.content.module; [
+<!ENTITY % publisher.module "INCLUDE">
+<![ %publisher.module; [
+<!ENTITY % local.publisher.attrib "">
+<!ENTITY % publisher.role.attrib "%role.attrib;">
+
+<!ENTITY % publisher.element "INCLUDE">
+<![ %publisher.element; [
+<!ELEMENT Publisher - - (PublisherName, Address*)>
+<!--end of publisher.element-->]]>
+
+<!ENTITY % publisher.attlist "INCLUDE">
+<![ %publisher.attlist; [
+<!ATTLIST Publisher
+		%common.attrib;
+		%publisher.role.attrib;
+		%local.publisher.attrib;
+>
+<!--end of publisher.attlist-->]]>
+<!--end of publisher.module-->]]>
+
+  <!ENTITY % publishername.module "INCLUDE">
+  <![ %publishername.module; [
+  <!ENTITY % local.publishername.attrib "">
+  <!ENTITY % publishername.role.attrib "%role.attrib;">
+  
+<!ENTITY % publishername.element "INCLUDE">
+<![ %publishername.element; [
+<!ELEMENT PublisherName - - ((%docinfo.char.mix;)+)>
+<!--end of publishername.element-->]]>
+  
+<!ENTITY % publishername.attlist "INCLUDE">
+<![ %publishername.attlist; [
+<!ATTLIST PublisherName
+		%common.attrib;
+		%publishername.role.attrib;
+		%local.publishername.attrib;
+>
+<!--end of publishername.attlist-->]]>
+  <!--end of publishername.module-->]]>
+
+  <!-- Address (defined elsewhere in this section)-->
+<!--end of publisher.content.module-->]]>
+
+<!-- PubsNumber ....................... -->
+
+<!ENTITY % pubsnumber.module "INCLUDE">
+<![ %pubsnumber.module; [
+<!ENTITY % local.pubsnumber.attrib "">
+<!ENTITY % pubsnumber.role.attrib "%role.attrib;">
+
+<!ENTITY % pubsnumber.element "INCLUDE">
+<![ %pubsnumber.element; [
+<!ELEMENT PubsNumber - - ((%docinfo.char.mix;)+)>
+<!--end of pubsnumber.element-->]]>
+
+<!ENTITY % pubsnumber.attlist "INCLUDE">
+<![ %pubsnumber.attlist; [
+<!ATTLIST PubsNumber
+		%common.attrib;
+		%pubsnumber.role.attrib;
+		%local.pubsnumber.attrib;
+>
+<!--end of pubsnumber.attlist-->]]>
+<!--end of pubsnumber.module-->]]>
+
+<!-- ReleaseInfo ...................... -->
+
+<!ENTITY % releaseinfo.module "INCLUDE">
+<![ %releaseinfo.module; [
+<!ENTITY % local.releaseinfo.attrib "">
+<!ENTITY % releaseinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % releaseinfo.element "INCLUDE">
+<![ %releaseinfo.element; [
+<!ELEMENT ReleaseInfo - - ((%docinfo.char.mix;)+)>
+<!--end of releaseinfo.element-->]]>
+
+<!ENTITY % releaseinfo.attlist "INCLUDE">
+<![ %releaseinfo.attlist; [
+<!ATTLIST ReleaseInfo
+		%common.attrib;
+		%releaseinfo.role.attrib;
+		%local.releaseinfo.attrib;
+>
+<!--end of releaseinfo.attlist-->]]>
+<!--end of releaseinfo.module-->]]>
+
+<!-- RevHistory ....................... -->
+
+<!ENTITY % revhistory.content.module "INCLUDE">
+<![ %revhistory.content.module; [
+<!ENTITY % revhistory.module "INCLUDE">
+<![ %revhistory.module; [
+<!ENTITY % local.revhistory.attrib "">
+<!ENTITY % revhistory.role.attrib "%role.attrib;">
+
+<!ENTITY % revhistory.element "INCLUDE">
+<![ %revhistory.element; [
+<!ELEMENT RevHistory - - (Revision+)>
+<!--end of revhistory.element-->]]>
+
+<!ENTITY % revhistory.attlist "INCLUDE">
+<![ %revhistory.attlist; [
+<!ATTLIST RevHistory
+		%common.attrib;
+		%revhistory.role.attrib;
+		%local.revhistory.attrib;
+>
+<!--end of revhistory.attlist-->]]>
+<!--end of revhistory.module-->]]>
+
+  <!ENTITY % revision.module "INCLUDE">
+  <![ %revision.module; [
+  <!ENTITY % local.revision.attrib "">
+  <!ENTITY % revision.role.attrib "%role.attrib;">
+  
+<!ENTITY % revision.element "INCLUDE">
+<![ %revision.element; [
+<!ELEMENT Revision - - (RevNumber, Date, AuthorInitials*, (RevRemark|RevDescription)?)>
+<!--end of revision.element-->]]>
+  
+<!ENTITY % revision.attlist "INCLUDE">
+<![ %revision.attlist; [
+<!ATTLIST Revision
+		%common.attrib;
+		%revision.role.attrib;
+		%local.revision.attrib;
+>
+<!--end of revision.attlist-->]]>
+  <!--end of revision.module-->]]>
+
+  <!ENTITY % revnumber.module "INCLUDE">
+  <![ %revnumber.module; [
+  <!ENTITY % local.revnumber.attrib "">
+  <!ENTITY % revnumber.role.attrib "%role.attrib;">
+  
+<!ENTITY % revnumber.element "INCLUDE">
+<![ %revnumber.element; [
+<!ELEMENT RevNumber - - ((%docinfo.char.mix;)+)>
+<!--end of revnumber.element-->]]>
+  
+<!ENTITY % revnumber.attlist "INCLUDE">
+<![ %revnumber.attlist; [
+<!ATTLIST RevNumber
+		%common.attrib;
+		%revnumber.role.attrib;
+		%local.revnumber.attrib;
+>
+<!--end of revnumber.attlist-->]]>
+<!--end of revnumber.module-->]]>
+
+<!-- Date (defined elsewhere in this section)-->
+<!-- AuthorInitials (defined elsewhere in this section)-->
+
+<!ENTITY % revremark.module "INCLUDE">
+<![ %revremark.module; [
+<!ENTITY % local.revremark.attrib "">
+<!ENTITY % revremark.role.attrib "%role.attrib;">
+
+<!ENTITY % revremark.element "INCLUDE">
+<![ %revremark.element; [
+<!ELEMENT RevRemark - - ((%docinfo.char.mix;)+)>
+<!--end of revremark.element-->]]>
+
+<!ENTITY % revremark.attlist "INCLUDE">
+<![ %revremark.attlist; [
+<!ATTLIST RevRemark
+		%common.attrib;
+		%revremark.role.attrib;
+		%local.revremark.attrib;
+>
+<!--end of revremark.attlist-->]]>
+<!--end of revremark.module-->]]>
+
+<!ENTITY % revdescription.module "INCLUDE">
+<![ %revdescription.module; [
+<!ENTITY % local.revdescription.attrib "">
+<!ENTITY % revdescription.role.attrib "%role.attrib;">
+
+<!ENTITY % revdescription.element "INCLUDE">
+<![ %revdescription.element; [
+<!ELEMENT RevDescription - - ((%revdescription.mix;)+)>
+<!--end of revdescription.element-->]]>
+
+<!ENTITY % revdescription.attlist "INCLUDE">
+<![ %revdescription.attlist; [
+<!ATTLIST RevDescription
+		%common.attrib;
+		%revdescription.role.attrib;
+		%local.revdescription.attrib;
+>
+<!--end of revdescription.attlist-->]]>
+<!--end of revdescription.module-->]]>
+<!--end of revhistory.content.module-->]]>
+
+<!-- SeriesVolNums .................... -->
+
+<!ENTITY % seriesvolnums.module "INCLUDE">
+<![ %seriesvolnums.module; [
+<!ENTITY % local.seriesvolnums.attrib "">
+<!ENTITY % seriesvolnums.role.attrib "%role.attrib;">
+
+<!ENTITY % seriesvolnums.element "INCLUDE">
+<![ %seriesvolnums.element; [
+<!ELEMENT SeriesVolNums - - ((%docinfo.char.mix;)+)>
+<!--end of seriesvolnums.element-->]]>
+
+<!ENTITY % seriesvolnums.attlist "INCLUDE">
+<![ %seriesvolnums.attlist; [
+<!ATTLIST SeriesVolNums
+		%common.attrib;
+		%seriesvolnums.role.attrib;
+		%local.seriesvolnums.attrib;
+>
+<!--end of seriesvolnums.attlist-->]]>
+<!--end of seriesvolnums.module-->]]>
+
+<!-- VolumeNum ........................ -->
+
+<!ENTITY % volumenum.module "INCLUDE">
+<![ %volumenum.module; [
+<!ENTITY % local.volumenum.attrib "">
+<!ENTITY % volumenum.role.attrib "%role.attrib;">
+
+<!ENTITY % volumenum.element "INCLUDE">
+<![ %volumenum.element; [
+<!ELEMENT VolumeNum - - ((%docinfo.char.mix;)+)>
+<!--end of volumenum.element-->]]>
+
+<!ENTITY % volumenum.attlist "INCLUDE">
+<![ %volumenum.attlist; [
+<!ATTLIST VolumeNum
+		%common.attrib;
+		%volumenum.role.attrib;
+		%local.volumenum.attrib;
+>
+<!--end of volumenum.attlist-->]]>
+<!--end of volumenum.module-->]]>
+
+<!-- .................................. -->
+
+<!--end of docinfo.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Inline, link, and ubiquitous elements ................................ -->
+
+<!-- Technical and computer terms ......................................... -->
+
+<!ENTITY % accel.module "INCLUDE">
+<![ %accel.module; [
+<!ENTITY % local.accel.attrib "">
+<!ENTITY % accel.role.attrib "%role.attrib;">
+
+<!ENTITY % accel.element "INCLUDE">
+<![ %accel.element; [
+<!ELEMENT Accel - - ((%smallcptr.char.mix;)+)>
+<!--end of accel.element-->]]>
+
+<!ENTITY % accel.attlist "INCLUDE">
+<![ %accel.attlist; [
+<!ATTLIST Accel
+		%common.attrib;
+		%accel.role.attrib;
+		%local.accel.attrib;
+>
+<!--end of accel.attlist-->]]>
+<!--end of accel.module-->]]>
+
+<!ENTITY % action.module "INCLUDE">
+<![ %action.module; [
+<!ENTITY % local.action.attrib "">
+<!ENTITY % action.role.attrib "%role.attrib;">
+
+<!ENTITY % action.element "INCLUDE">
+<![ %action.element; [
+<!ELEMENT Action - - ((%smallcptr.char.mix;)+)>
+<!--end of action.element-->]]>
+
+<!ENTITY % action.attlist "INCLUDE">
+<![ %action.attlist; [
+<!ATTLIST Action
+		%moreinfo.attrib;
+		%common.attrib;
+		%action.role.attrib;
+		%local.action.attrib;
+>
+<!--end of action.attlist-->]]>
+<!--end of action.module-->]]>
+
+<!ENTITY % application.module "INCLUDE">
+<![ %application.module; [
+<!ENTITY % local.application.attrib "">
+<!ENTITY % application.role.attrib "%role.attrib;">
+
+<!ENTITY % application.element "INCLUDE">
+<![ %application.element; [
+<!ELEMENT Application - - ((%para.char.mix;)+)>
+<!--end of application.element-->]]>
+
+<!ENTITY % application.attlist "INCLUDE">
+<![ %application.attlist; [
+<!ATTLIST Application
+		Class 		(Hardware
+				|Software)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%application.role.attrib;
+		%local.application.attrib;
+>
+<!--end of application.attlist-->]]>
+<!--end of application.module-->]]>
+
+<!ENTITY % classname.module "INCLUDE">
+<![ %classname.module; [
+<!ENTITY % local.classname.attrib "">
+<!ENTITY % classname.role.attrib "%role.attrib;">
+
+<!ENTITY % classname.element "INCLUDE">
+<![ %classname.element; [
+<!ELEMENT ClassName - - ((%smallcptr.char.mix;)+)>
+<!--end of classname.element-->]]>
+
+<!ENTITY % classname.attlist "INCLUDE">
+<![ %classname.attlist; [
+<!ATTLIST ClassName
+		%common.attrib;
+		%classname.role.attrib;
+		%local.classname.attrib;
+>
+<!--end of classname.attlist-->]]>
+<!--end of classname.module-->]]>
+
+<!ENTITY % co.module "INCLUDE">
+<![ %co.module; [
+<!ENTITY % local.co.attrib "">
+<!-- CO is a callout area of the LineColumn unit type (a single character 
+     position); the position is directly indicated by the location of CO. -->
+<!ENTITY % co.role.attrib "%role.attrib;">
+
+<!ENTITY % co.element "INCLUDE">
+<![ %co.element; [
+<!ELEMENT CO - O EMPTY>
+<!--end of co.element-->]]>
+
+<!ENTITY % co.attlist "INCLUDE">
+<![ %co.attlist; [
+<!ATTLIST CO
+		%label.attrib; --bug number/symbol override or initialization--
+		%linkends.attrib; --to any related information--
+		%idreq.common.attrib;
+		%co.role.attrib;
+		%local.co.attrib;
+>
+<!--end of co.attlist-->]]>
+<!--end of co.module-->]]>
+
+<!ENTITY % command.module "INCLUDE">
+<![ %command.module; [
+<!ENTITY % local.command.attrib "">
+<!ENTITY % command.role.attrib "%role.attrib;">
+
+<!ENTITY % command.element "INCLUDE">
+<![ %command.element; [
+<!ELEMENT Command - - ((%cptr.char.mix;)+)>
+<!--end of command.element-->]]>
+
+<!ENTITY % command.attlist "INCLUDE">
+<![ %command.attlist; [
+<!ATTLIST Command
+		%moreinfo.attrib;
+		%common.attrib;
+		%command.role.attrib;
+		%local.command.attrib;
+>
+<!--end of command.attlist-->]]>
+<!--end of command.module-->]]>
+
+<!ENTITY % computeroutput.module "INCLUDE">
+<![ %computeroutput.module; [
+<!ENTITY % local.computeroutput.attrib "">
+<!ENTITY % computeroutput.role.attrib "%role.attrib;">
+
+<!ENTITY % computeroutput.element "INCLUDE">
+<![ %computeroutput.element; [
+<!ELEMENT ComputerOutput - - ((%cptr.char.mix;)+)>
+<!--end of computeroutput.element-->]]>
+
+<!ENTITY % computeroutput.attlist "INCLUDE">
+<![ %computeroutput.attlist; [
+<!ATTLIST ComputerOutput
+		%moreinfo.attrib;
+		%common.attrib;
+		%computeroutput.role.attrib;
+		%local.computeroutput.attrib;
+>
+<!--end of computeroutput.attlist-->]]>
+<!--end of computeroutput.module-->]]>
+
+<!ENTITY % database.module "INCLUDE">
+<![ %database.module; [
+<!ENTITY % local.database.attrib "">
+<!ENTITY % database.role.attrib "%role.attrib;">
+
+<!ENTITY % database.element "INCLUDE">
+<![ %database.element; [
+<!ELEMENT Database - - ((%smallcptr.char.mix;)+)>
+<!--end of database.element-->]]>
+
+<!ENTITY % database.attlist "INCLUDE">
+<![ %database.attlist; [
+<!ATTLIST Database
+		--
+		Class: Type of database the element names; no default
+		--
+		Class 		(Name
+				|Table
+				|Field
+				|Key1
+				|Key2
+				|Record)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%database.role.attrib;
+		%local.database.attrib;
+>
+<!--end of database.attlist-->]]>
+<!--end of database.module-->]]>
+
+<!ENTITY % email.module "INCLUDE">
+<![ %email.module; [
+<!ENTITY % local.email.attrib "">
+<!ENTITY % email.role.attrib "%role.attrib;">
+
+<!ENTITY % email.element "INCLUDE">
+<![ %email.element; [
+<!ELEMENT Email - - ((%docinfo.char.mix;)+)>
+<!--end of email.element-->]]>
+
+<!ENTITY % email.attlist "INCLUDE">
+<![ %email.attlist; [
+<!ATTLIST Email
+		%common.attrib;
+		%email.role.attrib;
+		%local.email.attrib;
+>
+<!--end of email.attlist-->]]>
+<!--end of email.module-->]]>
+
+<!ENTITY % envar.module "INCLUDE">
+<![ %envar.module; [
+<!ENTITY % local.envar.attrib "">
+<!ENTITY % envar.role.attrib "%role.attrib;">
+
+<!ENTITY % envar.element "INCLUDE">
+<![ %envar.element; [
+<!ELEMENT EnVar - - ((%smallcptr.char.mix;)+)>
+<!--end of envar.element-->]]>
+
+<!ENTITY % envar.attlist "INCLUDE">
+<![ %envar.attlist; [
+<!ATTLIST EnVar
+		%common.attrib;
+		%envar.role.attrib;
+		%local.envar.attrib;
+>
+<!--end of envar.attlist-->]]>
+<!--end of envar.module-->]]>
+
+
+<!ENTITY % errorcode.module "INCLUDE">
+<![ %errorcode.module; [
+<!ENTITY % local.errorcode.attrib "">
+<!ENTITY % errorcode.role.attrib "%role.attrib;">
+
+<!ENTITY % errorcode.element "INCLUDE">
+<![ %errorcode.element; [
+<!ELEMENT ErrorCode - - ((%smallcptr.char.mix;)+)>
+<!--end of errorcode.element-->]]>
+
+<!ENTITY % errorcode.attlist "INCLUDE">
+<![ %errorcode.attlist; [
+<!ATTLIST ErrorCode
+		%moreinfo.attrib;
+		%common.attrib;
+		%errorcode.role.attrib;
+		%local.errorcode.attrib;
+>
+<!--end of errorcode.attlist-->]]>
+<!--end of errorcode.module-->]]>
+
+<!ENTITY % errorname.module "INCLUDE">
+<![ %errorname.module; [
+<!ENTITY % local.errorname.attrib "">
+<!ENTITY % errorname.role.attrib "%role.attrib;">
+
+<!ENTITY % errorname.element "INCLUDE">
+<![ %errorname.element; [
+<!ELEMENT ErrorName - - ((%smallcptr.char.mix;)+)>
+<!--end of errorname.element-->]]>
+
+<!ENTITY % errorname.attlist "INCLUDE">
+<![ %errorname.attlist; [
+<!ATTLIST ErrorName
+		%common.attrib;
+		%errorname.role.attrib;
+		%local.errorname.attrib;
+>
+<!--end of errorname.attlist-->]]>
+<!--end of errorname.module-->]]>
+
+<!ENTITY % errortype.module "INCLUDE">
+<![ %errortype.module; [
+<!ENTITY % local.errortype.attrib "">
+<!ENTITY % errortype.role.attrib "%role.attrib;">
+
+<!ENTITY % errortype.element "INCLUDE">
+<![ %errortype.element; [
+<!ELEMENT ErrorType - - ((%smallcptr.char.mix;)+)>
+<!--end of errortype.element-->]]>
+
+<!ENTITY % errortype.attlist "INCLUDE">
+<![ %errortype.attlist; [
+<!ATTLIST ErrorType
+		%common.attrib;
+		%errortype.role.attrib;
+		%local.errortype.attrib;
+>
+<!--end of errortype.attlist-->]]>
+<!--end of errortype.module-->]]>
+
+<!ENTITY % filename.module "INCLUDE">
+<![ %filename.module; [
+<!ENTITY % local.filename.attrib "">
+<!ENTITY % filename.role.attrib "%role.attrib;">
+
+<!ENTITY % filename.element "INCLUDE">
+<![ %filename.element; [
+<!ELEMENT Filename - - ((%smallcptr.char.mix;)+)>
+<!--end of filename.element-->]]>
+
+<!ENTITY % filename.attlist "INCLUDE">
+<![ %filename.attlist; [
+<!ATTLIST Filename
+		--
+		Class: Type of filename the element names; no default
+		--
+		Class		(HeaderFile
+				|DeviceFile
+				|Directory
+				|LibraryFile
+				|SymLink)	#IMPLIED
+		--
+		Path: Search path (possibly system-specific) in which 
+		file can be found
+		--
+		Path		CDATA		#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%filename.role.attrib;
+		%local.filename.attrib;
+>
+<!--end of filename.attlist-->]]>
+<!--end of filename.module-->]]>
+
+<!ENTITY % function.module "INCLUDE">
+<![ %function.module; [
+<!ENTITY % local.function.attrib "">
+<!ENTITY % function.role.attrib "%role.attrib;">
+
+<!ENTITY % function.element "INCLUDE">
+<![ %function.element; [
+<!ELEMENT Function - - ((%cptr.char.mix;)+)>
+<!--end of function.element-->]]>
+
+<!ENTITY % function.attlist "INCLUDE">
+<![ %function.attlist; [
+<!ATTLIST Function
+		%moreinfo.attrib;
+		%common.attrib;
+		%function.role.attrib;
+		%local.function.attrib;
+>
+<!--end of function.attlist-->]]>
+<!--end of function.module-->]]>
+
+<!ENTITY % guibutton.module "INCLUDE">
+<![ %guibutton.module; [
+<!ENTITY % local.guibutton.attrib "">
+<!ENTITY % guibutton.role.attrib "%role.attrib;">
+
+<!ENTITY % guibutton.element "INCLUDE">
+<![ %guibutton.element; [
+<!ELEMENT GUIButton - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guibutton.element-->]]>
+
+<!ENTITY % guibutton.attlist "INCLUDE">
+<![ %guibutton.attlist; [
+<!ATTLIST GUIButton
+		%moreinfo.attrib;
+		%common.attrib;
+		%guibutton.role.attrib;
+		%local.guibutton.attrib;
+>
+<!--end of guibutton.attlist-->]]>
+<!--end of guibutton.module-->]]>
+
+<!ENTITY % guiicon.module "INCLUDE">
+<![ %guiicon.module; [
+<!ENTITY % local.guiicon.attrib "">
+<!ENTITY % guiicon.role.attrib "%role.attrib;">
+
+<!ENTITY % guiicon.element "INCLUDE">
+<![ %guiicon.element; [
+<!ELEMENT GUIIcon - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guiicon.element-->]]>
+
+<!ENTITY % guiicon.attlist "INCLUDE">
+<![ %guiicon.attlist; [
+<!ATTLIST GUIIcon
+		%moreinfo.attrib;
+		%common.attrib;
+		%guiicon.role.attrib;
+		%local.guiicon.attrib;
+>
+<!--end of guiicon.attlist-->]]>
+<!--end of guiicon.module-->]]>
+
+<!ENTITY % guilabel.module "INCLUDE">
+<![ %guilabel.module; [
+<!ENTITY % local.guilabel.attrib "">
+<!ENTITY % guilabel.role.attrib "%role.attrib;">
+
+<!ENTITY % guilabel.element "INCLUDE">
+<![ %guilabel.element; [
+<!ELEMENT GUILabel - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guilabel.element-->]]>
+
+<!ENTITY % guilabel.attlist "INCLUDE">
+<![ %guilabel.attlist; [
+<!ATTLIST GUILabel
+		%moreinfo.attrib;
+		%common.attrib;
+		%guilabel.role.attrib;
+		%local.guilabel.attrib;
+>
+<!--end of guilabel.attlist-->]]>
+<!--end of guilabel.module-->]]>
+
+<!ENTITY % guimenu.module "INCLUDE">
+<![ %guimenu.module; [
+<!ENTITY % local.guimenu.attrib "">
+<!ENTITY % guimenu.role.attrib "%role.attrib;">
+
+<!ENTITY % guimenu.element "INCLUDE">
+<![ %guimenu.element; [
+<!ELEMENT GUIMenu - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guimenu.element-->]]>
+
+<!ENTITY % guimenu.attlist "INCLUDE">
+<![ %guimenu.attlist; [
+<!ATTLIST GUIMenu
+		%moreinfo.attrib;
+		%common.attrib;
+		%guimenu.role.attrib;
+		%local.guimenu.attrib;
+>
+<!--end of guimenu.attlist-->]]>
+<!--end of guimenu.module-->]]>
+
+<!ENTITY % guimenuitem.module "INCLUDE">
+<![ %guimenuitem.module; [
+<!ENTITY % local.guimenuitem.attrib "">
+<!ENTITY % guimenuitem.role.attrib "%role.attrib;">
+
+<!ENTITY % guimenuitem.element "INCLUDE">
+<![ %guimenuitem.element; [
+<!ELEMENT GUIMenuItem - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guimenuitem.element-->]]>
+
+<!ENTITY % guimenuitem.attlist "INCLUDE">
+<![ %guimenuitem.attlist; [
+<!ATTLIST GUIMenuItem
+		%moreinfo.attrib;
+		%common.attrib;
+		%guimenuitem.role.attrib;
+		%local.guimenuitem.attrib;
+>
+<!--end of guimenuitem.attlist-->]]>
+<!--end of guimenuitem.module-->]]>
+
+<!ENTITY % guisubmenu.module "INCLUDE">
+<![ %guisubmenu.module; [
+<!ENTITY % local.guisubmenu.attrib "">
+<!ENTITY % guisubmenu.role.attrib "%role.attrib;">
+
+<!ENTITY % guisubmenu.element "INCLUDE">
+<![ %guisubmenu.element; [
+<!ELEMENT GUISubmenu - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guisubmenu.element-->]]>
+
+<!ENTITY % guisubmenu.attlist "INCLUDE">
+<![ %guisubmenu.attlist; [
+<!ATTLIST GUISubmenu
+		%moreinfo.attrib;
+		%common.attrib;
+		%guisubmenu.role.attrib;
+		%local.guisubmenu.attrib;
+>
+<!--end of guisubmenu.attlist-->]]>
+<!--end of guisubmenu.module-->]]>
+
+<!ENTITY % hardware.module "INCLUDE">
+<![ %hardware.module; [
+<!ENTITY % local.hardware.attrib "">
+<!ENTITY % hardware.role.attrib "%role.attrib;">
+
+<!ENTITY % hardware.element "INCLUDE">
+<![ %hardware.element; [
+<!ELEMENT Hardware - - ((%smallcptr.char.mix;)+)>
+<!--end of hardware.element-->]]>
+
+<!ENTITY % hardware.attlist "INCLUDE">
+<![ %hardware.attlist; [
+<!ATTLIST Hardware
+		%moreinfo.attrib;
+		%common.attrib;
+		%hardware.role.attrib;
+		%local.hardware.attrib;
+>
+<!--end of hardware.attlist-->]]>
+<!--end of hardware.module-->]]>
+
+<!ENTITY % interface.module "INCLUDE">
+<![ %interface.module; [
+<!ENTITY % local.interface.attrib "">
+<!ENTITY % interface.role.attrib "%role.attrib;">
+
+<!ENTITY % interface.element "INCLUDE">
+<![ %interface.element; [
+<!ELEMENT Interface - - (%smallcptr.char.mix;|Accel)*>
+<!--end of interface.element-->]]>
+
+<!ENTITY % interface.attlist "INCLUDE">
+<![ %interface.attlist; [
+<!ATTLIST Interface
+		%moreinfo.attrib;
+		%common.attrib;
+		%interface.role.attrib;
+		%local.interface.attrib;
+>
+<!--end of interface.attlist-->]]>
+<!--end of interface.module-->]]>
+
+<!ENTITY % keycap.module "INCLUDE">
+<![ %keycap.module; [
+<!ENTITY % local.keycap.attrib "">
+<!ENTITY % keycap.role.attrib "%role.attrib;">
+
+<!ENTITY % keycap.element "INCLUDE">
+<![ %keycap.element; [
+<!ELEMENT KeyCap - - (%smallcptr.char.mix;)*>
+<!--end of keycap.element-->]]>
+
+<!ENTITY % keycap.attlist "INCLUDE">
+<![ %keycap.attlist; [
+<!ATTLIST KeyCap
+		%moreinfo.attrib;
+		%common.attrib;
+		%keycap.role.attrib;
+		%local.keycap.attrib;
+>
+<!--end of keycap.attlist-->]]>
+<!--end of keycap.module-->]]>
+
+<!ENTITY % keycode.module "INCLUDE">
+<![ %keycode.module; [
+<!ENTITY % local.keycode.attrib "">
+<!ENTITY % keycode.role.attrib "%role.attrib;">
+
+<!ENTITY % keycode.element "INCLUDE">
+<![ %keycode.element; [
+<!ELEMENT KeyCode - - ((%smallcptr.char.mix;)+)>
+<!--end of keycode.element-->]]>
+
+<!ENTITY % keycode.attlist "INCLUDE">
+<![ %keycode.attlist; [
+<!ATTLIST KeyCode
+		%common.attrib;
+		%keycode.role.attrib;
+		%local.keycode.attrib;
+>
+<!--end of keycode.attlist-->]]>
+<!--end of keycode.module-->]]>
+
+<!ENTITY % keycombo.module "INCLUDE">
+<![ %keycombo.module; [
+<!ENTITY % local.keycombo.attrib "">
+<!ENTITY % keycombo.role.attrib "%role.attrib;">
+
+<!ENTITY % keycombo.element "INCLUDE">
+<![ %keycombo.element; [
+<!ELEMENT KeyCombo - - ((KeyCap|KeyCombo|KeySym|MouseButton)+)>
+<!--end of keycombo.element-->]]>
+
+<!ENTITY % keycombo.attlist "INCLUDE">
+<![ %keycombo.attlist; [
+<!ATTLIST KeyCombo
+		%keyaction.attrib;
+		%moreinfo.attrib;
+		%common.attrib;
+		%keycombo.role.attrib;
+		%local.keycombo.attrib;
+>
+<!--end of keycombo.attlist-->]]>
+<!--end of keycombo.module-->]]>
+
+<!ENTITY % keysym.module "INCLUDE">
+<![ %keysym.module; [
+<!ENTITY % local.keysym.attrib "">
+<!ENTITY % keysysm.role.attrib "%role.attrib;">
+
+<!ENTITY % keysym.element "INCLUDE">
+<![ %keysym.element; [
+<!ELEMENT KeySym - - ((%smallcptr.char.mix;)+)>
+<!--end of keysym.element-->]]>
+
+<!ENTITY % keysym.attlist "INCLUDE">
+<![ %keysym.attlist; [
+<!ATTLIST KeySym
+		%common.attrib;
+		%keysysm.role.attrib;
+		%local.keysym.attrib;
+>
+<!--end of keysym.attlist-->]]>
+<!--end of keysym.module-->]]>
+
+<!ENTITY % lineannotation.module "INCLUDE">
+<![ %lineannotation.module; [
+<!ENTITY % local.lineannotation.attrib "">
+<!ENTITY % lineannotation.role.attrib "%role.attrib;">
+
+<!ENTITY % lineannotation.element "INCLUDE">
+<![ %lineannotation.element; [
+<!ELEMENT LineAnnotation - - ((%para.char.mix;)+)>
+<!--end of lineannotation.element-->]]>
+
+<!ENTITY % lineannotation.attlist "INCLUDE">
+<![ %lineannotation.attlist; [
+<!ATTLIST LineAnnotation
+		%common.attrib;
+		%lineannotation.role.attrib;
+		%local.lineannotation.attrib;
+>
+<!--end of lineannotation.attlist-->]]>
+<!--end of lineannotation.module-->]]>
+
+<!ENTITY % literal.module "INCLUDE">
+<![ %literal.module; [
+<!ENTITY % local.literal.attrib "">
+<!ENTITY % literal.role.attrib "%role.attrib;">
+
+<!ENTITY % literal.element "INCLUDE">
+<![ %literal.element; [
+<!ELEMENT Literal - - (%cptr.char.mix;)*>
+<!--end of literal.element-->]]>
+
+<!ENTITY % literal.attlist "INCLUDE">
+<![ %literal.attlist; [
+<!ATTLIST Literal
+		%moreinfo.attrib;
+		%common.attrib;
+		%literal.role.attrib;
+		%local.literal.attrib;
+>
+<!--end of literal.attlist-->]]>
+<!--end of literal.module-->]]>
+
+<!ENTITY % constant.module "INCLUDE">
+<![ %constant.module; [
+<!ENTITY % local.constant.attrib "">
+<!ENTITY % constant.role.attrib "%role.attrib;">
+
+<!ENTITY % constant.element "INCLUDE">
+<![ %constant.element; [
+<!ELEMENT Constant - - (%smallcptr.char.mix;)*>
+<!--end of constant.element-->]]>
+
+<!ENTITY % constant.attlist "INCLUDE">
+<![ %constant.attlist; [
+<!ATTLIST Constant
+		%common.attrib;
+		%constant.role.attrib;
+		%local.constant.attrib;
+		Class	(Limit)		#IMPLIED
+>
+<!--end of constant.attlist-->]]>
+<!--end of constant.module-->]]>
+
+<!ENTITY % varname.module "INCLUDE">
+<![ %varname.module; [
+<!ENTITY % local.varname.attrib "">
+<!ENTITY % varname.role.attrib "%role.attrib;">
+
+<!ENTITY % varname.element "INCLUDE">
+<![ %varname.element; [
+<!ELEMENT VarName - - (%smallcptr.char.mix;)*>
+<!--end of varname.element-->]]>
+
+<!ENTITY % varname.attlist "INCLUDE">
+<![ %varname.attlist; [
+<!ATTLIST VarName
+		%common.attrib;
+		%varname.role.attrib;
+		%local.varname.attrib;
+>
+<!--end of varname.attlist-->]]>
+<!--end of varname.module-->]]>
+
+<!ENTITY % markup.module "INCLUDE">
+<![ %markup.module; [
+<!ENTITY % local.markup.attrib "">
+<!ENTITY % markup.role.attrib "%role.attrib;">
+
+<!ENTITY % markup.element "INCLUDE">
+<![ %markup.element; [
+<!ELEMENT Markup - - ((%smallcptr.char.mix;)+)>
+<!--end of markup.element-->]]>
+
+<!ENTITY % markup.attlist "INCLUDE">
+<![ %markup.attlist; [
+<!ATTLIST Markup
+		%common.attrib;
+		%markup.role.attrib;
+		%local.markup.attrib;
+>
+<!--end of markup.attlist-->]]>
+<!--end of markup.module-->]]>
+
+<!ENTITY % medialabel.module "INCLUDE">
+<![ %medialabel.module; [
+<!ENTITY % local.medialabel.attrib "">
+<!ENTITY % medialabel.role.attrib "%role.attrib;">
+
+<!ENTITY % medialabel.element "INCLUDE">
+<![ %medialabel.element; [
+<!ELEMENT MediaLabel - - ((%smallcptr.char.mix;)+)>
+<!--end of medialabel.element-->]]>
+
+<!ENTITY % medialabel.attlist "INCLUDE">
+<![ %medialabel.attlist; [
+<!ATTLIST MediaLabel
+		--
+		Class: Type of medium named by the element; no default
+		--
+		Class 		(Cartridge
+				|CDRom
+				|Disk
+				|Tape)		#IMPLIED
+		%common.attrib;
+		%medialabel.role.attrib;
+		%local.medialabel.attrib;
+>
+<!--end of medialabel.attlist-->]]>
+<!--end of medialabel.module-->]]>
+
+<!ENTITY % menuchoice.content.module "INCLUDE">
+<![ %menuchoice.content.module; [
+<!ENTITY % menuchoice.module "INCLUDE">
+<![ %menuchoice.module; [
+<!ENTITY % local.menuchoice.attrib "">
+<!ENTITY % menuchoice.role.attrib "%role.attrib;">
+
+<!ENTITY % menuchoice.element "INCLUDE">
+<![ %menuchoice.element; [
+<!ELEMENT MenuChoice - - (Shortcut?, (GUIButton|GUIIcon|GUILabel
+		|GUIMenu|GUIMenuItem|GUISubmenu|Interface)+)>
+<!--end of menuchoice.element-->]]>
+
+<!ENTITY % menuchoice.attlist "INCLUDE">
+<![ %menuchoice.attlist; [
+<!ATTLIST MenuChoice
+		%moreinfo.attrib;
+		%common.attrib;
+		%menuchoice.role.attrib;
+		%local.menuchoice.attrib;
+>
+<!--end of menuchoice.attlist-->]]>
+<!--end of menuchoice.module-->]]>
+
+<!ENTITY % shortcut.module "INCLUDE">
+<![ %shortcut.module; [
+<!-- See also KeyCombo -->
+<!ENTITY % local.shortcut.attrib "">
+<!ENTITY % shortcut.role.attrib "%role.attrib;">
+
+<!ENTITY % shortcut.element "INCLUDE">
+<![ %shortcut.element; [
+<!ELEMENT Shortcut - - ((KeyCap|KeyCombo|KeySym|MouseButton)+)>
+<!--end of shortcut.element-->]]>
+
+<!ENTITY % shortcut.attlist "INCLUDE">
+<![ %shortcut.attlist; [
+<!ATTLIST Shortcut
+		%keyaction.attrib;
+		%moreinfo.attrib;
+		%common.attrib;
+		%shortcut.role.attrib;
+		%local.shortcut.attrib;
+>
+<!--end of shortcut.attlist-->]]>
+<!--end of shortcut.module-->]]>
+<!--end of menuchoice.content.module-->]]>
+
+<!ENTITY % mousebutton.module "INCLUDE">
+<![ %mousebutton.module; [
+<!ENTITY % local.mousebutton.attrib "">
+<!ENTITY % mousebutton.role.attrib "%role.attrib;">
+
+<!ENTITY % mousebutton.element "INCLUDE">
+<![ %mousebutton.element; [
+<!ELEMENT MouseButton - - ((%smallcptr.char.mix;)+)>
+<!--end of mousebutton.element-->]]>
+
+<!ENTITY % mousebutton.attlist "INCLUDE">
+<![ %mousebutton.attlist; [
+<!ATTLIST MouseButton
+		%moreinfo.attrib;
+		%common.attrib;
+		%mousebutton.role.attrib;
+		%local.mousebutton.attrib;
+>
+<!--end of mousebutton.attlist-->]]>
+<!--end of mousebutton.module-->]]>
+
+<!ENTITY % msgtext.module "INCLUDE">
+<![ %msgtext.module; [
+<!ENTITY % local.msgtext.attrib "">
+<!ENTITY % msgtext.role.attrib "%role.attrib;">
+
+<!ENTITY % msgtext.element "INCLUDE">
+<![ %msgtext.element; [
+<!--FUTURE USE (V5.0):
+......................
+The content model of MsgText will be reduced. It will be made
+the same as %example.mix; although it may not use that PE.
+......................
+-->
+<!ELEMENT MsgText - - ((%component.mix;)+)>
+<!--end of msgtext.element-->]]>
+
+<!ENTITY % msgtext.attlist "INCLUDE">
+<![ %msgtext.attlist; [
+<!ATTLIST MsgText
+		%common.attrib;
+		%msgtext.role.attrib;
+		%local.msgtext.attrib;
+>
+<!--end of msgtext.attlist-->]]>
+<!--end of msgtext.module-->]]>
+
+<!ENTITY % option.module "INCLUDE">
+<![ %option.module; [
+<!ENTITY % local.option.attrib "">
+<!ENTITY % option.role.attrib "%role.attrib;">
+
+<!ENTITY % option.element "INCLUDE">
+<![ %option.element; [
+<!ELEMENT Option - - (%smallcptr.char.mix;)*>
+<!--end of option.element-->]]>
+
+<!ENTITY % option.attlist "INCLUDE">
+<![ %option.attlist; [
+<!ATTLIST Option
+		%common.attrib;
+		%option.role.attrib;
+		%local.option.attrib;
+>
+<!--end of option.attlist-->]]>
+<!--end of option.module-->]]>
+
+<!ENTITY % optional.module "INCLUDE">
+<![ %optional.module; [
+<!ENTITY % local.optional.attrib "">
+<!ENTITY % optional.role.attrib "%role.attrib;">
+
+<!ENTITY % optional.element "INCLUDE">
+<![ %optional.element; [
+<!ELEMENT Optional - - ((%cptr.char.mix;)+)>
+<!--end of optional.element-->]]>
+
+<!ENTITY % optional.attlist "INCLUDE">
+<![ %optional.attlist; [
+<!ATTLIST Optional
+		%common.attrib;
+		%optional.role.attrib;
+		%local.optional.attrib;
+>
+<!--end of optional.attlist-->]]>
+<!--end of optional.module-->]]>
+
+<!ENTITY % parameter.module "INCLUDE">
+<![ %parameter.module; [
+<!ENTITY % local.parameter.attrib "">
+<!ENTITY % parameter.role.attrib "%role.attrib;">
+
+<!ENTITY % parameter.element "INCLUDE">
+<![ %parameter.element; [
+<!ELEMENT Parameter - - (%smallcptr.char.mix;)*>
+<!--end of parameter.element-->]]>
+
+<!ENTITY % parameter.attlist "INCLUDE">
+<![ %parameter.attlist; [
+<!ATTLIST Parameter
+		--
+		Class: Type of the Parameter; no default
+		--
+		Class 		(Command
+				|Function
+				|Option)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%parameter.role.attrib;
+		%local.parameter.attrib;
+>
+<!--end of parameter.attlist-->]]>
+<!--end of parameter.module-->]]>
+
+<!ENTITY % prompt.module "INCLUDE">
+<![ %prompt.module; [
+<!ENTITY % local.prompt.attrib "">
+<!ENTITY % prompt.role.attrib "%role.attrib;">
+
+<!ENTITY % prompt.element "INCLUDE">
+<![ %prompt.element; [
+<!ELEMENT Prompt - - ((%smallcptr.char.mix;)+)>
+<!--end of prompt.element-->]]>
+
+<!ENTITY % prompt.attlist "INCLUDE">
+<![ %prompt.attlist; [
+<!ATTLIST Prompt
+		%moreinfo.attrib;
+		%common.attrib;
+		%prompt.role.attrib;
+		%local.prompt.attrib;
+>
+<!--end of prompt.attlist-->]]>
+<!--end of prompt.module-->]]>
+
+<!ENTITY % property.module "INCLUDE">
+<![ %property.module; [
+<!ENTITY % local.property.attrib "">
+<!ENTITY % property.role.attrib "%role.attrib;">
+
+<!ENTITY % property.element "INCLUDE">
+<![ %property.element; [
+<!ELEMENT Property - - (%smallcptr.char.mix;)*>
+<!--end of property.element-->]]>
+
+<!ENTITY % property.attlist "INCLUDE">
+<![ %property.attlist; [
+<!ATTLIST Property
+		%moreinfo.attrib;
+		%common.attrib;
+		%property.role.attrib;
+		%local.property.attrib;
+>
+<!--end of property.attlist-->]]>
+<!--end of property.module-->]]>
+
+<!ENTITY % replaceable.module "INCLUDE">
+<![ %replaceable.module; [
+<!ENTITY % local.replaceable.attrib "">
+<!ENTITY % replaceable.role.attrib "%role.attrib;">
+
+<!ENTITY % replaceable.element "INCLUDE">
+<![ %replaceable.element; [
+<!ELEMENT Replaceable - - ((#PCDATA 
+		| %link.char.class; 
+		| Optional
+		| %base.char.class; 
+		| %other.char.class; 
+		| InlineGraphic
+		| InlineMediaObject)+)>
+<!--end of replaceable.element-->]]>
+
+<!ENTITY % replaceable.attlist "INCLUDE">
+<![ %replaceable.attlist; [
+<!ATTLIST Replaceable
+		--
+		Class: Type of information the element represents; no
+		default
+		--
+		Class		(Command
+				|Function
+				|Option
+				|Parameter)	#IMPLIED
+		%common.attrib;
+		%replaceable.role.attrib;
+		%local.replaceable.attrib;
+>
+<!--end of replaceable.attlist-->]]>
+<!--end of replaceable.module-->]]>
+
+<!ENTITY % returnvalue.module "INCLUDE">
+<![ %returnvalue.module; [
+<!ENTITY % local.returnvalue.attrib "">
+<!ENTITY % returnvalue.role.attrib "%role.attrib;">
+
+<!ENTITY % returnvalue.element "INCLUDE">
+<![ %returnvalue.element; [
+<!ELEMENT ReturnValue - - ((%smallcptr.char.mix;)+)>
+<!--end of returnvalue.element-->]]>
+
+<!ENTITY % returnvalue.attlist "INCLUDE">
+<![ %returnvalue.attlist; [
+<!ATTLIST ReturnValue
+		%common.attrib;
+		%returnvalue.role.attrib;
+		%local.returnvalue.attrib;
+>
+<!--end of returnvalue.attlist-->]]>
+<!--end of returnvalue.module-->]]>
+
+<!ENTITY % sgmltag.module "INCLUDE">
+<![ %sgmltag.module; [
+<!ENTITY % local.sgmltag.attrib "">
+<!ENTITY % sgmltag.role.attrib "%role.attrib;">
+
+<!ENTITY % sgmltag.element "INCLUDE">
+<![ %sgmltag.element; [
+<!ELEMENT SGMLTag - - ((%smallcptr.char.mix;)+)>
+<!--end of sgmltag.element-->]]>
+
+<!ENTITY % sgmltag.attlist "INCLUDE">
+<![ %sgmltag.attlist; [
+<!ATTLIST SGMLTag
+		--
+		Class: Type of SGML construct the element names; no default
+		--
+		Class 		(Attribute
+				|AttValue
+				|Element
+				|EndTag
+				|EmptyTag
+				|GenEntity
+				|NumCharRef
+				|ParamEntity
+				|PI
+				|XMLPI
+				|StartTag
+				|SGMLComment)	#IMPLIED
+		%common.attrib;
+		%sgmltag.role.attrib;
+		%local.sgmltag.attrib;
+>
+<!--end of sgmltag.attlist-->]]>
+<!--end of sgmltag.module-->]]>
+
+<!ENTITY % structfield.module "INCLUDE">
+<![ %structfield.module; [
+<!ENTITY % local.structfield.attrib "">
+<!ENTITY % structfield.role.attrib "%role.attrib;">
+
+<!ENTITY % structfield.element "INCLUDE">
+<![ %structfield.element; [
+<!ELEMENT StructField - - ((%smallcptr.char.mix;)+)>
+<!--end of structfield.element-->]]>
+
+<!ENTITY % structfield.attlist "INCLUDE">
+<![ %structfield.attlist; [
+<!ATTLIST StructField
+		%common.attrib;
+		%structfield.role.attrib;
+		%local.structfield.attrib;
+>
+<!--end of structfield.attlist-->]]>
+<!--end of structfield.module-->]]>
+
+<!ENTITY % structname.module "INCLUDE">
+<![ %structname.module; [
+<!ENTITY % local.structname.attrib "">
+<!ENTITY % structname.role.attrib "%role.attrib;">
+
+<!ENTITY % structname.element "INCLUDE">
+<![ %structname.element; [
+<!ELEMENT StructName - - ((%smallcptr.char.mix;)+)>
+<!--end of structname.element-->]]>
+
+<!ENTITY % structname.attlist "INCLUDE">
+<![ %structname.attlist; [
+<!ATTLIST StructName
+		%common.attrib;
+		%structname.role.attrib;
+		%local.structname.attrib;
+>
+<!--end of structname.attlist-->]]>
+<!--end of structname.module-->]]>
+
+<!ENTITY % symbol.module "INCLUDE">
+<![ %symbol.module; [
+<!ENTITY % local.symbol.attrib "">
+<!ENTITY % symbol.role.attrib "%role.attrib;">
+
+<!ENTITY % symbol.element "INCLUDE">
+<![ %symbol.element; [
+<!ELEMENT Symbol - - ((%smallcptr.char.mix;)+)>
+<!--end of symbol.element-->]]>
+
+<!ENTITY % symbol.attlist "INCLUDE">
+<![ %symbol.attlist; [
+<!ATTLIST Symbol
+		--
+		Class: Type of symbol; no default
+		--
+		Class		(Limit)		#IMPLIED
+		%common.attrib;
+		%symbol.role.attrib;
+		%local.symbol.attrib;
+>
+<!--end of symbol.attlist-->]]>
+<!--end of symbol.module-->]]>
+
+<!ENTITY % systemitem.module "INCLUDE">
+<![ %systemitem.module; [
+<!ENTITY % local.systemitem.attrib "">
+<!ENTITY % systemitem.role.attrib "%role.attrib;">
+
+<!ENTITY % systemitem.element "INCLUDE">
+<![ %systemitem.element; [
+<!ELEMENT SystemItem - - ((%smallcptr.char.mix; | Acronym)*)>
+<!--end of systemitem.element-->]]>
+
+<!ENTITY % systemitem.attlist "INCLUDE">
+<![ %systemitem.attlist; [
+<!ATTLIST SystemItem
+		--
+		Class: Type of system item the element names; no default
+		--
+		Class	(Constant
+			|GroupName
+			|Library
+			|Macro
+			|OSname
+			|Resource
+			|SystemName
+			|UserName)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%systemitem.role.attrib;
+		%local.systemitem.attrib;
+>
+<!--end of systemitem.attlist-->]]>
+<!--end of systemitem.module-->]]>
+
+
+<!ENTITY % token.module "INCLUDE">
+<![ %token.module; [
+<!ENTITY % local.token.attrib "">
+<!ENTITY % token.role.attrib "%role.attrib;">
+
+<!ENTITY % token.element "INCLUDE">
+<![ %token.element; [
+<!ELEMENT Token - - ((%smallcptr.char.mix;)+)>
+<!--end of token.element-->]]>
+
+<!ENTITY % token.attlist "INCLUDE">
+<![ %token.attlist; [
+<!ATTLIST Token
+		%common.attrib;
+		%token.role.attrib;
+		%local.token.attrib;
+>
+<!--end of token.attlist-->]]>
+<!--end of token.module-->]]>
+
+<!ENTITY % type.module "INCLUDE">
+<![ %type.module; [
+<!ENTITY % local.type.attrib "">
+<!ENTITY % type.role.attrib "%role.attrib;">
+
+<!ENTITY % type.element "INCLUDE">
+<![ %type.element; [
+<!ELEMENT Type - - ((%smallcptr.char.mix;)+)>
+<!--end of type.element-->]]>
+
+<!ENTITY % type.attlist "INCLUDE">
+<![ %type.attlist; [
+<!ATTLIST Type
+		%common.attrib;
+		%type.role.attrib;
+		%local.type.attrib;
+>
+<!--end of type.attlist-->]]>
+<!--end of type.module-->]]>
+
+<!ENTITY % userinput.module "INCLUDE">
+<![ %userinput.module; [
+<!ENTITY % local.userinput.attrib "">
+<!ENTITY % userinput.role.attrib "%role.attrib;">
+
+<!ENTITY % userinput.element "INCLUDE">
+<![ %userinput.element; [
+<!ELEMENT UserInput - - ((%cptr.char.mix;)+)>
+<!--end of userinput.element-->]]>
+
+<!ENTITY % userinput.attlist "INCLUDE">
+<![ %userinput.attlist; [
+<!ATTLIST UserInput
+		%moreinfo.attrib;
+		%common.attrib;
+		%userinput.role.attrib;
+		%local.userinput.attrib;
+>
+<!--end of userinput.attlist-->]]>
+<!--end of userinput.module-->]]>
+
+<!-- General words and phrases ............................................ -->
+
+<!ENTITY % abbrev.module "INCLUDE">
+<![ %abbrev.module; [
+<!ENTITY % local.abbrev.attrib "">
+<!ENTITY % abbrev.role.attrib "%role.attrib;">
+
+<!ENTITY % abbrev.element "INCLUDE">
+<![ %abbrev.element; [
+<!ELEMENT Abbrev - - ((%word.char.mix;)+)>
+<!--end of abbrev.element-->]]>
+
+<!ENTITY % abbrev.attlist "INCLUDE">
+<![ %abbrev.attlist; [
+<!ATTLIST Abbrev
+		%common.attrib;
+		%abbrev.role.attrib;
+		%local.abbrev.attrib;
+>
+<!--end of abbrev.attlist-->]]>
+<!--end of abbrev.module-->]]>
+
+<!ENTITY % acronym.module "INCLUDE">
+<![ %acronym.module; [
+<!ENTITY % local.acronym.attrib "">
+<!ENTITY % acronym.role.attrib "%role.attrib;">
+
+<!ENTITY % acronym.element "INCLUDE">
+<![ %acronym.element; [
+<!ELEMENT Acronym - - ((%word.char.mix;)+) %acronym.exclusion;>
+<!--end of acronym.element-->]]>
+
+<!ENTITY % acronym.attlist "INCLUDE">
+<![ %acronym.attlist; [
+<!ATTLIST Acronym
+		%common.attrib;
+		%acronym.role.attrib;
+		%local.acronym.attrib;
+>
+<!--end of acronym.attlist-->]]>
+<!--end of acronym.module-->]]>
+
+<!ENTITY % citation.module "INCLUDE">
+<![ %citation.module; [
+<!ENTITY % local.citation.attrib "">
+<!ENTITY % citation.role.attrib "%role.attrib;">
+
+<!ENTITY % citation.element "INCLUDE">
+<![ %citation.element; [
+<!ELEMENT Citation - - ((%para.char.mix;)+)>
+<!--end of citation.element-->]]>
+
+<!ENTITY % citation.attlist "INCLUDE">
+<![ %citation.attlist; [
+<!ATTLIST Citation
+		%common.attrib;
+		%citation.role.attrib;
+		%local.citation.attrib;
+>
+<!--end of citation.attlist-->]]>
+<!--end of citation.module-->]]>
+
+<!ENTITY % citerefentry.module "INCLUDE">
+<![ %citerefentry.module; [
+<!ENTITY % local.citerefentry.attrib "">
+<!ENTITY % citerefentry.role.attrib "%role.attrib;">
+
+<!ENTITY % citerefentry.element "INCLUDE">
+<![ %citerefentry.element; [
+<!ELEMENT CiteRefEntry - - (RefEntryTitle, ManVolNum?)>
+<!--end of citerefentry.element-->]]>
+
+<!ENTITY % citerefentry.attlist "INCLUDE">
+<![ %citerefentry.attlist; [
+<!ATTLIST CiteRefEntry
+		%common.attrib;
+		%citerefentry.role.attrib;
+		%local.citerefentry.attrib;
+>
+<!--end of citerefentry.attlist-->]]>
+<!--end of citerefentry.module-->]]>
+
+<!ENTITY % refentrytitle.module "INCLUDE">
+<![ %refentrytitle.module; [
+<!ENTITY % local.refentrytitle.attrib "">
+<!ENTITY % refentrytitle.role.attrib "%role.attrib;">
+
+<!ENTITY % refentrytitle.element "INCLUDE">
+<![ %refentrytitle.element; [
+<!ELEMENT RefEntryTitle - O ((%para.char.mix;)+)>
+<!--end of refentrytitle.element-->]]>
+
+<!ENTITY % refentrytitle.attlist "INCLUDE">
+<![ %refentrytitle.attlist; [
+<!ATTLIST RefEntryTitle
+		%common.attrib;
+		%refentrytitle.role.attrib;
+		%local.refentrytitle.attrib;
+>
+<!--end of refentrytitle.attlist-->]]>
+<!--end of refentrytitle.module-->]]>
+
+<!ENTITY % manvolnum.module "INCLUDE">
+<![ %manvolnum.module; [
+<!ENTITY % local.manvolnum.attrib "">
+<!ENTITY % namvolnum.role.attrib "%role.attrib;">
+
+<!ENTITY % manvolnum.element "INCLUDE">
+<![ %manvolnum.element; [
+<!ELEMENT ManVolNum - O ((%word.char.mix;)+)>
+<!--end of manvolnum.element-->]]>
+
+<!ENTITY % manvolnum.attlist "INCLUDE">
+<![ %manvolnum.attlist; [
+<!ATTLIST ManVolNum
+		%common.attrib;
+		%namvolnum.role.attrib;
+		%local.manvolnum.attrib;
+>
+<!--end of manvolnum.attlist-->]]>
+<!--end of manvolnum.module-->]]>
+
+<!ENTITY % citetitle.module "INCLUDE">
+<![ %citetitle.module; [
+<!ENTITY % local.citetitle.attrib "">
+<!ENTITY % citetitle.role.attrib "%role.attrib;">
+
+<!ENTITY % citetitle.element "INCLUDE">
+<![ %citetitle.element; [
+<!ELEMENT CiteTitle - - ((%para.char.mix;)+)>
+<!--end of citetitle.element-->]]>
+
+<!ENTITY % citetitle.attlist "INCLUDE">
+<![ %citetitle.attlist; [
+<!ATTLIST CiteTitle
+		--
+		Pubwork: Genre of published work cited; no default
+		--
+		Pubwork		(Article
+				|Book
+				|Chapter
+				|Part
+				|RefEntry
+				|Section
+				|Journal
+				|Series
+				|Set
+				|Manuscript)	#IMPLIED
+		%common.attrib;
+		%citetitle.role.attrib;
+		%local.citetitle.attrib;
+>
+<!--end of citetitle.attlist-->]]>
+<!--end of citetitle.module-->]]>
+
+<!ENTITY % emphasis.module "INCLUDE">
+<![ %emphasis.module; [
+<!ENTITY % local.emphasis.attrib "">
+<!ENTITY % emphasis.role.attrib "%role.attrib;">
+
+<!ENTITY % emphasis.element "INCLUDE">
+<![ %emphasis.element; [
+<!ELEMENT Emphasis - - ((%para.char.mix;)+)>
+<!--end of emphasis.element-->]]>
+
+<!ENTITY % emphasis.attlist "INCLUDE">
+<![ %emphasis.attlist; [
+<!ATTLIST Emphasis
+		%common.attrib;
+		%emphasis.role.attrib;
+		%local.emphasis.attrib;
+>
+<!--end of emphasis.attlist-->]]>
+<!--end of emphasis.module-->]]>
+
+<!ENTITY % firstterm.module "INCLUDE">
+<![ %firstterm.module; [
+<!ENTITY % local.firstterm.attrib "">
+<!ENTITY % firstterm.role.attrib "%role.attrib;">
+
+<!ENTITY % firstterm.element "INCLUDE">
+<![ %firstterm.element; [
+<!ELEMENT FirstTerm - - ((%word.char.mix;)+)>
+<!--end of firstterm.element-->]]>
+
+<!ENTITY % firstterm.attlist "INCLUDE">
+<![ %firstterm.attlist; [
+<!ATTLIST FirstTerm
+		%linkend.attrib; --to GlossEntry or other explanation--
+		%common.attrib;
+		%firstterm.role.attrib;
+		%local.firstterm.attrib;
+>
+<!--end of firstterm.attlist-->]]>
+<!--end of firstterm.module-->]]>
+
+<!ENTITY % foreignphrase.module "INCLUDE">
+<![ %foreignphrase.module; [
+<!ENTITY % local.foreignphrase.attrib "">
+<!ENTITY % foreignphrase.role.attrib "%role.attrib;">
+
+<!ENTITY % foreignphrase.element "INCLUDE">
+<![ %foreignphrase.element; [
+<!ELEMENT ForeignPhrase - - ((%para.char.mix;)+)>
+<!--end of foreignphrase.element-->]]>
+
+<!ENTITY % foreignphrase.attlist "INCLUDE">
+<![ %foreignphrase.attlist; [
+<!ATTLIST ForeignPhrase
+		%common.attrib;
+		%foreignphrase.role.attrib;
+		%local.foreignphrase.attrib;
+>
+<!--end of foreignphrase.attlist-->]]>
+<!--end of foreignphrase.module-->]]>
+
+<!ENTITY % glossterm.module "INCLUDE">
+<![ %glossterm.module; [
+<!ENTITY % local.glossterm.attrib "">
+<!ENTITY % glossterm.role.attrib "%role.attrib;">
+
+<!ENTITY % glossterm.element "INCLUDE">
+<![ %glossterm.element; [
+<!ELEMENT GlossTerm - O ((%para.char.mix;)+) %glossterm.exclusion;>
+<!--end of glossterm.element-->]]>
+
+<!ENTITY % glossterm.attlist "INCLUDE">
+<![ %glossterm.attlist; [
+<!ATTLIST GlossTerm
+		%linkend.attrib; --to GlossEntry if Glossterm used in text--
+		--
+		BaseForm: Provides the form of GlossTerm to be used
+		for indexing
+		--
+		BaseForm	CDATA		#IMPLIED
+		%common.attrib;
+		%glossterm.role.attrib;
+		%local.glossterm.attrib;
+>
+<!--end of glossterm.attlist-->]]>
+<!--end of glossterm.module-->]]>
+
+<!ENTITY % phrase.module "INCLUDE">
+<![ %phrase.module; [
+<!ENTITY % local.phrase.attrib "">
+<!ENTITY % phrase.role.attrib "%role.attrib;">
+
+<!ENTITY % phrase.element "INCLUDE">
+<![ %phrase.element; [
+<!ELEMENT Phrase - - ((%para.char.mix;)+)>
+<!--end of phrase.element-->]]>
+
+<!ENTITY % phrase.attlist "INCLUDE">
+<![ %phrase.attlist; [
+<!ATTLIST Phrase
+		%common.attrib;
+		%phrase.role.attrib;
+		%local.phrase.attrib;
+>
+<!--end of phrase.attlist-->]]>
+<!--end of phrase.module-->]]>
+
+<!ENTITY % quote.module "INCLUDE">
+<![ %quote.module; [
+<!ENTITY % local.quote.attrib "">
+<!ENTITY % quote.role.attrib "%role.attrib;">
+
+<!ENTITY % quote.element "INCLUDE">
+<![ %quote.element; [
+<!ELEMENT Quote - - ((%para.char.mix;)+)>
+<!--end of quote.element-->]]>
+
+<!ENTITY % quote.attlist "INCLUDE">
+<![ %quote.attlist; [
+<!ATTLIST Quote
+		%common.attrib;
+		%quote.role.attrib;
+		%local.quote.attrib;
+>
+<!--end of quote.attlist-->]]>
+<!--end of quote.module-->]]>
+
+<!ENTITY % ssscript.module "INCLUDE">
+<![ %ssscript.module; [
+<!ENTITY % local.ssscript.attrib "">
+<!ENTITY % ssscript.role.attrib "%role.attrib;">
+
+<!ENTITY % ssscript.elements "INCLUDE">
+<![ %ssscript.elements [
+<!ELEMENT (Subscript | Superscript) - - ((#PCDATA 
+		| %link.char.class;
+		| Emphasis
+		| Replaceable 
+		| Symbol 
+		| InlineGraphic 
+		| InlineMediaObject
+		| %base.char.class; 
+		| %other.char.class;)+)
+		%ubiq.exclusion;>
+<!--end of ssscript.elements-->]]>
+
+<!ENTITY % ssscript.attlists "INCLUDE">
+<![ %ssscript.attlists; [
+<!ATTLIST (Subscript | Superscript)
+		%common.attrib;
+		%ssscript.role.attrib;
+		%local.ssscript.attrib;
+>
+<!--end of ssscript.attlists-->]]>
+<!--end of ssscript.module-->]]>
+
+<!ENTITY % trademark.module "INCLUDE">
+<![ %trademark.module; [
+<!ENTITY % local.trademark.attrib "">
+<!ENTITY % trademark.role.attrib "%role.attrib;">
+
+<!ENTITY % trademark.element "INCLUDE">
+<![ %trademark.element; [
+<!ELEMENT Trademark - - ((#PCDATA 
+		| %link.char.class; 
+		| %tech.char.class;
+		| %base.char.class; 
+		| %other.char.class; 
+		| InlineGraphic
+		| InlineMediaObject
+		| Emphasis)+)>
+<!--end of trademark.element-->]]>
+
+<!ENTITY % trademark.attlist "INCLUDE">
+<![ %trademark.attlist; [
+<!ATTLIST Trademark
+		--
+		Class: More precisely identifies the item the element names
+		--
+		Class		(Service
+				|Trade
+				|Registered
+				|Copyright)	Trade
+		%common.attrib;
+		%trademark.role.attrib;
+		%local.trademark.attrib;
+>
+<!--end of trademark.attlist-->]]>
+<!--end of trademark.module-->]]>
+
+<!ENTITY % wordasword.module "INCLUDE">
+<![ %wordasword.module; [
+<!ENTITY % local.wordasword.attrib "">
+<!ENTITY % wordasword.role.attrib "%role.attrib;">
+
+<!ENTITY % wordasword.element "INCLUDE">
+<![ %wordasword.element; [
+<!ELEMENT WordAsWord - - ((%word.char.mix;)+)>
+<!--end of wordasword.element-->]]>
+
+<!ENTITY % wordasword.attlist "INCLUDE">
+<![ %wordasword.attlist; [
+<!ATTLIST WordAsWord
+		%common.attrib;
+		%wordasword.role.attrib;
+		%local.wordasword.attrib;
+>
+<!--end of wordasword.attlist-->]]>
+<!--end of wordasword.module-->]]>
+
+<!-- Links and cross-references ........................................... -->
+
+<!ENTITY % link.module "INCLUDE">
+<![ %link.module; [
+<!ENTITY % local.link.attrib "">
+<!ENTITY % link.role.attrib "%role.attrib;">
+
+<!ENTITY % link.element "INCLUDE">
+<![ %link.element; [
+<!ELEMENT Link - - ((%para.char.mix;)+) %links.exclusion;>
+<!--end of link.element-->]]>
+
+<!ENTITY % link.attlist "INCLUDE">
+<![ %link.attlist; [
+<!ATTLIST Link
+		--
+		Endterm: ID of element containing text that is to be
+		fetched from elsewhere in the document to appear as
+		the content of this element
+		--
+		Endterm		IDREF		#IMPLIED
+		%linkendreq.attrib; --to linked-to object--
+		--
+		Type: Freely assignable parameter
+		--
+		Type		CDATA		#IMPLIED
+		%common.attrib;
+		%link.role.attrib;
+		%local.link.attrib;
+>
+<!--end of link.attlist-->]]>
+<!--end of link.module-->]]>
+
+<!ENTITY % olink.module "INCLUDE">
+<![ %olink.module; [
+<!ENTITY % local.olink.attrib "">
+<!ENTITY % olink.role.attrib "%role.attrib;">
+
+<!ENTITY % olink.element "INCLUDE">
+<![ %olink.element; [
+<!ELEMENT OLink - - ((%para.char.mix;)+) %links.exclusion;>
+<!--end of olink.element-->]]>
+
+<!ENTITY % olink.attlist "INCLUDE">
+<![ %olink.attlist; [
+<!ATTLIST OLink
+		--
+		TargetDocEnt: Name of an entity to be the target of the link
+		--
+		TargetDocEnt	ENTITY 		#IMPLIED
+		--
+		LinkMode: ID of a ModeSpec containing instructions for
+		operating on the entity named by TargetDocEnt
+		--
+		LinkMode	IDREF		#IMPLIED
+		--
+		LocalInfo: Information that may be passed to ModeSpec
+		--
+		LocalInfo 	CDATA		#IMPLIED
+		--
+		Type: Freely assignable parameter
+		--
+		Type		CDATA		#IMPLIED
+		%common.attrib;
+		%olink.role.attrib;
+		%local.olink.attrib;
+>
+<!--end of olink.attlist-->]]>
+<!--end of olink.module-->]]>
+
+<!ENTITY % ulink.module "INCLUDE">
+<![ %ulink.module; [
+<!ENTITY % local.ulink.attrib "">
+<!ENTITY % ulink.role.attrib "%role.attrib;">
+
+<!ENTITY % ulink.element "INCLUDE">
+<![ %ulink.element; [
+<!ELEMENT ULink - - ((%para.char.mix;)+) %links.exclusion;>
+<!--end of ulink.element-->]]>
+
+<!ENTITY % ulink.attlist "INCLUDE">
+<![ %ulink.attlist; [
+<!ATTLIST ULink
+		--
+		URL: uniform resource locator; the target of the ULink
+		--
+		URL		CDATA		#REQUIRED
+		--
+		Type: Freely assignable parameter
+		--
+		Type		CDATA		#IMPLIED
+		%common.attrib;
+		%ulink.role.attrib;
+		%local.ulink.attrib;
+>
+<!--end of ulink.attlist-->]]>
+<!--end of ulink.module-->]]>
+
+<!ENTITY % footnoteref.module "INCLUDE">
+<![ %footnoteref.module; [
+<!ENTITY % local.footnoteref.attrib "">
+<!ENTITY % footnoteref.role.attrib "%role.attrib;">
+
+<!ENTITY % footnoteref.element "INCLUDE">
+<![ %footnoteref.element; [
+<!ELEMENT FootnoteRef - O EMPTY>
+<!--end of footnoteref.element-->]]>
+
+<!ENTITY % footnoteref.attlist "INCLUDE">
+<![ %footnoteref.attlist; [
+<!ATTLIST FootnoteRef
+		%linkendreq.attrib; --to footnote content supplied elsewhere--
+		%label.attrib;
+		%common.attrib;
+		%footnoteref.role.attrib;
+		%local.footnoteref.attrib;
+>
+<!--end of footnoteref.attlist-->]]>
+<!--end of footnoteref.module-->]]>
+
+<!ENTITY % xref.module "INCLUDE">
+<![ %xref.module; [
+<!ENTITY % local.xref.attrib "">
+<!ENTITY % xref.role.attrib "%role.attrib;">
+
+<!ENTITY % xref.element "INCLUDE">
+<![ %xref.element; [
+<!ELEMENT XRef - O EMPTY>
+<!--end of xref.element-->]]>
+
+<!ENTITY % xref.attlist "INCLUDE">
+<![ %xref.attlist; [
+<!ATTLIST XRef
+		--
+		Endterm: ID of element containing text that is to be
+		fetched from elsewhere in the document to appear as
+		the content of this element
+		--
+		Endterm		IDREF		#IMPLIED
+		%linkendreq.attrib; --to linked-to object--
+		%common.attrib;
+		%xref.role.attrib;
+		%local.xref.attrib;
+>
+<!--end of xref.attlist-->]]>
+<!--end of xref.module-->]]>
+
+<!-- Ubiquitous elements .................................................. -->
+
+<!ENTITY % anchor.module "INCLUDE">
+<![ %anchor.module; [
+<!ENTITY % local.anchor.attrib "">
+<!ENTITY % anchor.role.attrib "%role.attrib;">
+
+<!ENTITY % anchor.element "INCLUDE">
+<![ %anchor.element; [
+<!ELEMENT Anchor - O EMPTY>
+<!--end of anchor.element-->]]>
+
+<!ENTITY % anchor.attlist "INCLUDE">
+<![ %anchor.attlist; [
+<!ATTLIST Anchor
+		%idreq.attrib; -- required --
+		%pagenum.attrib; --replaces Lang --
+		%remap.attrib;
+		%xreflabel.attrib;
+		%revisionflag.attrib;
+		%effectivity.attrib;
+		%anchor.role.attrib;
+		%local.anchor.attrib;
+>
+<!--end of anchor.attlist-->]]>
+<!--end of anchor.module-->]]>
+
+<!ENTITY % beginpage.module "INCLUDE">
+<![ %beginpage.module; [
+<!ENTITY % local.beginpage.attrib "">
+<!ENTITY % beginpage.role.attrib "%role.attrib;">
+
+<!ENTITY % beginpage.element "INCLUDE">
+<![ %beginpage.element; [
+<!ELEMENT BeginPage - O EMPTY>
+<!--end of beginpage.element-->]]>
+
+<!ENTITY % beginpage.attlist "INCLUDE">
+<![ %beginpage.attlist; [
+<!ATTLIST BeginPage
+		--
+		PageNum: Number of page that begins at this point
+		--
+		%pagenum.attrib;
+		%common.attrib;
+		%beginpage.role.attrib;
+		%local.beginpage.attrib;
+>
+<!--end of beginpage.attlist-->]]>
+<!--end of beginpage.module-->]]>
+
+<!-- IndexTerms appear in the text flow for generating or linking an
+     index. -->
+
+<!ENTITY % indexterm.content.module "INCLUDE">
+<![ %indexterm.content.module; [
+<!ENTITY % indexterm.module "INCLUDE">
+<![ %indexterm.module; [
+<!ENTITY % local.indexterm.attrib "">
+<!ENTITY % indexterm.role.attrib "%role.attrib;">
+
+<!ENTITY % indexterm.element "INCLUDE">
+<![ %indexterm.element; [
+<!ELEMENT IndexTerm - O (Primary, ((Secondary, ((Tertiary, (See|SeeAlso+)?)
+		| See | SeeAlso+)?) | See | SeeAlso+)?) %ubiq.exclusion;>
+<!--end of indexterm.element-->]]>
+
+<!ENTITY % indexterm.attlist "INCLUDE">
+<![ %indexterm.attlist; [
+<!ATTLIST IndexTerm
+		%pagenum.attrib;
+		--
+		Scope: Indicates which generated indices the IndexTerm
+		should appear in: Global (whole document set), Local (this
+		document only), or All (both)
+		--
+		Scope		(All
+				|Global
+				|Local)		#IMPLIED
+		--
+		Significance: Whether this IndexTerm is the most pertinent
+		of its series (Preferred) or not (Normal, the default)
+		--
+		Significance	(Preferred
+				|Normal)	Normal
+		--
+		Class: Indicates type of IndexTerm; default is Singular, 
+		or EndOfRange if StartRef is supplied; StartOfRange value 
+		must be supplied explicitly on starts of ranges
+		--
+		Class		(Singular
+				|StartOfRange
+				|EndOfRange)	#IMPLIED
+		--
+		StartRef: ID of the IndexTerm that starts the indexing 
+		range ended by this IndexTerm
+		--
+		StartRef		IDREF		#CONREF
+		--
+		Zone: IDs of the elements to which the IndexTerm applies,
+		and indicates that the IndexTerm applies to those entire
+		elements rather than the point at which the IndexTerm
+		occurs
+		--
+		Zone			IDREFS		#IMPLIED
+		%common.attrib;
+		%indexterm.role.attrib;
+		%local.indexterm.attrib;
+>
+<!--end of indexterm.attlist-->]]>
+<!--end of indexterm.module-->]]>
+
+<!ENTITY % primsecter.module "INCLUDE">
+<![ %primsecter.module; [
+<!ENTITY % local.primsecter.attrib "">
+<!ENTITY % primsecter.role.attrib "%role.attrib;">
+
+<!ENTITY % primsecter.elements "INCLUDE">
+<![ %primsecter.elements; [
+<!ELEMENT (Primary | Secondary | Tertiary) - O ((%ndxterm.char.mix;)+)>
+<!--end of primsecter.elements-->]]>
+
+<!ENTITY % primsecter.attlists "INCLUDE">
+<![ %primsecter.attlists; [
+<!ENTITY % containing.attlist "INCLUDE">
+<![ %containing.attlist; [
+<!ATTLIST (Primary | Secondary | Tertiary)
+		--
+		SortAs: Alternate sort string for index sorting, e.g.,
+		"fourteen" for an element containing "14"
+		--
+		SortAs		CDATA		#IMPLIED
+		%common.attrib;
+		%primsecter.role.attrib;
+		%local.primsecter.attrib;
+>
+<!--end of containing.attlist-->]]>
+<!--end of primsecter.attlist-->]]>
+<!--end of primsecter.module-->]]>
+
+<!ENTITY % seeseealso.module "INCLUDE">
+<![ %seeseealso.module; [
+<!ENTITY % local.seeseealso.attrib "">
+<!ENTITY % seeseealso.role.attrib "%role.attrib;">
+
+<!ENTITY % seeseealso.elements "INCLUDE">
+<![ %seeseealso.elements [
+<!ELEMENT (See | SeeAlso) - O ((%ndxterm.char.mix;)+)>
+<!--end of seeseealso.elements-->]]>
+
+<!ENTITY % seeseealso.attlists "INCLUDE">
+<![ %seeseealso.attlists [
+<!ATTLIST (See | SeeAlso)
+		%common.attrib;
+		%seeseealso.role.attrib;
+		%local.seeseealso.attrib;
+>
+<!--end of seeseealso.attlists-->]]>
+<!--end of seeseealso.module-->]]>
+<!--end of indexterm.content.module-->]]>
+
+<!-- End of DocBook information pool module V4.1 .......................... -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/docbook.cat b/docs/docbook/dbsgml/docbook.cat
new file mode 100755
index 00000000000..0f285d0d751
--- /dev/null
+++ b/docs/docbook/dbsgml/docbook.cat
@@ -0,0 +1,63 @@
+  -- ...................................................................... --
+  -- Catalog data for DocBook V4.1 ........................................ --
+  -- File docbook.cat ..................................................... --
+
+  -- Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/.
+  --
+
+  -- This is the catalog data file for DocBook V4.1. It is provided as
+     a convenience in building your own catalog files. You need not use
+     the filenames listed here, and need not use the filename method of
+     identifying storage objects at all.  See the documentation for
+     detailed information on the files associated with the DocBook DTD.
+     See SGML Open Technical Resolution 9401 for detailed information
+     on supplying and using catalog data.
+  --
+
+  -- ...................................................................... --
+  -- SGML declaration associated with DocBook ............................. --
+
+DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl"
+
+  -- ...................................................................... --
+  -- DocBook driver file .................................................. --
+
+PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd"
+
+  -- ...................................................................... --
+  -- DocBook modules ...................................................... --
+
+PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd"
+PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod"
+PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod"
+
+  -- ...................................................................... --
+  -- ISO entity sets ...................................................... --
+
+PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ISOdia"
+PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ISOnum"
+PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ISOpub"
+PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ISOtech"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ISOlat1"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ISOlat2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ISOgrk1"
+PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ISOgrk2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ISOgrk3"
+PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ISOgrk4"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ISOamsa"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ISOamsb"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ISOamsc"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ISOamsn"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ISOamso"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ISOamsr"
+PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ISObox"
+PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ISOcyr1"
+PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ISOcyr2"
+
+  -- End of catalog data for DocBook V4.1 ................................. --
+  -- ...................................................................... --
diff --git a/docs/docbook/dbsgml/docbook.dcl b/docs/docbook/dbsgml/docbook.dcl
new file mode 100755
index 00000000000..c76de206cf4
--- /dev/null
+++ b/docs/docbook/dbsgml/docbook.dcl
@@ -0,0 +1,106 @@
+<!SGML  "ISO 8879:1986"
+  -- ...................................................................... --
+  -- DocBook SGML declaration V4.1 ........................................ --
+  -- file docbook.dcl ..................................................... --
+
+CHARSET
+
+	BASESET
+  "ISO 646:1983//CHARSET International Reference Version (IRV)//ESC 2/5 4/0"
+	DESCSET
+                    0   9   UNUSED
+                    9   2     9
+                   11   2   UNUSED
+                   13   1    13
+                   14  18   UNUSED
+                   32  95    32
+                  127   1   UNUSED
+
+	BASESET 
+  "ISO Registration Number 100//CHARSET ECMA-94 Right Part of Latin Alphabet Nr. 1//ESC 2/13 4/1"
+	DESCSET  
+                  128  32   UNUSED
+                  160  96   32
+
+CAPACITY SGMLREF
+
+	TOTALCAP 99000000
+	ATTCAP    1000000
+	ATTCHCAP  1000000
+	AVGRPCAP  1000000
+	ELEMCAP   1000000
+	ENTCAP    1000000
+	ENTCHCAP  1000000
+	GRPCAP    1000000
+	IDCAP    32000000
+	IDREFCAP 32000000
+  
+SCOPE DOCUMENT
+
+SYNTAX
+
+	SHUNCHAR  CONTROLS   0   1   2   3   4   5   6   7   8   9
+                            10  11  12  13  14  15  16  17  18  19
+                            20  21  22  23  24  25  26  27  28  29
+                            30  31                     127 128 129
+                           130 131 132 133 134 135 136 137 138 139
+                           140 141 142 143 144 145 146 147 148 149
+                           150 151 152 153 154 155 156 157 158 159
+
+	BASESET
+  "ISO 646:1983//CHARSET International Reference Version (IRV)//ESC 2/5 4/0"
+	DESCSET
+                  0   128   0
+
+	FUNCTION
+		RE          13
+		RS          10
+		SPACE       32
+		TAB SEPCHAR  9
+
+	NAMING
+		LCNMSTRT ""
+		UCNMSTRT ""
+		LCNMCHAR ".-_"
+		UCNMCHAR ".-_"
+		NAMECASE
+			GENERAL YES
+			ENTITY  NO
+
+	DELIM
+		GENERAL  SGMLREF
+		SHORTREF SGMLREF
+
+	NAMES SGMLREF
+
+	QUANTITY SGMLREF
+		ATTCNT    256
+		GRPCNT    253
+		GRPGTCNT  253
+		LITLEN   8092
+		NAMELEN    44
+		TAGLVL    100
+
+FEATURES
+
+         MINIMIZE
+                  DATATAG  NO
+                  OMITTAG  NO
+                  RANK     NO
+                  SHORTTAG YES 
+
+         LINK
+                  SIMPLE   NO
+                  IMPLICIT NO
+                  EXPLICIT NO
+
+         OTHER
+                  CONCUR   NO
+                  SUBDOC   NO
+                  FORMAL   YES
+
+APPINFO NONE
+
+  -- End of DocBook SGML declaration V4.1 ................................. --
+  -- ...................................................................... --
+>
diff --git a/docs/docbook/dbsgml/docbook.dtd b/docs/docbook/dbsgml/docbook.dtd
new file mode 100755
index 00000000000..59bff93816b
--- /dev/null
+++ b/docs/docbook/dbsgml/docbook.dtd
@@ -0,0 +1,117 @@
+<!-- ...................................................................... -->
+<!-- DocBook DTD V4.1 ..................................................... -->
+<!-- File docbook.dtd ..................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: docbook.dtd,v 1.1.2.1 2001/02/28 19:05:02 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for 
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This is the driver file for V4.1 of the DocBook DTD.
+     Please use the following formal public identifier to identify it:
+
+     "-//OASIS//DTD DocBook V4.1//EN"
+
+     For example, if your document's top-level element is Book, and
+     you are using DocBook directly, use the FPI in the DOCTYPE
+     declaration:
+
+     <!DOCTYPE Book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [...]>
+
+     Or, if you have a higher-level driver file that customizes DocBook,
+     use the FPI in the parameter entity declaration:
+
+     <!ENTITY % DocBookDTD PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+     %DocBookDTD;
+
+     The DocBook DTD is accompanied by an SGML declaration.
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+<!-- Notation declarations ................................................ -->
+
+<!ENTITY % dbnotn.module "INCLUDE">
+<![ %dbnotn.module; [
+<!ENTITY % dbnotn PUBLIC 
+"-//OASIS//ENTITIES DocBook Notations V4.1//EN">
+%dbnotn;
+<!--end of dbnotn.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- ISO character entity sets ............................................ -->
+
+<!ENTITY % dbcent.module "INCLUDE">
+<![ %dbcent.module; [
+<!ENTITY euro SDATA "[euro  ]"><!-- euro sign, U+20AC NEW -->
+<!ENTITY % dbcent PUBLIC 
+"-//OASIS//ENTITIES DocBook Character Entities V4.1//EN">
+%dbcent;
+<!--end of dbcent.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- DTD modules .......................................................... -->
+
+<!-- Information pool .............. -->
+
+<!ENTITY % dbpool.module "INCLUDE">
+<![ %dbpool.module; [
+<!ENTITY % dbpool PUBLIC 
+"-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN">
+%dbpool;
+<!--end of dbpool.module-->]]>
+
+<!-- Redeclaration placeholder ..... -->
+
+<!ENTITY % intermod.redecl.module "IGNORE">
+<![ %intermod.redecl.module; [
+%rdbmods;
+<!--end of intermod.redecl.module-->]]>
+
+<!-- Document hierarchy ............ -->
+
+<!ENTITY % dbhier.module "INCLUDE">
+<![ %dbhier.module; [
+<!ENTITY % dbhier PUBLIC 
+"-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN">
+%dbhier;
+<!--end of dbhier.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Other general entities ............................................... -->
+
+<!ENTITY % dbgenent.module "INCLUDE">
+<![ %dbgenent.module; [
+<!ENTITY % dbgenent PUBLIC
+"-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN">
+%dbgenent;
+<!--end of dbgenent.module-->]]>
+
+<!-- End of DocBook DTD V4.1 .............................................. -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/ent/ISOamsa b/docs/docbook/dbsgml/ent/ISOamsa
new file mode 100755
index 00000000000..b77154cb024
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsa
@@ -0,0 +1,66 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsa PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN">
+     %ISOamsa;
+-->
+<!ENTITY cularr SDATA "[cularr]"--/curvearrowleft A: left curved arrow -->
+<!ENTITY curarr SDATA "[curarr]"--/curvearrowright A: rt curved arrow -->
+<!ENTITY dArr   SDATA "[dArr  ]"--/Downarrow A: down dbl arrow -->
+<!ENTITY darr2  SDATA "[darr2 ]"--/downdownarrows A: two down arrows -->
+<!ENTITY dharl  SDATA "[dharl ]"--/downleftharpoon A: dn harpoon-left -->
+<!ENTITY dharr  SDATA "[dharr ]"--/downrightharpoon A: down harpoon-rt -->
+<!ENTITY lAarr  SDATA "[lAarr ]"--/Lleftarrow A: left triple arrow -->
+<!ENTITY Larr   SDATA "[Larr  ]"--/twoheadleftarrow A:-->
+<!ENTITY larr2  SDATA "[larr2 ]"--/leftleftarrows A: two left arrows -->
+<!ENTITY larrhk SDATA "[larrhk]"--/hookleftarrow A: left arrow-hooked -->
+<!ENTITY larrlp SDATA "[larrlp]"--/looparrowleft A: left arrow-looped -->
+<!ENTITY larrtl SDATA "[larrtl]"--/leftarrowtail A: left arrow-tailed -->
+<!ENTITY lhard  SDATA "[lhard ]"--/leftharpoondown A: l harpoon-down -->
+<!ENTITY lharu  SDATA "[lharu ]"--/leftharpoonup A: left harpoon-up -->
+<!ENTITY hArr   SDATA "[hArr  ]"--/Leftrightarrow A: l&r dbl arrow -->
+<!ENTITY harr   SDATA "[harr  ]"--/leftrightarrow A: l&r arrow -->
+<!ENTITY lrarr2 SDATA "[lrarr2]"--/leftrightarrows A: l arr over r arr -->
+<!ENTITY rlarr2 SDATA "[rlarr2]"--/rightleftarrows A: r arr over l arr -->
+<!ENTITY harrw  SDATA "[harrw ]"--/leftrightsquigarrow A: l&r arr-wavy -->
+<!ENTITY rlhar2 SDATA "[rlhar2]"--/rightleftharpoons A: r harp over l -->
+<!ENTITY lrhar2 SDATA "[lrhar2]"--/leftrightharpoons A: l harp over r -->
+<!ENTITY lsh    SDATA "[lsh   ]"--/Lsh A:-->
+<!ENTITY map    SDATA "[map   ]"--/mapsto A:-->
+<!ENTITY mumap  SDATA "[mumap ]"--/multimap A:-->
+<!ENTITY nearr  SDATA "[nearr ]"--/nearrow A: NE pointing arrow -->
+<!ENTITY nlArr  SDATA "[nlArr ]"--/nLeftarrow A: not implied by -->
+<!ENTITY nlarr  SDATA "[nlarr ]"--/nleftarrow A: not left arrow -->
+<!ENTITY nhArr  SDATA "[nhArr ]"--/nLeftrightarrow A: not l&r dbl arr -->
+<!ENTITY nharr  SDATA "[nharr ]"--/nleftrightarrow A: not l&r arrow -->
+<!ENTITY nrarr  SDATA "[nrarr ]"--/nrightarrow A: not right arrow -->
+<!ENTITY nrArr  SDATA "[nrArr ]"--/nRightarrow A: not implies -->
+<!ENTITY nwarr  SDATA "[nwarr ]"--/nwarrow A: NW pointing arrow -->
+<!ENTITY olarr  SDATA "[olarr ]"--/circlearrowleft A: l arr in circle -->
+<!ENTITY orarr  SDATA "[orarr ]"--/circlearrowright A: r arr in circle -->
+<!ENTITY rAarr  SDATA "[rAarr ]"--/Rrightarrow A: right triple arrow -->
+<!ENTITY Rarr   SDATA "[Rarr  ]"--/twoheadrightarrow A:-->
+<!ENTITY rarr2  SDATA "[rarr2 ]"--/rightrightarrows A: two rt arrows -->
+<!ENTITY rarrhk SDATA "[rarrhk]"--/hookrightarrow A: rt arrow-hooked -->
+<!ENTITY rarrlp SDATA "[rarrlp]"--/looparrowright A: rt arrow-looped -->
+<!ENTITY rarrtl SDATA "[rarrtl]"--/rightarrowtail A: rt arrow-tailed -->
+<!ENTITY rarrw  SDATA "[rarrw ]"--/squigarrowright A: rt arrow-wavy -->
+<!ENTITY rhard  SDATA "[rhard ]"--/rightharpoondown A: rt harpoon-down -->
+<!ENTITY rharu  SDATA "[rharu ]"--/rightharpoonup A: rt harpoon-up -->
+<!ENTITY rsh    SDATA "[rsh   ]"--/Rsh A:-->
+<!ENTITY drarr  SDATA "[drarr ]"--/searrow A: downward rt arrow -->
+<!ENTITY dlarr  SDATA "[dlarr ]"--/swarrow A: downward l arrow -->
+<!ENTITY uArr   SDATA "[uArr  ]"--/Uparrow A: up dbl arrow -->
+<!ENTITY uarr2  SDATA "[uarr2 ]"--/upuparrows A: two up arrows -->
+<!ENTITY vArr   SDATA "[vArr  ]"--/Updownarrow A: up&down dbl arrow -->
+<!ENTITY varr   SDATA "[varr  ]"--/updownarrow A: up&down arrow -->
+<!ENTITY uharl  SDATA "[uharl ]"--/upleftharpoon A: up harpoon-left -->
+<!ENTITY uharr  SDATA "[uharr ]"--/uprightharpoon A: up harp-r-->
+<!ENTITY xlArr  SDATA "[xlArr ]"--/Longleftarrow A: long l dbl arrow -->
+<!ENTITY xhArr  SDATA "[xhArr ]"--/Longleftrightarrow A: long l&r dbl arr-->
+<!ENTITY xharr  SDATA "[xharr ]"--/longleftrightarrow A: long l&r arr -->
+<!ENTITY xrArr  SDATA "[xrArr ]"--/Longrightarrow A: long rt dbl arr -->
diff --git a/docs/docbook/dbsgml/ent/ISOamsb b/docs/docbook/dbsgml/ent/ISOamsb
new file mode 100755
index 00000000000..43944a732fb
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsb
@@ -0,0 +1,52 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsb PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN">
+     %ISOamsb;
+-->
+<!ENTITY amalg  SDATA "[amalg ]"--/amalg B: amalgamation or coproduct-->
+<!ENTITY Barwed SDATA "[Barwed]"--/doublebarwedge B: log and, dbl bar-->
+<!ENTITY barwed SDATA "[barwed]"--/barwedge B: logical and, bar above-->
+<!ENTITY Cap    SDATA "[Cap   ]"--/Cap /doublecap B: dbl intersection-->
+<!ENTITY Cup    SDATA "[Cup   ]"--/Cup /doublecup B: dbl union-->
+<!ENTITY cuvee  SDATA "[cuvee ]"--/curlyvee B: curly logical or-->
+<!ENTITY cuwed  SDATA "[cuwed ]"--/curlywedge B: curly logical and-->
+<!ENTITY diam   SDATA "[diam  ]"--/diamond B: open diamond-->
+<!ENTITY divonx SDATA "[divonx]"--/divideontimes B: division on times-->
+<!ENTITY intcal SDATA "[intcal]"--/intercal B: intercal-->
+<!ENTITY lthree SDATA "[lthree]"--/leftthreetimes B:-->
+<!ENTITY ltimes SDATA "[ltimes]"--/ltimes B: times sign, left closed-->
+<!ENTITY minusb SDATA "[minusb]"--/boxminus B: minus sign in box-->
+<!ENTITY oast   SDATA "[oast  ]"--/circledast B: asterisk in circle-->
+<!ENTITY ocir   SDATA "[ocir  ]"--/circledcirc B: open dot in circle-->
+<!ENTITY odash  SDATA "[odash ]"--/circleddash B: hyphen in circle-->
+<!ENTITY odot   SDATA "[odot  ]"--/odot B: middle dot in circle-->
+<!ENTITY ominus SDATA "[ominus]"--/ominus B: minus sign in circle-->
+<!ENTITY oplus  SDATA "[oplus ]"--/oplus B: plus sign in circle-->
+<!ENTITY osol   SDATA "[osol  ]"--/oslash B: solidus in circle-->
+<!ENTITY otimes SDATA "[otimes]"--/otimes B: multiply sign in circle-->
+<!ENTITY plusb  SDATA "[plusb ]"--/boxplus B: plus sign in box-->
+<!ENTITY plusdo SDATA "[plusdo]"--/dotplus B: plus sign, dot above-->
+<!ENTITY rthree SDATA "[rthree]"--/rightthreetimes B:-->
+<!ENTITY rtimes SDATA "[rtimes]"--/rtimes B: times sign, right closed-->
+<!ENTITY sdot   SDATA "[sdot  ]"--/cdot B: small middle dot-->
+<!ENTITY sdotb  SDATA "[sdotb ]"--/dotsquare /boxdot B: small dot in box-->
+<!ENTITY setmn  SDATA "[setmn ]"--/setminus B: reverse solidus-->
+<!ENTITY sqcap  SDATA "[sqcap ]"--/sqcap B: square intersection-->
+<!ENTITY sqcup  SDATA "[sqcup ]"--/sqcup B: square union-->
+<!ENTITY ssetmn SDATA "[ssetmn]"--/smallsetminus B: sm reverse solidus-->
+<!ENTITY sstarf SDATA "[sstarf]"--/star B: small star, filled-->
+<!ENTITY timesb SDATA "[timesb]"--/boxtimes B: multiply sign in box-->
+<!ENTITY top    SDATA "[top   ]"--/top B: inverted perpendicular-->
+<!ENTITY uplus  SDATA "[uplus ]"--/uplus B: plus sign in union-->
+<!ENTITY wreath SDATA "[wreath]"--/wr B: wreath product-->
+<!ENTITY xcirc  SDATA "[xcirc ]"--/bigcirc B: large circle-->
+<!ENTITY xdtri  SDATA "[xdtri ]"--/bigtriangledown B: big dn tri, open-->
+<!ENTITY xutri  SDATA "[xutri ]"--/bigtriangleup B: big up tri, open-->
+<!ENTITY coprod SDATA "[coprod]"--/coprod L: coproduct operator-->
+<!ENTITY prod   SDATA "[prod  ]"--/prod L: product operator-->
+<!ENTITY sum    SDATA "[sum   ]"--/sum L: summation operator-->
diff --git a/docs/docbook/dbsgml/ent/ISOamsc b/docs/docbook/dbsgml/ent/ISOamsc
new file mode 100755
index 00000000000..06222d58cf4
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsc
@@ -0,0 +1,20 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsc PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN">
+     %ISOamsc;
+-->
+<!ENTITY rceil  SDATA "[rceil ]"--/rceil C: right ceiling-->
+<!ENTITY rfloor SDATA "[rfloor]"--/rfloor C: right floor-->
+<!ENTITY rpargt SDATA "[rpargt]"--/rightparengtr C: right paren, gt-->
+<!ENTITY urcorn SDATA "[urcorn]"--/urcorner C: upper right corner-->
+<!ENTITY drcorn SDATA "[drcorn]"--/lrcorner C: downward right corner-->
+<!ENTITY lceil  SDATA "[lceil ]"--/lceil O: left ceiling-->
+<!ENTITY lfloor SDATA "[lfloor]"--/lfloor O: left floor-->
+<!ENTITY lpargt SDATA "[lpargt]"--/leftparengtr O: left parenthesis, gt-->
+<!ENTITY ulcorn SDATA "[ulcorn]"--/ulcorner O: upper left corner-->
+<!ENTITY dlcorn SDATA "[dlcorn]"--/llcorner O: downward left corner-->
diff --git a/docs/docbook/dbsgml/ent/ISOamsn b/docs/docbook/dbsgml/ent/ISOamsn
new file mode 100755
index 00000000000..0c8327a3267
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsn
@@ -0,0 +1,70 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsn PUBLIC
+       "ISO 8879:1986//ENTITIES
+        Added Math Symbols: Negated Relations//EN">
+     %ISOamsn;
+-->
+<!ENTITY gnap   SDATA "[gnap  ]"--/gnapprox N: greater, not approximate-->
+<!ENTITY gne    SDATA "[gne   ]"--/gneq N: greater, not equals-->
+<!ENTITY gnE    SDATA "[gnE   ]"--/gneqq N: greater, not dbl equals-->
+<!ENTITY gnsim  SDATA "[gnsim ]"--/gnsim N: greater, not similar-->
+<!ENTITY gvnE   SDATA "[gvnE  ]"--/gvertneqq N: gt, vert, not dbl eq-->
+<!ENTITY lnap   SDATA "[lnap  ]"--/lnapprox N: less, not approximate-->
+<!ENTITY lnE    SDATA "[lnE   ]"--/lneqq N: less, not double equals-->
+<!ENTITY lne    SDATA "[lne   ]"--/lneq N: less, not equals-->
+<!ENTITY lnsim  SDATA "[lnsim ]"--/lnsim N: less, not similar-->
+<!ENTITY lvnE   SDATA "[lvnE  ]"--/lvertneqq N: less, vert, not dbl eq-->
+<!ENTITY nap    SDATA "[nap   ]"--/napprox N: not approximate-->
+<!ENTITY ncong  SDATA "[ncong ]"--/ncong N: not congruent with-->
+<!ENTITY nequiv SDATA "[nequiv]"--/nequiv N: not identical with-->
+<!ENTITY ngE    SDATA "[ngE   ]"--/ngeqq N: not greater, dbl equals-->
+<!ENTITY nge    SDATA "[nge   ]"--/ngeq N: not greater-than-or-equal-->
+<!ENTITY nges   SDATA "[nges  ]"--/ngeqslant N: not gt-or-eq, slanted-->
+<!ENTITY ngt    SDATA "[ngt   ]"--/ngtr N: not greater-than-->
+<!ENTITY nle    SDATA "[nle   ]"--/nleq N: not less-than-or-equal-->
+<!ENTITY nlE    SDATA "[nlE   ]"--/nleqq N: not less, dbl equals-->
+<!ENTITY nles   SDATA "[nles  ]"--/nleqslant N: not less-or-eq, slant-->
+<!ENTITY nlt    SDATA "[nlt   ]"--/nless N: not less-than-->
+<!ENTITY nltri  SDATA "[nltri ]"--/ntriangleleft N: not left triangle-->
+<!ENTITY nltrie SDATA "[nltrie]"--/ntrianglelefteq N: not l tri, eq-->
+<!ENTITY nmid   SDATA "[nmid  ]"--/nmid-->
+<!ENTITY npar   SDATA "[npar  ]"--/nparallel N: not parallel-->
+<!ENTITY npr    SDATA "[npr   ]"--/nprec N: not precedes-->
+<!ENTITY npre   SDATA "[npre  ]"--/npreceq N: not precedes, equals-->
+<!ENTITY nrtri  SDATA "[nrtri ]"--/ntriangleright N: not rt triangle-->
+<!ENTITY nrtrie SDATA "[nrtrie]"--/ntrianglerighteq N: not r tri, eq-->
+<!ENTITY nsc    SDATA "[nsc   ]"--/nsucc N: not succeeds-->
+<!ENTITY nsce   SDATA "[nsce  ]"--/nsucceq N: not succeeds, equals-->
+<!ENTITY nsim   SDATA "[nsim  ]"--/nsim N: not similar-->
+<!ENTITY nsime  SDATA "[nsime ]"--/nsimeq N: not similar, equals-->
+<!ENTITY nsmid  SDATA "[nsmid ]"--/nshortmid-->
+<!ENTITY nspar  SDATA "[nspar ]"--/nshortparallel N: not short par-->
+<!ENTITY nsub   SDATA "[nsub  ]"--/nsubset N: not subset-->
+<!ENTITY nsube  SDATA "[nsube ]"--/nsubseteq N: not subset, equals-->
+<!ENTITY nsubE  SDATA "[nsubE ]"--/nsubseteqq N: not subset, dbl eq-->
+<!ENTITY nsup   SDATA "[nsup  ]"--/nsupset N: not superset-->
+<!ENTITY nsupE  SDATA "[nsupE ]"--/nsupseteqq N: not superset, dbl eq-->
+<!ENTITY nsupe  SDATA "[nsupe ]"--/nsupseteq N: not superset, equals-->
+<!ENTITY nvdash SDATA "[nvdash]"--/nvdash N: not vertical, dash-->
+<!ENTITY nvDash SDATA "[nvDash]"--/nvDash N: not vertical, dbl dash-->
+<!ENTITY nVDash SDATA "[nVDash]"--/nVDash N: not dbl vert, dbl dash-->
+<!ENTITY nVdash SDATA "[nVdash]"--/nVdash N: not dbl vertical, dash-->
+<!ENTITY prnap  SDATA "[prnap ]"--/precnapprox N: precedes, not approx-->
+<!ENTITY prnE   SDATA "[prnE  ]"--/precneqq N: precedes, not dbl eq-->
+<!ENTITY prnsim SDATA "[prnsim]"--/precnsim N: precedes, not similar-->
+<!ENTITY scnap  SDATA "[scnap ]"--/succnapprox N: succeeds, not approx-->
+<!ENTITY scnE   SDATA "[scnE  ]"--/succneqq N: succeeds, not dbl eq-->
+<!ENTITY scnsim SDATA "[scnsim]"--/succnsim N: succeeds, not similar-->
+<!ENTITY subne  SDATA "[subne ]"--/subsetneq N: subset, not equals-->
+<!ENTITY subnE  SDATA "[subnE ]"--/subsetneqq N: subset, not dbl eq-->
+<!ENTITY supne  SDATA "[supne ]"--/supsetneq N: superset, not equals-->
+<!ENTITY supnE  SDATA "[supnE ]"--/supsetneqq N: superset, not dbl eq-->
+<!ENTITY vsubnE SDATA "[vsubnE]"--/subsetneqq N: subset not dbl eq, var-->
+<!ENTITY vsubne SDATA "[vsubne]"--/subsetneq N: subset, not eq, var-->
+<!ENTITY vsupne SDATA "[vsupne]"--/supsetneq N: superset, not eq, var-->
+<!ENTITY vsupnE SDATA "[vsupnE]"--/supsetneqq N: super not dbl eq, var-->
diff --git a/docs/docbook/dbsgml/ent/ISOamso b/docs/docbook/dbsgml/ent/ISOamso
new file mode 100755
index 00000000000..ad9b329e54d
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamso
@@ -0,0 +1,29 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamso PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN">
+     %ISOamso;
+-->
+<!ENTITY ang    SDATA "[ang   ]"--/angle - angle-->
+<!ENTITY angmsd SDATA "[angmsd]"--/measuredangle - angle-measured-->
+<!ENTITY beth   SDATA "[beth  ]"--/beth - beth, Hebrew-->
+<!ENTITY bprime SDATA "[bprime]"--/backprime - reverse prime-->
+<!ENTITY comp   SDATA "[comp  ]"--/complement - complement sign-->
+<!ENTITY daleth SDATA "[daleth]"--/daleth - daleth, Hebrew-->
+<!ENTITY ell    SDATA "[ell   ]"--/ell - cursive small l-->
+<!ENTITY empty  SDATA "[empty ]"--/emptyset /varnothing =small o, slash-->
+<!ENTITY gimel  SDATA "[gimel ]"--/gimel - gimel, Hebrew-->
+<!ENTITY image  SDATA "[image ]"--/Im - imaginary-->
+<!ENTITY inodot SDATA "[inodot]"--/imath =small i, no dot-->
+<!ENTITY jnodot SDATA "[jnodot]"--/jmath - small j, no dot-->
+<!ENTITY nexist SDATA "[nexist]"--/nexists - negated exists-->
+<!ENTITY oS     SDATA "[oS    ]"--/circledS - capital S in circle-->
+<!ENTITY planck SDATA "[planck]"--/hbar /hslash - Planck's over 2pi-->
+<!ENTITY real   SDATA "[real  ]"--/Re - real-->
+<!ENTITY sbsol  SDATA "[sbsol ]"--/sbs - short reverse solidus-->
+<!ENTITY vprime SDATA "[vprime]"--/varprime - prime, variant-->
+<!ENTITY weierp SDATA "[weierp]"--/wp - Weierstrass p-->
diff --git a/docs/docbook/dbsgml/ent/ISOamsr b/docs/docbook/dbsgml/ent/ISOamsr
new file mode 100755
index 00000000000..3f26c345c04
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsr
@@ -0,0 +1,94 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsr PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN">
+     %ISOamsr;
+-->
+<!ENTITY ape    SDATA "[ape   ]"--/approxeq R: approximate, equals-->
+<!ENTITY asymp  SDATA "[asymp ]"--/asymp R: asymptotically equal to-->
+<!ENTITY bcong  SDATA "[bcong ]"--/backcong R: reverse congruent-->
+<!ENTITY bepsi  SDATA "[bepsi ]"--/backepsilon R: such that-->
+<!ENTITY bowtie SDATA "[bowtie]"--/bowtie R:-->
+<!ENTITY bsim   SDATA "[bsim  ]"--/backsim R: reverse similar-->
+<!ENTITY bsime  SDATA "[bsime ]"--/backsimeq R: reverse similar, eq-->
+<!ENTITY bump   SDATA "[bump  ]"--/Bumpeq R: bumpy equals-->
+<!ENTITY bumpe  SDATA "[bumpe ]"--/bumpeq R: bumpy equals, equals-->
+<!ENTITY cire   SDATA "[cire  ]"--/circeq R: circle, equals-->
+<!ENTITY colone SDATA "[colone]"--/coloneq R: colon, equals-->
+<!ENTITY cuepr  SDATA "[cuepr ]"--/curlyeqprec R: curly eq, precedes-->
+<!ENTITY cuesc  SDATA "[cuesc ]"--/curlyeqsucc R: curly eq, succeeds-->
+<!ENTITY cupre  SDATA "[cupre ]"--/curlypreceq R: curly precedes, eq-->
+<!ENTITY dashv  SDATA "[dashv ]"--/dashv R: dash, vertical-->
+<!ENTITY ecir   SDATA "[ecir  ]"--/eqcirc R: circle on equals sign-->
+<!ENTITY ecolon SDATA "[ecolon]"--/eqcolon R: equals, colon-->
+<!ENTITY eDot   SDATA "[eDot  ]"--/doteqdot /Doteq R: eq, even dots-->
+<!ENTITY esdot  SDATA "[esdot ]"--/doteq R: equals, single dot above-->
+<!ENTITY efDot  SDATA "[efDot ]"--/fallingdotseq R: eq, falling dots-->
+<!ENTITY egs    SDATA "[egs   ]"--/eqslantgtr R: equal-or-gtr, slanted-->
+<!ENTITY els    SDATA "[els   ]"--/eqslantless R: eq-or-less, slanted-->
+<!ENTITY erDot  SDATA "[erDot ]"--/risingdotseq R: eq, rising dots-->
+<!ENTITY fork   SDATA "[fork  ]"--/pitchfork R: pitchfork-->
+<!ENTITY frown  SDATA "[frown ]"--/frown R: down curve-->
+<!ENTITY gap    SDATA "[gap   ]"--/gtrapprox R: greater, approximate-->
+<!ENTITY gsdot  SDATA "[gsdot ]"--/gtrdot R: greater than, single dot-->
+<!ENTITY gE     SDATA "[gE    ]"--/geqq R: greater, double equals-->
+<!ENTITY gel    SDATA "[gel   ]"--/gtreqless R: greater, equals, less-->
+<!ENTITY gEl    SDATA "[gEl   ]"--/gtreqqless R: gt, dbl equals, less-->
+<!ENTITY ges    SDATA "[ges   ]"--/geqslant R: gt-or-equal, slanted-->
+<!ENTITY Gg     SDATA "[Gg    ]"--/ggg /Gg /gggtr R: triple gtr-than-->
+<!ENTITY gl     SDATA "[gl    ]"--/gtrless R: greater, less-->
+<!ENTITY gsim   SDATA "[gsim  ]"--/gtrsim R: greater, similar-->
+<!ENTITY Gt     SDATA "[Gt    ]"--/gg R: dbl greater-than sign-->
+<!ENTITY lap    SDATA "[lap   ]"--/lessapprox R: less, approximate-->
+<!ENTITY ldot   SDATA "[ldot  ]"--/lessdot R: less than, with dot-->
+<!ENTITY lE     SDATA "[lE    ]"--/leqq R: less, double equals-->
+<!ENTITY lEg    SDATA "[lEg   ]"--/lesseqqgtr R: less, dbl eq, greater-->
+<!ENTITY leg    SDATA "[leg   ]"--/lesseqgtr R: less, eq, greater-->
+<!ENTITY les    SDATA "[les   ]"--/leqslant R: less-than-or-eq, slant-->
+<!ENTITY lg     SDATA "[lg    ]"--/lessgtr R: less, greater-->
+<!ENTITY Ll     SDATA "[Ll    ]"--/Ll /lll /llless R: triple less-than-->
+<!ENTITY lsim   SDATA "[lsim  ]"--/lesssim R: less, similar-->
+<!ENTITY Lt     SDATA "[Lt    ]"--/ll R: double less-than sign-->
+<!ENTITY ltrie  SDATA "[ltrie ]"--/trianglelefteq R: left triangle, eq-->
+<!ENTITY mid    SDATA "[mid   ]"--/mid R:-->
+<!ENTITY models SDATA "[models]"--/models R:-->
+<!ENTITY pr     SDATA "[pr    ]"--/prec R: precedes-->
+<!ENTITY prap   SDATA "[prap  ]"--/precapprox R: precedes, approximate-->
+<!ENTITY pre    SDATA "[pre   ]"--/preceq R: precedes, equals-->
+<!ENTITY prsim  SDATA "[prsim ]"--/precsim R: precedes, similar-->
+<!ENTITY rtrie  SDATA "[rtrie ]"--/trianglerighteq R: right tri, eq-->
+<!ENTITY samalg SDATA "[samalg]"--/smallamalg R: small amalg-->
+<!ENTITY sc     SDATA "[sc    ]"--/succ R: succeeds-->
+<!ENTITY scap   SDATA "[scap  ]"--/succapprox R: succeeds, approximate-->
+<!ENTITY sccue  SDATA "[sccue ]"--/succcurlyeq R: succeeds, curly eq-->
+<!ENTITY sce    SDATA "[sce   ]"--/succeq R: succeeds, equals-->
+<!ENTITY scsim  SDATA "[scsim ]"--/succsim R: succeeds, similar-->
+<!ENTITY sfrown SDATA "[sfrown]"--/smallfrown R: small down curve-->
+<!ENTITY smid   SDATA "[smid  ]"--/shortmid R:-->
+<!ENTITY smile  SDATA "[smile ]"--/smile R: up curve-->
+<!ENTITY spar   SDATA "[spar  ]"--/shortparallel R: short parallel-->
+<!ENTITY sqsub  SDATA "[sqsub ]"--/sqsubset R: square subset-->
+<!ENTITY sqsube SDATA "[sqsube]"--/sqsubseteq R: square subset, equals-->
+<!ENTITY sqsup  SDATA "[sqsup ]"--/sqsupset R: square superset-->
+<!ENTITY sqsupe SDATA "[sqsupe]"--/sqsupseteq R: square superset, eq-->
+<!ENTITY ssmile SDATA "[ssmile]"--/smallsmile R: small up curve-->
+<!ENTITY Sub    SDATA "[Sub   ]"--/Subset R: double subset-->
+<!ENTITY subE   SDATA "[subE  ]"--/subseteqq R: subset, dbl equals-->
+<!ENTITY Sup    SDATA "[Sup   ]"--/Supset R: dbl superset-->
+<!ENTITY supE   SDATA "[supE  ]"--/supseteqq R: superset, dbl equals-->
+<!ENTITY thkap  SDATA "[thkap ]"--/thickapprox R: thick approximate-->
+<!ENTITY thksim SDATA "[thksim]"--/thicksim R: thick similar-->
+<!ENTITY trie   SDATA "[trie  ]"--/triangleq R: triangle, equals-->
+<!ENTITY twixt  SDATA "[twixt ]"--/between R: between-->
+<!ENTITY vdash  SDATA "[vdash ]"--/vdash R: vertical, dash-->
+<!ENTITY Vdash  SDATA "[Vdash ]"--/Vdash R: dbl vertical, dash-->
+<!ENTITY vDash  SDATA "[vDash ]"--/vDash R: vertical, dbl dash-->
+<!ENTITY veebar SDATA "[veebar]"--/veebar R: logical or, bar below-->
+<!ENTITY vltri  SDATA "[vltri ]"--/vartriangleleft R: l tri, open, var-->
+<!ENTITY vprop  SDATA "[vprop ]"--/varpropto R: proportional, variant-->
+<!ENTITY vrtri  SDATA "[vrtri ]"--/vartriangleright R: r tri, open, var-->
+<!ENTITY Vvdash SDATA "[Vvdash]"--/Vvdash R: triple vertical, dash-->
diff --git a/docs/docbook/dbsgml/ent/ISObox b/docs/docbook/dbsgml/ent/ISObox
new file mode 100755
index 00000000000..643e926edaa
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISObox
@@ -0,0 +1,62 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISObox PUBLIC
+       "ISO 8879:1986//ENTITIES Box and Line Drawing//EN">
+     %ISObox;
+-->
+<!-- All names are in the form: box1234, where:
+    box = constants that identify a box drawing entity.
+    1&2 = v, V, u, U, d, D, Ud, or uD, as follows:
+      v = vertical line for full height.
+      u = upper half of vertical line.
+      d = downward (lower) half of vertical line.
+    3&4 = h, H, l, L, r, R, Lr, or lR, as follows:
+      h = horizontal line for full width.
+      l = left half of horizontal line.
+      r = right half of horizontal line.
+    In all cases, an upper-case letter means a double or heavy line.
+-->
+<!ENTITY boxh   SDATA "[boxh  ]"--horizontal line -->
+<!ENTITY boxv   SDATA "[boxv  ]"--vertical line-->
+<!ENTITY boxur  SDATA "[boxur ]"--upper right quadrant-->
+<!ENTITY boxul  SDATA "[boxul ]"--upper left quadrant-->
+<!ENTITY boxdl  SDATA "[boxdl ]"--lower left quadrant-->
+<!ENTITY boxdr  SDATA "[boxdr ]"--lower right quadrant-->
+<!ENTITY boxvr  SDATA "[boxvr ]"--upper and lower right quadrants-->
+<!ENTITY boxhu  SDATA "[boxhu ]"--upper left and right quadrants-->
+<!ENTITY boxvl  SDATA "[boxvl ]"--upper and lower left quadrants-->
+<!ENTITY boxhd  SDATA "[boxhd ]"--lower left and right quadrants-->
+<!ENTITY boxvh  SDATA "[boxvh ]"--all four quadrants-->
+<!ENTITY boxvR  SDATA "[boxvR ]"--upper and lower right quadrants-->
+<!ENTITY boxhU  SDATA "[boxhU ]"--upper left and right quadrants-->
+<!ENTITY boxvL  SDATA "[boxvL ]"--upper and lower left quadrants-->
+<!ENTITY boxhD  SDATA "[boxhD ]"--lower left and right quadrants-->
+<!ENTITY boxvH  SDATA "[boxvH ]"--all four quadrants-->
+<!ENTITY boxH   SDATA "[boxH  ]"--horizontal line-->
+<!ENTITY boxV   SDATA "[boxV  ]"--vertical line-->
+<!ENTITY boxUR  SDATA "[boxUR ]"--upper right quadrant-->
+<!ENTITY boxUL  SDATA "[boxUL ]"--upper left quadrant-->
+<!ENTITY boxDL  SDATA "[boxDL ]"--lower left quadrant-->
+<!ENTITY boxDR  SDATA "[boxDR ]"--lower right quadrant-->
+<!ENTITY boxVR  SDATA "[boxVR ]"--upper and lower right quadrants-->
+<!ENTITY boxHU  SDATA "[boxHU ]"--upper left and right quadrants-->
+<!ENTITY boxVL  SDATA "[boxVL ]"--upper and lower left quadrants-->
+<!ENTITY boxHD  SDATA "[boxHD ]"--lower left and right quadrants-->
+<!ENTITY boxVH  SDATA "[boxVH ]"--all four quadrants-->
+<!ENTITY boxVr  SDATA "[boxVr ]"--upper and lower right quadrants-->
+<!ENTITY boxHu  SDATA "[boxHu ]"--upper left and right quadrants-->
+<!ENTITY boxVl  SDATA "[boxVl ]"--upper and lower left quadrants-->
+<!ENTITY boxHd  SDATA "[boxHd ]"--lower left and right quadrants-->
+<!ENTITY boxVh  SDATA "[boxVh ]"--all four quadrants-->
+<!ENTITY boxuR  SDATA "[boxuR ]"--upper right quadrant-->
+<!ENTITY boxUl  SDATA "[boxUl ]"--upper left quadrant-->
+<!ENTITY boxdL  SDATA "[boxdL ]"--lower left quadrant-->
+<!ENTITY boxDr  SDATA "[boxDr ]"--lower right quadrant-->
+<!ENTITY boxUr  SDATA "[boxUr ]"--upper right quadrant-->
+<!ENTITY boxuL  SDATA "[boxuL ]"--upper left quadrant-->
+<!ENTITY boxDl  SDATA "[boxDl ]"--lower left quadrant-->
+<!ENTITY boxdR  SDATA "[boxdR ]"--lower right quadrant-->
diff --git a/docs/docbook/dbsgml/ent/ISOcyr1 b/docs/docbook/dbsgml/ent/ISOcyr1
new file mode 100755
index 00000000000..97b961b1f0b
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOcyr1
@@ -0,0 +1,77 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOcyr1 PUBLIC
+       "ISO 8879:1986//ENTITIES Russian Cyrillic//EN">
+     %ISOcyr1;
+-->
+<!ENTITY acy    SDATA "[acy   ]"--=small a, Cyrillic-->
+<!ENTITY Acy    SDATA "[Acy   ]"--=capital A, Cyrillic-->
+<!ENTITY bcy    SDATA "[bcy   ]"--=small be, Cyrillic-->
+<!ENTITY Bcy    SDATA "[Bcy   ]"--=capital BE, Cyrillic-->
+<!ENTITY vcy    SDATA "[vcy   ]"--=small ve, Cyrillic-->
+<!ENTITY Vcy    SDATA "[Vcy   ]"--=capital VE, Cyrillic-->
+<!ENTITY gcy    SDATA "[gcy   ]"--=small ghe, Cyrillic-->
+<!ENTITY Gcy    SDATA "[Gcy   ]"--=capital GHE, Cyrillic-->
+<!ENTITY dcy    SDATA "[dcy   ]"--=small de, Cyrillic-->
+<!ENTITY Dcy    SDATA "[Dcy   ]"--=capital DE, Cyrillic-->
+<!ENTITY iecy   SDATA "[iecy  ]"--=small ie, Cyrillic-->
+<!ENTITY IEcy   SDATA "[IEcy  ]"--=capital IE, Cyrillic-->
+<!ENTITY iocy   SDATA "[iocy  ]"--=small io, Russian-->
+<!ENTITY IOcy   SDATA "[IOcy  ]"--=capital IO, Russian-->
+<!ENTITY zhcy   SDATA "[zhcy  ]"--=small zhe, Cyrillic-->
+<!ENTITY ZHcy   SDATA "[ZHcy  ]"--=capital ZHE, Cyrillic-->
+<!ENTITY zcy    SDATA "[zcy   ]"--=small ze, Cyrillic-->
+<!ENTITY Zcy    SDATA "[Zcy   ]"--=capital ZE, Cyrillic-->
+<!ENTITY icy    SDATA "[icy   ]"--=small i, Cyrillic-->
+<!ENTITY Icy    SDATA "[Icy   ]"--=capital I, Cyrillic-->
+<!ENTITY jcy    SDATA "[jcy   ]"--=small short i, Cyrillic-->
+<!ENTITY Jcy    SDATA "[Jcy   ]"--=capital short I, Cyrillic-->
+<!ENTITY kcy    SDATA "[kcy   ]"--=small ka, Cyrillic-->
+<!ENTITY Kcy    SDATA "[Kcy   ]"--=capital KA, Cyrillic-->
+<!ENTITY lcy    SDATA "[lcy   ]"--=small el, Cyrillic-->
+<!ENTITY Lcy    SDATA "[Lcy   ]"--=capital EL, Cyrillic-->
+<!ENTITY mcy    SDATA "[mcy   ]"--=small em, Cyrillic-->
+<!ENTITY Mcy    SDATA "[Mcy   ]"--=capital EM, Cyrillic-->
+<!ENTITY ncy    SDATA "[ncy   ]"--=small en, Cyrillic-->
+<!ENTITY Ncy    SDATA "[Ncy   ]"--=capital EN, Cyrillic-->
+<!ENTITY ocy    SDATA "[ocy   ]"--=small o, Cyrillic-->
+<!ENTITY Ocy    SDATA "[Ocy   ]"--=capital O, Cyrillic-->
+<!ENTITY pcy    SDATA "[pcy   ]"--=small pe, Cyrillic-->
+<!ENTITY Pcy    SDATA "[Pcy   ]"--=capital PE, Cyrillic-->
+<!ENTITY rcy    SDATA "[rcy   ]"--=small er, Cyrillic-->
+<!ENTITY Rcy    SDATA "[Rcy   ]"--=capital ER, Cyrillic-->
+<!ENTITY scy    SDATA "[scy   ]"--=small es, Cyrillic-->
+<!ENTITY Scy    SDATA "[Scy   ]"--=capital ES, Cyrillic-->
+<!ENTITY tcy    SDATA "[tcy   ]"--=small te, Cyrillic-->
+<!ENTITY Tcy    SDATA "[Tcy   ]"--=capital TE, Cyrillic-->
+<!ENTITY ucy    SDATA "[ucy   ]"--=small u, Cyrillic-->
+<!ENTITY Ucy    SDATA "[Ucy   ]"--=capital U, Cyrillic-->
+<!ENTITY fcy    SDATA "[fcy   ]"--=small ef, Cyrillic-->
+<!ENTITY Fcy    SDATA "[Fcy   ]"--=capital EF, Cyrillic-->
+<!ENTITY khcy   SDATA "[khcy  ]"--=small ha, Cyrillic-->
+<!ENTITY KHcy   SDATA "[KHcy  ]"--=capital HA, Cyrillic-->
+<!ENTITY tscy   SDATA "[tscy  ]"--=small tse, Cyrillic-->
+<!ENTITY TScy   SDATA "[TScy  ]"--=capital TSE, Cyrillic-->
+<!ENTITY chcy   SDATA "[chcy  ]"--=small che, Cyrillic-->
+<!ENTITY CHcy   SDATA "[CHcy  ]"--=capital CHE, Cyrillic-->
+<!ENTITY shcy   SDATA "[shcy  ]"--=small sha, Cyrillic-->
+<!ENTITY SHcy   SDATA "[SHcy  ]"--=capital SHA, Cyrillic-->
+<!ENTITY shchcy SDATA "[shchcy]"--=small shcha, Cyrillic-->
+<!ENTITY SHCHcy SDATA "[SHCHcy]"--=capital SHCHA, Cyrillic-->
+<!ENTITY hardcy SDATA "[hardcy]"--=small hard sign, Cyrillic-->
+<!ENTITY HARDcy SDATA "[HARDcy]"--=capital HARD sign, Cyrillic-->
+<!ENTITY ycy    SDATA "[ycy   ]"--=small yeru, Cyrillic-->
+<!ENTITY Ycy    SDATA "[Ycy   ]"--=capital YERU, Cyrillic-->
+<!ENTITY softcy SDATA "[softcy]"--=small soft sign, Cyrillic-->
+<!ENTITY SOFTcy SDATA "[SOFTcy]"--=capital SOFT sign, Cyrillic-->
+<!ENTITY ecy    SDATA "[ecy   ]"--=small e, Cyrillic-->
+<!ENTITY Ecy    SDATA "[Ecy   ]"--=capital E, Cyrillic-->
+<!ENTITY yucy   SDATA "[yucy  ]"--=small yu, Cyrillic-->
+<!ENTITY YUcy   SDATA "[YUcy  ]"--=capital YU, Cyrillic-->
+<!ENTITY yacy   SDATA "[yacy  ]"--=small ya, Cyrillic-->
+<!ENTITY YAcy   SDATA "[YAcy  ]"--=capital YA, Cyrillic-->
+<!ENTITY numero SDATA "[numero]"--=numero sign-->
diff --git a/docs/docbook/dbsgml/ent/ISOcyr2 b/docs/docbook/dbsgml/ent/ISOcyr2
new file mode 100755
index 00000000000..480b01c1df4
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOcyr2
@@ -0,0 +1,36 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOcyr2 PUBLIC
+       "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN">
+     %ISOcyr2;
+-->
+<!ENTITY djcy   SDATA "[djcy  ]"--=small dje, Serbian-->
+<!ENTITY DJcy   SDATA "[DJcy  ]"--=capital DJE, Serbian-->
+<!ENTITY gjcy   SDATA "[gjcy  ]"--=small gje, Macedonian-->
+<!ENTITY GJcy   SDATA "[GJcy  ]"--=capital GJE Macedonian-->
+<!ENTITY jukcy  SDATA "[jukcy ]"--=small je, Ukrainian-->
+<!ENTITY Jukcy  SDATA "[Jukcy ]"--=capital JE, Ukrainian-->
+<!ENTITY dscy   SDATA "[dscy  ]"--=small dse, Macedonian-->
+<!ENTITY DScy   SDATA "[DScy  ]"--=capital DSE, Macedonian-->
+<!ENTITY iukcy  SDATA "[iukcy ]"--=small i, Ukrainian-->
+<!ENTITY Iukcy  SDATA "[Iukcy ]"--=capital I, Ukrainian-->
+<!ENTITY yicy   SDATA "[yicy  ]"--=small yi, Ukrainian-->
+<!ENTITY YIcy   SDATA "[YIcy  ]"--=capital YI, Ukrainian-->
+<!ENTITY jsercy SDATA "[jsercy]"--=small je, Serbian-->
+<!ENTITY Jsercy SDATA "[Jsercy]"--=capital JE, Serbian-->
+<!ENTITY ljcy   SDATA "[ljcy  ]"--=small lje, Serbian-->
+<!ENTITY LJcy   SDATA "[LJcy  ]"--=capital LJE, Serbian-->
+<!ENTITY njcy   SDATA "[njcy  ]"--=small nje, Serbian-->
+<!ENTITY NJcy   SDATA "[NJcy  ]"--=capital NJE, Serbian-->
+<!ENTITY tshcy  SDATA "[tshcy ]"--=small tshe, Serbian-->
+<!ENTITY TSHcy  SDATA "[TSHcy ]"--=capital TSHE, Serbian-->
+<!ENTITY kjcy   SDATA "[kjcy  ]"--=small kje Macedonian-->
+<!ENTITY KJcy   SDATA "[KJcy  ]"--=capital KJE, Macedonian-->
+<!ENTITY ubrcy  SDATA "[ubrcy ]"--=small u, Byelorussian-->
+<!ENTITY Ubrcy  SDATA "[Ubrcy ]"--=capital U, Byelorussian-->
+<!ENTITY dzcy   SDATA "[dzcy  ]"--=small dze, Serbian-->
+<!ENTITY DZcy   SDATA "[DZcy  ]"--=capital dze, Serbian-->
diff --git a/docs/docbook/dbsgml/ent/ISOdia b/docs/docbook/dbsgml/ent/ISOdia
new file mode 100755
index 00000000000..3b6f98d6baa
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOdia
@@ -0,0 +1,24 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOdia PUBLIC
+       "ISO 8879:1986//ENTITIES Diacritical Marks//EN">
+     %ISOdia;
+-->
+<!ENTITY acute  SDATA "[acute ]"--=acute accent-->
+<!ENTITY breve  SDATA "[breve ]"--=breve-->
+<!ENTITY caron  SDATA "[caron ]"--=caron-->
+<!ENTITY cedil  SDATA "[cedil ]"--=cedilla-->
+<!ENTITY circ   SDATA "[circ  ]"--=circumflex accent-->
+<!ENTITY dblac  SDATA "[dblac ]"--=double acute accent-->
+<!ENTITY die    SDATA "[die   ]"--=dieresis-->
+<!ENTITY dot    SDATA "[dot   ]"--=dot above-->
+<!ENTITY grave  SDATA "[grave ]"--=grave accent-->
+<!ENTITY macr   SDATA "[macr  ]"--=macron-->
+<!ENTITY ogon   SDATA "[ogon  ]"--=ogonek-->
+<!ENTITY ring   SDATA "[ring  ]"--=ring-->
+<!ENTITY tilde  SDATA "[tilde ]"--=tilde-->
+<!ENTITY uml    SDATA "[uml   ]"--=umlaut mark-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk1 b/docs/docbook/dbsgml/ent/ISOgrk1
new file mode 100755
index 00000000000..dea16bf8ef9
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk1
@@ -0,0 +1,59 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk1 PUBLIC
+       "ISO 8879:1986//ENTITIES Greek Letters//EN">
+     %ISOgrk1;
+-->
+<!ENTITY agr    SDATA "[agr   ]"--=small alpha, Greek-->
+<!ENTITY Agr    SDATA "[Agr   ]"--=capital Alpha, Greek-->
+<!ENTITY bgr    SDATA "[bgr   ]"--=small beta, Greek-->
+<!ENTITY Bgr    SDATA "[Bgr   ]"--=capital Beta, Greek-->
+<!ENTITY ggr    SDATA "[ggr   ]"--=small gamma, Greek-->
+<!ENTITY Ggr    SDATA "[Ggr   ]"--=capital Gamma, Greek-->
+<!ENTITY dgr    SDATA "[dgr   ]"--=small delta, Greek-->
+<!ENTITY Dgr    SDATA "[Dgr   ]"--=capital Delta, Greek-->
+<!ENTITY egr    SDATA "[egr   ]"--=small epsilon, Greek-->
+<!ENTITY Egr    SDATA "[Egr   ]"--=capital Epsilon, Greek-->
+<!ENTITY zgr    SDATA "[zgr   ]"--=small zeta, Greek-->
+<!ENTITY Zgr    SDATA "[Zgr   ]"--=capital Zeta, Greek-->
+<!ENTITY eegr   SDATA "[eegr  ]"--=small eta, Greek-->
+<!ENTITY EEgr   SDATA "[EEgr  ]"--=capital Eta, Greek-->
+<!ENTITY thgr   SDATA "[thgr  ]"--=small theta, Greek-->
+<!ENTITY THgr   SDATA "[THgr  ]"--=capital Theta, Greek-->
+<!ENTITY igr    SDATA "[igr   ]"--=small iota, Greek-->
+<!ENTITY Igr    SDATA "[Igr   ]"--=capital Iota, Greek-->
+<!ENTITY kgr    SDATA "[kgr   ]"--=small kappa, Greek-->
+<!ENTITY Kgr    SDATA "[Kgr   ]"--=capital Kappa, Greek-->
+<!ENTITY lgr    SDATA "[lgr   ]"--=small lambda, Greek-->
+<!ENTITY Lgr    SDATA "[Lgr   ]"--=capital Lambda, Greek-->
+<!ENTITY mgr    SDATA "[mgr   ]"--=small mu, Greek-->
+<!ENTITY Mgr    SDATA "[Mgr   ]"--=capital Mu, Greek-->
+<!ENTITY ngr    SDATA "[ngr   ]"--=small nu, Greek-->
+<!ENTITY Ngr    SDATA "[Ngr   ]"--=capital Nu, Greek-->
+<!ENTITY xgr    SDATA "[xgr   ]"--=small xi, Greek-->
+<!ENTITY Xgr    SDATA "[Xgr   ]"--=capital Xi, Greek-->
+<!ENTITY ogr    SDATA "[ogr   ]"--=small omicron, Greek-->
+<!ENTITY Ogr    SDATA "[Ogr   ]"--=capital Omicron, Greek-->
+<!ENTITY pgr    SDATA "[pgr   ]"--=small pi, Greek-->
+<!ENTITY Pgr    SDATA "[Pgr   ]"--=capital Pi, Greek-->
+<!ENTITY rgr    SDATA "[rgr   ]"--=small rho, Greek-->
+<!ENTITY Rgr    SDATA "[Rgr   ]"--=capital Rho, Greek-->
+<!ENTITY sgr    SDATA "[sgr   ]"--=small sigma, Greek-->
+<!ENTITY Sgr    SDATA "[Sgr   ]"--=capital Sigma, Greek-->
+<!ENTITY sfgr   SDATA "[sfgr  ]"--=final small sigma, Greek-->
+<!ENTITY tgr    SDATA "[tgr   ]"--=small tau, Greek-->
+<!ENTITY Tgr    SDATA "[Tgr   ]"--=capital Tau, Greek-->
+<!ENTITY ugr    SDATA "[ugr   ]"--=small upsilon, Greek-->
+<!ENTITY Ugr    SDATA "[Ugr   ]"--=capital Upsilon, Greek-->
+<!ENTITY phgr   SDATA "[phgr  ]"--=small phi, Greek-->
+<!ENTITY PHgr   SDATA "[PHgr  ]"--=capital Phi, Greek-->
+<!ENTITY khgr   SDATA "[khgr  ]"--=small chi, Greek-->
+<!ENTITY KHgr   SDATA "[KHgr  ]"--=capital Chi, Greek-->
+<!ENTITY psgr   SDATA "[psgr  ]"--=small psi, Greek-->
+<!ENTITY PSgr   SDATA "[PSgr  ]"--=capital Psi, Greek-->
+<!ENTITY ohgr   SDATA "[ohgr  ]"--=small omega, Greek-->
+<!ENTITY OHgr   SDATA "[OHgr  ]"--=capital Omega, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk2 b/docs/docbook/dbsgml/ent/ISOgrk2
new file mode 100755
index 00000000000..657bb99935e
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk2
@@ -0,0 +1,30 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk2 PUBLIC
+       "ISO 8879:1986//ENTITIES Monotoniko Greek//EN">
+     %ISOgrk2;
+-->
+<!ENTITY aacgr  SDATA "[aacgr ]"--=small alpha, accent, Greek-->
+<!ENTITY Aacgr  SDATA "[Aacgr ]"--=capital Alpha, accent, Greek-->
+<!ENTITY eacgr  SDATA "[eacgr ]"--=small epsilon, accent, Greek-->
+<!ENTITY Eacgr  SDATA "[Eacgr ]"--=capital Epsilon, accent, Greek-->
+<!ENTITY eeacgr SDATA "[eeacgr]"--=small eta, accent, Greek-->
+<!ENTITY EEacgr SDATA "[EEacgr]"--=capital Eta, accent, Greek-->
+<!ENTITY idigr  SDATA "[idigr ]"--=small iota, dieresis, Greek-->
+<!ENTITY Idigr  SDATA "[Idigr ]"--=capital Iota, dieresis, Greek-->
+<!ENTITY iacgr  SDATA "[iacgr ]"--=small iota, accent, Greek-->
+<!ENTITY Iacgr  SDATA "[Iacgr ]"--=capital Iota, accent, Greek-->
+<!ENTITY idiagr SDATA "[idiagr]"--=small iota, dieresis, accent, Greek-->
+<!ENTITY oacgr  SDATA "[oacgr ]"--=small omicron, accent, Greek-->
+<!ENTITY Oacgr  SDATA "[Oacgr ]"--=capital Omicron, accent, Greek-->
+<!ENTITY udigr  SDATA "[udigr ]"--=small upsilon, dieresis, Greek-->
+<!ENTITY Udigr  SDATA "[Udigr ]"--=capital Upsilon, dieresis, Greek-->
+<!ENTITY uacgr  SDATA "[uacgr ]"--=small upsilon, accent, Greek-->
+<!ENTITY Uacgr  SDATA "[Uacgr ]"--=capital Upsilon, accent, Greek-->
+<!ENTITY udiagr SDATA "[udiagr]"--=small upsilon, dieresis, accent, Greek-->
+<!ENTITY ohacgr SDATA "[ohacgr]"--=small omega, accent, Greek-->
+<!ENTITY OHacgr SDATA "[OHacgr]"--=capital Omega, accent, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk3 b/docs/docbook/dbsgml/ent/ISOgrk3
new file mode 100755
index 00000000000..f76c3a084f3
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk3
@@ -0,0 +1,53 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk3 PUBLIC
+       "ISO 8879:1986//ENTITIES Greek Symbols//EN">
+     %ISOgrk3;
+-->
+<!ENTITY alpha    SDATA "[alpha ]"--=small alpha, Greek-->
+<!ENTITY beta     SDATA "[beta  ]"--=small beta, Greek-->
+<!ENTITY gamma    SDATA "[gamma ]"--=small gamma, Greek-->
+<!ENTITY Gamma    SDATA "[Gamma ]"--=capital Gamma, Greek-->
+<!ENTITY gammad   SDATA "[gammad]"--/digamma-->
+<!ENTITY delta    SDATA "[delta ]"--=small delta, Greek-->
+<!ENTITY Delta    SDATA "[Delta ]"--=capital Delta, Greek-->
+<!ENTITY epsi     SDATA "[epsi  ]"--=small epsilon, Greek-->
+<!ENTITY epsiv    SDATA "[epsiv ]"--/varepsilon-->
+<!ENTITY epsis    SDATA "[epsis ]"--/straightepsilon-->
+<!ENTITY zeta     SDATA "[zeta  ]"--=small zeta, Greek-->
+<!ENTITY eta      SDATA "[eta   ]"--=small eta, Greek-->
+<!ENTITY thetas   SDATA "[thetas]"--straight theta-->
+<!ENTITY Theta    SDATA "[Theta ]"--=capital Theta, Greek-->
+<!ENTITY thetav   SDATA "[thetav]"--/vartheta - curly or open theta-->
+<!ENTITY iota     SDATA "[iota  ]"--=small iota, Greek-->
+<!ENTITY kappa    SDATA "[kappa ]"--=small kappa, Greek-->
+<!ENTITY kappav   SDATA "[kappav]"--/varkappa-->
+<!ENTITY lambda   SDATA "[lambda]"--=small lambda, Greek-->
+<!ENTITY Lambda   SDATA "[Lambda]"--=capital Lambda, Greek-->
+<!ENTITY mu       SDATA "[mu    ]"--=small mu, Greek-->
+<!ENTITY nu       SDATA "[nu    ]"--=small nu, Greek-->
+<!ENTITY xi       SDATA "[xi    ]"--=small xi, Greek-->
+<!ENTITY Xi       SDATA "[Xi    ]"--=capital Xi, Greek-->
+<!ENTITY pi       SDATA "[pi    ]"--=small pi, Greek-->
+<!ENTITY piv      SDATA "[piv   ]"--/varpi-->
+<!ENTITY Pi       SDATA "[Pi    ]"--=capital Pi, Greek-->
+<!ENTITY rho      SDATA "[rho   ]"--=small rho, Greek-->
+<!ENTITY rhov     SDATA "[rhov  ]"--/varrho-->
+<!ENTITY sigma    SDATA "[sigma ]"--=small sigma, Greek-->
+<!ENTITY Sigma    SDATA "[Sigma ]"--=capital Sigma, Greek-->
+<!ENTITY sigmav   SDATA "[sigmav]"--/varsigma-->
+<!ENTITY tau      SDATA "[tau   ]"--=small tau, Greek-->
+<!ENTITY upsi     SDATA "[upsi  ]"--=small upsilon, Greek-->
+<!ENTITY Upsi     SDATA "[Upsi  ]"--=capital Upsilon, Greek-->
+<!ENTITY phis     SDATA "[phis  ]"--/straightphi - straight phi-->
+<!ENTITY Phi      SDATA "[Phi   ]"--=capital Phi, Greek-->
+<!ENTITY phiv     SDATA "[phiv  ]"--/varphi - curly or open phi-->
+<!ENTITY chi      SDATA "[chi   ]"--=small chi, Greek-->
+<!ENTITY psi      SDATA "[psi   ]"--=small psi, Greek-->
+<!ENTITY Psi      SDATA "[Psi   ]"--=capital Psi, Greek-->
+<!ENTITY omega    SDATA "[omega ]"--=small omega, Greek-->
+<!ENTITY Omega    SDATA "[Omega ]"--=capital Omega, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk4 b/docs/docbook/dbsgml/ent/ISOgrk4
new file mode 100755
index 00000000000..e4427a0cb54
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk4
@@ -0,0 +1,53 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk4 PUBLIC
+       "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN">
+     %ISOgrk4;
+-->
+<!ENTITY b.alpha  SDATA "[b.alpha ]"--=small alpha, Greek-->
+<!ENTITY b.beta   SDATA "[b.beta  ]"--=small beta, Greek-->
+<!ENTITY b.gamma  SDATA "[b.gamma ]"--=small gamma, Greek-->
+<!ENTITY b.Gamma  SDATA "[b.Gamma ]"--=capital Gamma, Greek-->
+<!ENTITY b.gammad SDATA "[b.gammad]"--/digamma-->
+<!ENTITY b.delta  SDATA "[b.delta ]"--=small delta, Greek-->
+<!ENTITY b.Delta  SDATA "[b.Delta ]"--=capital Delta, Greek-->
+<!ENTITY b.epsi   SDATA "[b.epsi  ]"--=small epsilon, Greek-->
+<!ENTITY b.epsiv  SDATA "[b.epsiv ]"--/varepsilon-->
+<!ENTITY b.epsis  SDATA "[b.epsis ]"--/straightepsilon-->
+<!ENTITY b.zeta   SDATA "[b.zeta  ]"--=small zeta, Greek-->
+<!ENTITY b.eta    SDATA "[b.eta   ]"--=small eta, Greek-->
+<!ENTITY b.thetas SDATA "[b.thetas]"--straight theta-->
+<!ENTITY b.Theta  SDATA "[b.Theta ]"--=capital Theta, Greek-->
+<!ENTITY b.thetav SDATA "[b.thetav]"--/vartheta - curly or open theta-->
+<!ENTITY b.iota   SDATA "[b.iota  ]"--=small iota, Greek-->
+<!ENTITY b.kappa  SDATA "[b.kappa ]"--=small kappa, Greek-->
+<!ENTITY b.kappav SDATA "[b.kappav]"--/varkappa-->
+<!ENTITY b.lambda SDATA "[b.lambda]"--=small lambda, Greek-->
+<!ENTITY b.Lambda SDATA "[b.Lambda]"--=capital Lambda, Greek-->
+<!ENTITY b.mu     SDATA "[b.mu    ]"--=small mu, Greek-->
+<!ENTITY b.nu     SDATA "[b.nu    ]"--=small nu, Greek-->
+<!ENTITY b.xi     SDATA "[b.xi    ]"--=small xi, Greek-->
+<!ENTITY b.Xi     SDATA "[b.Xi    ]"--=capital Xi, Greek-->
+<!ENTITY b.pi     SDATA "[b.pi    ]"--=small pi, Greek-->
+<!ENTITY b.Pi     SDATA "[b.Pi    ]"--=capital Pi, Greek-->
+<!ENTITY b.piv    SDATA "[b.piv   ]"--/varpi-->
+<!ENTITY b.rho    SDATA "[b.rho   ]"--=small rho, Greek-->
+<!ENTITY b.rhov   SDATA "[b.rhov  ]"--/varrho-->
+<!ENTITY b.sigma  SDATA "[b.sigma ]"--=small sigma, Greek-->
+<!ENTITY b.Sigma  SDATA "[b.Sigma ]"--=capital Sigma, Greek-->
+<!ENTITY b.sigmav SDATA "[b.sigmav]"--/varsigma-->
+<!ENTITY b.tau    SDATA "[b.tau   ]"--=small tau, Greek-->
+<!ENTITY b.upsi   SDATA "[b.upsi  ]"--=small upsilon, Greek-->
+<!ENTITY b.Upsi   SDATA "[b.Upsi  ]"--=capital Upsilon, Greek-->
+<!ENTITY b.phis   SDATA "[b.phis  ]"--/straightphi - straight phi-->
+<!ENTITY b.Phi    SDATA "[b.Phi   ]"--=capital Phi, Greek-->
+<!ENTITY b.phiv   SDATA "[b.phiv  ]"--/varphi - curly or open phi-->
+<!ENTITY b.chi    SDATA "[b.chi   ]"--=small chi, Greek-->
+<!ENTITY b.psi    SDATA "[b.psi   ]"--=small psi, Greek-->
+<!ENTITY b.Psi    SDATA "[b.Psi   ]"--=capital Psi, Greek-->
+<!ENTITY b.omega  SDATA "[b.omega ]"--=small omega, Greek-->
+<!ENTITY b.Omega  SDATA "[b.Omega ]"--=capital Omega, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOlat1 b/docs/docbook/dbsgml/ent/ISOlat1
new file mode 100755
index 00000000000..0d7d0a7d937
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOlat1
@@ -0,0 +1,72 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOlat1 PUBLIC
+       "ISO 8879:1986//ENTITIES Added Latin 1//EN">
+     %ISOlat1;
+-->
+<!ENTITY aacute SDATA "[aacute]"--=small a, acute accent-->
+<!ENTITY Aacute SDATA "[Aacute]"--=capital A, acute accent-->
+<!ENTITY acirc  SDATA "[acirc ]"--=small a, circumflex accent-->
+<!ENTITY Acirc  SDATA "[Acirc ]"--=capital A, circumflex accent-->
+<!ENTITY agrave SDATA "[agrave]"--=small a, grave accent-->
+<!ENTITY Agrave SDATA "[Agrave]"--=capital A, grave accent-->
+<!ENTITY aring  SDATA "[aring ]"--=small a, ring-->
+<!ENTITY Aring  SDATA "[Aring ]"--=capital A, ring-->
+<!ENTITY atilde SDATA "[atilde]"--=small a, tilde-->
+<!ENTITY Atilde SDATA "[Atilde]"--=capital A, tilde-->
+<!ENTITY auml   SDATA "[auml  ]"--=small a, dieresis or umlaut mark-->
+<!ENTITY Auml   SDATA "[Auml  ]"--=capital A, dieresis or umlaut mark-->
+<!ENTITY aelig  SDATA "[aelig ]"--=small ae diphthong (ligature)-->
+<!ENTITY AElig  SDATA "[AElig ]"--=capital AE diphthong (ligature)-->
+<!ENTITY ccedil SDATA "[ccedil]"--=small c, cedilla-->
+<!ENTITY Ccedil SDATA "[Ccedil]"--=capital C, cedilla-->
+<!ENTITY eth    SDATA "[eth   ]"--=small eth, Icelandic-->
+<!ENTITY ETH    SDATA "[ETH   ]"--=capital Eth, Icelandic-->
+<!ENTITY eacute SDATA "[eacute]"--=small e, acute accent-->
+<!ENTITY Eacute SDATA "[Eacute]"--=capital E, acute accent-->
+<!ENTITY ecirc  SDATA "[ecirc ]"--=small e, circumflex accent-->
+<!ENTITY Ecirc  SDATA "[Ecirc ]"--=capital E, circumflex accent-->
+<!ENTITY egrave SDATA "[egrave]"--=small e, grave accent-->
+<!ENTITY Egrave SDATA "[Egrave]"--=capital E, grave accent-->
+<!ENTITY euml   SDATA "[euml  ]"--=small e, dieresis or umlaut mark-->
+<!ENTITY Euml   SDATA "[Euml  ]"--=capital E, dieresis or umlaut mark-->
+<!ENTITY iacute SDATA "[iacute]"--=small i, acute accent-->
+<!ENTITY Iacute SDATA "[Iacute]"--=capital I, acute accent-->
+<!ENTITY icirc  SDATA "[icirc ]"--=small i, circumflex accent-->
+<!ENTITY Icirc  SDATA "[Icirc ]"--=capital I, circumflex accent-->
+<!ENTITY igrave SDATA "[igrave]"--=small i, grave accent-->
+<!ENTITY Igrave SDATA "[Igrave]"--=capital I, grave accent-->
+<!ENTITY iuml   SDATA "[iuml  ]"--=small i, dieresis or umlaut mark-->
+<!ENTITY Iuml   SDATA "[Iuml  ]"--=capital I, dieresis or umlaut mark-->
+<!ENTITY ntilde SDATA "[ntilde]"--=small n, tilde-->
+<!ENTITY Ntilde SDATA "[Ntilde]"--=capital N, tilde-->
+<!ENTITY oacute SDATA "[oacute]"--=small o, acute accent-->
+<!ENTITY Oacute SDATA "[Oacute]"--=capital O, acute accent-->
+<!ENTITY ocirc  SDATA "[ocirc ]"--=small o, circumflex accent-->
+<!ENTITY Ocirc  SDATA "[Ocirc ]"--=capital O, circumflex accent-->
+<!ENTITY ograve SDATA "[ograve]"--=small o, grave accent-->
+<!ENTITY Ograve SDATA "[Ograve]"--=capital O, grave accent-->
+<!ENTITY oslash SDATA "[oslash]"--=small o, slash-->
+<!ENTITY Oslash SDATA "[Oslash]"--=capital O, slash-->
+<!ENTITY otilde SDATA "[otilde]"--=small o, tilde-->
+<!ENTITY Otilde SDATA "[Otilde]"--=capital O, tilde-->
+<!ENTITY ouml   SDATA "[ouml  ]"--=small o, dieresis or umlaut mark-->
+<!ENTITY Ouml   SDATA "[Ouml  ]"--=capital O, dieresis or umlaut mark-->
+<!ENTITY szlig  SDATA "[szlig ]"--=small sharp s, German (sz ligature)-->
+<!ENTITY thorn  SDATA "[thorn ]"--=small thorn, Icelandic-->
+<!ENTITY THORN  SDATA "[THORN ]"--=capital THORN, Icelandic-->
+<!ENTITY uacute SDATA "[uacute]"--=small u, acute accent-->
+<!ENTITY Uacute SDATA "[Uacute]"--=capital U, acute accent-->
+<!ENTITY ucirc  SDATA "[ucirc ]"--=small u, circumflex accent-->
+<!ENTITY Ucirc  SDATA "[Ucirc ]"--=capital U, circumflex accent-->
+<!ENTITY ugrave SDATA "[ugrave]"--=small u, grave accent-->
+<!ENTITY Ugrave SDATA "[Ugrave]"--=capital U, grave accent-->
+<!ENTITY uuml   SDATA "[uuml  ]"--=small u, dieresis or umlaut mark-->
+<!ENTITY Uuml   SDATA "[Uuml  ]"--=capital U, dieresis or umlaut mark-->
+<!ENTITY yacute SDATA "[yacute]"--=small y, acute accent-->
+<!ENTITY Yacute SDATA "[Yacute]"--=capital Y, acute accent-->
+<!ENTITY yuml   SDATA "[yuml  ]"--=small y, dieresis or umlaut mark-->
diff --git a/docs/docbook/dbsgml/ent/ISOlat2 b/docs/docbook/dbsgml/ent/ISOlat2
new file mode 100755
index 00000000000..4bcb3378328
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOlat2
@@ -0,0 +1,131 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOlat2 PUBLIC
+       "ISO 8879:1986//ENTITIES Added Latin 2//EN">
+     %ISOlat2;
+-->
+<!ENTITY abreve SDATA "[abreve]"--=small a, breve-->
+<!ENTITY Abreve SDATA "[Abreve]"--=capital A, breve-->
+<!ENTITY amacr  SDATA "[amacr ]"--=small a, macron-->
+<!ENTITY Amacr  SDATA "[Amacr ]"--=capital A, macron-->
+<!ENTITY aogon  SDATA "[aogon ]"--=small a, ogonek-->
+<!ENTITY Aogon  SDATA "[Aogon ]"--=capital A, ogonek-->
+<!ENTITY cacute SDATA "[cacute]"--=small c, acute accent-->
+<!ENTITY Cacute SDATA "[Cacute]"--=capital C, acute accent-->
+<!ENTITY ccaron SDATA "[ccaron]"--=small c, caron-->
+<!ENTITY Ccaron SDATA "[Ccaron]"--=capital C, caron-->
+<!ENTITY ccirc  SDATA "[ccirc ]"--=small c, circumflex accent-->
+<!ENTITY Ccirc  SDATA "[Ccirc ]"--=capital C, circumflex accent-->
+<!ENTITY cdot   SDATA "[cdot  ]"--=small c, dot above-->
+<!ENTITY Cdot   SDATA "[Cdot  ]"--=capital C, dot above-->
+<!ENTITY dcaron SDATA "[dcaron]"--=small d, caron-->
+<!ENTITY Dcaron SDATA "[Dcaron]"--=capital D, caron-->
+<!ENTITY dstrok SDATA "[dstrok]"--=small d, stroke-->
+<!ENTITY Dstrok SDATA "[Dstrok]"--=capital D, stroke-->
+<!ENTITY ecaron SDATA "[ecaron]"--=small e, caron-->
+<!ENTITY Ecaron SDATA "[Ecaron]"--=capital E, caron-->
+<!ENTITY edot   SDATA "[edot  ]"--=small e, dot above-->
+<!ENTITY Edot   SDATA "[Edot  ]"--=capital E, dot above-->
+<!ENTITY emacr  SDATA "[emacr ]"--=small e, macron-->
+<!ENTITY Emacr  SDATA "[Emacr ]"--=capital E, macron-->
+<!ENTITY eogon  SDATA "[eogon ]"--=small e, ogonek-->
+<!ENTITY Eogon  SDATA "[Eogon ]"--=capital E, ogonek-->
+<!ENTITY gacute SDATA "[gacute]"--=small g, acute accent-->
+<!ENTITY gbreve SDATA "[gbreve]"--=small g, breve-->
+<!ENTITY Gbreve SDATA "[Gbreve]"--=capital G, breve-->
+<!ENTITY Gcedil SDATA "[Gcedil]"--=capital G, cedilla-->
+<!ENTITY gcirc  SDATA "[gcirc ]"--=small g, circumflex accent-->
+<!ENTITY Gcirc  SDATA "[Gcirc ]"--=capital G, circumflex accent-->
+<!ENTITY gdot   SDATA "[gdot  ]"--=small g, dot above-->
+<!ENTITY Gdot   SDATA "[Gdot  ]"--=capital G, dot above-->
+<!ENTITY hcirc  SDATA "[hcirc ]"--=small h, circumflex accent-->
+<!ENTITY Hcirc  SDATA "[Hcirc ]"--=capital H, circumflex accent-->
+<!ENTITY hstrok SDATA "[hstrok]"--=small h, stroke-->
+<!ENTITY Hstrok SDATA "[Hstrok]"--=capital H, stroke-->
+<!ENTITY Idot   SDATA "[Idot  ]"--=capital I, dot above-->
+<!ENTITY Imacr  SDATA "[Imacr ]"--=capital I, macron-->
+<!ENTITY imacr  SDATA "[imacr ]"--=small i, macron-->
+<!ENTITY ijlig  SDATA "[ijlig ]"--=small ij ligature-->
+<!ENTITY IJlig  SDATA "[IJlig ]"--=capital IJ ligature-->
+<!ENTITY inodot SDATA "[inodot]"--=small i without dot-->
+<!ENTITY iogon  SDATA "[iogon ]"--=small i, ogonek-->
+<!ENTITY Iogon  SDATA "[Iogon ]"--=capital I, ogonek-->
+<!ENTITY itilde SDATA "[itilde]"--=small i, tilde-->
+<!ENTITY Itilde SDATA "[Itilde]"--=capital I, tilde-->
+<!ENTITY jcirc  SDATA "[jcirc ]"--=small j, circumflex accent-->
+<!ENTITY Jcirc  SDATA "[Jcirc ]"--=capital J, circumflex accent-->
+<!ENTITY kcedil SDATA "[kcedil]"--=small k, cedilla-->
+<!ENTITY Kcedil SDATA "[Kcedil]"--=capital K, cedilla-->
+<!ENTITY kgreen SDATA "[kgreen]"--=small k, Greenlandic-->
+<!ENTITY lacute SDATA "[lacute]"--=small l, acute accent-->
+<!ENTITY Lacute SDATA "[Lacute]"--=capital L, acute accent-->
+<!ENTITY lcaron SDATA "[lcaron]"--=small l, caron-->
+<!ENTITY Lcaron SDATA "[Lcaron]"--=capital L, caron-->
+<!ENTITY lcedil SDATA "[lcedil]"--=small l, cedilla-->
+<!ENTITY Lcedil SDATA "[Lcedil]"--=capital L, cedilla-->
+<!ENTITY lmidot SDATA "[lmidot]"--=small l, middle dot-->
+<!ENTITY Lmidot SDATA "[Lmidot]"--=capital L, middle dot-->
+<!ENTITY lstrok SDATA "[lstrok]"--=small l, stroke-->
+<!ENTITY Lstrok SDATA "[Lstrok]"--=capital L, stroke-->
+<!ENTITY nacute SDATA "[nacute]"--=small n, acute accent-->
+<!ENTITY Nacute SDATA "[Nacute]"--=capital N, acute accent-->
+<!ENTITY eng    SDATA "[eng   ]"--=small eng, Lapp-->
+<!ENTITY ENG    SDATA "[ENG   ]"--=capital ENG, Lapp-->
+<!ENTITY napos  SDATA "[napos ]"--=small n, apostrophe-->
+<!ENTITY ncaron SDATA "[ncaron]"--=small n, caron-->
+<!ENTITY Ncaron SDATA "[Ncaron]"--=capital N, caron-->
+<!ENTITY ncedil SDATA "[ncedil]"--=small n, cedilla-->
+<!ENTITY Ncedil SDATA "[Ncedil]"--=capital N, cedilla-->
+<!ENTITY odblac SDATA "[odblac]"--=small o, double acute accent-->
+<!ENTITY Odblac SDATA "[Odblac]"--=capital O, double acute accent-->
+<!ENTITY Omacr  SDATA "[Omacr ]"--=capital O, macron-->
+<!ENTITY omacr  SDATA "[omacr ]"--=small o, macron-->
+<!ENTITY oelig  SDATA "[oelig ]"--=small oe ligature-->
+<!ENTITY OElig  SDATA "[OElig ]"--=capital OE ligature-->
+<!ENTITY racute SDATA "[racute]"--=small r, acute accent-->
+<!ENTITY Racute SDATA "[Racute]"--=capital R, acute accent-->
+<!ENTITY rcaron SDATA "[rcaron]"--=small r, caron-->
+<!ENTITY Rcaron SDATA "[Rcaron]"--=capital R, caron-->
+<!ENTITY rcedil SDATA "[rcedil]"--=small r, cedilla-->
+<!ENTITY Rcedil SDATA "[Rcedil]"--=capital R, cedilla-->
+<!ENTITY sacute SDATA "[sacute]"--=small s, acute accent-->
+<!ENTITY Sacute SDATA "[Sacute]"--=capital S, acute accent-->
+<!ENTITY scaron SDATA "[scaron]"--=small s, caron-->
+<!ENTITY Scaron SDATA "[Scaron]"--=capital S, caron-->
+<!ENTITY scedil SDATA "[scedil]"--=small s, cedilla-->
+<!ENTITY Scedil SDATA "[Scedil]"--=capital S, cedilla-->
+<!ENTITY scirc  SDATA "[scirc ]"--=small s, circumflex accent-->
+<!ENTITY Scirc  SDATA "[Scirc ]"--=capital S, circumflex accent-->
+<!ENTITY tcaron SDATA "[tcaron]"--=small t, caron-->
+<!ENTITY Tcaron SDATA "[Tcaron]"--=capital T, caron-->
+<!ENTITY tcedil SDATA "[tcedil]"--=small t, cedilla-->
+<!ENTITY Tcedil SDATA "[Tcedil]"--=capital T, cedilla-->
+<!ENTITY tstrok SDATA "[tstrok]"--=small t, stroke-->
+<!ENTITY Tstrok SDATA "[Tstrok]"--=capital T, stroke-->
+<!ENTITY ubreve SDATA "[ubreve]"--=small u, breve-->
+<!ENTITY Ubreve SDATA "[Ubreve]"--=capital U, breve-->
+<!ENTITY udblac SDATA "[udblac]"--=small u, double acute accent-->
+<!ENTITY Udblac SDATA "[Udblac]"--=capital U, double acute accent-->
+<!ENTITY umacr  SDATA "[umacr ]"--=small u, macron-->
+<!ENTITY Umacr  SDATA "[Umacr ]"--=capital U, macron-->
+<!ENTITY uogon  SDATA "[uogon ]"--=small u, ogonek-->
+<!ENTITY Uogon  SDATA "[Uogon ]"--=capital U, ogonek-->
+<!ENTITY uring  SDATA "[uring ]"--=small u, ring-->
+<!ENTITY Uring  SDATA "[Uring ]"--=capital U, ring-->
+<!ENTITY utilde SDATA "[utilde]"--=small u, tilde-->
+<!ENTITY Utilde SDATA "[Utilde]"--=capital U, tilde-->
+<!ENTITY wcirc  SDATA "[wcirc ]"--=small w, circumflex accent-->
+<!ENTITY Wcirc  SDATA "[Wcirc ]"--=capital W, circumflex accent-->
+<!ENTITY ycirc  SDATA "[ycirc ]"--=small y, circumflex accent-->
+<!ENTITY Ycirc  SDATA "[Ycirc ]"--=capital Y, circumflex accent-->
+<!ENTITY Yuml   SDATA "[Yuml  ]"--=capital Y, dieresis or umlaut mark-->
+<!ENTITY zacute SDATA "[zacute]"--=small z, acute accent-->
+<!ENTITY Zacute SDATA "[Zacute]"--=capital Z, acute accent-->
+<!ENTITY zcaron SDATA "[zcaron]"--=small z, caron-->
+<!ENTITY Zcaron SDATA "[Zcaron]"--=capital Z, caron-->
+<!ENTITY zdot   SDATA "[zdot  ]"--=small z, dot above-->
+<!ENTITY Zdot   SDATA "[Zdot  ]"--=capital Z, dot above-->
diff --git a/docs/docbook/dbsgml/ent/ISOnum b/docs/docbook/dbsgml/ent/ISOnum
new file mode 100755
index 00000000000..d7b41c33ae3
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOnum
@@ -0,0 +1,91 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOnum PUBLIC
+       "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN">
+     %ISOnum;
+-->
+<!ENTITY half   SDATA "[half  ]"--=fraction one-half-->
+<!ENTITY frac12 SDATA "[frac12]"--=fraction one-half-->
+<!ENTITY frac14 SDATA "[frac14]"--=fraction one-quarter-->
+<!ENTITY frac34 SDATA "[frac34]"--=fraction three-quarters-->
+<!ENTITY frac18 SDATA "[frac18]"--=fraction one-eighth-->
+<!ENTITY frac38 SDATA "[frac38]"--=fraction three-eighths-->
+<!ENTITY frac58 SDATA "[frac58]"--=fraction five-eighths-->
+<!ENTITY frac78 SDATA "[frac78]"--=fraction seven-eighths-->
+
+<!ENTITY sup1   SDATA "[sup1  ]"--=superscript one-->
+<!ENTITY sup2   SDATA "[sup2  ]"--=superscript two-->
+<!ENTITY sup3   SDATA "[sup3  ]"--=superscript three-->
+
+<!ENTITY plus   SDATA "[plus  ]"--=plus sign B:-- >
+<!ENTITY plusmn SDATA "[plusmn]"--/pm B: =plus-or-minus sign-->
+<!ENTITY lt     SDATA "[lt    ]"--=less-than sign R:-->
+<!ENTITY equals SDATA "[equals]"--=equals sign R:-->
+<!ENTITY gt     SDATA "[gt    ]"--=greater-than sign R:-->
+<!ENTITY divide SDATA "[divide]"--/div B: =divide sign-->
+<!ENTITY times  SDATA "[times ]"--/times B: =multiply sign-->
+
+<!ENTITY curren SDATA "[curren]"--=general currency sign-->
+<!ENTITY pound  SDATA "[pound ]"--=pound sign-->
+<!ENTITY dollar SDATA "[dollar]"--=dollar sign-->
+<!ENTITY cent   SDATA "[cent  ]"--=cent sign-->
+<!ENTITY yen    SDATA "[yen   ]"--/yen =yen sign-->
+
+<!ENTITY num    SDATA "[num   ]"--=number sign-->
+<!ENTITY percnt SDATA "[percnt]"--=percent sign-->
+<!ENTITY amp    SDATA "[amp   ]"--=ampersand-->
+<!ENTITY ast    SDATA "[ast   ]"--/ast B: =asterisk-->
+<!ENTITY commat SDATA "[commat]"--=commercial at-->
+<!ENTITY lsqb   SDATA "[lsqb  ]"--/lbrack O: =left square bracket-->
+<!ENTITY bsol   SDATA "[bsol  ]"--/backslash =reverse solidus-->
+<!ENTITY rsqb   SDATA "[rsqb  ]"--/rbrack C: =right square bracket-->
+<!ENTITY lcub   SDATA "[lcub  ]"--/lbrace O: =left curly bracket-->
+<!ENTITY horbar SDATA "[horbar]"--=horizontal bar-->
+<!ENTITY verbar SDATA "[verbar]"--/vert =vertical bar-->
+<!ENTITY rcub   SDATA "[rcub  ]"--/rbrace C: =right curly bracket-->
+<!ENTITY micro  SDATA "[micro ]"--=micro sign-->
+<!ENTITY ohm    SDATA "[ohm   ]"--=ohm sign-->
+<!ENTITY deg    SDATA "[deg   ]"--=degree sign-->
+<!ENTITY ordm   SDATA "[ordm  ]"--=ordinal indicator, masculine-->
+<!ENTITY ordf   SDATA "[ordf  ]"--=ordinal indicator, feminine-->
+<!ENTITY sect   SDATA "[sect  ]"--=section sign-->
+<!ENTITY para   SDATA "[para  ]"--=pilcrow (paragraph sign)-->
+<!ENTITY middot SDATA "[middot]"--/centerdot B: =middle dot-->
+<!ENTITY larr   SDATA "[larr  ]"--/leftarrow /gets A: =leftward arrow-->
+<!ENTITY rarr   SDATA "[rarr  ]"--/rightarrow /to A: =rightward arrow-->
+<!ENTITY uarr   SDATA "[uarr  ]"--/uparrow A: =upward arrow-->
+<!ENTITY darr   SDATA "[darr  ]"--/downarrow A: =downward arrow-->
+<!ENTITY copy   SDATA "[copy  ]"--=copyright sign-->
+<!ENTITY reg    SDATA "[reg   ]"--/circledR =registered sign-->
+<!ENTITY trade  SDATA "[trade ]"--=trade mark sign-->
+<!ENTITY brvbar SDATA "[brvbar]"--=broken (vertical) bar-->
+<!ENTITY not    SDATA "[not   ]"--/neg /lnot =not sign-->
+<!ENTITY sung   SDATA "[sung  ]"--=music note (sung text sign)-->
+
+<!ENTITY excl   SDATA "[excl  ]"--=exclamation mark-->
+<!ENTITY iexcl  SDATA "[iexcl ]"--=inverted exclamation mark-->
+<!ENTITY quot   SDATA "[quot  ]"--=quotation mark-->
+<!ENTITY apos   SDATA "[apos  ]"--=apostrophe-->
+<!ENTITY lpar   SDATA "[lpar  ]"--O: =left parenthesis-->
+<!ENTITY rpar   SDATA "[rpar  ]"--C: =right parenthesis-->
+<!ENTITY comma  SDATA "[comma ]"--P: =comma-->
+<!ENTITY lowbar SDATA "[lowbar]"--=low line-->
+<!ENTITY hyphen SDATA "[hyphen]"--=hyphen-->
+<!ENTITY period SDATA "[period]"--=full stop, period-->
+<!ENTITY sol    SDATA "[sol   ]"--=solidus-->
+<!ENTITY colon  SDATA "[colon ]"--/colon P:-->
+<!ENTITY semi   SDATA "[semi  ]"--=semicolon P:-->
+<!ENTITY quest  SDATA "[quest ]"--=question mark-->
+<!ENTITY iquest SDATA "[iquest]"--=inverted question mark-->
+<!ENTITY laquo  SDATA "[laquo ]"--=angle quotation mark, left-->
+<!ENTITY raquo  SDATA "[raquo ]"--=angle quotation mark, right-->
+<!ENTITY lsquo  SDATA "[lsquo ]"--=single quotation mark, left-->
+<!ENTITY rsquo  SDATA "[rsquo ]"--=single quotation mark, right-->
+<!ENTITY ldquo  SDATA "[ldquo ]"--=double quotation mark, left-->
+<!ENTITY rdquo  SDATA "[rdquo ]"--=double quotation mark, right-->
+<!ENTITY nbsp   SDATA "[nbsp  ]"--=no break (required) space-->
+<!ENTITY shy    SDATA "[shy   ]"--=soft hyphen-->
diff --git a/docs/docbook/dbsgml/ent/ISOpub b/docs/docbook/dbsgml/ent/ISOpub
new file mode 100755
index 00000000000..c184973cfdf
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOpub
@@ -0,0 +1,100 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOpub PUBLIC
+       "ISO 8879:1986//ENTITIES Publishing//EN">
+     %ISOpub;
+-->
+<!ENTITY emsp   SDATA "[emsp  ]"--=em space-->
+<!ENTITY ensp   SDATA "[ensp  ]"--=en space (1/2-em)-->
+<!ENTITY emsp13 SDATA "[emsp3 ]"--=1/3-em space-->
+<!ENTITY emsp14 SDATA "[emsp4 ]"--=1/4-em space-->
+<!ENTITY numsp  SDATA "[numsp ]"--=digit space (width of a number)-->
+<!ENTITY puncsp SDATA "[puncsp]"--=punctuation space (width of comma)-->
+<!ENTITY thinsp SDATA "[thinsp]"--=thin space (1/6-em)-->
+<!ENTITY hairsp SDATA "[hairsp]"--=hair space-->
+<!ENTITY mdash  SDATA "[mdash ]"--=em dash-->
+<!ENTITY ndash  SDATA "[ndash ]"--=en dash-->
+<!ENTITY dash   SDATA "[dash  ]"--=hyphen (true graphic)-->
+<!ENTITY blank  SDATA "[blank ]"--=significant blank symbol-->
+<!ENTITY hellip SDATA "[hellip]"--=ellipsis (horizontal)-->
+<!ENTITY nldr   SDATA "[nldr  ]"--=double baseline dot (en leader)-->
+<!ENTITY frac13 SDATA "[frac13]"--=fraction one-third-->
+<!ENTITY frac23 SDATA "[frac23]"--=fraction two-thirds-->
+<!ENTITY frac15 SDATA "[frac15]"--=fraction one-fifth-->
+<!ENTITY frac25 SDATA "[frac25]"--=fraction two-fifths-->
+<!ENTITY frac35 SDATA "[frac35]"--=fraction three-fifths-->
+<!ENTITY frac45 SDATA "[frac45]"--=fraction four-fifths-->
+<!ENTITY frac16 SDATA "[frac16]"--=fraction one-sixth-->
+<!ENTITY frac56 SDATA "[frac56]"--=fraction five-sixths-->
+<!ENTITY incare SDATA "[incare]"--=in-care-of symbol-->
+<!ENTITY block  SDATA "[block ]"--=full block-->
+<!ENTITY uhblk  SDATA "[uhblk ]"--=upper half block-->
+<!ENTITY lhblk  SDATA "[lhblk ]"--=lower half block-->
+<!ENTITY blk14  SDATA "[blk14 ]"--=25% shaded block-->
+<!ENTITY blk12  SDATA "[blk12 ]"--=50% shaded block-->
+<!ENTITY blk34  SDATA "[blk34 ]"--=75% shaded block-->
+<!ENTITY marker SDATA "[marker]"--=histogram marker-->
+<!ENTITY cir    SDATA "[cir   ]"--/circ B: =circle, open-->
+<!ENTITY squ    SDATA "[squ   ]"--=square, open-->
+<!ENTITY rect   SDATA "[rect  ]"--=rectangle, open-->
+<!ENTITY utri   SDATA "[utri  ]"--/triangle =up triangle, open-->
+<!ENTITY dtri   SDATA "[dtri  ]"--/triangledown =down triangle, open-->
+<!ENTITY star   SDATA "[star  ]"--=star, open-->
+<!ENTITY bull   SDATA "[bull  ]"--/bullet B: =round bullet, filled-->
+<!ENTITY squf   SDATA "[squf  ]"--/blacksquare =sq bullet, filled-->
+<!ENTITY utrif  SDATA "[utrif ]"--/blacktriangle =up tri, filled-->
+<!ENTITY dtrif  SDATA "[dtrif ]"--/blacktriangledown =dn tri, filled-->
+<!ENTITY ltrif  SDATA "[ltrif ]"--/blacktriangleleft R: =l tri, filled-->
+<!ENTITY rtrif  SDATA "[rtrif ]"--/blacktriangleright R: =r tri, filled-->
+<!ENTITY clubs  SDATA "[clubs ]"--/clubsuit =club suit symbol-->
+<!ENTITY diams  SDATA "[diams ]"--/diamondsuit =diamond suit symbol-->
+<!ENTITY hearts SDATA "[hearts]"--/heartsuit =heart suit symbol-->
+<!ENTITY spades SDATA "[spades]"--/spadesuit =spades suit symbol-->
+<!ENTITY malt   SDATA "[malt  ]"--/maltese =maltese cross-->
+<!ENTITY dagger SDATA "[dagger]"--/dagger B: =dagger-->
+<!ENTITY Dagger SDATA "[Dagger]"--/ddagger B: =double dagger-->
+<!ENTITY check  SDATA "[check ]"--/checkmark =tick, check mark-->
+<!ENTITY cross  SDATA "[ballot]"--=ballot cross-->
+<!ENTITY sharp  SDATA "[sharp ]"--/sharp =musical sharp-->
+<!ENTITY flat   SDATA "[flat  ]"--/flat =musical flat-->
+<!ENTITY male   SDATA "[male  ]"--=male symbol-->
+<!ENTITY female SDATA "[female]"--=female symbol-->
+<!ENTITY phone  SDATA "[phone ]"--=telephone symbol-->
+<!ENTITY telrec SDATA "[telrec]"--=telephone recorder symbol-->
+<!ENTITY copysr SDATA "[copysr]"--=sound recording copyright sign-->
+<!ENTITY caret  SDATA "[caret ]"--=caret (insertion mark)-->
+<!ENTITY lsquor SDATA "[lsquor]"--=rising single quote, left (low)-->
+<!ENTITY ldquor SDATA "[ldquor]"--=rising dbl quote, left (low)-->
+
+<!ENTITY fflig  SDATA "[fflig ]"--small ff ligature-->
+<!ENTITY filig  SDATA "[filig ]"--small fi ligature-->
+<!ENTITY fjlig  SDATA "[fjlig ]"--small fj ligature-->
+<!ENTITY ffilig SDATA "[ffilig]"--small ffi ligature-->
+<!ENTITY ffllig SDATA "[ffllig]"--small ffl ligature-->
+<!ENTITY fllig  SDATA "[fllig ]"--small fl ligature-->
+
+<!ENTITY mldr   SDATA "[mldr  ]"--em leader-->
+<!ENTITY rdquor SDATA "[rdquor]"--rising dbl quote, right (high)-->
+<!ENTITY rsquor SDATA "[rsquor]"--rising single quote, right (high)-->
+<!ENTITY vellip SDATA "[vellip]"--vertical ellipsis-->
+
+<!ENTITY hybull SDATA "[hybull]"--rectangle, filled (hyphen bullet)-->
+<!ENTITY loz    SDATA "[loz   ]"--/lozenge - lozenge or total mark-->
+<!ENTITY lozf   SDATA "[lozf  ]"--/blacklozenge - lozenge, filled-->
+<!ENTITY ltri   SDATA "[ltri  ]"--/triangleleft B: l triangle, open-->
+<!ENTITY rtri   SDATA "[rtri  ]"--/triangleright B: r triangle, open-->
+<!ENTITY starf  SDATA "[starf ]"--/bigstar - star, filled-->
+
+<!ENTITY natur  SDATA "[natur ]"--/natural - music natural-->
+<!ENTITY rx     SDATA "[rx    ]"--pharmaceutical prescription (Rx)-->
+<!ENTITY sext   SDATA "[sext  ]"--sextile (6-pointed star)-->
+
+<!ENTITY target SDATA "[target]"--register mark or target-->
+<!ENTITY dlcrop SDATA "[dlcrop]"--downward left crop mark -->
+<!ENTITY drcrop SDATA "[drcrop]"--downward right crop mark -->
+<!ENTITY ulcrop SDATA "[ulcrop]"--upward left crop mark -->
+<!ENTITY urcrop SDATA "[urcrop]"--upward right crop mark -->
diff --git a/docs/docbook/dbsgml/ent/ISOtech b/docs/docbook/dbsgml/ent/ISOtech
new file mode 100755
index 00000000000..cbda344869a
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOtech
@@ -0,0 +1,73 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOtech PUBLIC
+       "ISO 8879:1986//ENTITIES General Technical//EN">
+     %ISOtech;
+-->
+<!ENTITY aleph  SDATA "[aleph ]"--/aleph =aleph, Hebrew-->
+<!ENTITY and    SDATA "[and   ]"--/wedge /land B: =logical and-->
+<!ENTITY ang90  SDATA "[ang90 ]"--=right (90 degree) angle-->
+<!ENTITY angsph SDATA "[angsph]"--/sphericalangle =angle-spherical-->
+<!ENTITY ap     SDATA "[ap    ]"--/approx R: =approximate-->
+<!ENTITY becaus SDATA "[becaus]"--/because R: =because-->
+<!ENTITY bottom SDATA "[bottom]"--/bot B: =perpendicular-->
+<!ENTITY cap    SDATA "[cap   ]"--/cap B: =intersection-->
+<!ENTITY cong   SDATA "[cong  ]"--/cong R: =congruent with-->
+<!ENTITY conint SDATA "[conint]"--/oint L: =contour integral operator-->
+<!ENTITY cup    SDATA "[cup   ]"--/cup B: =union or logical sum-->
+<!ENTITY equiv  SDATA "[equiv ]"--/equiv R: =identical with-->
+<!ENTITY exist  SDATA "[exist ]"--/exists =at least one exists-->
+<!ENTITY forall SDATA "[forall]"--/forall =for all-->
+<!ENTITY fnof   SDATA "[fnof  ]"--=function of (italic small f)-->
+<!ENTITY ge     SDATA "[ge    ]"--/geq /ge R: =greater-than-or-equal-->
+<!ENTITY iff    SDATA "[iff   ]"--/iff =if and only if-->
+<!ENTITY infin  SDATA "[infin ]"--/infty =infinity-->
+<!ENTITY int    SDATA "[int   ]"--/int L: =integral operator-->
+<!ENTITY isin   SDATA "[isin  ]"--/in R: =set membership-->
+<!ENTITY lang   SDATA "[lang  ]"--/langle O: =left angle bracket-->
+<!ENTITY lArr   SDATA "[lArr  ]"--/Leftarrow A: =is implied by-->
+<!ENTITY le     SDATA "[le    ]"--/leq /le R: =less-than-or-equal-->
+<!ENTITY minus  SDATA "[minus ]"--B: =minus sign-->
+<!ENTITY mnplus SDATA "[mnplus]"--/mp B: =minus-or-plus sign-->
+<!ENTITY nabla  SDATA "[nabla ]"--/nabla =del, Hamilton operator-->
+<!ENTITY ne     SDATA "[ne    ]"--/ne /neq R: =not equal-->
+<!ENTITY ni     SDATA "[ni    ]"--/ni /owns R: =contains-->
+<!ENTITY or     SDATA "[or    ]"--/vee /lor B: =logical or-->
+<!ENTITY par    SDATA "[par   ]"--/parallel R: =parallel-->
+<!ENTITY part   SDATA "[part  ]"--/partial =partial differential-->
+<!ENTITY permil SDATA "[permil]"--=per thousand-->
+<!ENTITY perp   SDATA "[perp  ]"--/perp R: =perpendicular-->
+<!ENTITY prime  SDATA "[prime ]"--/prime =prime or minute-->
+<!ENTITY Prime  SDATA "[Prime ]"--=double prime or second-->
+<!ENTITY prop   SDATA "[prop  ]"--/propto R: =is proportional to-->
+<!ENTITY radic  SDATA "[radic ]"--/surd =radical-->
+<!ENTITY rang   SDATA "[rang  ]"--/rangle C: =right angle bracket-->
+<!ENTITY rArr   SDATA "[rArr  ]"--/Rightarrow A: =implies-->
+<!ENTITY sim    SDATA "[sim   ]"--/sim R: =similar-->
+<!ENTITY sime   SDATA "[sime  ]"--/simeq R: =similar, equals-->
+<!ENTITY square SDATA "[square]"--/square B: =square-->
+<!ENTITY sub    SDATA "[sub   ]"--/subset R: =subset or is implied by-->
+<!ENTITY sube   SDATA "[sube  ]"--/subseteq R: =subset, equals-->
+<!ENTITY sup    SDATA "[sup   ]"--/supset R: =superset or implies-->
+<!ENTITY supe   SDATA "[supe  ]"--/supseteq R: =superset, equals-->
+<!ENTITY there4 SDATA "[there4]"--/therefore R: =therefore-->
+<!ENTITY Verbar SDATA "[Verbar]"--/Vert =dbl vertical bar-->
+
+<!ENTITY angst  SDATA "[angst ]"--Angstrom =capital A, ring-->
+<!ENTITY bernou SDATA "[bernou]"--Bernoulli function (script capital B)-->
+<!ENTITY compfn SDATA "[compfn]"--B: composite function (small circle)-->
+<!ENTITY Dot    SDATA "[Dot   ]"--=dieresis or umlaut mark-->
+<!ENTITY DotDot SDATA "[DotDot]"--four dots above-->
+<!ENTITY hamilt SDATA "[hamilt]"--Hamiltonian (script capital H)-->
+<!ENTITY lagran SDATA "[lagran]"--Lagrangian (script capital L)-->
+<!ENTITY lowast SDATA "[lowast]"--low asterisk-->
+<!ENTITY notin  SDATA "[notin ]"--N: negated set membership-->
+<!ENTITY order  SDATA "[order ]"--order of (script small o)-->
+<!ENTITY phmmat SDATA "[phmmat]"--physics M-matrix (script capital M)-->
+<!ENTITY tdot   SDATA "[tdot  ]"--three dots above-->
+<!ENTITY tprime SDATA "[tprime]"--triple prime-->
+<!ENTITY wedgeq SDATA "[wedgeq]"--R: corresponds to (wedge, equals)-->
diff --git a/docs/docbook/dbsgml/readme.txt b/docs/docbook/dbsgml/readme.txt
new file mode 100755
index 00000000000..52d3f9f4aaf
--- /dev/null
+++ b/docs/docbook/dbsgml/readme.txt
@@ -0,0 +1,12 @@
+README for DocBook V4.1
+
+This is DocBook V4.1, released 19 June 2000.
+
+See 40chg.txt for information about what has changed since DocBook 3.1.
+
+For more information about DocBook, please see
+
+  http://www.oasis-open.org/docbook/
+
+Please send all questions, comments, concerns, and bug reports to the
+DocBook mailing list: docbook@lists.oasis-open.org
diff --git a/docs/docbook/docbook.txt b/docs/docbook/docbook.txt
new file mode 100755
index 00000000000..388cd5cf9b7
--- /dev/null
+++ b/docs/docbook/docbook.txt
@@ -0,0 +1,136 @@
+!==
+!== docbook.txt for Samba 2.2.0 release
+!==
+!== Author:	David Bannon, D.Bannon@latrobe.edu.au  November, 2000
+!== Updates:	Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
+
+What are DocBook documents doing in the Samba Distribution ?
+-----------------------------------------------------------
+
+We are planning to convert all of the samba docs to SGML/DocBook V4.1
+in order to make them easier to maintain and produce a nicer looking
+product.
+
+This short note (strange isn't it how it always starts out as a short note
+and becomes a long one ?) will explain very briefly how and why we are
+doing this.
+
+
+The format
+----------
+
+If you are new to sgml, regard an sgml file as 'source code'. You don't
+read it directly, use it to create other formats (like the txt and html
+included in ../txt and ../html).
+
+Docbook is a particular SGML style, particularly suited to producing
+technical manuals.  In the two documents I have produced so far I have used
+DocBook 4.1, it seems that products like RedHat Linux is still include only
+version 3.1, the differences are minor. The Linux Documentation Project is
+using a modified version of 3.1 but are really geared up to make multi
+paged documents, something we want to avoid for logistic reasons.
+
+For more information on DocBook tags and format, see "DocBook: The 
+Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing.
+This book covers DocBook V3.1 and is available on-line
+at http://www.docbook.org/
+
+The Output
+----------
+
+The current Samba CVS tree contains the SGML/DocBook source files as well 
+as the following autogenerated formats
+
+  * man pages
+  * HTML
+  * ASCII text (where appropriate)
+
+
+The Tools
+---------
+
+[
+ addendum: For a good general overview of installing the tools
+ needed for generating files from SGML/DocBook source, refer
+ to the DocBook-Install mini HOWTO at
+ http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DocBook-Install
+
+ While the above link is to a Linux HOWTO, the tools can be installed 
+ on almost any UNIX platform.
+
+ David's original notes follow below:
+]
+
+Any sgml document needs to be referred to a suitable style sheet
+(describing syntax) and other sheets that tell the translating programmes
+how to do the translations. The list of necessary 'included files is a
+bit messy but once installed is pretty easy.
+
+On one of my RedHat 6.2 systems I installed the following:
+* sgml-common (as an rpm)
+* docbook  (as an rpm)
+* stylesheets  (as an rpm)
+* jade  (as an rpm)
+* Docbook 4.1 from http://docbook.org
+* DSSSL 157 from http://nwalsh.com/docbook/dsssl/ 
+
+There are several downloadable descriptions of the DocBook syntax at the
+web sites mentioned above. Note that a lot of the docs only talk about
+version 3.1 with 4.1 as an add-on.
+
+In either case you will need to include in the html/docbook.dsl and most
+likely a couple of defines to achieve a suitable output. I made a
+local dsl file that I called html.dsl that looks like this :
+
+<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
+<!ENTITY dbstyle SYSTEM "/usr/lib/sgml/dsssl-157/docbook/html/docbook.dsl" 
+CDATA DSSSL>
+]>
+
+<style-sheet>
+<style-specification use="docbook">
+<style-specification-body>
+
+(define nochunks #t)			;; Dont make multiple pages
+(define rootchunk #t)			;; Do make a 'root' page
+(define %use-id-as-filename% #t)	;; Use book id as filename	
+(define %html-ext% ".html")		;; give it a proper html extension
+
+</style-specification-body>
+</style-specification>
+<external-specification id="docbook" document="dbstyle">
+</style-sheet>
+
+Note the top block that refers to where the dsssl-157 style sheets are
+installed, if you don�t put them there make sure you edit the file.
+
+To use this stylesheet, have it in your working directory along with your
+sgml files.  Jade does the actual conversion to html, call it like this :
+
+jade -t sgml -d html.dsl stuff.sgml
+
+To create the text version run the html through lynx :
+
+Lynx  -dump  -nolist  stuff.html  >  stuff.txt
+
+These instructions are crude by might help someone get going. Please feel
+free to contact me if you have any questions or if you can correct any one
+of the many mistakes I must have made above.
+
+David
+
+==========================================================================
+
+This directory now contains a ./configure script and Makefile to 
+support the automated building of man pages (including HTML versions).
+The DocBook V4.1 DTD and ISO entity files have also been included in CVS
+to make sure we are all working from the same plate.
+
+The SGML_CATALOG_FILES environment variable should be set as follows
+(this assumes you have a working local installation of jade and
+Norman's Walsh's DSSSL stylesheets):
+
+  export SGML_CATALOG_FILES=$SGML_CATALOG_FILES:./dbsgml/catalog
+
+
+--jerry
diff --git a/docs/docbook/faq/README.NOW b/docs/docbook/faq/README.NOW
new file mode 100755
index 00000000000..77f1659a89c
--- /dev/null
+++ b/docs/docbook/faq/README.NOW
@@ -0,0 +1,2 @@
+The files previously in this directory have been incorporated
+into the Samba-HOWTO-Collection
diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent
new file mode 100755
index 00000000000..91286de98be
--- /dev/null
+++ b/docs/docbook/global.ent
@@ -0,0 +1,33 @@
+<!-- Global Entities File -->
+
+
+<!-- Email Address' -->
+<!ENTITY email.dbannon 'D.Bannon@latrobe.edu.au'>
+<!ENTITY email.jmoore  'jmoore@php.net'>
+<!ENTITY email.jerry   'jerry@samba.org'>
+<!ENTITY email.patches 'samba-patches@samba.org'>
+
+<!-- URL's -->
+<!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'>
+<!ENTITY url.pdc-howto.local 'samba-pdc-howto.html'>
+<!ENTITY url.samba-tng 'http://www.samba-tng.org'>
+<!ENTITY url.samba.doc 'http://bioserve.latrobe.edu.au/samba/'>
+<!ENTITY url.ultraedit 'http://www.ultraedit.com'>
+<!ENTITY url.vi-windows 'http://home.snafu.de/ramo/WinViEn.htm'>
+<!ENTITY url.pfe 'http://www.lancs.ac.uk/people/cpaap/pfe/'>
+<!ENTITY url.server-tools.win95 'ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE'>
+<!ENTITY url.server-tools.winnt 'ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE'>
+<!ENTITY url.tcpdump 'http://www.tcpdump.org/'>
+<!ENTITY url.samba 'http://samba.org'>
+<!ENTITY url.samba-ldap-howto 'http://www.unav.es/cti/ldap-smb-howto.html'>
+<!ENTITY url.samba-tng.home 'http://www.kneschke.de/projekte/samba_tng/'>
+<!ENTITY url.samba.mailinglist.ntdom 'http://lists.samba.org/mailman/roster/samba-ntdom'>
+<!ENTITY url.samba.cifs 'http://samba.org/cifs/'>
+<!ENTITY url.ntdomains-for-unix 'http://mailhost.cb1.com/~lkcl/ntdom/'>
+<!ENTITY url.samba.specs.old 'ftp://ftp.microsoft.com/developr/drg/CIFS/'>
+<!ENTITY url.rfc.1001 'http://ds.internic.net/rfc/rfc1001.txt'>
+<!ENTITY url.rfc.1002 'http://ds.internic.net/rfc/rfc1002.txt'>
+
+<!-- Misc -->
+<!ENTITY samba.pub.cvshost 'pserver.samba.org'>
+
diff --git a/docs/docbook/howto/README.NOW b/docs/docbook/howto/README.NOW
new file mode 100755
index 00000000000..77f1659a89c
--- /dev/null
+++ b/docs/docbook/howto/README.NOW
@@ -0,0 +1,2 @@
+The files previously in this directory have been incorporated
+into the Samba-HOWTO-Collection
diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml
new file mode 100755
index 00000000000..d8f436c4a12
--- /dev/null
+++ b/docs/docbook/manpages/findsmb.1.sgml
@@ -0,0 +1,131 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="findsmb">
+
+<refmeta>
+	<refentrytitle>findsmb</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>findsmb</refname>
+	<refpurpose>list info about machines that respond to SMB 
+	name queries on a subnet</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>findsmb</command>
+		<arg choice="opt">subnet broadcast address</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	
+	<para>This perl script is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>findsmb</command> is a perl script that
+	prints out several pieces of information about machines 
+	on a subnet that respond to SMB  name query requests.
+	It uses <ulink url="nmblookup.1.html"><command>
+	nmblookup(1)</command></ulink> and <ulink url="smbclient.1.html">
+	<command>smbclient(1)</command></ulink> to obtain this information.
+	</para>
+</refsect1>		
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>subnet broadcast address</term>
+		<listitem><para>Without this option, <command>findsmb
+		</command> will probe the subnet of the machine where 
+		<command>findsmb</command> is run. This value is passed 
+		to <command>nmblookup</command> as part of the 
+		<constant>-B</constant> option</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>EXAMPLES</title>
+
+	<para>The output of <command>findsmb</command> lists the following 
+	information for all machines that respond to the initial 
+	<command>nmblookup</command> for any name: IP address, NetBIOS name, 
+	Workgroup name, operating system, and SMB server version.</para>
+
+	<para>There will be a '+' in front of the workgroup name for 
+	machines that are local master browsers for that workgroup. There 
+	will be an '*' in front of the workgroup name for 
+	machines that are the domain master browser for that workgroup. 
+	Machines that are running Windows, Windows 95 or Windows 98 will 
+	not show any information about the operating system or server 
+	version.</para>
+
+	<para>The command must be run on a system without <ulink
+	url="nmbd.8.html"><command>nmbd</command></ulink> running. 
+	If <command>nmbd</command> is running on the system, you will 
+	only  get the IP address and the DNS name of the machine. To 
+	get proper responses  from Windows 95 and Windows 98 machines, 
+	the command must be run as root. </para>
+
+	<para>For example running <command>findsmb</command> on a machine 
+	without <command>nmbd</command> running would yield output similar
+	to the following</para>
+
+	<screen><computeroutput>
+IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
+--------------------------------------------------------------------- 
+192.168.35.10   MINESET-TEST1  [DMVENGR]
+192.168.35.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2.0.6]
+192.168.35.56   HERBNT2        [HERB-NT]
+192.168.35.63   GANDALF        [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
+192.168.35.65   SAUNA          [WORKGROUP] [Unix] [Samba 1.9.18p10]
+192.168.35.71   FROGSTAR       [ENGR] [Unix] [Samba 2.0.0 for IRIX]
+192.168.35.78   HERBDHCP1     +[HERB]
+192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
+192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
+192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
+	</computeroutput></screen>
+
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, 
+	<ulink url="smbclient.1.html"><command>smbclient(1)
+	</command></ulink>, and	<ulink url="nmblookup.1.html">
+	<command>nmblookup(1)</command></ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.sgml
new file mode 100755
index 00000000000..7934c18e8ec
--- /dev/null
+++ b/docs/docbook/manpages/lmhosts.5.sgml
@@ -0,0 +1,114 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="lmhosts">
+
+<refmeta>
+	<refentrytitle>lmhosts</refentrytitle>
+	<manvolnum>5</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>lmhosts</refname>
+	<refpurpose>The Samba NetBIOS hosts file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<para><filename>lmhosts</filename> is the <ulink url="samba.7.html">
+	Samba</ulink> NetBIOS name to IP address mapping file.</para> 
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	
+	<para>This file is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><filename>lmhosts</filename> is the <emphasis>Samba
+	</emphasis> NetBIOS name to IP address mapping file.  It 
+	is very similar to the <filename>/etc/hosts</filename> file 
+	format, except that the hostname component must correspond 
+	to the NetBIOS naming format.</para>
+</refsect1>
+
+<refsect1>
+	<title>FILE FORMAT</title>
+	<para>It is an ASCII file containing one line for NetBIOS name. 
+	The two fields on each line are separated from each other by 
+	white space. Any entry beginning with '#' is ignored. Each line 
+	in the lmhosts file contains the following information :</para>
+
+	<itemizedlist>
+		<listitem><para>IP Address - in dotted decimal format.</para>
+		</listitem>
+
+		<listitem><para>NetBIOS Name - This name format is a 
+		maximum fifteen character host name, with an optional 
+		trailing '#' character followed by the NetBIOS name type 
+		as two hexadecimal digits.</para>
+
+		<para>If the trailing '#' is omitted then the given IP 
+		address will be returned for all names that match the given 
+		name, whatever the NetBIOS name type in the lookup.</para>
+		</listitem>
+	</itemizedlist>
+
+	<para>An example follows :</para>
+	
+	<para><programlisting>
+#
+# Sample Samba lmhosts file.
+#
+192.9.200.1	TESTPC
+192.9.200.20	NTSERVER#20
+192.9.200.21	SAMBASERVER
+	</programlisting></para>
+	
+	<para>Contains three IP to NetBIOS name mappings. The first 
+	and third will be returned for any queries for the names "TESTPC" 
+	and "SAMBASERVER" respectively, whatever the type component of 
+	the NetBIOS name requested.</para>
+
+	<para>The second mapping will be returned only when the "0x20" name 
+	type for a name "NTSERVER" is queried. Any other name type will not 
+	be resolved.</para>
+
+	<para>The default location of the <filename>lmhosts</filename> file 
+	is in the same directory as the <ulink url="smb.conf.5.html"> 		
+	smb.conf(5)></ulink> file.</para>
+	
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbclient.1.html"><command>smbclient(1)
+	</command></ulink>, <ulink url="smb.conf.5.html#NAMERESOLVEORDER">
+	smb.conf(5)</ulink>, and <ulink url="smbpasswd.8.html"><command>
+	smbpasswd(8)</command></ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml
new file mode 100755
index 00000000000..a36f9b968c1
--- /dev/null
+++ b/docs/docbook/manpages/make_smbcodepage.1.sgml
@@ -0,0 +1,197 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="make-smbcodepage">
+
+<refmeta>
+	<refentrytitle>make_smbcodepage</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>make_smbcodepage</refname>
+	<refpurpose>construct a codepage file for Samba</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>make_smbcodepage</command>
+		<arg choice="req">c|d</arg>
+		<arg choice="req">codepage</arg>
+		<arg choice="req">inputfile</arg>
+		<arg choice="req">outputfile</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>make_smbcodepage</command> compiles or de-compiles 
+	codepage files for use with the internationalization features 
+	of Samba 2.2</para>
+</refsect1>
+
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>c|d</term>
+		<listitem><para>This tells <command>make_smbcodepage</command> 
+		if it is compiling (<parameter>c</parameter>) a text format code 
+		page file to binary, or (<parameter>d</parameter>) de-compiling 
+		a binary codepage file to text. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>codepage</term>
+		<listitem><para>This is the codepage we are processing (a 
+		number, e.g. 850). </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>inputfile</term>
+		<listitem><para>This is the input file to process. In 
+		the <parameter>c</parameter> case this will be a text 
+		codepage definition file such as the ones found in the Samba 	
+		<filename>source/codepages</filename> directory. In
+		the <parameter>d</parameter> case this will be the 
+		binary format codepage definition file normally found in 
+		the <filename>lib/codepages</filename> directory in the 
+		Samba install directory path.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>outputfile</term>
+		<listitem><para>This is the output file to produce.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>Samba Codepage Files</title>
+
+	<para>A text Samba codepage definition file is a description 
+	that tells  Samba how to map from upper to lower case for 
+	characters greater than ascii 127 in the specified DOS code page. 
+	Note that for certain DOS codepages (437 for example) mapping 
+	from lower to upper case may be non-symmetrical. For example, in
+	code page 437 lower case a acute maps to a plain upper case A 
+	when going from lower to upper case, but plain upper case A maps 
+	to plain lower case a when lower casing a character. </para>
+	
+	<para>A binary Samba codepage definition file is a binary 
+	representation of the same information, including a value that
+	specifies what codepage this file is describing. </para>
+
+	<para>As Samba does not yet use UNICODE (current for Samba version 2.2) 
+	you must specify the client code page that your DOS and Windows 
+	clients are using if you wish to have case insensitivity done 
+	correctly for your particular language. The default codepage Samba 
+	uses is 850 (Western European). Text codepage definition sample files
+	are provided in the Samba distribution for codepages 437 (USA), 737 (Greek),
+	850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic),
+	932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional
+	Chinese). Users are encouraged to write text codepage definition files for
+	their own code pages and donate them to samba@samba.org. All codepage files
+	in the Samba <filename>source/codepages</filename> directory are 
+ 	compiled and installed when a <command>'make install'</command> 
+	command is issued there. </para>
+
+	<para>The client codepage used by the <command>smbd</command> server 
+	is configured using the <command>client code page</command> parameter 
+	in the <command>smb.conf</command> file. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>Files</title>
+
+	<para><command>codepage_def.&lt;codepage&gt;</command></para> 
+
+	<para>These are the input (text) codepage files provided in the 
+	Samba <filename>source/codepages</filename> directory.</para> 
+
+	<para>A text codepage definition file consists of multiple lines 
+	containing four fields. These fields are:</para> 
+
+	<itemizedlist>
+		<listitem><para><command>lower</command>: which is the 
+		(hex) lower case character mapped on this line.</para>
+		</listitem>
+
+		<listitem><para><command>upper</command>: which is the (hex) 
+		upper case character that the lower case character will map to.
+		</para></listitem>
+		
+		<listitem><para><command>map upper to lower</command> which 
+		is a boolean value (put either True or False here) which tells 
+		Samba if it is to map the given upper case character to the 
+		given lower case character when lower casing a filename.
+		</para></listitem>
+		
+		<listitem><para><command>map lower to upper</command> which 
+		is a boolean value (put either True or False here) which tells 
+		Samba if it is to map the given lower case character to the 
+		given upper case character when upper casing a filename.
+		</para></listitem>
+	</itemizedlist>
+
+
+	<para><command>codepage.&lt;codepage&gt;</command> - These are the 
+	output (binary) codepage files produced  and placed in the Samba 
+	destination <filename>lib/codepage</filename> directory. </para>
+</refsect1>
+
+<refsect1>
+	<title>Installation</title>
+
+	<para>The location of the server and its support files is a 
+	matter for individual system administrators. The following are 
+	thus suggestions only. </para>
+
+	<para>It is recommended that the <command>make_smbcodepage
+	</command> program be installed under the <filename>/usr/local/samba
+	</filename> hierarchy, in a directory readable by all, writeable 
+	only by root. The program itself should be executable by all.  The 
+	program should NOT be setuid or setgid! </para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/make_unicodemap.1.sgml b/docs/docbook/manpages/make_unicodemap.1.sgml
new file mode 100755
index 00000000000..5e7292341b0
--- /dev/null
+++ b/docs/docbook/manpages/make_unicodemap.1.sgml
@@ -0,0 +1,172 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="make-unicodemap">
+
+<refmeta>
+	<refentrytitle>make_unicodemap</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>make_unicodemap</refname>
+	<refpurpose>construct a unicode map file for Samba</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>make_unicodemap</command>
+		<arg choice="req">codepage</arg>
+		<arg choice="req">inputfile</arg>
+		<arg choice="req">outputfile</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>
+	This tool is part of the <ulink url="samba.7.html">Samba</ulink> 
+	suite.
+	</para>
+
+	<para>
+	<command>make_unicodemap</command> compiles text unicode map 
+	files into binary unicode map files for use with the 
+	internationalization features of Samba 2.2.
+	</para>
+</refsect1>
+
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>codepage</term>
+		<listitem><para>This is the codepage or UNIX character 
+		set we are processing (a number, e.g. 850).
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>inputfile</term>
+		<listitem><para>This is the input file to process. This is a 
+		text unicode map file such as the ones found in the Samba
+		<filename>source/codepages</filename> directory. 
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>outputfile</term>
+		<listitem><para>This is the binary output file to produce. 
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>Samba Unicode Map Files</title>
+
+	<para>
+	A text Samba unicode map file is a description that tells Samba 
+	how to map characters from a specified DOS code page or UNIX character 
+	set to 16 bit unicode.
+	</para>
+
+	<para>A binary Samba unicode map file is a binary representation 
+	of the same information, including a value that specifies what 
+	codepage or UNIX character set this file is describing. 
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>Files</title>
+
+	<para><filename>CP&lt;codepage&gt;.TXT</filename></para> 
+
+	<para>
+	These are the input (text) unicode map files provided 
+	in the Samba <filename>source/codepages</filename> 
+	directory. 
+	</para>
+	
+	<para>
+	A text unicode map file consists of multiple lines 
+	containing two fields. These fields are :  
+	</para>
+	
+	<itemizedlist>
+		<listitem><para><parameter>character</parameter> - which is 
+		the (hex) character mapped on this line.
+		</para></listitem>
+		
+		<listitem><para><parameter>unicode</parameter> - which 
+		is the (hex) 16 bit unicode character that the character
+		will map to. 
+		</para></listitem>
+	</itemizedlist>
+
+	<para>
+	<filename>unicode_map.&lt;codepage&gt;</filename>  - These are 
+	the output (binary) unicode map files produced and placed in 
+	the Samba destination <filename>lib/codepage</filename> 
+	directory.
+	</para>
+</refsect1>
+
+
+<refsect1>
+	<title>Installation</title>
+
+	<para>
+	The location of the server and its support files is a matter
+	for individual system administrators. The following are thus 
+	suggestions only. 
+	</para>
+	
+	<para>
+	It is recommended that the <command>make_unicodemap</command> 
+	program be installed under the 
+	<filename>$prefix/samba</filename> hierarchy, 
+	in a directory readable by all, writeable only by root. The 
+	program itself should be executable by all.  The program
+	should NOT be setuid or setgid! 
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml
new file mode 100755
index 00000000000..c9ddc89bcbb
--- /dev/null
+++ b/docs/docbook/manpages/nmbd.8.sgml
@@ -0,0 +1,372 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="nmbd">
+
+<refmeta>
+	<refentrytitle>nmbd</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>nmbd</refname>
+	<refpurpose>NetBIOS name server to provide NetBIOS 
+	over IP naming services to clients</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>nmbd</command>
+		<arg choice="opt">-D</arg>
+		<arg choice="opt">-a</arg>
+		<arg choice="opt">-i</arg>
+		<arg choice="opt">-o</arg>
+		<arg choice="opt">-P</arg>
+		<arg choice="opt">-h</arg>
+		<arg choice="opt">-V</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-H &lt;lmhosts file&gt;</arg>
+		<arg choice="opt">-l &lt;log directory&gt;</arg>
+		<arg choice="opt">-n &lt;primary netbios name&gt;</arg>
+		<arg choice="opt">-p &lt;port number&gt;</arg>
+		<arg choice="opt">-s &lt;configuration file&gt;</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	<para>This program is part of the Samba suite.</para>
+
+	<para><command>nmbd</command> is a server that understands 
+	and can reply to NetBIOS over IP name service requests, like 
+	those produced by SMB/CIFS clients such as Windows 95/98/ME, 
+	Windows NT, Windows 2000, and LanManager clients. It also
+	participates in the browsing protocols which make up the 
+	Windows "Network Neighborhood" view.</para>
+
+	<para>SMB/CIFS clients, when they start up, may wish to 
+	locate an SMB/CIFS server. That is, they wish to know what 
+	IP number a specified host is using.</para>
+
+	<para>Amongst other services, <command>nmbd</command> will 
+	listen for such requests, and if its own NetBIOS name is 
+	specified it will respond with the IP number of the host it 
+	is running on.  Its "own NetBIOS name" is by
+	default the primary DNS name of the host it is running on, 
+	but this can be overridden with the <emphasis>-n</emphasis> 
+	option (see OPTIONS below). Thus <command>nmbd</command> will 
+	reply to broadcast queries for its own name(s). Additional
+	names for <command>nmbd</command> to respond on can be set 
+	via parameters in the <ulink url="smb.conf.5.html"><filename>
+	smb.conf(5)</filename></ulink> configuration file.</para>
+
+	<para><command>nmbd</command> can also be used as a WINS 
+	(Windows Internet Name Server) server. What this basically means 
+	is that it will act as a WINS database server, creating a 
+	database from name registration requests that it receives and 
+	replying to queries from clients for these names.</para>
+
+	<para>In addition, <command>nmbd</command> can act as a WINS 
+	proxy, relaying broadcast queries from clients that do 
+	not understand how to talk the WINS protocol to a WIN 
+	server.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-D</term>
+		<listitem><para>If specified, this parameter causes 
+		<command>nmbd</command> to operate as a daemon. That is, 
+		it detaches itself and runs in the background, fielding 
+		requests on the appropriate port. By default, <command>nmbd</command> 
+		will operate as a daemon if launched from a command shell. 
+		nmbd can also be operated from the <command>inetd</command> 
+		meta-daemon, although this is not recommended.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-a</term>
+		<listitem><para>If this parameter is specified, each new 
+		connection will append log messages to the log file.  
+		This is the default.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-i</term>
+		<listitem><para>If this parameter is specified it causes the
+		server to run "interactively", not as a daemon, even if the
+		server is executed on the command line of a shell. Setting this
+		parameter negates the implicit deamon mode when run from the
+		command line.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-o</term>
+		<listitem><para>If this parameter is specified, the 
+		log files will be overwritten when opened.  By default, 
+		<command>smbd</command> will append entries to the log 
+		files.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-h</term>
+		<listitem><para>Prints the help information (usage) 
+		for <command>nmbd</command>.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-H &lt;filename&gt;</term>
+		<listitem><para>NetBIOS lmhosts file.  The lmhosts 
+		file is a list of NetBIOS names to IP addresses that 
+		is loaded by the nmbd server and used via the name 
+		resolution mechanism <ulink url="smb.conf.5.html#nameresolveorder">
+		name resolve order</ulink> described in <ulink 
+		url="smb.conf.5.html"> <filename>smb.conf(5)</filename></ulink>
+		to resolve any NetBIOS name queries needed by the server. Note 
+		that the contents of this file are <emphasis>NOT</emphasis> 
+		used by <command>nmbd</command> to answer any name queries. 
+		Adding a line to this file affects name NetBIOS resolution 
+		from this host <emphasis>ONLY</emphasis>.</para>
+
+		<para>The default path to this file is compiled into 
+		Samba as part of the build process. Common defaults 
+		are <filename>/usr/local/samba/lib/lmhosts</filename>,
+		<filename>/usr/samba/lib/lmhosts</filename> or
+		<filename>/etc/lmhosts</filename>. See the <ulink url="lmhosts.5.html">
+		<filename>lmhosts(5)</filename></ulink> man page for details on the 
+		contents of this file.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-V</term>
+		<listitem><para>Prints the version number for 
+		<command>nmbd</command>.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-d &lt;debug level&gt;</term>
+		<listitem><para>debuglevel is an integer 
+		from 0 to 10.  The default value if this parameter is 
+		not specified is zero.</para>
+		
+		<para>The higher this value, the more detail will 
+		be logged to the log files about the activities of the 
+		server. At level 0, only critical errors and serious 
+		warnings will be logged. Level 1 is a reasonable level for
+		day to day running - it generates a small amount of 
+		information about operations carried out.</para>
+
+		<para>Levels above 1 will generate considerable amounts 
+		of log data, and should only be used when investigating 
+ 		a problem. Levels above 3 are designed for use only by developers 
+		and generate HUGE amounts of log data, most of which is extremely 
+		cryptic.</para>
+
+		<para>Note that specifying this parameter here will override 
+		the <ulink url="smb.conf.5.html#loglevel">log level</ulink> 
+		parameter in the <ulink url="smb.conf.5.html"><filename>
+		smb.conf</filename></ulink> file.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-l &lt;log directory&gt;</term>
+		<listitem><para>The -l parameter specifies a directory 
+		into which the "log.nmbd" log file will be created
+		for operational data from the running
+		<command>nmbd</command> server. The default log directory is compiled into Samba
+		as part of the build process. Common defaults are <filename>
+		/usr/local/samba/var/log.nmb</filename>, <filename>
+		/usr/samba/var/log.nmb</filename> or
+		<filename>/var/log/log.nmb</filename>.  <emphasis>Beware:</emphasis>
+                If the directory specified does not exist, <command>nmbd</command>
+                will log to the default debug log location defined at compile time.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-n &lt;primary NetBIOS name&gt;</term>
+		<listitem><para>This option allows you to override
+		the NetBIOS name that Samba uses for itself. This is identical 
+		to setting the <ulink url="smb.conf.5.html#netbiosname">
+		NetBIOS name</ulink> parameter in the <ulink url="smb.conf.5.html">	
+		<filename>smb.conf</filename></ulink> file.  However, a command
+		line setting will take precedence over settings in 
+		<filename>smb.conf</filename>.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-p &lt;UDP port number&gt;</term>
+		<listitem><para>UDP port number is a positive integer value.
+		This option changes the default UDP port number (normally 137)
+		that <command>nmbd</command> responds to name queries on. Don't
+		use this option unless you are an expert, in which case you
+		won't need help!</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-s &lt;configuration file&gt;</term>
+		<listitem><para>The default configuration file name
+		is set at build time, typically as <filename>
+		/usr/local/samba/lib/smb.conf</filename>, but
+		this may be changed when Samba is autoconfigured.</para>
+
+		<para>The file specified contains the configuration details
+		required by the server. See <ulink url="smb.conf.5.html">
+		<filename>smb.conf(5)</filename></ulink> for more information.
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>FILES</title>
+
+	<variablelist>
+		<varlistentry>
+		<term><filename>/etc/inetd.conf</filename></term>
+		<listitem><para>If the server is to be run by the
+		<command>inetd</command> meta-daemon, this file
+		must contain suitable startup information for the
+		meta-daemon. See the <ulink
+		url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document
+		for details.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/etc/rc</filename></term>
+		<listitem><para>or whatever initialization script your
+		system uses).</para>
+
+		<para>If running the server as a daemon at startup,
+		this file will need to contain an appropriate startup
+		sequence for the server. See the <ulink
+		url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document
+		for details.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/etc/services</filename></term>
+		<listitem><para>If running the server via the
+		meta-daemon <command>inetd</command>, this file
+		must contain a mapping of service name (e.g., netbios-ssn)
+		to service port (e.g., 139) and protocol type (e.g., tcp).
+		See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
+		document for details.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
+		<listitem><para>This is the default location of the
+		<ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink>
+		server configuration file. Other common places that systems
+		install this file are <filename>/usr/samba/lib/smb.conf</filename>
+		and <filename>/etc/smb.conf</filename>.</para>
+
+		<para>When run as a WINS server (see the
+		<ulink url="smb.conf.5.html#WINSSUPPORT">wins support</ulink>
+		parameter in the <filename>smb.conf(5)</filename> man page),
+		<command>nmbd</command>
+		will store the WINS database in the file <filename>wins.dat</filename>
+		in the <filename>var/locks</filename> directory configured under
+		wherever Samba was configured to install itself.</para>
+
+		<para>If <command>nmbd</command> is acting as a <emphasis>
+		browse master</emphasis> (see the <ulink
+		url="smb.conf.5.html#LOCALMASTER">local master</ulink>
+		parameter in the <filename>smb.conf(5)</filename> man page,
+		<command>nmbd</command>
+		will store the browsing database in the file <filename>browse.dat
+		</filename> in the <filename>var/locks</filename> directory
+		configured under wherever Samba was configured to install itself.
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>SIGNALS</title>
+
+	<para>To shut down an <command>nmbd</command> process it is recommended
+	that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last
+	resort, as this may leave the name database in an inconsistent state.
+	The correct way to terminate <command>nmbd</command> is to send it
+	a SIGTERM (-15) signal and wait for it to die on its own.</para>
+
+	<para><command>nmbd</command> will accept SIGHUP, which will cause
+	it to dump out its namelists into the file <filename>namelist.debug
+	</filename> in the <filename>/usr/local/samba/var/locks</filename>
+	directory (or the <filename>var/locks</filename> directory configured
+	under wherever Samba was configured to install itself). This will also
+	cause <command>nmbd</command> to dump out its server database in
+	the <filename>log.nmb</filename> file.</para>
+
+	<para>The debug log level of nmbd may be raised or lowered using
+	<ulink url="smbcontrol.1.html"><command>smbcontrol(1)</command>
+	</ulink> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
+	to allow transient problems to be diagnosed, whilst still running
+	at a normally low log level.</para>
+</refsect1>
+
+<refsect1>
+        <title>TROUBLESHOOTING</title>
+
+        <para>
+        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </para>
+</refsect1>
+
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><command>inetd(8)</command>, <ulink
+	url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename>
+	</ulink>, <ulink url="smbclient.1.html"><command>smbclient(1)
+	</command></ulink>, <ulink url="testparm.1.html"><command>
+	testparm(1)</command></ulink>, <ulink url="testprns.1.html">
+	<command>testprns(1)</command></ulink>, and the Internet RFC's
+	<filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. 
+	In addition the CIFS (formerly SMB) specification is available 
+	as a link from the Web page <ulink url="http://samba.org/cifs/"> 
+	http://samba.org/cifs/</ulink>.</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml
new file mode 100755
index 00000000000..502262ac730
--- /dev/null
+++ b/docs/docbook/manpages/nmblookup.1.sgml
@@ -0,0 +1,257 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="nmblookup">
+
+<refmeta>
+	<refentrytitle>nmblookup</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>nmblookup</refname>
+	<refpurpose>NetBIOS over TCP/IP client used to lookup NetBIOS 
+	names</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>nmblookup</command>
+		<arg choice="opt">-f</arg>
+		<arg choice="opt">-M</arg>
+		<arg choice="opt">-R</arg>
+		<arg choice="opt">-S</arg>
+		<arg choice="opt">-r</arg>
+		<arg choice="opt">-A</arg>
+		<arg choice="opt">-h</arg>
+		<arg choice="opt">-B &lt;broadcast address&gt;</arg>
+		<arg choice="opt">-U &lt;unicast address&gt;</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="opt">-i &lt;NetBIOS scope&gt;</arg>
+		<arg choice="opt">-T</arg>
+		<arg choice="req">name</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>nmblookup</command> is used to query NetBIOS names 
+	and map them to IP addresses in a network using NetBIOS over TCP/IP 
+	queries. The options allow the name queries to be directed at a 
+	particular IP broadcast area or to a particular machine. All queries 
+	are done over UDP.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-f</term>
+		<listitem><para>Causes nmblookup to print out the flags
+		in the NMB packet headers. These flags will print out as 
+		strings like Authoritative, Recursion_Desired, Recursion_available, etc.
+		</para></listitem>
+		</varlistentry>
+		<varlistentry>
+		<term>-M</term>
+		<listitem><para>Searches for a master browser by looking 
+		up the  NetBIOS name <replaceable>name</replaceable> with a 
+		type of <constant>0x1d</constant>. If <replaceable>
+		name</replaceable> is "-" then it does a lookup on the special name 
+		<constant>__MSBROWSE__</constant>.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-R</term>
+		<listitem><para>Set the recursion desired bit in the packet 
+		to do a recursive lookup. This is used when sending a name 
+		query to a machine running a WINS server and the user wishes 
+		to query the names in the WINS server.  If this bit is unset 
+		the normal (broadcast responding) NetBIOS processing code 
+		on a machine is used instead. See rfc1001, rfc1002 for details.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-S</term>
+		<listitem><para>Once the name query has returned an IP 
+		address then do a node status query as well. A node status 
+		query returns the NetBIOS names registered by a host.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-r</term> 
+		<listitem><para>Try and bind to UDP port 137 to send and receive UDP
+		datagrams. The reason for this option is a bug in Windows 95 
+		where it ignores the source port of the requesting packet 
+	 	and only replies to UDP port 137. Unfortunately, on most UNIX 
+		systems root privilege is needed to bind to this port, and 
+		in addition, if the <ulink url="nmbd.8.html">nmbd(8)</ulink> 
+		daemon is running on this machine it also binds to this port.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-A</term>
+		<listitem><para>Interpret <replaceable>name</replaceable> as 
+		an IP Address and do a node status query on this address.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-h</term> 
+		<listitem><para>Print a help (usage) message.</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-B &lt;broadcast address&gt;</term> 
+		<listitem><para>Send the query to the given broadcast address. Without 
+		this option the default behavior of nmblookup is to send the 
+		query to the broadcast address of the network interfaces as 
+		either auto-detected or defined in the <ulink 
+		url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter>
+		</ulink> parameter of the  <filename>smb.conf (5)</filename> file.
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-U &lt;unicast address&gt;</term>
+		<listitem><para>Do a unicast query to the specified address or 
+		host <replaceable>unicast address</replaceable>. This option 
+		(along with the <parameter>-R</parameter> option) is needed to 
+		query a WINS server.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-d &lt;debuglevel&gt;</term> 
+		<listitem><para>debuglevel is an integer from 0 to 10.</para>
+
+		<para>The default value if this parameter is not specified 
+		is zero.</para>
+
+		<para>The higher this value, the more detail will be logged 
+		about the activities of <command>nmblookup</command>. At level 
+		0, only critical errors and serious warnings will be logged.</para>
+
+		<para>Levels above 1 will generate considerable amounts of 
+		log data, and should only be used when investigating a problem. 
+		Levels above 3 are designed for use only by developers and 
+		generate HUGE amounts of data, most of which is extremely cryptic.</para>
+
+		<para>Note that specifying this parameter here will override 
+		the <ulink url="smb.conf.5.html#LOGLEVEL"><parameter>
+		log level</parameter></ulink> parameter in the <filename>
+		smb.conf(5)</filename> file.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-s &lt;smb.conf&gt;</term> 
+		<listitem><para>This parameter specifies the pathname to 
+		the Samba configuration file, <ulink url="smb.conf.5.html">
+		smb.conf(5)</ulink>.  This file controls all aspects of
+		the Samba setup on the machine.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-i &lt;scope&gt;</term> 
+		<listitem><para>This specifies a NetBIOS scope that
+		<command>nmblookup</command> will use to communicate with when 
+		generating NetBIOS names. For details on the use of NetBIOS 
+		scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are 
+		<emphasis>very</emphasis> rarely used, only set this parameter 
+		if you are the system administrator in charge of all the 
+		NetBIOS systems you communicate with.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-T</term> 
+		<listitem><para>This causes any IP addresses found in the 
+		lookup to be looked up via a reverse DNS lookup into a 
+		DNS name, and printed out before each</para>
+		
+		<para><emphasis>IP address .... NetBIOS name</emphasis></para>
+		
+		<para> pair that is the normal output.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>name</term>
+		<listitem><para>This is the NetBIOS name being queried. Depending 
+		upon the previous options this may be a NetBIOS name or IP address. 
+		If a NetBIOS name then the different name types may be specified 
+		by appending '#&lt;type&gt' to the name. This name may also be
+		'*', which will return all registered names within a broadcast 
+		area.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>EXAMPLES</title>
+
+		<para><command>nmblookup</command> can be used to query 
+		a WINS server (in the same way <command>nslookup</command> is 
+		used to query DNS servers). To query a WINS server, 
+		<command>nmblookup</command> must be called like this:</para>
+
+		<para><command>nmblookup -U server -R 'name'</command></para>
+
+		<para>For example, running :</para>
+
+		<para><command>nmblookup -U samba.org -R 'IRIX#1B'</command></para>
+
+		<para>would query the WINS server samba.org for the domain 
+		master browser (1B name type) for the IRIX workgroup.</para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, 
+	<ulink url="samba.7.html">samba(7)</ulink>, and	<ulink 
+	url="smb.conf.5.html">smb.conf(5)</ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml
new file mode 100755
index 00000000000..eeb1fb0d2c6
--- /dev/null
+++ b/docs/docbook/manpages/pdbedit.8.sgml
@@ -0,0 +1,290 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="pdbedit">
+
+<refmeta>
+	<refentrytitle>pdbedit</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>pdbedit</refname>
+	<refpurpose>manage the SAM database</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>pdbedit</command>
+		<arg choice="opt">-l</arg>	
+		<arg choice="opt">-v</arg>	
+		<arg choice="opt">-w</arg>	
+		<arg choice="opt">-u username</arg>	
+		<arg choice="opt">-f fullname</arg>	
+		<arg choice="opt">-h homedir</arg>	
+		<arg choice="opt">-d drive</arg>	
+		<arg choice="opt">-s script</arg>
+		<arg choice="opt">-p profile</arg>	
+		<arg choice="opt">-a</arg>	
+		<arg choice="opt">-m</arg>	
+		<arg choice="opt">-x</arg>	
+		<arg choice="opt">-i file</arg>	
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para>The pdbedit program is used to manage the users accounts
+	stored in the sam database and can be run only by root.</para>
+
+	<para>The pdbedit tool use the passdb modular interface and is
+	independent from the kind of users database used (currently there
+	are smbpasswd, ldap, nis+ and tdb based and more can be addedd
+	without changing the tool).</para>
+
+	<para>There are five main ways to use pdbedit: adding a user account,
+	removing a user account, modifing a user account, listing user
+	accounts, importing users accounts.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+	<variablelist>
+		<varlistentry>
+		<term>-l</term>
+		<listitem><para>This option list all the user accounts
+		present in the users database.
+		This option prints a list of user/uid pairs separated by
+		the ':' character.</para>
+
+		<para>Example: <command>pdbedit -l</command></para>
+		<para><programlisting>
+		sorce:500:Simo Sorce
+		samba:45:Test User
+		</programlisting></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-v</term>
+		<listitem><para>This option sets the verbose listing format.
+		It will make pdbedit list the users in the database printing
+		out the account fields in a descriptive format.</para>
+
+		<para>Example: <command>pdbedit -l -v</command></para>
+		<para><programlisting>
+		---------------
+		username:       sorce
+		user ID/Group:  500/500
+		user RID/GRID:  2000/2001
+		Full Name:      Simo Sorce
+		Home Directory: \\BERSERKER\sorce
+		HomeDir Drive:  H:
+		Logon Script:   \\BERSERKER\netlogon\sorce.bat
+		Profile Path:   \\BERSERKER\profile
+		---------------
+		username:       samba
+		user ID/Group:  45/45
+		user RID/GRID:  1090/1091
+		Full Name:      Test User
+		Home Directory: \\BERSERKER\samba
+		HomeDir Drive:  
+		Logon Script:   
+		Profile Path:   \\BERSERKER\profile
+		</programlisting></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-w</term>
+		<listitem><para>This option sets the "smbpasswd" listing format.
+		It will make pdbedit list the users in the database printing
+		out the account fields in a format compatible with the
+		<filename>smbpasswd</filename> file format. (see the <ulink
+		url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para>
+
+		<para>Example: <command>pdbedit -l -w</command></para>
+		<para><programlisting>
+		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
+		</programlisting></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-u username</term>
+		<listitem><para>This option specifies that the username to be
+		used for the operation requested (listing, adding, removing)
+		It is <emphasis>required</emphasis> in add, remove and modify
+		operations and <emphasis>optional</emphasis> in list
+		operations.</para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term>-f fullname</term>
+		<listitem><para>This option can be used while adding or
+		modifing a user account. It will specify the user's full
+		name. </para>
+
+		<para>Example: <command>-f "Simo Sorce"</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-h homedir</term>
+		<listitem><para>This option can be used while adding or
+		modifing a user account. It will specify the user's home
+		directory network path.</para>
+
+		<para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-d drive</term>
+		<listitem><para>This option can be used while adding or
+		modifing a user account. It will specify the windows drive
+		letter to be used to map the home directory.</para>
+
+		<para>Example: <command>-d "H:"</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-s script</term>
+		<listitem><para>This option can be used while adding or
+		modifing a user account. It will specify the user's logon
+		script path.</para>
+
+		<para>Example: <command>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-p profile</term>
+		<listitem><para>This option can be used while adding or
+		modifing a user account. It will specify the user's profile
+		directory.</para>
+
+		<para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-a</term>
+		<listitem><para>This option is used to add a user into the
+		database. This command need the user name be specified with
+		the -u switch. When adding a new user pdbedit will also
+		ask for the password to be used</para>
+
+		<para>Example: <command>pdbedit -a -u sorce</command>
+		<programlisting>new password:
+		retype new password</programlisting>
+                </para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-m</term>
+		<listitem><para>This option may only be used in conjunction 
+		with the <parameter>-a</parameter> option. It will make
+		pdbedit to add a machine trust account instead of a user
+		account (-u username will provide the machine name).</para>
+
+		<para>Example: <command>pdbedit -a -m -u w2k-wks</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-x</term>
+		<listitem><para>This option causes pdbedit to delete an account
+		from the database. It need the username be specified with the
+		-u switch.</para>
+
+		<para>Example: <command>pdbedit -x -u bob</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+		<varlistentry>
+		<term>-i file</term>
+		<listitem><para>This command is used to import a smbpasswd
+		file into the database.</para>
+
+		<para>This option will ease migration from the plain smbpasswd
+		file database to more powerful backend databases like tdb and
+		ldap.</para>
+
+		<para>Example: <command>pdbedit -i /etc/smbpasswd.old</command>
+		</para>
+		</listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>NOTES</title>
+	
+	<para>This command may be used only by root.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbpasswd.8.html">smbpasswd(8)</ulink>, 
+	<ulink url="samba.7.html">samba(7)</ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml
new file mode 100755
index 00000000000..773455fb2bf
--- /dev/null
+++ b/docs/docbook/manpages/rpcclient.1.sgml
@@ -0,0 +1,420 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="rpcclient">
+
+<refmeta>
+	<refentrytitle>rpcclient</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>rpcclient</refname>
+	<refpurpose>tool for executing client side 
+	MS-RPC functions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>rpcclient</command>
+		<arg choice="opt">-A authfile</arg>
+		<arg choice="opt">-c &lt;command string&gt;</arg>
+		<arg choice="opt">-d debuglevel</arg>
+		<arg choice="opt">-h</arg>
+		<arg choice="opt">-l logfile</arg>
+		<arg choice="opt">-N</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="opt">-U username[%password]</arg>
+		<arg choice="opt">-W workgroup</arg>
+		<arg choice="opt">-N</arg>
+		<arg choice="req">server</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>rpcclient</command> is a utility initially developed
+	to test MS-RPC functionality in Samba itself.  It has undergone 
+	several stages of development and stability.  Many system administrators
+	have now written scripts around it to manage Windows NT clients from 
+	their UNIX workstation. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>server</term>
+		<listitem><para>NetBIOS name of Server to which to connect. 
+		The server can be  any SMB/CIFS server.  The name is 
+		resolved using the <ulink url="smb.conf.5.html#NAMERESOLVEORDER">
+		<parameter>name resolve order</parameter></ulink> line from 
+		<filename>smb.conf(5)</filename>.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-A filename</term><listitem><para>This option allows 
+		you to specify a file from which to read the username and 
+		password used in the connection.  The format of the file is 
+		</para>
+		
+		<para><programlisting>
+		username = &lt;value&gt; 
+		password = &lt;value&gt;
+		domain   = &lt;value&gt;
+		</programlisting></para>
+	
+		<para>Make certain that the permissions on the file restrict 
+		access from unwanted users. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-c 'command string'</term>
+		<listitem><para>execute semicolon separated commands (listed 
+		below)) </para></listitem>
+		</varlistentry>
+		
+				
+		
+
+		<varlistentry>
+		<term>-d debuglevel</term>
+		<listitem><para>set the debuglevel. Debug level 0 is the lowest 
+		and 100 being the highest. This should be set to 100 if you are
+		planning on submitting a bug report to the Samba team (see <filename>BUGS.txt</filename>). 
+		</para></listitem>
+		</varlistentry>
+		
+	
+
+
+		<varlistentry>
+		<term>-h</term>
+		<listitem><para>Print a summary of command line options.
+		</para></listitem>
+		</varlistentry>
+
+
+
+		
+		<varlistentry>
+		<term>-l logbasename</term>
+		<listitem><para>File name for log/debug files. The extension 
+		<constant>'.client'</constant> will be appended. The log file is never removed  
+		by the client.
+		</para></listitem>
+		</varlistentry>
+
+
+		
+		<varlistentry>
+		<term>-N</term>
+		<listitem><para>instruct <command>rpcclient</command> not to ask 
+		for a password.   By default, <command>rpcclient</command> will prompt 
+		for a password.  See also the <parameter>-U</parameter> option.</para></listitem>
+		</varlistentry>
+
+		
+		<varlistentry>
+		<term>-s smb.conf</term>
+		<listitem><para>Specifies the location of the all important 
+		<filename>smb.conf</filename> file. </para></listitem>
+		</varlistentry>
+
+				
+
+		<varlistentry>
+		<term>-U username[%password]</term>
+		<listitem><para>Sets the SMB username or username and password. </para>
+		
+		<para>If %password is not specified, the user will be prompted. The 
+		client will first check the <envar>USER</envar> environment variable, then the 
+		<envar>LOGNAME</envar> variable and if either exists, the 
+		string is uppercased. If these environmental variables are not 
+		found, the username <constant>GUEST</constant> is used. </para>
+
+		<para>A third option is to use a credentials file which 
+		contains the plaintext of the username and password.  This 
+		option is mainly provided for scripts where the admin doesn't 
+		desire to pass the credentials on the command line or via environment 
+		variables. If this method is used, make certain that the permissions 
+		on the file restrict access from unwanted users.  See the 
+		<parameter>-A</parameter> for more details. </para>
+		
+		<para>Be cautious about including passwords in scripts. Also, on 
+		many systems the command line of a running process may be seen 
+		via the <command>ps</command> command.  To be safe always allow 
+		<command>rpcclient</command> to prompt for a password and type 
+		it in directly. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		
+		<varlistentry>
+		<term>-W domain</term>
+		<listitem><para>Set the SMB domain of the username.   This 
+		overrides the default domain which is the domain defined in 
+		smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
+		it causes the client to log on using the  server's local SAM (as 
+		opposed to the Domain SAM). </para></listitem>
+		</varlistentry>
+		
+						
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>COMMANDS</title>
+
+	<para><emphasis>LSARPC</emphasis></para>
+	<itemizedlist>
+		<listitem><para><command>lsaquery</command></para></listitem>
+		
+		<listitem><para><command>lookupsids</command> - Resolve a list 
+		of SIDs to usernames.
+		</para></listitem>
+		
+		<listitem><para><command>lookupnames</command> - Resolve s list 
+		of usernames to SIDs.
+		</para></listitem>
+		
+		<listitem><para><command>enumtrusts</command></para></listitem>
+	</itemizedlist>	
+	<para> </para>
+	
+
+
+	<para><emphasis>SAMR</emphasis></para>
+	<itemizedlist>
+		<listitem><para><command>queryuser</command></para></listitem>
+		<listitem><para><command>querygroup</command></para></listitem>
+		<listitem><para><command>queryusergroups</command></para></listitem>
+		<listitem><para><command>querygroupmem</command></para></listitem>
+		<listitem><para><command>queryaliasmem</command></para></listitem>
+		<listitem><para><command>querydispinfo</command></para></listitem>
+		<listitem><para><command>querydominfo</command></para></listitem>
+		<listitem><para><command>enumdomgroups</command></para></listitem>
+	</itemizedlist>
+	<para> </para>
+
+
+
+	<para><emphasis>SPOOLSS</emphasis></para>
+
+	<itemizedlist>
+		<listitem><para><command>adddriver &lt;arch&gt &lt;config&gt;</command> 
+		- Execute an AddPrinterDriver() RPC to install the printer driver 
+		information on the server.  Note that the driver files should 
+		already exist in the directory returned by  
+		<command>getdriverdir</command>.  Possible values for 
+		<parameter>arch</parameter> are the same as those for 
+		the <command>getdriverdir</command> command.
+		The <parameter>config</parameter> parameter is defined as 
+		follows: </para>
+		
+		<para><programlisting>
+		Long Printer Name:\
+		Driver File Name:\
+		Data File Name:\
+		Config File Name:\
+		Help File Name:\
+		Language Monitor Name:\
+		Default Data Type:\
+		Comma Separated list of Files
+		</programlisting></para>
+
+		<para>Any empty fields should be enter as the string "NULL". </para>
+		
+		<para>Samba does not need to support the concept of Print Monitors
+		since these only apply to local printers whose driver can make
+		use of a bi-directional link for communication.  This field should 
+		be "NULL".   On a remote NT print server, the Print Monitor for a 
+		driver must already be installed prior to adding the driver or 
+		else the RPC will fail. </para></listitem>
+
+
+		
+		
+		<listitem><para><command>addprinter &lt;printername&gt; 
+		&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</command> 
+		- Add a printer on the remote server.  This printer 
+ 		will be automatically shared.  Be aware that the printer driver 
+		must already be installed on the server (see <command>adddriver</command>) 
+		and the <parameter>port</parameter>must be a valid port name (see
+		<command>enumports</command>.</para>
+		</listitem>
+
+
+		<listitem><para><command>deldriver</command> - Delete the 
+		specified printer driver for all architectures.  This
+		does not delete the actual driver files from the server,
+		only the entry from the server's list of drivers.
+		</para></listitem>
+
+		<listitem><para><command>enumdata</command> - Enumerate all 
+		printer setting data stored on the server. On Windows NT  clients, 
+		these values are stored  in the registry, while Samba servers 
+		store them in the printers TDB.  This command corresponds
+		to the MS Platform SDK GetPrinterData() function (* This
+		command is currently unimplemented).</para></listitem>
+
+
+
+		<listitem><para><command>enumjobs &lt;printer&gt;</command> 
+		- List the jobs and status of a given printer.  
+		This command corresponds to the MS Platform SDK EnumJobs() 
+		function (* This command is currently unimplemented).</para></listitem>
+		
+
+
+		
+		<listitem><para><command>enumports [level]</command> 
+		- Executes an EnumPorts() call using the specified 
+		info level. Currently only info levels 1 and 2 are supported. 
+		</para></listitem>
+
+
+
+		<listitem><para><command>enumdrivers [level]</command> 
+		- Execute an EnumPrinterDrivers() call.  This lists the various installed 
+		printer drivers for all architectures.  Refer to the MS Platform SDK 
+		documentation for more details of the various flags and calling 
+		options. Currently supported info levels are 1, 2, and 3.</para></listitem>
+
+
+
+		<listitem><para><command>enumprinters [level]</command> 
+		- Execute an EnumPrinters() call.  This lists the various installed 
+		and share printers.  Refer to the MS Platform SDK documentation for 
+		more details of the various flags and calling options. Currently
+		supported info levels are 0, 1, and 2.</para></listitem>
+
+
+
+
+		<listitem><para><command>getdata &lt;printername&gt;</command> 
+		- Retrieve the data for a given printer setting.  See 
+		the  <command>enumdata</command> command for more information.  
+		This command corresponds to the GetPrinterData() MS Platform 
+		SDK function (* This command is currently unimplemented). </para></listitem>
+
+
+		
+		<listitem><para><command>getdriver &lt;printername&gt;</command> 
+		- Retrieve the printer driver information (such as driver file, 
+		config file, dependent files, etc...) for 
+		the given printer. This command corresponds to the GetPrinterDriver()
+		MS Platform  SDK function. Currently info level 1, 2, and 3 are supported.
+		</para></listitem>
+	
+
+		<listitem><para><command>getdriverdir &lt;arch&gt;</command> 
+		- Execute a GetPrinterDriverDirectory()
+		RPC to retreive the SMB share name and subdirectory for 
+		storing printer driver files for a given architecture.  Possible 
+		values for <parameter>arch</parameter> are "Windows 4.0" 
+		(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
+		Alpha_AXP", and "Windows NT R4000". </para></listitem>
+
+
+
+		<listitem><para><command>getprinter &lt;printername&gt;</command> 
+		- Retrieve the current printer information.  This command 
+		corresponds to the GetPrinter() MS Platform SDK function. 
+		</para></listitem>
+
+
+		
+		<listitem><para><command>openprinter &lt;printername&gt;</command> 
+		- Execute an OpenPrinterEx() and ClosePrinter() RPC 
+		against a given printer. </para></listitem> 
+
+
+		<listitem><para><command>setdriver &lt;printername&gt; &lt;drivername&gt;</command> 
+		- Execute a SetPrinter() command to update the printer driver associated
+		with an installed printer.  The printer driver must already be correctly
+		installed on the print server.  </para>
+
+		<para>See also the <command>enumprinters</command> and 
+		<command>enumdrivers</command> commands for obtaining a list of
+		of installed printers and drivers.</para></listitem>
+
+	</itemizedlist>
+
+
+	<para><emphasis>GENERAL OPTIONS</emphasis></para>
+
+	<itemizedlist>
+		<listitem><para><command>debuglevel</command> - Set the current debug level
+		used to log information.</para></listitem>
+
+		<listitem><para><command>help (?)</command> - Print a listing of all 
+		known commands or extended help  on a particular command. 
+		</para></listitem>
+		
+		<listitem><para><command>quit (exit)</command> - Exit <command>rpcclient
+		</command>.</para></listitem>
+	</itemizedlist>
+
+
+</refsect1>
+
+<refsect1>
+	<title>BUGS</title>
+	
+	<para><command>rpcclient</command> is designed as a developer testing tool 
+	and may not be robust in certain areas (such as command line parsing).  
+	It has been known to  generate a core dump upon failures when invalid 
+	parameters where passed to the interpreter. </para>
+
+	<para>From Luke Leighton's original rpcclient man page:</para>
+	
+	<para><emphasis>"WARNING!</emphasis> The MSRPC over SMB code has 
+	been developed from examining  Network traces. No documentation is 
+	available from the original creators  (Microsoft) on how MSRPC over 
+	SMB works, or how the individual MSRPC services  work. Microsoft's 
+	implementation of these services has been demonstrated  (and reported) 
+	to be... a bit flaky in places. </para>
+
+	<para>The development of Samba's implementation is also a bit rough, 
+	and as more  of the services are understood, it can even result in 
+	versions of  <command>smbd(8)</command> and <command>rpcclient(1)</command> 
+	that are incompatible for some commands or  services. Additionally, 
+	the developers are sending reports to Microsoft,  and problems found 
+	or reported to Microsoft are fixed in Service Packs,  which may 
+	result in incompatibilities." </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of the Samba 
+	suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original rpcclient man page was written by Matthew 
+	Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
+	The conversion to DocBook for Samba 2.2 was done by Gerald 
+	Carter.</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml
new file mode 100755
index 00000000000..5d81d9d4468
--- /dev/null
+++ b/docs/docbook/manpages/samba.7.sgml
@@ -0,0 +1,213 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="samba">
+
+<refmeta>
+	<refentrytitle>samba</refentrytitle>
+	<manvolnum>7</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>SAMBA</refname>
+	<refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis><command>Samba</command></cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	
+	<para>The Samba software suite is a collection of programs 
+	that implements the Server Message Block (commonly abbreviated 
+	as SMB) protocol for UNIX systems. This protocol is sometimes 
+	also referred to as the Common Internet File System (CIFS), 
+	LanManager or NetBIOS protocol.</para>
+	
+	<variablelist>
+		<varlistentry>
+		<term><command>smbd</command></term>
+		<listitem><para>The <command>smbd </command>
+		daemon provides the file and print services to 
+		SMB clients, such as Windows 95/98, Windows NT, Windows 
+		for Workgroups or LanManager. The configuration file 
+		for this daemon is described in <filename>smb.conf</filename>
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term><command>nmbd</command></term>
+		<listitem><para>The <command>nmbd</command>
+		daemon provides NetBIOS nameserving and browsing
+		support. The configuration file for this daemon 
+		is described in <filename>smb.conf</filename></para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>smbclient</command></term>
+		<listitem><para>The <command>smbclient</command>
+		program implements a simple ftp-like client. This 
+		is useful for accessing SMB shares on other compatible
+		servers (such as Windows NT), and can also be used 
+		to allow a UNIX box to print to a printer attached to 
+		any SMB server (such as a PC running Windows NT).</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>testparm</command></term>
+		<listitem><para>The <command>testparm</command>
+		utility is a simple syntax checker for Samba's
+		<filename>smb.conf</filename>configuration file.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>testprns</command></term>
+		<listitem><para>The <command>testprns</command>
+		utility supports testing printer names defined 
+		in your <filename>printcap></filename> file used 
+		by Samba.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>smbstatus</command></term>
+		<listitem><para>The <command>smbstatus</command>
+		tool provides access to information about the 
+		current connections to <command>smbd</command>.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>nmblookup</command></term>
+		<listitem><para>The <command>nmblookup</command>
+		tools allows NetBIOS name queries to be made 
+		from a UNIX host.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>make_smbcodepage</command></term>
+		<listitem><para>The <command>make_smbcodepage</command>
+		utility provides a means of creating SMB code page 
+		definition files for your <command>smbd</command> server.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><command>smbpasswd</command></term>
+		<listitem><para>The <command>smbpasswd</command>
+		command is a tool for changing LanMan and Windows NT 
+		password hashes on Samba and Windows NT servers.</para>
+		</listitem>
+		</varlistentry>
+
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>COMPONENTS</title>
+	
+	<para>The Samba suite is made up of several components. Each 
+	component is described in a separate manual page. It is strongly 
+	recommended that you read the documentation that comes with Samba 
+	and the manual pages of those components that you use. If the 
+	manual pages aren't clear enough then please send a patch or 
+	bug report to <ulink url="mailto:samba@samba.org">
+	samba@samba.org</ulink></para>
+	
+	
+
+</refsect1>
+
+<refsect1>
+	<title>AVAILABILITY</title>
+	
+	<para>The Samba software suite is licensed under the 
+	GNU Public License(GPL). A copy of that license should 
+	have come with the package in the file COPYING. You are 
+	encouraged to distribute copies of the Samba suite, but 
+	please obey the terms of this license.</para>
+
+	<para>The latest version of the Samba suite can be 
+	obtained via anonymous ftp from samba.org in the
+	directory pub/samba/. It is also available on several 
+	mirror sites worldwide.</para>
+	
+	<para>You may also find useful information about Samba 
+	on the newsgroup <ulink url="news:comp.protocols.smb">
+	comp.protocol.smb</ulink> and the Samba mailing 
+	list. Details on how to join the mailing list are given in 
+	the README file that comes with Samba.</para>
+	
+	<para>If you have access to a WWW viewer (such as Netscape 
+	or Mosaic) then you will also find lots of useful information, 
+	including back issues of the Samba mailing list, at
+	<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+	
+	<para>This man page is correct for version 2.2 of the 
+	Samba suite. </para>
+</refsect1>
+
+<refsect1>
+	<title>CONTRIBUTIONS</title>
+	
+	<para>If you wish to contribute to the Samba project, 
+	then I suggest you join the Samba mailing list at 
+	<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.
+	</para>
+
+	<para>If you have patches to submit or bugs to report 
+	then you may mail them directly to samba-patches@samba.org.
+	Note, however, that due to the enormous popularity of this 
+	package the Samba Team may take some time to respond to mail. We 
+	prefer patches in <command>diff -u</command> format.</para>
+</refsect1>
+
+<refsect1>
+	<title>CONTRIBUTORS</title>
+	
+	<para>Contributors to the project are now too numerous 
+	to mention here but all deserve the thanks of all Samba 
+	users. To see a full list, look at <ulink
+	url="ftp://samba.org/pub/samba/alpha/change-log">
+	ftp://samba.org/pub/samba/alpha/change-log</ulink>
+	for the pre-CVS changes and at <ulink 
+	url="ftp://samba.org/pub/samba/alpha/cvs.log">
+	ftp://samba.org/pub/samba/alpha/cvs.log</ulink>
+	for the contributors to Samba post-CVS. CVS is the Open Source 
+	source code control system used by the Samba Team to develop 
+	Samba. The project would have been unmanageable without it.</para>
+	
+	<para>In addition, several commercial organizations now help 
+	fund the Samba Team with money and equipment. For details see 
+	the Samba Web pages at <ulink
+	url="http://samba.org/samba/samba-thanks.html">
+	http://samba.org/samba/samba-thanks.html</ulink>.</para> 
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
new file mode 100755
index 00000000000..73df2b7459f
--- /dev/null
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -0,0 +1,8856 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smb.conf">
+
+<refmeta>
+	<refentrytitle>smb.conf</refentrytitle>
+	<manvolnum>5</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smb.conf</refname>
+	<refpurpose>The configuration file for the Samba suite</refpurpose>
+</refnamediv>
+
+<refsect1>
+	<title>SYNOPSIS</title>
+
+	<para>The <filename>smb.conf</filename> file is a configuration 
+	file for the Samba suite. <filename>smb.conf</filename> contains 
+	runtime configuration information for the Samba programs. The
+	<filename>smb.conf</filename> file is designed to be configured and 
+	administered by the <ulink url="swat.8.html"><command>swat(8)</command>
+	</ulink> program. The complete description of the file format and 
+	possible parameters held within are here for reference purposes.</para>
+</refsect1>
+
+<refsect1>
+	<title id="FILEFORMATSECT">FILE FORMAT</title>
+
+	<para>The file consists of sections and parameters. A section 
+	begins with the name of the section in square brackets and continues 
+	until the next section begins. Sections contain parameters of the 
+	form</para>
+
+	<para><replaceable>name</replaceable> = <replaceable>value
+	</replaceable></para>
+
+	<para>The file is line-based - that is, each newline-terminated 
+	line represents either a comment, a section name or a parameter.</para>
+
+	<para>Section and parameter names are not case sensitive.</para>
+
+	<para>Only the first equals sign in a parameter is significant. 
+	Whitespace before or after the first equals sign is discarded.
+	Leading, trailing and internal whitespace in section and parameter 
+	names is irrelevant. Leading and trailing whitespace in a parameter 
+	value is discarded. Internal whitespace within a parameter value 
+	is retained verbatim.</para>
+
+	<para>Any line beginning with a semicolon (';') or a hash ('#') 
+	character is ignored, as are lines containing only whitespace.</para>
+
+	<para>Any line ending in a '\' is continued
+	on the next line in the customary UNIX fashion.</para>
+
+	<para>The values following the equals sign in parameters are all 
+	either a string (no quotes needed) or a boolean, which may be given 
+	as yes/no, 0/1 or true/false. Case is not significant in boolean 
+	values, but is preserved in string values. Some items such as 
+	create modes are numeric.</para>
+</refsect1>
+
+<refsect1>
+	<title>SECTION DESCRIPTIONS</title>
+
+	<para>Each section in the configuration file (except for the
+	[global] section) describes a shared resource (known
+	as a "share"). The section name is the name of the 
+	shared resource and the parameters within the section define 
+	the shares attributes.</para>
+
+	<para>There are three special sections, [global],
+	[homes] and [printers], which are
+	described under <emphasis>special sections</emphasis>. The
+	following notes apply to ordinary section descriptions.</para>
+
+	<para>A share consists of a directory to which access is being 
+	given plus a description of the access rights which are granted 
+	to the user of the service. Some housekeeping options are 
+	also specifiable.</para>
+	
+	<para>Sections are either file share services (used by the 
+	client as an extension of their native file systems) or 
+	printable services (used by the client to access print services 
+	on the host running the server).</para>
+	
+	<para>Sections may be designated <emphasis>guest</emphasis> services,
+	in which case no password is required to access them. A specified 
+	UNIX <emphasis>guest account</emphasis> is used to define access
+	privileges in this case.</para>
+
+	<para>Sections other than guest services will require a password 
+	to access them. The client provides the username. As older clients 
+	only provide passwords and not usernames, you may specify a list 
+	of usernames to check against the password using the "user =" 
+	option in the share definition. For modern clients such as 
+	Windows 95/98/ME/NT/2000, this should not be necessary.</para>
+
+	<para>Note that the access rights granted by the server are 
+	masked by the access rights granted to the specified or guest 
+	UNIX user by the host system. The server does not grant more
+	access than the host system grants.</para>
+	
+	<para>The following sample section defines a file space share. 
+	The user has write access to the path <filename>/home/bar</filename>. 
+	The share is accessed via the share name "foo":</para>
+
+	<screen>
+	<computeroutput>
+ 	[foo]
+ 		path = /home/bar
+ 		read only = no
+	</computeroutput>
+	</screen>
+
+	<para>The following sample section defines a printable share. 
+	The share is readonly, but printable. That is, the only write 
+	access permitted is via calls to open, write to and close a 
+	spool file. The <emphasis>guest ok</emphasis> parameter means 
+	access will be permitted as the default guest user (specified 
+	elsewhere):</para>
+
+	<screen>
+	<computeroutput>
+ 	[aprinter]
+ 		path = /usr/spool/public
+ 		read only = yes
+ 		printable = yes
+ 		guest ok = yes
+	</computeroutput>
+	</screen>
+</refsect1>
+
+<refsect1>
+	<title>SPECIAL SECTIONS</title>
+	
+	<refsect2>
+		<title>The [global] section</title>
+		
+		<para>parameters in this section apply to the server 
+		as a whole, or are defaults for sections which do not 
+		specifically define certain items. See the notes
+		under PARAMETERS for more information.</para>
+	</refsect2>
+	
+	<refsect2>
+		<title id="HOMESECT">The [homes] section</title>
+		
+		<para>If a section called homes is included in the 
+		configuration file, services connecting clients to their 
+		home directories can be created on the fly by the server.</para>
+
+		<para>When the connection request is made, the existing 
+		sections are scanned. If a match is found, it is used. If no 
+		match is found, the requested section name is treated as a 
+		user name and looked up in the local password file. If the 
+		name exists and the correct password has been given, a share is 
+		created by cloning the [homes] section.</para>
+		
+		<para>Some modifications are then made to the newly 
+		created share:</para>
+		
+		<itemizedlist>
+		<listitem><para>The share name is changed from homes to 
+		the located username.</para></listitem>
+
+		<listitem><para>If no path was given, the path is set to
+		the user's home directory.</para></listitem>
+		</itemizedlist>
+
+		<para>If you decide to use a <emphasis>path =</emphasis> line 
+		in your [homes] section then you may find it useful 
+		to use the %S macro. For example :</para>
+
+		<para><userinput>path = /data/pchome/%S</userinput></para>
+
+		<para>would be useful if you have different home directories 
+		for your PCs than for UNIX access.</para>
+
+		<para>This is a fast and simple way to give a large number 
+		of clients access to their home directories with a minimum 
+		of fuss.</para>
+
+		<para>A similar process occurs if the requested section 
+		name is "homes", except that the share name is not 
+		changed to that of the requesting user. This method of using
+		the [homes] section works well if different users share 
+		a client PC.</para>
+		
+		<para>The [homes] section can specify all the parameters 
+		a normal service section can specify, though some make more sense 
+		than others. The following is a typical and suitable [homes]
+		section:</para>
+
+		<screen>
+		<computeroutput>
+	 	[homes]
+ 			read only = no
+		</computeroutput>
+		</screen>
+	
+		<para>An important point is that if guest access is specified 
+		in the [homes] section, all home directories will be 
+		visible to all clients <emphasis>without a password</emphasis>. 
+		In the very unlikely event that this is actually desirable, it 
+		would be wise to also specify <emphasis>read only
+		access</emphasis>.</para>
+
+		<para>Note that the <emphasis>browseable</emphasis> flag for 
+		auto home directories will be inherited from the global browseable 
+		flag, not the [homes] browseable flag. This is useful as 
+		it means setting <emphasis>browseable = no</emphasis> in
+		the [homes] section will hide the [homes] share but make
+		any auto home directories visible.</para>
+	</refsect2>
+
+	<refsect2>
+		<title id="PRINTERSSECT">The [printers] section</title>
+		
+		<para>This section works like [homes], 
+		but for printers.</para>
+
+		<para>If a [printers] section occurs in the 
+		configuration file, users are able to connect to any printer 
+		specified in the local host's printcap file.</para>
+
+		<para>When a connection request is made, the existing sections 
+		are scanned. If a match is found, it is used. If no match is found, 
+		but a [homes] section exists, it is used as described
+		above. Otherwise, the requested section name is treated as a
+		printer name and the appropriate printcap file is scanned to see 
+		if the requested section name is a valid printer share name. If 
+		a match is found, a new printer share is created by cloning 
+		the [printers] section.</para>
+
+		<para>A few modifications are then made to the newly created 
+		share:</para>
+
+		<itemizedlist>
+		<listitem><para>The share name is set to the located printer 
+		name</para></listitem>
+
+		<listitem><para>If no printer name was given, the printer name 
+		is set to the located printer name</para></listitem>
+
+		<listitem><para>If the share does not permit guest access and 
+		no username was given, the username is set to the located 
+		printer name.</para></listitem>
+		</itemizedlist>
+
+		<para>Note that the [printers] service MUST be 
+		printable - if you specify otherwise, the server will refuse 
+		to load the configuration file.</para>
+		
+		<para>Typically the path specified would be that of a 
+		world-writeable spool directory with the sticky bit set on 
+		it. A typical [printers] entry would look like 
+		this:</para>
+
+		<screen><computeroutput>
+	 	[printers]
+ 			path = /usr/spool/public
+ 			guest ok = yes
+ 			printable = yes 
+		</computeroutput></screen>
+
+		<para>All aliases given for a printer in the printcap file 
+		are legitimate printer names as far as the server is concerned. 
+		If your printing subsystem doesn't work like that, you will have 
+		to set up a pseudo-printcap. This is a file consisting of one or 
+		more lines like this:</para>
+
+		<screen>
+		<computeroutput>
+	        alias|alias|alias|alias...    
+		</computeroutput>
+		</screen>
+
+		<para>Each alias should be an acceptable printer name for 
+		your printing subsystem. In the [global] section, specify 
+		the new file as your printcap.  The server will then only recognize 
+		names found in your pseudo-printcap, which of course can contain 
+		whatever aliases you like. The same technique could be used 
+		simply to limit access to a subset of your local printers.</para>
+
+		<para>An alias, by the way, is defined as any component of the 
+		first entry of a printcap record. Records are separated by newlines,
+		components (if there are more than one) are separated by vertical 
+		bar symbols ('|').</para>
+		
+		<para>NOTE: On SYSV systems which use lpstat to determine what 
+		printers are defined on the system you may be able to use
+		"printcap name = lpstat" to automatically obtain a list 
+		of printers. See the "printcap name" option 
+		for more details.</para>
+	</refsect2>
+</refsect1>
+
+<refsect1>
+	<title>PARAMETERS</title>
+
+	<para>parameters define the specific attributes of sections.</para>
+
+	<para>Some parameters are specific to the [global] section
+	(e.g., <emphasis>security</emphasis>).  Some parameters are usable 
+	in all sections (e.g., <emphasis>create mode</emphasis>). All others 
+	are permissible only in normal sections. For the purposes of the 
+	following descriptions the [homes] and [printers]
+	sections will be considered normal.  The letter <emphasis>G</emphasis> 
+	in parentheses indicates that a parameter is specific to the
+	[global] section. The letter <emphasis>S</emphasis>
+	indicates that a parameter can be specified in a service specific
+	section. Note that all <emphasis>S</emphasis> parameters can also be specified in 
+	the [global] section - in which case they will define
+	the default behavior for all services.</para>
+
+	<para>parameters are arranged here in alphabetical order - this may 
+	not create best bedfellows, but at least you can find them! Where
+	there are synonyms, the preferred synonym is described, others refer 
+	to the preferred synonym.</para>
+</refsect1>
+
+<refsect1>
+	<title>VARIABLE SUBSTITUTIONS</title>
+
+	<para>Many of the strings that are settable in the config file 
+	can take substitutions. For example the option "path =
+	/tmp/%u" would be interpreted as "path = 
+	/tmp/john" if the user connected with the username john.</para>
+
+	<para>These substitutions are mostly noted in the descriptions below, 
+	but there are some general substitutions which apply whenever they 
+	might be relevant. These are:</para>
+
+	<variablelist>
+		<varlistentry>
+		<term>%S</term>
+		<listitem><para>the name of the current service, if any.</para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%P</term>
+		<listitem><para>the root directory of the current service, 
+		if any.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%u</term>
+		<listitem><para>user name of the current service, if any.</para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%g</term>
+		<listitem><para>primary group name of %u.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%U</term>
+		<listitem><para>session user name (the user name that the client 
+		wanted, not necessarily the same as the one they got).</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%G</term>
+		<listitem><para>primary group name of %U.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>%H</term>
+		<listitem><para>the home directory of the user given 
+		by %u.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%v</term>
+		<listitem><para>the Samba version.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%h</term>
+		<listitem><para>the Internet hostname that Samba is running 
+		on.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>%m</term>
+		<listitem><para>the NetBIOS name of the client machine 
+		(very useful).</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%L</term>
+		<listitem><para>the NetBIOS name of the server. This allows you 
+		to change your config based on what the client calls you. Your 
+		server can have a "dual personality".</para>
+
+                <para>Note that this paramater is not available when Samba listens
+                on port 445, as clients no longer send this information </para>
+                </listitem>
+
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%M</term>
+		<listitem><para>the Internet name of the client machine.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%N</term>
+		<listitem><para>the name of your NIS home directory server.  
+		This is obtained from your NIS auto.map entry.  If you have 
+		not compiled Samba with the <emphasis>--with-automount</emphasis> 
+		option then this value will be the same as %L.</para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%p</term>
+		<listitem><para>the path of the service's home directory, 
+		obtained from your NIS auto.map entry. The NIS auto.map entry 
+		is split up as "%N:%p".</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%R</term>
+		<listitem><para>the selected protocol level after 
+		protocol negotiation. It can be one of CORE, COREPLUS, 
+		LANMAN1, LANMAN2 or NT1.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>%d</term>
+		<listitem><para>The process id of the current server
+		process.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%a</term>
+		<listitem><para>the architecture of the remote
+		machine. Only some are recognized, and those may not be 
+		100% reliable. It currently recognizes Samba, "WfWg", "Win95",
+		"WinNT", "Win2K", WinXP, and "Win2K3". Anything else will be known as 
+		"UNKNOWN". If it gets it wrong then sending a level 
+		3 log to <ulink url="mailto:samba@samba.org">samba@samba.org
+		</ulink> should allow it to be fixed.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%I</term>
+		<listitem><para>The IP address of the client machine.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>%T</term>
+		<listitem><para>the current date and time.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>%$(<replaceable>envvar</replaceable>)</term>
+		<listitem><para>The value of the environment variable
+		<replaceable>envar</replaceable>.</para></listitem>
+		</varlistentry>
+	</variablelist>
+
+	<para>There are some quite creative things that can be done 
+	with these substitutions and other smb.conf options.</para
+</refsect1>
+
+<refsect1>
+	<title id="NAMEMANGLINGSECT">NAME MANGLING</title>
+	
+	<para>Samba supports "name mangling" so that DOS and 
+	Windows clients can use files that don't conform to the 8.3 format. 
+	It can also be set to adjust the case of 8.3 format filenames.</para>
+
+	<para>There are several options that control the way mangling is 
+	performed, and they are grouped here rather than listed separately. 
+	For the defaults look at the output of the testparm program. </para>
+
+	<para>All of these options can be set separately for each service 
+	(or globally, of course). </para>
+
+	<para>The options are: </para>
+	
+	<variablelist>
+	
+	<varlistentry>
+		<term>mangling method</term>
+		<listitem><para> controls the algorithm used for the generating
+		the mangled names. Can take two different values, "hash" and
+		"hash2". "hash" is  the default and is the algorithm that has been
+		used in Samba for many years. "hash2" is a newer and considered
+		a better algorithm (generates less collisions) in the names.
+		However, many Win32 applications store the
+		mangled names and so changing to the new algorithm must not be done
+		lightly as these applications may break unless reinstalled.
+		New installations of Samba may set the default to hash2.
+		Default <emphasis>hash</emphasis>.</para></listitem>
+		</varlistentry>
+		
+	
+		<varlistentry>
+		<term>mangle case = yes/no</term>
+		<listitem><para> controls if names that have characters that 
+		aren't of the "default" case are mangled. For example, 
+		if this is yes then a name like "Mail" would be mangled. 
+		Default <emphasis>no</emphasis>.</para></listitem>
+		</varlistentry> 
+	
+		<varlistentry>
+		<term>case sensitive = yes/no</term>
+		<listitem><para>controls whether filenames are case sensitive. If 
+		they aren't then Samba must do a filename search and match on passed 
+		names. Default <emphasis>no</emphasis>.</para></listitem>
+		</varlistentry> 
+
+		<varlistentry>
+		<term>default case = upper/lower</term>
+		<listitem><para>controls what the default case is for new 
+		filenames. Default <emphasis>lower</emphasis>.</para></listitem>
+		</varlistentry> 
+	
+		<varlistentry>
+		<term>preserve case = yes/no</term>
+		<listitem><para>controls if new files are created with the 
+		case that the client passes, or if they are forced to be the 
+		"default" case. Default <emphasis>yes</emphasis>.
+		</para></listitem>
+		</varlistentry> 
+
+		<varlistentry>
+		<term>short preserve case = yes/no</term>
+		<listitem><para>controls if new files which conform to 8.3 syntax,
+		that is all in upper case and of suitable length, are created 
+		upper case, or if they are forced to be the "default" 
+		case. This option can be use with "preserve case = yes" 
+		to permit long filenames to retain their case, while short names 
+		are lowercased. Default <emphasis>yes</emphasis>.</para></listitem>
+		</varlistentry> 
+	</variablelist>
+	
+	<para>By default, Samba 2.2 has the same semantics as a Windows 
+	NT server, in that it is case insensitive but case preserving.</para>
+	
+</refsect1>
+
+<refsect1>
+	<title id="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</title>
+
+	<para>There are a number of ways in which a user can connect 
+	to a service. The server uses the following steps in determining 
+	if it will allow a connection to a specified service. If all the 
+	steps fail, then the connection request is rejected.  However, if one of the 
+	steps succeeds, then the following steps are not checked.</para>
+
+	<para>If the service is marked "guest only = yes" and the
+	server is running with share-level security ("security = share")
+	then steps 1 to 5 are skipped.</para>
+
+
+	<orderedlist numeration="Arabic">
+		<listitem><para>If the client has passed a username/password 
+		pair and that username/password pair is validated by the UNIX 
+		system's password programs then the connection is made as that 
+		username. Note that this includes the 
+		\\server\service%<replaceable>username</replaceable> method of passing 
+		a username.</para></listitem>
+
+		<listitem><para>If the client has previously registered a username 
+		with the system and now supplies a correct password for that 
+		username then the connection is allowed.</para></listitem>
+		
+		<listitem><para>The client's NetBIOS name and any previously 
+		used user names are checked against the supplied password, if 
+		they match then the connection is allowed as the corresponding 
+		user.</para></listitem>
+		
+		<listitem><para>If the client has previously validated a
+		username/password pair with the server and the client has passed 
+		the validation token then that username is used. </para></listitem>
+
+		<listitem><para>If a "user = " field is given in the
+		<filename>smb.conf</filename> file for the service and the client 
+		has supplied a password, and that password matches (according to 
+		the UNIX system's password checking) with one of the usernames 
+		from the "user =" field then the connection is made as 
+		the username in the "user =" line. If one 
+		of the username in the "user =" list begins with a
+		'@' then that name expands to a list of names in 
+		the group of the same name.</para></listitem>
+
+		<listitem><para>If the service is a guest service then a 
+		connection is made as the username given in the "guest 
+		account =" for the service, irrespective of the 
+		supplied password.</para></listitem>
+	</orderedlist>
+
+</refsect1>
+
+<refsect1>
+	<title>COMPLETE LIST OF GLOBAL PARAMETERS</title>
+
+	<para>Here is a list of all global parameters. See the section of 
+	each parameter for details.  Note that some are synonyms.</para>
+
+	<itemizedlist>
+		<listitem><para><link linkend="ACLCOMPATIBILITY"><parameter>acl compatibility</parameter></link></para></listitem>
+		<listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>add printer command</parameter></link></para></listitem>
+		<listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem>
+		<listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem>
+		<listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem>
+		<listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem>
+		<listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem>
+		<listitem><para><link linkend="AUTOSERVICES"><parameter>auto services</parameter></link></para></listitem>
+		<listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem>
+		<listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem>
+		<listitem><para><link linkend="CHANGENOTIFYTIMEOUT"><parameter>change notify timeout</parameter></link></para></listitem>
+		<listitem><para><link linkend="CHANGESHARECOMMAND"><parameter>change share command</parameter></link></para></listitem>
+		<listitem><para><link linkend="CHARACTERSET"><parameter>character set</parameter></link></para></listitem>
+		<listitem><para><link linkend="CLIENTCODEPAGE"><parameter>client code page</parameter></link></para></listitem>
+		<listitem><para><link linkend="CODEPAGEDIRECTORY"><parameter>code page directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="CODINGSYSTEM"><parameter>coding system</parameter></link></para></listitem>
+		<listitem><para><link linkend="CONFIGFILE"><parameter>config file</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEADTIME"><parameter>deadtime</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEBUGHIRESTIMESTAMP"><parameter>debug hires timestamp</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEBUGPID"><parameter>debug pid</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEBUGTIMESTAMP"><parameter>debug timestamp</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEBUGUID"><parameter>debug uid</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEBUGLEVEL"><parameter>debuglevel</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEFAULT"><parameter>default</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEFAULTSERVICE"><parameter>default service</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer command</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETESHARECOMMAND"><parameter>delete share command</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETEUSERSCRIPT"><parameter>delete user script</parameter></link></para></listitem>
+		<listitem><para><link linkend="DFREECOMMAND"><parameter>dfree command</parameter></link></para></listitem>
+		<listitem><para><link linkend="DISABLESPOOLSS"><parameter>disable spoolss</parameter></link></para></listitem>
+		<listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOMAINADMINGROUP"><parameter>domain admin group</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOMAINGUESTGROUP"><parameter>domain guest group</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem>
+		<listitem><para><link linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter></link></para></listitem>
+		<listitem><para><link linkend="ENHANCEDBROWSING"><parameter>enhanced browsing</parameter></link></para></listitem>
+		<listitem><para><link linkend="ENUMPORTSCOMMAND"><parameter>enumports command</parameter></link></para></listitem>
+		<listitem><para><link linkend="GETWDCACHE"><parameter>getwd cache</parameter></link></para></listitem>
+		<listitem><para><link linkend="HIDELOCALUSERS"><parameter>hide local users</parameter></link></para></listitem>
+		<listitem><para><link linkend="HIDEUNREADABLE"><parameter>hide unreadable</parameter></link></para></listitem>
+		<listitem><para><link linkend="HOMEDIRMAP"><parameter>homedir map</parameter></link></para></listitem>
+		<listitem><para><link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link></para></listitem>
+		<listitem><para><link linkend="HOSTSEQUIV"><parameter>hosts equiv</parameter></link></para></listitem>
+		<listitem><para><link linkend="INTERFACES"><parameter>interfaces</parameter></link></para></listitem>
+		<listitem><para><link linkend="KEEPALIVE"><parameter>keepalive</parameter></link></para></listitem>
+		<listitem><para><link linkend="KERNELOPLOCKS"><parameter>kernel oplocks</parameter></link></para></listitem>
+		<listitem><para><link linkend="LANMANAUTH"><parameter>lanman auth</parameter></link></para></listitem>
+		<listitem><para><link linkend="LARGEREADWRITE"><parameter>large readwrite</parameter></link></para></listitem>
+		
+		<listitem><para><link linkend="LDAPADMINDN"><parameter>ldap admin dn</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPPORT"><parameter>ldap port</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPSERVER"><parameter>ldap server</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem>
+
+		<listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem>
+		<listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOADPRINTERS"><parameter>load printers</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOCALMASTER"><parameter>local master</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOCKDIR"><parameter>lock dir</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOCKSPINCOUNT"><parameter>lock spin count</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOCKSPINTIME"><parameter>lock spin time</parameter></link></para></listitem>
+		<listitem><para><link linkend="PIDDIRECTORY"><parameter>pid directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOGFILE"><parameter>log file</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOGLEVEL"><parameter>log level</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOGONDRIVE"><parameter>logon drive</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOGONHOME"><parameter>logon home</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOGONPATH"><parameter>logon path</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOGONSCRIPT"><parameter>logon script</parameter></link></para></listitem>
+		<listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem>
+		<listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLINGMETHOD"><parameter>mangling method</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXLOGSIZE"><parameter>max log size</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXMUX"><parameter>max mux</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXOPENFILES"><parameter>max open files</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXSMBDPROCESSES"><parameter>max smbd processes</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXTTL"><parameter>max ttl</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXWINSTTL"><parameter>max wins ttl</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXXMIT"><parameter>max xmit</parameter></link></para></listitem>
+		<listitem><para><link linkend="MESSAGECOMMAND"><parameter>message command</parameter></link></para></listitem>
+		<listitem><para><link linkend="MINPASSWDLENGTH"><parameter>min passwd length</parameter></link></para></listitem>
+		<listitem><para><link linkend="MINPASSWORDLENGTH"><parameter>min password length</parameter></link></para></listitem>
+		<listitem><para><link linkend="MINPROTOCOL"><parameter>min protocol</parameter></link></para></listitem>
+		<listitem><para><link linkend="MINWINSTTL"><parameter>min wins ttl</parameter></link></para></listitem>
+		<listitem><para><link linkend="NAMERESOLVEORDER"><parameter>name resolve order</parameter></link></para></listitem>
+		<listitem><para><link linkend="NETBIOSALIASES"><parameter>netbios aliases</parameter></link></para></listitem>
+		<listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem>
+		<listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem>
+		<listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem>
+		<listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem>
+		<listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem>
+		<listitem><para><link linkend="NTSTATUSSUPPORT"><parameter>nt status support</parameter></link></para></listitem>
+		<listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem>
+		<listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem>
+		<listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem>
+		<listitem><para><link linkend="OSLEVEL"><parameter>os level</parameter></link></para></listitem>
+		<listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem>
+		<listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem>
+		<listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem>
+		<listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem>
+		<listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem>
+		<listitem><para><link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link></para></listitem>
+		<listitem><para><link linkend="PASSWORDLEVEL"><parameter>password level</parameter></link></para></listitem>
+		<listitem><para><link linkend="PASSWORDSERVER"><parameter>password server</parameter></link></para></listitem>
+		<listitem><para><link linkend="PREFEREDMASTER"><parameter>prefered master</parameter></link></para></listitem>
+		<listitem><para><link linkend="PREFERREDMASTER"><parameter>preferred master</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRELOAD"><parameter>preload</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTERDRIVERFILE"><parameter>printer driver file</parameter></link></para></listitem>
+		<listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem>
+		<listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem>
+		<listitem><para><link linkend="READRAW"><parameter>read raw</parameter></link></para></listitem>
+		<listitem><para><link linkend="READSIZE"><parameter>read size</parameter></link></para></listitem>
+		<listitem><para><link linkend="REMOTEANNOUNCE"><parameter>remote announce</parameter></link></para></listitem>
+		<listitem><para><link linkend="REMOTEBROWSESYNC"><parameter>remote browse sync</parameter></link></para></listitem>
+		<listitem><para><link linkend="RESTRICTANONYMOUS"><parameter>restrict anonymous</parameter></link></para></listitem>
+		<listitem><para><link linkend="ROOT"><parameter>root</parameter></link></para></listitem>
+		<listitem><para><link linkend="ROOTDIR"><parameter>root dir</parameter></link></para></listitem>
+		<listitem><para><link linkend="ROOTDIRECTORY"><parameter>root directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="SECURITY"><parameter>security</parameter></link></para></listitem>
+		<listitem><para><link linkend="SERVERSTRING"><parameter>server string</parameter></link></para></listitem>
+		<listitem><para><link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para></listitem>
+		<listitem><para><link linkend="SMBPASSWDFILE"><parameter>smb passwd file</parameter></link></para></listitem>
+		<listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem>
+		<listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem>
+		<listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem>
+
+		<listitem><para><link linkend="SSL"><parameter>ssl</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCACERTFILE"><parameter>ssl CA certFile</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCIPHERS"><parameter>ssl ciphers</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCLIENTCERT"><parameter>ssl client cert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCLIENTKEY"><parameter>ssl client key</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCOMPATIBILITY"><parameter>ssl compatibility</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLEGDSOCKET"><parameter>ssl egd socket</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLENTROPYBYTES"><parameter>ssl entropy bytes</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLHOSTS"><parameter>ssl hosts</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLHOSTSRESIGN"><parameter>ssl hosts resign</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require clientcert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLREQUIRESERVERCERT"><parameter>ssl require servercert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLSERVERCERT"><parameter>ssl server cert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLSERVERKEY"><parameter>ssl server key</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLVERSION"><parameter>ssl version</parameter></link></para></listitem>
+
+		<listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem>
+		<listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem>
+		<listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem>
+		<listitem><para><link linkend="SYSLOG"><parameter>syslog</parameter></link></para></listitem>
+		<listitem><para><link linkend="SYSLOGONLY"><parameter>syslog only</parameter></link></para></listitem>
+		<listitem><para><link linkend="TEMPLATEHOMEDIR"><parameter>template homedir</parameter></link></para></listitem>
+		<listitem><para><link linkend="TEMPLATESHELL"><parameter>template shell</parameter></link></para></listitem>
+		<listitem><para><link linkend="TIMEOFFSET"><parameter>time offset</parameter></link></para></listitem>
+		<listitem><para><link linkend="TIMESERVER"><parameter>time server</parameter></link></para></listitem>
+		<listitem><para><link linkend="TIMESTAMPLOGS"><parameter>timestamp logs</parameter></link></para></listitem>
+		<listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem>
+		<listitem><para><link linkend="UNIXEXTENSIONS"><parameter>unix extensions</parameter></link></para></listitem>
+		<listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem>
+		<listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem>
+		<listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem>
+		<listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem>
+		<listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem>
+		<listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem>
+		<listitem><para><link linkend="UTMP"><parameter>utmp</parameter></link></para></listitem>
+		<listitem><para><link linkend="UTMPDIRECTORY"><parameter>utmp directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="VALIDCHARS"><parameter>valid chars</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDCACHETIME"><parameter>winbind cache time</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDENUMUSERS"><parameter>winbind enum users</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDENUMGROUPS"><parameter>winbind enum groups</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDGID"><parameter>winbind gid</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDSEPARATOR"><parameter>winbind separator</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDUID"><parameter>winbind uid</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINBINDUSEDEFAULTDOMAIN"><parameter>winbind use default domain</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINSHOOK"><parameter>wins hook</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINSPROXY"><parameter>wins proxy</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINSSERVER"><parameter>wins server</parameter></link></para></listitem>
+		<listitem><para><link linkend="WINSSUPPORT"><parameter>wins support</parameter></link></para></listitem>
+		<listitem><para><link linkend="WORKGROUP"><parameter>workgroup</parameter></link></para></listitem>
+		<listitem><para><link linkend="WRITERAW"><parameter>write raw</parameter></link></para></listitem>
+	</itemizedlist>
+
+</refsect1>
+
+<refsect1>
+	<title>COMPLETE LIST OF SERVICE PARAMETERS</title>
+	
+	<para>Here is a list of all service parameters. See the section on 
+	each parameter for details. Note that some are synonyms.</para>
+	
+	<itemizedlist>
+		<listitem><para><link linkend="ADMINUSERS"><parameter>admin users</parameter></link></para></listitem>
+		<listitem><para><link linkend="ALLOWHOSTS"><parameter>allow hosts</parameter></link></para></listitem>
+		<listitem><para><link linkend="AVAILABLE"><parameter>available</parameter></link></para></listitem>
+		<listitem><para><link linkend="BLOCKINGLOCKS"><parameter>blocking locks</parameter></link></para></listitem>
+		<listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem>
+		<listitem><para><link linkend="BROWSABLE"><parameter>browsable</parameter></link></para></listitem>
+		<listitem><para><link linkend="BROWSEABLE"><parameter>browseable</parameter></link></para></listitem>
+		<listitem><para><link linkend="CASESENSITIVE"><parameter>case sensitive</parameter></link></para></listitem>
+		<listitem><para><link linkend="CASESIGNAMES"><parameter>casesignames</parameter></link></para></listitem>
+		<listitem><para><link linkend="COMMENT"><parameter>comment</parameter></link></para></listitem>
+		<listitem><para><link linkend="COPY"><parameter>copy</parameter></link></para></listitem>
+		<listitem><para><link linkend="CREATEMASK"><parameter>create mask</parameter></link></para></listitem>
+		<listitem><para><link linkend="CREATEMODE"><parameter>create mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="CSCPOLICY"><parameter>csc policy</parameter></link></para></listitem>
+		
+		<listitem><para><link linkend="DEFAULTCASE"><parameter>default case</parameter></link></para></listitem>
+		<listitem><para><link linkend="DEFAULTDEVMODE"><parameter>default devmode</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETEREADONLY"><parameter>delete readonly</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETEVETOFILES"><parameter>delete veto files</parameter></link></para></listitem>
+		<listitem><para><link linkend="DENYHOSTS"><parameter>deny hosts</parameter></link></para></listitem>
+		<listitem><para><link linkend="DIRECTORY"><parameter>directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link></para></listitem>
+		<listitem><para><link linkend="DIRECTORYMODE"><parameter>directory mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link></para></listitem>
+		<listitem><para><link linkend="DONTDESCEND"><parameter>dont descend</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOSFILEMODE"><parameter>dos filemode</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOSFILETIMERESOLUTION"><parameter>dos filetime resolution</parameter></link></para></listitem>
+		<listitem><para><link linkend="DOSFILETIMES"><parameter>dos filetimes</parameter></link></para></listitem>
+		<listitem><para><link linkend="EXEC"><parameter>exec</parameter></link></para></listitem>
+		<listitem><para><link linkend="FAKEDIRECTORYCREATETIMES"><parameter>fake directory create times</parameter></link></para></listitem>
+		<listitem><para><link linkend="FAKEOPLOCKS"><parameter>fake oplocks</parameter></link></para></listitem>
+		<listitem><para><link linkend="FOLLOWSYMLINKS"><parameter>follow symlinks</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>force directory security mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCEGROUP"><parameter>force group</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCESECURITYMODE"><parameter>force security mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCEUNKNOWNACLUSER"><parameter>force unknown acl user</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCEUSER"><parameter>force user</parameter></link></para></listitem>
+		<listitem><para><link linkend="FSTYPE"><parameter>fstype</parameter></link></para></listitem>
+		<listitem><para><link linkend="GROUP"><parameter>group</parameter></link></para></listitem>
+		<listitem><para><link linkend="GUESTACCOUNT"><parameter>guest account</parameter></link></para></listitem>
+		<listitem><para><link linkend="GUESTOK"><parameter>guest ok</parameter></link></para></listitem>
+		<listitem><para><link linkend="GUESTONLY"><parameter>guest only</parameter></link></para></listitem>
+		<listitem><para><link linkend="HIDEDOTFILES"><parameter>hide dot files</parameter></link></para></listitem>
+		<listitem><para><link linkend="HIDEFILES"><parameter>hide files</parameter></link></para></listitem>
+		<listitem><para><link linkend="HOSTSALLOW"><parameter>hosts allow</parameter></link></para></listitem>
+		<listitem><para><link linkend="HOSTSDENY"><parameter>hosts deny</parameter></link></para></listitem>
+		<listitem><para><link linkend="INCLUDE"><parameter>include</parameter></link></para></listitem>
+		<listitem><para><link linkend="INHERITACLS"><parameter>inherit acls</parameter></link></para></listitem>
+		<listitem><para><link linkend="INHERITPERMISSIONS"><parameter>inherit permissions</parameter></link></para></listitem>
+		<listitem><para><link linkend="INVALIDUSERS"><parameter>invalid users</parameter></link></para></listitem>
+		<listitem><para><link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks</parameter></link></para></listitem>
+		<listitem><para><link linkend="LOCKING"><parameter>locking</parameter></link></para></listitem>
+		<listitem><para><link linkend="LPPAUSECOMMAND"><parameter>lppause command</parameter></link></para></listitem>
+		<listitem><para><link linkend="LPQCOMMAND"><parameter>lpq command</parameter></link></para></listitem>
+		<listitem><para><link linkend="LPRESUMECOMMAND"><parameter>lpresume command</parameter></link></para></listitem>
+		<listitem><para><link linkend="LPRMCOMMAND"><parameter>lprm command</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAGICOUTPUT"><parameter>magic output</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLECASE"><parameter>mangle case</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLEDMAP"><parameter>mangled map</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLEDNAMES"><parameter>mangled names</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLINGCHAR"><parameter>mangling char</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAPARCHIVE"><parameter>map archive</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAPHIDDEN"><parameter>map hidden</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAPSYSTEM"><parameter>map system</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXCONNECTIONS"><parameter>max connections</parameter></link></para></listitem>
+		<listitem><para><link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link></para></listitem>
+		<listitem><para><link linkend="MINPRINTSPACE"><parameter>min print space</parameter></link></para></listitem>
+		<listitem><para><link linkend="MSDFSROOT"><parameter>msdfs root</parameter></link></para></listitem>
+		<listitem><para><link linkend="NTACLSUPPORT"><parameter>nt acl support</parameter></link></para></listitem>
+		<listitem><para><link linkend="ONLYGUEST"><parameter>only guest</parameter></link></para></listitem>
+		<listitem><para><link linkend="ONLYUSER"><parameter>only user</parameter></link></para></listitem>
+		<listitem><para><link linkend="OPLOCKCONTENTIONLIMIT"><parameter>oplock contention limit</parameter></link></para></listitem>
+		<listitem><para><link linkend="OPLOCKS"><parameter>oplocks</parameter></link></para></listitem>
+		<listitem><para><link linkend="PATH"><parameter>path</parameter></link></para></listitem>
+		<listitem><para><link linkend="POSIXLOCKING"><parameter>posix locking</parameter></link></para></listitem>
+		<listitem><para><link linkend="POSTEXEC"><parameter>postexec</parameter></link></para></listitem>
+		<listitem><para><link linkend="POSTSCRIPT"><parameter>postscript</parameter></link></para></listitem>
+		<listitem><para><link linkend="PREEXEC"><parameter>preexec</parameter></link></para></listitem>
+		<listitem><para><link linkend="PREEXECCLOSE"><parameter>preexec close</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRESERVECASE"><parameter>preserve case</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTCOMMAND"><parameter>print command</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTOK"><parameter>print ok</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTABLE"><parameter>printable</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTER"><parameter>printer</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTERDRIVER"><parameter>printer driver</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTERDRIVERLOCATION"><parameter>printer driver location</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTERNAME"><parameter>printer name</parameter></link></para></listitem>
+		<listitem><para><link linkend="PRINTING"><parameter>printing</parameter></link></para></listitem>
+		<listitem><para><link linkend="PROFILEACLS"><parameter>profile acls</parameter></link></para></listitem>
+		<listitem><para><link linkend="PUBLIC"><parameter>public</parameter></link></para></listitem>
+		<listitem><para><link linkend="QUEUEPAUSECOMMAND"><parameter>queuepause command</parameter></link></para></listitem>
+		<listitem><para><link linkend="QUEUERESUMECOMMAND"><parameter>queueresume command</parameter></link></para></listitem>
+		<listitem><para><link linkend="READLIST"><parameter>read list</parameter></link></para></listitem>
+		<listitem><para><link linkend="READONLY"><parameter>read only</parameter></link></para></listitem>
+		<listitem><para><link linkend="ROOTPOSTEXEC"><parameter>root postexec</parameter></link></para></listitem>
+		<listitem><para><link linkend="ROOTPREEXEC"><parameter>root preexec</parameter></link></para></listitem>
+		<listitem><para><link linkend="ROOTPREEXECCLOSE"><parameter>root preexec close</parameter></link></para></listitem>
+		<listitem><para><link linkend="SECURITYMASK"><parameter>security mask</parameter></link></para></listitem>
+		<listitem><para><link linkend="SETDIRECTORY"><parameter>set directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="SHAREMODES"><parameter>share modes</parameter></link></para></listitem>
+		<listitem><para><link linkend="SHORTPRESERVECASE"><parameter>short preserve case</parameter></link></para></listitem>
+		<listitem><para><link linkend="STATUS"><parameter>status</parameter></link></para></listitem>
+		<listitem><para><link linkend="STRICTALLOCATE"><parameter>strict allocate</parameter></link></para></listitem>
+		<listitem><para><link linkend="STRICTLOCKING"><parameter>strict locking</parameter></link></para></listitem>
+		<listitem><para><link linkend="STRICTSYNC"><parameter>strict sync</parameter></link></para></listitem>
+		<listitem><para><link linkend="SYNCALWAYS"><parameter>sync always</parameter></link></para></listitem>
+		<listitem><para><link linkend="USECLIENTDRIVER"><parameter>use client driver</parameter></link></para></listitem>
+		<listitem><para><link linkend="USESENDFILE"><parameter>use sendfile</parameter></link></para></listitem>
+		<listitem><para><link linkend="USER"><parameter>user</parameter></link></para></listitem>
+		<listitem><para><link linkend="USERNAME"><parameter>username</parameter></link></para></listitem>
+		<listitem><para><link linkend="USERS"><parameter>users</parameter></link></para></listitem>
+		<listitem><para><link linkend="VALIDUSERS"><parameter>valid users</parameter></link></para></listitem>
+		<listitem><para><link linkend="VETOFILES"><parameter>veto files</parameter></link></para></listitem>
+		<listitem><para><link linkend="VETOOPLOCKFILES"><parameter>veto oplock files</parameter></link></para></listitem>
+		<listitem><para><link linkend="VFSOBJECT"><parameter>vfs object</parameter></link></para></listitem>
+		<listitem><para><link linkend="VFSOPTIONS"><parameter>vfs options</parameter></link></para></listitem>
+		<listitem><para><link linkend="VOLUME"><parameter>volume</parameter></link></para></listitem>
+		<listitem><para><link linkend="WIDELINKS"><parameter>wide links</parameter></link></para></listitem>
+		<listitem><para><link linkend="WRITABLE"><parameter>writable</parameter></link></para></listitem>
+		<listitem><para><link linkend="WRITECACHESIZE"><parameter>write cache size</parameter></link></para></listitem>
+		<listitem><para><link linkend="WRITELIST"><parameter>write list</parameter></link></para></listitem>
+		<listitem><para><link linkend="WRITEOK"><parameter>write ok</parameter></link></para></listitem>
+		<listitem><para><link linkend="WRITEABLE"><parameter>writeable</parameter></link></para></listitem>
+	</itemizedlist>
+
+</refsect1>
+
+<refsect1>
+	<title>EXPLANATION OF EACH PARAMETER</title>
+	
+	<variablelist>
+
+
+		<varlistentry>
+		<term><anchor id="ACLCOMPATIBILITY">acl compatibility (G)</term>
+		<listitem><para>New in Samba 2.2.8 and above, this string parameter tells
+		smbd if it should modify any Windows access control lists created
+		from POSIX access control lists to remove features which are not
+		supported by Windows 2000 but not supported by the Windows NT ACL edit.
+		control.</para>
+
+		<para>By default this parameter is set automatically by detecting the
+		client type and is set to "true" if the client is Windows NT.</para>
+
+		<para>Default: <emphasis>client detected</emphasis></para>
+		<para>Example: <command>acl compatibility = Win2k</command></para>
+		<para>Example: <command>acl compatibility = winnt</command></para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><anchor id="ADDPRINTERCOMMAND">add printer command (G)</term>
+		<listitem><para>With the introduction of MS-RPC based printing
+		support for Windows NT/2000 clients in Samba 2.2, The MS Add
+		Printer Wizard (APW) icon is now also available in the 
+		"Printers..." folder displayed a share listing.  The APW
+		allows for printers to be add remotely to a Samba or Windows 
+		NT/2000 print server.</para>
+		
+		<para>For a Samba host this means that the printer must be 
+		physically added to the underlying printing system.  The <parameter>add 
+		printer command</parameter> defines a script to be run which 
+		will perform the necessary operations for adding the printer
+		to the print system and to add the appropriate service definition 
+		to the  <filename>smb.conf</filename> file in order that it can be 
+		shared by <ulink url="smbd.8.html"><command>smbd(8)</command>
+		</ulink>.</para>
+		
+		<para>The <parameter>add printer command</parameter> is
+		automatically invoked with the following parameter (in 
+		order:</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>printer name</parameter></para></listitem>
+			<listitem><para><parameter>share name</parameter></para></listitem>
+			<listitem><para><parameter>port name</parameter></para></listitem>
+			<listitem><para><parameter>driver name</parameter></para></listitem>
+			<listitem><para><parameter>location</parameter></para></listitem>
+			<listitem><para><parameter>Windows 9x driver location</parameter>
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>All parameters are filled in from the PRINTER_INFO_2 structure sent 
+		by the Windows NT/2000 client with one exception.  The "Windows 9x
+		driver location" parameter is included for backwards compatibility
+		only.  The remaining fields in the structure are generated from answers
+		to the APW questions.</para>
+		
+		<para>Once the <parameter>add printer command</parameter> has 
+		been executed, <command>smbd</command> will reparse the <filename>
+		smb.conf</filename> to determine if the share defined by the APW
+		exists.  If the sharename is still invalid, then <command>smbd
+		</command> will return an ACCESS_DENIED error to the client.</para>
+		
+		<para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter>
+		delete printer command</parameter></link>, <link 
+		linkend="printing"><parameter>printing</parameter></link>,
+		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
+		printer wizard</parameter></link></para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>addprinter command = /usr/bin/addprinter
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="ADDSHARECOMMAND">add share command (G)</term>
+		<listitem><para>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<parameter>add share command</parameter> is used to define an 
+		external program or script which will add a new service definition 
+		to <filename>smb.conf</filename>.  In order to successfully 
+		execute the <parameter>add share command</parameter>, <command>smbd</command>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</para>
+		
+		<para>
+		When executed, <command>smbd</command> will automatically invoke the 
+		<parameter>add share command</parameter> with four parameters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>configFile</parameter> - the location 
+			of the global <filename>smb.conf</filename> file. 
+			</para></listitem>
+			
+			<listitem><para><parameter>shareName</parameter> - the name of the new 
+			share.
+			</para></listitem>
+			
+			<listitem><para><parameter>pathName</parameter> - path to an **existing**
+			directory on disk.
+			</para></listitem>
+			
+			<listitem><para><parameter>comment</parameter> - comment string to associate 
+			with the new share.
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>
+		This parameter is only used for add file shares.  To add printer shares, 
+		see the <link linkend="ADDPRINTERCOMMAND"><parameter>add printer 
+		command</parameter></link>.
+		</para>
+		
+		<para>
+		See also <link linkend="CHANGESHARECOMMAND"><parameter>change share 
+		command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete share
+		command</parameter></link>.
+		</para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>add share command = /usr/local/bin/addshare</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="ADDUSERSCRIPT">add user script (G)</term>
+		<listitem><para>This is the full pathname to a script that will 
+		be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8)
+		</ulink> under special circumstances described below.</para>
+
+		<para>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <ulink 
+		url="smbd.8.html">smbd</ulink> to create the required UNIX users 
+		<emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para>
+
+		<para>In order to use this option, <ulink url="smbd.8.html">smbd</ulink> 
+		must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter>
+		and <parameter>add user script</parameter>
+		must be set to a full pathname for a script that will create a UNIX 
+		user given one argument of <parameter>%u</parameter>, which expands into 
+		the UNIX user name to create.</para>
+
+		<para>When the Windows user attempts to access the Samba server, 
+		at login (session setup in the SMB protocol) time, <ulink url="smbd.8.html">
+		smbd</ulink> contacts the <parameter>password server</parameter> and 
+		attempts to authenticate the given user with the given password. If the 
+		authentication succeeds then <command>smbd</command> 
+		attempts to find a UNIX user in the UNIX password database to map the 
+		Windows user into. If this lookup fails, and <parameter>add user script
+		</parameter> is set then <command>smbd</command> will
+		call the specified script <emphasis>AS ROOT</emphasis>, expanding 
+		any <parameter>%u</parameter> argument to be the user name to create.</para>
+
+		<para>If this script successfully creates the user then <command>smbd
+		</command> will continue on as though the UNIX user
+		already existed. In this way, UNIX users are dynamically created to
+		match existing Windows NT accounts.</para>
+
+		<para>See also <link linkend="SECURITY"><parameter>
+		security</parameter></link>, <link linkend="PASSWORDSERVER">
+		<parameter>password server</parameter></link>, 
+		<link linkend="DELETEUSERSCRIPT"><parameter>delete user 
+		script</parameter></link>.</para>
+
+		<para>Default: <command>add user script = &lt;empty string&gt;
+		</command></para>	
+
+		<para>Example: <command>add user script = /usr/local/samba/bin/add_user 
+		%u</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		
+		<varlistentry>
+		<term><anchor id="ADMINUSERS">admin users (S)</term>
+		<listitem><para>This is a list of users who will be granted 
+		administrative privileges on the share. This means that they 
+		will do all file operations as the super-user (root).</para>
+
+		<para>You should use this option very carefully, as any user in 
+		this list will be able to do anything they like on the share, 
+		irrespective of file permissions.</para>
+
+		<para>Default: <emphasis>no admin users</emphasis></para>
+
+		<para>Example: <command>admin users = jason</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="ALLOWHOSTS">allow hosts (S)</term>
+		<listitem><para>Synonym for <link linkend="HOSTSALLOW">
+		<parameter>hosts allow</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term>
+		<listitem><para>This option only takes effect when the <link 
+		linkend="SECURITY"><parameter>security</parameter></link> option is set to 
+		<constant>server</constant> or <constant>domain</constant>.  
+		If it is set to no, then attempts to connect to a resource from 
+		a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running 
+		in will fail, even if that domain is trusted by the remote server 
+		doing the authentication.</para>
+		
+		<para>This is useful if you only want your Samba server to 
+		serve resources to users in the domain it is a member of. As 
+		an example, suppose that there are two domains DOMA and DOMB.  DOMB 
+		is trusted by DOMA, which contains the Samba server.  Under normal 
+		circumstances, a user with an account in DOMB can then access the 
+		resources of a UNIX account with the same account name on the 
+		Samba server even if they do not have an account in DOMA.  This 
+		can make implementing a security boundary difficult.</para>
+
+		<para>Default: <command>allow trusted domains = yes</command></para>
+
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="ANNOUNCEAS">announce as (G)</term>
+		<listitem><para>This specifies what type of server 
+		<ulink url="nmbd.8.html"><command>nmbd</command></ulink> 
+		will announce itself as, to a network neighborhood browse 
+		list. By default this is set to Windows NT. The valid options 
+		are : "NT Server" (which can also be written as "NT"), 
+		"NT Workstation", "Win95" or "WfW" meaning Windows NT Server, 
+		Windows NT Workstation, Windows 95 and Windows for Workgroups 
+		respectively. Do not change this parameter unless you have a 
+		specific need to stop Samba appearing as an NT server as this 
+		may prevent Samba servers from participating as browser servers 
+		correctly.</para>
+
+		<para>Default: <command>announce as = NT Server</command></para>
+		
+		<para>Example: <command>announce as = Win95</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="ANNOUNCEVERSION">announce version (G)</term>
+		<listitem><para>This specifies the major and minor version numbers 
+		that nmbd will use when announcing itself as a server. The default 
+		is 4.9.  Do not change this parameter unless you have a specific 
+		need to set a Samba server to be a downlevel server.</para>
+
+		<para>Default: <command>announce version = 4.9</command></para>
+
+		<para>Example: <command>announce version = 2.0</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="AUTOSERVICES">auto services (G)</term>
+		<listitem><para>This is a synonym for the <link linkend="PRELOAD">
+		<parameter>preload</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="AVAILABLE">available (S)</term>
+		<listitem><para>This parameter lets you "turn off" a service. If 
+		<parameter>available = no</parameter>, then <emphasis>ALL</emphasis> 
+		attempts to connect to the service will fail. Such failures are 
+		logged.</para>
+
+		<para>Default: <command>available = yes</command></para>
+		
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="BINDINTERFACESONLY">bind interfaces only (G)</term>
+		<listitem><para>This global parameter allows the Samba admin 
+		to limit what interfaces on a machine will serve SMB requests. If 
+		affects file service <ulink url="smbd.8.html">smbd(8)</ulink> and 
+		name service <ulink url="nmbd.8.html">nmbd(8)</ulink> in slightly 
+		different ways.</para>
+
+		<para>For name service it causes <command>nmbd</command> to bind 
+		to ports 137 and 138 on the interfaces listed in the <link 
+		linkend="INTERFACES">interfaces</link> parameter. <command>nmbd
+		</command> also binds to the "all addresses" interface (0.0.0.0) 
+		on ports 137 and 138 for the purposes of reading broadcast messages. 
+		If this option is not set then <command>nmbd</command> will service 
+		name requests on all of these sockets. If <parameter>bind interfaces
+		only</parameter> is set then <command>nmbd</command> will check the 
+		source address of any packets coming in on the broadcast sockets 
+		and discard any that don't match the broadcast addresses of the 
+		interfaces in the <parameter>interfaces</parameter> parameter list. 
+		As unicast packets are received on the other sockets it allows 
+		<command>nmbd</command> to refuse to serve names to machines that 
+		send packets that arrive through any interfaces not listed in the
+		<parameter>interfaces</parameter> list.  IP Source address spoofing
+		does defeat this simple check, however so it must not be used
+		seriously as a security feature for <command>nmbd</command>.</para>
+
+		<para>If <parameter>bind interfaces only</parameter> is set and the
+		<link linkend="INTERFACES">interfaces</link> parameter only contains
+		a virtual interface like for example <parameter>eth0:1</parameter>,
+		then you also need to set the <link linkend="SOCKETADDRESS">socket
+		address</link> parameter to its IP address. Otherwise <command>nmbd
+		</command> as a local master browser will not be able to communicate
+		with the domain master browser for browse list replication.</para>
+
+		<para>For file service it causes <ulink url="smbd.8.html">smbd(8)</ulink>
+		to bind only to the interface list given in the <link linkend="INTERFACES">
+		interfaces</link> parameter. This restricts the networks that 
+		<command>smbd</command> will serve to packets coming in those 
+		interfaces.  Note that you should not use this parameter for machines 
+		that are serving PPP or other intermittent or non-broadcast network 
+		interfaces as it will not cope with non-permanent interfaces.</para>
+
+		<para>If <parameter>bind interfaces only</parameter> is set then 
+		unless the network address <emphasis>127.0.0.1</emphasis> is added 
+		to the <parameter>interfaces</parameter> parameter list <ulink
+		url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> 
+		and <ulink url="swat.8.html"><command>swat(8)</command></ulink> may 
+		not work as expected due to the reasons covered below.</para>
+
+		<para>To change a users SMB password, the <command>smbpasswd</command>
+		by default connects to the <emphasis>localhost - 127.0.0.1</emphasis> 
+		address as an SMB client to issue the password change request. If 
+		<parameter>bind interfaces only</parameter> is set then unless the 
+		network address <emphasis>127.0.0.1</emphasis> is added to the
+		<parameter>interfaces</parameter> parameter list then <command>
+		smbpasswd</command> will fail to connect in it's default mode. 
+		<command>smbpasswd</command> can be forced to use the primary IP interface 
+		of the local host by using its <ulink url="smbpasswd.8.html#minusr">
+		<parameter>-r <replaceable>remote machine</replaceable></parameter>
+		</ulink> parameter, with <replaceable>remote machine</replaceable> set 
+		to the IP name of the primary interface of the local host.</para>
+
+		<para>The <command>swat</command> status page tries to connect with
+		<command>smbd</command> and <command>nmbd</command> at the address 
+		<emphasis>127.0.0.1</emphasis> to determine if they are running.  
+		Not adding <emphasis>127.0.0.1</emphasis>  will cause <command>
+		smbd</command> and <command>nmbd</command> to always show
+		"not running" even if they really are.  This can prevent <command>
+		swat</command> from starting/stopping/restarting <command>smbd</command>
+		and <command>nmbd</command>.</para>
+
+		<para>Default: <command>bind interfaces only = no</command></para>
+		
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="BLOCKSIZE">block size (S)</term>
+		<listitem><para>This parameter controls the behavior of <ulink 
+		url="smbd.8.html">smbd(8)</ulink> when reporting disk free sizes.
+		By default, this reports a disk block size of 1024 bytes.</para>
+		
+		<para>Changing this parameter may have some effect on the
+		efficiency of client writes, this is not yet confirmed. This
+		parameter was added to allow advanced administrators to change
+		it (usually to a higher value) and test the effect it has on
+		client write performance without re-compiling the code. As this
+		is an experimental option it may be removed in a future release.
+		</para>
+
+		<para>Changing this option does not change the disk free reporting
+		size, just the block size unit reported to the client.</para>
+
+		<para>Default: <command>block size = 1024</command></para>
+		<para>Example: <command>block size = 65536</command></para>
+
+		</listitem>
+		</varlistentry>
+		
+
+
+		
+		<varlistentry>
+		<term><anchor id="BLOCKINGLOCKS">blocking locks (S)</term>
+		<listitem><para>This parameter controls the behavior of <ulink 
+		url="smbd.8.html">smbd(8)</ulink> when given a request by a client 
+		to obtain a byte range lock on a region of an open file, and the 
+		request has a time limit associated with it.</para>
+		
+		<para>If this parameter is set and the lock range requested 
+		cannot be immediately satisfied, Samba 2.2 will internally 
+		queue the lock request, and periodically attempt to obtain 
+		the lock until the timeout period expires.</para>
+
+		<para>If this parameter is set to <constant>no</constant>, then 
+		Samba 2.2 will behave as previous versions of Samba would and 
+		will fail the lock request immediately if the lock range 
+		cannot be obtained.</para>
+
+		<para>Default: <command>blocking locks = yes</command></para>
+
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="BROWSABLE">browsable (S)</term>
+		<listitem><para>See the <link linkend="BROWSEABLE"><parameter>
+		browseable</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="BROWSELIST">browse list (G)</term>
+		<listitem><para>This controls whether <ulink url="smbd.8.html">
+		<command>smbd(8)</command></ulink> will serve a browse list to 
+		a client doing a <command>NetServerEnum</command> call. Normally 
+		set to <constant>yes</constant>. You should never need to change 
+		this.</para>
+		
+		<para>Default: <command>browse list = yes</command></para></listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="BROWSEABLE">browseable (S)</term>
+		<listitem><para>This controls whether this share is seen in 
+		the list of available shares in a net view and in the browse list.</para>
+
+		<para>Default: <command>browseable = yes</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="CASESENSITIVE">case sensitive (S)</term>
+		<listitem><para>See the discussion in the section <link 
+		linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para>
+		
+		<para>Default: <command>case sensitive = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="CASESIGNAMES">casesignames (S)</term>
+		<listitem><para>Synonym for <link linkend="CASESENSITIVE">case 
+		sensitive</link>.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="CHANGENOTIFYTIMEOUT">change notify timeout (G)</term>
+		<listitem><para>This SMB allows a client to tell a server to 
+		"watch" a particular directory for any changes and only reply to
+		the SMB request when a change has occurred. Such constant scanning of
+		a directory is expensive under UNIX, hence an <ulink url="smbd.8.html">
+		<command>smbd(8)</command></ulink> daemon only performs such a scan 
+		on each requested directory once every <parameter>change notify 
+		timeout</parameter> seconds.</para>
+
+		<para>Default: <command>change notify timeout = 60</command></para>
+		<para>Example: <command>change notify timeout = 300</command></para>
+
+		<para>Would change the scan time to every 5 minutes.</para></listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="CHANGESHARECOMMAND">change share command (G)</term>
+		<listitem><para>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<parameter>change share command</parameter> is used to define an 
+		external program or script which will modify an existing service definition 
+		in <filename>smb.conf</filename>.  In order to successfully 
+		execute the <parameter>change share command</parameter>, <command>smbd</command>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</para>
+		
+		<para>
+		When executed, <command>smbd</command> will automatically invoke the 
+		<parameter>change share command</parameter> with four parameters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>configFile</parameter> - the location 
+			of the global <filename>smb.conf</filename> file. 
+			</para></listitem>
+			
+			<listitem><para><parameter>shareName</parameter> - the name of the new 
+			share.
+			</para></listitem>
+			
+			<listitem><para><parameter>pathName</parameter> - path to an **existing**
+			directory on disk.
+			</para></listitem>
+			
+			<listitem><para><parameter>comment</parameter> - comment string to associate 
+			with the new share.
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>
+		This parameter is only used modify existing file shares definitions.  To modify 
+		printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+		</para>
+		
+		<para>
+		See also <link linkend="ADDSHARECOMMAND"><parameter>add share
+		command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete 
+		share command</parameter></link>.
+		</para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>change share command = /usr/local/bin/addshare</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		
+		<varlistentry>
+		<term><anchor id="CHARACTERSET">character set (G)</term>
+		<listitem><para>This allows <ulink url="smbd.8.html">smbd</ulink> to map incoming filenames 
+		from a DOS Code page (see the <link linkend="CLIENTCODEPAGE">client 
+		code page</link> parameter) to several built in UNIX character sets. 
+		The built in code page translations are:</para>
+		
+		<itemizedlist>
+			<listitem><para><constant>ISO8859-1</constant> : Western European 
+			UNIX character set. The parameter <parameter>client code page</parameter>
+			<emphasis>MUST</emphasis> be set to code page 850 if the 
+			<parameter>character set</parameter> parameter is set to
+			<constant>ISO8859-1</constant> in order for the conversion to the 
+			UNIX character set to be done correctly.</para></listitem>
+
+			<listitem><para><constant>ISO8859-2</constant> : Eastern European 
+			UNIX character set. The parameter <parameter>client code page
+			</parameter> <emphasis>MUST</emphasis> be set to code page 852 if 
+			the <parameter> character set</parameter> parameter is set 
+			to <constant>ISO8859-2</constant> in order for the conversion 
+			to the UNIX character set to be done correctly. </para></listitem>
+
+			<listitem><para><constant>ISO8859-5</constant> : Russian Cyrillic 
+			UNIX character set. The parameter <parameter>client code page
+			</parameter> <emphasis>MUST</emphasis> be set to code page 
+			866 if the <parameter>character set </parameter> parameter is 
+			set to <constant>ISO8859-5</constant> in order for the conversion 
+			to the UNIX character set to be done correctly. </para></listitem>
+
+			<listitem><para><constant>ISO8859-7</constant> : Greek UNIX 
+			character set. The parameter <parameter>client code page
+			</parameter> <emphasis>MUST</emphasis> be set to code page 
+			737 if the <parameter>character set</parameter> parameter is 
+			set to <constant>ISO8859-7</constant> in order for the conversion 
+			to the UNIX character set to be done correctly.</para></listitem>
+ 
+			<listitem><para><constant>KOI8-R</constant> : Alternate mapping 
+			for Russian Cyrillic UNIX character set. The parameter 
+			<parameter>client code page</parameter> <emphasis>MUST</emphasis> 
+			be set to code page 866 if the <parameter>character set</parameter> 
+			parameter is set to <constant>KOI8-R</constant> in order for the 
+			conversion to the UNIX character set to be done correctly.</para>
+			</listitem>
+		</itemizedlist>
+
+		<para><emphasis>BUG</emphasis>. These MSDOS code page to UNIX character 
+		set mappings should be dynamic, like the loading of MS DOS code pages, 
+		not static.</para>
+
+		<para>Normally this parameter is not set, meaning no filename 
+		translation is done.</para>
+
+		<para>Default: <command>character set = &lt;empty string&gt;</command></para>
+		<para>Example: <command>character set = ISO8859-1</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="CLIENTCODEPAGE">client code page (G)</term>
+		<listitem><para>This parameter specifies the DOS code page 
+		that the clients accessing Samba are using. To determine what code 
+		page a Windows or DOS client is using, open a DOS command prompt 
+		and type the command <command>chcp</command>. This will output 
+		the code page. The default for USA MS-DOS, Windows 95, and
+		Windows NT releases is code page 437. The default for western 
+		European releases of the above operating systems is code page 850.</para>
+
+		<para>This parameter tells <ulink url="smbd.8.html">smbd(8)</ulink> 
+		which of the <filename>codepage.<replaceable>XXX</replaceable>
+		</filename> files to dynamically load on startup. These files,
+		described more fully in the manual page <ulink url="make_smbcodepage.1.html">
+		<command>make_smbcodepage(1)</command></ulink>, tell <command>
+		smbd</command> how to map lower to upper case characters to provide 
+		the case insensitivity of filenames that Windows clients expect.</para>
+
+		<para>Samba currently ships with the following code page files :</para>
+
+		<itemizedlist>
+			<listitem><para>Code Page 437 - MS-DOS Latin US</para></listitem>
+			<listitem><para>Code Page 737 - Windows '95 Greek</para></listitem>
+			<listitem><para>Code Page 850 - MS-DOS Latin 1</para></listitem>
+			<listitem><para>Code Page 852 - MS-DOS Latin 2</para></listitem>
+			<listitem><para>Code Page 861 - MS-DOS Icelandic</para></listitem>
+			<listitem><para>Code Page 866 - MS-DOS Cyrillic</para></listitem>
+			<listitem><para>Code Page 932 - MS-DOS Japanese SJIS</para></listitem>
+			<listitem><para>Code Page 936 - MS-DOS Simplified Chinese</para></listitem>
+			<listitem><para>Code Page 949 - MS-DOS Korean Hangul</para></listitem>
+			<listitem><para>Code Page 950 - MS-DOS Traditional Chinese</para></listitem>
+		</itemizedlist>
+
+		<para>Thus this parameter may have any of the values 437, 737, 850, 852,
+		861, 932, 936, 949, or 950.  If you don't find the codepage you need,
+		read the comments in one of the other codepage files and the
+		<command>make_smbcodepage(1)</command> man page and write one. Please 
+		remember to donate it back to the Samba user community.</para>
+
+		<para>This parameter co-operates with the <parameter>valid
+		chars</parameter> parameter in determining what characters are
+		valid in filenames and how capitalization is done. If you set both
+		this parameter and the <parameter>valid chars</parameter> parameter
+		the <parameter>client code page</parameter> parameter 
+		<emphasis>MUST</emphasis> be set before the <parameter>valid 
+		chars</parameter> parameter in the <filename>smb.conf</filename>
+		file. The <parameter>valid chars</parameter> string will then 
+		augment the character settings in the <parameter>client code page</parameter> 
+		parameter.</para>
+
+		<para>If not set, <parameter>client code page</parameter> defaults 
+		to 850.</para>
+
+		<para>See also : <link linkend="VALIDCHARS"><parameter>valid 
+		chars</parameter></link>, <link linkend="CODEPAGEDIRECTORY">
+		<parameter>code page directory</parameter></link></para>
+
+		<para>Default: <command>client code page = 850</command></para>
+		<para>Example: <command>client code page = 936</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+
+		<varlistentry>
+		<term><anchor id="CODEPAGEDIRECTORY">code page directory (G)</term>
+		<listitem><para>Define the location of the various client code page
+		files.</para>
+		
+		<para>See also <link linkend="CLIENTCODEPAGE"><parameter>client
+		code page</parameter></link></para>
+		
+		<para>Default: <command>code page directory = ${prefix}/lib/codepages
+		</command></para>
+		<para>Example: <command>code page directory = /usr/share/samba/codepages
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		
+		<varlistentry>
+		<term><anchor id="CODINGSYSTEM">coding system (G)</term>
+		<listitem><para>This parameter is used to determine how incoming 
+		Shift-JIS Japanese characters are mapped from the incoming <link 
+		linkend="CLIENTCODEPAGE"><parameter>client code page</parameter>
+		</link> used by the client, into file names in the UNIX filesystem. 
+		Only useful if <parameter>client code page</parameter> is set to 
+		932 (Japanese Shift-JIS).  The options are :</para>
+
+		<itemizedlist>
+			<listitem><para><constant>SJIS</constant>  - Shift-JIS. Does no 
+			conversion of the incoming filename.</para></listitem>
+			
+			<listitem><para><constant>JIS8, J8BB, J8BH, J8@B, 
+			J8@J, J8@H </constant> - Convert from incoming Shift-JIS to eight 
+			bit JIS code with different shift-in, shift out codes.</para></listitem>
+
+			<listitem><para><constant>JIS7, J7BB, J7BH, J7@B, J7@J, 
+			J7@H </constant> - Convert from incoming Shift-JIS to seven bit 
+			JIS code with different shift-in, shift out codes.</para></listitem>
+
+			<listitem><para><constant>JUNET, JUBB, JUBH, JU@B, JU@J, JU@H </constant> 
+			- Convert from incoming Shift-JIS to JUNET code with different shift-in, 
+			shift out codes.</para></listitem>
+						
+			<listitem><para><constant>EUC</constant> - Convert an incoming 
+			Shift-JIS character to EUC code.</para></listitem>
+			
+			<listitem><para><constant>HEX</constant> - Convert an incoming 
+			Shift-JIS character to a 3 byte hex representation, i.e. 
+			<constant>:AB</constant>.</para></listitem>
+			
+			<listitem><para><constant>CAP</constant> - Convert an incoming 
+			Shift-JIS character to the 3 byte hex representation used by 
+			the Columbia AppleTalk Program (CAP), i.e. <constant>:AB</constant>.  
+			This is used for compatibility between Samba and CAP.</para></listitem>
+		</itemizedlist>
+		
+		<para>Default: <command>coding system = &lt;empty value&gt;</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="COMMENT">comment (S)</term>
+		<listitem><para>This is a text field that is seen next to a share 
+		when a client does a queries the server, either via the network 
+		neighborhood or via <command>net view</command> to list what shares 
+		are available.</para>
+
+		<para>If you want to set the string that is displayed next to the 
+		machine name then see the <link linkend="SERVERSTRING"><parameter>
+		server string</parameter></link> parameter.</para>
+
+		<para>Default: <emphasis>No comment string</emphasis></para>
+		<para>Example: <command>comment = Fred's Files</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="CONFIGFILE">config file (G)</term>
+		<listitem><para>This allows you to override the config file 
+		to use, instead of the default (usually <filename>smb.conf</filename>). 
+		There is a chicken and egg problem here as this option is set 
+		in the config file!</para>
+
+		<para>For this reason, if the name of the config file has changed 
+		when the parameters are loaded then it will reload them from 
+		the new config file.</para>
+
+		<para>This option takes the usual substitutions, which can 
+		be very useful.</para>
+
+		<para>If the config file doesn't exist then it won't be loaded 
+		(allowing you to special case the config files of just a few 
+		clients).</para>
+
+		<para>Example: <command>config file = /usr/local/samba/lib/smb.conf.%m
+		</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="COPY">copy (S)</term>
+		<listitem><para>This parameter allows you to "clone" service 
+		entries. The specified service is simply duplicated under the 
+		current service's name. Any parameters specified in the current 
+		section will override those in the section being copied.</para>
+
+		<para>This feature lets you set up a 'template' service and 
+		create similar services easily. Note that the service being 
+		copied must occur earlier in the configuration file than the 
+		service doing the copying.</para>
+
+		<para>Default: <emphasis>no value</emphasis></para>
+		<para>Example: <command>copy = otherservice</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="CREATEMASK">create mask (S)</term>
+		<listitem><para>A synonym for this parameter is 
+		<link linkend="CREATEMODE"><parameter>create mode</parameter>
+		</link>.</para>
+
+		<para>When a file is created, the necessary permissions are 
+		calculated according to the mapping from DOS modes to UNIX 
+		permissions, and the resulting UNIX mode is then bit-wise 'AND'ed 
+		with this parameter. This parameter may be thought of as a bit-wise 
+		MASK for the UNIX modes of a file. Any bit <emphasis>not</emphasis> 
+		set here will be removed from the modes set on a file when it is 
+		created.</para>
+
+		<para>The default value of this parameter removes the 
+		'group' and 'other' write and execute bits from the UNIX modes.</para>
+
+		<para>Following this Samba will bit-wise 'OR' the UNIX mode created 
+		from this parameter with the value of the <link
+		linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>
+		parameter which is set to 000 by default.</para>
+
+		<para>This parameter does not affect directory modes. See the 
+		parameter <link linkend="DIRECTORYMODE"><parameter>directory mode
+		</parameter></link> for details.</para>
+
+		<para>See also the <link linkend="FORCECREATEMODE"><parameter>force 
+		create mode</parameter></link> parameter for forcing particular mode 
+		bits to be set on created files. See also the <link linkend="DIRECTORYMODE">
+		<parameter>directory mode</parameter></link> parameter for masking 
+		mode bits on created directories.  See also the <link linkend="INHERITPERMISSIONS">
+		<parameter>inherit permissions</parameter></link> parameter.</para>
+
+		<para>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <link 
+		linkend="SECURITYMASK"><parameter>security mask</parameter></link>.</para>
+
+		<para>Default: <command>create mask = 0744</command></para>
+		<para>Example: <command>create mask = 0775</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="CREATEMODE">create mode (S)</term>
+		<listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter>
+		create mask</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term><anchor id="CSCPOLICY">csc policy (S)</term>
+		<listitem><para>This stands for <emphasis>client-side caching 
+		policy</emphasis>, and specifies how clients capable of offline
+		caching will cache the files in the share. The valid values
+		are: manual, documents, programs, disable.</para>
+
+		<para>These values correspond to those used on Windows
+		servers.</para>
+
+		<para>For example, shares containing roaming profiles can have
+		offline caching disabled using <command>csc policy = disable
+		</command>.</para>
+
+		<para>Default: <command>csc policy = manual</command></para>
+		<para>Example: <command>csc policy = programs</command></para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term><anchor id="DEADTIME">deadtime (G)</term>
+		<listitem><para>The value of the parameter (a decimal integer) 
+		represents the number of minutes of inactivity before a connection 
+		is considered dead, and it is disconnected. The deadtime only takes 
+		effect if the number of open files is zero.</para>
+		
+		<para>This is useful to stop a server's resources being 
+		exhausted by a large number of inactive connections.</para>
+
+		<para>Most clients have an auto-reconnect feature when a 
+		connection is broken so in most cases this parameter should be 
+		transparent to users.</para>
+
+		<para>Using this parameter with a timeout of a few minutes 
+		is recommended for most systems.</para>
+
+		<para>A deadtime of zero indicates that no auto-disconnection 
+		should be performed.</para>
+
+		<para>Default: <command>deadtime = 0</command></para>
+		<para>Example: <command>deadtime = 15</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DEBUGHIRESTIMESTAMP">debug hires timestamp (G)</term>
+		<listitem><para>Sometimes the timestamps in the log messages 
+		are needed with a resolution of higher that seconds, this 
+		boolean parameter adds microsecond resolution to the timestamp 
+		message header when turned on.</para>
+
+		<para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter>
+		debug timestamp</parameter></link> must be on for this to have an 
+		effect.</para>
+
+		<para>Default: <command>debug hires timestamp = no</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="DEBUGPID">debug pid (G)</term>
+		<listitem><para>When using only one log file for more then one 
+		forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process 
+		outputs which message. This boolean parameter is adds the process-id 
+		to the timestamp message headers in the logfile when turned on.</para>
+
+		<para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter>
+		debug timestamp</parameter></link> must be on for this to have an 
+		effect.</para>
+
+		<para>Default: <command>debug pid = no</command></para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="DEBUGTIMESTAMP">debug timestamp (G)</term>
+		<listitem><para>Samba 2.2 debug log messages are timestamped 
+		by default. If you are running at a high <link linkend="DEBUGLEVEL">
+		<parameter>debug level</parameter></link> these timestamps
+		can be distracting. This boolean parameter allows timestamping 
+		to be turned off.</para>
+
+		<para>Default: <command>debug timestamp = yes</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DEBUGUID">debug uid (G)</term>
+		<listitem><para>Samba is sometimes run as root and sometime 
+		run as the connected user, this boolean parameter inserts the 
+		current euid, egid, uid and gid to the timestamp message headers 
+		in the log file if turned on.</para>
+		
+		<para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter>
+		debug timestamp</parameter></link> must be on for this to have an 
+		effect.</para>
+
+		<para>Default: <command>debug uid = no</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DEBUGLEVEL">debuglevel (G)</term>
+		<listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter>
+		log level</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DEFAULT">default (G)</term>
+		<listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter>
+		default service</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DEFAULTCASE">default case (S)</term>
+		<listitem><para>See the section on <link linkend="NAMEMANGLINGSECT">
+		NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE">
+		<parameter>short preserve case</parameter></link> parameter.</para>
+
+		<para>Default: <command>default case = lower</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DEFAULTDEVMODE">default devmode (S)</term>
+		<listitem><para>This parameter is only applicable to <link
+		linkend="PRINTOK">printable</link> services.  When smbd is serving
+		Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
+		server has a Device Mode which defines things such as paper size and
+		orientation and duplex settings.  The device mode can only correctly be
+		generated by the printer driver itself (which can only be executed on a
+		Win32 platform).  Because smbd is unable to execute the driver code
+		to generate the device mode, the default behavior is to set this field
+		to NULL.
+		</para>
+
+		<para>Most problems with serving printer drivers to Windows NT/2k/XP clients
+		can be traced to a problem with the generated device mode.  Certain drivers
+		will do things such as crashing the client's Explorer.exe with a NULL devmode.
+		However, other printer drivers can cause the client's spooler service
+		(spoolsv.exe) to die if the devmode was not created by the driver itself
+		(i.e. smbd generates a default devmode).
+		</para>
+
+		<para>This parameter should be used with care and tested with the printer
+		driver in question.  It is better to leave the device mode to NULL
+		and let the Windows client set the correct values.  Because drivers do not
+		do this all the time, setting <command>default devmode = yes</command>
+		will instruct smbd to generate a default one.
+		</para>
+
+		<para>For more information on Windows NT/2k printing and Device Modes,
+		see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>.
+		</para>
+
+		<para>Default: <command>default devmode = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DEFAULTSERVICE">default service (G)</term>
+		<listitem><para>This parameter specifies the name of a service
+		which will be connected to if the service actually requested cannot
+		be found. Note that the square brackets are <emphasis>NOT</emphasis>
+		given in the parameter value (see example below).</para>
+
+		<para>There is no default value for this parameter. If this 
+		parameter is not given, attempting to connect to a nonexistent 
+		service results in an error.</para>
+
+		<para>Typically the default service would be a <link linkend="GUESTOK">
+		<parameter>guest ok</parameter></link>, <link linkend="READONLY">
+		<parameter>read-only</parameter></link> service.</para>
+
+		<para>Also note that the apparent service name will be changed 
+		to equal that of the requested service, this is very useful as it 
+		allows you to use macros like <parameter>%S</parameter> to make 
+		a wildcard service.</para>
+
+		<para>Note also that any "_" characters in the name of the service 
+		used in the default service will get mapped to a "/". This allows for
+		interesting things.</para>
+
+
+		<para>Example:</para>
+		
+		<para><programlisting>
+[global]
+	default service = pub
+        
+[pub]
+	path = /%S
+		</programlisting></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="DELETEPRINTERCOMMAND">delete printer command (G)</term>
+		<listitem><para>With the introduction of MS-RPC based printer
+		support for Windows NT/2000 clients in Samba 2.2, it is now 
+		possible to delete printer at run time by issuing the 
+		DeletePrinter() RPC call.</para>
+		
+		<para>For a Samba host this means that the printer must be 
+		physically deleted from underlying printing system.  The <parameter>
+		deleteprinter command</parameter> defines a script to be run which 
+		will perform the necessary operations for removing the printer
+		from the print system and from <filename>smb.conf</filename>.
+		</para>
+		
+		<para>The <parameter>delete printer command</parameter> is 
+		automatically called with only one parameter: <parameter>
+		"printer name"</parameter>.</para>
+		
+				
+		<para>Once the <parameter>delete printer command</parameter> has 
+		been executed, <command>smbd</command> will reparse the <filename>
+		smb.conf</filename> to associated printer no longer exists.  
+		If the sharename is still valid, then <command>smbd
+		</command> will return an ACCESS_DENIED error to the client.</para>
+		
+		<para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>
+		add printer command</parameter></link>, <link 
+		linkend="printing"><parameter>printing</parameter></link>,
+		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
+		printer wizard</parameter></link></para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>deleteprinter command = /usr/bin/removeprinter
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="DELETEREADONLY">delete readonly (S)</term>
+		<listitem><para>This parameter allows readonly files to be deleted.  
+		This is not normal DOS semantics, but is allowed by UNIX.</para>
+		
+		<para>This option may be useful for running applications such 
+		as rcs, where UNIX file ownership prevents changing file 
+		permissions, and DOS semantics prevent deletion of a read only file.</para>
+
+		<para>Default: <command>delete readonly = no</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DELETESHARECOMMAND">delete share command (G)</term>
+		<listitem><para>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<parameter>delete share command</parameter> is used to define an 
+		external program or script which will remove an existing service 
+		definition from <filename>smb.conf</filename>.  In order to successfully 
+		execute the <parameter>delete share command</parameter>, <command>smbd</command>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</para>
+		
+		<para>
+		When executed, <command>smbd</command> will automatically invoke the 
+		<parameter>delete share command</parameter> with two parameters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>configFile</parameter> - the location 
+			of the global <filename>smb.conf</filename> file. 
+			</para></listitem>
+			
+			<listitem><para><parameter>shareName</parameter> - the name of 
+			the existing service.
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>
+		This parameter is only used to remove file shares.  To delete printer shares, 
+		see the <link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer 
+		command</parameter></link>.
+		</para>
+		
+		<para>
+		See also <link linkend="ADDSHARECOMMAND"><parameter>add share
+		command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter>change 
+		share command</parameter></link>.
+		</para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>delete share command = /usr/local/bin/delshare</command></para>
+		
+		</listitem>
+		</varlistentry>
+
+
+		
+		
+		<varlistentry>
+		<term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term>
+		<listitem><para>This is the full pathname to a script that will 
+		be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">
+		<command>smbd(8)</command></ulink> under special circumstances 
+		described below.</para>
+
+		<para>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <command>
+		smbd</command> to delete the required UNIX users <emphasis>ON 
+		DEMAND</emphasis> when a user accesses the Samba server and the 
+		Windows NT user no longer exists.</para>
+		
+		<para>In order to use this option, <command>smbd</command> must be 
+		set to <parameter>security = domain</parameter> or <parameter>security =
+		user</parameter> and <parameter>delete user script</parameter> 
+		must be set to a full pathname for a script 
+		that will delete a UNIX user given one argument of <parameter>%u</parameter>, 
+		which expands into the UNIX user name to delete.</para>
+
+		<para>When the Windows user attempts to access the Samba server, 
+		at <emphasis>login</emphasis> (session setup in the SMB protocol) 
+		time, <command>smbd</command> contacts the <link linkend="PASSWORDSERVER">
+		<parameter>password server</parameter></link> and attempts to authenticate 
+		the given user with the given password. If the authentication fails 
+		with the specific Domain error code meaning that the user no longer 
+		exists then <command>smbd</command> attempts to find a UNIX user in 
+		the UNIX password database that matches the Windows user account. If 
+		this lookup succeeds, and <parameter>delete user script</parameter> is 
+		set then <command>smbd</command> will all the specified script 
+		<emphasis>AS ROOT</emphasis>, expanding any <parameter>%u</parameter> 
+		argument to be the user name to delete.</para>
+
+		<para>This script should delete the given UNIX username. In this way, 
+		UNIX users are dynamically deleted to match existing Windows NT 
+		accounts.</para>
+
+		<para>See also <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>,
+		<link linkend="PASSWORDSERVER"><parameter>password server</parameter>
+		</link>, <link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter>
+		</link>.</para>
+
+		<para>Default: <command>delete user script = &lt;empty string&gt;
+		</command></para>
+		<para>Example: <command>delete user script = /usr/local/samba/bin/del_user 
+		%u</command></para></listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="DELETEVETOFILES">delete veto files (S)</term>
+		<listitem><para>This option is used when Samba is attempting to 
+		delete a directory that contains one or more vetoed directories 
+		(see the <link linkend="VETOFILES"><parameter>veto files</parameter></link>
+		option).  If this option is set to <constant>no</constant> (the default) then if a vetoed 
+		directory contains any non-vetoed files or directories then the 
+		directory delete will fail. This is usually what you want.</para>
+
+		<para>If this option is set to <constant>yes</constant>, then Samba 
+		will attempt to recursively delete any files and directories within 
+		the vetoed directory. This can be useful for integration with file 
+		serving systems such as NetAtalk which create meta-files within 
+		directories you might normally veto DOS/Windows users from seeing 
+		(e.g. <filename>.AppleDouble</filename>)</para>
+
+		<para>Setting <command>delete veto files = yes</command> allows these 
+		directories to be  transparently deleted when the parent directory 
+		is deleted (so long as the user has permissions to do so).</para>
+
+		<para>See also the <link linkend="VETOFILES"><parameter>veto 
+		files</parameter></link> parameter.</para>
+
+		<para>Default: <command>delete veto files = no</command></para></listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="DENYHOSTS">deny hosts (S)</term>
+		<listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter>hosts 
+		deny</parameter></link>.</para></listitem>
+		</varlistentry>
+
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DFREECOMMAND">dfree command (G)</term>
+		<listitem><para>The <parameter>dfree command</parameter> setting should 
+		only be used on systems where a problem occurs with the internal 
+		disk space calculations. This has been known to happen with Ultrix, 
+		but may occur with other operating systems. The symptom that was 
+		seen was an error of "Abort Retry Ignore" at the end of each 
+		directory listing.</para>
+		
+		<para>This setting allows the replacement of the internal routines to
+		calculate the total disk space and amount available with an external
+		routine. The example below gives a possible script that might fulfill
+		this function.</para>
+
+		<para>The external program will be passed a single parameter indicating 
+		a directory in the filesystem being queried. This will typically consist
+		of the string <filename>./</filename>. The script should return two 
+		integers in ASCII. The first should be the total disk space in blocks, 
+		and the second should be the number of available blocks. An optional 
+		third return value can give the block size in bytes. The default 
+		blocksize is 1024 bytes.</para>
+
+		<para>Note: Your script should <emphasis>NOT</emphasis> be setuid or 
+		setgid and should be owned by (and writeable only by) root!</para>
+
+		<para>Default: <emphasis>By default internal routines for 
+		determining the disk capacity and remaining space will be used.
+		</emphasis></para>
+
+		<para>Example: <command>dfree command = /usr/local/samba/bin/dfree
+		</command></para>
+
+		<para>Where the script dfree (which must be made executable) could be:</para>
+
+		<para><programlisting> 
+		#!/bin/sh
+		df $1 | tail -1 | awk '{print $2" "$4}'
+		</programlisting></para>
+
+		<para>or perhaps (on Sys V based systems):</para>
+
+		<para><programlisting> 
+		#!/bin/sh
+		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+		</programlisting></para>
+		
+		<para>Note that you may have to replace the command names 
+		with full path names on some systems.</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DIRECTORY">directory (S)</term>
+		<listitem><para>Synonym for <link linkend="PATH"><parameter>path
+		</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DIRECTORYMASK">directory mask (S)</term>
+		<listitem><para>This parameter is the octal modes which are 
+		used when converting DOS modes to UNIX modes when creating UNIX 
+		directories.</para>
+
+		<para>When a directory is created, the necessary permissions are 
+		calculated according to the mapping from DOS modes to UNIX permissions, 
+		and the resulting UNIX mode is then bit-wise 'AND'ed with this 
+		parameter. This parameter may be thought of as a bit-wise MASK for 
+		the UNIX modes of a directory. Any bit <emphasis>not</emphasis> set 
+		here will be removed from the modes set on a directory when it is 
+		created.</para>
+
+		<para>The default value of this parameter removes the 'group' 
+		and 'other' write bits from the UNIX mode, allowing only the 
+		user who owns the directory to modify it.</para>
+		
+		<para>Following this Samba will bit-wise 'OR' the UNIX mode 
+		created from this parameter with the value of the <link
+		linkend="FORCEDIRECTORYMODE"><parameter>force directory mode
+		</parameter></link> parameter. This parameter is set to 000 by 
+		default (i.e. no extra mode bits are added).</para>
+
+		<para>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <link 
+		linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link>.</para>
+
+		<para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force 
+		directory mode</parameter></link> parameter to cause particular mode 
+		bits to always be set on created directories.</para>
+
+		<para>See also the <link linkend="CREATEMODE"><parameter>create mode
+		</parameter></link> parameter for masking mode bits on created files, 
+		and the <link linkend="DIRECTORYSECURITYMASK"><parameter>directory 
+		security mask</parameter></link> parameter.</para>
+
+		<para>Also refer to the <link linkend="INHERITPERMISSIONS"><parameter>
+		inherit permissions</parameter></link> parameter.</para>
+
+		<para>Default: <command>directory mask = 0755</command></para>
+		<para>Example: <command>directory mask = 0775</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DIRECTORYMODE">directory mode (S)</term>
+		<listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter>
+		directory mask</parameter></link></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DIRECTORYSECURITYMASK">directory security mask (S)</term>
+		<listitem><para>This parameter controls what UNIX permission bits 
+		can be modified when a Windows NT client is manipulating the UNIX 
+		permission on a directory using the native NT security dialog 
+		box.</para>
+
+		<para>This parameter is applied as a mask (AND'ed with) to 
+		the changed permission bits, thus preventing any bits not in 
+		this mask from being modified. Essentially, zero bits in this 
+		mask may be treated as a set of bits the user is not allowed 
+		to change.</para>
+
+		<para>If not set explicitly this parameter is set to 0777
+		meaning a user is allowed to modify all the user/group/world
+		permissions on a directory.</para>
+
+		<para><emphasis>Note</emphasis> that users who can access the 
+		Samba server through other means can easily bypass this restriction, 
+		so it is primarily useful for standalone "appliance" systems.  
+		Administrators of most normal systems will probably want to leave
+		it as the default of <constant>0777</constant>.</para>
+
+		<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>
+		force directory security mode</parameter></link>, <link
+		linkend="SECURITYMASK"><parameter>security mask</parameter></link>, 
+		<link linkend="FORCESECURITYMODE"><parameter>force security mode
+		</parameter></link> parameters.</para>
+
+		<para>Default: <command>directory security mask = 0777</command></para>
+		<para>Example: <command>directory security mask = 0700</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DISABLESPOOLSS">disable spoolss (G)</term>
+		<listitem><para>Enabling this parameter will disables Samba's support
+		for the SPOOLSS set of MS-RPC's and will yield identical behavior
+		as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
+		Lanman style printing commands. Windows 9x/ME will be uneffected by
+		the parameter. However, this will also disable the ability to upload
+		printer drivers to a Samba server via the Windows NT Add Printer
+		Wizard or by using the NT printer properties dialog window.  It will
+		also disable the capability of Windows NT/2000 clients to download
+		print drivers from the Samba host upon demand.
+		<emphasis>Be very careful about enabling this parameter.</emphasis>
+		</para>
+
+		<para>See also <link linkend="USECLIENTDRIVER">use client driver</link>
+		</para>
+ 
+		<para>Default : <command>disable spoolss = no</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DNSPROXY">dns proxy (G)</term>
+		<listitem><para>Specifies that <ulink url="nmbd.8.html">nmbd(8)</ulink> 
+		when acting as a WINS server and finding that a NetBIOS name has not 
+		been registered, should treat the NetBIOS name word-for-word as a DNS 
+		name and do a lookup with the DNS server for that name on behalf of 
+		the name-querying client.</para>
+
+		<para>Note that the maximum length for a NetBIOS name is 15 
+		characters, so the DNS name (or DNS alias) can likewise only be 
+		15 characters, maximum.</para>
+
+		<para><command>nmbd</command> spawns a second copy of itself to do the
+		DNS name lookup requests, as doing a name lookup is a blocking 
+		action.</para>
+
+		<para>See also the parameter <link linkend="WINSSUPPORT"><parameter>
+		wins support</parameter></link>.</para>
+
+		<para>Default: <command>dns proxy = yes</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DOMAINADMINGROUP">domain admin group (G)</term>
+		<listitem><para>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Admins" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<filename>smb.conf</filename>	notation.
+		</para>
+		
+		<para>See also <link linkend="DOMAINGUESTGROUP"><parameter>domain
+		guest group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain
+		logons</parameter></link>
+		</para>
+		
+		<para>Default: <emphasis>no domain administrators</emphasis></para>
+		<para>Example: <command>domain admin group = root @wheel</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="DOMAINGUESTGROUP">domain guest group (G)</term>
+		<listitem><para>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Guests" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<filename>smb.conf</filename>	notation.
+		</para>
+		
+		<para>See also <link linkend="DOMAINADMINGROUP"><parameter>domain
+		admin group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain
+		logons</parameter></link>
+		</para>		
+		
+		<para>Default: <emphasis>no domain guests</emphasis></para>
+		<para>Example: <command>domain guest group = nobody @guest</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="DOMAINLOGONS">domain logons (G)</term>
+		<listitem><para>If set to <constant>yes</constant>, the Samba server will serve 
+		Windows 95/98 Domain logons for the <link linkend="WORKGROUP">
+		<parameter>workgroup</parameter></link> it is in. Samba 2.2 also 
+		has limited capability to act as a domain controller for Windows 
+		NT 4 Domains.  For more details on setting up this feature see 
+		the Samba-PDC-HOWTO included in the <filename>htmldocs/</filename>
+		directory shipped with the source code.</para>
+		
+		<para>Default: <command>domain logons = no</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DOMAINMASTER">domain master (G)</term>
+		<listitem><para>Tell <ulink url="nmbd.8.html"><command>
+		nmbd(8)</command></ulink> to enable WAN-wide browse list
+		collation. Setting this option causes <command>nmbd</command> to
+		claim a special domain specific NetBIOS name that identifies 
+		it as a domain master browser for its given <link linkend="WORKGROUP">
+		<parameter>workgroup</parameter></link>. Local master browsers 
+		in the same <parameter>workgroup</parameter> on broadcast-isolated 
+		subnets will give this <command>nmbd</command> their local browse lists, 
+		and then ask <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> 
+		for a complete copy of the browse list for the whole wide area 
+		network.  Browser clients will then contact their local master browser, 
+		and will receive the domain-wide browse list, instead of just the list 
+		for their broadcast-isolated subnet.</para>
+
+		<para>Note that Windows NT Primary Domain Controllers expect to be 
+		able to claim this <parameter>workgroup</parameter> specific special 
+		NetBIOS name that identifies them as domain master browsers for 
+		that <parameter>workgroup</parameter> by default (i.e. there is no 
+		way to prevent a Windows NT PDC from attempting to do this). This 
+		means that if this parameter is set and <command>nmbd</command> claims 
+		the special name for a <parameter>workgroup</parameter> before a Windows 
+		NT PDC is able to do so then cross subnet browsing will behave 
+		strangely and may fail.</para>
+		
+		<para>If <link linkend="DOMAINLOGONS"><command>domain logons = yes</command>
+		</link>, then the default behavior is to enable the <parameter>domain 
+		master</parameter> parameter.  If <parameter>domain logons</parameter> is 
+		not enabled (the default setting), then neither will <parameter>domain 
+		master</parameter> be enabled by default.</para>
+
+		<para>Default: <command>domain master = auto</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="DONTDESCEND">dont descend (S)</term>
+		<listitem><para>There are certain directories on some systems 
+		(e.g., the <filename>/proc</filename> tree under Linux) that are either not 
+		of interest to clients or are infinitely deep (recursive). This 
+		parameter allows you to specify a comma-delimited list of directories 
+		that the server should always show as empty.</para>
+
+		<para>Note that Samba can be very fussy about the exact format 
+		of the "dont descend" entries. For example you may need <filename>
+		./proc</filename> instead of just <filename>/proc</filename>. 
+		Experimentation is the best policy :-)  </para>
+		
+		<para>Default: <emphasis>none (i.e., all directories are OK 
+		to descend)</emphasis></para>
+		<para>Example: <command>dont descend = /proc,/dev</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="DOSFILEMODE">dos filemode (S)</term>
+		<listitem><para> The default behavior in Samba is to provide 
+		UNIX-like behavior where only the owner of a file/directory is 
+		able to change the permissions on it.  However, this behavior
+		is often confusing to  DOS/Windows users.  Enabling this parameter 
+		allows a user who has write access to the file (by whatever 
+		means) to modify the permissions on it.  Note that a user
+		belonging to the group owning the file will not be allowed to
+		change permissions if the group is only granted read access.
+		Ownership of the file/directory is not changed, only the permissions 
+		are modified.</para>
+		
+		<para>Default: <command>dos filemode = no</command></para>
+		</listitem>
+		</varlistentry>
+
+		
+		
+		<varlistentry>
+		<term><anchor id="DOSFILETIMERESOLUTION">dos filetime resolution (S)</term>
+		<listitem><para>Under the DOS and Windows FAT filesystem, the finest 
+		granularity on time resolution is two seconds. Setting this parameter 
+		for a share causes Samba to round the reported time down to the 
+		nearest two second boundary when a query call that requires one second 
+		resolution is made to <ulink url="smbd.8.html"><command>smbd(8)</command>
+		</ulink>.</para>
+
+		<para>This option is mainly used as a compatibility option for Visual 
+		C++ when used against Samba shares. If oplocks are enabled on a 
+		share, Visual C++ uses two different time reading calls to check if a 
+		file has changed since it was last read. One of these calls uses a
+		one-second granularity, the other uses a two second granularity. As
+		the two second call rounds any odd second down, then if the file has a
+		timestamp of an odd number of seconds then the two timestamps will not
+		match and Visual C++ will keep reporting the file has changed. Setting
+		this option causes the two timestamps to match, and Visual C++ is
+		happy.</para>
+
+		<para>Default: <command>dos filetime resolution = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="DOSFILETIMES">dos filetimes (S)</term>
+		<listitem><para>Under DOS and Windows, if a user can write to a 
+		file they can change the timestamp on it. Under POSIX semantics, 
+		only the owner of the file or root may change the timestamp. By 
+		default, Samba runs with POSIX semantics and refuses to change the 
+		timestamp on a file if the user <command>smbd</command> is acting 
+		on behalf of is not the file owner. Setting this option to <constant>
+		yes</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file 
+		timestamp as DOS requires.</para>
+
+		<para>Default: <command>dos filetimes = no</command></para></listitem>
+		</varlistentry>
+
+		
+
+		<varlistentry>
+		<term><anchor id="ENCRYPTPASSWORDS">encrypt passwords (G)</term>
+		<listitem><para>This boolean controls whether encrypted passwords 
+		will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
+		above and also Windows 98 will by default expect encrypted passwords 
+		unless a registry entry is changed. To use encrypted passwords in 
+		Samba see the file ENCRYPTION.txt in the Samba documentation 
+		directory <filename>docs/</filename> shipped with the source code.</para>
+
+		<para>In order for encrypted passwords to work correctly
+		<ulink url="smbd.8.html"><command>smbd(8)</command></ulink> must either 
+		have access to a local <ulink url="smbpasswd.5.html"><filename>smbpasswd(5)
+		</filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command>
+		smbpasswd(8)</command></ulink> program for information on how to set up 
+ 		and maintain this file), or set the <link
+		linkend="SECURITY">security = [server|domain]</link> parameter which 
+		causes <command>smbd</command> to authenticate against another 
+		server.</para>
+		
+		<para>Default: <command>encrypt passwords = no</command></para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="ENHANCEDBROWSING">enhanced browsing (G)</term>
+		<listitem><para>This option enables a couple of enhancements to 
+		cross-subnet browse propagation that have been added in Samba 
+		but which are not standard in Microsoft implementations.  
+		</para>
+
+		<para>The first enhancement to browse propagation consists of a regular
+		wildcard query to a Samba WINS server for all Domain Master Browsers,
+		followed by a browse synchronization with each of the returned
+		DMBs. The second enhancement consists of a regular randomised browse
+		synchronization with all currently known DMBs.</para>
+
+		<para>You may wish to disable this option if you have a problem with empty
+		workgroups not disappearing from browse lists. Due to the restrictions
+		of the browse protocols these enhancements can cause a empty workgroup
+		to stay around forever which can be annoying.</para>
+
+		<para>In general you should leave this option enabled as it makes
+		cross-subnet browse propagation much more reliable.</para>
+
+		<para>Default: <command>enhanced browsing = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="ENUMPORTSCOMMAND">enumports command (G)</term>
+		<listitem><para>The concept of a "port" is fairly foreign
+		to UNIX hosts.  Under Windows NT/2000 print servers, a port
+		is associated with a port monitor and generally takes the form of
+		a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
+		(i.e. LPD Port Monitor, etc...).  By default, Samba has only one
+		port defined--<constant>"Samba Printer Port"</constant>.  Under 
+		Windows NT/2000, all printers must have a valid port name.  
+		If you wish to have a list of ports displayed (<command>smbd
+		</command> does not use a port name for anything) other than 
+		the default <constant>"Samba Printer Port"</constant>, you 
+		can define <parameter>enumports command</parameter> to point to
+		a program which should generate a list of ports, one per line,
+		to standard output.  This listing will then be used in response
+		to the level 1 and 2 EnumPorts() RPC.</para>
+		
+		<para>Default: <emphasis>no enumports command</emphasis></para>
+		<para>Example: <command>enumports command = /usr/bin/listports
+		</command></para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term><anchor id="EXEC">exec (S)</term>
+		<listitem><para>This is a synonym for <link linkend="PREEXEC">
+		<parameter>preexec</parameter></link>.</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="FAKEDIRECTORYCREATETIMES">fake directory create times (S)</term>
+		<listitem><para>NTFS and Windows VFAT file systems keep a create 
+		time for all files and directories. This is not the same as the 
+		ctime - status change time - that Unix keeps, so Samba by default 
+		reports the earliest of the various times Unix does keep. Setting 
+		this parameter for a share causes Samba to always report midnight 
+		1-1-1980 as the create time for directories.</para>
+
+		<para>This option is mainly used as a compatibility option for 
+		Visual C++ when used against Samba shares. Visual C++ generated 
+		makefiles have the object directory as a dependency for each object 
+		file, and a make rule to create the directory. Also, when NMAKE 
+		compares timestamps it uses the creation time when examining a 
+		directory. Thus the object directory will be created if it does not 
+		exist, but once it does exist it will always have an earlier 
+		timestamp than the object files it contains.</para>
+
+		<para>However, Unix time semantics mean that the create time 
+		reported by Samba will be updated whenever a file is created or 
+		or deleted in the directory.  NMAKE finds all object files in 
+		the object directory.  The timestamp of the last one built is then 
+		compared to the timestamp of the object directory.  If the 
+		directory's timestamp if newer, then all object files
+		will be rebuilt.  Enabling this option 
+		ensures directories always predate their contents and an NMAKE build 
+		will proceed as expected.</para>
+
+		<para>Default: <command>fake directory create times = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="FAKEOPLOCKS">fake oplocks (S)</term>
+		<listitem><para>Oplocks are the way that SMB clients get permission 
+		from a server to locally cache file operations. If a server grants 
+		an oplock (opportunistic lock) then the client is free to assume 
+		that it is the only one accessing the file and it will aggressively 
+		cache file data. With some oplock types the client may even cache 
+		file open/close operations. This can give enormous performance benefits.
+		</para>
+
+		<para>When you set <command>fake oplocks = yes</command>, <ulink 
+		url="smbd.8.html"><command>smbd(8)</command></ulink> will
+		always grant oplock requests no matter how many clients are using 
+		the file.</para>
+
+		<para>It is generally much better to use the real <link 
+		linkend="OPLOCKS"><parameter>oplocks</parameter></link> support rather 
+		than this parameter.</para>
+		
+		<para>If you enable this option on all read-only shares or 
+		shares that you know will only be accessed from one client at a 
+		time such as physically read-only media like CDROMs, you will see 
+		a big performance improvement on many operations. If you enable 
+		this option on shares where multiple clients may be accessing the 
+		files read-write at the same time you can get data corruption. Use 
+		this option carefully!</para>
+		
+		<para>Default: <command>fake oplocks = no</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="FOLLOWSYMLINKS">follow symlinks (S)</term>
+		<listitem><para>This parameter allows the Samba administrator 
+		to stop <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> 
+		from following symbolic links in a particular share. Setting this 
+		parameter to <constant>no</constant> prevents any file or directory 
+		that is a symbolic link from being followed (the user will get an 
+		error).  This option is very useful to stop users from adding a 
+		symbolic link to <filename>/etc/passwd</filename> in their home 
+		directory for instance.  However it will slow filename lookups 
+		down slightly.</para>
+
+		<para>This option is enabled (i.e. <command>smbd</command> will 
+		follow symbolic links) by default.</para>
+		
+		<para>Default: <command>follow symlinks = yes</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="FORCECREATEMODE">force create mode (S)</term>
+		<listitem><para>This parameter specifies a set of UNIX mode bit 
+		permissions that will <emphasis>always</emphasis> be set on a 
+		file created by Samba. This is done by bitwise 'OR'ing these bits onto 
+		the mode bits of a file that is being created or having its 
+		permissions changed. The default for this parameter is (in octal) 
+		000. The modes in this parameter are bitwise 'OR'ed onto the file 
+		mode after the mask set in the <parameter>create mask</parameter> 
+		parameter is applied.</para>
+		
+		<para>See also the parameter <link linkend="CREATEMASK"><parameter>create 
+		mask</parameter></link> for details on masking mode bits on files.</para>
+
+		<para>See also the <link linkend="INHERITPERMISSIONS"><parameter>inherit 
+		permissions</parameter></link> parameter.</para>
+
+		<para>Default: <command>force create mode = 000</command></para>
+		<para>Example: <command>force create mode = 0755</command></para>
+
+		<para>would force all created files to have read and execute 
+		permissions set for 'group' and 'other' as well as the 
+		read/write/execute bits set for the 'user'.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+ 		<varlistentry>
+		<term><anchor id="FORCEDIRECTORYMODE">force directory mode (S)</term>
+		<listitem><para>This parameter specifies a set of UNIX mode bit 
+		permissions that will <emphasis>always</emphasis> be set on a directory 
+		created by Samba. This is done by bitwise 'OR'ing these bits onto the 
+		mode bits of a directory that is being created. The default for this 
+		parameter is (in octal) 0000 which will not add any extra permission 
+		bits to a created directory. This operation is done after the mode 
+		mask in the parameter <parameter>directory mask</parameter> is 
+		applied.</para>
+
+		<para>See also the parameter <link linkend="DIRECTORYMASK"><parameter>
+		directory mask</parameter></link> for details on masking mode bits 
+		on created directories.</para>
+		
+		<para>See also the <link linkend="INHERITPERMISSIONS"><parameter>
+		inherit permissions</parameter></link> parameter.</para>
+
+		<para>Default: <command>force directory mode = 000</command></para>
+		<para>Example: <command>force directory mode = 0755</command></para>
+
+		<para>would force all created directories to have read and execute
+		permissions set for 'group' and 'other' as well as the
+		read/write/execute bits set for the 'user'.</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="FORCEDIRECTORYSECURITYMODE">force directory 
+		security mode (S)</term>
+		<listitem><para>This parameter controls what UNIX permission bits 
+		can be modified when a Windows NT client is manipulating the UNIX 
+		permission on a directory using the native NT security dialog box.</para>
+
+		<para>This parameter is applied as a mask (OR'ed with) to the 
+		changed permission bits, thus forcing any bits in this mask that 
+		the user may have modified to be on. Essentially, one bits in this 
+		mask may be treated as a set of bits that, when modifying security 
+		on a directory, the user has always set to be 'on'.</para>
+
+		<para>If not set explicitly this parameter is 000, which 
+		allows a user to modify all the user/group/world permissions on a 
+		directory without restrictions.</para>
+
+		<para><emphasis>Note</emphasis> that users who can access the 
+		Samba server through other means can easily bypass this restriction, 
+		so it is primarily useful for standalone "appliance" systems.  
+		Administrators of most normal systems will probably want to leave
+		it set as 0000.</para>
+
+		<para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter>
+		directory security mask</parameter></link>, <link linkend="SECURITYMASK">
+		<parameter>security mask</parameter></link>, 
+		<link linkend="FORCESECURITYMODE"><parameter>force security mode
+		</parameter></link> parameters.</para>
+
+		<para>Default: <command>force directory security mode = 0</command></para>
+		<para>Example: <command>force directory security mode = 700</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="FORCEGROUP">force group (S)</term>
+		<listitem><para>This specifies a UNIX group name that will be 
+		assigned as the default primary group for all users connecting 
+		to this service. This is useful for sharing files by ensuring 
+		that all access to files on service will use the named group for 
+		their permissions checking. Thus, by assigning permissions for this 
+		group to the files and directories within this service the Samba 
+		administrator can restrict or allow sharing of these files.</para>
+
+		<para>In Samba 2.0.5 and above this parameter has extended 
+		functionality in the following way. If the group name listed here 
+		has a '+' character prepended to it then the current user accessing 
+		the share only has the primary group default assigned to this group 
+		if they are already assigned as a member of that group. This allows 
+		an administrator to decide that only users who are already in a 
+		particular group will create files with group ownership set to that 
+		group. This gives a finer granularity of ownership assignment. For 
+		example, the setting <filename>force group = +sys</filename> means 
+		that only users who are already in group sys will have their default
+		primary group assigned to sys when accessing this Samba share. All
+		other users will retain their ordinary primary group.</para>
+
+		<para>If the <link linkend="FORCEUSER"><parameter>force user
+		</parameter></link> parameter is also set the group specified in 
+		<parameter>force group</parameter> will override the primary group
+		set in <parameter>force user</parameter>.</para>
+
+		<para>See also <link linkend="FORCEUSER"><parameter>force 
+		user</parameter></link>.</para>
+
+		<para>Default: <emphasis>no forced group</emphasis></para>
+		<para>Example: <command>force group = agroup</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="FORCESECURITYMODE">force security mode (S)</term>
+		<listitem><para>This parameter controls what UNIX permission 
+		bits can be modified when a Windows NT client is manipulating 
+		the UNIX permission on a file using the native NT security dialog 
+		box.</para>
+		
+		<para>This parameter is applied as a mask (OR'ed with) to the 
+		changed permission bits, thus forcing any bits in this mask that 
+		the user may have modified to be on. Essentially, one bits in this 
+		mask may be treated as a set of bits that, when modifying security 
+		on a file, the user has always set to be 'on'.</para>
+
+		<para>If not set explicitly this parameter is set to 0,
+		and allows a user to modify all the user/group/world permissions on a file,
+		with no restrictions.</para>
+		
+		<para><emphasis>Note</emphasis> that users who can access 
+		the Samba server through other means can easily bypass this restriction, 
+		so it is primarily useful for standalone "appliance" systems.  
+		Administrators of most normal systems will probably want to leave
+		this set to 0000.</para>
+
+		<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>
+		force directory security mode</parameter></link>,
+		<link linkend="DIRECTORYSECURITYMASK"><parameter>directory security
+		mask</parameter></link>, <link linkend="SECURITYMASK"><parameter>
+		security mask</parameter></link> parameters.</para>
+
+		<para>Default: <command>force security mode = 0</command></para>
+		<para>Example: <command>force security mode = 700</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="FORCEUNKNOWNACLUSER">force unknown acl user (S)</term>
+		<listitem><para>If this parameter is set, a Windows NT ACL that contains
+		an unknown SID (security descriptor, or representation of a user or group id)
+		as the owner or group owner of the file will be silently mapped into the
+		current UNIX uid or gid of the currently connected user.</para>
+
+		<para>This is designed to allow Windows NT clients to copy files and
+		folders containing ACLs that were created locally on the client machine
+		and contain users local to that machine only (no domain users) to be
+		copied to a Samba server (usually with XCOPY /O) and have the unknown
+		userid and groupid of the file owner map to the current connected user.
+		This can only be fixed correctly when winbindd allows arbitrary mapping
+		from any Windows NT SID to a UNIX uid or gid.</para>
+
+		<para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+		</para>
+
+		<para>See also <link linkend="FORCEGROUP"><parameter>force group
+		</parameter></link></para>
+
+		<para>Default: <emphasis>False</emphasis></para>
+		<para>Example: <command>force unknown acl user = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="FORCEUSER">force user (S)</term>
+		<listitem><para>This specifies a UNIX user name that will be 
+		assigned as the default user for all users connecting to this service. 
+		This is useful for sharing files. You should also use it carefully 
+		as using it incorrectly can cause security problems.</para>
+
+		<para>This user name only gets used once a connection is established. 
+		Thus clients still need to connect as a valid user and supply a 
+		valid password. Once connected, all file operations will be performed 
+		as the "forced user", no matter what username the client connected 
+		as.  This can be very useful.</para>
+
+		<para>In Samba 2.0.5 and above this parameter also causes the 
+		primary group of the forced user to be used as the primary group 
+		for all file activity. Prior to 2.0.5 the primary group was left 
+		as the primary group of the connecting user (this was a bug).</para>
+
+		<para>See also <link linkend="FORCEGROUP"><parameter>force group
+		</parameter></link></para>
+
+		<para>Default: <emphasis>no forced user</emphasis></para>
+		<para>Example: <command>force user = auser</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="FSTYPE">fstype (S)</term>
+		<listitem><para>This parameter allows the administrator to 
+		configure the string that specifies the type of filesystem a share 
+		is using that is reported by <ulink url="smbd.8.html"><command>smbd(8)
+		</command></ulink> when a client queries the filesystem type
+		for a share. The default type is <constant>NTFS</constant> for 
+		compatibility with Windows NT but this can be changed to other 
+		strings such as <constant>Samba</constant> or <constant>FAT
+		</constant> if required.</para>
+		
+		<para>Default: <command>fstype = NTFS</command></para>
+		<para>Example: <command>fstype = Samba</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="GETWDCACHE">getwd cache (G)</term>
+		<listitem><para>This is a tuning option. When this is enabled a 
+		caching algorithm will be used to reduce the time taken for getwd() 
+		calls. This can have a significant impact on performance, especially 
+		when the <link linkend="WIDELINKS"><parameter>wide links</parameter>
+		</link>parameter is set to <constant>no</constant>.</para>
+
+		<para>Default: <command>getwd cache = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="GROUP">group (S)</term>
+		<listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter>force 
+		group</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="GUESTACCOUNT">guest account (S)</term>
+		<listitem><para>This is a username which will be used for access 
+		to services which are specified as <link linkend="GUESTOK"><parameter>
+		guest ok</parameter></link> (see below). Whatever privileges this 
+		user has will be available to any client connecting to the guest service. 
+		Typically this user will exist in the password file, but will not
+		have a valid login. The user account "ftp" is often a good choice 
+		for this parameter. If a username is specified in a given service, 
+		the specified username overrides this one.</para>
+
+		<para>One some systems the default guest account "nobody" may not 
+		be able to print. Use another account in this case. You should test 
+		this by trying to log in as your guest user (perhaps by using the 
+		<command>su -</command> command) and trying to print using the 
+		system print command such as <command>lpr(1)</command> or <command>
+		lp(1)</command>.</para>
+		
+		<para>Default: <emphasis>specified at compile time, usually 
+		"nobody"</emphasis></para>
+
+		<para>Example: <command>guest account = ftp</command></para></listitem>
+		</varlistentry>
+
+		
+		
+		<varlistentry>
+		<term><anchor id="GUESTOK">guest ok (S)</term>
+		<listitem><para>If this parameter is <constant>yes</constant> for 
+		a service, then no password is required to connect to the service. 
+		Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter>
+		guest account</parameter></link>.</para>
+
+		<para>See the section below on <link linkend="SECURITY"><parameter>
+		security</parameter></link> for more information about this option.
+		</para>
+
+		<para>Default: <command>guest ok = no</command></para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="GUESTONLY">guest only (S)</term>
+		<listitem><para>If this parameter is <constant>yes</constant> for 
+		a service, then only guest connections to the service are permitted. 
+		This parameter will have no effect if <link linkend="GUESTOK">
+		<parameter>guest ok</parameter></link> is not set for the service.</para>
+
+		<para>See the section below on <link linkend="SECURITY"><parameter>
+		security</parameter></link> for more information about this option.
+		</para>
+
+		<para>Default: <command>guest only = no</command></para></listitem>
+		</varlistentry>
+
+
+		
+		<varlistentry>
+		<term><anchor id="HIDEDOTFILES">hide dot files (S)</term>
+		<listitem><para>This is a boolean parameter that controls whether 
+		files starting with a dot appear as hidden files.</para>
+
+		<para>Default: <command>hide dot files = yes</command></para></listitem>
+		</varlistentry>
+
+
+	
+		<varlistentry>
+		<term><anchor id="HIDEFILES">hide files(S)</term>
+		<listitem><para>This is a list of files or directories that are not 
+		visible but are accessible.  The DOS 'hidden' attribute is applied 
+		to any files or directories that match.</para>
+
+		<para>Each entry in the list must be separated by a '/', 
+		which allows spaces to be included in the entry.  '*'
+		and '?' can be used to specify multiple files or directories 
+		as in DOS wildcards.</para>
+
+		<para>Each entry must be a Unix path, not a DOS path and must 
+		not include the Unix directory separator '/'.</para>
+
+		<para>Note that the case sensitivity option is applicable 
+		in hiding files.</para>
+		
+		<para>Setting this parameter will affect the performance of Samba, 
+		as it will be forced to check all files and directories for a match 
+		as they are scanned.</para>
+
+		<para>See also <link linkend="HIDEDOTFILES"><parameter>hide 
+		dot files</parameter></link>, <link linkend="VETOFILES"><parameter>
+		veto files</parameter></link> and <link linkend="CASESENSITIVE">
+		<parameter>case sensitive</parameter></link>.</para>
+
+		<para>Default: <emphasis>no file are hidden</emphasis></para>
+  		<para>Example: <command>hide files =
+		/.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para>
+
+		<para>The above example is based on files that the Macintosh 
+		SMB client (DAVE) available from <ulink url="http://www.thursby.com"> 
+		Thursby</ulink> creates for internal use, and also still hides 
+		all files beginning with a dot.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="HIDELOCALUSERS">hide local users(G)</term>
+		<listitem><para>This parameter toggles the hiding of local UNIX 
+		users (root, wheel, floppy, etc) from remote clients.</para>
+
+		<para>Default: <command>hide local users = no</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="HIDEUNREADABLE">hide unreadable (S)</term>
+		<listitem><para>This parameter prevents clients from seeing the
+		existance of files that cannot be read. Defaults to off.</para>
+
+		<para>Default: <command>hide unreadable = no</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="HOMEDIRMAP">homedir map (G)</term>
+		<listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir
+		</parameter></link> is <constant>yes</constant>, and <ulink 
+		url="smbd.8.html"><command>smbd(8)</command></ulink> is also acting 
+		as a Win95/98 <parameter>logon server</parameter> then this parameter 
+		specifies the NIS (or YP) map from which the server for the user's 
+		home directory should be extracted.  At present, only the Sun 
+		auto.home map format is understood. The form of the map is:</para>
+
+		<para><command>username	server:/some/file/system</command></para>
+
+		<para>and the program will extract the servername from before 
+		the first ':'.  There should probably be a better parsing system 
+		that copes with different map formats and also Amd (another 
+		automounter) maps.</para>
+		
+		<para><emphasis>NOTE :</emphasis>A working NIS client is required on 
+		the system for this option to work.</para>
+
+		<para>See also <link linkend="NISHOMEDIR"><parameter>nis homedir</parameter>
+		</link>, <link linkend="DOMAINLOGONS"><parameter>domain logons</parameter>
+		</link>.</para>
+
+		<para>Default: <command>homedir map = &lt;empty string&gt;</command></para>
+		<para>Example: <command>homedir map = amd.homedir</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+	
+		<varlistentry>
+		<term><anchor id="HOSTMSDFS">host msdfs (G)</term>
+		<listitem><para>This boolean parameter is only available 
+		if Samba has been configured and compiled with the <command>
+		--with-msdfs</command> option. If set to <constant>yes</constant>, 
+		Samba will act as a Dfs server, and  allow Dfs-aware clients 
+		to browse Dfs trees hosted on the server.</para>
+
+		<para>See also the <link linkend="MSDFSROOT"><parameter>
+		msdfs root</parameter></link> share  level  parameter.  For
+		more  information  on  setting  up a Dfs tree on Samba,
+		refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>.
+		</para>
+		
+		<para>Default: <command>host msdfs = no</command></para>
+		</listitem>
+		</varlistentry>
+
+	
+		<varlistentry>
+		<term><anchor id="HOSTSALLOW">hosts allow (S)</term>
+		<listitem><para>A synonym for this parameter is <parameter>allow 
+		hosts</parameter>.</para>
+		
+		<para>This parameter is a comma, space, or tab delimited 
+		set of hosts which are permitted to access a service.</para>
+
+		<para>If specified in the [global] section then it will
+		apply to all services, regardless of whether the individual 
+		service has a different setting.</para>
+
+		<para>You can specify the hosts by name or IP number. For 
+		example, you could restrict access to only the hosts on a 
+		Class C subnet with something like <command>allow hosts = 150.203.5.
+		</command>. The full syntax of the list is described in the man 
+		page <filename>hosts_access(5)</filename>. Note that this man
+		page may not be present on your system, so a brief description will
+		be given here also.</para>
+
+		<para>Note that the localhost address 127.0.0.1 will always 
+		be allowed access unless specifically denied by a <link 
+		linkend="HOSTSDENY"><parameter>hosts deny</parameter></link> option.</para>
+
+		<para>You can also specify hosts by network/netmask pairs and 
+		by netgroup names if your system supports netgroups. The 
+		<emphasis>EXCEPT</emphasis> keyword can also be used to limit a 
+		wildcard list. The following examples may provide some help:</para>
+
+		<para>Example 1: allow all IPs in 150.203.*.*; except one</para>
+
+		<para><command>hosts allow = 150.203. EXCEPT 150.203.6.66</command></para>
+
+		<para>Example 2: allow hosts that match the given network/netmask</para>
+
+		<para><command>hosts allow = 150.203.15.0/255.255.255.0</command></para>
+
+		<para>Example 3: allow a couple of hosts</para>
+
+		<para><command>hosts allow = lapland, arvidsjaur</command></para>
+
+		<para>Example 4: allow only hosts in NIS netgroup "foonet", but 
+		deny access from one particular host</para>
+
+		<para><command>hosts allow = @foonet</command></para>
+
+		<para><command>hosts deny = pirate</command></para>
+
+		<para>Note that access still requires suitable user-level passwords.</para>
+
+		<para>See <ulink url="testparm.1.html"><command>testparm(1)</command>
+		</ulink> for a way of testing your host access to see if it does 
+		what you expect.</para>
+
+		<para>Default: <emphasis>none (i.e., all hosts permitted access)
+		</emphasis></para>
+		
+		<para>Example: <command>allow hosts = 150.203.5. myhost.mynet.edu.au
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="HOSTSDENY">hosts deny (S)</term>
+		<listitem><para>The opposite of <parameter>hosts allow</parameter> 
+		- hosts listed here are <emphasis>NOT</emphasis> permitted access to 
+		services unless the specific services have their own lists to override 
+		this one. Where the lists conflict, the <parameter>allow</parameter> 
+		list takes precedence.</para>
+		
+		<para>Default: <emphasis>none (i.e., no hosts specifically excluded)
+		</emphasis></para>
+
+		<para>Example: <command>hosts deny = 150.203.4. badhost.mynet.edu.au
+		</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="HOSTSEQUIV">hosts equiv (G)</term>
+		<listitem><para>If this global parameter is a non-null string, 
+		it specifies the name of a file to read for the names of hosts 
+		and users who will be allowed access without specifying a password.
+		</para>
+		
+		<para>This is not be confused with <link linkend="HOSTSALLOW">
+		<parameter>hosts allow</parameter></link> which is about hosts 
+		access to services and is more useful for guest services. <parameter>
+		hosts equiv</parameter> may be useful for NT clients which will 
+		not supply passwords to Samba.</para>
+
+		<para><emphasis>NOTE :</emphasis> The use of <parameter>hosts equiv
+		</parameter> can be a major security hole. This is because you are 
+		trusting the PC to supply the correct username. It is very easy to 
+		get a PC to supply a false username. I recommend that the 
+		<parameter>hosts equiv</parameter> option be only used if you really 
+		know what you are doing, or perhaps on a home network where you trust 
+		your spouse and kids. And only if you <emphasis>really</emphasis> trust 
+		them :-).</para>
+		
+		<para>Default: <emphasis>no host equivalences</emphasis></para>
+		<para>Example: <command>hosts equiv = /etc/hosts.equiv</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="INCLUDE">include (G)</term>
+		<listitem><para>This allows you to include one config file 
+		inside another.  The file is included literally, as though typed 
+		in place.</para>
+
+		<para>It takes the standard substitutions, except <parameter>%u
+		</parameter>, <parameter>%P</parameter> and <parameter>%S</parameter>.
+		</para>
+		
+		<para>Default: <emphasis>no file included</emphasis></para>
+		<para>Example: <command>include = /usr/local/samba/lib/admin_smb.conf
+		</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="INHERITACLS">inherit acls (S)</term>
+		<listitem><para>This parameter can be used to ensure
+		that if default acls exist on parent directories,
+		they are always honored when creating a subdirectory.
+		The default behavior is to use the mode specified
+		when creating the directory.  Enabling this option
+		sets the mode to 0777, thus guaranteeing that 
+		default directory acls are propagated.
+		</para>
+
+		<para>Default: <command>inherit acls = no</command>
+		</para></listitem>
+		</varlistentry>
+		
+
+
+
+		<varlistentry>
+		<term><anchor id="INHERITPERMISSIONS">inherit permissions (S)</term>
+		<listitem><para>The permissions on new files and directories 
+		are normally governed by <link linkend="CREATEMASK"><parameter>
+		create mask</parameter></link>, <link linkend="DIRECTORYMASK">
+		<parameter>directory mask</parameter></link>, <link 
+		linkend="FORCECREATEMODE"><parameter>force create mode</parameter>
+		</link> and <link linkend="FORCEDIRECTORYMODE"><parameter>force 
+		directory mode</parameter></link> but the boolean inherit 
+		permissions parameter overrides this.</para>
+		
+		<para>New directories inherit the mode of the parent directory,
+		including bits such as setgid.</para>
+
+		<para>New files inherit their read/write bits from the parent 
+		directory.  Their execute bits continue to be determined by
+		<link linkend="MAPARCHIVE"><parameter>map archive</parameter>
+		</link>, <link linkend="MAPHIDDEN"><parameter>map hidden</parameter>
+		</link> and <link linkend="MAPSYSTEM"><parameter>map system</parameter>
+		</link> as usual.</para>
+
+		<para>Note that the setuid bit is <emphasis>never</emphasis> set via 
+		inheritance (the code explicitly prohibits this).</para>
+
+		<para>This can be particularly useful on large systems with 
+		many users, perhaps several thousand, to allow a single [homes] 
+		share to be used flexibly by each user.</para>
+		
+		<para>See also <link linkend="CREATEMASK"><parameter>create mask
+		</parameter></link>, <link linkend="DIRECTORYMASK"><parameter>
+		directory mask</parameter></link>, <link linkend="FORCECREATEMODE">
+		<parameter>force create mode</parameter></link> and <link
+		linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter>
+		</link>.</para>
+
+		<para>Default: <command>inherit permissions = no</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="INTERFACES">interfaces (G)</term>
+		<listitem><para>This option allows you to override the default 
+		network interfaces list that Samba will use for browsing, name 
+		registration and other NBT traffic. By default Samba will query 
+		the kernel for the list of all active interfaces and use any 
+		interfaces except 127.0.0.1 that are broadcast capable.</para>
+
+		<para>The option takes a list of interface strings. Each string 
+		can be in any of the following forms:</para>
+
+		<itemizedlist>
+			<listitem><para>a network interface name (such as eth0). 
+			This may include shell-like wildcards so eth* will match 
+			any interface starting with the substring "eth"</para></listitem>
+			
+			<listitem><para>an IP address. In this case the netmask is 
+			determined from the list of interfaces obtained from the 
+			kernel</para></listitem>
+			
+			<listitem><para>an IP/mask pair. </para></listitem>
+			
+			<listitem><para>a broadcast/mask pair.</para></listitem>
+		</itemizedlist>
+
+		<para>The "mask" parameters can either be a bit length (such 
+		as 24 for a C class network) or a full netmask in dotted 
+		decimal form.</para>
+
+		<para>The "IP" parameters above can either be a full dotted 
+		decimal IP address or a hostname which will be looked up via 
+		the OS's normal hostname resolution mechanisms.</para>
+
+		<para>For example, the following line:</para>
+		
+		<para><command>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
+		</command></para>
+
+		<para>would configure three network interfaces corresponding 
+		to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. 
+		The netmasks of the latter two interfaces would be set to 255.255.255.0.</para>
+
+		<para>See also <link linkend="BINDINTERFACESONLY"><parameter>bind 
+		interfaces only</parameter></link>.</para>
+		
+		<para>Default: <emphasis>all active interfaces except 127.0.0.1 
+		that are broadcast capable</emphasis></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="INVALIDUSERS">invalid users (S)</term>
+		<listitem><para>This is a list of users that should not be allowed 
+		to login to this service. This is really a <emphasis>paranoid</emphasis> 
+		check to absolutely ensure an improper setting does not breach 
+		your security.</para>
+		
+		<para>A name starting with a '@' is interpreted as an NIS 
+ 		netgroup first (if your system supports NIS), and then as a UNIX 
+		group if the name was not found in the NIS netgroup database.</para>
+
+		<para>A name starting with '+' is interpreted only 
+		by looking in the UNIX group database. A name starting with 
+		'&' is interpreted only by looking in the NIS netgroup database 
+		(this requires NIS to be working on your system). The characters 
+		'+' and '&' may be used at the start of the name in either order 
+		so the value <parameter>+&amp;group</parameter> means check the 
+		UNIX group database, followed by the NIS netgroup database, and 
+		the value <parameter>&+group</parameter> means check the NIS
+		netgroup database, followed by the UNIX group database (the 
+		same as the '@' prefix).</para>
+
+		<para>The current servicename is substituted for <parameter>%S</parameter>. 
+		This is useful in the [homes] section.</para>
+
+		<para>See also <link linkend="VALIDUSERS"><parameter>valid users
+		</parameter></link>.</para>
+
+		<para>Default: <emphasis>no invalid users</emphasis></para>
+		<para>Example: <command>invalid users = root fred admin @wheel
+		</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="KEEPALIVE">keepalive (G)</term>
+		<listitem><para>The value of the parameter (an integer) represents 
+		the number of seconds between <parameter>keepalive</parameter> 
+		packets. If this parameter is zero, no keepalive packets will be 
+		sent. Keepalive packets, if sent, allow the server to tell whether 
+		a client is still present and responding.</para>
+
+		<para>Keepalives should, in general, not be needed if the socket 
+		being used has the SO_KEEPALIVE attribute set on it (see <link 
+		linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link>). 
+		Basically you should only use this option if you strike difficulties.</para>
+
+  		<para>Default: <command>keepalive = 300</command></para>
+  		<para>Example: <command>keepalive = 600</command></para>
+		</listitem>
+		</varlistentry>
+
+	
+	
+		<varlistentry>
+		<term><anchor id="KERNELOPLOCKS">kernel oplocks (G)</term>
+		<listitem><para>For UNIXes that support kernel based <link
+		linkend="OPLOCKS"><parameter>oplocks</parameter></link>
+		(currently only IRIX and the Linux 2.4 kernel), this parameter 
+		allows the use of them to be turned on or off.</para>
+
+		<para>Kernel oplocks support allows Samba <parameter>oplocks
+		</parameter> to be broken whenever a local UNIX process or NFS operation 
+		accesses a file that <ulink url="smbd.8.html"><command>smbd(8)</command>
+		</ulink> has oplocked. This allows complete data consistency between 
+		SMB/CIFS, NFS and local file access (and is a <emphasis>very</emphasis> 
+		cool feature :-).</para>
+
+		<para>This parameter defaults to <constant>on</constant>, but is translated
+		to a no-op on systems that no not have the necessary kernel support.
+		You should never need to touch this parameter.</para>
+
+		<para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
+		</link> and <link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks
+		</parameter></link> parameters.</para>
+		
+		<para>Default: <command>kernel oplocks = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LANMANAUTH">lanman auth (G)</term>
+		<listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will
+		attempt to authenticate users using the LANMAN password hash.
+		If disabled, only clients which support NT password hashes (e.g. Windows 
+		NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
+		network client) will be able to connect to the Samba host.</para>
+		
+		<para>Default : <command>lanman auth = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LARGEREADWRITE">large readwrite (G)</term>
+		<listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink>
+		supports the new 64k streaming read and write varient SMB requests introduced
+		with Windows 2000. Note that due to Windows 2000 client redirector bugs
+		this requires Samba to be running on a 64-bit capable operating system such
+		as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
+		Windows 2000 clients. Defaults to on. Windows NT 4.0 only supports
+		read version of this call, and ignores the write version.
+		</para>
+		
+		<para>Default : <command>large readwrite = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LDAPADMINDN">ldap admin dn (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+
+		<para>
+		The <parameter>ldap admin dn</parameter> defines the Distinguished 
+		Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap
+		server</link> when retreiving user account information. The <parameter>ldap
+		admin dn</parameter> is used in conjunction with the admin dn password
+		stored in the <filename>private/secrets.tdb</filename> file.  See the
+		<ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man
+		page for more information on how to accmplish this.
+		</para>
+	
+		
+		<para>Default : <emphasis>none</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LDAPFILTER">ldap filter (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+
+		<para>
+		This parameter specifies the RFC 2254 compliant LDAP search filter.
+		The default is to match the login name with the <constant>uid</constant> 
+		attribute for all entries matching the <constant>sambaAccount</constant>		
+		objectclass.  Note that this filter should only return one entry.
+		</para>
+	
+		
+		<para>Default : <command>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LDAPPORT">ldap port (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+		
+		<para>
+		This option is used to control the tcp port number used to contact
+		the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>.
+		The default is to use the stand LDAPS port 636.
+		</para>
+
+		<para>See Also: <link linkend="LDAPSSL">ldap ssl</link>
+		</para>
+		
+		<para>Default : <command>ldap port = 636 ; if ldap ssl = on</command></para>
+		<para>Default : <command>ldap port = 389 ; if ldap ssl = off</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LDAPSERVER">ldap server (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+		
+		<para>
+		This parameter should contains the FQDN of the ldap directory 
+		server which should be queried to locate user account information.
+		</para>
+		
+	
+		
+		<para>Default : <command>ldap server = localhost</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LDAPSSL">ldap ssl (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+		
+		<para>
+		This option is used to define whether or not Samba should
+		use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap
+		server</parameter></link>.  This is <emphasis>NOT</emphasis> related to
+		Samba SSL support which is enabled by specifying the 
+		<command>--with-ssl</command> option to the <filename>configure</filename> 
+		script (see <link linkend="SSL"><parameter>ssl</parameter></link>).
+		</para>
+		
+		<para>
+		The <parameter>ldap ssl</parameter> can be set to one of three values:
+		(a) <constant>on</constant> - Always use SSL when contacting the 
+		<parameter>ldap	server</parameter>, (b) <constant>off</constant> -
+		Never use SSL when querying the directory, or (c) <constant>start_tls</constant> 
+		- Use the LDAPv3 StartTLS extended operation 
+		(RFC2830) for communicating with the directory server.
+		</para>
+		
+		
+		<para>Default : <command>ldap ssl = on</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LDAPSUFFIX">ldap suffix (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+		
+	
+		
+		<para>Default : <emphasis>none</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LEVEL2OPLOCKS">level2 oplocks (S)</term>
+		<listitem><para>This parameter controls whether Samba supports
+		level2 (read-only) oplocks on a share.</para>
+		
+		<para>Level2, or read-only oplocks allow Windows NT clients 
+		that have an oplock on a file to downgrade from a read-write oplock 
+		to a read-only oplock once a second client opens the file (instead 
+		of releasing all oplocks on a second open, as in traditional, 
+		exclusive oplocks). This allows all openers of the file that 
+		support level2 oplocks to cache the file for read-ahead only (ie. 
+		they may not cache writes or lock requests) and increases performance 
+		for many accesses of files that are not commonly written (such as 
+		application .EXE files).</para>
+
+		<para>Once one of the clients which have a read-only oplock 
+		writes to the file all clients are notified (no reply is needed 
+		or waited for) and told to break their oplocks to "none" and 
+		delete any read-ahead caches.</para>
+
+		<para>It is recommended that this parameter be turned on 
+		to speed access to shared executables.</para>
+
+		<para>For more discussions on level2 oplocks see the CIFS spec.</para>
+
+		<para>Currently, if <link linkend="KERNELOPLOCKS"><parameter>kernel 
+		oplocks</parameter></link> are supported then level2 oplocks are 
+		not granted (even if this parameter is set to <constant>yes</constant>). 
+		Note also, the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
+		</link> parameter must be set to <constant>yes</constant> on this share in order for 
+		this parameter to have any effect.</para>
+
+		<para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
+		</link> and <link linkend="OPLOCKS"><parameter>kernel oplocks</parameter>
+		</link> parameters.</para>
+		
+		<para>Default: <command>level2 oplocks = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LMANNOUNCE">lm announce (G)</term>
+		<listitem><para>This parameter determines if <ulink url="nmbd.8.html">
+		<command>nmbd(8)</command></ulink> will produce Lanman announce 
+		broadcasts that are needed by OS/2 clients in order for them to see 
+		the Samba server in their browse list. This parameter can have three 
+		values, <constant>yes</constant>, <constant>no</constant>, or
+		<constant>auto</constant>. The default is <constant>auto</constant>.  
+		If set to <constant>no</constant> Samba will never produce these 
+		broadcasts. If set to <constant>yes</constant> Samba will produce 
+		Lanman announce broadcasts at a frequency set by the parameter 
+		<parameter>lm interval</parameter>. If set to <constant>auto</constant> 
+		Samba will not send Lanman announce broadcasts by default but will 
+		listen for them. If it hears such a broadcast on the wire it will 
+		then start sending them at a frequency set by the parameter 
+		<parameter>lm interval</parameter>.</para>
+
+		<para>See also <link linkend="LMINTERVAL"><parameter>lm interval
+		</parameter></link>.</para>
+
+		<para>Default: <command>lm announce = auto</command></para>
+		<para>Example: <command>lm announce = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LMINTERVAL">lm interval (G)</term>
+		<listitem><para>If Samba is set to produce Lanman announce 
+		broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE">
+		<parameter>lm announce</parameter></link> parameter) then this 
+		parameter defines the frequency in seconds with which they will be 
+		made.  If this is set to zero then no Lanman announcements will be 
+		made despite the setting of the <parameter>lm announce</parameter> 
+		parameter.</para>
+
+		<para>See also <link linkend="LMANNOUNCE"><parameter>lm 
+		announce</parameter></link>.</para>
+
+		<para>Default: <command>lm interval = 60</command></para>
+		<para>Example: <command>lm interval = 120</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOADPRINTERS">load printers (G)</term>
+		<listitem><para>A boolean variable that controls whether all 
+		printers in the printcap will be loaded for browsing by default. 
+		See the <link linkend="PRINTERSSECT">printers</link> section for 
+		more details.</para>
+
+		<para>Default: <command>load printers = yes</command></para></listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LOCALMASTER">local master (G)</term>
+		<listitem><para>This option allows <ulink url="nmbd.8.html"><command>
+		nmbd(8)</command></ulink> to try and become a local master browser 
+		on a subnet. If set to <constant>no</constant> then <command>
+		nmbd</command> will not attempt to become a local master browser 
+		on a subnet and will also lose in all browsing elections. By
+		default this value is set to <constant>yes</constant>. Setting this value to <constant>yes</constant> doesn't
+		mean that Samba will <emphasis>become</emphasis> the local master 
+		browser on a subnet, just that <command>nmbd</command> will <emphasis>
+		participate</emphasis> in elections for local master browser.</para>
+
+		<para>Setting this value to <constant>no</constant> will cause <command>nmbd</command>
+		<emphasis>never</emphasis> to become a local master browser.</para>
+
+  		<para>Default: <command>local master = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOCKDIR">lock dir (G)</term>
+		<listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter>
+		lock directory</parameter></link>.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="LOCKDIRECTORY">lock directory (G)</term>
+		<listitem><para>This option specifies the directory where lock 
+		files will be placed.  The lock files are used to implement the 
+		<link linkend="MAXCONNECTIONS"><parameter>max connections</parameter>
+		</link> option.</para>
+
+		<para>Default: <command>lock directory = ${prefix}/var/locks</command></para>
+		<para>Example: <command>lock directory = /var/run/samba/locks</command>
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOCKSPINCOUNT">lock spin count (G)</term>
+		<listitem><para>This parameter controls the number of times
+		that smbd should attempt to gain a byte range lock on the 
+		behalf of a client request.  Experiments have shown that
+		Windows 2k servers do not reply with a failure if the lock
+		could not be immediately granted, but try a few more times
+		in case the lock could later be aquired.  This behavior
+		is used to support PC database formats such as MS Access
+		and FoxPro.
+		</para>
+
+		<para>Default: <command>lock spin count = 2</command>
+		</para></listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="LOCKSPINTIME">lock spin time (G)</term>
+		<listitem><para>The time in microseconds that smbd should 
+		pause before attempting to gain a failed lock.  See
+		<link linkend="LOCKSPINCOUNT"><parameter>lock spin 
+		count</parameter></link> for more details.
+		</para>
+
+		<para>Default: <command>lock spin time = 10</command>
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOCKING">locking (S)</term>
+		<listitem><para>This controls whether or not locking will be 
+		performed by the server in response to lock requests from the 
+		client.</para>
+
+		<para>If <command>locking = no</command>, all lock and unlock 
+		requests will appear to succeed and all lock queries will report 
+		that the file in question is available for locking.</para>
+
+		<para>If <command>locking = yes</command>, real locking will be performed 
+		by the server.</para>
+
+		<para>This option <emphasis>may</emphasis> be useful for read-only 
+		filesystems which <emphasis>may</emphasis> not need locking (such as 
+		CDROM drives), although setting this parameter of <constant>no</constant> 
+		is not really recommended even in this case.</para>
+
+		<para>Be careful about disabling locking either globally or in a 
+		specific service, as lack of locking may result in data corruption. 
+		You should never need to set this parameter.</para>
+
+		<para>Default: <command>locking = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOGFILE">log file (G)</term>
+		<listitem><para>This option allows you to override the name 
+		of the Samba log file (also known as the debug file).</para>
+
+		<para>This option takes the standard substitutions, allowing 
+		you to have separate log files for each user or machine.</para>
+
+		<para>Example: <command>log file = /usr/local/samba/var/log.%m
+		</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOGLEVEL">log level (G)</term>
+		<listitem><para>The value of the parameter (an integer) allows 
+		the debug level (logging level) to be specified in the 
+		<filename>smb.conf</filename> file. This is to give greater 
+		flexibility in the configuration of the system.</para>
+
+		<para>The default will be the log level specified on 
+		the command line or level zero if none was specified.</para>
+
+		<para>Example: <command>log level = 3</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LOGONDRIVE">logon drive (G)</term>
+		<listitem><para>This parameter specifies the local path to 
+		which the home directory will be connected (see <link 
+		linkend="LOGONHOME"><parameter>logon home</parameter></link>) 
+		and is only used by NT Workstations. </para>
+
+		<para>Note that this option is only useful if Samba is set up as a
+		logon server.</para>
+
+		<para>Default: <command>logon drive = z:</command></para>
+  		<para>Example: <command>logon drive = h:</command></para>
+		</listitem>
+		</varlistentry>
+
+	
+	
+		<varlistentry>
+		<term><anchor id="LOGONHOME">logon home (G)</term>
+		<listitem><para>This parameter specifies the home directory 
+		location when a Win95/98 or NT Workstation logs into a Samba PDC.  
+		It allows you to do </para>
+		
+		<para><prompt>C:\> </prompt><userinput>NET USE H: /HOME</userinput>
+		</para>
+
+		<para>from a command prompt, for example.</para>
+
+		<para>This option takes the standard substitutions, allowing 
+		you to have separate logon scripts for each user or machine.</para>
+
+		<para>This parameter can be used with Win9X workstations to ensure 
+		that roaming profiles are stored in a subdirectory of the user's 
+		home directory.  This is done in the following way:</para>
+
+		<para><command>logon home = \\%N\%U\profile</command></para>
+
+		<para>This tells Samba to return the above string, with 
+		substitutions made when a client requests the info, generally 
+		in a NetUserGetInfo request.  Win9X clients truncate the info to
+		\\server\share when a user does <command>net use /home</command>
+		but use the whole string when dealing with profiles.</para>
+
+		<para>Note that in prior versions of Samba, the <link linkend="LOGONPATH">
+		<parameter>logon path</parameter></link> was returned rather than 
+		<parameter>logon home</parameter>.  This broke <command>net use 
+		/home</command> but allowed profiles outside the home directory.  
+		The current implementation is correct, and can be used for 
+		profiles if you use the above trick.</para>
+		
+		<para>This option is only useful if Samba is set up as a logon 
+		server.</para>
+
+		<para>Default: <command>logon home = "\\%N\%U"</command></para>
+		<para>Example: <command>logon home = "\\remote_smb_server\%U"</command>
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="LOGONPATH">logon path (G)</term>
+		<listitem><para>This parameter specifies the home directory 
+		where roaming profiles (NTuser.dat etc files for Windows NT) are 
+		stored.  Contrary to previous versions of these manual pages, it has 
+		nothing to do with Win 9X roaming profiles.  To find out how to 
+		handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME">
+		<parameter>logon home</parameter></link> parameter.</para>
+
+		<para>This option takes the standard substitutions, allowing you 
+		to have separate logon scripts for each user or machine.  It also 
+		specifies the directory from which the "Application Data", 
+		(<filename>desktop</filename>, <filename>start menu</filename>,
+		<filename>network neighborhood</filename>, <filename>programs</filename> 
+		and other folders, and their contents, are loaded and displayed on 
+		your Windows NT client.</para>
+		
+		<para>The share and the path must be readable by the user for 
+		the preferences and directories to be loaded onto the Windows NT
+		client.  The share must be writeable when the user logs in for the first
+		time, in order that the Windows NT client can create the NTuser.dat
+		and other directories.</para>
+
+		<para>Thereafter, the directories and any of the contents can, 
+		if required, be made read-only.  It is not advisable that the 
+		NTuser.dat file be made read-only - rename it to NTuser.man to 
+		achieve the desired effect (a <emphasis>MAN</emphasis>datory 
+		profile). </para>
+
+		<para>Windows clients can sometimes maintain a connection to 
+		the [homes] share, even though there is no user logged in.  
+		Therefore, it is vital that the logon path does not include a 
+		reference to the homes share (i.e. setting this parameter to
+		\%N\%U\profile_path will cause problems).</para>
+
+		<para>This option takes the standard substitutions, allowing 
+		you to have separate logon scripts for each user or machine.</para>
+
+		<para>Note that this option is only useful if Samba is set up 
+		as a logon server.</para>
+
+		<para>Default: <command>logon path = \\%N\%U\profile</command></para>
+		<para>Example: <command>logon path = \\PROFILESERVER\PROFILE\%U</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="LOGONSCRIPT">logon script (G)</term>
+		<listitem><para>This parameter specifies the batch file (.bat) or 
+		NT command file (.cmd) to be downloaded and run on a machine when 
+		a user successfully logs in.  The file must contain the DOS 
+		style CR/LF line endings. Using a DOS-style editor to create the 
+		file is recommended.</para>
+		
+		<para>The script must be a relative path to the [netlogon] 
+		service.  If the [netlogon] service specifies a <link linkend="PATH">
+		<parameter>path</parameter></link> of <filename>/usr/local/samba/netlogon
+		</filename>, and <command>logon script = STARTUP.BAT</command>, then 
+		the file that will be downloaded is:</para>
+
+		<para><filename>/usr/local/samba/netlogon/STARTUP.BAT</filename></para>
+
+		<para>The contents of the batch file are entirely your choice.  A 
+		suggested command would be to add <command>NET TIME \\SERVER /SET 
+		/YES</command>, to force every machine to synchronize clocks with 
+		the same time server.  Another use would be to add <command>NET USE 
+		U: \\SERVER\UTILS</command> for commonly used utilities, or <command>
+		NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para>
+
+		<para>Note that it is particularly important not to allow write 
+		access to the [netlogon] share, or to grant users write permission 
+		on the batch files in a secure environment, as this would allow 
+		the batch files to be arbitrarily modified and security to be 
+		breached.</para>
+
+		<para>This option takes the standard substitutions, allowing you 
+		to have separate logon scripts for each user or machine.</para>
+
+		<para>This option is only useful if Samba is set up as a logon 
+		server.</para>
+
+		<para>Default: <emphasis>no logon script defined</emphasis></para>
+		<para>Example: <command>logon script = scripts\%U.bat</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LPPAUSECOMMAND">lppause command (S)</term>
+		<listitem><para>This parameter specifies the command to be 
+		executed on the server host in order to stop printing or spooling 
+		a specific print job.</para>
+
+		<para>This command should be a program or script which takes 
+		a printer name and job number to pause the print job. One way 
+		of implementing this is by using job priorities, where jobs 
+		having a too low priority won't be sent to the printer.</para>
+
+		<para>If a <parameter>%p</parameter> is given then the printer name 
+		is put in its place. A <parameter>%j</parameter> is replaced with 
+		the job number (an integer).  On HPUX (see <parameter>printing=hpux
+		</parameter>), if the <parameter>-p%p</parameter> option is added 
+		to the lpq command, the job will show up with the correct status, i.e. 
+		if the job priority is lower than the set fence priority it will 
+		have the PAUSED status, whereas if  the priority is equal or higher it 
+		will have the SPOOLED or PRINTING status.</para>
+
+		<para>Note that it is good practice to include the absolute path 
+		in the lppause command as the PATH may not be available to the server.</para>
+
+		<para>See also the <link linkend="PRINTING"><parameter>printing
+		</parameter></link> parameter.</para>
+
+		<para>Default: Currently no default value is given to 
+		this string, unless the value of the <parameter>printing</parameter> 
+		parameter is <constant>SYSV</constant>, in which case the default is :</para>
+
+		<para><command>lp -i %p-%j -H hold</command></para>
+
+		<para>or if the value of the <parameter>printing</parameter> parameter 
+		is <constant>SOFTQ</constant>, then the default is:</para>
+
+		<para><command>qstat -s -j%j -h</command></para>
+ 
+		<para>Example for HPUX: <command>lppause command = /usr/bin/lpalt 	
+		%p-%j -p0</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LPQCACHETIME">lpq cache time (G)</term>
+		<listitem><para>This controls how long lpq info will be cached 
+		for to prevent the <command>lpq</command> command being called too 
+		often. A separate cache is kept for each variation of the <command>
+		lpq</command> command used by the system, so if you use different 
+		<command>lpq</command> commands for different users then they won't
+		share cache information.</para>
+
+		<para>The cache files are stored in <filename>/tmp/lpq.xxxx</filename> 
+		where xxxx is a hash of the <command>lpq</command> command in use.</para>
+
+		<para>The default is 10 seconds, meaning that the cached results 
+		of a previous identical <command>lpq</command> command will be used 
+		if the cached data is less than 10 seconds old. A large value may 
+		be advisable if your <command>lpq</command> command is very slow.</para>
+
+		<para>A value of 0 will disable caching completely.</para>
+
+		<para>See also the <link linkend="PRINTING"><parameter>printing
+		</parameter></link> parameter.</para>
+
+		<para>Default: <command>lpq cache time = 10</command></para>
+		<para>Example: <command>lpq cache time = 30</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="LPQCOMMAND">lpq command (S)</term>
+		<listitem><para>This parameter specifies the command to be 
+		executed on the server host in order to obtain <command>lpq
+		</command>-style printer status information.</para>
+
+		<para>This command should be a program or script which 
+		takes a printer name as its only parameter and outputs printer 
+		status information.</para>
+
+		<para>Currently nine styles of printer status information 
+		are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. 
+		This covers most UNIX systems. You control which type is expected 
+		using the <parameter>printing =</parameter> option.</para>
+
+		<para>Some clients (notably Windows for Workgroups) may not 
+		correctly send the connection number for the printer they are 
+		requesting status information about. To get around this, the 
+		server reports on the first printer service connected to by the 
+		client. This only happens if the connection number sent is invalid.</para>
+
+		<para>If a <parameter>%p</parameter> is given then the printer name 
+		is put in its place. Otherwise it is placed at the end of the 
+		command.</para>
+
+		<para>Note that it is good practice to include the absolute path 
+		in the <parameter>lpq command</parameter> as the <envar>$PATH
+		</envar> may not be available to the server.  When compiled with
+		the CUPS libraries, no <parameter>lpq command</parameter> is
+		needed because smbd will make a library call to obtain the 
+		print queue listing.</para>
+
+		<para>See also the <link linkend="PRINTING"><parameter>printing
+		</parameter></link> parameter.</para>
+
+		<para>Default: <emphasis>depends on the setting of <parameter>
+		printing</parameter></emphasis></para>
+
+		<para>Example: <command>lpq command = /usr/bin/lpq -P%p</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="LPRESUMECOMMAND">lpresume command (S)</term>
+		<listitem><para>This parameter specifies the command to be 
+		executed on the server host in order to restart or continue 
+		printing or spooling a specific print job.</para>
+
+		<para>This command should be a program or script which takes 
+		a printer name and job number to resume the print job. See 
+		also the <link linkend="LPPAUSECOMMAND"><parameter>lppause command
+		</parameter></link> parameter.</para>
+
+		<para>If a <parameter>%p</parameter> is given then the printer name 
+		is put in its place. A <parameter>%j</parameter> is replaced with 
+		the job number (an integer).</para>
+		
+		<para>Note that it is good practice to include the absolute path 
+		in the <parameter>lpresume command</parameter> as the PATH may not 
+		be available to the server.</para>
+		
+		<para>See also the <link linkend="PRINTING"><parameter>printing
+		</parameter></link> parameter.</para>
+
+		<para>Default: Currently no default value is given 
+		to this string, unless the value of the <parameter>printing</parameter> 
+		parameter is <constant>SYSV</constant>, in which case the default is :</para>
+
+		<para><command>lp -i %p-%j -H resume</command></para>
+
+		<para>or if the value of the <parameter>printing</parameter> parameter 
+		is <constant>SOFTQ</constant>, then the default is:</para>
+
+		<para><command>qstat -s -j%j -r</command></para>
+ 
+		<para>Example for HPUX: <command>lpresume command = /usr/bin/lpalt 
+		%p-%j -p2</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+
+		<varlistentry>
+		<term><anchor id="LPRMCOMMAND">lprm command (S)</term>
+		<listitem><para>This parameter specifies the command to be 
+		executed on the server host in order to delete a print job.</para>
+
+		<para>This command should be a program or script which takes 
+		a printer name and job number, and deletes the print job.</para>
+
+		<para>If a <parameter>%p</parameter> is given then the printer name 
+		is put in its place. A <parameter>%j</parameter> is replaced with 
+		the job number (an integer).</para>
+
+		<para>Note that it is good practice to include the absolute 
+		path in the <parameter>lprm command</parameter> as the PATH may not be 
+		available to the server.</para>
+
+		<para>See also the <link linkend="PRINTING"><parameter>printing
+		</parameter></link> parameter.</para>
+
+		<para>Default: <emphasis>depends on the setting of <parameter>printing
+		</parameter></emphasis></para>
+
+		<para>Example 1: <command>lprm command = /usr/bin/lprm -P%p %j
+		</command></para>
+		<para>Example 2: <command>lprm command = /usr/bin/cancel %p-%j
+		</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MACHINEPASSWORDTIMEOUT">machine password timeout (G)</term>
+		<listitem><para>If a Samba server is a member of a Windows 
+		NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) 
+		parameter) then periodically a running <ulink url="smbd.8.html">
+		smbd(8)</ulink> process will try and change the MACHINE ACCOUNT 
+		PASSWORD stored in the TDB called <filename>private/secrets.tdb
+		</filename>.  This parameter specifies how often this password 
+		will be changed, in seconds. The default is one week (expressed in 
+		seconds), the same as a Windows NT Domain member server.</para>
+
+		<para>See also <ulink url="smbpasswd.8.html"><command>smbpasswd(8)
+		</command></ulink>, and the <link linkend="SECURITYEQUALSDOMAIN">
+		security = domain</link>) parameter.</para>
+
+		<para>Default: <command>machine password timeout = 604800</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="MAGICOUTPUT">magic output (S)</term>
+		<listitem><para>This parameter specifies the name of a file 
+		which will contain output created by a magic script (see the 
+		<link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link>
+		parameter below).</para>
+
+		<para>Warning: If two clients use the same <parameter>magic script
+		</parameter> in the same directory the output file content
+		is undefined.</para>
+
+		<para>Default: <command>magic output = &lt;magic script name&gt;.out
+		</command></para>
+
+		<para>Example: <command>magic output = myfile.txt</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAGICSCRIPT">magic script (S)</term>
+		<listitem><para>This parameter specifies the name of a file which, 
+		if opened, will be executed by the server when the file is closed. 
+		This allows a UNIX script to be sent to the Samba host and 
+		executed on behalf of the connected user.</para>
+
+		<para>Scripts executed in this way will be deleted upon 
+		completion assuming that the user has the appropriate level 
+		of privilege and the file permissions allow the deletion.</para>
+
+		<para>If the script generates output, output will be sent to 
+		the file specified by the <link linkend="MAGICOUTPUT"><parameter>
+		magic output</parameter></link> parameter (see above).</para>
+
+		<para>Note that some shells are unable to interpret scripts 
+		containing CR/LF instead of CR as 
+		the end-of-line marker. Magic scripts must be executable 
+		<emphasis>as is</emphasis> on the host, which for some hosts and 
+		some shells will require filtering at the DOS end.</para>
+
+		<para>Magic scripts are <emphasis>EXPERIMENTAL</emphasis> and 
+		should <emphasis>NOT</emphasis> be relied upon.</para>
+
+		<para>Default: <emphasis>None. Magic scripts disabled.</emphasis></para>
+		<para>Example: <command>magic script = user.csh</command></para>
+		</listitem>
+		</varlistentry>
+
+		
+
+		<varlistentry>
+		<term><anchor id="MANGLECASE">mangle case (S)</term>
+		<listitem><para>See the section on <link linkend="NAMEMANGLINGSECT">
+		NAME MANGLING</link></para>
+		
+		<para>Default: <command>mangle case = no</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+		<varlistentry>
+		<term><anchor id="MANGLEDMAP">mangled map (S)</term>
+		<listitem><para>This is for those who want to directly map UNIX 
+		file names which cannot be represented on Windows/DOS.  The mangling 
+		of names is not always what is needed.  In particular you may have 
+		documents with file extensions that differ between DOS and UNIX. 
+		For example, under UNIX it is common to use <filename>.html</filename> 
+		for HTML files, whereas under Windows/DOS <filename>.htm</filename> 
+		is more commonly used.</para>
+
+		<para>So to map <filename>html</filename> to <filename>htm</filename> 
+		you would use:</para>
+		
+		<para><command>mangled map = (*.html *.htm)</command></para>
+
+		<para>One very useful case is to remove the annoying <filename>;1
+		</filename> off the ends of filenames on some CDROMs (only visible 
+		under some UNIXes). To do this use a map of (*;1 *;).</para>
+
+		<para>Default: <emphasis>no mangled map</emphasis></para>
+		<para>Example: <command>mangled map = (*;1 *;)</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="MANGLEDNAMES">mangled names (S)</term>
+		<listitem><para>This controls whether non-DOS names under UNIX 
+		should be mapped to DOS-compatible names ("mangled") and made visible, 
+		or whether non-DOS names should simply be ignored.</para>
+
+		<para>See the section on <link linkend="NAMEMANGLINGSECT">
+		NAME MANGLING</link> for details on how to control the mangling process.</para>
+
+		<para>If mangling algorithm "hash" is used then the mangling algorithm is as follows:</para>
+
+		<itemizedlist>
+			<listitem><para>The first (up to) five alphanumeric characters 
+			before the rightmost dot of the filename are preserved, forced 
+			to upper case, and appear as the first (up to) five characters 
+			of the mangled name.</para></listitem>
+		
+			<listitem><para>A tilde "~" is appended to the first part of the mangled
+			name, followed by a two-character unique sequence, based on the
+			original root name (i.e., the original filename minus its final
+			extension). The final extension is included in the hash calculation
+			only if it contains any upper case characters or is longer than three
+			characters.</para>
+
+			<para>Note that the character to use may be specified using 
+			the <link linkend="MANGLINGCHAR"><parameter>mangling char</parameter>
+			</link> option, if you don't like '~'.</para></listitem>
+
+			<listitem><para>The first three alphanumeric characters of the final 
+			extension are preserved, forced to upper case and appear as the 
+			extension of the mangled name. The final extension is defined as that 
+			part of the original filename after the rightmost dot. If there are no 
+			dots in the filename, the mangled name will have no extension (except 
+			in the case of "hidden files" - see below).</para></listitem>
+
+			<listitem><para>Files whose UNIX name begins with a dot will be 
+			presented as DOS hidden files. The mangled name will be created as 
+			for other filenames, but with the leading dot removed and "___" as 
+			its extension regardless of actual original extension (that's three 
+			underscores).</para></listitem>
+		</itemizedlist>
+
+		<para>The two-digit hash value consists of upper case 
+		alphanumeric characters.</para>
+
+		<para>This algorithm can cause name collisions only if files 
+		in a directory share the same first five alphanumeric characters. 
+		The probability of such a clash is 1/1300.</para>
+
+		<para>If mangling algorithm "hash2" is used then the mangling algorithm is as follows:</para>
+
+		<itemizedlist>
+			<listitem><para>The first alphanumeric character 
+			before the rightmost dot of the filename is preserved, forced 
+			to upper case, and appears as the first character of the mangled name.
+			</para></listitem>
+		
+			<listitem><para>A base63 hash of 5 characters is generated and the
+			first 4 characters of that hash are appended to the first character.
+			</para></listitem>
+
+			<listitem><para>A tilde "~" is appended to the first part of the mangled
+			name, followed by the final character of the base36 hash of the name.
+			</para>
+
+			<para>Note that the character to use may be specified using 
+			the <link linkend="MANGLINGCHAR"><parameter>mangling char</parameter>
+			</link> option, if you don't like '~'.</para></listitem>
+
+			<listitem><para>The first three alphanumeric characters of the final 
+			extension are preserved, forced to upper case and appear as the 
+			extension of the mangled name. The final extension is defined as that 
+			part of the original filename after the rightmost dot. If there are no 
+			dots in the filename, the mangled name will have no extension (except 
+			in the case of "hidden files" - see below).</para></listitem>
+
+			<listitem><para>Files whose UNIX name begins with a dot will be 
+			presented as DOS hidden files. The mangled name will be created as 
+			for other filenames, but with the leading dot removed and "___" as 
+			its extension regardless of actual original extension (that's three 
+			underscores).</para></listitem>
+		</itemizedlist>
+
+		<para>The name mangling (if enabled) allows a file to be 
+		copied between UNIX directories from Windows/DOS while retaining 
+		the long UNIX filename. UNIX files can be renamed to a new extension 
+		from Windows/DOS and will retain the same basename. Mangled names 
+		do not change between sessions.</para>
+
+		<para>Default: <command>mangled names = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		
+		<varlistentry>
+		<term><anchor id="MANGLEDSTACK">mangled stack (G)</term>
+		<listitem><para>This parameter controls the number of mangled names 
+		that should be cached in the Samba server <ulink url="smbd.8.html">
+		smbd(8)</ulink>.</para>
+
+		<para>This stack is a list of recently mangled base names 
+		(extensions are only maintained if they are longer than 3 characters 
+		or contains upper case characters).</para>
+
+		<para>The larger this value, the more likely it is that mangled 
+		names can be successfully converted to correct long UNIX names. 
+		However, large stack sizes will slow most directory accesses. Smaller 
+		stacks save memory in the server (each stack element costs 256 bytes).
+		</para>
+
+		<para>It is not possible to absolutely guarantee correct long 
+		filenames, so be prepared for some surprises!</para>
+
+		<para>Default: <command>mangled stack = 50</command></para>
+  		<para>Example: <command>mangled stack = 100</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="MANGLINGCHAR">mangling char (S)</term>
+		<listitem><para>This controls what character is used as 
+		the <emphasis>magic</emphasis> character in <link 
+		linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~'
+		but this may interfere with some software. Use this option to set 
+		it to whatever you prefer.</para>
+
+		<para>Default: <command>mangling char = ~</command></para>
+		<para>Example: <command>mangling char = ^</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term><anchor id="MANGLINGMETHOD">mangling mathod(G)</term>
+                <listitem><para> controls the algorithm used for the generating
+                the mangled names. Can take two different values, "hash" and
+                "hash2". "hash" is  the default and is the algorithm that has been
+                used in Samba for many years. "hash2" is a newer and considered
+                a better algorithm (generates less collisions) in the names.
+                However, many Win32 applications store the mangled names and so
+		changing to the new algorithm must not be done
+                lightly as these applications may break unless reinstalled.
+                New installations of Samba may set the default to hash2.</para>
+		<para>Default: <command>mangling method = hash</command></para>
+		<para>Example: <command>mangling method = hash2</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAPARCHIVE">map archive (S)</term>
+		<listitem><para>This controls whether the DOS archive attribute 
+		should be mapped to the UNIX owner execute bit.  The DOS archive bit 
+		is set when a file has been modified since its last backup.  One 
+		motivation for this option it to keep Samba/your PC from making 
+		any file it touches from becoming executable under UNIX.  This can 
+		be quite annoying for shared source code, documents, etc...</para>
+
+		<para>Note that this requires the <parameter>create mask</parameter>
+		parameter to be set such that owner execute bit is not masked out 
+		(i.e. it must include 100). See the parameter <link linkend="CREATEMASK">
+		<parameter>create mask</parameter></link> for details.</para>
+
+		<para>Default: <command>map archive = yes</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="MAPHIDDEN">map hidden (S)</term>
+		<listitem><para>This controls whether DOS style hidden files 
+		should be mapped to the UNIX world execute bit.</para>
+
+		<para>Note that this requires the <parameter>create mask</parameter> 
+		to be set such that the world execute bit is not masked out (i.e. 
+		it must include 001). See the parameter <link linkend="CREATEMASK">
+		<parameter>create mask</parameter></link> for details.</para>
+
+		<para>Default: <command>map hidden = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="MAPSYSTEM">map system (S)</term>
+		<listitem><para>This controls whether DOS style system files 
+		should be mapped to the UNIX group execute bit.</para>
+
+		<para>Note that this requires the <parameter>create mask</parameter> 
+		to be set such that the group execute bit is not masked out (i.e. 
+		it must include 010). See the parameter <link linkend="CREATEMASK">
+		<parameter>create mask</parameter></link> for details.</para>
+
+		<para>Default: <command>map system = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="MAPTOGUEST">map to guest (G)</term>
+		<listitem><para>This parameter is only useful in <link linkend="SECURITY">
+		security</link> modes other than <parameter>security = share</parameter> 
+		- i.e. <constant>user</constant>, <constant>server</constant>, 
+		and <constant>domain</constant>.</para>
+
+		<para>This parameter can take three different values, which tell
+		<ulink url="smbd.8.html">smbd(8)</ulink> what to do with user 
+		login requests that don't match a valid UNIX user in some way.</para>
+
+		<para>The three settings are :</para>
+
+		<itemizedlist>
+			<listitem><para><constant>Never</constant> - Means user login 
+			requests with an invalid password are rejected. This is the 
+			default.</para></listitem>
+			
+			<listitem><para><constant>Bad User</constant> - Means user
+			logins with an invalid password are rejected, unless the username 
+			does not exist, in which case it is treated as a guest login and 
+			mapped into the <link linkend="GUESTACCOUNT"><parameter>
+			guest account</parameter></link>.</para></listitem>
+
+			<listitem><para><constant>Bad Password</constant> - Means user logins 
+			with an invalid password are treated as a guest login and mapped 
+			into the <link linkend="GUESTACCOUNT">guest account</link>. Note that 
+			this can cause problems as it means that any user incorrectly typing 
+			their password will be silently logged on as "guest" - and 
+			will not know the reason they cannot access files they think
+			they should - there will have been no message given to them
+			that they got their password wrong. Helpdesk services will
+			<emphasis>hate</emphasis> you if you set the <parameter>map to 
+			guest</parameter> parameter this way :-).</para></listitem>
+		</itemizedlist>
+
+		<para>Note that this parameter is needed to set up "Guest" 
+		share services when using <parameter>security</parameter> modes other than 
+		share. This is because in these modes the name of the resource being
+		requested is <emphasis>not</emphasis> sent to the server until after 
+		the server has successfully authenticated the client so the server 
+		cannot make authentication decisions at the correct time (connection 
+		to the share) for "Guest" shares.</para>
+
+		<para>For people familiar with the older Samba releases, this 
+		parameter maps to the old compile-time setting of the <constant>
+		GUEST_SESSSETUP</constant> value in local.h.</para>
+
+		<para>Default: <command>map to guest = Never</command></para>
+		<para>Example: <command>map to guest = Bad User</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXCONNECTIONS">max connections (S)</term>
+		<listitem><para>This option allows the number of simultaneous 
+		connections to a service to be limited. If <parameter>max connections
+		</parameter> is greater than 0 then connections will be refused if 
+		this number of connections to the service are already open. A value 
+		of zero mean an unlimited number of connections may be made.</para>
+
+		<para>Record lock files are used to implement this feature. The 
+		lock files will be stored in the directory specified by the <link
+		linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link> 
+		option.</para>
+
+		<para>Default: <command>max connections = 0</command></para>
+  		<para>Example: <command>max connections = 10</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXDISKSIZE">max disk size (G)</term>
+		<listitem><para>This option allows you to put an upper limit 
+		on the apparent size of disks. If you set this option to 100 
+		then all shares will appear to be not larger than 100 MB in 
+		size.</para>
+
+		<para>Note that this option does not limit the amount of 
+		data you can put on the disk. In the above case you could still 
+		store much more than 100 MB on the disk, but if a client ever asks 
+		for the amount of free disk space or the total disk size then the 
+		result will be bounded by the amount specified in <parameter>max 
+		disk size</parameter>.</para>
+
+		<para>This option is primarily useful to work around bugs 
+		in some pieces of software that can't handle very large disks, 
+		particularly disks over 1GB in size.</para>
+
+		<para>A <parameter>max disk size</parameter> of 0 means no limit.</para>
+
+		<para>Default: <command>max disk size = 0</command></para>
+		<para>Example: <command>max disk size = 1000</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term><anchor id="MAXLOGSIZE">max log size (G)</term>
+		<listitem><para>This option (an integer in kilobytes) specifies 
+		the max size the log file should grow to. Samba periodically checks 
+		the size and if it is exceeded it will rename the file, adding 
+		a <filename>.old</filename> extension.</para>
+
+		<para>A size of 0 means no limit.</para>
+
+		<para>Default: <command>max log size = 5000</command></para>
+		<para>Example: <command>max log size = 1000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXMUX">max mux (G)</term>
+		<listitem><para>This option controls the maximum number of 
+		outstanding simultaneous SMB operations that Samba tells the client 
+		it will allow. You should never need to set this parameter.</para>
+
+		<para>Default: <command>max mux = 50</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXOPENFILES">max open files (G)</term>
+		<listitem><para>This parameter limits the maximum number of 
+		open files that one <ulink url="smbd.8.html">smbd(8)</ulink> file 
+		serving process may have open for a client at any one time. The 
+		default for this parameter is set very high (10,000) as Samba uses 
+		only one bit per unopened file.</para>
+		
+		<para>The limit of the number of open files is usually set 
+		by the UNIX per-process file descriptor limit rather than 
+		this parameter so you should never need to touch this parameter.</para>
+
+		<para>Default: <command>max open files = 10000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXPRINTJOBS">max print jobs (S)</term>
+		<listitem><para>This parameter limits the maximum number of 
+		jobs allowable in a Samba printer queue at any given moment.
+		If this number is exceeded, <ulink url="smbd.8.html"><command>
+		smbd(8)</command></ulink> will remote "Out of Space" to the client.
+		See all <link linkend="TOTALPRINTJOBS"><parameter>total
+		print jobs</parameter></link>.
+		</para>
+
+		<para>Default: <command>max print jobs = 1000</command></para>
+		<para>Example: <command>max print jobs = 5000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="MAXPROTOCOL">max protocol (G)</term>
+		<listitem><para>The value of the parameter (a string) is the highest 
+		protocol level that will be supported by the server.</para>
+
+		<para>Possible values are :</para>
+		<itemizedlist>
+			<listitem><para><constant>CORE</constant>: Earliest version. No 
+			concept of user names.</para></listitem>
+			
+			<listitem><para><constant>COREPLUS</constant>: Slight improvements on 
+			CORE for efficiency.</para></listitem>
+
+			<listitem><para><constant>LANMAN1</constant>: First <emphasis>
+			modern</emphasis> version of the protocol. Long filename
+			support.</para></listitem>
+
+			<listitem><para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.
+			</para></listitem>
+
+			<listitem><para><constant>NT1</constant>: Current up to date version of 
+			the protocol. Used by Windows NT. Known as CIFS.</para></listitem>
+		</itemizedlist>
+
+		<para>Normally this option should not be set as the automatic 
+		negotiation phase in the SMB protocol takes care of choosing 
+		the appropriate protocol.</para>
+		
+		<para>See also <link linkend="MINPROTOCOL"><parameter>min
+		protocol</parameter></link></para>
+
+		<para>Default: <command>max protocol = NT1</command></para>
+		<para>Example: <command>max protocol = LANMAN1</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXSMBDPROCESSES">max smbd processes (G)</term>
+		<listitem><para>This parameter limits the maximum number of 
+		<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>
+		processes concurrently running on a system and is intended
+		as a stopgap to prevent degrading service to clients in the event
+		that the server has insufficient resources to handle more than this
+		number of connections.  Remember that under normal operating
+		conditions, each user will have an <ulink url="smbd.8.html">smbd</ulink> associated with him or her
+		to handle connections to all shares from a given host.
+		</para>
+
+		<para>Default: <command>max smbd processes = 0</command>   ## no limit</para>
+		<para>Example: <command>max smbd processes = 1000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXTTL">max ttl (G)</term>
+		<listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink>
+		what the default 'time to live' of NetBIOS names should be (in seconds) 
+		when <command>nmbd</command> is requesting a name using either a
+		broadcast packet or from a WINS server. You should never need to
+		change this parameter. The default is 3 days.</para>
+
+		<para>Default: <command>max ttl = 259200</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXWINSTTL">max wins ttl (G)</term>
+		<listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)
+		</ulink> when acting as a WINS server (<link linkend="WINSSUPPORT">
+		<parameter>wins support = yes</parameter></link>) what the maximum
+		'time to live' of NetBIOS names that <command>nmbd</command> 
+		will grant will be (in seconds). You should never need to change this
+		parameter.  The default is 6 days (518400 seconds).</para>
+
+		<para>See also the <link linkend="MINWINSTTL"><parameter>min 
+		wins ttl</parameter></link> parameter.</para>
+
+		<para>Default: <command>max wins ttl = 518400</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MAXXMIT">max xmit (G)</term>
+		<listitem><para>This option controls the maximum packet size 
+		that will be negotiated by Samba. The default in Samba 2.2.6 is
+		now 16644 (changed from 65535 in earlier releases) which matches
+		Windows 2000. This allows better performance with Windows NT clients.
+		The maximum is 65535. In some cases you may find you get better performance 
+		with a smaller value. A value below 2048 is likely to cause problems.
+		</para>
+
+		<para>Default: <command>max xmit = 16644</command></para>
+		<para>Example: <command>max xmit = 8192</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MESSAGECOMMAND">message command (G)</term>
+		<listitem><para>This specifies what command to run when the 
+		server receives a WinPopup style message.</para>
+
+		<para>This would normally be a command that would 
+		deliver the message somehow. How this is to be done is 
+		up to your imagination.</para>
+
+		<para>An example is:</para>
+
+		<para><command>message command = csh -c 'xedit %s;rm %s' &</command>
+		</para>
+
+		<para>This delivers the message using <command>xedit</command>, then 
+		removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT 
+		THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I 
+		have the '&' on the end. If it doesn't return immediately then 
+		your PCs may freeze when sending messages (they should recover 
+		after 30 seconds, hopefully).</para>
+
+		<para>All messages are delivered as the global guest user. 
+		The command takes the standard substitutions, although <parameter>
+		%u</parameter> won't work (<parameter>%U</parameter> may be better 
+		in this case).</para>
+
+		<para>Apart from the standard substitutions, some additional 
+		ones apply. In particular:</para>
+
+		<itemizedlist>
+			<listitem><para><parameter>%s</parameter> = the filename containing 
+			the message.</para></listitem>
+			
+			<listitem><para><parameter>%t</parameter> = the destination that 
+			the message was sent to (probably the server name).</para></listitem>
+
+			<listitem><para><parameter>%f</parameter> = who the message 
+			is from.</para></listitem>
+		</itemizedlist>
+
+		<para>You could make this command send mail, or whatever else 
+		takes your fancy. Please let us know of any really interesting 
+		ideas you have.</para>
+
+
+		<para>Here's a way of sending the messages as mail to root:</para>
+
+		<para><command>message command = /bin/mail -s 'message from %f on 
+		%m' root &lt; %s; rm %s</command></para>
+
+		<para>If you don't have a message command then the message 
+		won't be delivered and Samba will tell the sender there was 
+		an error. Unfortunately WfWg totally ignores the error code 
+		and carries on regardless, saying that the message was delivered.
+		</para>
+
+		<para>If you want to silently delete it then try:</para>
+
+		<para><command>message command = rm %s</command></para>
+
+		<para>Default: <emphasis>no message command</emphasis></para>
+		<para>Example: <command>message command = csh -c 'xedit %s;
+		rm %s' &</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="MINPASSWDLENGTH">min passwd length (G)</term>
+		<listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH">
+		<parameter>min password length</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MINPASSWORDLENGTH">min password length (G)</term>
+		<listitem><para>This option sets the minimum length in characters 
+		of a plaintext password that <command>smbd</command> will accept when performing 
+		UNIX password changing.</para>
+
+		<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix 
+		password sync</parameter></link>, <link linkend="PASSWDPROGRAM">
+		<parameter>passwd program</parameter></link> and <link
+		linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter>
+		</link>.</para>
+
+		<para>Default: <command>min password length = 5</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="MINPRINTSPACE">min print space (S)</term>
+		<listitem><para>This sets the minimum amount of free disk 
+		space that must be available before a user will be able to spool 
+		a print job. It is specified in kilobytes. The default is 0, which 
+		means a user can always spool a print job.</para>
+
+		<para>See also the <link linkend="PRINTING"><parameter>printing
+		</parameter></link> parameter.</para>
+
+		<para>Default: <command>min print space = 0</command></para>
+		<para>Example: <command>min print space = 2000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="MINPROTOCOL">min protocol (G)</term>
+		<listitem><para>The value of the parameter (a string) is the 
+		lowest SMB protocol dialect than Samba will support.  Please refer
+		to the <link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link>
+		parameter for a list of valid protocol names and a brief description
+		of each.  You may also wish to refer to the C source code in
+		<filename>source/smbd/negprot.c</filename> for a listing of known protocol
+		dialects supported by clients.</para>
+		
+		<para>If you are viewing this parameter as a security measure, you should
+		also refer to the <link linkend="LANMANAUTH"><parameter>lanman 
+		auth</parameter></link> parameter.  Otherwise, you should never need 
+		to change this parameter.</para>
+		
+		<para>Default : <command>min protocol = CORE</command></para>
+		<para>Example : <command>min protocol = NT1</command>  # disable DOS 
+		clients</para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="MINWINSTTL">min wins ttl (G)</term>
+		<listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink>
+		when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter>
+		wins support = yes</parameter></link>) what the minimum 'time to live' 
+		of NetBIOS names that <command>nmbd</command> will grant will be (in 
+		seconds). You should never need to change this parameter.  The default 
+		is 6 hours (21600 seconds).</para>
+
+		<para>Default: <command>min wins ttl = 21600</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		
+		
+		<varlistentry>
+		<term><anchor id="MSDFSROOT">msdfs root (S)</term>
+		<listitem><para>This boolean parameter is only available if 
+		Samba is configured  and  compiled with the <command>
+		--with-msdfs</command> option.  If set to <constant>yes</constant>, 
+		Samba treats the share as a Dfs root and  allows clients to browse 
+		the distributed file system tree rooted at the share directory. 
+		Dfs links are specified  in  the share directory by symbolic 
+		links of the form <filename>msdfs:serverA\shareA,serverB\shareB
+		</filename> and so on.  For more information on setting up a Dfs tree 
+		on Samba,  refer to <ulink url="msdfs_setup.html">msdfs_setup.html
+		</ulink>.</para>
+		
+		<para>See also <link linkend="HOSTMSDFS"><parameter>host msdfs
+		</parameter></link></para>
+		
+		<para>Default: <command>msdfs root = no</command></para>
+		</listitem>
+		</varlistentry>
+	  
+	  
+		<varlistentry> 
+		<term><anchor id="NAMERESOLVEORDER">name resolve order (G)</term>
+		<listitem><para>This option is used by the programs in the Samba 
+		suite to determine what naming services to use and in what order 
+		to resolve host names to IP addresses. The option takes a space 
+		separated string of name resolution options.</para>
+
+		<para>The options are :"lmhosts", "host", "wins" and "bcast". They 
+		cause names to be resolved as follows :</para>
+
+		<itemizedlist>
+			<listitem><para><constant>lmhosts</constant> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <ulink 
+			url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
+			any name type matches for lookup.</para></listitem>
+
+			<listitem><para><constant>host</constant> : Do a standard host 
+			name to IP address resolution, using the system <filename>/etc/hosts
+			</filename>, NIS, or DNS lookups. This method of name resolution 
+			is operating system depended for instance on IRIX or Solaris this 
+			may be controlled by the <filename>/etc/nsswitch.conf</filename> 
+			file.  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</para></listitem>
+
+			<listitem><para><constant>wins</constant> : Query a name with 
+			the IP address listed in the <link linkend="WINSSERVER"><parameter>
+			wins server</parameter></link> parameter.  If no WINS server has
+			been specified this method will be ignored.</para></listitem>
+
+			<listitem><para><constant>bcast</constant> : Do a broadcast on 
+			each of the known local interfaces listed in the <link 
+			linkend="INTERFACES"><parameter>interfaces</parameter></link> 
+			parameter. This is the least reliable of the name resolution 
+			methods as it depends on the target host being on a locally 
+			connected subnet.</para></listitem>
+		</itemizedlist>
+
+		<para>Default: <command>name resolve order = lmhosts host wins bcast
+		</command></para>
+		<para>Example: <command>name resolve order = lmhosts bcast host
+		</command></para>
+
+		<para>This will cause the local lmhosts file to be examined 
+		first, followed by a broadcast attempt, followed by a normal 
+		system hostname lookup.</para>
+		</listitem>
+		</varlistentry>
+		
+
+
+	
+		<varlistentry>
+		<term><anchor id="NETBIOSALIASES">netbios aliases (G)</term>
+		<listitem><para>This is a list of NetBIOS names that <ulink 
+		url="nmbd.8.html">nmbd(8)</ulink> will advertise as additional 
+		names by which the Samba server is known. This allows one machine 
+		to appear in browse lists under multiple names. If a machine is 
+		acting as a browse server or logon server none 
+		of these names will be advertised as either browse server or logon 
+		servers, only the primary name of the machine will be advertised 
+		with these capabilities.</para>
+		
+		<para>See also <link linkend="NETBIOSNAME"><parameter>netbios 
+		name</parameter></link>.</para>
+
+		<para>Default: <emphasis>empty string (no additional names)</emphasis></para>
+		<para>Example: <command>netbios aliases = TEST TEST1 TEST2</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term><anchor id="NETBIOSNAME">netbios name (G)</term>
+		<listitem><para>This sets the NetBIOS name by which a Samba 
+		server is known. By default it is the same as the first component 
+		of the host's DNS name. If a machine is a browse server or
+		logon server this name (or the first component
+		of the hosts DNS name) will be the name that these services are
+		advertised under.</para>
+		
+		<para>See also <link linkend="NETBIOSALIASES"><parameter>netbios 
+		aliases</parameter></link>.</para>
+
+		<para>Default: <emphasis>machine DNS name</emphasis></para>
+		<para>Example: <command>netbios name = MYNAME</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="NETBIOSSCOPE">netbios scope (G)</term>
+		<listitem><para>This sets the NetBIOS scope that Samba will 
+		operate under. This should not be set unless every machine 
+		on your LAN also sets this value.</para>
+		</listitem>
+		</varlistentry>
+		
+
+		<varlistentry>
+		<term><anchor id="NISHOMEDIR">nis homedir (G)</term>
+		<listitem><para>Get the home share server from a NIS map. For 
+		UNIX systems that use an automounter, the user's home directory 
+		will often be mounted on a workstation on demand from a remote 
+		server. </para>
+
+		<para>When the Samba logon server is not the actual home directory 
+		server, but is mounting the home directories via NFS then two 
+		network hops would be required to access the users home directory 
+		if the logon server told the client to use itself as the SMB server 
+	 	for home directories (one over SMB and one over NFS). This can 
+		be very slow.</para>
+
+		<para>This option allows Samba to return the home share as 
+		being on a different server to the logon server and as 
+		long as a Samba daemon is running on the home directory server, 
+		it will be mounted on the Samba client directly from the directory 
+		server. When Samba is returning the home share to the client, it 
+		will consult the NIS map specified in <link linkend="HOMEDIRMAP">
+		<parameter>homedir map</parameter></link> and return the server 
+		listed there.</para>
+
+		<para>Note that for this option to work there must be a working 
+		NIS system and the Samba server with this option must also 
+		be a logon server.</para>
+
+		<para>Default: <command>nis homedir = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="NTACLSUPPORT">nt acl support (S)</term>
+		<listitem><para>This boolean parameter controls whether 
+		<ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map 
+		UNIX permissions into Windows NT access control lists.
+		This parameter was formally a global parameter in releases
+		prior to 2.2.2.</para>
+		
+		<para>Default: <command>nt acl support = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="NTPIPESUPPORT">nt pipe support (G)</term>
+		<listitem><para>This boolean parameter controls whether 
+		<ulink url="smbd.8.html">smbd(8)</ulink> will allow Windows NT 
+		clients to connect to the NT SMB specific <constant>IPC$</constant> 
+		pipes. This is a developer debugging option and can be left
+		alone.</para>
+
+		<para>Default: <command>nt pipe support = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="NTSMBSUPPORT">nt smb support (G)</term>
+		<listitem><para>This boolean parameter controls whether <ulink
+		url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific SMB
+		support with Windows NT/2k/XP clients. Although this is a developer
+		debugging option and should be left alone, benchmarking has discovered
+		that Windows NT clients give faster performance with this option
+		set to <constant>no</constant>. This is still being investigated.
+	 	If this option is set to <constant>no</constant> then Samba offers
+		exactly the same SMB calls that versions prior to Samba 2.0 offered.
+		This information may be of use if any users are having problems
+		with NT SMB support.</para>
+
+		<para>You should not need to ever disable this parameter.</para>
+
+		<para>Default: <command>nt smb support = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="NTSTATUSSUPPORT">nt status support (G)</term>
+		<listitem><para>This boolean parameter controls whether <ulink
+		url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status
+		support with Windows NT/2k/XP clients. This is a developer
+		debugging option and should be left alone.
+	 	If this option is set to <constant>no</constant> then Samba offers
+		exactly the same DOS error codes that versions prior to Samba 2.2.3
+		reported.</para>
+
+		<para>You should not need to ever disable this parameter.</para>
+
+		<para>Default: <command>nt status support = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="NULLPASSWORDS">null passwords (G)</term>
+		<listitem><para>Allow or disallow client access to accounts 
+		that have null passwords. </para>
+
+		<para>See also <ulink url="smbpasswd.5.html">smbpasswd (5)</ulink>.</para>
+
+		<para>Default: <command>null passwords = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="OBEYPAMRESTRICTIONS">obey pam restrictions (G)</term>
+		<listitem><para>When Samba 2.2 is configured to enable PAM support
+		(i.e. --with-pam), this parameter will control whether or not Samba
+		should obey PAM's account and session management directives.  The 
+		default behavior is to use PAM for clear text authentication only
+		and to ignore any account or session management.  Note that Samba
+		always ignores PAM for authentication in the case of <link
+		linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords = yes</parameter>
+		</link>.  The reason is that PAM modules cannot support the challenge/response
+		authentication mechanism needed in the presence of SMB password encryption.
+		</para>
+
+		<para>Default: <command>obey pam restrictions = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="ONLYUSER">only user (S)</term>
+		<listitem><para>This is a boolean option that controls whether 
+		connections with usernames not in the <parameter>user</parameter> 
+		list will be allowed. By default this option is disabled so that a 
+		client can supply a username to be used by the server.  Enabling
+		this parameter will force the server to only use the login 
+		names from the <parameter>user</parameter> list and is only really
+		useful in <link linkend="SECURITYEQUALSSHARE">share level</link>
+		security.</para>
+
+		<para>Note that this also means Samba won't try to deduce 
+		usernames from the service name. This can be annoying for 
+		the [homes] section. To get around this you could use <command>user =
+		%S</command> which means your <parameter>user</parameter> list
+		will be just the service name, which for home directories is the 
+		name of the user.</para>
+
+		<para>See also the <link linkend="USER"><parameter>user</parameter>
+		</link> parameter.</para>
+
+		<para>Default: <command>only user = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="ONLYGUEST">only guest (S)</term>
+		<listitem><para>A synonym for <link linkend="GUESTONLY"><parameter>
+		guest only</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="OPLOCKBREAKWAITTIME">oplock break wait time (G)</term>
+		<listitem><para>This is a tuning parameter added due to bugs in 
+		both Windows 9x and WinNT. If Samba responds to a client too 
+		quickly when that client issues an SMB that can cause an oplock 
+		break request, then the network client can fail and not respond 
+		to the break request. This tuning parameter (which is set in milliseconds) 
+		is the amount of time Samba will wait before sending an oplock break 
+		request to such (broken) clients.</para>
+
+		<para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para>
+
+		<para>Default: <command>oplock break wait time = 0</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="OPLOCKCONTENTIONLIMIT">oplock contention limit (S)</term>
+		<listitem><para>This is a <emphasis>very</emphasis> advanced 
+		<ulink url="smbd.8.html">smbd(8)</ulink> tuning option to 
+		improve the efficiency of the granting of oplocks under multiple 
+		client contention for the same file.</para>
+		
+		<para>In brief it specifies a number, which causes <ulink url="smbd.8.html">smbd</ulink> not to 
+		grant an oplock even when requested if the approximate number of 
+		clients contending for an oplock on the same file goes over this 
+		limit. This causes <command>smbd</command> to behave in a similar 
+		way to Windows NT.</para>
+
+		<para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para>
+
+		<para>Default: <command>oplock contention limit = 2</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="OPLOCKS">oplocks (S)</term>
+		<listitem><para>This boolean option tells <command>smbd</command> whether to 
+		issue oplocks (opportunistic locks) to file open requests on this 
+		share. The oplock code can dramatically (approx. 30% or more) improve 
+	 	the speed of access to files on Samba servers. It allows the clients 
+		to aggressively cache files locally and you may want to disable this 
+		option for unreliable network environments (it is turned on by 
+		default in Windows NT Servers).  For more information see the file 
+		<filename>Speed.txt</filename> in the Samba <filename>docs/</filename> 
+		directory.</para>
+
+		<para>Oplocks may be selectively turned off on certain files with a 
+		share. See the <link linkend="VETOOPLOCKFILES"><parameter>
+		veto oplock files</parameter></link> parameter. On some systems 
+		oplocks are recognized by the underlying operating system. This 
+		allows data synchronization between all access to oplocked files, 
+		whether it be via Samba or NFS or a local UNIX process. See the 
+		<parameter>kernel oplocks</parameter> parameter for details.</para>
+
+		<para>See also the <link linkend="KERNELOPLOCKS"><parameter>kernel 
+		oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter>
+		level2 oplocks</parameter></link> parameters.</para>
+
+		<para>Default: <command>oplocks = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="OSLEVEL">os level (G)</term>
+		<listitem><para>This integer value controls what level Samba 
+		advertises itself as for browse elections. The value of this 
+		parameter determines whether <ulink url="nmbd.8.html">nmbd(8)</ulink> 
+		has a chance of becoming a local master browser for the <parameter>
+		WORKGROUP</parameter> in the local broadcast area.</para>
+		
+		<para><emphasis>Note :</emphasis>By default, Samba will win 
+		a local master browsing election over all Microsoft operating 
+		systems except a Windows NT 4.0/2000 Domain Controller.  This 
+		means that a misconfigured Samba host can effectively isolate 
+		a subnet for browsing purposes.  See <filename>BROWSING.txt
+		</filename> in the Samba <filename>docs/</filename> directory 
+		for details.</para>
+
+		<para>Default: <command>os level = 20</command></para>
+		<para>Example: <command>os level = 65 </command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="OS2DRIVERMAP">os2 driver map (G)</term>
+		<listitem><para>The parameter is used to define the absolute
+		path to a file containing a mapping of Windows NT printer driver
+		names to OS/2 printer driver names.  The format is:</para>
+		
+		<para>&lt;nt driver name&gt; = &lt;os2 driver 
+		name&gt;.&lt;device name&gt;</para>
+		
+		<para>For example, a valid entry using the HP LaserJet 5
+		printer driver would appear as <command>HP LaserJet 5L = LASERJET.HP 
+		LaserJet 5L</command>.</para>
+		
+		<para>The need for the file is due to the printer driver namespace 
+		problem described in the <ulink url="printer_driver2.html">Samba 
+		Printing HOWTO</ulink>.  For more details on OS/2 clients, please 
+		refer to the <ulink url="OS2-Client-HOWTO.html">OS2-Client-HOWTO
+		</ulink> containing in the Samba documentation.</para>
+
+		<para>Default: <command>os2 driver map = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="PAMPASSWORDCHANGE">pam password change (G)</term>
+  		<listitem><para>With the addition of better PAM support in Samba 2.2, 
+  		this parameter, it is possible to use PAM's password change control 
+  		flag for Samba.  If enabled, then PAM will be used for password
+ 		changes when requested by an SMB client instead of the program listed in 
+                <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link>. 
+                It should be possible to enable this without changing your 
+                <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link>
+                parameter for most setups.
+  		</para>
+		
+		<para>Default: <command>pam password change = no</command></para>
+		
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="PANICACTION">panic action (G)</term>
+		<listitem><para>This is a Samba developer option that allows a 
+		system command to be called when either <ulink url="smbd.8.html">
+		smbd(8)</ulink> or <ulink url="nmbd.8.html">nmbd(8)</ulink> 
+		crashes. This is usually used to draw attention to the fact that 
+		a problem occurred.</para>
+
+		<para>Default: <command>panic action = &lt;empty string&gt;</command></para>
+		<para>Example: <command>panic action = "/bin/sleep 90000"</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="PASSWDCHAT">passwd chat (G)</term>
+		<listitem><para>This string controls the <emphasis>"chat"</emphasis> 
+		conversation that takes places between <ulink 
+		url="smbd.8.html">smbd</ulink> and the local password changing
+		program to change the user's password. The string describes a 
+		sequence of response-receive pairs that <ulink url="smbd.8.html">
+		smbd(8)</ulink> uses to determine what to send to the 
+		<link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter>
+		</link> and what to expect back. If the expected output is not 
+		received then the password is not changed.</para>
+
+		<para>This chat sequence is often quite site specific, depending 
+		on what local methods are used for password control (such as NIS 
+		etc).</para>
+		<para>Note that this parameter only is only used if the <link 
+		linkend="UNIXPASSWORDSYNC"><parameter>unix 
+		password sync</parameter></link> parameter is set to <constant>yes</constant>. This 
+		sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password 
+		in the smbpasswd file is being changed, without access to the old 
+		password cleartext. This means that root must be able to reset the user's password
+ 		without knowing the text of the previous password. In the presence of NIS/YP, 
+		this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be 
+		executed on the NIS master.
+		</para>
+
+
+		<para>The string can contain the macro <parameter>%n</parameter> which is substituted 
+		for the new password.  The chat sequence can also contain the standard 
+		macros <constant>\n</constant>, <constant>\r</constant>, <constant>
+		\t</constant> and <constant>\s</constant> to give line-feed, 
+		carriage-return, tab and space.  The chat sequence string can also contain 
+		a '*' which matches any sequence of characters.
+		Double quotes can be used to collect strings with spaces 
+		in them into a single string.</para>
+
+		<para>If the send string in any part of the chat sequence 
+		is a full stop ".",  then no string is sent. Similarly, 
+		if the expect string is a full stop then no string is expected.</para>
+
+  		<para>If the <link linkend="PAMPASSWORDCHANGE"><parameter>pam
+ 		password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs
+                may be matched in any order, and success is determined by the PAM result, 
+                not any particular output. The \n macro is ignored for PAM conversions.
+  		</para>
+
+		<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix password 
+		sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter>
+		passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG">
+		<parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE">
+		<parameter>pam password change</parameter></link>.</para>
+
+		<para>Default: <command>passwd chat = *new*password* %n\n 
+		*new*password* %n\n *changed*</command></para>
+		<para>Example: <command>passwd chat = "*Enter OLD password*" %o\n 
+		"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password 
+		changed*"</command></para>
+		</listitem>
+		</varlistentry>
+
+	
+   
+		<varlistentry>
+		<term><anchor id="PASSWDCHATDEBUG">passwd chat debug (G)</term>
+		<listitem><para>This boolean specifies if the passwd chat script 
+		parameter is run in <emphasis>debug</emphasis> mode. In this mode the 
+		strings passed to and received from the passwd chat are printed 
+		in the <ulink url="smbd.8.html">smbd(8)</ulink> log with a 
+		<link linkend="DEBUGLEVEL"><parameter>debug level</parameter></link> 
+		of 100. This is a dangerous option as it will allow plaintext passwords 
+		to be seen in the <command>smbd</command> log. It is available to help 
+		Samba admins debug their <parameter>passwd chat</parameter> scripts 
+		when calling the <parameter>passwd program</parameter> and should 
+ 		be turned off after this has been done. This option has no effect if the 
+                <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link>
+                paramter is set. This parameter is off by default.</para>
+  
+
+ 		<para>See also <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter>
+ 		</link>, <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter>
+                </link>, <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter>
+  		</link>.</para>
+
+		<para>Default: <command>passwd chat debug = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PASSWDPROGRAM">passwd program (G)</term>
+		<listitem><para>The name of a program that can be used to set 
+		UNIX user passwords.  Any occurrences of <parameter>%u</parameter> 
+		will be replaced with the user name. The user name is checked for 
+		existence before calling the password changing program.</para>
+
+		<para>Also note that many passwd programs insist in <emphasis>reasonable
+		</emphasis> passwords, such as a minimum length, or the inclusion 
+		of mixed case chars and digits. This can pose a problem as some clients 
+		(such as Windows for Workgroups) uppercase the password before sending 
+		it.</para>
+
+		<para><emphasis>Note</emphasis> that if the <parameter>unix 
+		password sync</parameter> parameter is set to <constant>yes
+		</constant> then this program is called <emphasis>AS ROOT</emphasis> 
+		before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5)
+		</ulink> file is changed. If this UNIX password change fails, then 
+		<command>smbd</command> will fail to change the SMB password also 
+		(this is by design).</para>
+
+		<para>If the <parameter>unix password sync</parameter> parameter 
+		is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> 
+		for <emphasis>ALL</emphasis> programs called, and must be examined 
+		for security implications. Note that by default <parameter>unix 
+		password sync</parameter> is set to <constant>no</constant>.</para>
+
+		<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix 
+		password sync</parameter></link>.</para>
+
+		<para>Default: <command>passwd program = /bin/passwd</command></para>
+		<para>Example: <command>passwd program = /sbin/npasswd %u</command>
+		</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PASSWORDLEVEL">password level (G)</term>
+		<listitem><para>Some client/server combinations have difficulty 
+		with mixed-case passwords.  One offending client is Windows for 
+		Workgroups, which for some reason forces passwords to upper 
+		case when using the LANMAN1 protocol, but leaves them alone when 
+		using COREPLUS!  Another problem child is the Windows 95/98
+		family of operating systems.  These clients upper case clear
+		text passwords even when NT LM 0.12 selected by the protocol
+		negotiation request/response.</para>
+
+		<para>This parameter defines the maximum number of characters 
+		that may be upper case in passwords.</para>
+
+		<para>For example, say the password given was "FRED". If <parameter>
+		password level</parameter> is set to 1, the following combinations 
+		would be tried if "FRED" failed:</para>
+
+		<para>"Fred", "fred", "fRed", "frEd","freD"</para>
+
+		<para>If <parameter>password level</parameter> was set to 2, 
+		the following combinations would also be tried: </para>
+
+		<para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para>
+
+		<para>And so on.</para>
+
+		<para>The higher value this parameter is set to the more likely 
+		it is that a mixed case password will be matched against a single 
+		case password. However, you should be aware that use of this 
+		parameter reduces security and increases the time taken to 
+ 		process a new connection.</para>
+
+		<para>A value of zero will cause only two attempts to be 
+		made - the password as is and the password in all-lower case.</para>
+
+		<para>Default: <command>password level = 0</command></para>
+		<para>Example: <command>password level = 4</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PASSWORDSERVER">password server (G)</term>
+		<listitem><para>By specifying the name of another SMB server (such 
+		as a WinNT box) with this option, and using <command>security = domain
+		</command> or <command>security = server</command> you can get Samba 
+		to do all its username/password validation via a remote server.</para>
+
+		<para>This option sets the name of the password server to use. 
+		It must be a NetBIOS name, so if the machine's NetBIOS name is 
+		different from its Internet name then you may have to add its NetBIOS 
+		name to the lmhosts  file which is stored in the same directory 
+		as the <filename>smb.conf</filename> file.</para>
+
+		<para>The name of the password server is looked up using the 
+		parameter <link linkend="NAMERESOLVEORDER"><parameter>name 
+		resolve order</parameter></link> and so may resolved
+		by any method and order described in that parameter.</para>
+
+		<para>The password server much be a machine capable of using 
+		the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
+		user level security mode.</para>
+
+		<para><emphasis>NOTE:</emphasis> Using a password server 
+		means your UNIX box (running Samba) is only as secure as your 
+		password server. <emphasis>DO NOT CHOOSE A PASSWORD SERVER THAT 
+		YOU DON'T COMPLETELY TRUST</emphasis>.</para>
+		
+		<para>Never point a Samba server at itself for password 
+		serving. This will cause a loop and could lock up your Samba 
+		server!</para>
+
+		<para>The name of the password server takes the standard 
+		substitutions, but probably the only useful one is <parameter>%m
+		</parameter>, which means the Samba server will use the incoming 
+	 	client as the password server. If you use this then you better 
+		trust your clients, and you had better restrict them with hosts allow!</para>
+
+		<para>If the <parameter>security</parameter> parameter is set to
+		<constant>domain</constant>, then the list of machines in this 
+		option must be a list of Primary or Backup Domain controllers for the
+		Domain or the character '*', as the Samba server is effectively
+		in that domain, and will use cryptographically authenticated RPC calls
+		to authenticate the user logging on. The advantage of using <command>
+		security = domain</command> is that if you list several hosts in the 
+		<parameter>password server</parameter> option then <command>smbd
+		</command> will try each in turn till it finds one that responds. This 
+		is useful in case your primary server goes down.</para>
+
+		<para>If the <parameter>password server</parameter> option is set 
+		to the character '*', then Samba will attempt to auto-locate the 
+		Primary or Backup Domain controllers to authenticate against by 
+		doing a query for the name <constant>WORKGROUP&lt;1C&gt;</constant> 
+		and then contacting each server returned in the list of IP 
+		addresses from the name resolution source. </para>
+		
+		<para>If the <parameter>security</parameter> parameter is 
+		set to <constant>server</constant>, then there are different
+		restrictions that <command>security = domain</command> doesn't 
+		suffer from:</para>
+
+		<itemizedlist>
+			<listitem><para>You may list several password servers in 
+			the <parameter>password server</parameter> parameter, however if an 
+			<command>smbd</command> makes a connection to a password server, 
+			and then the password server fails, no more users will be able 
+			to be authenticated from this <command>smbd</command>.  This is a 
+			restriction of the SMB/CIFS protocol when in <command>security = server
+			</command> mode and cannot be fixed in Samba.</para></listitem>
+
+			<listitem><para>If you are using a Windows NT server as your 
+			password server then you will have to ensure that your users 
+			are able to login from the Samba server, as when in <command>
+			security = server</command>  mode the network logon will appear to 
+			come from there rather than from the users workstation.</para></listitem>
+		</itemizedlist>
+
+		<para>See also the <link linkend="SECURITY"><parameter>security
+		</parameter></link> parameter.</para>
+
+		<para>Default: <command>password server = &lt;empty string&gt;</command>
+		</para>
+		<para>Example: <command>password server = NT-PDC, NT-BDC1, NT-BDC2
+		</command></para>
+		<para>Example: <command>password server = *</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PATH">path (S)</term>
+		<listitem><para>This parameter specifies a directory to which 
+		the user of the service is to be given access. In the case of 
+		printable services, this is where print data will spool prior to 
+		being submitted to the host for printing.</para>
+
+		<para>For a printable service offering guest access, the service 
+		should be readonly and the path should be world-writeable and 
+		have the sticky bit set. This is not mandatory of course, but 
+		you probably won't get the results you expect if you do 
+		otherwise.</para>
+
+		<para>Any occurrences of <parameter>%u</parameter> in the path 
+		will be replaced with the UNIX username that the client is using 
+		on this connection. Any occurrences of <parameter>%m</parameter> 
+		will be replaced by the NetBIOS name of the machine they are 
+		connecting from. These replacements are very useful for setting 
+		up pseudo home directories for users.</para>
+
+		<para>Note that this path will be based on <link linkend="ROOTDIR">
+		<parameter>root dir</parameter></link> if one was specified.</para>
+
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>path = /home/fred</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="PIDDIRECTORY">pid directory (G)</term>
+		<listitem><para>This option specifies the directory where pid 
+		files will be placed.  </para>
+
+		<para>Default: <command>pid directory = ${prefix}/var/locks</command></para>
+		<para>Example: <command>pid directory = /var/run/</command>
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="POSIXLOCKING">posix locking (S)</term>
+		<listitem><para>The <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>
+		daemon maintains an database of file locks obtained by SMB clients.
+		The default behavior is to map this internal database to POSIX
+		locks.  This means that file locks obtained by SMB clients are 
+		consistent with those seen by POSIX compliant applications accessing 
+		the files via a non-SMB method (e.g. NFS or local file access).  
+		You should never need to disable this parameter.</para>
+		
+		<para>Default: <command>posix locking = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="POSTEXEC">postexec (S)</term>
+		<listitem><para>This option specifies a command to be run 
+		whenever the service is disconnected. It takes the usual 
+		substitutions. The command may be run as the root on some 
+		systems.</para>
+
+		<para>An interesting example may be to unmount server 
+		resources:</para>
+
+		<para><command>postexec = /etc/umount /cdrom</command></para>
+
+		<para>See also <link linkend="PREEXEC"><parameter>preexec</parameter>
+		</link>.</para>
+
+		<para>Default: <emphasis>none (no command executed)</emphasis>
+		</para>
+
+		<para>Example: <command>postexec = echo \"%u disconnected from %S 
+		from %m (%I)\" &gt;&gt; /tmp/log</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="POSTSCRIPT">postscript (S)</term>
+		<listitem><para>This parameter forces a printer to interpret 
+		the print files as PostScript. This is done by adding a <constant>%!
+		</constant> to the start of print output.</para>
+
+		<para>This is most useful when you have lots of PCs that persist 
+		in putting a control-D at the start of print jobs, which then 
+		confuses your printer.</para>
+
+		<para>Default: <command>postscript = no</command></para>
+		</listitem>
+		</varlistentry>
+	
+	
+	
+		<varlistentry>
+		<term><anchor id="PREEXEC">preexec (S)</term>
+		<listitem><para>This option specifies a command to be run whenever 
+		the service is connected to. It takes the usual substitutions.</para>
+
+		<para>An interesting example is to send the users a welcome 
+		message every time they log in. Maybe a message of the day? Here 
+		is an example:</para>
+
+		<para><command>preexec = csh -c 'echo \"Welcome to %S!\" |
+		 /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para>
+
+		<para>Of course, this could get annoying after a while :-)</para>
+
+		<para>See also <link linkend="PREEXECCLOSE"><parameter>preexec close
+		</parameter</link> and <link linkend="POSTEXEC"><parameter>postexec
+		</parameter></link>.</para>
+
+		<para>Default: <emphasis>none (no command executed)</emphasis></para>
+		<para>Example: <command>preexec = echo \"%u connected to %S from %m
+		(%I)\" &gt;&gt; /tmp/log</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PREEXECCLOSE">preexec close (S)</term>
+		<listitem><para>This boolean option controls whether a non-zero 
+		return code from <link linkend="PREEXEC"><parameter>preexec
+		</parameter></link> should close the service being connected to.</para>
+
+		<para>Default: <command>preexec close = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="PREFERREDMASTER">preferred master (G)</term>
+		<listitem><para>This boolean parameter controls if <ulink 
+		url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser 
+		for its workgroup.</para>
+
+		<para>If this is set to <constant>yes</constant>, on startup, <command>nmbd</command> 
+		will force an election, and it will have a slight advantage in 
+		winning the election.  It is recommended that this parameter is 
+		used in conjunction with <command><link linkend="DOMAINMASTER"><parameter>
+		domain master</parameter></link> = yes</command>, so that <command>
+		nmbd</command> can guarantee becoming a domain master.</para>
+		
+		<para>Use this option with caution, because if there are several 
+		hosts (whether Samba servers, Windows 95 or NT) that are preferred 
+		master browsers on the same subnet, they will each periodically 
+		and continuously attempt to become the local master browser.  
+		This will result in unnecessary broadcast traffic and reduced browsing
+		capabilities.</para>
+
+		<para>See also <link linkend="OSLEVEL"><parameter>os level</parameter>
+		</link>.</para>
+
+		<para>Default: <command>preferred master = auto</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PREFEREDMASTER">prefered master (G)</term>
+		<listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter>
+		preferred master</parameter></link> for people who cannot spell :-).</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PRELOAD">preload</term>
+		<listitem><para>This is a list of services that you want to be 
+		automatically added to the browse lists. This is most useful 
+		for homes and printers services that would otherwise not be 
+		visible.</para>
+
+		<para>Note that if you just want all printers in your 
+		printcap file loaded then the <link linkend="LOADPRINTERS">
+		<parameter>load printers</parameter></link> option is easier.</para>
+
+		<para>Default: <emphasis>no preloaded services</emphasis></para>
+		
+		<para>Example: <command>preload = fred lp colorlp</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="PRESERVECASE">preserve case (S)</term>
+		<listitem><para> This controls if new filenames are created
+		with the case that the client passes, or if they are forced to 
+		be the <link linkend="DEFAULTCASE"><parameter>default case
+		</parameter></link>.</para>
+
+		<para>Default: <command>preserve case = yes</command></para>
+
+		<para>See the section on <link linkend="NAMEMANGLINGSECT">NAME 
+		MANGLING</link> for a fuller discussion.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTCOMMAND">print command (S)</term>
+		<listitem><para>After a print job has finished spooling to 
+		a service, this command will be used via a <command>system()</command> 
+		call to process the spool file. Typically the command specified will 
+		submit the spool file to the host's printing subsystem, but there 
+ 		is no requirement that this be the case. The server will not remove 
+		the spool file, so whatever command you specify should remove the 
+		spool file when it has been processed, otherwise you will need to 
+		manually remove old spool files.</para>
+		
+		<para>The print command is simply a text string. It will be used 
+		verbatim after macro substitutions have been made:</para>
+
+		<para>s, %p - the path to the spool
+		file name</para>
+
+		<para>%p - the appropriate printer 
+		name</para>
+
+		<para>%J - the job 
+		name as transmitted by the client.</para>
+
+		<para>%c - The number of printed pages
+		of the spooled job (if known).</para>
+
+		<para>%z - the size of the spooled
+		print job (in bytes)</para>
+
+		<para>The print command <emphasis>MUST</emphasis> contain at least 
+		one occurrence of <parameter>%s</parameter> or <parameter>%f
+		</parameter> - the <parameter>%p</parameter> is optional. At the time 
+		a job is submitted, if no printer name is supplied the <parameter>%p
+		</parameter> will be silently removed from the printer command.</para>
+
+		<para>If specified in the [global] section, the print command given 
+		will be used for any printable service that does not have its own 
+		print command specified.</para>
+
+		<para>If there is neither a specified print command for a 
+		printable service nor a global print command, spool files will 
+		be created but not processed and (most importantly) not removed.</para>
+
+		<para>Note that printing may fail on some UNIXes from the 
+		<constant>nobody</constant> account. If this happens then create 
+		an alternative guest account that can print and set the <link
+		linkend="GUESTACCOUNT"><parameter>guest account</parameter></link> 
+		in the [global] section.</para>
+
+		<para>You can form quite complex print commands by realizing 
+		that they are just passed to a shell. For example the following 
+		will log a print job, print the file, then remove it. Note that 
+		';' is the usual separator for command in shell scripts.</para>
+
+		<para><command>print command = echo Printing %s &gt;&gt; 
+		/tmp/print.log; lpr -P %p %s; rm %s</command></para>
+
+		<para>You may have to vary this command considerably depending 
+		on how you normally print files on your system. The default for 
+		the parameter varies depending on the setting of the <link linkend="PRINTING">
+		<parameter>printing</parameter></link> parameter.</para>
+
+		<para>Default: For <command>printing = BSD, AIX, QNX, LPRNG 
+		or PLP :</command></para>
+		<para><command>print command = lpr -r -P%p %s</command></para>
+
+		<para>For <command>printing = SYSV or HPUX :</command></para>
+		<para><command>print command = lp -c -d%p %s; rm %s</command></para>
+
+		<para>For <command>printing = SOFTQ :</command></para>
+		<para><command>print command = lp -d%p -s %s; rm %s</command></para>
+
+		<para>For printing = CUPS :   If SAMBA is compiled against
+		libcups, then <link linkend="PRINTING">printcap = cups</link> 
+		uses the CUPS API to
+		submit jobs, etc.  Otherwise it maps to the System V
+		commands with the -oraw option for printing, i.e. it
+		uses <command>lp -c -d%p -oraw; rm %s</command>.   
+		With <command>printing = cups</command>,
+		and if SAMBA is compiled against libcups, any manually 
+		set print command will be ignored.</para>
+
+
+		<para>Example: <command>print command = /usr/local/samba/bin/myprintscript
+		%p %s</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+
+		<varlistentry>
+		<term><anchor id="PRINTOK">print ok (S)</term>
+		<listitem><para>Synonym for <link linkend="PRINTABLE">
+		<parameter>printable</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTABLE">printable (S)</term>
+		<listitem><para>If this parameter is <constant>yes</constant>, then 
+		clients may open, write to and submit spool files on the directory 
+		specified for the service. </para>
+		
+		<para>Note that a printable service will ALWAYS allow writing 
+		to the service path (user privileges permitting) via the spooling 
+		of print data. The <link linkend="READONLY"><parameter>read only
+		</parameter></link> parameter controls only non-printing access to 
+		the resource.</para>
+
+		<para>Default: <command>printable = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTCAP">printcap (G)</term>
+		<listitem><para>Synonym for 	<link linkend="PRINTCAPNAME"><parameter>
+		printcap name</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTCAPNAME">printcap name (G)</term>
+		<listitem><para>This parameter may be used to override the 
+		compiled-in default printcap name used by the server (usually <filename>
+		/etc/printcap</filename>). See the discussion of the <link
+		linkend="PRINTERSSECT">[printers]</link> section above for reasons 
+		why you might want to do this.</para>
+
+		<para>To use the CUPS printing interface set <command>printcap name = cups
+		</command>. This should be supplemented by an addtional setting 
+		<link linkend="PRINTING">printing = cups</link> in the [global] 
+		section.  <command>printcap name = cups</command> will use the  
+		"dummy" printcap created by CUPS, as specified in your CUPS
+		configuration file.
+		</para>
+
+		<para>On System V systems that use <command>lpstat</command> to 
+		list available printers you can use <command>printcap name = lpstat
+		</command> to automatically obtain lists of available printers. This 
+		is the default for systems that define SYSV at configure time in 
+		Samba (this includes most System V based systems). If <parameter>
+		printcap name</parameter> is set to <command>lpstat</command> on 
+		these systems then Samba will launch <command>lpstat -v</command> and 
+		attempt to parse the output to obtain a printer list.</para>
+
+		<para>A minimal printcap file would look something like this:</para>
+
+		<para><programlisting>
+		print1|My Printer 1
+		print2|My Printer 2
+		print3|My Printer 3
+		print4|My Printer 4
+		print5|My Printer 5
+		</programlisting></para>
+	
+		<para>where the '|' separates aliases of a printer. The fact 
+		that the second alias has a space in it gives a hint to Samba 
+		that it's a comment.</para>
+
+		<para><emphasis>NOTE</emphasis>: Under AIX the default printcap 
+		name is <filename>/etc/qconfig</filename>. Samba will assume the 
+		file is in AIX <filename>qconfig</filename> format if the string
+		<filename>qconfig</filename> appears in the printcap filename.</para>
+
+		<para>Default: <command>printcap name = /etc/printcap</command></para>
+		<para>Example: <command>printcap name = /etc/myprintcap</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTERADMIN">printer admin (S)</term>
+		<listitem><para>This is a list of users that can do anything to 
+		printers via the remote administration interfaces offered by MS-RPC 
+		(usually using a NT workstation). Note that the root user always 
+		has admin rights.</para>
+
+		<para>Default: <command>printer admin = &lt;empty string&gt;</command>
+		</para>
+		<para>Example: <command>printer admin = admin, @staff</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		
+		<varlistentry>
+		<term><anchor id="PRINTERDRIVER">printer driver (S)</term>
+		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
+		parameter and will be removed in the next major release
+		following version 2.2.  Please see the instructions in
+		the <ulink url="printer_driver2.html">Samba 2.2. Printing
+		HOWTO</ulink> for more information
+		on the new method of loading printer drivers onto a Samba server.
+		</para>
+		
+		<para>This option allows you to control the string 
+		that clients receive when they ask the server for the printer driver 
+		associated with a printer. If you are using Windows95 or Windows NT 
+		then you can use this to automate the setup of printers on your 
+		system.</para>
+
+		<para>You need to set this parameter to the exact string (case 
+		sensitive) that describes the appropriate printer driver for your 
+		system. If you don't know the exact string to use then you should 
+		first try with no <link linkend="PRINTERDRIVER"><parameter>
+		printer driver</parameter></link> option set and the client will 
+		give you a list of printer drivers. The appropriate strings are 
+		shown in a scroll box after you have chosen the printer manufacturer.</para>
+
+		<para>See also <link linkend="PRINTERDRIVERFILE"><parameter>printer
+		driver file</parameter></link>.</para>
+
+		<para>Example: <command>printer driver = HP LaserJet 4L</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTERDRIVERFILE">printer driver file (G)</term>
+		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
+		parameter and will be removed in the next major release
+		following version 2.2.  Please see the instructions in
+		the <ulink url="printer_driver2.html">Samba 2.2. Printing
+		HOWTO</ulink> for more information
+		on the new method of loading printer drivers onto a Samba server.
+		</para>
+
+		<para>This parameter tells Samba where the printer driver 
+		definition file, used when serving drivers to Windows 95 clients, is 
+		to be found. If this is not set, the default is :</para>
+
+		<para><filename><replaceable>SAMBA_INSTALL_DIRECTORY</replaceable>
+		/lib/printers.def</filename></para>
+
+		<para>This file is created from Windows 95 <filename>msprint.inf
+		</filename> files found on the Windows 95 client system. For more 
+		details on setting up serving of printer drivers to Windows 95 
+		clients, see the outdated documentation file in the <filename>docs/</filename> 
+		directory, <filename>PRINTER_DRIVER.txt</filename>.</para>
+
+		<para>See also <link linkend="PRINTERDRIVERLOCATION"><parameter>
+		printer driver location</parameter></link>.</para>
+		
+		<para>Default: <emphasis>None (set in compile).</emphasis></para>
+
+		<para>Example: <command>printer driver file = 
+		/usr/local/samba/printers/drivers.def</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTERDRIVERLOCATION">printer driver location (S)</term>
+		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
+		parameter and will be removed in the next major release
+		following version 2.2.  Please see the instructions in
+		the <ulink url="printer_driver2.html">Samba 2.2. Printing
+		HOWTO</ulink> for more information
+		on the new method of loading printer drivers onto a Samba server.
+		</para>
+
+		<para>This parameter tells clients of a particular printer 
+		share where to find the printer driver files for the automatic 
+		installation of drivers for Windows 95 machines. If Samba is set up 
+		to serve printer drivers to Windows 95 machines, this should be set to</para>
+
+		<para><command>\\MACHINE\PRINTER$</command></para>
+
+		<para>Where MACHINE is the NetBIOS name of your Samba server, 
+		and PRINTER$ is a share you set up for serving printer driver 
+		files. For more details on setting this up see the outdated documentation 
+		file in the <filename>docs/</filename> directory, <filename>
+		PRINTER_DRIVER.txt</filename>.</para>
+
+		<para>See also <link linkend="PRINTERDRIVERFILE"><parameter>
+		printer driver file</parameter></link>.</para>
+
+		<para>Default: <command>none</command></para>
+		<para>Example: <command>printer driver location = \\MACHINE\PRINTER$
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTERNAME">printer name (S)</term>
+		<listitem><para>This parameter specifies the name of the printer 
+		to which print jobs spooled through a printable service will be sent.</para>
+
+		<para>If specified in the [global] section, the printer
+		name given will be used for any printable service that does 
+		not have its own printer name specified.</para>
+
+		<para>Default: <emphasis>none (but may be <constant>lp</constant> 
+		on many systems)</emphasis></para>
+
+		<para>Example: <command>printer name = laserwriter</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="PRINTER">printer (S)</term>
+		<listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter>
+		printer name</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="PRINTING">printing (S)</term>
+		<listitem><para>This parameters controls how printer status 
+		information is interpreted on your system. It also affects the 
+		default values for the <parameter>print command</parameter>, 
+		<parameter>lpq command</parameter>, <parameter>lppause command
+		</parameter>, <parameter>lpresume command</parameter>, and 
+		<parameter>lprm command</parameter> if specified in the 
+		[global] section.</para>
+
+		<para>Currently nine printing styles are supported. They are
+		<constant>BSD</constant>, <constant>AIX</constant>, 
+		<constant>LPRNG</constant>, <constant>PLP</constant>,
+		<constant>SYSV</constant>, <constant>HPUX</constant>,
+		<constant>QNX</constant>, <constant>SOFTQ</constant>,
+		and <constant>CUPS</constant>.</para>
+
+		<para>To see what the defaults are for the other print 
+		commands when using the various options use the <ulink 
+		url="testparm.1.html">testparm(1)</ulink> program.</para>
+
+		<para>This option can be set on a per printer basis</para>
+
+		<para>See also the discussion in the <link linkend="PRINTERSSECT">
+		[printers]</link> section.</para>
+		</listitem>
+		</varlistentry>
+		
+
+
+				
+		<varlistentry>
+		<term><anchor id="PROFILEACLS">profile acls (S)</term>
+		<listitem><para>
+		This boolean parameter was added to fix the problems that people have been
+		having with storing user profiles on Samba shares from Windows 2000 or
+		Windows XP clients. New versions of Windows 2000 or Windows XP service
+		packs do security ACL checking on the owner and ability to write of the
+		profile directory stored on a local workstation when copied from a Samba
+		share. When not in domain mode with winbindd then the security info copied
+		onto the local workstation has no meaning to the logged in user (SID) on
+		that workstation so the profile storing fails. Adding this parameter
+		onto a share used for profile storage changes two things about the
+		returned Windows ACL. Firstly it changes the owner and group owner
+		of all reported files and directories to be BUILTIN\Administrators,
+		BUILTIN\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
+		it adds an ACE entry of "Full Control" to the SID BUILTIN\Users to
+		every returned ACL. This will allow any Windows 2000 or XP workstation
+		user to access the profile. Note that if you have multiple users logging
+		on to a workstation then in order to prevent them from being able to access
+		each others profiles you must remove the "Bypass traverse checking" advanced
+		user right. This will prevent access to other users profile directories as
+		the top level profile directory (named after the user) is created by the
+		workstation profile code and has an ACL restricting entry to the directory
+		tree to the owning user.</para>
+		<para>If you didn't understand the above text, you probably should not set
+		this parameter :-).</para>
+		<para>Default <command>profile acls = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		
+		
+		<varlistentry>
+		<term><anchor id="PROTOCOL">protocol (G)</term>
+		<listitem><para>Synonym for <link linkend="MAXPROTOCOL">
+		<parameter>max protocol</parameter></link>.</para></listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="PUBLIC">public (S)</term>
+		<listitem><para>Synonym for <link linkend="GUESTOK"><parameter>guest 
+		ok</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="QUEUEPAUSECOMMAND">queuepause command (S)</term>
+		<listitem><para>This parameter specifies the command to be 
+		executed on the server host in order to pause the printer queue.</para>
+
+		<para>This command should be a program or script which takes 
+		a printer name as its only parameter and stops the printer queue, 
+		such that no longer jobs are submitted to the printer.</para>
+
+		<para>This command is not supported by Windows for Workgroups, 
+		but can be issued from the Printers window under Windows 95 
+		and NT.</para>
+		
+		<para>If a <parameter>%p</parameter> is given then the printer name 
+		is put in its place. Otherwise it is placed at the end of the command.
+		</para>
+
+		<para>Note that it is good practice to include the absolute 
+		path in the command as the PATH may not be available to the 
+		server.</para>
+
+		<para>Default: <emphasis>depends on the setting of <parameter>printing
+		</parameter></emphasis></para>
+		<para>Example: <command>queuepause command = disable %p</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="QUEUERESUMECOMMAND">queueresume command (S)</term>
+		<listitem><para>This parameter specifies the command to be 
+		executed on the server host in order to resume the printer queue. It 
+ 		is the command to undo the behavior that is caused by the 
+		previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter>
+		queuepause command</parameter></link>).</para>
+ 
+		<para>This command should be a program or script which takes 
+		a printer name as its only parameter and resumes the printer queue, 
+		such that queued jobs are resubmitted to the printer.</para>
+
+		<para>This command is not supported by Windows for Workgroups, 
+		but can be issued from the Printers window under Windows 95 
+		and NT.</para>
+
+		<para>If a <parameter>%p</parameter> is given then the printer name 
+		is put in its place. Otherwise it is placed at the end of the 
+		command.</para>
+
+		<para>Note that it is good practice to include the absolute 
+		path in the command as the PATH may not be available to the 
+		server.</para>
+
+		<para>Default: <emphasis>depends on the setting of <link
+		linkend="PRINTING"><parameter>printing</parameter></link></emphasis>
+		</para>
+
+		<para>Example: <command>queuepause command = enable %p
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="READBMPX">read bmpx (G)</term>
+		<listitem><para>This boolean parameter controls whether <ulink 
+		url="smbd.8.html">smbd(8)</ulink> will support the "Read 
+		Block Multiplex" SMB. This is now rarely used and defaults to 
+		<constant>no</constant>. You should never need to set this 
+		parameter.</para>
+		
+		<para>Default: <command>read bmpx = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="READLIST">read list (S)</term>
+		<listitem><para>This is a list of users that are given read-only 
+		access to a service. If the connecting user is in this list then 
+		they will not be given write access, no matter what the <link 
+		linkend="READONLY"><parameter>read only</parameter></link>
+		option is set to. The list can include group names using the 
+		syntax described in the <link linkend="INVALIDUSERS"><parameter>
+		invalid users</parameter></link> parameter.</para>
+
+		<para>See also the <link linkend="WRITELIST"><parameter>
+		write list</parameter></link> parameter and the <link 
+		linkend="INVALIDUSERS"><parameter>invalid users</parameter>
+		</link> parameter.</para>
+
+		<para>Default: <command>read list = &lt;empty string&gt;</command></para>
+		<para>Example: <command>read list = mary, @students</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="READONLY">read only (S)</term>
+		<listitem><para>An inverted synonym is <link linkend="WRITEABLE">
+		<parameter>writeable</parameter></link>.</para>
+
+		<para>If this parameter is <constant>yes</constant>, then users 
+		of a service may not create or modify files in the service's 
+		directory.</para>
+
+		<para>Note that a printable service (<command>printable = yes</command>)
+		will <emphasis>ALWAYS</emphasis> allow writing to the directory 
+		(user privileges permitting), but only via spooling operations.</para>
+
+		<para>Default: <command>read only = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="READRAW">read raw (G)</term>
+		<listitem><para>This parameter controls whether or not the server 
+		will support the raw read SMB requests when transferring data 
+		to clients.</para>
+
+		<para>If enabled, raw reads allow reads of 65535 bytes in 
+		one packet. This typically provides a major performance benefit.
+		</para>
+
+		<para>However, some clients either negotiate the allowable 
+		block size incorrectly or are incapable of supporting larger block 
+		sizes, and for these clients you may need to disable raw reads.</para>
+
+		<para>In general this parameter should be viewed as a system tuning 
+		tool and left severely alone. See also <link linkend="WRITERAW">
+		<parameter>write raw</parameter></link>.</para>
+
+		<para>Default: <command>read raw = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="READSIZE">read size (G)</term>
+		<listitem><para>The option <parameter>read size</parameter> 
+		affects the overlap of disk reads/writes with network reads/writes. 
+		If the amount of data being transferred in several of the SMB 
+		commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger 
+		than this value then the server begins writing the data before it 
+		has received the whole packet from the network, or in the case of 
+		SMBreadbraw, it begins writing to the network before all the data 
+		has been read from disk.</para>
+
+		<para>This overlapping works best when the speeds of disk and 
+		network access are similar, having very little effect when the 
+		speed of one is much greater than the other.</para>
+
+		<para>The default value is 16384, but very little experimentation 
+		has been done yet to determine the optimal value, and it is likely 
+		that the best value will vary greatly between systems anyway. 
+		A value over 65536 is pointless and will cause you to allocate 
+		memory unnecessarily.</para>
+
+		<para>Default: <command>read size = 16384</command></para>
+		<para>Example: <command>read size = 8192</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="REMOTEANNOUNCE">remote announce (G)</term>
+		<listitem><para>This option allows you to setup <ulink 
+		url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself 
+		to arbitrary IP addresses with an arbitrary workgroup name.</para>
+
+		<para>This is useful if you want your Samba server to appear 
+		in a remote workgroup for which the normal browse propagation 
+		rules don't work. The remote workgroup can be anywhere that you 
+		can send IP packets to.</para>
+
+		<para>For example:</para>
+
+		<para><command>remote announce = 192.168.2.255/SERVERS 
+		192.168.4.255/STAFF</command></para>
+
+		<para>the above line would cause <command>nmbd</command> to announce itself 
+		to the two given IP addresses using the given workgroup names. 
+		If you leave out the workgroup name then the one given in 
+		the <link linkend="WORKGROUP"><parameter>workgroup</parameter></link> 
+		parameter is used instead.</para>
+
+		<para>The IP addresses you choose would normally be the broadcast 
+		addresses of the remote networks, but can also be the IP addresses 
+		of known browse masters if your network config is that stable.</para>
+
+		<para>See the documentation file <filename>BROWSING.txt</filename> 
+		in the <filename>docs/</filename> directory.</para>
+		
+		<para>Default: <command>remote announce = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="REMOTEBROWSESYNC">remote browse sync (G)</term>
+		<listitem><para>This option allows you to setup <ulink 
+		url="nmbd.8.html">nmbd(8)</ulink> to periodically request 
+		synchronization of browse lists with the master browser of a Samba 
+		server that is on a remote segment. This option will allow you to 
+		gain browse lists for multiple workgroups across routed networks. This 
+		is done in a manner that does not work with any non-Samba servers.</para>
+
+		<para>This is useful if you want your Samba server and all local 
+		clients to appear in a remote workgroup for which the normal browse 
+		propagation rules don't work. The remote workgroup can be anywhere 
+		that you can send IP packets to.</para>
+
+		<para>For example:</para>
+		
+		<para><command>remote browse sync = 192.168.2.255 192.168.4.255
+		</command></para>
+
+		<para>the above line would cause <command>nmbd</command> to request 
+		the master browser on the specified subnets or addresses to 
+		synchronize their browse lists with the local server.</para>
+
+		<para>The IP addresses you choose would normally be the broadcast 
+		addresses of the remote networks, but can also be the IP addresses 
+		of known browse masters if your network config is that stable. If 
+		a machine IP address is given Samba makes NO attempt to validate 
+		that the remote machine is available, is listening, nor that it 
+		is in fact the browse master on its segment.</para>
+
+		<para>Default: <command>remote browse sync = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term>
+		<listitem><para>This is a boolean parameter.  If it is <constant>yes</constant>, then 
+		anonymous access to the server will be restricted, namely in the 
+		case where the server is expecting the client to send a username, 
+		but it doesn't.  Setting it to <constant>yes</constant> will force these anonymous 
+ 		connections to be denied, and the client will be required to always 
+		supply a username and password when connecting. Use of this parameter 
+		is only recommended for homogeneous NT client environments.</para>
+
+		<para>This parameter makes the use of macro expansions that rely
+		on the username (%U, %G, etc) consistent.  NT 4.0 
+		likes to use anonymous connections when refreshing the share list, 
+		and this is a way to work around that.</para>
+
+		<para>When restrict anonymous is <constant>yes</constant>, all anonymous connections 
+		are denied no matter what they are for.  This can effect the ability 
+		of a machine to access the Samba Primary Domain Controller to revalidate 
+		its machine account after someone else has logged on the client 
+		interactively.  The NT client will display a message saying that 
+		the machine's account in  the domain doesn't exist or the password is 
+		bad.  The best way to deal  with this is to reboot NT client machines 
+		between interactive logons,  using "Shutdown and Restart", rather 
+		than "Close all programs and logon as a different user".</para>
+
+		<para>Default: <command>restrict anonymous = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="ROOT">root (G)</term>
+		<listitem><para>Synonym for <link linkend="ROOTDIRECTORY">
+		<parameter>root directory"</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="ROOTDIR">root dir (G)</term>
+		<listitem><para>Synonym for <link linkend="ROOTDIRECTORY">
+		<parameter>root directory"</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="ROOTDIRECTORY">root directory (G)</term>
+		<listitem><para>The server will <command>chroot()</command> (i.e. 
+		Change its root directory) to this directory on startup. This is 
+		not strictly necessary for secure operation. Even without it the 
+		server will deny access to files not in one of the service entries. 
+		It may also check for, and deny access to, soft links to other 
+		parts of the filesystem, or attempts to use ".." in file names 
+		to access other directories (depending on the setting of the <link
+		linkend="WIDELINKS"><parameter>wide links</parameter></link> 
+		parameter).</para>
+
+		<para>Adding a <parameter>root directory</parameter> entry other 
+		than "/" adds an extra level of security, but at a price. It 
+		absolutely ensures that no access is given to files not in the 
+		sub-tree specified in the <parameter>root directory</parameter> 
+		option, <emphasis>including</emphasis> some files needed for 
+		complete operation of the server. To maintain full operability 
+		of the server you will need to mirror some system files 
+		into the <parameter>root directory</parameter> tree. In particular 
+		you will need to mirror <filename>/etc/passwd</filename> (or a 
+		subset of it), and any binaries or configuration files needed for 
+		printing (if required). The set of files that must be mirrored is
+		operating system dependent.</para>
+
+		<para>Default: <command>root directory = /</command></para>
+		<para>Example: <command>root directory = /homes/smb</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="ROOTPOSTEXEC">root postexec (S)</term>
+		<listitem><para>This is the same as the <parameter>postexec</parameter>
+		parameter except that the command is run as root. This 
+		is useful for unmounting filesystems 
+		(such as CDROMs) after a connection is closed.</para>
+
+		<para>See also <link linkend="POSTEXEC"><parameter>
+		postexec</parameter></link>.</para>
+
+		<para>Default: <command>root postexec = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><anchor id="ROOTPREEXEC">root preexec (S)</term>
+		<listitem><para>This is the same as the <parameter>preexec</parameter>
+		parameter except that the command is run as root. This 
+		is useful for mounting filesystems (such as CDROMs) when a 
+		connection is opened.</para>
+
+		<para>See also <link linkend="PREEXEC"><parameter>
+		preexec</parameter></link> and <link linkend="PREEXECCLOSE">
+		<parameter>preexec close</parameter></link>.</para>
+		
+		<para>Default: <command>root preexec = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="ROOTPREEXECCLOSE">root preexec close (S)</term>
+		<listitem><para>This is the same as the <parameter>preexec close
+		</parameter> parameter except that the command is run as root.</para>
+
+		<para>See also <link linkend="PREEXEC"><parameter>
+		preexec</parameter></link> and <link linkend="PREEXECCLOSE">
+		<parameter>preexec close</parameter></link>.</para>
+
+		<para>Default: <command>root preexec close = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SECURITY">security (G)</term>
+		<listitem><para>This option affects how clients respond to 
+		Samba and is one of the most important settings in the <filename>
+		smb.conf</filename> file.</para>
+
+		<para>The option sets the "security mode bit" in replies to 
+		protocol negotiations with <ulink url="smbd.8.html">smbd(8)
+		</ulink> to turn share level security on or off. Clients decide 
+		based on this bit whether (and how) to transfer user and password 
+		information to the server.</para>
+
+
+		<para>The default is <command>security = user</command>, as this is
+		the most common setting needed when talking to Windows 98 and 
+		Windows NT.</para>
+
+		<para>The alternatives are <command>security = share</command>,
+		<command>security = server</command> or <command>security = domain
+		</command>.</para>
+
+		<para>In versions of Samba prior to 2.0.0, the default was 
+		<command>security = share</command> mainly because that was
+		the only option at one stage.</para>
+
+		<para>There is a bug in WfWg that has relevance to this 
+		setting. When in user or server level security a WfWg client 
+		will totally ignore the password you type in the "connect 
+		drive" dialog box. This makes it very difficult (if not impossible) 
+		to connect to a Samba service as anyone except the user that 
+		you are logged into WfWg as.</para>
+
+		<para>If your PCs use usernames that are the same as their 
+		usernames on the UNIX machine then you will want to use 
+ 		<command>security = user</command>. If you mostly use usernames 
+		that don't exist on the UNIX box then use <command>security = 
+		share</command>.</para>
+
+		<para>You should also use <command>security = share</command> if you 
+		want to mainly setup shares without a password (guest shares). This 
+		is commonly used for a shared printer server. It is more difficult 
+		to setup guest shares with <command>security = user</command>, see 
+		the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter>
+		</link>parameter for details.</para>
+		
+		<para>It is possible to use <command>smbd</command> in a <emphasis>
+		hybrid mode</emphasis> where it is offers both user and share 
+		level security under different <link linkend="NETBIOSALIASES">
+		<parameter>NetBIOS aliases</parameter></link>. </para>
+
+		<para>The different settings will now be explained.</para>
+
+
+		<para><anchor id="SECURITYEQUALSSHARE"><emphasis>SECURITY = SHARE
+		</emphasis></para> 
+		
+		<para>When clients connect to a share level security server they 
+		need not log onto the server with a valid username and password before 
+		attempting to connect to a shared resource (although modern clients 
+		such as Windows 95/98 and Windows NT will send a logon request with 
+		a username but no password when talking to a <command>security = share
+		</command> server). Instead, the clients send authentication information 
+		(passwords) on a per-share basis, at the time they attempt to connect 
+		to that share.</para>
+
+		<para>Note that <command>smbd</command> <emphasis>ALWAYS</emphasis> 
+		uses a valid UNIX user to act on behalf of the client, even in
+		<command>security = share</command> level security.</para>
+
+		<para>As clients are not required to send a username to the server
+		in share level security, <command>smbd</command> uses several
+		techniques to determine the correct UNIX user to use on behalf
+		of the client.</para>
+
+		<para>A list of possible UNIX usernames to match with the given
+		client password is constructed using the following methods :</para>
+
+		<itemizedlist>
+			<listitem><para>If the <link linkend="GUESTONLY"><parameter>guest 
+			only</parameter></link> parameter is set, then all the other 
+			stages are missed and only the <link linkend="GUESTACCOUNT">
+			<parameter>guest account</parameter></link> username is checked.
+			</para></listitem>
+
+			<listitem><para>Is a username is sent with the share connection 
+			request, then this username (after mapping - see <link 
+			linkend="USERNAMEMAP"><parameter>username map</parameter></link>), 
+			is added as a potential username.</para></listitem>
+
+			<listitem><para>If the client did a previous <emphasis>logon
+			</emphasis> request (the SessionSetup SMB call) then the 
+			username sent in this SMB will be added as a potential username.
+			</para></listitem>
+
+			<listitem><para>The name of the service the client requested is 
+			added as a potential username.</para></listitem>
+
+			<listitem><para>The NetBIOS name of the client is added to 
+			the list as a potential username.</para></listitem>
+
+			<listitem><para>Any users on the <link linkend="USER"><parameter>
+			user</parameter></link> list are added as potential usernames.
+			</para></listitem>
+		</itemizedlist>
+
+		<para>If the <parameter>guest only</parameter> parameter is 
+		not set, then this list is then tried with the supplied password. 
+		The first user for whom the password matches will be used as the 
+		UNIX user.</para>
+
+		<para>If the <parameter>guest only</parameter> parameter is 
+		set, or no username can be determined then if the share is marked 
+		as available to the <parameter>guest account</parameter>, then this 
+		guest user will be used, otherwise access is denied.</para>
+
+		<para>Note that it can be <emphasis>very</emphasis> confusing 
+		in share-level security as to which UNIX username will eventually
+		be used in granting access.</para>
+
+		<para>See also the section <link linkend="VALIDATIONSECT">
+		NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+		<para><anchor id="SECURITYEQUALSUSER"><emphasis>SECURITY = USER
+		</emphasis></para>
+
+		<para>This is the default security setting in Samba 2.2. 
+		With user-level security a client must first "log-on" with a 
+		valid username and password (which can be mapped using the <link
+		linkend="USERNAMEMAP"><parameter>username map</parameter></link> 
+		parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS">
+		<parameter>encrypted passwords</parameter></link> parameter) can also
+		be used in this security mode. Parameters such as <link linkend="USER">
+		<parameter>user</parameter></link> and <link linkend="GUESTONLY">
+		<parameter>guest only</parameter></link> if set	are then applied and 
+		may change the UNIX user to use on this connection, but only after 
+		the user has been successfully authenticated.</para>
+
+		<para><emphasis>Note</emphasis> that the name of the resource being 
+		requested is <emphasis>not</emphasis> sent to the server until after 
+		the server has successfully authenticated the client. This is why 
+		guest shares don't work in user level security without allowing 
+		the server to automatically map unknown users into the <link
+		linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. 
+		See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter>
+		</link> parameter for details on doing this.</para>
+
+		<para>See also the section <link linkend="VALIDATIONSECT">
+		NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+		<para><anchor id="SECURITYEQUALSSERVER"><emphasis>SECURITY = SERVER
+		</emphasis></para>
+
+		<para>In this mode Samba will try to validate the username/password 
+		by passing it to another SMB server, such as an NT box. If this 
+		fails it will revert to <command>security = user</command>, but note 
+		that if encrypted passwords have been negotiated then Samba cannot 
+		revert back to checking the UNIX password file, it must have a valid 
+		<filename>smbpasswd</filename> file to check users against. See the 
+		documentation file in the <filename>docs/</filename> directory 
+		<filename>ENCRYPTION.txt</filename> for details on how to set this 
+		up.</para>
+
+		<para><emphasis>Note</emphasis> that from the client's point of 
+		view <command>security = server</command> is the same as <command>
+		security = user</command>.  It only affects how the server deals 
+		with the authentication, it does not in any way affect what the 
+		client sees.</para>
+
+		<para><emphasis>Note</emphasis> that the name of the resource being 
+		requested is <emphasis>not</emphasis> sent to the server until after 
+		the server has successfully authenticated the client. This is why 
+		guest shares don't work in user level security without allowing 
+		the server to automatically map unknown users into the <link
+		linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. 
+		See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter>
+		</link> parameter for details on doing this.</para>
+
+		<para>See also the section <link linkend="VALIDATIONSECT">
+		NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+		<para>See also the <link linkend="PASSWORDSERVER"><parameter>password 
+		server</parameter></link> parameter and the <link 
+		linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter>
+		</link> parameter.</para>
+		
+		<para><anchor id="SECURITYEQUALSDOMAIN"><emphasis>SECURITY = DOMAIN
+		</emphasis></para>
+
+		<para>This mode will only work correctly if <ulink 
+		url="smbpasswd.8.html">smbpasswd(8)</ulink> has been used to add this 
+		machine into a Windows NT Domain. It expects the <link 
+		linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter>
+		</link> parameter to be set to <constant>yes</constant>. In this 
+		mode Samba will try to validate the username/password by passing
+		it to a Windows NT Primary or Backup Domain Controller, in exactly 
+		the same way that a Windows NT Server would do.</para>
+
+		<para><emphasis>Note</emphasis> that a valid UNIX user must still 
+		exist as well as the account on the Domain Controller to allow 
+		Samba to have a valid UNIX account to map file access to.</para>
+
+		<para><emphasis>Note</emphasis> that from the client's point 
+		of view <command>security = domain</command> is the same as <command>security = user
+		</command>. It only affects how the server deals with the authentication, 
+		it does not in any way affect what the client sees.</para>
+
+		<para><emphasis>Note</emphasis> that the name of the resource being 
+		requested is <emphasis>not</emphasis> sent to the server until after 
+		the server has successfully authenticated the client. This is why 
+		guest shares don't work in user level security without allowing 
+		the server to automatically map unknown users into the <link
+		linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. 
+		See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter>
+		</link> parameter for details on doing this.</para>
+
+		<para><emphasis>BUG:</emphasis> There is currently a bug in the 
+		implementation of <command>security = domain</command> with respect 
+		to multi-byte character set usernames. The communication with a 
+		Domain Controller must be done in UNICODE and Samba currently 
+		does not widen multi-byte user names to UNICODE correctly, thus 
+		a multi-byte username will not be recognized correctly at the 
+		Domain Controller. This issue will be addressed in a future release.</para>
+
+		<para>See also the section <link linkend="VALIDATIONSECT">
+		NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+		<para>See also the <link linkend="PASSWORDSERVER"><parameter>password 
+		server</parameter></link> parameter and the <link 
+		linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter>
+		</link> parameter.</para>
+
+		<para>Default: <command>security = USER</command></para>
+		<para>Example: <command>security = DOMAIN</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SECURITYMASK">security mask (S)</term>
+		<listitem><para>This parameter controls what UNIX permission 
+		bits can be modified when a Windows NT client is manipulating 
+		the UNIX permission on a file using the native NT security 
+		dialog box.</para>
+
+		<para>This parameter is applied as a mask (AND'ed with) to 
+		the changed permission bits, thus preventing any bits not in 
+		this mask from being modified. Essentially, zero bits in this 
+		mask may be treated as a set of bits the user is not allowed 
+		to change.</para>
+
+		<para>If not set explicitly this parameter is 0777, allowing
+		a user to modify all the user/group/world permissions on a file.
+		</para>
+
+		<para><emphasis>Note</emphasis> that users who can access the 
+		Samba server through other means can easily bypass this 
+		restriction, so it is primarily useful for standalone 
+		"appliance" systems.  Administrators of most normal systems will 
+		probably want to leave it set to <constant>0777</constant>.</para>
+		
+		<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE">
+		<parameter>force directory security mode</parameter></link>, 
+		<link linkend="DIRECTORYSECURITYMASK"><parameter>directory 
+		security mask</parameter></link>, <link linkend="FORCESECURITYMODE">
+		<parameter>force security mode</parameter></link> parameters.</para>
+
+		<para>Default: <command>security mask = 0777</command></para>
+		<para>Example: <command>security mask = 0770</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SERVERSTRING">server string (G)</term>
+		<listitem><para>This controls what string will show up in the 
+		printer comment box in print manager and next to the IPC connection 
+		in <command>net view</command>. It can be any string that you wish 
+		to show to your users.</para>
+		
+		<para>It also sets what will appear in browse lists next 
+		to the machine name.</para>
+
+		<para>A <parameter>%v</parameter> will be replaced with the Samba 
+		version number.</para>
+
+		<para>A <parameter>%h</parameter> will be replaced with the 
+		hostname.</para>
+
+		<para>Default: <command>server string = Samba %v</command></para>
+
+		<para>Example: <command>server string = University of GNUs Samba 
+		Server</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SETDIRECTORY">set directory (S)</term>
+		<listitem><para>If <command>set directory = no</command>, then 
+		users of the service may not use the setdir command to change 
+		directory.</para>
+
+		<para>The <command>setdir</command> command is only implemented 
+		in the Digital Pathworks client. See the Pathworks documentation 
+		for details.</para>
+
+		<para>Default: <command>set directory = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SHAREMODES">share modes (S)</term>
+		<listitem><para>This enables or disables the honoring of 
+		the <parameter>share modes</parameter> during a file open. These 
+		modes are used by clients to gain exclusive read or write access 
+		to a file.</para>
+
+		<para>These open modes are not directly supported by UNIX, so
+		they are simulated using shared memory, or lock files if your 
+		UNIX doesn't support shared memory (almost all do).</para>
+
+		<para>The share modes that are enabled by this option are 
+		<constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>,
+		<constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>,
+		<constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>.
+		</para>
+
+		<para>This option gives full share compatibility and enabled 
+		by default.</para>
+
+		<para>You should <emphasis>NEVER</emphasis> turn this parameter 
+		off as many Windows applications will break if you do so.</para>
+
+		<para>Default: <command>share modes = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SHORTPRESERVECASE">short preserve case (S)</term>
+		<listitem><para>This boolean parameter controls if new files 
+		which conform to 8.3 syntax, that is all in upper case and of 
+		suitable length, are created upper case, or if they are forced 
+		to be the <link linkend="DEFAULTCASE"><parameter>default case
+		</parameter></link>. This  option can be use with <link 
+		linkend="PRESERVECASE"><command>preserve case = yes</command>
+		</link> to permit long filenames to retain their case, while short 
+		names are lowered. </para>
+		
+		<para>See the section on <link linkend="NAMEMANGLINGSECT">
+		NAME MANGLING</link>.</para>
+
+		<para>Default: <command>short preserve case = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SHOWADDPRINTERWIZARD">show add printer wizard (G)</term>
+		<listitem><para>With the introduction of MS-RPC based printing support
+		for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
+		appear on Samba hosts in the share listing.  Normally this folder will 
+		contain an icon for the MS Add Printer Wizard (APW).  However, it is 
+		possible to disable this feature regardless of the level of privilege 
+		of the connected user.</para>
+		
+		<para>Under normal circumstances, the Windows NT/2000 client will 
+		open a handle on the printer server with OpenPrinterEx() asking for
+		Administrator privileges.  If the user does not have administrative
+		access on the print server (i.e is not root or a member of the 
+		<parameter>printer admin</parameter> group), the OpenPrinterEx() 
+		call fails and the client makes another open call with a request for 
+		a lower privilege level.  This should succeed, however the APW 
+		icon will not be displayed.</para>
+		
+		<para>Disabling the <parameter>show add printer wizard</parameter>
+		parameter will always cause the OpenPrinterEx() on the server
+		to fail.  Thus the APW icon will never be displayed. <emphasis>
+		Note :</emphasis>This does not prevent the same user from having 
+		administrative privilege on an individual printer.</para>
+		
+		<para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>addprinter
+		command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND">
+		<parameter>deleteprinter command</parameter></link>, <link 
+		linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para>
+		
+		<para>Default :<command>show add printer wizard = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="SMBPASSWDFILE">smb passwd file (G)</term>
+		<listitem><para>This option sets the path to the encrypted 
+ 		smbpasswd file.  By default the path to the smbpasswd file 
+		is compiled into Samba.</para>
+		
+		<para>Default: <command>smb passwd file = ${prefix}/private/smbpasswd
+		</command></para>
+
+		<para>Example: <command>smb passwd file = /etc/samba/smbpasswd
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="SOCKETADDRESS">socket address (G)</term>
+		<listitem><para>This option allows you to control what 
+		address Samba will listen for connections on. This is used to 
+		support multiple virtual interfaces on the one server, each 
+		with a different configuration.</para>
+		
+		<para>By default Samba will accept connections on any 
+		address.</para>
+
+		<para>Example: <command>socket address = 192.168.2.20</command>
+		</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SOCKETOPTIONS">socket options (G)</term>
+		<listitem><para>This option allows you to set socket options 
+		to be used when talking with the client.</para>
+
+		<para>Socket options are controls on the networking layer 
+		of the operating systems which allow the connection to be 
+		tuned.</para>
+
+		<para>This option will typically be used to tune your Samba 
+		server for optimal performance for your local network. There is 
+		no way that Samba can know what the optimal parameters are for 
+		your net, so you must experiment and choose them yourself. We 
+		strongly suggest you read the appropriate documentation for your 
+		operating system first (perhaps <command>man setsockopt</command> 
+		will help).</para>
+
+		<para>You may find that on some systems Samba will say 
+		"Unknown socket option" when you supply an option. This means you 
+		either incorrectly  typed it or you need to add an include file 
+		to includes.h for your OS.  If the latter is the case please 
+		send the patch to <ulink url="mailto:samba@samba.org">
+		samba@samba.org</ulink>.</para>
+
+		<para>Any of the supported socket options may be combined 
+		in any way you like, as long as your OS allows it.</para>
+
+		<para>This is the list of socket options currently settable 
+		using this option:</para>
+
+		<itemizedlist>
+			<listitem><para>SO_KEEPALIVE</para></listitem>
+			<listitem><para>SO_REUSEADDR</para></listitem>
+			<listitem><para>SO_BROADCAST</para></listitem>
+			<listitem><para>TCP_NODELAY</para></listitem>
+			<listitem><para>IPTOS_LOWDELAY</para></listitem>
+			<listitem><para>IPTOS_THROUGHPUT</para></listitem>
+			<listitem><para>SO_SNDBUF *</para></listitem>
+			<listitem><para>SO_RCVBUF *</para></listitem>
+			<listitem><para>SO_SNDLOWAT *</para></listitem>
+			<listitem><para>SO_RCVLOWAT *</para></listitem>
+		</itemizedlist>
+
+		<para>Those marked with a <emphasis>'*'</emphasis> take an integer 
+		argument. The others can optionally take a 1 or 0 argument to enable 
+		or disable the option, by default they will be enabled if you 
+		don't specify 1 or 0.</para>
+
+		<para>To specify an argument use the syntax SOME_OPTION = VALUE 
+		for example <command>SO_SNDBUF = 8192</command>. Note that you must 
+		not have any spaces before or after the = sign.</para>
+
+		<para>If you are on a local network then a sensible option 
+		might be</para>
+		<para><command>socket options = IPTOS_LOWDELAY</command></para>
+
+		<para>If you have a local network then you could try:</para>
+		<para><command>socket options = IPTOS_LOWDELAY TCP_NODELAY</command></para>
+
+		<para>If you are on a wide area network then perhaps try 
+		setting IPTOS_THROUGHPUT. </para>
+
+		<para>Note that several of the options may cause your Samba 
+		server to fail completely. Use these options with caution!</para>
+
+  		<para>Default: <command>socket options = TCP_NODELAY</command></para>
+		<para>Example: <command>socket options = IPTOS_LOWDELAY</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="SOURCEENVIRONMENT">source environment (G)</term>
+		<listitem><para>This parameter causes Samba to set environment 
+		variables as per the content of the file named.</para>
+
+		<para>If the value of this parameter starts with a "|" character 
+		then Samba will treat that value as a pipe command to open and 
+		will set the environment variables from the output of the pipe.</para>
+
+		<para>The contents of the file or the output of the pipe should 
+		be formatted as the output of the standard Unix <command>env(1)
+		</command> command. This is of the form :</para>
+		<para>Example environment entry:</para>
+		<para><command>SAMBA_NETBIOS_NAME = myhostname</command></para>
+
+		<para>Default: <emphasis>No default value</emphasis></para>
+		<para>Examples: <command>source environment = |/etc/smb.conf.sh
+		</command></para>
+
+		<para>Example: <command>source environment = 
+		/usr/local/smb_env_vars</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSL">ssl (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable enables or disables the entire SSL mode. If 
+		it is set to <constant>no</constant>, the SSL-enabled Samba behaves 
+		exactly like the non-SSL Samba. If set to <constant>yes</constant>, 
+		it depends on the variables <link linkend="SSLHOSTS"><parameter>
+		ssl hosts</parameter></link> and <link linkend="SSLHOSTSRESIGN">
+		<parameter>ssl hosts resign</parameter></link> whether an SSL 
+		connection will be required.</para>
+
+		<para>Default: <command>ssl = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCACERTDIR">ssl CA certDir (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable defines where to look up the Certification
+		Authorities. The given directory should contain one file for 
+		each CA that Samba will trust.  The file name must be the hash 
+		value over the "Distinguished Name" of the CA. How this directory 
+		is set up is explained later in this document. All files within the 
+		directory that don't fit into this naming scheme are ignored. You 
+		don't need this variable if you don't verify client certificates.</para>
+
+		<para>Default: <command>ssl CA certDir = /usr/local/ssl/certs
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCACERTFILE">ssl CA certFile (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable is a second way to define the trusted CAs. 
+		The certificates of the trusted CAs are collected in one big 
+		file and this variable points to the file. You will probably 
+		only use one of the two ways to define your CAs. The first choice is 
+		preferable if you have many CAs or want to be flexible, the second 
+		is preferable if you only have one CA and want to keep things 
+		simple (you won't need to create the hashed file names). You 
+		don't need this variable if you don't verify client certificates.</para>
+
+		<para>Default: <command>ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCIPHERS">ssl ciphers (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable defines the ciphers that should be offered 
+		during SSL negotiation. You should not set this variable unless 
+		you know what you are doing.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLCLIENTCERT">ssl client cert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>The certificate in this file is used by <ulink url="smbclient.1.html">
+		<command>smbclient(1)</command></ulink> if it exists. It's needed 
+		if the server requires a client certificate.</para>
+
+		<para>Default: <command>ssl client cert = /usr/local/ssl/certs/smbclient.pem
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCLIENTKEY">ssl client key (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This is the private key for <ulink url="smbclient.1.html">
+		<command>smbclient(1)</command></ulink>. It's only needed if the 
+		client should have a certificate. </para>
+
+		<para>Default: <command>ssl client key = /usr/local/ssl/private/smbclient.pem
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCOMPATIBILITY">ssl compatibility (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable defines whether OpenSSL should be configured 
+		for bug compatibility with other SSL implementations. This is 
+		probably not desirable because currently no clients with SSL 
+		implementations other than OpenSSL exist.</para>
+
+		<para>Default: <command>ssl compatibility = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLEGDSOCKET">ssl egd socket (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+		
+		<para>
+		This option is used to define the location of the communiation socket of 
+		an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
+		can be used instead of or together with the <link 
+		linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link> 
+		directive. 255 bytes of entropy will be retrieved from the daemon.
+		</para>
+
+		<para>Default: <emphasis>none</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLENTROPYBYTES">ssl entropy bytes (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+		
+		<para>
+		This parameter is used to define the number of bytes which should 
+		be read from the <link linkend="SSLENTROPYFILE"><parameter>ssl entropy 
+		file</parameter></link> If a -1 is specified, the entire file will
+		be read.
+		</para>
+
+		<para>Default: <command>ssl entropy bytes = 255</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLENTROPYFILE">ssl entropy file (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+		
+		<para>
+		This parameter is used to specify a file from which processes will 
+		read "random bytes" on startup.  In order to seed the internal pseudo 
+		random number generator, entropy must be provided. On system with a 
+		<filename>/dev/urandom</filename> device file, the processes
+		will retrieve its entropy from the kernel. On systems without kernel
+		entropy support, a file can be supplied that will be read on startup
+		and that will be used to seed the PRNG.
+		</para>
+
+		<para>Default: <emphasis>none</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+		
+
+		<varlistentry>
+		<term><anchor id="SSLHOSTS">ssl hosts (G)</term>
+		<listitem><para>See <link linkend="SSLHOSTSRESIGN"><parameter>
+		ssl hosts resign</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLHOSTSRESIGN">ssl hosts resign (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>These two variables define whether Samba will go 
+		into SSL mode or not. If none of them is defined, Samba will 
+		allow only SSL connections. If the <link linkend="SSLHOSTS">
+		<parameter>ssl hosts</parameter></link> variable lists
+		hosts (by IP-address, IP-address range, net group or name), 
+		only these hosts will be forced into SSL mode. If the <parameter>
+		ssl hosts resign</parameter> variable lists hosts, only these 
+		hosts will <emphasis>NOT</emphasis> be forced into SSL mode. The syntax for these two 
+		variables is the same as for the <link linkend="HOSTSALLOW"><parameter>
+		hosts allow</parameter></link> and <link linkend="HOSTSDENY">
+		<parameter>hosts deny</parameter></link> pair of variables, only 
+		that the subject of the decision is different: It's not the access 
+		right but whether SSL is used or not. </para>
+
+		<para>The example below requires SSL connections from all hosts
+		outside the local net (which is 192.168.*.*).</para>
+
+		<para>Default: <command>ssl hosts = &lt;empty string&gt;</command></para>
+		<para><command>ssl hosts resign = &lt;empty string&gt;</command></para>
+
+		<para>Example: <command>ssl hosts resign = 192.168.</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLREQUIRECLIENTCERT">ssl require clientcert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>If this variable is set to <constant>yes</constant>, the 
+		server will not tolerate connections from clients that don't 
+		have a valid certificate. The directory/file given in <link
+		linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter>
+		</link> and <link linkend="SSLCACERTFILE"><parameter>ssl CA certFile
+		</parameter></link> will be used to look up the CAs that issued 
+		the client's certificate. If the certificate can't be verified 
+		positively, the connection will be terminated.  If this variable 
+		is set to <constant>no</constant>, clients don't need certificates. 
+		Contrary to web applications you really <emphasis>should</emphasis> 
+		require client certificates. In the web environment the client's 
+		data is sensitive (credit card numbers) and the server must prove 
+		to be trustworthy. In a file server environment the server's data 
+		will be sensitive and the clients must prove to be trustworthy.</para>
+
+		<para>Default: <command>ssl require clientcert = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLREQUIRESERVERCERT">ssl require servercert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>If this variable is set to <constant>yes</constant>, the 
+		<ulink url="smbclient.1.html"><command>smbclient(1)</command>
+		</ulink> will request a certificate from the server. Same as 
+		<link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require 
+		clientcert</parameter></link> for the server.</para>
+
+		<para>Default: <command>ssl require servercert = no</command>
+		</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><anchor id="SSLSERVERCERT">ssl server cert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This is the file containing the server's certificate. 
+		The server <emphasis>must</emphasis> have a certificate. The 
+		file may also contain the server's private key. See later for 
+		how certificates and private keys are created.</para>
+
+		<para>Default: <command>ssl server cert = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLSERVERKEY">ssl server key (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This file contains the private key of the server. If 
+		this variable is not defined, the key is looked up in the 
+		certificate file (it may be appended to the certificate). 
+		The server <emphasis>must</emphasis> have a private key
+		and the certificate <emphasis>must</emphasis> 
+		match this private key.</para>
+
+		<para>Default: <command>ssl server key = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLVERSION">ssl version (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This enumeration variable defines the versions of the 
+		SSL protocol that will be used. <constant>ssl2or3</constant> allows 
+		dynamic negotiation of SSL v2 or v3, <constant>ssl2</constant> results 
+		in SSL v2, <constant>ssl3</constant> results in SSL v3 and
+		<constant>tls1</constant> results in TLS v1. TLS (Transport Layer 
+		Security) is the new standard for SSL.</para>
+
+		<para>Default: <command>ssl version = "ssl2or3"</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="STATCACHE">stat cache (G)</term>
+		<listitem><para>This parameter determines if <ulink 
+		url="smbd.8.html">smbd(8)</ulink> will use a cache in order to 
+		speed up case insensitive name mappings. You should never need 
+		to change this parameter.</para>
+
+  		<para>Default: <command>stat cache = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><anchor id="STATCACHESIZE">stat cache size (G)</term>
+		<listitem><para>This parameter determines the number of 
+		entries in the <parameter>stat cache</parameter>.  You should 
+		never need to change this parameter.</para>
+		
+		<para>Default: <command>stat cache size = 50</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="STATUS">status (G)</term>
+		<listitem><para>This enables or disables logging of connections 
+		to a status file that <ulink url="smbstatus.1.html">smbstatus(1)</ulink>
+		can read.</para>
+
+		<para>With this disabled <command>smbstatus</command> won't be able
+		to tell you what connections are active. You should never need to
+		change this parameter.</para>
+
+		<para>Default: <command>status = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		
+		<varlistentry>
+		<term><anchor id="STRICTALLOCATE">strict allocate (S)</term>
+		<listitem><para>This is a boolean that controls the handling of 
+		disk space allocation in the server. When this is set to <constant>yes</constant> 
+		the server will change from UNIX behaviour of not committing real
+		disk storage blocks when a file is extended to the Windows behaviour
+		of actually forcing the disk system to allocate real storage blocks
+		when a file is created or extended to be a given size. In UNIX
+		terminology this means that Samba will stop creating sparse files.
+		This can be slow on some systems.</para>
+
+		<para>When strict allocate is <constant>no</constant> the server does sparse
+		disk block allocation when a file is extended.</para>
+
+		<para>Setting this to <constant>yes</constant> can help Samba return
+		out of quota messages on systems that are restricting the disk quota
+		of users.</para>
+
+		<para>Default: <command>strict allocate = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="STRICTLOCKING">strict locking (S)</term>
+		<listitem><para>This is a boolean that controls the handling of 
+		file locking in the server. When this is set to <constant>yes</constant> 
+		the server will check every read and write access for file locks, and 
+		deny access if locks exist. This can be slow on some systems.</para>
+
+		<para>When strict locking is <constant>no</constant> the server does file 
+		lock checks only when the client explicitly asks for them.</para>
+
+		<para>Well-behaved clients always ask for lock checks when it 
+		is important, so in the vast majority of cases <command>strict 
+		locking = no</command> is preferable.</para>
+
+		<para>Default: <command>strict locking = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="STRICTSYNC">strict sync (S)</term>
+		<listitem><para>Many Windows applications (including the Windows 
+		98 explorer shell) seem to confuse flushing buffer contents to 
+		disk with doing a sync to disk. Under UNIX, a sync call forces 
+		the process to be suspended until the kernel has ensured that 
+		all outstanding data in kernel disk buffers has been safely stored 
+		onto stable storage. This is very slow and should only be done 
+		rarely. Setting this parameter to <constant>no</constant> (the 
+		default) means that <ulink url="smbd.8.html">smbd</ulink> ignores the Windows applications requests for
+		a sync call. There is only a possibility of losing data if the
+		operating system itself that Samba is running on crashes, so there is
+		little danger in this default setting. In addition, this fixes many
+		performance problems that people have reported with the new Windows98
+		explorer shell file copies.</para>
+
+		<para>See also the <link linkend="SYNCALWAYS"><parameter>sync 
+		always></parameter></link> parameter.</para>
+
+		<para>Default: <command>strict sync = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="STRIPDOT">strip dot (G)</term>
+		<listitem><para>This parameter is now unused in Samba (2.2.5 and above).
+		It used strip trailing dots off UNIX filenames but was not correctly implmented.
+		In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+		filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+		being returned to a client.</para>
+
+		<para>Default: <command>strip dot = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SYNCALWAYS">sync always (S)</term>
+		<listitem><para>This is a boolean parameter that controls 
+		whether writes will always be written to stable storage before 
+		the write call returns. If this is <constant>no</constant> then the server will be 
+		guided by the client's request in each write call (clients can 
+		set a bit indicating that a particular write should be synchronous). 
+		If this is <constant>yes</constant> then every write will be followed by a <command>fsync()
+		</command> call to ensure the data is written to disk. Note that 
+		the <parameter>strict sync</parameter> parameter must be set to
+		<constant>yes</constant> in order for this parameter to have 
+		any affect.</para>
+		
+		<para>See also the <link linkend="STRICTSYNC"><parameter>strict 
+		sync</parameter></link> parameter.</para>
+
+		<para>Default: <command>sync always = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SYSLOG">syslog (G)</term>
+		<listitem><para>This parameter maps how Samba debug messages 
+		are logged onto the system syslog logging levels. Samba debug 
+		level zero maps onto syslog <constant>LOG_ERR</constant>, debug 
+		level one maps onto <constant>LOG_WARNING</constant>, debug level 
+		two maps onto <constant>LOG_NOTICE</constant>, debug level three 
+		maps onto LOG_INFO. All higher levels are mapped to <constant>
+		LOG_DEBUG</constant>.</para>
+
+		<para>This parameter sets the threshold for sending messages 
+		to syslog.  Only messages with debug level less than this value 
+		will be sent to syslog.</para>
+
+		<para>Default: <command>syslog = 1</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SYSLOGONLY">syslog only (G)</term>
+		<listitem><para>If this parameter is set then Samba debug 
+		messages are logged into the system syslog only, and not to 
+		the debug log files.</para>
+
+		<para>Default: <command>syslog only = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="TEMPLATEHOMEDIR">template homedir (G)</term>
+		<listitem><para>When filling out the user information for a Windows NT 
+		user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon 
+		uses this parameter to fill in the home directory for that user.  
+		If the string <parameter>%D</parameter> is present it is substituted 
+		with the user's Windows NT domain name.  If the string <parameter>%U
+		</parameter> is present it is substituted with the user's Windows 
+		NT user name.</para>
+
+		<para>Default: <command>template homedir = /home/%D/%U</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="TEMPLATESHELL">template shell (G)</term>
+		<listitem><para>When filling out the user information for a Windows NT 
+		user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon 
+		uses this parameter to fill in the login shell for that user.</para>
+
+		<para>Default: <command>template shell = /bin/false</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="TIMEOFFSET">time offset (G)</term>
+		<listitem><para>This parameter is a setting in minutes to add 
+		to the normal GMT to local time conversion. This is useful if 
+		you are serving a lot of PCs that have incorrect daylight 
+		saving time handling.</para>
+		
+		<para>Default: <command>time offset = 0</command></para>
+		<para>Example: <command>time offset = 60</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="TIMESERVER">time server (G)</term>
+		<listitem><para>This parameter determines if <ulink url="nmbd.8.html"> 			
+		nmbd(8)</ulink> advertises itself as a time server to Windows 
+		clients.</para>
+
+  		<para>Default: <command>time server = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="TIMESTAMPLOGS">timestamp logs (G)</term>
+		<listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter>
+		debug timestamp</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="TOTALPRINTJOBS">total print jobs (G)</term>
+		<listitem><para>This parameter accepts an integer value which defines
+		a limit on the maximum number of print jobs that will be accepted 
+		system wide at any given time.  If a print job is submitted
+		by a client which will exceed this number, then <ulink url="smbd.8.html">smbd</ulink> will return an 
+		error indicating that no space is available on the server.  The 
+		default value of 0 means that no such limit exists.  This parameter
+		can be used to prevent a server from exceeding its capacity and is
+		designed as a printing throttle.  See also 
+		<link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter</link>.
+		</para>
+		
+		<para>Default: <command>total print jobs = 0</command></para>
+		<para>Example: <command>total print jobs = 5000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term>
+		<listitem><para>This boolean parameter controls whether Samba 
+		implments the CIFS UNIX extensions, as defined by HP. 
+		These extensions enable Samba to better serve UNIX CIFS clients
+		by supporting features such as symbolic links, hard links, etc...
+		These extensions require a similarly enabled client, and are of
+		no current use to Windows clients.</para>
+
+		<para>Default: <command>unix extensions = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="UNIXPASSWORDSYNC">unix password sync (G)</term>
+		<listitem><para>This boolean parameter controls whether Samba 
+		attempts to synchronize the UNIX password with the SMB password 
+		when the encrypted SMB password in the smbpasswd file is changed. 
+		If this is set to <constant>yes</constant> the program specified in the <parameter>passwd
+		program</parameter>parameter is called <emphasis>AS ROOT</emphasis> - 
+		to allow the new UNIX password to be set without access to the 
+		old UNIX password (as the SMB password change code has no 
+		access to the old password cleartext, only the new).</para>
+
+		<para>See also <link linkend="PASSWDPROGRAM"><parameter>passwd 
+		program</parameter></link>, <link linkend="PASSWDCHAT"><parameter>
+		passwd chat</parameter></link>.</para>
+
+		<para>Default: <command>unix password sync = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="UPDATEENCRYPTED">update encrypted (G)</term>
+		<listitem><para>This boolean parameter allows a user logging 
+		on with a plaintext password to have their encrypted (hashed) 
+		password in the smbpasswd file to be updated automatically as 
+		they log on. This option allows a site to migrate from plaintext 
+		password authentication (users authenticate with plaintext 
+		password over the wire, and are checked against a UNIX account 
+		database) to encrypted password authentication (the SMB 
+		challenge/response authentication mechanism) without forcing
+		all users to re-enter their passwords via smbpasswd at the time the
+		change is made. This is a convenience option to allow the change over
+		to encrypted passwords to be made over a longer period. Once all users
+		have encrypted representations of their passwords in the smbpasswd
+		file this parameter should be set to <constant>no</constant>.</para>
+
+		<para>In order for this parameter to work correctly the <link
+		linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter>
+		</link> parameter must be set to <constant>no</constant> when
+		this parameter is set to <constant>yes</constant>.</para>
+
+		<para>Note that even when this parameter is set a user 
+		authenticating to <command>smbd</command> must still enter a valid 
+		password in order to connect correctly, and to update their hashed 
+		(smbpasswd) passwords.</para>
+
+  		<para>Default: <command>update encrypted = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="USECLIENTDRIVER">use client driver (S)</term>
+		<listitem><para>This parameter applies only to Windows NT/2000
+		clients.  It has no affect on Windows 95/98/ME clients.  When 
+		serving a printer to Windows NT/2000 clients without first installing
+		a valid printer driver on the Samba host, the client will be required
+		to install a local printer driver.  From this point on, the client
+		will treat the print as a local printer and not a network printer 
+		connection.  This is much the same behavior that will occur
+		when <command>disable spoolss = yes</command>.  </para>
+
+		<para>The differentiating 
+		factor is that under normal circumstances, the NT/2000 client will 
+		attempt to open the network printer using MS-RPC.  The problem is that
+		because the client considers the printer to be local, it will attempt
+		to issue the OpenPrinterEx() call requesting access rights associated 
+		with the logged on user. If the user possesses local administator rights
+		but not root privilegde on the Samba host (often the case), the OpenPrinterEx()
+		call will fail.  The result is that the client will now display an "Access
+		Denied; Unable to connect" message in the printer queue window (even though
+		jobs may successfully be printed).  </para>
+
+		<para>If this parameter is enabled for a printer, then any attempt
+		to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
+		to PRINTER_ACCESS_USE instead.  Thus allowing the OpenPrinterEx()
+		call to succeed.  <emphasis>This parameter MUST not be able enabled
+		on a print share which has valid print driver installed on the Samba 
+		server.</emphasis></para>
+
+		<para>See also <link linkend="DISABLESPOOLSS">disable spoolss</link>
+		</para>
+
+		<para>Default: <command>use client driver = no</command></para>
+		</listitem>
+		</varlistentry>
+	
+
+
+		<varlistentry>
+		<term><anchor id="USEMMAP">use mmap (G)</term>
+		<listitem><para>This global parameter determines if the tdb internals of Samba can
+		depend on mmap working correctly on the running system. Samba requires a coherent
+		mmap/read-write system memory cache. Currently only HPUX does not have such a
+		coherent cache, and so this parameter is set to <constant>no</constant> by
+		default on HPUX. On all other systems this parameter should be left alone. This
+		parameter is provided to help the Samba developers track down problems with
+		the tdb internal code.
+		</para>
+
+		<para>Default: <command>use mmap = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="USERHOSTS">use rhosts (G)</term>
+		<listitem><para>If this global parameter is <constant>yes</constant>, it specifies 
+		that the UNIX user's <filename>.rhosts</filename> file in their home directory 
+		will be read to find the names of hosts and users who will be allowed 
+		access without specifying a password.</para>
+
+		<para><emphasis>NOTE:</emphasis> The use of <parameter>use rhosts
+		</parameter> can be a major security hole. This is because you are 
+		trusting the PC to supply the correct username. It is very easy to 
+		get a PC to supply a false username. I recommend that the <parameter>
+		use rhosts</parameter> option be only used if you really know what 
+		you are doing.</para>
+
+		<para>Default: <command>use rhosts = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="USER">user (S)</term>
+		<listitem><para>Synonym for <link linkend="USERNAME"><parameter>
+		username</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="USERS">users (S)</term>
+		<listitem><para>Synonym for <link linkend="USERNAME"><parameter>
+		username</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="USERNAME">username (S)</term>
+		<listitem><para>Multiple users may be specified in a comma-delimited 
+		list, in which case the supplied password will be tested against 
+		each username in turn (left to right).</para>
+
+		<para>The <parameter>username</parameter> line is needed only when 
+		the PC is unable to supply its own username. This is the case 
+		for the COREPLUS protocol or where your users have different WfWg 
+		usernames to UNIX usernames. In both these cases you may also be 
+		better using the \\server\share%user syntax instead.</para>
+
+		<para>The <parameter>username</parameter> line is not a great 
+		solution in many cases as it means Samba will try to validate 
+		the supplied password against each of the usernames in the 
+		<parameter>username</parameter> line in turn. This is slow and 
+		a bad idea for lots of users in case of duplicate passwords. 
+		You may get timeouts or security breaches using this parameter 
+		unwisely.</para>
+
+		<para>Samba relies on the underlying UNIX security. This 
+		parameter does not restrict who can login, it just offers hints 
+		to the Samba server as to what usernames might correspond to the 
+		supplied password. Users can login as whoever they please and 
+		they will be able to do no more damage than if they started a 
+		telnet session. The daemon runs as the user that they log in as, 
+		so they cannot do anything that user cannot do.</para>
+
+		<para>To restrict a service to a particular set of users you 
+		can use the <link linkend="VALIDUSERS"><parameter>valid users
+		</parameter></link> parameter.</para>
+
+		<para>If any of the usernames begin with a '@' then the name
+		will be looked up first in the NIS netgroups list (if Samba 
+		is compiled with netgroup support), followed by a lookup in 
+		the UNIX groups database and will expand to a list of all users 
+		in the group of that name.</para>
+		
+		<para>If any of the usernames begin with a '+' then the name 
+		will be looked up only in the UNIX groups database and will 
+		expand to a list of all users in the group of that name.</para>
+
+		<para>If any of the usernames begin with a '&'then the name 
+		will be looked up only in the NIS netgroups database (if Samba 
+		is compiled with netgroup support) and will expand to a list 
+		of all users in the netgroup group of that name.</para>
+
+		<para>Note that searching though a groups database can take 
+		quite some time, and some clients may time out during the 
+		search.</para>
+
+		<para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT 
+		USERNAME/PASSWORD VALIDATION</link> for more information on how 
+		this parameter determines access to the services.</para>
+
+		<para>Default: <command>The guest account if a guest service, 
+		else &lt;empty string&gt;.</command></para>
+
+		<para>Examples:<command>username = fred, mary, jack, jane, 
+		@users, @pcgroup</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="USERNAMELEVEL">username level (G)</term>
+		<listitem><para>This option helps Samba to try and 'guess' at 
+		the real UNIX username, as many DOS clients send an all-uppercase 
+		username. By default Samba tries all lowercase, followed by the 
+		username with the first letter capitalized, and fails if the 
+		username is not found on the UNIX machine.</para>
+
+		<para>If this parameter is set to non-zero the behavior changes. 
+		This parameter is a number that specifies the number of uppercase
+		combinations to try while trying to determine the UNIX user name. The
+		higher the number the more combinations will be tried, but the slower
+		the discovery of usernames will be. Use this parameter when you have
+		strange usernames on your UNIX machine, such as <constant>AstrangeUser
+		</constant>.</para>
+
+		<para>Default: <command>username level = 0</command></para>
+		<para>Example: <command>username level = 5</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="USERNAMEMAP">username map (G)</term>
+		<listitem><para>This option allows you to specify a file containing 
+		a mapping of usernames from the clients to the server. This can be 
+		used for several purposes. The most common is to map usernames 
+		that users use on DOS or Windows machines to those that the UNIX 
+		box uses. The other is to map multiple users to a single username 
+		so that they can more easily share files.</para>
+
+		<para>The map file is parsed line by line. Each line should 
+		contain a single UNIX username on the left then a '=' followed 
+		by a list of usernames on the right. The list of usernames on the 
+		right may contain names of the form @group in which case they 
+		will match any UNIX username in that group. The special client 
+		name '*' is a wildcard and matches any name. Each line of the 
+		map file may be up to 1023 characters long.</para>
+
+		<para>The file is processed on each line by taking the 
+		supplied username and comparing it with each username on the right 
+		hand side of the '=' signs. If the supplied name matches any of 
+		the names on the right hand side then it is replaced with the name 
+		on the left. Processing then continues with the next line.</para>
+
+		<para>If any line begins with a '#' or a ';' then it is 
+		ignored</para>
+
+		<para>If any line begins with an '!' then the processing 
+		will stop after that line if a mapping was done by the line. 
+		Otherwise mapping continues with every line being processed. 
+		Using '!' is most useful when you have a wildcard mapping line 
+		later in the file.</para>
+		
+		<para>For example to map from the name <constant>admin</constant> 
+		or <constant>administrator</constant> to the UNIX name <constant>
+		root</constant> you would use:</para>
+
+		<para><command>root = admin administrator</command></para>
+
+		<para>Or to map anyone in the UNIX group <constant>system</constant> 
+		to the UNIX name <constant>sys</constant> you would use:</para>
+
+		<para><command>sys = @system</command></para>
+
+		<para>You can have as many mappings as you like in a username 
+		map file.</para>
+		
+		
+		<para>If your system supports the NIS NETGROUP option then 
+		the netgroup database is checked before the <filename>/etc/group
+		</filename> database for matching groups.</para>
+
+		<para>You can map Windows usernames that have spaces in them
+		 by using double quotes around the name. For example:</para>
+
+		<para><command>tridge = "Andrew Tridgell"</command></para>
+
+		<para>would map the windows username "Andrew Tridgell" to the 
+		unix username "tridge".</para>
+
+		<para>The following example would map mary and fred to the 
+		unix user sys, and map the rest to guest. Note the use of the 
+		'!' to tell Samba to stop processing if it gets a match on 
+		that line.</para>
+
+		<para><programlisting>
+		!sys = mary fred
+		guest = *
+		</programlisting></para>
+
+		<para>Note that the remapping is applied to all occurrences 
+		of usernames. Thus if you connect to \\server\fred and <constant>
+		fred</constant> is remapped to <constant>mary</constant> then you 
+		will actually be connecting to \\server\mary and will need to 
+		supply a password suitable for <constant>mary</constant> not 
+		<constant>fred</constant>. The only exception to this is the 
+		username passed to the <link linkend="PASSWORDSERVER"><parameter>
+		password server</parameter></link> (if you have one). The password 
+		server will receive whatever username the client supplies without 
+		modification.</para>
+
+		<para>Also note that no reverse mapping is done. The main effect 
+		this has is with printing. Users who have been mapped may have 
+		trouble deleting print jobs as PrintManager under WfWg will think 
+		they don't own the print job.</para>
+
+		<para>Default: <emphasis>no username map</emphasis></para>
+		<para>Example: <command>username map = /usr/local/samba/lib/users.map
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="USESENDFILE">use sendfile (S)</term>
+		<listitem><para>If this parameter is <constant>yes</constant>, and Samba
+		was built with the --with-sendfile-support option, and the underlying operating
+		system supports sendfile system call, then some SMB read calls (mainly ReadAndX
+		and ReadRaw) will use the more efficient sendfile system call for files that
+		are exclusively oplocked. This may make more efficient use of the system CPU's
+		and cause Samba to be faster. This is off by default as it's effects are unknown
+		as yet.
+		</para>
+
+		<para>Default: <command>use sendfile = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		
+		
+		<varlistentry>
+		<term><anchor id="UTMP">utmp (G)</term>
+		<listitem><para>This boolean parameter is only available if 
+		Samba has been configured and compiled  with the option <command>
+		--with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt
+		to add utmp or utmpx records (depending on the UNIX system) whenever a
+		connection is made to a Samba server. Sites may use this to record the
+		user connecting to a Samba share.</para>
+
+		<para>See also the <link linkend="UTMPDIRECTORY"><parameter>
+		utmp directory</parameter></link> parameter.</para>
+
+		<para>Default: <command>utmp = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="UTMPDIRECTORY">utmp directory(G)</term>
+		<listitem><para>This parameter is only available if Samba has 
+		been configured and compiled with the option <command>
+		--with-utmp</command>. It specifies a directory pathname that is
+		used to store the utmp or utmpx files (depending on the UNIX system) that
+		record user connections to a Samba server. See also the <link linkend="UTMP">
+		<parameter>utmp</parameter></link> parameter. By default this is 
+		not set, meaning the system will use whatever utmp file the 
+		native system is set to use (usually 
+		<filename>/var/run/utmp</filename> on Linux).</para>
+
+		<para>Default: <emphasis>no utmp directory</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="VALIDCHARS">valid chars (G)</term>
+		<listitem><para>The option allows you to specify additional 
+		characters that should be considered valid by the server in 
+		filenames. This is particularly useful for national character 
+		sets, such as adding u-umlaut or a-ring.</para>
+
+		<para>The option takes a list of characters in either integer 
+		or character form with spaces between them. If you give two 
+		characters with a colon between them then it will be taken as 
+		an lowercase:uppercase pair.</para>
+
+		<para>If you have an editor capable of entering the characters 
+		into the config file then it is probably easiest to use this 
+		method. Otherwise you can specify the characters in octal, 
+		decimal or hexadecimal form using the usual C notation.</para>
+
+		<para>For example to add the single character 'Z' to the charset 
+		(which is a pointless thing to do as it's already there) you could 
+		do one of the following</para>
+
+		<para><programlisting>
+		valid chars = Z
+		valid chars = z:Z
+		valid chars = 0132:0172
+		</programlisting></para>
+		
+		<para>The last two examples above actually add two characters, 
+		and alter the uppercase and lowercase mappings appropriately.</para>
+
+		<para>Note that you <emphasis>MUST</emphasis> specify this parameter 
+		after the <parameter>client code page</parameter> parameter if you 
+		have both set. If <parameter>client code page</parameter> is set after 
+		the <parameter>valid chars</parameter> parameter the <parameter>valid 
+		chars</parameter> settings will be overwritten.</para>
+
+		<para>See also the <link linkend="CLIENTCODEPAGE"><parameter>client 
+		code page</parameter></link> parameter.</para>
+
+		<para>Default: <emphasis>Samba defaults to using a reasonable set 
+		of valid characters for English systems</emphasis></para>
+
+		<para>Example: <command>valid chars = 0345:0305 0366:0326 0344:0304
+		</command></para>
+
+		<para>The above example allows filenames to have the Swedish 
+		characters in them.</para>
+
+		<para><emphasis>NOTE:</emphasis> It is actually quite difficult to 
+		correctly produce a <parameter>valid chars</parameter> line for 
+		a particular system. To automate the process <ulink 
+		url="mailto:tino@augsburg.net">tino@augsburg.net</ulink> has written 
+		a package called <command>validchars</command> which will automatically 
+		produce a complete <parameter>valid chars</parameter> line for
+		a given client system. Look in the <filename>examples/validchars/
+		</filename> subdirectory of your Samba source code distribution 
+		for this package.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="VALIDUSERS">valid users (S)</term>
+		<listitem><para>This is a list of users that should be allowed 
+		to login to this service. Names starting with '@', '+' and  '&'
+		are interpreted using the same rules as described in the 
+		<parameter>invalid users</parameter> parameter.</para>
+
+		<para>If this is empty (the default) then any user can login. 
+		If a username is in both this list and the <parameter>invalid 
+		users</parameter> list then access is denied for that user.</para>
+
+		<para>The current servicename is substituted for <parameter>%S
+		</parameter>. This is useful in the [homes] section.</para>
+
+		<para>See also <link linkend="INVALIDUSERS"><parameter>invalid users
+		</parameter></link></para>
+
+		<para>Default: <emphasis>No valid users list (anyone can login)
+		</emphasis></para>
+
+		<para>Example: <command>valid users = greg, @pcusers</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="VETOFILES">veto files(S)</term>
+		<listitem><para>This is a list of files and directories that 
+		are neither visible nor accessible.  Each entry in the list must 
+		be separated by a '/', which allows spaces to be included 
+		in the entry. '*' and '?' can be used to specify multiple files 
+		or directories as in DOS wildcards.</para>
+
+		<para>Each entry must be a unix path, not a DOS path and 
+		must <emphasis>not</emphasis> include the  unix directory 
+		separator '/'.</para>
+
+		<para>Note that the <parameter>case sensitive</parameter> option 
+		is applicable in vetoing files.</para>
+		
+		<para>One feature of the veto files parameter that it
+		is important to be aware of is Samba's behaviour when
+		trying to delete a directory. If a directory that is
+		to be deleted contains nothing but veto files this
+		deletion will <emphasis>fail</emphasis> unless you also set
+		the <parameter>delete veto files</parameter> parameter to
+		<parameter>yes</parameter>.</para>
+
+		<para>Setting this parameter will affect the performance 
+		of Samba, as it will be forced to check all files and directories 
+		for a match as they are scanned.</para>
+
+		<para>See also <link linkend="HIDEFILES"><parameter>hide files
+		</parameter></link> and <link linkend="CASESENSITIVE"><parameter>
+		case sensitive</parameter></link>.</para>
+
+		<para>Default: <emphasis>No files or directories are vetoed.
+		</emphasis></para>
+
+<para>Examples:<programlisting>
+; Veto any files containing the word Security, 
+; any ending in .tmp, and any directory containing the
+; word root.
+veto files = /*Security*/*.tmp/*root*/
+
+; Veto the Apple specific files that a NetAtalk server
+; creates.
+veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
+</programlisting></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="VETOOPLOCKFILES">veto oplock files (S)</term>
+		<listitem><para>This parameter is only valid when the <link
+		linkend="OPLOCKS"><parameter>oplocks</parameter></link>
+		parameter is turned on for a share. It allows the Samba administrator
+		to selectively turn off the granting of oplocks on selected files that
+		match a wildcarded list, similar to the wildcarded list used in the
+		<link linkend="VETOFILES"><parameter>veto files</parameter></link> 
+		parameter.</para>
+
+		<para>Default: <emphasis>No files are vetoed for oplock 
+		grants</emphasis></para>
+
+		<para>You might want to do this on files that you know will 
+		be heavily contended for by clients. A good example of this 
+		is in the NetBench SMB benchmark program, which causes heavy 
+		client contention for files ending in <filename>.SEM</filename>. 
+		To cause Samba not to grant oplocks on these files you would use 
+		the line (either in the [global] section or in the section for 
+		the particular NetBench share :</para>
+
+		<para>Example: <command>veto oplock files = /*.SEM/
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="VFSOBJECT">vfs object (S)</term>
+		<listitem><para>This parameter specifies a shared object file that 
+		is used for Samba VFS I/O operations.  By default, normal 
+		disk I/O operations are used but these can be overloaded 
+		with a VFS object.  The Samba VFS layer is new to Samba 2.2 and 
+		must be enabled at compile time with --with-vfs.</para>
+		
+		<para>Default : <emphasis>no value</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="VFSOPTIONS">vfs options (S)</term>
+		<listitem><para>This parameter allows parameters to be passed 
+		to the vfs layer at initialization time.  The Samba VFS layer 
+		is new to Samba 2.2 and must be enabled at compile time 
+		with --with-vfs.  See also <link linkend="VFSOBJECT"><parameter>
+		vfs object</parameter></link>.</para>
+		
+		<para>Default : <emphasis>no value</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="VOLUME">volume (S)</term>
+		<listitem><para> This allows you to override the volume label 
+		returned for a share. Useful for CDROMs with installation programs 
+		that insist on a particular volume label.</para>
+
+		<para>Default: <emphasis>the name of the share</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="WIDELINKS">wide links (S)</term>
+		<listitem><para>This parameter controls whether or not links 
+		in the UNIX file system may be followed by the server. Links 
+		that point to areas within the directory tree exported by the 
+		server are always allowed; this parameter controls access only 
+		to areas that are outside the directory tree being exported.</para>
+
+		<para>Note that setting this parameter can have a negative 
+		effect on your server performance due to the extra system calls 
+		that Samba has to  do in order to perform the link checks.</para>
+
+		<para>Default: <command>wide links = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WINBINDCACHETIME">winbind cache time (G)</term>
+		<listitem><para>This parameter specifies the number of seconds the
+		<ulink url="winbindd.8.html">winbindd(8)</ulink> daemon will cache 
+		user and group information before querying a Windows NT server 
+		again.</para>
+
+		<para>Default: <command>winbind cache type = 15</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="WINBINDENUMUSERS">winbind enum users (G)</term> 
+		<listitem><para>On large installations using
+		<ulink url="winbindd.8.html">winbindd(8)</ulink> it may be
+		necessary to suppress the enumeration of users through the
+		<command> setpwent()</command>,
+		<command>getpwent()</command> and
+		<command>endpwent()</command> group of system calls.  If
+		the <parameter>winbind enum users</parameter> parameter is
+		<constant>no</constant>, calls to the <command>getpwent</command> system call
+		will not return any data. </para>
+
+		<para><emphasis>Warning:</emphasis> Turning off user
+		enumeration may cause some programs to behave oddly.  For
+		example, the finger program relies on having access to the
+		full user list when searching for matching
+		usernames. </para>
+
+		<para>Default: <command>winbind enum users = yes </command></para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term><anchor id="WINBINDENUMGROUPS">winbind enum groups (G)</term> 
+		<listitem><para>On large installations using
+		<ulink url="winbindd.8.html">winbindd(8)</ulink> it may be
+		necessary to suppress the enumeration of groups through the
+		<command> setgrent()</command>,
+		<command>getgrent()</command> and
+		<command>endgrent()</command> group of system calls.  If
+		the <parameter>winbind enum groups</parameter> parameter is
+		<constant>no</constant>, calls to the <command>getgrent()</command> system
+		call will not return any data. </para>
+
+		<para><emphasis>Warning:</emphasis> Turning off group
+		enumeration may cause some programs to behave oddly.
+		</para>
+
+		<para>Default: <command>winbind enum groups = yes </command>
+		</para></listitem>
+		</varlistentry>
+
+	
+		<varlistentry>
+		<term><anchor id="WINBINDGID">winbind gid (G)</term>
+		<listitem><para>The winbind gid parameter specifies the range of group 
+		ids that are allocated by the <ulink url="winbindd.8.html">
+		winbindd(8)</ulink> daemon.  This range of group ids should have no 
+		existing local or NIS groups within it as strange conflicts can 
+		occur otherwise.</para>
+
+		<para>Default: <command>winbind gid = &lt;empty string&gt;
+		</command></para>
+
+		<para>Example: <command>winbind gid = 10000-20000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="WINBINDSEPARATOR">winbind separator (G)</term>
+		<listitem><para>This parameter allows an admin to define the character 
+		used when listing a username of the form of <replaceable>DOMAIN
+		</replaceable>\<replaceable>user</replaceable>.  This parameter 
+		is only applicable when using the <filename>pam_winbind.so</filename>
+		and <filename>nss_winbind.so</filename> modules for UNIX services.
+		</para>
+
+		<para>Please note that setting this parameter to + causes problems
+		with group membership at least on glibc systems, as the character +
+		is used as a special character for NIS in /etc/group.</para>
+
+		<para>Default: <command>winbind separator = '\'</command></para>
+		<para>Example: <command>winbind separator = +</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WINBINDUID">winbind uid (G)</term>
+		<listitem><para>The winbind gid parameter specifies the range of group 
+		ids that are allocated by the <ulink url="winbindd.8.html">
+		winbindd(8)</ulink> daemon.  This range of ids should have no 
+		existing local or NIS users within it as strange conflicts can 
+		occur otherwise.</para>
+
+		<para>Default: <command>winbind uid = &lt;empty string&gt;
+		</command></para>
+		
+		<para>Example: <command>winbind uid = 10000-20000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>winbind use default domain</term>
+		
+		<term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain</term>
+		<listitem><para>This parameter specifies whether the <ulink url="winbindd.8.html">
+		winbindd(8)</ulink>
+		daemon should operate on users without domain component in their username.  
+                Users without a domain component are treated as is part of the winbindd server's 
+                own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
+                function in a way much closer to the way they would in a native unix system.</para>
+		
+		<para>Default: <command>winbind use default domain = &lt;no&gt; 
+		</command></para>
+		<para>Example: <command>winbind use default domain = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="WINSHOOK">wins hook (G)</term>
+		<listitem><para>When Samba is running as a WINS server this 
+		allows you to call an external program for all changes to the 
+		WINS database. The primary use for this option is to allow the 
+		dynamic update of external name resolution databases such as 
+		dynamic DNS.</para>
+
+		<para>The wins hook parameter specifies the name of a script 
+		or executable that will be called as follows:</para>
+
+		<para><command>wins_hook operation name nametype ttl IP_list
+		</command></para>
+
+		<itemizedlist>
+			<listitem><para>The first argument is the operation and is one 
+			of "add", "delete", or "refresh". In most cases the operation can 
+			be ignored as the rest of the parameters provide sufficient 
+			information. Note that "refresh" may sometimes be called when the 
+			name has not previously been added, in that case it should be treated 
+			as an add.</para></listitem>
+
+			<listitem><para>The second argument is the NetBIOS name. If the 
+			name is not a legal name then the wins hook is not called. 
+			Legal names contain only  letters, digits, hyphens, underscores 
+			and periods.</para></listitem>
+
+			<listitem><para>The third argument is the NetBIOS name 
+			type as a 2 digit hexadecimal number. </para></listitem>
+
+			<listitem><para>The fourth argument is the TTL (time to live) 
+			for the name in seconds.</para></listitem>
+			
+			<listitem><para>The fifth and subsequent arguments are the IP 
+			addresses currently registered for that name. If this list is 
+			empty then the name should be deleted.</para></listitem>
+		</itemizedlist>
+
+		<para>An example script that calls the BIND dynamic DNS update 
+		program <command>nsupdate</command> is provided in the examples 
+		directory of the Samba source code. </para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WINSPROXY">wins proxy (G)</term>
+		<listitem><para>This is a boolean that controls if <ulink 
+		url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name 
+		queries on behalf of  other hosts. You may need to set this 
+		to <constant>yes</constant> for some older clients.</para>
+
+		<para>Default: <command>wins proxy = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WINSSERVER">wins server (G)</term>
+		<listitem><para>This specifies the IP address (or DNS name: IP 
+		address for preference) of the WINS server that <ulink url="nmbd.8.html">
+		nmbd(8)</ulink> should register with. If you have a WINS server on 
+		your network then you should set this to the WINS server's IP.</para>
+
+		<para>You should point this at your WINS server if you have a
+		multi-subnetted network.</para>
+
+		<para><emphasis>NOTE</emphasis>. You need to set up Samba to point 
+		to a WINS server if you have multiple subnets and wish cross-subnet 
+		browsing to work correctly.</para>
+
+		<para>See the documentation file <filename>BROWSING.txt</filename> 
+		in the docs/ directory of your Samba source distribution.</para>
+
+		<para>Default: <emphasis>not enabled</emphasis></para>
+		<para>Example: <command>wins server = 192.9.200.1</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="WINSSUPPORT">wins support (G)</term>
+		<listitem><para>This boolean controls if the <ulink url="nmbd.8.html"> 		
+		nmbd(8)</ulink> process in Samba will act as a WINS server. You should 
+		not set this to <constant>yes</constant> unless you have a multi-subnetted network and 
+		you wish a particular <command>nmbd</command> to be your WINS server. 
+		Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant>
+		on more than one machine in your network.</para>
+
+		<para>Default: <command>wins support = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="WORKGROUP">workgroup (G)</term>
+		<listitem><para>This controls what workgroup your server will 
+		appear to be in when queried by clients. Note that this parameter 
+		also controls the Domain name used with the <link 
+		linkend="SECURITYEQUALSDOMAIN"><command>security = domain</command></link>
+		setting.</para>
+
+		<para>Default: <emphasis>set at compile time to WORKGROUP</emphasis></para>
+		<para>Example: <command>workgroup = MYGROUP</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WRITABLE">writable (S)</term>
+		<listitem><para>Synonym for <link linkend="WRITEABLE"><parameter>
+		writeable</parameter></link> for people who can't spell :-).</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="WRITECACHESIZE">write cache size (S)</term>
+		<listitem><para>If this integer parameter is set to non-zero value,
+		Samba will create an in-memory cache for each oplocked file 
+		(it does <emphasis>not</emphasis> do this for 
+		non-oplocked files). All writes that the client does not request 
+		to be flushed directly to disk will be stored in this cache if possible. 
+		The cache is flushed onto disk when a write comes in whose offset 
+		would not fit into the cache or when the file is closed by the client. 
+		Reads for the file are also served from this cache if the data is stored 
+		within it.</para>
+
+		<para>This cache allows Samba to batch client writes into a more 
+		efficient write size for RAID disks (i.e. writes may be tuned to 
+		be the RAID stripe size) and can improve performance on systems 
+		where the disk subsystem is a bottleneck but there is free 
+		memory for userspace programs.</para>
+
+		<para>The integer parameter specifies the size of this cache 
+		(per oplocked file) in bytes.</para>
+
+		<para>Default: <command>write cache size = 0</command></para>
+		<para>Example: <command>write cache size = 262144</command></para>
+
+		<para>for a 256k cache size per file.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WRITELIST">write list (S)</term>
+		<listitem><para>This is a list of users that are given read-write 
+		access to a service. If the connecting user is in this list then 
+		they will be given write access, no matter what the <link
+		linkend="READONLY"><parameter>read only</parameter></link>
+		option is set to. The list can include group names using the 
+		@group syntax.</para>
+
+		<para>Note that if a user is in both the read list and the 
+		write list then they will be given write access.</para>
+
+		<para>See also the <link linkend="READLIST"><parameter>read list
+		</parameter></link> option.</para>
+
+		<para>Default: <command>write list = &lt;empty string&gt;
+		</command></para>
+
+		<para>Example: <command>write list = admin, root, @staff
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+		<varlistentry>
+		<term><anchor id="WRITEOK">write ok (S)</term>
+		<listitem><para>Inverted synonym for <link linkend="READONLY"><parameter>
+		read only</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="WRITERAW">write raw (G)</term>
+		<listitem><para>This parameter controls whether or not the server 
+		will support raw write SMB's when transferring data from clients. 
+		You should never need to change this parameter.</para>
+
+		<para>Default: <command>write raw = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="WRITEABLE">writeable (S)</term>
+		<listitem><para>Inverted synonym for <link linkend="READONLY"><parameter>
+		read only</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+	</variablelist>
+
+</refsect1>
+
+<refsect1>
+	<title>WARNINGS</title>
+	
+	<para>Although the configuration file permits service names 
+	to contain spaces, your client software may not. Spaces will 
+	be ignored in comparisons anyway, so it shouldn't be a 
+	problem - but be aware of the possibility.</para>
+
+	<para>On a similar note, many clients - especially DOS clients - 
+	limit service names to eight characters. <ulink url="smbd.8.html">smbd(8)
+	</ulink> has no such limitation, but attempts to connect from such 
+	clients will fail if they truncate the service names.  For this reason 
+	you should probably keep your service names down to eight characters 
+	in length.</para>
+
+	<para>Use of the [homes] and [printers] special sections make life 
+	for an administrator easy, but the various combinations of default 
+	attributes can be tricky. Take extreme care when designing these 
+	sections. In particular, ensure that the permissions on spool 
+	directories are correct.</para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="samba.7.html">samba(7)</ulink>,
+	<ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>,
+	<ulink url="swat.8.html"><command>swat(8)</command></ulink>,
+	<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, 
+	<ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, 
+	<ulink url="nmblookup.1.html"><command>nmblookup(1)</command></ulink>,
+	<ulink url="testparm.1.html"><command>testparm(1)</command></ulink>, 
+	<ulink url="testprns.1.html"><command>testprns(1)</command></ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml
new file mode 100755
index 00000000000..69aa9674928
--- /dev/null
+++ b/docs/docbook/manpages/smbcacls.1.sgml
@@ -0,0 +1,255 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbcacls">
+
+<refmeta>
+	<refentrytitle>smbcacls</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbcacls</refname>
+	<refpurpose>Set or get ACLs on an NT file or directory names</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbcacls</command>
+		<arg choice="req">//server/share</arg>
+		<arg choice="req">filename</arg>
+		<arg choice="opt">-U username</arg>
+		<arg choice="opt">-A acls</arg>
+		<arg choice="opt">-M acls</arg>
+		<arg choice="opt">-D acls</arg>
+		<arg choice="opt">-S acls</arg>
+		<arg choice="opt">-C name</arg>
+		<arg choice="opt">-G name</arg>
+		<arg choice="opt">-n</arg>
+		<arg choice="opt">-h</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+	
+	<para>The <command>smbcacls</command> program manipulates NT Access Control Lists 
+	(ACLs) on SMB file shares. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<para>The following options are available to the <command>smbcacls</command> program.  
+	The format of ACLs is described in the section ACL FORMAT </para>
+
+
+	<variablelist>
+		<varlistentry>
+		<term>-A acls</term>
+		<listitem><para>Add the ACLs specified to the ACL list.  Existing 
+		access control entries are unchanged. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-M acls</term>
+		<listitem><para>Modify the mask value (permissions) for the ACLs 
+		specified on the command line.  An error will be printed for each 
+		ACL specified that was not already present in the ACL list
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-D acls</term>
+		<listitem><para>Delete any ACLs specified on the command line.  
+		An error will be printed for each ACL specified that was not 
+		already present in the ACL list. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-S acls</term>
+		<listitem><para>This command sets the ACLs on the file with 
+		only the ones specified on the command line.  All other ACLs are 
+		erased.  Note that the ACL specified must contain at least a revision, 
+		type, owner and group for the call to succeed. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-U username</term>
+		<listitem><para>Specifies a username used to connect to the 
+		specified service.  The username may be of the form "username" in 
+		which case the user is prompted to enter in a password and the 
+		workgroup specified in the <filename>smb.conf</filename> file is 
+		used, or "username%password"  or "DOMAIN\username%password" and the 
+		password and workgroup names are used as provided. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-C name</term>
+		<listitem><para>The owner of a file or directory can be changed 
+		to the name given using the <parameter>-C</parameter> option.  
+		The name can be a sid in the form S-1-x-y-z or a name resolved 
+		against the server specified in the first argument. </para>
+		
+		<para>This command is a shortcut for -M OWNER:name. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-G name</term>
+		<listitem><para>The group owner of a file or directory can 
+		be changed to the name given using the <parameter>-G</parameter> 
+		option.  The name can be a sid in the form S-1-x-y-z or a name 
+		resolved against the server specified n the first argument.
+		</para>
+		
+		<para>This command is a shortcut for -M GROUP:name.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-n</term>
+		<listitem><para>This option displays all ACL information in numeric 
+		format.  The default is to convert SIDs to names and ACE types 
+		and masks to a readable string format.  </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-h</term>
+		<listitem><para>Print usage information on the <command>smbcacls
+		</command> program.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>ACL FORMAT</title>
+
+	<para>The format of an ACL is one or more ACL entries separated by 
+	either commas or newlines.  An ACL entry is one of the following: </para>
+
+	<para><programlisting> 
+REVISION:&lt;revision number&gt;
+OWNER:&lt;sid or name&gt;
+GROUP:&lt;sid or name&gt;
+ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
+	</programlisting></para>
+  
+
+	<para>The revision of the ACL specifies the internal Windows 
+	NT ACL revision for the security descriptor.  
+	If not specified it defaults to 1.  Using values other than 1 may 
+	cause strange behaviour. </para>
+
+	<para>The owner and group specify the owner and group sids for the 
+	object.  If a SID in the format CWS-1-x-y-z is specified this is used, 
+	otherwise the name specified is resolved using the server on which 
+	the file or directory resides. </para>
+
+		<para>ACLs specify permissions granted to the SID.  This SID again 
+		can be specified in CWS-1-x-y-z format or as a name in which case 
+		it is resolved against the server on which the file or directory 
+		resides.  The type, flags and mask values determine the type of 
+		access granted to the SID. </para>
+
+		<para>The type can be either 0 or 1 corresponding to ALLOWED or 
+		DENIED access to the SID.  The flags values are generally
+		zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
+		common flags are: </para>
+
+		<itemizedlist> 
+			<listitem><para>#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</para></listitem>
+			<listitem><para>#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</para></listitem>
+			<listitem><para>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
+			</para></listitem>
+			<listitem><para>#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</para>
+			</listitem>
+ 	</itemizedlist>
+  
+	<para>At present flags can only be specified as decimal or 
+	hexadecimal values.</para>
+ 
+	<para>The mask is a value which expresses the access right 
+	granted to the SID. It can be given as a decimal or hexadecimal value, 
+	or by using one of the following text strings which map to the NT 
+	file permissions of the same name. </para>
+
+	<itemizedlist>
+		<listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
+		<listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
+		<listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
+		<listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
+		<listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
+		<listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
+	</itemizedlist>
+
+
+	<para>The following combined permissions can be specified:</para>
+
+
+	<itemizedlist>
+		<listitem><para><emphasis>READ</emphasis> -  Equivalent to 'RX'
+		permissions</para></listitem>
+		<listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
+		</para></listitem>
+		<listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO' 
+		permissions</para></listitem>
+	</itemizedlist>
+	</refsect1>
+
+<refsect1>
+	<title>EXIT STATUS</title>
+
+	<para>The <command>smbcacls</command> program sets the exit status 
+	depending on the success or otherwise of the operations performed.  
+	The exit status may be one of the following values. </para>
+
+	<para>If the operation succeeded, smbcacls returns and exit 
+	status of 0.  If <command>smbcacls</command> couldn't connect to the specified server, 
+	or there was an error getting or setting the ACLs, an exit status 
+	of 1 is returned.  If there was an error parsing any command line 
+	arguments, an exit status of 2 is returned. </para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para><command>smbcacls</command> was written by Andrew Tridgell 
+	and Tim Potter.</para>
+	
+	<para>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml
new file mode 100755
index 00000000000..31031dafc46
--- /dev/null
+++ b/docs/docbook/manpages/smbclient.1.sgml
@@ -0,0 +1,1088 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbclient">
+
+<refmeta>
+	<refentrytitle>smbclient</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbclient</refname>
+	<refpurpose>ftp-like client to access SMB/CIFS resources 
+	on servers</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbclient</command>
+		<arg choice="req">servicename</arg>
+		<arg choice="opt">password</arg>
+		<arg choice="opt">-b &lt;buffer size&gt;</arg>
+		<arg choice="opt">-d debuglevel</arg>
+		<arg choice="opt">-D Directory</arg>
+		<arg choice="opt">-U username</arg>
+		<arg choice="opt">-W workgroup</arg>
+		<arg choice="opt">-M &lt;netbios name&gt;</arg>
+		<arg choice="opt">-m maxprotocol</arg>
+		<arg choice="opt">-A authfile</arg>
+		<arg choice="opt">-N</arg>
+		<arg choice="opt">-l logfile</arg>
+		<arg choice="opt">-L &lt;netbios name&gt;</arg>
+		<arg choice="opt">-I destinationIP</arg>
+		<arg choice="opt">-E &lt;terminal code&gt;</arg>
+		<arg choice="opt">-c &lt;command string&gt;</arg>
+		<arg choice="opt">-i scope</arg>
+		<arg choice="opt">-O &lt;socket options&gt;</arg>
+		<arg choice="opt">-p port</arg>
+		<arg choice="opt">-R &lt;name resolve order&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="opt">-T&lt;c|x&gt;IXFqgbNan</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>smbclient</command> is a client that can 
+	'talk' to an SMB/CIFS server. It offers an interface
+	similar to that of the ftp program (see <command>ftp(1)</command>).  
+	Operations include things like getting files from the server 
+	to the local machine, putting files from the local machine to 
+	the server, retrieving directory information from the server 
+	and so on. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+	
+	<variablelist>
+		<varlistentry>
+		<term>servicename</term>
+		<listitem><para>servicename is the name of the service 
+		you want to use on the server. A service name takes the form
+		<filename>//server/service</filename> where <parameter>server
+		</parameter> is the NetBIOS name of the SMB/CIFS server 
+		offering the desired service and <parameter>service</parameter> 
+		is the name of the service offered.  Thus to connect to 
+		the service "printer" on the SMB/CIFS server "smbserver",
+		you would use the servicename <filename>//smbserver/printer
+		</filename></para>
+
+		<para>Note that the server name required is NOT necessarily 
+		the IP (DNS) host name of the server !  The name required is 
+		a NetBIOS server name, which may or may not be the
+		same as the IP hostname of the machine running the server.
+		</para>
+
+		<para>The server name is looked up according to either 
+		the <parameter>-R</parameter> parameter to <command>smbclient</command> or 
+		using the name resolve order parameter in the <filename>smb.conf</filename> file, 
+		allowing an administrator to change the order and methods 
+		by which server names are looked up. </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>password</term>
+		<listitem><para>The password required to access the specified 
+		service on the specified server. If this parameter is 
+		supplied, the <parameter>-N</parameter> option (suppress 
+		password prompt) is assumed. </para>
+
+		<para>There is no default password. If no password is supplied 
+		on the command line (either by using this parameter or adding 
+		a password to the <parameter>-U</parameter> option (see 
+		below)) and the <parameter>-N</parameter> option is not 
+		specified, the client will prompt for a password, even if 
+		the desired service does not require one. (If no password is 
+		required, simply press ENTER to provide a null password.)
+		</para>
+
+		<para>Note: Some servers (including OS/2 and Windows for 
+		Workgroups) insist on an uppercase password. Lowercase 
+		or mixed case passwords may be rejected by these servers. 		
+		</para>
+
+		<para>Be cautious about including passwords in scripts.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-s smb.conf</term>
+		<listitem><para>Specifies the location of the all important 
+		<filename>smb.conf</filename> file. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-O socket options</term>
+		<listitem><para>TCP socket options to set on the client 
+		socket. See the socket options parameter in the <filename>
+		smb.conf (5)</filename> manpage for the list of valid 
+		options. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-R &lt;name resolve order&gt;</term> 
+		<listitem><para>This option is used by the programs in the Samba 
+		suite to determine what naming services and in what order to resolve 
+		host names to IP addresses. The option takes a space-separated 
+		string of different name resolution options.</para>
+
+		<para>The options are :"lmhosts", "host", "wins" and "bcast". They 
+		cause names to be resolved as follows :</para>
+
+		<itemizedlist>
+			<listitem><para><constant>lmhosts</constant> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <ulink 
+			url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
+			any name type matches for lookup.</para></listitem>
+
+			<listitem><para><constant>host</constant> : Do a standard host 
+			name to IP address resolution, using the system <filename>/etc/hosts
+			</filename>, NIS, or DNS lookups. This method of name resolution 
+			is operating system dependent, for instance on IRIX or Solaris this 
+			may be controlled by the <filename>/etc/nsswitch.conf</filename> 
+			file).  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</para></listitem>
+
+			<listitem><para><constant>wins</constant> : Query a name with 
+			the IP address listed in the <parameter>wins server</parameter>
+			parameter.  If no WINS server has
+			been specified this method will be ignored.</para></listitem>
+
+			<listitem><para><constant>bcast</constant> : Do a broadcast on 
+			each of the known local interfaces listed in the 
+			<parameter>interfaces</parameter>
+			parameter. This is the least reliable of the name resolution 
+			methods as it depends on the target host being on a locally 
+			connected subnet.</para></listitem>
+		</itemizedlist>
+
+		<para>If this parameter is not set then the name resolve order 
+		defined in the <filename>smb.conf</filename> file parameter  
+		(name resolve order) will be used. </para>
+
+		<para>The default order is lmhosts, host, wins, bcast and without 
+		this parameter or any entry in the <parameter>name resolve order
+		</parameter> parameter of the <filename>smb.conf</filename> file the name resolution
+		methods will be attempted in this order. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-M NetBIOS name</term>
+		<listitem><para>This options allows you to send messages, using 
+		the "WinPopup" protocol, to another computer. Once a connection is 
+		established you then type your message, pressing ^D (control-D) to 
+		end. </para>
+
+		<para>If the receiving computer is running WinPopup the user will 
+		receive the message and probably a beep. If they are not running 
+		WinPopup the message will be lost, and no error message will 
+		occur. </para>
+
+		<para>The message is also automatically truncated if the message 
+		is over 1600 bytes, as this is the limit of the protocol. 
+		</para>
+
+		<para>One useful trick is to cat the message through
+		<command>smbclient</command>. For example: <command>
+		cat mymessage.txt | smbclient -M FRED </command> will 
+		send the message in the file <filename>mymessage.txt</filename> 
+		to the machine FRED. </para>
+
+		<para>You may also find the <parameter>-U</parameter> and 
+		<parameter>-I</parameter> options useful, as they allow you to 
+		control the FROM and TO parts of the message. </para>
+
+		<para>See the message command parameter in the <filename>
+		smb.conf(5)</filename> for a description of how to handle incoming 
+		WinPopup messages in Samba. </para>
+
+		<para><emphasis>Note</emphasis>: Copy WinPopup into the startup group 
+		on your WfWg PCs if you want them to always be able to receive 
+		messages. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-i scope</term>
+		<listitem><para>This specifies a NetBIOS scope that smbclient will 
+		use to communicate with when generating NetBIOS names. For details 
+		on the use of NetBIOS scopes, see <filename>rfc1001.txt</filename> 
+		and <filename>rfc1002.txt</filename>.
+		NetBIOS scopes are <emphasis>very</emphasis> rarely used, only set 
+		this parameter if you are the system administrator in charge of all 
+		the NetBIOS systems you communicate with. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-N</term>
+		<listitem><para>If specified, this parameter suppresses the normal 
+		password prompt from the client to the user. This is useful when 
+		accessing a service that does not require a password. </para>
+
+		<para>Unless a password is specified on the command line or 
+		this parameter is specified, the client will request a 
+		password.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-n NetBIOS name</term>
+		<listitem><para>By default, the client will use the local 
+		machine's hostname (in uppercase) as its NetBIOS name. This parameter 
+		allows you to override the host name and use whatever NetBIOS 
+		name you wish. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-d debuglevel</term>
+		<listitem><para><replaceable>debuglevel</replaceable> is an integer from 0 to 10, or 
+		the letter 'A'. </para>
+		
+		<para>The default value if this parameter is not specified 
+		is zero. </para>
+
+		<para>The higher this value, the more detail will be logged to 
+		the log files about the activities of the 
+		client. At level 0, only critical errors and serious warnings will 
+		be logged. Level 1 is a reasonable level for day to day running - 
+		it generates a small amount of information about operations 
+		carried out. </para>
+		
+		<para>Levels above 1 will generate considerable amounts of log 
+		data, and should only be used when investigating a problem.
+		Levels above 3 are designed for use only by developers and 
+		generate HUGE amounts of log data, most of which is extremely 
+		cryptic. If <replaceable>debuglevel</replaceable> is set to the letter 'A', then <emphasis>all
+		</emphasis>  debug messages will be printed. This setting
+		is for developers only (and people who <emphasis>really</emphasis> want 
+		to know how the code works internally). </para>
+
+		<para>Note that specifying this parameter here will override
+		the log level parameter in the <filename>smb.conf (5)</filename> 
+		file. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-p port</term>
+		<listitem><para>This number is the TCP port number that will be used 
+		when making connections to the server. The standard (well-known)
+		TCP port number for an SMB/CIFS server is 139, which is the 
+		default. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-l logfilename</term>
+		<listitem><para>If specified, <replaceable>logfilename</replaceable> specifies a base filename 
+		into which operational data from the running client will be 
+		logged. </para>
+
+		<para>The default base name is specified at compile time.</para>
+
+		<para>The base name is used to generate actual log file names.
+		For example, if the name specified was "log", the debug file 
+		would be <filename>log.client</filename>.</para>
+		
+		<para>The log file generated is never removed by the client. 		
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-h</term><listitem>
+		<para>Print the usage message for the client. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-I IP-address</term>
+		<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. 
+		It should be specified in standard "a.b.c.d" notation. </para>
+
+		<para>Normally the client would attempt to locate a named 
+		SMB/CIFS server by looking it up via the NetBIOS name resolution 
+		mechanism described above in the <parameter>name resolve order</parameter> 
+		parameter above. Using this parameter will force the client
+		to assume that the server is on the machine with the specified IP 
+		address and the NetBIOS name component of the resource being 
+		connected to will be ignored. </para>
+
+		<para>There is no default for this parameter. If not supplied, 
+		it will be determined automatically by the client as described 
+		above. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-E</term>
+		<listitem><para>This parameter causes the client to write messages 
+		to the standard error stream (stderr) rather than to the standard 
+		output stream. </para>
+		
+		<para>By default, the client writes messages to standard output 
+		- typically the user's tty. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-U username[%pass]</term>
+		<listitem><para>Sets the SMB username or username and password. 
+		If %pass is not specified, The user will be prompted. The client 
+		will first check the <envar>USER</envar> environment variable, then the 
+		<envar>LOGNAME</envar> variable and if either exists, the 
+		string is uppercased. Anything in these variables following a '%' 
+		sign will be treated as the password. If these environment 
+		variables are not found, the username <constant>GUEST</constant> 
+		is used. </para>
+
+		<para>If the password is not included in these environment
+		variables (using the %pass syntax), <command>smbclient</command> will look for 
+		a <envar>PASSWD</envar> environment variable from which 
+		to read the password. </para>
+		
+		<para>A third option is to use a credentials file which 
+		contains the plaintext of the domain name, username and password.  This 
+		option is mainly provided for scripts where the admin doesn't 
+		wish to pass the credentials on the command line or via environment 
+		variables. If this method is used, make certain that the permissions 
+		on the file restrict access from unwanted users.  See the 
+		<parameter>-A</parameter> for more details. </para>
+		
+		<para>Be cautious about including passwords in scripts or in 
+		the <envar>PASSWD</envar> environment variable. Also, on 
+		many systems the command line of a running process may be seen 
+		via the <command>ps</command> command to be safe always allow 
+		<command>smbclient</command> to prompt for a password and type 
+		it in directly. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-A filename</term><listitem><para>This option allows 
+		you to specify a file from which to read the username, domain name, and 
+		password used in the connection.  The format of the file is 
+		</para>
+		
+		<para><programlisting>
+username = &lt;value&gt; 
+password = &lt;value&gt;
+domain = &lt;value&gt;
+		</programlisting></para>
+	
+
+		<para>If the domain parameter is missing the current workgroup name
+		is used instead. Make certain that the permissions on the file restrict 
+		access from unwanted users. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-L</term>
+		<listitem><para>This option allows you to look at what services 
+		are available on a server. You use it as <command>smbclient -L 
+		host</command> and a list should appear.  The <parameter>-I
+		</parameter> option may be useful if your NetBIOS names don't 
+		match your TCP/IP DNS host names or if you are trying to reach a 
+		host on another network. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-t terminal code</term>
+		<listitem><para>This option tells <command>smbclient</command> how to interpret 
+		filenames coming from the remote server. Usually Asian language 
+		multibyte UNIX implementations use different character sets than 
+		SMB/CIFS servers (<emphasis>EUC</emphasis> instead of <emphasis>
+		SJIS</emphasis> for example). Setting this parameter will let 
+		<command>smbclient</command> convert between the UNIX filenames and 
+		the SMB filenames correctly. This option has not been seriously tested 
+		and may have some problems. </para>
+
+		<para>The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8,
+		CWjunet, CWhex, CWcap. This is not a complete list, check the Samba 
+		source code for the complete list. </para></listitem>
+		</varlistentry>
+		
+			
+		<varlistentry>	
+		<term>-b buffersize</term>
+		<listitem><para>This option changes the transmit/send buffer 
+		size when getting or putting a file from/to the server. The default 
+		is 65520 bytes. Setting this value smaller (to 1200 bytes) has been 
+		observed to speed up file transfers to and from a Win9x server. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-W WORKGROUP</term>
+		<listitem><para>Override the default workgroup (domain) specified
+		in the workgroup parameter of the <filename>smb.conf</filename>
+		file for this connection. This may be needed to connect to some
+		servers. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-T tar options</term>
+		<listitem><para>smbclient may be used to create <command>tar(1)
+		</command> compatible backups of all the files on an SMB/CIFS
+		share. The secondary tar flags that can be given to this option 
+		are : </para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>c</parameter> - Create a tar file on UNIX. 
+			Must be followed by the name of a tar file, tape device
+			or "-" for standard output. If using standard output you must 
+			turn the log level to its lowest value -d0 to avoid corrupting 
+			your tar file. This flag is mutually exclusive with the 
+			<parameter>x</parameter> flag. </para></listitem>
+			
+			<listitem><para><parameter>x</parameter> - Extract (restore) a local 
+			tar file back to a share. Unless the -D option is given, the tar 
+			files will be restored from the top level of the share. Must be 
+			followed by the name of the tar file, device or "-" for standard 
+			input. Mutually exclusive with the <parameter>c</parameter> flag. 
+			Restored files have their creation times (mtime) set to the
+			date saved in the tar file. Directories currently do not get 
+			their creation dates restored properly. </para></listitem>
+			
+			<listitem><para><parameter>I</parameter> - Include files and directories. 
+			Is the default behavior when filenames are specified above. Causes 
+			tar files to be included in an extract or create (and therefore 
+			everything else to be excluded). See example below.  Filename globbing 
+			works  in one of two ways.  See r below. </para></listitem>
+			
+			<listitem><para><parameter>X</parameter> - Exclude files and directories. 
+			Causes tar files to be excluded from an extract or create. See 
+			example below.  Filename globbing works in one of two ways now. 
+			See <parameter>r</parameter> below. </para></listitem>
+			
+			<listitem><para><parameter>b</parameter> - Blocksize. Must be followed 
+			by a valid (greater than zero) blocksize.  Causes tar file to be 
+			written out in blocksize*TBLOCK (usually 512 byte) blocks. 
+			</para></listitem>
+			
+			<listitem><para><parameter>g</parameter> - Incremental. Only back up 
+			files that have the archive bit set. Useful only with the 
+			<parameter>c</parameter> flag. </para></listitem>
+
+			<listitem><para><parameter>q</parameter> - Quiet. Keeps tar from printing 
+			diagnostics as it works.  This is the same as tarmode quiet. 
+			</para></listitem>
+			
+			<listitem><para><parameter>r</parameter> - Regular expression include
+			or exclude.  Uses regular  expression matching for 
+			excluding or excluding files if  compiled with HAVE_REGEX_H. 
+			However this mode can be very slow. If  not compiled with 
+			HAVE_REGEX_H, does a limited wildcard match on '*' and  '?'. 
+			</para></listitem>
+			
+			<listitem><para><parameter>N</parameter> - Newer than. Must be followed 
+			by the name of a file whose date is compared against files found 
+			on the share during a create. Only files newer than the file 
+			specified are backed up to the tar file. Useful only with the 
+			<parameter>c</parameter> flag. </para></listitem>
+			
+			<listitem><para><parameter>a</parameter> - Set archive bit. Causes the 
+			archive bit to be reset when a file is backed up. Useful with the 
+			<parameter>g</parameter> and <parameter>c</parameter> flags. 
+			</para></listitem>
+		</itemizedlist>
+			
+		<para><emphasis>Tar Long File Names</emphasis></para>
+			
+		<para><command>smbclient</command>'s tar option now supports long 
+		file names both on backup and restore. However, the full path 
+		name of the file must be less than 1024 bytes.  Also, when
+		a tar archive is created, <command>smbclient</command>'s tar option places all 
+		files in the archive with relative names, not absolute names. 
+		</para>
+			
+		<para><emphasis>Tar Filenames</emphasis></para>
+			
+		<para>All file names can be given as DOS path names (with '\' 
+		as the component separator) or as UNIX path names (with '/' as 
+		the component separator). </para>
+			
+		<para><emphasis>Examples</emphasis></para>
+		
+		<para>Restore from tar file <filename>backup.tar</filename> into myshare on mypc 
+		(no password on share). </para>
+		
+		<para><command>smbclient //mypc/yshare "" -N -Tx backup.tar
+		</command></para>
+		
+		<para>Restore everything except <filename>users/docs</filename>
+		</para>
+		
+		<para><command>smbclient //mypc/myshare "" -N -TXx backup.tar 
+		users/docs</command></para>
+		
+		<para>Create a tar file of the files beneath <filename>
+		users/docs</filename>. </para>
+		
+		<para><command>smbclient //mypc/myshare "" -N -Tc
+		backup.tar users/docs </command></para>
+		
+		<para>Create the same tar file as above, but now use 
+		a DOS path name. </para>
+		
+		<para><command>smbclient //mypc/myshare "" -N -tc backup.tar 
+		users\edocs </command></para>
+		
+		<para>Create a tar file of all the files and directories in 
+		the share. </para>
+		
+		<para><command>smbclient //mypc/myshare "" -N -Tc backup.tar *
+		</command></para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-D initial directory</term>
+		<listitem><para>Change to initial directory before starting. Probably 
+		only of any use with the tar -T option. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>-c command string</term>
+		<listitem><para>command string is a semicolon-separated list of 
+		commands to be executed instead of prompting from stdin. <parameter>
+		-N</parameter> is implied by <parameter>-c</parameter>.</para>
+
+		<para>This is particularly useful in scripts and for printing stdin 
+		to the server, e.g. <command>-c 'print -'</command>. </para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>OPERATIONS</title>
+
+	<para>Once the client is running, the user is presented with 
+	a prompt : </para>
+
+	<para><prompt>smb:\&gt; </prompt></para>
+
+	<para>The backslash ("\") indicates the current working directory 
+	on the server, and will change if the current working directory 
+	is changed. </para>
+
+	<para>The prompt indicates that the client is ready and waiting to 
+	carry out a user command. Each command is a single word, optionally 
+	followed by parameters specific to that command. Command and parameters 
+	are space-delimited unless these notes specifically
+	state otherwise. All commands are case-insensitive.  Parameters to 
+	commands may or may not be case sensitive, depending on the command. 
+	</para>
+
+	<para>You can specify file names which have spaces in them by quoting 
+	the name with double quotes, for example "a long file name". </para>
+
+	<para>Parameters shown in square brackets (e.g., "[parameter]") are 
+	optional.  If not given, the command will use suitable defaults. Parameters 
+	shown in angle brackets (e.g., "&lt;parameter&gt;") are required.
+	</para>
+
+
+	<para>Note that all commands operating on the server are actually 
+	performed by issuing a request to the server. Thus the behavior may 
+	vary from server to server, depending on how the server was implemented. 
+	</para>
+
+	<para>The commands available are given here in alphabetical order. </para>
+
+	<variablelist>
+		<varlistentry>
+		<term>? [command]</term>
+		<listitem><para>If <replaceable>command</replaceable> is specified, the ? command will display 
+		a brief informative message about the specified command.  If no 
+		command is specified, a list of available commands will
+		be displayed. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>! [shell command]</term>
+		<listitem><para>If <replaceable>shell command</replaceable> is specified, the !  
+		command will execute a shell locally and run the specified shell 
+		command. If no command is specified, a local shell will be run. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>altname file</term>
+		<listitem><para>The client will request that the server return
+		the "alternate" name (the 8.3 name) for a file or directory.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>cancel jobid0 [jobid1] ... [jobidN]</term>
+		<listitem><para>The client will request that the server cancel
+		the printjobs identified by the given numeric print job ids.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>chmod file mode in octal</term>
+		<listitem><para>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		change the UNIX permissions to the given octal mode, in standard UNIX format.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>chown file uid gid</term>
+		<listitem><para>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		change the UNIX user and group ownership to the given decimal values. Note there is
+		currently no way to remotely look up the UNIX uid and gid values for a given name.
+		This may be addressed in future versions of the CIFS UNIX extensions.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>cd [directory name]</term>
+		<listitem><para>If "directory name" is specified, the current 
+		working directory on the server will be changed to the directory 
+		specified. This operation will fail if for any reason the specified 
+		directory is inaccessible. </para>
+
+		<para>If no directory name is specified, the current working 
+		directory on the server will be reported. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>del &lt;mask&gt;</term>
+		<listitem><para>The client will request that the server attempt 
+		to delete all files matching <replaceable>mask</replaceable> from the current working 
+		directory on the server. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>dir &lt;mask&gt;</term>
+		<listitem><para>A list of the files matching <replaceable>mask</replaceable> in the current 
+		working directory on the server will be retrieved from the server 
+		and displayed. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>exit</term>
+		<listitem><para>Terminate the connection with the server and exit 
+		from the program. </para></listitem> 
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>get &lt;remote file name&gt; [local file name]</term>
+		<listitem><para>Copy the file called <filename>remote file name</filename> from 
+		the server to the machine running the client. If specified, name 
+		the local copy <filename>local file name</filename>.  Note that all transfers in 
+		<command>smbclient</command> are binary. See also the 
+		lowercase command. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>help [command]</term>
+		<listitem><para>See the ? command above. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>lcd [directory name]</term>
+		<listitem><para>If <replaceable>directory name</replaceable> is specified, the current 
+		working directory on the local machine will be changed to 
+		the directory specified. This operation will fail if for any 
+		reason the specified directory is inaccessible. </para>
+		
+		<para>If no directory name is specified, the name of the 
+		current working directory on the local machine will be reported. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>link source destination</term>
+		<listitem><para>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		create a hard link between the source and destination files. The source file
+		must not exist.
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>lowercase</term>
+		<listitem><para>Toggle lowercasing of filenames for the get and 
+		mget commands. </para>
+				
+		<para>When lowercasing is toggled ON, local filenames are converted 
+		to lowercase when using the get and mget commands. This is
+		often useful when copying (say) MSDOS files from a server, because 
+		lowercase filenames are the norm on UNIX systems. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>ls &lt;mask&gt;</term>
+		<listitem><para>See the dir command above. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>mask &lt;mask&gt;</term>
+		<listitem><para>This command allows the user to set up a mask 
+		which will be used during recursive operation of the mget and 
+		mput commands. </para>
+
+		<para>The masks specified to the mget and mput commands act as 
+		filters for directories rather than files when recursion is 
+		toggled ON. </para>
+		
+		<para>The mask specified with the mask command is necessary 
+		to filter files within those directories. For example, if the
+		mask specified in an mget command is "source*" and the mask 
+		specified with the mask command is "*.c" and recursion is 
+		toggled ON, the mget command will retrieve all files matching 
+		"*.c" in all directories below and including all directories 
+		matching "source*" in the current working directory. </para>
+
+		<para>Note that the value for mask defaults to blank (equivalent 
+		to "*") and remains so until the mask command is used to change it. 
+		It retains the most recently specified value indefinitely. To 
+		avoid unexpected results it would be wise to change the value of 
+		mask back to "*" after using the mget or mput commands. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>md &lt;directory name&gt;</term>
+		<listitem><para>See the mkdir command. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>mget &lt;mask&gt;</term>
+		<listitem><para>Copy all files matching <replaceable>mask</replaceable> from the server to 
+		the machine running the client. </para>
+
+		<para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive 
+		operation and non-recursive operation - refer to the recurse and 
+		mask commands for more information. Note that all transfers in 
+		<command>smbclient</command> are binary. See also the lowercase command. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>mkdir &lt;directory name&gt;</term>
+		<listitem><para>Create a new directory on the server (user access 
+		privileges permitting) with the specified name. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>mput &lt;mask&gt;</term>
+		<listitem><para>Copy all files matching <replaceable>mask</replaceable> in the current working 
+		directory on the local machine to the current working directory on 
+		the server. </para>
+		
+		<para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive 
+		operation and non-recursive operation - refer to the recurse and mask 
+		commands for more information. Note that all transfers in <command>smbclient</command> 
+		are binary. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>print &lt;file name&gt;</term>
+		<listitem><para>Print the specified file from the local machine 
+		through a printable service on the server. </para>
+
+		<para>See also the printmode command.</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>printmode &lt;graphics or text&gt;</term>
+		<listitem><para>Set the print mode to suit either binary data 
+		(such as graphical information) or text. Subsequent print
+		commands will use the currently set print mode. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>prompt</term>
+		<listitem><para>Toggle prompting for filenames during operation 
+		of the mget and mput commands. </para>
+
+		<para>When toggled ON, the user will be prompted to confirm 
+		the transfer of each file during these commands. When toggled 
+		OFF, all specified files will be transferred without prompting. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>put &lt;local file name&gt; [remote file name]</term>
+		<listitem><para>Copy the file called <filename>local file name</filename> from the 
+		machine running the client to the server. If specified,
+		name the remote copy <filename>remote file name</filename>. Note that all transfers 
+		in <command>smbclient</command> are binary. See also the lowercase command. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>queue</term>
+		<listitem><para>Displays the print queue, showing the job id, 
+		name, size and current status. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>quit</term>
+		<listitem><para>See the exit command. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>rd &lt;directory name&gt;</term>
+		<listitem><para>See the rmdir command. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>recurse</term>
+		<listitem><para>Toggle directory recursion for the commands mget 
+		and mput. </para>
+		
+		<para>When toggled ON, these commands will process all directories 
+		in the source directory (i.e., the directory they are copying
+		from ) and will recurse into any that match the mask specified 
+		to the command. Only files that match the mask specified using 
+		the mask command will be retrieved. See also the mask command. 
+		</para>
+
+		<para>When recursion is toggled OFF, only files from the current 
+		working directory on the source machine that match the mask specified 
+		to the mget or mput commands will be copied, and any mask specified 
+		using the mask command will be ignored. </para></listitem>
+		</varlistentry>
+		
+		
+		
+		<varlistentry>
+		<term>rm &lt;mask&gt;</term>
+		<listitem><para>Remove all files matching <replaceable>mask</replaceable> from the current 
+		working directory on the server. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>rmdir &lt;directory name&gt;</term>
+ 		<listitem><para>Remove the specified directory (user access 
+		privileges permitting) from the server. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>setmode &lt;filename&gt; &lt;perm=[+|\-]rsha&gt;</term>
+		<listitem><para>A version of the DOS attrib command to set 
+		file permissions. For example: </para>
+
+		<para><command>setmode myfile +r </command></para>
+		
+		<para>would make myfile read only. </para></listitem>
+		</varlistentry>
+
+
+		
+		<varlistentry>
+		<term>symlink source destination</term>
+		<listitem><para>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		create a symbolic hard link between the source and destination files. The source file
+		must not exist. Note that the server will not create a link to any path that lies 
+		outside the currently connected share. This is enforced by the Samba server.
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>tar &lt;c|x&gt;[IXbgNa]</term>
+		<listitem><para>Performs a tar operation - see the <parameter>-T
+		</parameter> command line option above. Behavior may be affected 
+		by the tarmode command (see below). Using g (incremental) and N 
+		(newer) will affect tarmode settings. Note that using the "-" option 
+		with tar x may not work - use the command line option instead. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>blocksize &lt;blocksize&gt;</term>
+		<listitem><para>Blocksize. Must be followed by a valid (greater 
+		than zero) blocksize. Causes tar file to be written out in 
+		<replaceable>blocksize</replaceable>*TBLOCK (usually 512 byte) blocks. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>tarmode &lt;full|inc|reset|noreset&gt;</term>
+		<listitem><para>Changes tar's behavior with regard to archive 
+		bits. In full mode, tar will back up everything regardless of the 
+		archive bit setting (this is the default mode). In incremental mode, 
+		tar will only back up files with the archive bit set. In reset mode, 
+		tar will reset the archive bit on all files it backs up (implies 
+		read/write share). </para></listitem>
+		</varlistentry>
+		
+		
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>NOTES</title>
+
+	<para>Some servers are fussy about the case of supplied usernames, 
+	passwords, share names (AKA service names) and machine names. 
+	If you fail to connect try giving all parameters in uppercase. 
+	</para>
+	
+	<para>It is often necessary to use the -n option when connecting 
+	to some types of servers. For example OS/2 LanManager insists 
+	on a valid NetBIOS name being used, so you need to supply a valid 
+	name that would be known to the server.</para>
+
+	<para>smbclient supports long file names where the server 
+	supports the LANMAN2 protocol or above. </para>
+</refsect1>
+
+<refsect1>
+	<title>ENVIRONMENT VARIABLES</title>
+
+	<para>The variable <envar>USER</envar> may contain the 
+	username of the person  using the client. This information is 
+	used only if the protocol  level is high enough to support 
+	session-level passwords.</para>
+
+
+	<para>The variable <envar>PASSWD</envar> may contain 
+	the password of the person using the client.  This information is 
+	used only if the protocol level is high enough to support 
+	session-level passwords. </para>
+
+	<para>The variable <envar>LIBSMB_PROG</envar> may contain 
+	the path, executed with system(), which the client should connect 
+        to instead of connecting to a server.  This functionality is primarily
+        intended as a development aid, and works best when using a LMHOSTS 
+        file</para>
+</refsect1>
+
+
+<refsect1>
+	<title>INSTALLATION</title>
+
+	<para>The location of the client program is a matter for 
+	individual system administrators. The following are thus
+	suggestions only. </para>
+
+	<para>It is recommended that the smbclient software be installed
+	in the <filename>/usr/local/samba/bin/</filename> or <filename>
+	/usr/samba/bin/</filename> directory, this directory readable 
+	by all, writeable only by root. The client program itself should 
+	be executable by all. The client should <emphasis>NOT</emphasis> be 
+	setuid or setgid! </para>
+
+	<para>The client log files should be put in a directory readable 
+	and writeable only by the user. </para>
+
+	<para>To test the client, you will need to know the name of a 
+	running SMB/CIFS server. It is possible to run <command>smbd(8)
+	</command> as an ordinary user - running that server as a daemon 
+	on a user-accessible port (typically any port number over 1024)
+	would provide a suitable test server. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>DIAGNOSTICS</title>
+
+	<para>Most diagnostics issued by the client are logged in a 
+	specified log file. The log file name is specified at compile time, 
+	but may be overridden on the command line. </para>
+
+	<para>The number and nature of diagnostics available depends 
+	on the debug level used by the client. If you have problems, 
+	set the debug level to 3 and peruse the log files. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml
new file mode 100755
index 00000000000..d56a560b09f
--- /dev/null
+++ b/docs/docbook/manpages/smbcontrol.1.sgml
@@ -0,0 +1,189 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbcontrol">
+
+<refmeta>
+	<refentrytitle>smbcontrol</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbcontrol</refname>
+	<refpurpose>send messages to smbd, nmbd or winbindd processes</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbcontrol</command>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="req">-i</arg>
+	</cmdsynopsis>
+	
+	<cmdsynopsis>
+		<command>smbcontrol</command>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="req">destination</arg>
+		<arg choice="req">message-type</arg>
+		<arg choice="opt">parameter</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>smbcontrol</command> is a very small program, which 
+	sends messages to an <ulink url="smbd.8.html">smbd(8)</ulink>, 
+	an <ulink url="nmbd.8.html">nmbd(8)</ulink>
+	or a <ulink url="winbindd.8.html">winbindd(8)</ulink> 
+	daemon running on the system.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-d &lt;debuglevel&gt;</term>
+		<listitem><para>debuglevel is an integer from 0 to 10.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-s &lt;smb.conf&gt;</term>
+		<listitem><para>This parameter specifies the pathname to
+		the Samba configuration file, <ulink url="smb.conf.5.html">
+		smb.conf(5)</ulink>.  This file controls all aspects of
+		the Samba setup on the machine.</para></listitem>
+		</varlistentry>
+	
+		<varlistentry>
+		<term>-i</term>
+		<listitem><para>Run interactively. Individual commands 
+		of the form destination message-type parameters can be entered 
+		on STDIN. An empty command line or a "q" will quit the 
+		program.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>destination</term>
+		<listitem><para>One of <parameter>nmbd</parameter>
+		<parameter>smbd</parameter> or a process ID.</para>
+
+		<para>The <parameter>smbd</parameter> destination causes the 
+		message to "broadcast" to all smbd daemons.</para>
+
+		<para>The <parameter>nmbd</parameter> destination causes the 
+		message to be sent to the nmbd daemon specified in the 
+		<filename>nmbd.pid</filename> file.</para>
+
+		<para>If a single process ID is given, the message is sent 
+		to only that process.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>message-type</term>
+		<listitem><para>One of: <constant>close-share</constant>,
+		<constant>debug</constant>, 
+		<constant>force-election</constant>, <constant>ping
+		</constant>, <constant>profile</constant>, <constant>
+		debuglevel</constant>, <constant>profilelevel</constant>, 
+		or <constant>printer-notify</constant>.</para>
+
+		<para>The <constant>close-share</constant> message-type sends a 
+		message to smbd which will then close the client connections to
+		the named share. Note that this doesn't affect client connections
+		to any other shares. This message-type takes an argument of the
+		share name for which client connections will be closed, or the
+		"*" character which will close all currently open shares.
+		This may be useful if you made changes to the access controls on the share.
+		This message can only be sent to <constant>smbd</constant>.</para>
+
+		<para>The <constant>debug</constant> message-type allows 
+		the debug level to be set to the value specified by the 
+		parameter. This can be sent to any of the destinations.</para>
+
+		<para>The <constant>force-election</constant> message-type can only be 
+		sent to the <constant>nmbd</constant> destination. This message 
+		causes the <command>nmbd</command> daemon to force a new browse
+		master election.</para>
+
+		<para>The <constant>ping</constant> message-type sends the 
+		number of "ping" messages specified by the parameter and waits 
+		for the same number of  reply "pong" messages. This can be sent to 
+		any of the destinations.</para>
+
+		<para>The <constant>profile</constant> message-type sends a 
+		message to an smbd to change the profile settings based on the 
+		parameter. The parameter can be "on" to turn on profile stats 
+		collection, "off" to turn off profile stats collection, "count"
+		to enable only collection of count stats (time stats are 
+		disabled), and "flush" to zero the current profile stats. This can 
+		be sent to any smbd or nmbd destinations.</para>
+
+		<para>The <constant>debuglevel</constant> message-type sends 
+		a "request debug level" message. The current debug level setting 
+		is returned by a  "debuglevel" message. This can be 
+		sent to any of the destinations.</para>
+
+		<para>The <constant>profilelevel</constant> message-type sends 
+		a "request profile level" message.  The current profile level 
+		setting is returned by a  "profilelevel" message. This can be sent 
+		to any smbd or nmbd destinations.</para>
+
+		<para>The <constant>printer-notify</constant> message-type sends a 
+		message to smbd which in turn sends a printer notify message to 
+		any Windows NT clients connected to  a printer.  This message-type 
+		takes an argument of the printer name to  send notify messages to.   
+		This message can only be sent to <constant>smbd</constant>.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>parameters</term>
+		<listitem><para>any parameters required for the message-type</para>
+		</listitem>
+		</varlistentry>
+	</variablelist>
+	
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, 
+	and <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml
new file mode 100755
index 00000000000..2afc86a6c83
--- /dev/null
+++ b/docs/docbook/manpages/smbd.8.sgml
@@ -0,0 +1,429 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbd">
+
+<refmeta>
+	<refentrytitle>smbd</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbd</refname>
+	<refpurpose>server to provide SMB/CIFS services to clients</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbd</command>
+		<arg choice="opt">-D</arg>
+		<arg choice="opt">-a</arg>
+		<arg choice="opt">-i</arg>
+		<arg choice="opt">-o</arg>
+		<arg choice="opt">-P</arg>
+		<arg choice="opt">-h</arg>
+		<arg choice="opt">-V</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-l &lt;log directory&gt;</arg>
+		<arg choice="opt">-p &lt;port number&gt;</arg>
+		<arg choice="opt">-O &lt;socket option&gt;</arg>
+		<arg choice="opt">-s &lt;configuration file&gt;</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	<para>This program is part of the Samba suite.</para>
+
+	<para><command>smbd</command> is the server daemon that 
+	provides filesharing and printing services to Windows clients. 
+	The server provides filespace and printer services to
+	clients using the SMB (or CIFS) protocol. This is compatible 
+	with the LanManager protocol, and can service LanManager 
+	clients.  These include MSCLIENT 3.0 for DOS, Windows for 
+	Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, 
+	OS/2, DAVE for Macintosh, and smbfs for Linux.</para>
+
+	<para>An extensive description of the services that the 
+	server can provide is given in the man page for the 
+	configuration file controlling the attributes of those 
+	services (see <ulink url="smb.conf.5.html"><filename>smb.conf(5)
+	</filename></ulink>.  This man page will not describe the 
+	services, but will concentrate on the administrative aspects 
+	of running the server.</para>
+
+	<para>Please note that there are significant security 
+	implications to running this server, and the <ulink
+	url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> 
+	manpage should be regarded as mandatory reading before
+	proceeding with installation.</para>
+
+	<para>A session is created whenever a client requests one. 
+	Each client gets a copy of the server for each session. This 
+	copy then services all connections made by the client during 
+	that session. When all connections from its client are closed, 
+	the copy of the server for that client terminates.</para>
+
+	<para>The configuration file, and any files that it includes, 
+	are automatically reloaded every minute, if they change.  You 
+	can force a reload by sending a SIGHUP to the server.  Reloading 
+	the configuration file will not affect connections to any service 
+	that is already established.  Either the user will have to 
+	disconnect from the service, or <command>smbd</command> killed and restarted.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-D</term>
+		<listitem><para>If specified, this parameter causes 
+		the server to operate as a daemon. That is, it detaches 
+		itself and runs in the background, fielding requests 
+		on the appropriate port. Operating the server as a
+		daemon is the recommended way of running <command>smbd</command> for 
+		servers that provide more than casual use file and 
+		print services.  This switch is assumed if <command>smbd
+		</command> is executed on the command line of a shell.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-a</term>
+		<listitem><para>If this parameter is specified, each new 
+		connection will append log messages to the log file.  
+		This is the default.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-i</term>
+		<listitem><para>If this parameter is specified it causes the
+		server to run "interactively", not as a daemon, even if the
+		server is executed on the command line of a shell. Setting this
+		parameter negates the implicit deamon mode when run from the
+		command line.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-o</term>
+		<listitem><para>If this parameter is specified, the 
+		log files will be overwritten when opened.  By default, 
+		<command>smbd</command> will append entries to the log 
+		files.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-P</term>
+		<listitem><para>Passive option. Causes <command>smbd</command> not to 
+		send any network traffic out. Used for debugging by 
+		the developers only.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-h</term>
+		<listitem><para>Prints the help information (usage) 
+		for <command>smbd</command>.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-v</term>
+		<listitem><para>Prints the version number for 
+		<command>smbd</command>.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-d &lt;debug level&gt;</term>
+		<listitem><para><replaceable>debuglevel</replaceable> is an integer 
+		from 0 to 10.  The default value if this parameter is 
+		not specified is zero.</para>
+		
+		<para>The higher this value, the more detail will be 
+		logged to the log files about the activities of the 
+		server. At level 0, only critical errors and serious 
+		warnings will be logged. Level 1 is a reasonable level for
+		day to day running - it generates a small amount of
+		information about operations carried out.</para>
+
+		<para>Levels above 1 will generate considerable 
+		amounts of log data, and should only be used when 
+		investigating a problem. Levels above 3 are designed for 
+		use only by developers and generate HUGE amounts of log
+		data, most of which is extremely cryptic.</para>
+
+		<para>Note that specifying this parameter here will 
+		override the <ulink url="smb.conf.5.html#loglevel">log
+		level</ulink> parameter in the <ulink url="smb.conf.5.html">
+		<filename>smb.conf(5)</filename></ulink> file.</para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-l &lt;log directory&gt;</term>
+		<listitem><para>If specified,
+		<replaceable>log directory</replaceable> 
+		specifies a log directory into which the "log.smbd" log
+		file will be created for informational and debug 
+		messages from the running server. The log 
+		file generated is never removed by the server although 
+		its size may be controlled by the <ulink 
+		url="smb.conf.5.html#maxlogsize">max log size</ulink>
+		option in the <ulink url="smb.conf.5.html"><filename>
+		smb.conf(5)</filename></ulink> file. <emphasis>Beware:</emphasis>
+		If the directory specified does not exist, <command>smbd</command>
+		will log to the default debug log location defined at compile time.
+		</para>
+
+		<para>The default log directory is specified at
+		compile time.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-O &lt;socket options&gt;</term>
+		<listitem><para>See the <ulink 
+		url="smb.conf.5.html#socketoptions">socket options</ulink> 
+		parameter in the <ulink url="smb.conf.5.html"><filename>smb.conf(5)
+		</filename></ulink> file for details.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-p &lt;port number&gt;</term>
+		<listitem><para><replaceable>port number</replaceable> is a positive integer
+		value.  The default value if this parameter is not 
+		specified is 139.</para>
+		
+		<para>This number is the port number that will be 
+		used when making connections to the server from client 
+		software. The standard (well-known) port number for the 
+		SMB over TCP is 139, hence the default. If you wish to
+		run the server as an ordinary user rather than
+		as root, most systems will require you to use a port 
+		number greater than 1024 - ask your system administrator 
+		for help if you are in this situation.</para>
+		
+		<para>In order for the server to be useful by most 
+		clients, should you configure it on a port other 
+		than 139, you will require port redirection services 
+		on port 139, details of which are outlined in rfc1002.txt 
+		section 4.3.5.</para>
+		
+		<para>This parameter is not normally specified except 
+		in the above situation.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-s &lt;configuration file&gt;</term>
+		<listitem><para>The file specified contains the 
+		configuration details required by the server.  The 
+		information in this file includes server-specific
+		information such as what printcap file to use, as well 
+		as descriptions of all the services that the server is 
+		to provide. See <ulink url="smb.conf.5.html"><filename>
+		smb.conf(5)</filename></ulink> for more information.
+		The default configuration file name is determined at
+		compile time.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>FILES</title>
+
+	<variablelist>
+		<varlistentry>
+		<term><filename>/etc/inetd.conf</filename></term>
+		<listitem><para>If the server is to be run by the
+		<command>inetd</command> meta-daemon, this file 
+		must contain suitable startup information for the 
+		meta-daemon. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
+		document for details.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/etc/rc</filename></term>
+		<listitem><para>or whatever initialization script your
+		system uses).</para>
+
+		<para>If running the server as a daemon at startup,
+		this file will need to contain an appropriate startup
+		sequence for the server. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
+		document for details.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/etc/services</filename></term>
+		<listitem><para>If running the server via the
+		meta-daemon <command>inetd</command>, this file
+		must contain a mapping of service name (e.g., netbios-ssn)
+		to service port (e.g., 139) and protocol type (e.g., tcp).
+		See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
+		document for details.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
+		<listitem><para>This is the default location of the
+		<ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink>
+		server configuration file. Other common places that systems
+		install this file are <filename>/usr/samba/lib/smb.conf</filename>
+		and <filename>/etc/smb.conf</filename>.</para>
+
+		<para>This file describes all the services the server
+		is to make available to clients. See <ulink url="smb.conf.5.html">
+		<filename>smb.conf(5)</filename></ulink>  for more information.</para>
+		</listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>LIMITATIONS</title>
+	<para>On some systems <command>smbd</command> cannot change uid back
+	to root after a setuid() call.  Such systems are called
+	trapdoor uid systems. If you have such a system,
+	you will be unable to connect from a client (such as a PC) as
+	two different users at once. Attempts to connect the
+	second user will result in access denied or 
+	similar.</para>
+</refsect1>
+
+<refsect1>
+	<title>ENVIRONMENT VARIABLES</title>
+
+	<variablelist>
+		<varlistentry>
+		<term><envar>PRINTER</envar></term>
+		<listitem><para>If no printer name is specified to 
+		printable services, most systems will use the value of 
+		this variable (or <constant>lp</constant> if this variable is 
+		not defined) as the name of the printer to use. This 
+		is not specific to the server, however.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+        <title>PAM INTERACTION</title>
+	<para>Samba uses PAM for authentication (when presented with a plaintext
+	password), for account checking (is this account disabled?) and for
+	session management.  The degree too which samba supports PAM is restricted
+	by the limitations of the SMB protocol and the
+	<ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS">obey pam restricions</ulink>
+	smb.conf paramater.  When this is set, the following restrictions apply:
+	</para>
+
+	<itemizedlist>
+	<listitem><para><emphasis>Account Validation</emphasis>:  All acccesses to a 
+	samba server are checked 
+	against PAM to see if the account is vaild, not disabled and is permitted to 
+	login at this time.  This also applies to encrypted logins.
+	</para></listitem>
+
+	<listitem><para><emphasis>Session Management</emphasis>:  When not using share 
+	level secuirty, users must pass PAM's session checks before access
+	is granted.  Note however, that this is bypassed in share level secuirty.  
+	Note also that some older pam configuration files may need a line 
+	added for session support. 
+	</para></listitem>
+	</itemizedlist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+        <title>TROUBLESHOOTING</title>
+
+        <para>
+        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </para>
+
+	<para>Most diagnostics issued by the server are logged
+	in a specified log file. The log file name is specified
+	at compile time, but may be overridden on the command line.</para>
+
+	<para>The number and nature of diagnostics available depends
+	on the debug level used by the server. If you have problems, set
+	the debug level to 3 and peruse the log files.</para>
+
+	<para>Most messages are reasonably self-explanatory. Unfortunately,
+	at the time this man page was created, there are too many diagnostics
+	available in the source code to warrant describing each and every
+	diagnostic. At this stage your best bet is still to grep the
+	source code and inspect the conditions that gave rise to the
+	diagnostics you are seeing.</para>
+</refsect1>
+
+<refsect1>
+	<title>SIGNALS</title>
+
+	<para>Sending the <command>smbd</command> a SIGHUP will cause it to
+	reload its <filename>smb.conf</filename> configuration
+	file within a short period of time.</para>
+
+	<para>To shut down a user's <command>smbd</command> process it is recommended
+	that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis>
+	be used, except as a last resort, as this may leave the shared
+	memory area in an inconsistent state. The safe way to terminate
+	an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for
+	it to die on its own.</para>
+
+	<para>The debug log level of <command>smbd</command> may be raised
+	or lowered using <ulink url="smbcontrol.1.html"><command>smbcontrol(1)
+	</command></ulink> program (SIGUSR[1|2] signals are no longer used in
+	Samba 2.2). This is to allow transient problems to be diagnosed,
+	whilst still running at a normally low log level.</para>
+
+	<para>Note that as the signal handlers send a debug write, 
+	they are not re-entrant in <command>smbd</command>. This you should wait until 
+	<command>smbd</command> is in a state of waiting for an incoming SMB before 
+	issuing them. It is possible to make the signal handlers safe 
+	by un-blocking the signals before the select call and re-blocking 
+	them after, however this would affect performance.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para>hosts_access(5), <command>inetd(8)</command>, 
+	<ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, 
+	<ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename>
+	</ulink>, <ulink url="smbclient.1.html"><command>smbclient(1)
+	</command></ulink>, <ulink url="testparm.1.html"><command>
+	testparm(1)</command></ulink>, <ulink url="testprns.1.html">
+	<command>testprns(1)</command></ulink>, and the Internet RFC's
+	<filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. 
+	In addition the CIFS (formerly SMB) specification is available 
+	as a link from the Web page <ulink url="http://samba.org/cifs/"> 
+	http://samba.org/cifs/</ulink>.</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml
new file mode 100755
index 00000000000..55b66d5d25b
--- /dev/null
+++ b/docs/docbook/manpages/smbmnt.8.sgml
@@ -0,0 +1,113 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbmnt">
+
+<refmeta>
+	<refentrytitle>smbmnt</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbmnt</refname>
+	<refpurpose>helper utility for mounting SMB filesystems</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbmnt</command>
+		<arg choice="req">mount-point</arg>
+		<arg choice="opt">-s &lt;share&gt;</arg>
+		<arg choice="opt">-r</arg>
+		<arg choice="opt">-u &lt;uid&gt;</arg>
+		<arg choice="opt">-g &lt;gid&gt;</arg>
+		<arg choice="opt">-f &lt;mask&gt;</arg>
+		<arg choice="opt">-d &lt;mask&gt;</arg>
+		<arg choice="opt">-o &lt;options&gt;</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para><command>smbmnt</command> is a helper application used 
+	by the smbmount program to do the actual mounting of SMB shares. 
+	<command>smbmnt</command> can be installed setuid root if you want
+	normal users to be able to mount their SMB shares.</para>
+
+	<para>A setuid smbmnt will only allow mounts on directories owned
+	by the user, and that the user has write permission on.</para>
+
+	<para>The <command>smbmnt</command> program is normally invoked 
+	by <ulink url="smbmount.8.html"><command>smbmount(8)</command>
+	</ulink>. It should not be invoked directly by users. </para>
+
+	<para>smbmount searches the normal PATH for smbmnt. You must ensure
+	that the smbmnt version in your path matches the smbmount used.</para>
+
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-r</term>
+		<listitem><para>mount the filesystem read-only 
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-u uid</term>
+		<listitem><para>specify the uid that the files will 
+		be owned by </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-g gid</term>
+		<listitem><para>specify the gid that the files will be 
+		owned by </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-f mask</term>
+		<listitem><para>specify the octal file mask applied
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-d mask</term>
+		<listitem><para>specify the octal directory mask 
+		applied  </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-o options</term>
+		<listitem><para>
+		list of options that are passed as-is to smbfs, if this
+		command is run on a 2.4 or higher Linux kernel.
+		</para></listitem>
+		</varlistentry>
+
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+	and others.</para>
+	
+	<para>The current maintainer of smbfs and the userspace
+	tools <command>smbmount</command>, <command>smbumount</command>,
+	and <command>smbmnt</command> is <ulink 
+	url="mailto:urban@teststation.com">Urban Widmark</ulink>.
+	The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
+	is the preferred place to ask questions regarding these programs.
+	</para>
+	
+	<para>The conversion of this manpage for Samba 2.2 was performed 
+	by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml
new file mode 100755
index 00000000000..ec4dbbaff1f
--- /dev/null
+++ b/docs/docbook/manpages/smbmount.8.sgml
@@ -0,0 +1,327 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbmount">
+
+<refmeta>
+	<refentrytitle>smbmount</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbmount</refname>
+	<refpurpose>mount an smbfs filesystem</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbmount</command>
+		<arg choice="req">service</arg>
+		<arg choice="req">mount-point</arg>
+		<arg choice="opt">-o options</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para><command>smbmount</command> mounts a Linux SMB filesystem. It 
+	is usually invoked as <command>mount.smbfs</command> by
+	the <command>mount(8)</command> command when using the 
+	"-t smbfs" option. This command only works in Linux, and the kernel must
+	support the smbfs filesystem. </para>
+
+	<para>Options to <command>smbmount</command> are specified as a comma-separated
+	list of key=value pairs. It is possible to send options other
+	than those listed here, assuming that smbfs supports them. If
+	you get mount failures, check your kernel log for errors on
+	unknown options.</para>
+
+	<para><command>smbmount</command> is a daemon. After mounting it keeps running until
+	the mounted smbfs is umounted. It will log things that happen
+	when in daemon mode using the "machine name" smbmount, so
+	typically this output will end up in <filename>log.smbmount</filename>. The
+	<command>smbmount</command> process may also be called mount.smbfs.</para>
+
+	<para><emphasis>NOTE:</emphasis> <command>smbmount</command> 
+	calls <command>smbmnt(8)</command> to do the actual mount. You 
+	must make sure that <command>smbmnt</command> is in the path so 
+	that it can be found. </para>
+	
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>username=&lt;arg&gt;</term>
+		<listitem><para>specifies the username to connect as. If
+		this is not given, then the environment variable <envar>
+		USER</envar> is used. This option can also take the
+		form "user%password" or "user/workgroup" or
+		"user/workgroup%password" to allow the password and workgroup
+		to be specified as part of the username.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>password=&lt;arg&gt;</term>
+		<listitem><para>specifies the SMB password. If this
+		option is not given then the environment variable
+		<envar>PASSWD</envar> is used. If it can find
+		no password <command>smbmount</command> will prompt
+		for a passeword, unless the guest option is
+		given. </para>
+
+		<para>
+		Note that password which contain the arguement delimiter
+		character (i.e. a comma ',') will failed to be parsed correctly
+		on the command line.  However, the same password defined
+		in the PASSWD environment variable or a credentials file (see
+		below) will be read correctly.
+		</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>credentials=&lt;filename&gt;</term>
+		<listitem><para>specifies a file that contains a username
+		and/or password. The format of the file is:</para>
+
+		<para>
+		<programlisting>
+		username = &lt;value&gt;
+		password = &lt;value&gt;
+		</programlisting>
+		</para>
+
+		<para>This is preferred over having passwords in plaintext in a
+		shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any
+		credentials file properly.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>netbiosname=&lt;arg&gt;</term>
+		<listitem><para>sets the source NetBIOS name. It defaults 
+		to the local hostname. </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>uid=&lt;arg&gt;</term>
+		<listitem><para>sets the uid that will own all files on
+		the mounted filesystem.
+		It may be specified as either a username or a numeric uid.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>gid=&lt;arg&gt;</term>
+		<listitem><para>sets the gid that will own all files on
+		the mounted filesystem.
+		It may be specified as either a groupname or a numeric 
+		gid. </para></listitem>		
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>port=&lt;arg&gt;</term>
+		<listitem><para>sets the remote SMB port number. The default 
+		is 139. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>fmask=&lt;arg&gt;</term>
+		<listitem><para>sets the file mask. This determines the 
+		permissions that remote files have in the local filesystem. 
+		The default is based on the current umask. </para></listitem>
+		</varlistentry>
+		
+
+		<varlistentry>
+		<term>dmask=&lt;arg&gt;</term>
+		<listitem><para>sets the directory mask. This determines the 
+		permissions that remote directories have in the local filesystem. 
+		The default is based on the current umask. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>debug=&lt;arg&gt;</term>
+		<listitem><para>sets the debug level. This is useful for 
+		tracking down SMB connection problems. A suggested value to
+		start with is 4. If set too high there will be a lot of
+		output, possibly hiding the useful output.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>ip=&lt;arg&gt;</term>
+		<listitem><para>sets the destination host or IP address.
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>workgroup=&lt;arg&gt;</term>
+		<listitem><para>sets the workgroup on the destination </para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>sockopt=&lt;arg&gt;</term>
+		<listitem><para>sets the TCP socket options. See the <ulink
+		url="smb.conf.5.html#SOCKETOPTIONS"><filename>smb.conf
+		</filename></ulink> <parameter>socket options</parameter> option.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>scope=&lt;arg&gt;</term>
+		<listitem><para>sets the NetBIOS scope </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>guest</term>
+		<listitem><para>don't prompt for a password </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>ro</term>
+		<listitem><para>mount read-only </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>rw</term><listitem><para>mount read-write </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>iocharset=&lt;arg&gt;</term>
+		<listitem><para>
+		sets the charset used by the Linux side for codepage
+		to charset translations (NLS). Argument should be the
+		name of a charset, like iso8859-1. (Note: only kernel
+		2.4.0 or later)
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>codepage=&lt;arg&gt;</term>
+		<listitem><para>
+		sets the codepage the server uses. See the iocharset
+		option. Example value cp850. (Note: only kernel 2.4.0
+		or later)
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>ttl=&lt;arg&gt;</term>
+		<listitem><para>
+		how long a directory listing is cached in milliseconds
+		(also affects visibility of file size and date
+		changes). A higher value means that changes on the
+		server take longer to be noticed but it can give
+		better performance on large directories, especially
+		over long distances. Default is 1000ms but something
+		like 10000ms (10 seconds) is probably more reasonable
+		in many cases.
+		(Note: only kernel 2.4.2 or later)
+		</para></listitem>
+		</varlistentry>
+
+	</variablelist>
+
+
+</refsect1>
+
+<refsect1>
+	<title>ENVIRONMENT VARIABLES</title>
+
+	<para>The variable <envar>USER</envar> may contain the username of the
+	person using the client.  This information is used only if the
+	protocol level is high enough to support session-level
+	passwords. The variable can be used to set both username and
+	password by using the format username%password.</para>
+
+	<para>The variable <envar>PASSWD</envar> may contain the password of the
+	person using the client.  This information is used only if the
+	protocol level is high enough to support session-level
+	passwords.</para>
+
+	<para>The variable <envar>PASSWD_FILE</envar> may contain the pathname
+	of a file to read the password from. A single line of input is
+	read and used as the password.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>BUGS</title>
+
+	<para>Passwords and other options containing , can not be handled.
+	For passwords an alternative way of passing them is in a credentials
+	file or in the PASSWD environment.</para>
+
+	<para>The credentials file does not handle usernames or passwords with
+	leading space.</para>
+
+	<para>One smbfs bug is important enough to mention here, even if it
+	is a bit misplaced:</para>
+
+	<itemizedlist>
+
+	<listitem><para>Mounts sometimes stop working. This is usually
+	caused by smbmount terminating. Since smbfs needs smbmount to
+	reconnect when the server disconnects, the mount will eventually go
+	dead. An umount/mount normally fixes this. At least 2 ways to
+	trigger this bug are known.</para></listitem>
+
+	</itemizedlist>
+
+	<para>Note that the typical response to a bug report is suggestion
+	to try the latest version first. So please try doing that first,
+	and always include which versions you use of relevant software
+	when reporting bugs (minimum: samba, kernel, distribution)</para>
+
+</refsect1>
+
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>Documentation/filesystems/smbfs.txt in the linux kernel
+	source tree may contain additional options and information.</para>
+
+	<para>FreeBSD also has a smbfs, but it is not related to smbmount</para>
+
+	<para>For Solaris, HP-UX and others you may want to look at
+	<ulink url="smbsh.1.html"><command>smbsh(1)</command></ulink> or at other
+	solutions, such as sharity or perhaps replacing the SMB server with
+	a NFS server.</para>
+
+</refsect1>
+
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+	and others.</para>
+	
+	<para>The current maintainer of smbfs and the userspace
+	tools <command>smbmount</command>, <command>smbumount</command>,
+	and <command>smbmnt</command> is <ulink 
+	url="mailto:urban@teststation.com">Urban Widmark</ulink>.
+	The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
+	is the preferred place to ask questions regarding these programs.
+	</para>
+	
+	<para>The conversion of this manpage for Samba 2.2 was performed 
+	by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml
new file mode 100755
index 00000000000..c207074a9b1
--- /dev/null
+++ b/docs/docbook/manpages/smbpasswd.5.sgml
@@ -0,0 +1,204 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbpasswd">
+
+<refmeta>
+	<refentrytitle>smbpasswd</refentrytitle>
+	<manvolnum>5</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbpasswd</refname>
+	<refpurpose>The Samba encrypted password file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<para><filename>smbpasswd</filename></para>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para>smbpasswd is the Samba encrypted password file. It contains 
+	the username, Unix user id and the SMB hashed passwords of the 
+	user, as well as account flag information and the time the 
+	password was last changed. This file format has been evolving with 
+	Samba and has had several different formats in the past. </para>
+</refsect1>
+
+<refsect1>
+	<title>FILE FORMAT</title>
+
+	<para>The format of the smbpasswd file used by Samba 2.2 
+	is very similar to the familiar Unix <filename>passwd(5)</filename> 
+	file. It is an ASCII file containing one line for each user. Each field 
+	within each line is separated from the next by a colon. Any entry 
+	beginning with '#' is ignored. The smbpasswd file contains the 
+	following information for each user: </para>
+
+	<variablelist>
+		<varlistentry>
+		<term>name</term>
+		<listitem><para> This is the user name. It must be a name that 
+		already exists in the standard UNIX passwd file. </para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>uid</term>
+		<listitem><para>This is the UNIX uid. It must match the uid
+		field for the same user entry in the standard UNIX passwd file. 
+		If this does not match then Samba will refuse to recognize 
+		this smbpasswd file entry as being valid for a user. 
+		</para></listitem>
+		</varlistentry>
+		 
+		 
+		<varlistentry>
+		<term>Lanman Password Hash</term>
+		<listitem><para>This is the LANMAN hash of the user's password, 
+		encoded as 32 hex digits.  The LANMAN hash is created by DES 
+		encrypting a well known string with the user's password as the 
+		DES key. This is the same password used by Windows 95/98 machines. 
+		Note that this password hash is regarded as weak as it is
+		vulnerable to dictionary attacks and if two users choose the 
+		same password this entry will be identical (i.e. the password 
+		is not "salted" as the UNIX password is). If the user has a 
+		null password this field will contain the characters "NO PASSWORD" 
+		as the start of the hex string. If the hex string is equal to 
+		32 'X' characters then the user's account is marked as 
+		<constant>disabled</constant> and the user will not be able to 
+		log onto the Samba server. </para>
+		
+		<para><emphasis>WARNING !!</emphasis> Note that, due to 
+		the challenge-response nature of the SMB/CIFS authentication
+		protocol, anyone with a knowledge of this password hash will 
+		be able to impersonate the user on the network. For this
+		reason these hashes are known as <emphasis>plain text 
+		equivalents</emphasis> and must <emphasis>NOT</emphasis> be made 
+		available to anyone but the root user. To protect these passwords 
+		the smbpasswd file is placed in a directory with read and 
+		traverse access only to the root user and the smbpasswd file 
+		itself must be set to be read/write only by root, with no
+		other access. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>NT Password Hash</term>
+		<listitem><para>This is the Windows NT hash of the user's 
+		password, encoded as 32 hex digits.  The Windows NT hash is 
+		created by taking the user's password as represented in 
+		16-bit, little-endian UNICODE and then applying the MD4 
+		(internet rfc1321) hashing algorithm to it. </para>
+		
+		<para>This password hash is considered more secure than
+		the LANMAN Password Hash as it preserves the case of the 
+		password and uses a much higher quality hashing algorithm. 
+		However, it is still the case that if two users choose the same 
+		password this entry will be identical (i.e. the password is 
+		not "salted" as the UNIX password is). </para>
+
+		<para><emphasis>WARNING !!</emphasis>. Note that, due to 
+		the challenge-response nature of the SMB/CIFS authentication
+		protocol, anyone with a knowledge of this password hash will 
+		be able to impersonate the user on the network. For this
+		reason these hashes are known as <emphasis>plain text 
+		equivalents</emphasis> and must <emphasis>NOT</emphasis> be made 
+		available to anyone but the root user. To protect these passwords 
+		the smbpasswd file is placed in a directory with read and 
+		traverse access only to the root user and the smbpasswd file 
+		itself must be set to be read/write only by root, with no
+		other access. </para></listitem>
+		</varlistentry>
+		
+
+		<varlistentry>
+		<term>Account Flags</term>
+		<listitem><para>This section contains flags that describe 
+		the attributes of the users account. In the Samba 2.2 release 
+		this field is bracketed by '[' and ']' characters and is always 
+		13 characters in length (including the '[' and ']' characters).
+		The contents of this field may be any of the characters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><emphasis>U</emphasis> - This means 
+			this is a "User" account, i.e. an ordinary user. Only User 
+			and Workstation Trust accounts are currently supported 
+			in the smbpasswd file. </para></listitem>
+			
+			<listitem><para><emphasis>N</emphasis> - This means the
+			account has no password (the passwords in the fields LANMAN 
+			Password Hash and NT Password Hash are ignored). Note that this 
+			will only allow users to log on with no password if the <parameter>
+			null passwords</parameter> parameter is set in the <ulink
+			url="smb.conf.5.html#NULLPASSWORDS"><filename>smb.conf(5)
+			</filename></ulink> config file. </para></listitem>
+				
+			<listitem><para><emphasis>D</emphasis> - This means the account 
+			is disabled and no SMB/CIFS logins  will be	allowed for 
+			this user. </para></listitem>
+			
+			<listitem><para><emphasis>W</emphasis> - This means this account 
+			is a "Workstation Trust" account. This kind of account is used 
+			in the Samba PDC code stream to allow Windows NT Workstations 
+			and Servers to join a Domain hosted by a Samba PDC. </para>
+			</listitem>
+		</itemizedlist>
+		
+		<para>Other flags may be added as the code is extended in future.
+		The rest of this field space is filled in with spaces. </para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>Last Change Time</term>
+		<listitem><para>This field consists of the time the account was 
+		last modified. It consists of the characters 'LCT-' (standing for 
+		"Last Change Time") followed by a numeric encoding of the UNIX time 
+		in seconds since the epoch (1970) that the last change was made. 
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+	
+	<para>All other colon separated fields are ignored at this time.</para> 
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, 
+	<ulink url="samba.7.html">samba(7)</ulink>, and
+	the Internet RFC1321 for details on the MD4 algorithm.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml
new file mode 100755
index 00000000000..40693e627bd
--- /dev/null
+++ b/docs/docbook/manpages/smbpasswd.8.sgml
@@ -0,0 +1,514 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbpasswd">
+
+<refmeta>
+	<refentrytitle>smbpasswd</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbpasswd</refname>
+	<refpurpose>change a user's SMB password</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<para>When run by root:</para>
+	<cmdsynopsis>
+		<command>smbpasswd</command>
+		<arg choice="opt">options</arg>	
+		<arg choice="opt">username</arg>	
+		<arg choice="opt">password</arg>	
+	</cmdsynopsis>
+	<para>otherwise:</para>
+	<cmdsynopsis>
+		<command>smbpasswd</command>
+		<arg choice="opt">options</arg>	
+		<arg choice="opt">password</arg>	
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+	
+	<para>The smbpasswd program has several different 
+	functions, depending on whether it is run by the <emphasis>root</emphasis> 
+	user or not. When run as a normal user it allows the user to change 
+	the password used for their SMB sessions on any machines that store 
+	SMB passwords. </para>
+
+	<para>By default (when run with no arguments) it will attempt to 
+	change the current user's SMB password on the local machine. This is 
+	similar to the way the <command>passwd(1)</command> program works. 
+	<command>smbpasswd</command> differs from how the passwd program works 
+	however in that it is not <emphasis>setuid root</emphasis> but works in 
+	a client-server mode and communicates with a locally running
+	<command>smbd(8)</command>. As a consequence in order for this to 
+	succeed the smbd daemon must be running on the local machine. On a 
+	UNIX machine the encrypted SMB passwords are usually stored in 
+	the <filename>smbpasswd(5)</filename> file. </para>
+
+	<para>When run by an ordinary user with no options. smbpasswd 
+	will prompt them for their old SMB password and then ask them 
+	for their new password twice, to ensure that the new password
+	was typed correctly. No passwords will be echoed on the screen 
+	whilst being typed. If you have a blank SMB password (specified by 
+	the string "NO PASSWORD" in the smbpasswd file) then just press 
+	the &lt;Enter&gt; key when asked for your old password. </para>
+
+	<para>smbpasswd can also be used by a normal user to change their
+	SMB password on remote machines, such as Windows NT Primary Domain 
+	Controllers.   See the (-r) and -U options below. </para>
+
+	<para>When run by root, smbpasswd allows new users to be added 
+	and deleted in the smbpasswd file, as well as allows changes to 
+	the attributes of the user in this file to be made. When run by root, 
+	<command>smbpasswd</command> accesses the local smbpasswd file 
+	directly, thus enabling changes to be made even if smbd is not 
+	running. </para>
+
+	<para><command>smbpasswd</command> can also be used to retrieve 
+	the SIDs related to previous incarnations of this server on the
+	same machine, as well as set the SID of this domain. This is needed
+	in those cases when the admin changes the NetBIOS or DNS name of 
+	the server without realizing that doing so will change the SID of
+	the server as well. See the -W and -X options below. </para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+	<variablelist>
+		<varlistentry>
+		<term>-L</term>
+		<listitem><para>Run the smbpasswd command in local mode. This 
+		allows a non-root user to specify the root-only options. This 
+		is used mostly in test environments where a non-root user needs
+		to make changes to the local <filename>smbpasswd</filename> file.
+		The <filename>smbpasswd</filename> file must have read/write 
+		permissions for the user running the command.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-h</term>
+		<listitem><para>This option prints the help string for 
+		<command>smbpasswd</command>. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-c smb.conf file</term>
+		<listitem><para>This option specifies that the configuration
+		file specified should be used instead of the default value
+		specified at compile time. </para></listitem>
+		</varlistentry>
+
+		
+		<varlistentry>
+		<term>-D debuglevel</term>
+		<listitem><para><replaceable>debuglevel</replaceable> is an integer 
+		from 0 to 10.  The default value if this parameter is not specified 
+		is zero. </para>
+
+		<para>The higher this value, the more detail will be logged to the 
+		log files about the activities of smbpasswd. At level 0, only 
+		critical errors and serious warnings will be logged. </para>
+
+		<para>Levels above 1 will generate considerable amounts of log 
+		data, and should only be used when investigating a problem. Levels 
+		above 3 are designed for use only by developers and generate
+		HUGE amounts of log data, most of which is extremely cryptic. 
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-r remote machine name</term>
+		<listitem><para>This option allows a user to specify what machine 
+		they wish to change their password on. Without this parameter 
+		smbpasswd defaults to the local host. The <replaceable>remote 
+		machine name</replaceable> is the NetBIOS name of the SMB/CIFS 
+		server to contact to attempt the password change. This name is 
+		resolved into an IP address using the standard name resolution 
+		mechanism in all programs of the Samba suite. See the <parameter>-R 
+		name resolve order</parameter> parameter for details on changing 
+		this resolving mechanism. </para>
+
+		<para>The username whose password is changed is that of the 
+		current UNIX logged on user. See the <parameter>-U username</parameter>
+		parameter for details on changing the password for a different 
+		username. </para>
+
+		<para>Note that if changing a Windows NT Domain password the 
+		remote machine specified must be the Primary Domain Controller for 
+		the domain (Backup Domain Controllers only have a read-only
+		copy of the user account database and will not allow the password 
+		change).</para>
+		
+		<para><emphasis>Note</emphasis> that Windows 95/98 do not have 
+		a real password database so it is not possible to change passwords 
+		specifying a Win95/98  machine as remote machine target. </para>
+		</listitem>
+		</varlistentry>
+		
+		
+
+		<varlistentry>
+		<term>-s</term>
+		<listitem><para>This option causes smbpasswd to be silent (i.e. 
+		not issue prompts) and to read its old and new passwords from 
+		standard  input, rather than from <filename>/dev/tty</filename> 
+		(like the <command>passwd(1)</command> program does). This option 
+		is to aid people writing scripts to drive smbpasswd</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-S</term>
+		<listitem><para>This option causes <command>smbpasswd</command>
+		to query a domain controller of the domain specified 
+		by the <ulink url="smb.conf.5.html#WORKGROUP">workgroup</ulink>
+		parameter in <filename>smb.conf</filename> and store the
+		domain SID in the <filename>secrets.tdb</filename> file
+		as its own machine SID.  This is only useful when configuring
+		a Samba PDC and Samba BDC, or when migrating from a Windows PDC
+		to a Samba PDC.  </para>
+
+		<para>The <parameter>-r</parameter> options can be used
+		as well to indicate a specific domain controller which should
+		be contacted.  In this case, the domain SID obtained is the 
+		one for the domain to which the remote machine belongs.
+		</para>
+		</listitem>
+		</varlistentry>
+
+		
+
+		<varlistentry>
+		<term>-t</term>
+		<listitem><para>This option is used to force smbpasswd to 
+		change the current password assigned to the machine trust account
+		when operating in domain security mode.  This is really meant to 
+		be used on systems that only run <ulink url="winbindd.8.html"<command>winbindd</command></ulink>.
+		Under server installations, <ulink url="smbd.8.html"><command>smbd</command></ulink>
+		handle the password updates automatically.</para>
+                </listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-T</term>
+		<listitem><para>The <parameter>-T</parameter> option may be used to
+		force samba to use a previously created trust account by allowing
+		the trust account hash to be set in the secrets database only. 
+		This way, an application can change the trust account password
+		and call "smbpasswd -T" so that Samba can continue to work.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-U username[%pass]</term>
+		<listitem><para>This option may only be used in conjunction 
+		with the <parameter>-r</parameter> option. When changing
+		a password on a remote machine it allows the user to specify 
+		the user name on that machine whose password will be changed. It 
+		is present to allow users who have different user names on 
+		different systems to change these passwords. The optional
+		%pass may be used to specify to old password.</para>
+
+                <para>In particular, this parameter specifies the username
+                used to create the machine account when invoked with -j</para>
+                </listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term> -W S-1-5-21-x-y-z</term>
+		<listitem><para>This option forces the SID S-1-5-21-x-y-z to
+		be the server and domain SID for the current Samba server. It
+		does this by updating the appropriate keys in the secrets
+		file. </para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term> -X server|domain</term>
+		<listitem><para>This option allows the admin to retrieve the 
+		SID associated with a former servername or domain name that
+		this Samba server might have used. It does this by retrieving
+		the appropriate entry from the secrets file.</para>
+		</listitem>
+		</varlistentry>
+
+<varlistentry>
+<term><command>NOTE:</command></term>
+<listitem><para>
+<command>The following options are available only when the smbpasswd command is
+run as root or in local mode.</command>
+</para></listitem>
+</varlistentry>
+
+		<varlistentry>
+		<term>-a</term>
+		<listitem><para>This option specifies that the username 
+		following should be added to the local smbpasswd file, with the 
+		new password typed. This 
+		option is ignored if the username specified already exists in 
+		the smbpasswd file and it is treated like a regular change 
+		password command. Note that the user to be added must already exist 
+		in the system password file (usually <filename>/etc/passwd</filename>)
+		else the request to add the user will fail. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-d</term>
+		<listitem><para>This option specifies that the username following 
+		should be <constant>disabled</constant> in the local smbpasswd 
+		file. This is done by writing a <constant>'D'</constant> flag 
+		into the account control space in the smbpasswd file. Once this 
+		is done all attempts to authenticate via SMB using this username 
+		will fail. </para>
+		
+		<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
+		format) there is no space in the user's password entry to write
+		this information and so the user is disabled by writing 'X' characters 
+		into the password space in the smbpasswd file. See <command>smbpasswd(5)
+		</command> for details on the 'old' and new password file formats.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-e</term>
+		<listitem><para>This option specifies that the username following 
+		should be <constant>enabled</constant> in the local smbpasswd file, 
+		if the account was previously disabled. If the account was not 
+		disabled this option has no effect. Once the account is enabled then 
+		the user will be able to authenticate via SMB once again. </para>
+		
+		<para>If the smbpasswd file is in the 'old' format, then <command>
+		smbpasswd</command> will prompt for a new password for this user, 
+		otherwise the account will be enabled by removing the <constant>'D'
+		</constant> flag from account control space in the <filename>
+		smbpasswd</filename> file. See <command>smbpasswd (5)</command> for 
+		details on the 'old' and new password file formats. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-m</term>
+		<listitem><para>This option tells smbpasswd that the account 
+		being changed is a MACHINE account. Currently this is used 
+		when Samba is being used as an NT Primary Domain Controller.</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-n</term>
+		<listitem><para>This option specifies that the username following 
+		should have their password set to null (i.e. a blank password) in 
+		the local smbpasswd file. This is done by writing the string "NO 
+		PASSWORD" as the first part of the first password stored in the 
+		smbpasswd file. </para>
+
+		<para>Note that to allow users to logon to a Samba server once 
+		the password has been set to "NO PASSWORD" in the smbpasswd
+		file the administrator must set the following parameter in the [global]
+		section of the <filename>smb.conf</filename> file : </para>
+		
+		<para><command>null passwords = yes</command></para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-w password</term>
+		<listitem><para>This parameter is only available is Samba
+		has been configured to use the experimental
+		<command>--with-ldapsam</command> option. The <parameter>-w</parameter> 
+		switch is used to specify the password to be used with the 
+		<ulink url="smb.conf.5.html#LDAPADMINDN"><parameter>ldap admin 
+		dn</parameter></ulink>.  Note that the password is stored in
+		the <filename>private/secrets.tdb</filename> and is keyed off 
+		of the admin's DN.  This means that if the value of <parameter>ldap
+		admin dn</parameter> ever changes, the password will need to be 
+		manually updated as well.
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-x</term>
+		<listitem><para>This option specifies that the username 
+		following should be deleted from the local smbpasswd file.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-j DOMAIN</term>
+		<listitem><para>This option is used to add a Samba server 
+		into a Windows NT Domain, as a Domain member capable of authenticating 
+		user accounts to any Domain Controller in the same way as a Windows 
+		NT Server. See the <command>security = domain</command> option in 
+		the <filename>smb.conf(5)</filename> man page. </para>
+
+                <para>This command can work both with and without the -U parameter. </para>
+
+                <para>When invoked with -U, that username (and optional password) are
+                used to contact the PDC (which must be specified with -r) to both
+                create a machine account, and to set a password on it.</para>
+		
+                <para>Alternately, if -U is omitted, Samba will contact its PDC
+                and attempt to change the password on a pre-existing account. </para>
+
+                <para>In order to be used in this way, the Administrator for 
+		the Windows NT Domain must have used the program "Server Manager 
+		for Domains" to add the primary NetBIOS name of  the Samba server 
+		as a member of the Domain. </para>
+		
+		<para>After this has been done, to join the Domain invoke <command>
+		smbpasswd</command> with this parameter. smbpasswd will then 
+		look up the Primary Domain Controller for the Domain (found in 
+		the <filename>smb.conf</filename> file in the parameter 
+		<parameter>password server</parameter> and change the machine account 
+		password used to create the secure Domain communication.  </para>
+
+                <para>Either way, this password is then stored by smbpasswd in a TDB, 
+                writeable only by root, called <filename>secrets.tdb</filename> </para>
+		
+		<para>Once this operation has been performed the <filename>
+		smb.conf</filename> file may be updated to set the <command>
+		security = domain</command> option and all future logins
+		to the Samba server will be authenticated to the Windows NT 
+		PDC. </para>
+		
+		<para>Note that even though the authentication is being 
+		done to the PDC all users accessing the Samba server must still 
+		have a valid UNIX account on that machine.  
+                The <command>winbindd(8)</command> daemon can be used
+                to create UNIX accounts for NT users.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-R name resolve order</term>
+		<listitem><para>This option allows the user of smbpasswd to determine 
+		what name resolution services to use when looking up the NetBIOS
+		name of the host being connected to. </para>
+
+		<para>The options are :"lmhosts", "host", "wins" and "bcast". They cause 
+		names to be resolved as follows : </para>
+		<itemizedlist>
+			<listitem><para><constant>lmhosts</constant> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <ulink 
+			url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
+			any name type matches for lookup.</para></listitem>
+
+			<listitem><para><constant>host</constant> : Do a standard host 
+			name to IP address resolution, using the system <filename>/etc/hosts
+			</filename>, NIS, or DNS lookups. This method of name resolution 
+			is operating system dependent. For instance, on IRIX or Solaris this 
+			may be controlled by the <filename>/etc/nsswitch.conf</filename> 
+			file).  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</para></listitem>
+
+			<listitem><para><constant>wins</constant> : Query a name with 
+			the IP address listed in the <parameter>wins server</parameter> 
+			parameter.  If no WINS server has been specified this method 
+			will be ignored.</para></listitem>
+
+			<listitem><para><constant>bcast</constant> : Do a broadcast on 
+			each of the known local interfaces listed in the
+			<parameter>interfaces</parameter> parameter. This is the least 
+			reliable of the name resolution methods as it depends on the 
+			target host being on a locally connected subnet.</para></listitem>
+		</itemizedlist>
+		
+		<para>The default order is <command>lmhosts, host, wins, bcast</command> 
+		and without this parameter or any entry in the 
+		<filename>smb.conf</filename> file the name resolution methods will 
+		be attempted in this order. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>username</term>
+		<listitem><para>This specifies the username for all of the 
+		<emphasis>root only</emphasis> options to operate on. Only root 
+		can specify this parameter as only root has the permission needed 
+		to modify attributes directly in the local smbpasswd file. 
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>password</term>
+		<listitem><para>This specifies the new password. If this parameter
+		is specified you will not be prompted for the new password.
+		</para></listitem>
+		</varlistentry>
+
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>NOTES</title>
+	
+	<para>Since <command>smbpasswd</command> works in client-server 
+	mode communicating  with a local smbd for a non-root user then 
+	the smbd daemon must be running for this to work. A common problem 
+	is to add a restriction to the hosts that may access the <command>
+	smbd</command> running on the local machine by specifying a 
+	<parameter>allow hosts</parameter> or <parameter>deny hosts</parameter> 
+	entry in the <filename>smb.conf</filename> file and neglecting to 
+	allow "localhost" access to the smbd. </para>
+
+	<para>In addition, the smbpasswd command is only useful if Samba
+	has been set up to use encrypted passwords. See the file 
+	<filename>ENCRYPTION.txt</filename> in the docs directory for details 
+	on how to do this. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink>, 
+	<ulink url="samba.7.html">samba(7)</ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml
new file mode 100755
index 00000000000..82efb334ba7
--- /dev/null
+++ b/docs/docbook/manpages/smbsh.1.sgml
@@ -0,0 +1,235 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbsh">
+
+<refmeta>
+	<refentrytitle>smbsh</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbsh</refname>
+	<refpurpose>Allows access to Windows NT filesystem 
+	using UNIX commands</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbsh</command>
+		<arg choice="opt">-W workgroup</arg>
+		<arg choice="opt">-U username</arg>
+		<arg choice="opt">-P prefix</arg>
+		<arg choice="opt">-R &lt;name resolve order&gt;</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-l logfile</arg>
+		<arg choice="opt">-L libdir</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>smbsh</command> allows you to access an NT filesystem 
+	using UNIX commands such as <command>ls</command>, <command>
+	egrep</command>, and <command>rcp</command>. You must use a 
+	shell that is dynamically linked in order for <command>smbsh</command> 
+	to work correctly.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+	    <varlistentry>
+		<term>-W WORKGROUP</term>
+		<listitem><para>Override the default workgroup specified in the 
+		workgroup parameter of the <filename>smb.conf</filename> file 
+		for this session. This may be needed to connect to some 
+		servers. </para></listitem>
+	    </varlistentry>
+		
+	    <varlistentry>
+		<term>-U username[%pass]</term>
+		<listitem><para>Sets the SMB username or username and password.
+		If this option is not specified, the user will be prompted for 
+		both the username and the password.  If %pass is not specified, 
+		the user will be prompted for the password.
+		</para></listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+		<term>-P prefix</term><listitem><para>This option allows
+		the user to set the directory prefix for SMB access. The 
+		default value if this option is not specified is 
+		<emphasis>smb</emphasis>.
+		</para></listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+		<term>-R &lt;name resolve order&gt;</term> 
+		<listitem><para>This option is used to determine what naming 
+		services and in what order to resolve 
+		host names to IP addresses. The option takes a space-separated 
+		string of different name resolution options.</para>
+
+		<para>The options are :"lmhosts", "host", "wins" and "bcast". 
+		They cause names to be resolved as follows :</para>
+
+		<itemizedlist>
+			<listitem><para><constant>lmhosts</constant> : 
+			Lookup an IP address in the Samba lmhosts file. If the 
+			line in lmhosts has no name type attached to the 
+			NetBIOS name 
+			(see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink>
+			for details) then any name type matches for lookup.
+			</para></listitem>
+
+			<listitem><para><constant>host</constant> : 
+			Do a standard host name to IP address resolution, using
+			the system <filename>/etc/hosts</filename>, NIS, or DNS
+			lookups. This method of name resolution is operating 
+			system dependent, for instance on IRIX or Solaris this 
+			may be controlled by the <filename>/etc/nsswitch.conf
+			</filename> file).  Note that this method is only used 
+			if the NetBIOS name type being queried is the 0x20 
+			(server) name type, otherwise it is ignored.
+			</para></listitem>
+
+			<listitem><para><constant>wins</constant> : 
+			Query a name with the IP address listed in the 
+			<parameter>wins server</parameter> parameter.  If no 
+			WINS server has been specified this method will be 
+			ignored.
+			</para></listitem>
+
+			<listitem><para><constant>bcast</constant> : 
+			Do a broadcast on each of the known local interfaces 
+			listed in the <parameter>interfaces</parameter>
+			parameter. This is the least reliable of the name 
+			resolution methods as it depends on the target host 
+			being on a locally connected subnet.
+			</para></listitem>
+		</itemizedlist>
+
+		<para>If this parameter is not set then the name resolve order 
+		defined in the <filename>smb.conf</filename> file parameter  
+		(name resolve order) will be used. </para>
+
+		<para>The default order is lmhosts, host, wins, bcast. Without 
+		this parameter or any entry in the <parameter>name resolve order
+		</parameter> parameter of the <filename>smb.conf</filename> 
+		file, the name resolution methods will be attempted in this 
+		order. </para></listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+		<term>-d &lt;debug level&gt;</term>
+		<listitem><para>debug level is an integer from 0 to 10.</para>
+
+		<para>The default value if this parameter is not specified
+		is zero.</para>
+
+		<para>The higher this value, the more detail will be logged
+		about the activities of <command>nmblookup</command>. At level
+		0, only critical errors and serious warnings will be logged.
+		</para></listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+		<term>-l logfilename</term>
+		<listitem><para>If specified causes all debug messages to be
+		written to the file specified by <replaceable>logfilename
+		</replaceable>. If not specified then all messages will be 
+		written to<replaceable>stderr</replaceable>.
+		</para></listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+		<term>-L libdir</term>
+		<listitem><para>This parameter specifies the location of the 
+		shared libraries used by <command>smbsh</command>. The default
+		value is specified at compile time.
+		</para></listitem>
+	    </varlistentry>
+
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>EXAMPLES</title>
+
+	<para>To use the <command>smbsh</command> command, execute <command>
+	smbsh</command> from the prompt and enter the username and password 
+	that authenticates you to the machine running the Windows NT 
+	operating system.</para>
+
+	<para><programlisting>
+	<prompt>system% </prompt><userinput>smbsh</userinput>
+	<prompt>Username: </prompt><userinput>user</userinput>
+	<prompt>Password: </prompt><userinput>XXXXXXX</userinput>
+	</programlisting></para>
+
+
+	<para>Any dynamically linked command you execute from 
+	this shell will access the <filename>/smb</filename> directory 
+	using the smb protocol. For example, the command <command>ls /smb
+	</command> will show a list of workgroups. The command 
+	<command>ls /smb/MYGROUP </command> will show all the machines in 
+	the  workgroup MYGROUP. The command 
+	<command>ls /smb/MYGROUP/&lt;machine-name&gt;</command> will show the share 
+	names for that machine. You could then, for example, use the <command>
+	cd</command> command to change directories, <command>vi</command> to 
+	edit files, and <command>rcp</command>  to copy files.</para>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>BUGS</title>
+	
+	<para><command>smbsh</command> works by intercepting the standard 
+	libc calls with the dynamically loaded versions in <filename>
+	smbwrapper.o</filename>. Not all calls have been "wrapped", so 
+	some programs may not function correctly under <command>smbsh
+	</command>.</para>
+
+	<para>Programs which are not dynamically linked cannot make 
+	use of <command>smbsh</command>'s functionality. Most versions 
+	of UNIX have a <command>file</command> command that will 
+	describe how a program was linked.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml
new file mode 100755
index 00000000000..d5c9c0a1148
--- /dev/null
+++ b/docs/docbook/manpages/smbspool.8.sgml
@@ -0,0 +1,131 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbspool">
+
+<refmeta>
+	<refentrytitle>smbspool</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbspool</refname>
+	<refpurpose>send print file to an SMB printer</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbspool</command>
+		<arg>job</arg> 
+		<arg>user</arg> 
+		<arg>title</arg> 
+		<arg>copies</arg> 
+		<arg>options</arg> 
+		<arg>filename</arg> 
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para>smbspool is a very small print spooling program that 
+	sends a print file to an SMB printer. The command-line arguments 
+	are position-dependent for compatibility with the Common UNIX 
+	Printing System, but you can use smbspool with any printing system 
+	or from a program or script.</para>
+
+	<para><emphasis>DEVICE URI</emphasis></para>
+
+	<para>smbspool specifies the destination using a Uniform Resource 
+	Identifier ("URI") with a method of "smb". This string can take 
+	a number of forms:</para>
+
+	<itemizedlist>
+		<listitem><para>smb://server/printer</para></listitem>
+		<listitem><para>smb://workgroup/server/printer</para></listitem>
+		<listitem><para>smb://username:password@server/printer</para>
+		</listitem>
+		<listitem><para>smb://username:password@workgroup/server/printer
+		</para></listitem>
+	</itemizedlist>
+
+	<para>smbspool tries to get the URI from argv[0]. If argv[0] 
+	contains the name of the program then it looks in the <envar>
+	DEVICE_URI</envar> environment variable.</para>
+
+	<para>Programs using the <command>exec(2)</command> functions can 
+	pass the URI in argv[0], while shell scripts must set the 
+	<envar>DEVICE_URI</envar> environment variable prior to
+	running smbspool.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<itemizedlist>
+		<listitem><para>The job argument (argv[1]) contains the 
+		job ID number and is presently not used by smbspool.
+		</para></listitem>
+
+		<listitem><para>The user argument (argv[2]) contains the 
+		print user's name and is presently not used by smbspool.
+		</para></listitem>
+
+		<listitem><para>The title argument (argv[3]) contains the 
+		job title string and is passed as the remote file name 
+		when sending the print job.</para></listitem>
+
+		<listitem><para>The copies argument (argv[4]) contains 
+		the number of copies to be printed of the named file. If 
+		no filename is provided than this argument is not used by 
+		smbspool.</para></listitem>
+
+		<listitem><para>The options argument (argv[5]) contains 
+		the print options in a single string and is presently 
+		not used by smbspool.</para></listitem>
+
+		<listitem><para>The filename argument (argv[6]) contains the 
+		name of the file to print. If this argument is not specified 
+		then the print file is read from the standard input.</para>
+		</listitem>
+	</itemizedlist>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	and <ulink url="samba.7.html">samba(7)</ulink>.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para><command>smbspool</command> was written by Michael Sweet 
+	at Easy Software Products.</para>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml
new file mode 100755
index 00000000000..c2f638b88ef
--- /dev/null
+++ b/docs/docbook/manpages/smbstatus.1.sgml
@@ -0,0 +1,137 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbstatus">
+
+<refmeta>
+	<refentrytitle>smbstatus</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbstatus</refname>
+	<refpurpose>report on current Samba connections</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbstatus</command>
+		<arg choice="opt">-P</arg>
+		<arg choice="opt">-b</arg>
+		<arg choice="opt">-d</arg>
+		<arg choice="opt">-L</arg>
+		<arg choice="opt">-p</arg>
+		<arg choice="opt">-S</arg>
+		<arg choice="opt">-s &lt;configuration file&gt;</arg>
+		<arg choice="opt">-u &lt;username&gt;</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>smbstatus</command> is a very simple program to 
+	list the current Samba connections.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-P</term>
+		<listitem><para>If samba has been compiled with the 
+		profiling option, print only the contents of the profiling 
+		shared memory area.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-b</term>
+		<listitem><para>gives brief output.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-d</term>
+		<listitem><para>gives verbose output.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-L</term>
+		<listitem><para>causes smbstatus to only list locks.</para>
+		</listitem>
+		</varlistentry>
+		
+
+
+		<varlistentry>
+		<term>-p</term>
+		<listitem><para>print a list of <ulink url="smbd.8.html">
+		<command>smbd(8)</command></ulink> processes and exit. 
+		Useful for scripting.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-S</term>
+		<listitem><para>causes smbstatus to only list shares.</para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-s &lt;configuration file&gt;</term>
+		<listitem><para>The default configuration file name is
+		determined at compile time. The file specified contains the
+		configuration details required by the server. See <ulink 
+		url="smb.conf.5.html"><filename>smb.conf(5)</filename>
+		</ulink> for more information.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-u &lt;username&gt;</term>
+		<listitem><para>selects information relevant to 
+		<parameter>username</parameter> only.</para>
+		</listitem>
+		</varlistentry>
+
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink> and
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>.</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml
new file mode 100755
index 00000000000..4e2ee5fff0a
--- /dev/null
+++ b/docs/docbook/manpages/smbtar.1.sgml
@@ -0,0 +1,226 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbtar">
+
+<refmeta>
+	<refentrytitle>smbtar</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbtar</refname>
+	<refpurpose>shell script for backing up SMB/CIFS shares 
+	directly to UNIX tape drives</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbtar</command>
+		<arg choice="req">-s server</arg>
+		<arg choice="opt">-p password</arg>
+		<arg choice="opt">-x services</arg>
+		<arg choice="opt">-X</arg>
+		<arg choice="opt">-d directory</arg>
+		<arg choice="opt">-u user</arg>
+		<arg choice="opt">-t tape</arg>
+		<arg choice="opt">-t tape</arg>
+		<arg choice="opt">-b blocksize</arg>
+		<arg choice="opt">-N filename</arg>
+		<arg choice="opt">-i</arg>
+		<arg choice="opt">-r</arg>
+		<arg choice="opt">-l loglevel</arg>
+		<arg choice="opt">-v</arg>
+		<arg choice="req">filenames</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>smbtar</command> is a very small shell script on top 
+	of <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> 
+	which dumps SMB shares directly to tape. </para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-s server</term>
+		<listitem><para>The SMB/CIFS server that the share resides 
+		upon.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-x service</term>
+		<listitem><para>The share name on the server to connect to. 
+		The default is "backup".</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-X</term>
+		<listitem><para>Exclude mode. Exclude filenames... from tar 
+		create or restore. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-d directory</term>
+		<listitem><para>Change to initial <parameter>directory
+		</parameter> before restoring / backing up files. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-v</term>
+		<listitem><para>Verbose mode.</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-p password</term>
+		<listitem><para>The password to use to access a share. 
+		Default: none </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-u user</term>
+		<listitem><para>The user id to connect as. Default: 
+		UNIX login name. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-t tape</term>
+		<listitem><para>Tape device. May be regular file or tape 
+		device. Default: <parameter>$TAPE</parameter> environmental 
+		variable; if not set, a file called <filename>tar.out
+		</filename>. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-b blocksize</term>
+		<listitem><para>Blocking factor. Defaults to 20. See
+		<command>tar(1)</command> for a fuller explanation. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-N filename</term>
+		<listitem><para>Backup only files newer than filename. Could 
+		be used (for example) on a log file to implement incremental
+		backups. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-i</term>
+		<listitem><para>Incremental mode; tar files are only backed 
+		up if they have the archive bit set. The archive bit is reset 
+		after each file is read. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-r</term>
+		<listitem><para>Restore. Files are restored to the share 
+		from the tar file. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-l log level</term>
+		<listitem><para>Log (debug) level. Corresponds to the 
+		<parameter>-d</parameter> flag of <command>smbclient(1)
+		</command>. </para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>ENVIRONMENT VARIABLES</title>
+
+	<para>The <parameter>$TAPE</parameter> variable specifies the 
+	default tape device to write to. May be overridden
+	with the -t option. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>BUGS</title>
+
+	<para>The <command>smbtar</command> script has different 
+	options from ordinary tar and tar called from smbclient. </para>
+
+</refsect1>
+
+<refsect1>
+	<title>CAVEATS</title>
+
+	<para>Sites that are more careful about security may not like 
+	the way the script handles PC passwords. Backup and restore work 
+	on entire shares, should work on file lists. smbtar works best
+	with GNU tar and may not work well with other versions. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>DIAGNOSTICS</title>
+
+	<para>See the <emphasis>DIAGNOSTICS</emphasis> section for the 
+	<ulink url="smbclient.1.html"><command>smbclient(1)</command> 
+	</ulink> command.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, 
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>,
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para><ulink url="mailto:poultenr@logica.co.uk">Ricky Poulten</ulink>  
+	wrote the tar extension and this man page. The <command>smbtar</command> 
+	script was heavily rewritten and improved by <ulink 
+	url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many 
+	thanks to everyone who suggested extensions, improvements, bug 
+	fixes, etc. The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter.</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.sgml
new file mode 100755
index 00000000000..d6a1b65b578
--- /dev/null
+++ b/docs/docbook/manpages/smbumount.8.sgml
@@ -0,0 +1,73 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="smbumount">
+
+<refmeta>
+	<refentrytitle>smbumount</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbumount</refname>
+	<refpurpose>smbfs umount for normal users</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbumount</command>
+		<arg choice="req">mount-point</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>With this program, normal users can unmount smb-filesystems, 
+	provided that it is suid root.  <command>smbumount</command> has 
+	been written to give normal Linux users more control over their 
+	resources. It is safe to install this program suid root, because only 
+	the user who has mounted a filesystem is allowed to unmount it again.  
+	For root it is not necessary to use smbumount. The normal umount 
+	program works perfectly well, but it would certainly be problematic 
+	to make umount setuid root.</para>  
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>mount-point</term>
+		<listitem><para>The directory to unmount.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>SEE ALSO</title>
+	
+	<para><ulink url="smbmount.8.html"><command>smbmount(8)</command>
+	</ulink></para>
+</refsect1>
+
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+	and others.</para>
+	
+	<para>The current maintainer of smbfs and the userspace
+	tools <command>smbmount</command>, <command>smbumount</command>,
+	and <command>smbmnt</command> is <ulink 
+	url="mailto:urban@teststation.com">Urban Widmark</ulink>.
+	The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink>
+	is the preferred place to ask questions regarding these programs.
+	</para>
+	
+	<para>The conversion of this manpage for Samba 2.2 was performed 
+	by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml
new file mode 100755
index 00000000000..b67f53777dd
--- /dev/null
+++ b/docs/docbook/manpages/swat.8.sgml
@@ -0,0 +1,265 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="swat">
+
+<refmeta>
+	<refentrytitle>swat</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>swat</refname>
+	<refpurpose>Samba Web Administration Tool</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>swat</command>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="opt">-a</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+
+	<para><command>swat</command> allows a Samba administrator to 
+	configure the complex <ulink url="smb.conf.5.html"><filename>
+	smb.conf(5)</filename></ulink> file via a Web browser. In addition, 
+	a <command>swat</command> configuration page has help links 
+	to all the configurable options in the <filename>smb.conf</filename> file allowing an 
+	administrator to easily look up the effects of any change. </para>
+
+	<para><command>swat</command> is run from <command>inetd</command> </para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-s smb configuration file</term>
+		<listitem><para>The default configuration file path is 
+		determined at compile time.  The file specified contains 
+		the configuration details required by the <command>smbd
+		</command> server. This is the file that <command>swat</command> will modify. 
+		The information in this file includes server-specific 
+		information such as what printcap file to use, as well as 
+		descriptions of all the services that the server is to provide.
+		See <filename>smb.conf</filename> for more information. 
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-a</term>
+		<listitem><para>This option disables authentication and puts 
+		<command>swat</command> in demo mode. In that mode anyone will be able to modify 
+		the <filename>smb.conf</filename> file. </para>
+		
+		<para><emphasis>Do NOT enable this option on a production 
+		server. </emphasis></para></listitem>
+		</varlistentry>
+	</variablelist>
+
+</refsect1>
+
+<refsect1>
+
+	<title>INSTALLATION</title>
+
+	<para>After you compile SWAT you need to run <command>make install
+	</command> to install the <command>swat</command> binary
+	and the various help files and images. A default install would put 
+	these in: </para>
+	
+	<itemizedlist>
+		<listitem><para>/usr/local/samba/bin/swat</para></listitem>
+		<listitem><para>/usr/local/samba/swat/images/*</para></listitem>
+		<listitem><para>/usr/local/samba/swat/help/*</para></listitem>
+	</itemizedlist>
+
+	<refsect2> 
+		<title>Inetd Installation</title>
+
+		<para>You need to edit your <filename>/etc/inetd.conf
+		</filename> and <filename>/etc/services</filename>
+		to enable SWAT to be launched via <command>inetd</command>.</para>
+
+		<para>In <filename>/etc/services</filename> you need to 
+		add a line like this: </para>
+
+		<para><command>swat            901/tcp</command></para>
+
+		<para>Note for NIS/YP users - you may need to rebuild the 
+		NIS service maps rather than alter your local <filename>
+		/etc/services</filename> file. </para>
+
+		<para>the choice of port number isn't really important 
+		except that it should be less than 1024 and not currently 
+		used (using a number above 1024 presents an obscure security 
+		hole depending on the implementation details of your 
+		<command>inetd</command> daemon). </para>
+
+		<para>In <filename>/etc/inetd.conf</filename> you should 
+		add a line like this: </para>
+
+		<para><command>swat    stream  tcp     nowait.400  root
+		/usr/local/samba/bin/swat swat</command></para>
+	
+		<para>One you have edited <filename>/etc/services</filename> 
+		and <filename>/etc/inetd.conf</filename> you need to send a 
+		HUP signal to inetd. To do this use <command>kill -1 PID
+		</command> where PID is the process ID of the inetd daemon. </para>
+
+	</refsect2>
+
+
+	<refsect2> 
+		<title>Xinetd Installation</title>
+
+		<para>Newer Linux systems ship with a more secure implementation
+		of the inetd meta-daemon.  The <command>xinetd</command> daemon
+		can read configuration inf9ormation from a single file (i.e.
+		<filename>/etc/xinetd.conf</filename>) or from a collection
+		of service control files in the <filename>xinetd.d/</filename> directory.
+		These directions assume the latter configuration.
+		</para>
+
+		<para>
+		The following file should be created as <filename>/etc/xientd.d/swat</filename>.
+		It is then be neccessary cause the meta-daemon to reload its configuration files.
+		Refer to the xinetd man page for details on how to accomplish this.
+		</para>
+
+<para><programlisting>
+## /etc/xinetd.d/swat
+service swat
+{
+        port    = 901
+        socket_type     = stream
+        wait    = no
+        only_from = localhost
+        user    = root
+        server  = /usr/local/samba/bin/swat
+        log_on_failure  += USERID
+        disable =  No
+}
+</programlisting></para>
+
+	</refsect2>
+
+
+	<refsect2>
+		<title>Launching</title>
+
+		<para>To launch SWAT just run your favorite web browser and 
+		point it at "http://localhost:901/".</para>
+
+		<para>Note that you can attach to SWAT from any IP connected 
+		machine but connecting from a remote machine leaves your 
+		connection open to password sniffing as passwords will be sent 
+		in the clear over the wire. </para>
+	</refsect2>
+
+</refsect1>
+
+<refsect1>
+	<title>TROUBLESHOOTING</title>
+
+	<para>
+	One of the common causes of difficulty when installing Samba and SWAT
+	is the existsnece of some type of firewall or port filtering software 
+	on the Samba server.  Make sure that the appropriate ports
+	outlined in this man page are available on the server and are not currently 
+	being blocked by some type of security software such as iptables or 
+	"port sentry".  For more troubleshooting information, refer to the additional 
+	documentation included in the Samba distribution.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>FILES</title>
+	
+	<variablelist>
+		<varlistentry>
+		<term><filename>/etc/inetd.conf</filename></term>
+		<listitem><para>This file must contain suitable startup 
+		information for the meta-daemon.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/etc/xinetd.d/swat</filename></term>
+		<listitem><para>This file must contain suitable startup 
+		information for the <command>xinetd</command> meta-daemon.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/etc/services</filename></term>
+		<listitem><para>This file must contain a mapping of service name 
+		(e.g., swat) to service port (e.g., 901) and protocol type 
+		(e.g., tcp).  </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
+		<listitem><para>This is the default location of the <filename>smb.conf(5)
+		</filename> server configuration file that swat edits. Other 
+		common places that systems install this file are <filename>
+		/usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf
+		</filename>.  This file describes all the services the server 
+		is to make available to clients. </para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>WARNINGS</title>
+
+	<para><command>swat</command> will rewrite your <filename>smb.conf
+	</filename> file. It will rearrange the entries and delete all 
+	comments, <parameter>include=</parameter> and <parameter>copy="
+	</parameter> options. If you have a carefully crafted <filename>
+	smb.conf</filename> then back it up or don't use swat! </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><command>inetd(5)</command>,
+	<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>, <command>xinetd(8)</command>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml
new file mode 100755
index 00000000000..9128d8f4c51
--- /dev/null
+++ b/docs/docbook/manpages/testparm.1.sgml
@@ -0,0 +1,173 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="testparm">
+
+<refmeta>
+	<refentrytitle>testparm</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>testparm</refname>
+	<refpurpose>check an smb.conf configuration file for 
+	internal correctness</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>testparm</command>
+		<arg choice="opt">-s</arg>
+		<arg choice="opt">-h</arg>
+		<arg choice="opt">-x</arg>
+		<arg choice="opt">-L &lt;servername&gt;</arg>
+		<arg choice="req">config filename</arg>
+		<arg choice="opt">hostname  hostIP</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>testparm</command> is a very simple test program 
+	to check an <command>smbd</command> configuration file for 
+	internal correctness. If this program reports no problems, you 
+	can use the configuration file with confidence that <command>smbd
+	</command> will successfully load the configuration file.</para>
+
+
+	<para>Note that this is <emphasis>NOT</emphasis> a guarantee that 
+	the services specified in the configuration file will be 
+	available or will operate as expected. </para>
+
+	<para>If the optional host name and host IP address are 
+	specified on the command line, this test program will run through 
+	the service entries reporting whether the specified host
+	has access to each service. </para>
+
+	<para>If <command>testparm</command> finds an error in the <filename>
+	smb.conf</filename> file it returns an exit code of 1 to the calling 
+	program, else it returns an exit code of 0. This allows shell scripts 
+	to test the output from <command>testparm</command>.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-s</term>
+		<listitem><para>Without this option, <command>testparm</command> 
+		will prompt for a carriage return after printing the service 
+		names and before dumping the service definitions.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-h</term>
+		<listitem><para>Print usage message </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-x</term>
+		<listitem><para>Print only parameters that have non-default values</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-L servername</term>
+		<listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>.
+		This is useful for testing include files specified with the 
+		%L macro. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>configfilename</term>
+		<listitem><para>This is the name of the configuration file 
+		to check. If this parameter is not present then the 
+		default <filename>smb.conf</filename> file will be checked. 	
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>hostname</term>
+		<listitem><para>If this parameter and the following are 
+		specified, then <command>testparm</command> will examine the <parameter>hosts
+		allow</parameter> and <parameter>hosts deny</parameter> 
+		parameters in the <filename>smb.conf</filename> file to 
+		determine if the hostname with this IP address would be
+		allowed access to the <command>smbd</command> server.  If 
+		this parameter is supplied, the hostIP parameter must also
+		be supplied.</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>hostIP</term>
+		<listitem><para>This is the IP address of the host specified 
+		in the previous parameter.  This address must be supplied 
+		if the hostname parameter is supplied. </para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>FILES</title>
+
+	<variablelist>
+		<varlistentry>
+		<term><filename>smb.conf</filename></term>
+		<listitem><para>This is usually the name of the configuration 
+		file used by <command>smbd</command>. 
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>DIAGNOSTICS</title>
+
+	<para>The program will issue a message saying whether the 
+	configuration file loaded OK or not. This message may be preceded by 
+	errors and warnings if the file did not load. If the file was 
+	loaded OK, the program then dumps all known service details 
+	to stdout. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink>, 
+	<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
+
diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.sgml
new file mode 100755
index 00000000000..cd99494a9af
--- /dev/null
+++ b/docs/docbook/manpages/testprns.1.sgml
@@ -0,0 +1,143 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="testprns">
+
+<refmeta>
+	<refentrytitle>testprns</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>testprns</refname>
+	<refpurpose>check printer name for validity with smbd</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>testprns</command>
+		<arg choice="req">printername</arg>
+		<arg choice="opt">printcapname</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>testprns</command> is a very simple test program 
+	to determine whether a given printer name is valid for use in 
+	a service to be provided by <ulink url="smbd.8.html"><command>
+	smbd(8)</command></ulink>. </para>
+
+	<para>"Valid" in this context means "can be found in the 
+	printcap specified". This program is very stupid - so stupid in 
+	fact that it would be wisest to always specify the printcap file 
+	to use. </para>
+
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>printername</term>
+		<listitem><para>The printer name to validate.</para>
+		
+		<para>Printer names are taken from the first field in each 
+		record in the printcap file, single printer names and sets 
+		of aliases separated by vertical bars ("|") are recognized. 
+		Note that no validation or checking of the printcap syntax is 
+		done beyond that required to extract the printer name. It may
+		be that the print spooling system is more forgiving or less 
+		forgiving than <command>testprns</command>. However, if 
+		<command>testprns</command> finds the printer then 
+		<command>smbd</command> should do so as well. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>	
+		<term>printcapname</term>
+		<listitem><para>This is the name of the printcap file within
+		which to search for the given printer name. </para>
+
+		<para>If no printcap name is specified <command>testprns
+		</command> will attempt to scan the printcap file name 
+		specified at compile time. </para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>FILES</title>
+
+	<variablelist>
+		<varlistentry>
+		<term><filename>/etc/printcap</filename></term>
+		<listitem><para>This is usually the default printcap 
+		file to scan. See <filename>printcap (5)</filename>. 
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>DIAGNOSTICS</title>
+
+	<para>If a printer is found to be valid, the message 
+	"Printer name &lt;printername&gt; is valid" will be 
+	displayed. </para>
+
+	<para>If a printer is found to be invalid, the message
+	"Printer name &lt;printername&gt; is not valid" will be 
+	displayed. </para>
+
+	<para>All messages that would normally be logged during
+	operation of the Samba daemons are logged by this program to the 
+	file <filename>test.log</filename> in the current directory. The
+	program runs at debuglevel 3, so quite extensive logging 
+	information is written. The log should be checked carefully 
+	for errors and warnings. </para>
+
+	<para>Other messages are self-explanatory. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><filename>printcap(5)</filename>, 
+	<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
+	<ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</para>
+</refsect1>
+
+</refentry>
+
diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml
new file mode 100755
index 00000000000..f1461b07b9c
--- /dev/null
+++ b/docs/docbook/manpages/wbinfo.1.sgml
@@ -0,0 +1,238 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="wbinfo">
+
+<refmeta>
+	<refentrytitle>wbinfo</refentrytitle>
+	<manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>wbinfo</refname>
+	<refpurpose>Query information from winbind daemon</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>wbinfo</command>
+		<arg choice="opt">-u</arg>
+		<arg choice="opt">-g</arg>
+		<arg choice="opt">-h name</arg>
+		<arg choice="opt">-i ip</arg>
+		<arg choice="opt">-n name</arg>
+		<arg choice="opt">-s sid</arg>
+		<arg choice="opt">-U uid</arg>
+		<arg choice="opt">-G gid</arg>
+		<arg choice="opt">-S sid</arg>
+		<arg choice="opt">-Y sid</arg>
+		<arg choice="opt">-t</arg>
+		<arg choice="opt">-m</arg>
+		<arg choice="opt">-r user</arg>
+		<arg choice="opt">-a user%password</arg>
+		<arg choice="opt">-A user%password</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+	
+	<para>The <command>wbinfo</command> program queries and returns information 
+	created and used by the <ulink url="winbindd.8.html"><command>
+	winbindd(8)</command></ulink> daemon. </para>
+
+	<para>The <command>winbindd(8)</command> daemon must be configured 
+	and running for the <command>wbinfo</command> program to be able 
+	to return information.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-u</term>
+		<listitem><para>This option will list all users available 
+		in the Windows NT domain for which the <command>winbindd(8)
+		</command> daemon is operating in. Users in all trusted domains 
+		will also be listed.  Note that this operation does not assign 
+		user ids to any users that have not already been seen by 
+		<command>winbindd(8)</command>.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>-g</term>
+		<listitem><para>This option will list all groups available 
+		in the Windows NT domain for which the <command>winbindd(8)
+		</command> daemon is operating in. Groups in all trusted domains
+		will also be listed.  Note that this operation does not assign 
+		group ids to any groups that have not already been seen by
+		<command>winbindd(8)</command>. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-h name</term>
+		<listitem><para>The <parameter>-h</parameter> option 
+		queries <command>winbindd(8)</command> to query the WINS
+		server for the IP address associated with the NetBIOS name
+		specified by the <parameter>name</parameter> parameter.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-i ip</term>
+		<listitem><para>The <parameter>-i</parameter> option 
+		queries <command>winbindd(8)</command> to send a node status
+		request to get the NetBIOS name associated with the IP address
+		specified by the <parameter>ip</parameter> parameter.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-n name</term>
+		<listitem><para>The <parameter>-n</parameter> option 
+		queries <command>winbindd(8)</command> for the SID 		
+		associated with the name specified. Domain names can be specified 
+		before the user name by using the winbind separator character.  
+		For example CWDOM1/Administrator refers to the Administrator
+		user in the domain CWDOM1.  If no domain is specified then the 
+		domain used is the one specified in the <filename>smb.conf</filename>
+		<parameter>workgroup</parameter> parameter. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-s sid</term>
+		<listitem><para>Use <parameter>-s</parameter> to resolve
+		a SID to a name.  This is the inverse of the <parameter>-n
+		</parameter> option above.  SIDs must be specified as ASCII strings 
+		in the traditional Microsoft format. For example,
+		S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-U uid</term>
+		<listitem><para>Try to convert a UNIX user id to a Windows NT 
+		SID.  If the uid specified does not refer to one within
+		the winbind uid range then the operation will fail. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-G gid</term>
+		<listitem><para>Try to convert a UNIX group id to a Windows 
+		NT SID.  If the gid specified does not refer to one within 
+		the winbind gid range then the operation will fail. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-S sid</term>
+		<listitem><para>Convert a SID to a UNIX user id.  If the SID 
+		does not correspond to a UNIX user mapped by <command>
+		winbindd(8)</command> then the operation will fail. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-Y sid</term>
+		<listitem><para>Convert a SID to a UNIX group id.  If the SID 
+		does not correspond to a UNIX group mapped by <command>
+		winbindd(8)</command> then the operation will fail. </para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>-t</term>
+		<listitem><para>Verify that the workstation trust account 
+		created when the Samba server is added to the Windows NT
+		domain is working. </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-m</term>
+		<listitem><para>Produce a list of domains trusted by the 
+		Windows NT server <command>winbindd(8)</command> contacts 
+		when resolving names.  This list does not include the Windows 
+		NT domain the server is a Primary Domain Controller for.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-r username</term>
+		<listitem><para>Try to obtain the list of UNIX group ids
+		to which the user belongs.  This only works for users
+		defined on a Domain Controller.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-a username%password</term>
+		<listitem><para>Attempt to authenticate a user via winbindd. 
+                This checks both authenticaion methods and reports its results.
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>-A username%password</term>
+		<listitem><para>Store username and password used by winbindd 
+		during session setup to a domain controller.  This enables
+		winbindd to operate in a Windows 2000 domain with Restrict
+		Anonymous turned on (a.k.a. Permissions compatiable with
+		Windows 2000 servers only).
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>EXIT STATUS</title>
+
+	<para>The wbinfo program returns 0 if the operation 
+	succeeded, or 1 if the operation failed.  If the <command>winbindd(8)
+	</command> daemon is not working <command>wbinfo</command> will always return 
+	failure. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><ulink url="winbindd.8.html"><command>winbindd(8)</command>
+	</ulink></para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para><command>wbinfo</command> and <command>winbindd</command>
+	were written by Tim Potter.</para>
+	
+	<para>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml
new file mode 100755
index 00000000000..e257b6c3fb8
--- /dev/null
+++ b/docs/docbook/manpages/winbindd.8.sgml
@@ -0,0 +1,515 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="winbindd">
+
+<refmeta>
+	<refentrytitle>winbindd</refentrytitle>
+	<manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+	<refname>winbindd</refname>
+	<refpurpose>Name Service Switch daemon for resolving names 
+	from NT servers</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>winbindd</command>
+		<arg choice="opt">-i</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This program is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
+
+	<para><command>winbindd</command> is a daemon that provides 
+	a service for the Name Service Switch capability that is present 
+	in most modern C libraries.  The Name Service Switch allows user 
+	and system information to be obtained from different databases 
+	services such as NIS or DNS.  The exact behaviour can be configured 
+	throught the <filename>/etc/nsswitch.conf</filename> file.  
+	Users and groups are allocated as they are resolved to a range 
+	of user and group ids specified by the administrator of the 
+	Samba system.</para>
+
+	<para>The service provided by <command>winbindd</command> is called `winbind' and 
+	can be used to resolve user and group information from a 
+	Windows NT server. The service can also provide authentication
+	services via an associated PAM module. </para>
+	
+	<para>
+	The <filename>pam_winbind</filename> module in the 2.2.2 release only 
+	supports the <parameter>auth</parameter> and <parameter>account</parameter> 
+	module-types.  The latter is simply
+	performs a getpwnam() to verify that the system can obtain a uid for the
+	user.  If the <filename>libnss_winbind</filename> library has been correctly 
+	installed, this should always suceed.
+	</para>
+
+	<para>The following nsswitch databases are implemented by 
+	the winbindd service: </para>
+
+	<variablelist>
+		<varlistentry>
+		<term>hosts</term>
+		<listitem><para>User information traditionally stored in 
+		the <filename>hosts(5)</filename> file and used by 
+		<command>gethostbyname(3)</command> functions. Names are
+		resolved through the WINS server or by broadcast.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>passwd</term>
+		<listitem><para>User information traditionally stored in 
+		the <filename>passwd(5)</filename> file and used by 
+		<command>getpwent(3)</command> functions. </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>group</term>
+		<listitem><para>Group information traditionally stored in 
+		the <filename>group(5)</filename> file and used by 		
+		<command>getgrent(3)</command> functions. </para></listitem>
+		</varlistentry>
+	</variablelist>
+
+	<para>For example, the following simple configuration in the
+	<filename>/etc/nsswitch.conf</filename> file can be used to initially 
+	resolve user and group information from <filename>/etc/passwd
+	</filename> and <filename>/etc/group</filename> and then from the 
+	Windows NT server. </para>
+
+	<para><programlisting>
+passwd:         files winbind
+group:          files winbind
+	</programlisting></para>  
+
+	<para>The following simple configuration in the
+	<filename>/etc/nsswitch.conf</filename> file can be used to initially
+	resolve hostnames from <filename>/etc/hosts</filename> and then from the
+	WINS server.</para>
+
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-d debuglevel</term>
+		<listitem><para>Sets the debuglevel to an integer between 
+		0 and 100. 0 is for no debugging and 100 is for reams and 
+		reams. To submit a bug report to the Samba Team, use debug 
+		level 100 (see BUGS.txt).   </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-i</term>
+		<listitem><para>Tells <command>winbindd</command> to not 
+		become a daemon and detach from the current terminal. This 
+		option is used by developers when interactive debugging 
+		of <command>winbindd</command> is required. </para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>NAME AND ID RESOLUTION</title>
+
+	<para>Users and groups on a Windows NT server are assigned 
+	a relative id (rid) which is unique for the domain when the 
+	user or group is created.  To convert the Windows NT user or group 
+	into a unix user or group, a mapping between rids and unix user 
+	and group ids is required.  This is one of the jobs that <command>
+	winbindd</command> performs. </para>
+
+	<para>As winbindd users and groups are resolved from a server, user 
+	and group ids are allocated from a specified range.  This
+	is done on a first come, first served basis, although all existing 
+	users and groups will be mapped as soon as a client performs a user 
+	or group enumeration command.  The allocated unix ids are stored 
+	in a database file under the Samba lock directory and will be 
+	remembered. </para>
+
+	<para>WARNING: The rid to unix id database is the only location 
+	where the user and group mappings are stored by winbindd.  If this 
+	file is deleted or corrupted, there is no way for winbindd to 
+	determine which user and group ids correspond to Windows NT user 
+	and group rids. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>CONFIGURATION</title>
+
+	<para>Configuration of the <command>winbindd</command> daemon 
+	is done through configuration parameters in the <filename>smb.conf(5)
+	</filename> file.  All parameters should be specified in the 
+	[global] section of smb.conf. </para>
+
+	<variablelist>
+		<varlistentry>
+		<term>winbind separator</term>
+		<listitem><para>The winbind separator option allows you 
+		to specify how NT domain names and user names are combined 
+		into unix user names when presented to users. By default, 
+		<command>winbindd</command> will use the traditional '\' 
+		separator so that the unix user names look like 
+		DOMAIN\username. In some cases this separator character may 
+		cause problems as the '\' character has special meaning in 
+		unix shells.  In that case you can use the winbind separator 
+		option to specify an alternative separator character. Good 
+		alternatives may be '/' (although that conflicts
+		with the unix directory separator) or a '+ 'character. 
+		The '+' character appears to be the best choice for 100% 
+		compatibility with existing unix utilities, but may be an 
+		aesthetically bad choice depending on your taste. </para>
+		
+		<para>Default: <command>winbind separator = \ </command>
+		</para>
+		<para>Example: <command>winbind separator = + </command></para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>winbind uid</term>
+		<listitem><para>The winbind uid parameter specifies the 
+		range of user ids that are allocated by the winbindd daemon.  
+		This range of ids should have no existing local or NIS users 
+		within it as strange conflicts can occur otherwise. </para>
+
+		<para>Default: <command>winbind uid = &lt;empty string&gt; 
+		</command></para>
+		<para>Example: <command>winbind uid = 10000-20000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>winbind gid</term>
+		<listitem><para>The winbind gid parameter specifies the 
+		range of group ids that are allocated by the winbindd daemon.  
+		This range of group ids should have no existing local or NIS 
+		groups within it as strange conflicts can occur otherwise.</para> 
+
+		<para>Default: <command>winbind gid = &lt;empty string&gt;
+		</command></para> 	
+		<para>Example: <command>winbind gid = 10000-20000
+		</command> </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>winbind cache time</term>
+		<listitem><para>This parameter specifies the number of 
+		seconds the winbindd daemon will cache user and group information 
+		before querying a Windows NT server again. When a item in the 
+		cache is older than this time winbindd will ask the domain 
+		controller for the sequence number of the server's account database. 
+		If the sequence number has not changed then the cached item is 
+		marked as valid for a further <parameter>winbind cache time
+		</parameter> seconds.  Otherwise the item is fetched from the 
+		server. This means that as long as the account database is not 
+		actively changing winbindd will only have to send one sequence 
+		number query packet every <parameter>winbind cache time
+		</parameter> seconds. </para>
+
+		<para>Default: <command>winbind cache time = 15</command>
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>winbind enum users</term>
+		<listitem><para>On large installations it may be necessary 
+		to suppress the enumeration of users through the <command>
+		setpwent()</command>, <command>getpwent()</command> and 
+		<command>endpwent()</command> group of system calls.  If 
+		the <parameter>winbind enum users</parameter> parameter is false, 
+		calls to the <command>getpwent</command> system call will not 
+		return any data. </para>
+
+		<para><emphasis>Warning:</emphasis> Turning off user enumeration 
+		may cause some programs to behave oddly.  For example, the <command>finger</command> 
+		program relies on having access to the full user list when 
+		searching  for matching usernames. </para>
+
+		<para>Default: <command>winbind enum users = yes </command></para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>winbind enum groups</term>
+		<listitem><para>On large installations it may be necessary 
+		to suppress the enumeration of groups through the <command>
+		setgrent()</command>, <command>getgrent()</command> and 
+		<command>endgrent()</command> group of system calls.  If 
+		the <parameter>winbind enum groups</parameter> parameter is 
+		false, calls to the <command>getgrent()</command> system 
+		call will not return any data. </para>
+
+		<para><emphasis>Warning:</emphasis> Turning off group 
+		enumeration may cause some programs to behave oddly. 
+		</para>
+
+		<para>Default: <command>winbind enum groups = no </command>
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>template homedir</term>
+		<listitem><para>When filling out the user information 
+		for a Windows NT user, the <command>winbindd</command> daemon 
+		uses this parameter to fill in the home directory for that user.  
+		If the string <parameter>%D</parameter> is present it is 
+		substituted with the user's Windows NT domain name.  If the 
+		string <parameter>%U</parameter> is present it is substituted
+		with the user's Windows NT user name. </para>
+
+		<para>Default: <command>template homedir = /home/%D/%U </command>
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>template shell</term>
+		<listitem><para>When filling out the user information for 
+ 		a Windows NT user, the <command>winbindd</command> daemon 
+		uses this parameter to fill in the shell for that user. 
+		</para>
+
+		<para>Default: <command>template shell = /bin/false </command>
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>EXAMPLE SETUP</title>
+
+	<para>To setup winbindd for user and group lookups plus 
+	authentication from a domain controller use something like the 
+	following setup. This was tested on a RedHat 6.2 Linux box. </para>
+
+	<para>In <filename>/etc/nsswitch.conf</filename> put the 
+	following:</para>
+
+	<para><programlisting>
+passwd:     files winbind
+group:      files winbind
+	</programlisting></para>  
+
+	<para>In <filename>/etc/pam.d/*</filename> replace the 
+	<parameter>auth</parameter> lines with something like this: </para>
+
+ 
+	<para><programlisting>
+auth       required	/lib/security/pam_securetty.so
+auth       required	/lib/security/pam_nologin.so
+auth       sufficient	/lib/security/pam_winbind.so
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+	</programlisting></para>
+  
+
+	<para>Note in particular the use of the <parameter>sufficient</parameter> 
+	keyword and the <parameter>use_first_pass</parameter> keyword. </para>
+
+	<para>Now replace the account lines with this: </para> 
+	
+	<para><command>account    required	/lib/security/pam_winbind.so
+	</command></para>
+ 
+  	<para>The next step is to join the domain. To do that use the 
+	<command>smbpasswd</command> program like this:  </para>
+ 
+	<para><command>smbpasswd -j DOMAIN -r PDC -U
+	Administrator</command></para>
+ 
+	<para>The username after the <parameter>-U</parameter> can be any
+	Domain user that has administrator privileges on the machine.
+	Substitute your domain name for "DOMAIN" and the name of your PDC
+	for "PDC".</para>
+
+	<para>Next copy <filename>libnss_winbind.so</filename> to 
+	<filename>/lib</filename> and <filename>pam_winbind.so</filename>
+	to <filename>/lib/security</filename>.  A symbolic link needs to be
+	made from <filename>/lib/libnss_winbind.so</filename> to
+	<filename>/lib/libnss_winbind.so.2</filename>.  If you are using an
+	older version of glibc then the target of the link should be
+	<filename>/lib/libnss_winbind.so.1</filename>.</para>
+
+	<para>Finally, setup a <filename>smb.conf</filename> containing directives like the 
+	following:  </para> 
+
+	<para><programlisting>
+[global]
+	winbind separator = +
+        winbind cache time = 10
+        template shell = /bin/bash
+        template homedir = /home/%D/%U
+        winbind uid = 10000-20000
+        winbind gid = 10000-20000
+        workgroup = DOMAIN
+        security = domain
+        password server = *
+	</programlisting></para>
+  
+
+	<para>Now start winbindd and you should find that your user and 
+	group database is expanded to include your NT users and groups, 
+	and that you can login to your unix box as a domain user, using 
+	the DOMAIN+user syntax for the username. You may wish to use the 
+	commands <command>getent passwd</command> and <command>getent group
+	</command> to confirm the correct operation of winbindd.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>NOTES</title>
+
+	<para>The following notes are useful when configuring and 
+	running <command>winbindd</command>: </para>
+
+	<para><command>nmbd</command> must be running on the local machine 
+	for <command>winbindd</command> to work. <command>winbindd</command>
+	queries the list of trusted domains for the Windows NT server
+	on startup and when a SIGHUP is received.  Thus, for a running <command>
+	winbindd</command> to become aware of new trust relationships between 
+	servers, it must be sent a SIGHUP signal. </para>
+
+	<para>Client processes resolving names through the <command>winbindd</command>
+	nsswitch module read an environment variable named <envar>
+	$WINBINDD_DOMAIN</envar>.  If this variable contains a comma separated
+	list of Windows NT domain names, then winbindd will only resolve users
+	and groups within those Windows NT domains. </para>
+
+	<para>PAM is really easy to misconfigure.  Make sure you know what 
+	you are doing when modifying PAM configuration files.  It is possible 
+	to set up PAM such that you can no longer log into your system. </para>
+	
+	<para>If more than one UNIX machine is running <command>winbindd</command>, 
+	then in general the user and groups ids allocated by winbindd will not 
+	be the same.  The user and group ids will only be valid for the local 
+	machine.</para>
+
+	<para>If the the Windows NT RID to UNIX user and group id mapping 
+	file is damaged or destroyed then the mappings will be lost. </para>
+</refsect1>
+
+
+<refsect1>
+	<title>SIGNALS</title>
+
+	<para>The following signals can be used to manipulate the 
+	<command>winbindd</command> daemon. </para>
+
+	<variablelist>
+		<varlistentry>
+		<term>SIGHUP</term>
+		<listitem><para>Reload the <filename>smb.conf(5)</filename>
+		file and apply any parameter changes to the running 
+		version of winbindd.  This signal also clears any cached 
+		user and group information.  The list of other domains trusted 
+		by winbindd is also reloaded.  </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>SIGUSR1</term>
+		<listitem><para>The SIGUSR1 signal will cause <command>
+		winbindd</command> to write status information to the winbind 
+		log file including information about the number of user and 
+		group ids allocated by <command>winbindd</command>.</para>
+
+		<para>Log files are stored in the filename specified by the 
+		log file parameter.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>FILES</title>
+
+	<variablelist>
+		<varlistentry>
+		<term><filename>/etc/nsswitch.conf(5)</filename></term>
+		<listitem><para>Name service switch configuration file.</para>
+		</listitem>
+		</varlistentry>
+	
+		<varlistentry>
+		<term>/tmp/.winbindd/pipe</term>
+		<listitem><para>The UNIX pipe over which clients communicate with 
+		the <command>winbindd</command> program.  For security reasons, the 
+		winbind client will only attempt to connect to the winbindd daemon 
+		if both the <filename>/tmp/.winbindd</filename> directory
+		and <filename>/tmp/.winbindd/pipe</filename> file are owned by 
+		root. </para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>/lib/libnss_winbind.so.X</term>
+		<listitem><para>Implementation of name service switch library.
+		</para></listitem>
+		</varlistentry>
+	
+		<varlistentry>
+		<term>$LOCKDIR/winbindd_idmap.tdb</term>
+		<listitem><para>Storage for the Windows NT rid to UNIX user/group 
+		id mapping.  The lock directory is specified when Samba is initially 
+		compiled using the <parameter>--with-lockdir</parameter> option.
+		This directory is by default <filename>/usr/local/samba/var/locks
+		</filename>. </para></listitem>
+		</varlistentry>
+	
+		<varlistentry>
+		<term>$LOCKDIR/winbindd_cache.tdb</term>
+		<listitem><para>Storage for cached user and group information.
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 2.2 of
+        the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	
+	<para><filename>nsswitch.conf(5)</filename>,
+	<ulink url="samba.7.html">samba(7)</ulink>,
+	<ulink url="wbinfo.1.html">wbinfo(1)</ulink>,
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink></para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para><command>wbinfo</command> and <command>winbindd</command>
+	were written by Tim Potter.</para>
+	
+	<para>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/projdoc/CVS-Access.sgml b/docs/docbook/projdoc/CVS-Access.sgml
new file mode 100755
index 00000000000..98ef925f20f
--- /dev/null
+++ b/docs/docbook/projdoc/CVS-Access.sgml
@@ -0,0 +1,157 @@
+<chapter id="cvs-access">
+
+
+<chapterinfo>
+	<author>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate> (22 May 2001) </pubdate>
+</chapterinfo>
+
+<title>HOWTO Access Samba source code via CVS</title>
+
+<sect1>
+<title>Introduction</title>
+
+<para>
+Samba is developed in an open environment.  Developers use CVS
+(Concurrent Versioning System) to "checkin" (also known as 
+"commit") new source code.  Samba's various CVS branches can
+be accessed via anonymous CVS using the instructions
+detailed in this chapter.
+</para>
+
+<para>
+This document is a modified version of the instructions found at
+<ulink url="http://samba.org/samba/cvs.html">http://samba.org/samba/cvs.html</ulink>
+</para>
+
+</sect1>
+
+
+<sect1>
+<title>CVS Access to samba.org</title>
+
+<para>
+The machine samba.org runs a publicly accessible CVS 
+repository for access to the source code of several packages, 
+including samba, rsync and jitterbug. There are two main ways of 
+accessing the CVS server on this host.
+</para>
+
+<sect2>
+<title>Access via CVSweb</title>
+
+<para>
+You can access the source code via your 
+favourite WWW browser. This allows you to access the contents of 
+individual files in the repository and also to look at the revision 
+history and commit logs of individual files. You can also ask for a diff 
+listing between any two versions on the repository.
+</para>
+
+<para>
+Use the URL : <ulink
+url="http://samba.org/cgi-bin/cvsweb">http://samba.org/cgi-bin/cvsweb</ulink>
+</para>
+</sect2>
+
+<sect2>
+<title>Access via cvs</title>
+
+<para>
+You can also access the source code via a 
+normal cvs client.  This gives you much more control over you can 
+do with the repository and allows you to checkout whole source trees 
+and keep them up to date via normal cvs commands. This is the 
+preferred method of access if you are a developer and not
+just a casual browser.
+</para>
+
+<para>
+To download the latest cvs source code, point your
+browser at the URL : <ulink url="http://www.cyclic.com/">http://www.cyclic.com/</ulink>.
+and click on the 'How to get cvs' link. CVS is free software under 
+the GNU GPL (as is Samba).  Note that there are several graphical CVS clients
+which provide a graphical interface to the sometimes mundane CVS commands.
+Links to theses clients are also available from http://www.cyclic.com.
+</para>
+
+<para>
+To gain access via anonymous cvs use the following steps. 
+For this example it is assumed that you want a copy of the 
+samba source code. For the other source code repositories 
+on this system just substitute the correct package name
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	Install a recent copy of cvs. All you really need is a 
+	copy of the cvs client binary. 
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	Run the command 
+	</para>
+
+	<para>
+	<command>cvs -d :pserver:cvs@samba.org:/cvsroot login</command>
+	</para>
+	
+	<para>
+	When it asks you for a password type <userinput>cvs</userinput>.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	Run the command 
+	</para>
+	
+	<para>
+	<command>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</command>
+	</para>
+	
+	<para>
+	This will create a directory called samba containing the 
+	latest samba source code (i.e. the HEAD tagged cvs branch). This 
+	currently corresponds to the 3.0 development tree. 
+	</para>
+	
+	<para>
+	CVS branches other HEAD can be obtained by using the <parameter>-r</parameter>
+	and defining a tag name.  A list of branch tag names can be found on the
+	"Development" page of the samba web site.  A common request is to obtain the
+	latest 2.2 release code.  This could be done by using the following command.
+	</para>
+	
+	<para>
+	<command>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</command>
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	Whenever you want to merge in the latest code changes use 
+	the following command from within the samba directory: 
+	</para>
+	
+	<para>
+	<command>cvs update -d -P</command>
+	</para>
+</listitem>
+</orderedlist>
+	
+</sect2>
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
new file mode 100755
index 00000000000..6d0b36eafcc
--- /dev/null
+++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
@@ -0,0 +1,224 @@
+<chapter id="domain-security">
+
+<chapterinfo>
+	<author>
+		<firstname>Jeremy</firstname><surname>Allison</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address>
+				<email>samba@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	<author>
+		<firstname>Jerry</firstname><surname>Carter</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address>
+				<email>jerry@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate>16 Apr 2001</pubdate>
+</chapterinfo>
+
+
+<title>security = domain in Samba 2.x</title>
+
+<sect1>
+
+	<title>Joining an NT Domain with Samba 2.2</title>
+
+	<para>Assume you have a Samba 2.x server with a NetBIOS name of 
+	<constant>SERV1</constant> and are joining an NT domain called
+	<constant>DOM</constant>, which has a PDC with a NetBIOS name
+	of <constant>DOMPDC</constant> and two backup domain controllers 
+	with NetBIOS names <constant>DOMBDC1</constant> and <constant>DOMBDC2
+	</constant>.</para>
+
+	<para>In order to join the domain, first stop all Samba daemons 
+	and run the command:</para>
+
+	<para><prompt>root# </prompt><userinput>smbpasswd -j DOM -r DOMPDC
+	-U<replaceable>Administrator%password</replaceable></userinput></para>
+
+	<para>as we are joining the domain DOM and the PDC for that domain 
+	(the only machine that has write access to the domain SAM database) 
+	is DOMPDC. The <replaceable>Administrator%password</replaceable> is 
+	the login name and password for an account which has the necessary 
+	privilege to add machines to the domain.  If this is successful 
+	you will see the message:</para>
+
+	<para><computeroutput>smbpasswd: Joined domain DOM.</computeroutput>
+	</para>
+
+	<para>in your terminal window. See the <ulink url="smbpasswd.8.html">
+	smbpasswd(8)</ulink> man page for more details.</para>
+	
+	<para>There is existing development code to join a domain
+	without having to create the machine trust account on the PDC
+	beforehand.  This code will hopefully be available soon
+	in release branches as well.</para>
+
+	<para>This command goes through the machine account password 
+	change protocol, then writes the new (random) machine account 
+	password for this Samba server into a file in the same directory 
+	in which an smbpasswd file would be stored - normally :</para>
+
+	<para><filename>/usr/local/samba/private</filename></para>
+
+	<para>In Samba 2.0.x, the filename looks like this:</para>
+
+	<para><filename><replaceable>&lt;NT DOMAIN NAME&gt;</replaceable>.<replaceable>&lt;Samba 
+	Server Name&gt;</replaceable>.mac</filename></para>
+	
+	<para>The <filename>.mac</filename> suffix stands for machine account 
+	password file. So in our example above, the file would be called:</para>
+
+	<para><filename>DOM.SERV1.mac</filename></para>
+
+	<para>In Samba 2.2, this file has been replaced with a TDB 
+	(Trivial Database) file named <filename>secrets.tdb</filename>.
+	</para>
+
+
+	<para>This file is created and owned by root and is not 
+	readable by any other user. It is the key to the domain-level 
+	security for your system, and should be treated as carefully 
+	as a shadow password file.</para>
+
+	<para>Now, before restarting the Samba daemons you must 
+	edit your <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename>
+	</ulink> file to tell Samba it should now use domain security.</para>
+	
+	<para>Change (or add) your <ulink url="smb.conf.5.html#SECURITY">
+	<parameter>security =</parameter></ulink> line in the [global] section 
+	of your smb.conf to read:</para>
+
+	<para><command>security = domain</command></para>
+
+	<para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter>
+	workgroup =</parameter></ulink> line in the [global] section to read: </para>
+
+	<para><command>workgroup = DOM</command></para>
+
+	<para>as this is the name of the domain we are joining. </para>
+
+	<para>You must also have the parameter <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">
+	<parameter>encrypt passwords</parameter></ulink> set to <constant>yes
+	</constant> in order for your users to authenticate to the NT PDC.</para>
+
+	<para>Finally, add (or modify) a <ulink url="smb.conf.5.html#PASSWORDSERVER">
+	<parameter>password server =</parameter></ulink> line in the [global]
+	section to read: </para>
+
+	<para><command>password server = DOMPDC DOMBDC1 DOMBDC2</command></para>
+
+	<para>These are the primary and backup domain controllers Samba 
+	will attempt to contact in order to authenticate users. Samba will 
+	try to contact each of these servers in order, so you may want to 
+	rearrange this list in order to spread out the authentication load 
+	among domain controllers.</para>
+
+	<para>Alternatively, if you want smbd to automatically determine 
+	the list of Domain controllers to use for authentication, you may 
+	set this line to be :</para>
+
+	<para><command>password server = *</command></para>
+
+	<para>This method, which was introduced in Samba 2.0.6, 
+	allows Samba to use exactly the same mechanism that NT does. This 
+	method either broadcasts or uses a WINS database in order to
+	find domain controllers to authenticate against.</para>
+
+	<para>Finally, restart your Samba daemons and get ready for 
+	clients to begin using domain security!</para>
+</sect1>
+
+<sect1>
+<title>Samba and Windows 2000 Domains</title>
+
+<para>
+Many people have asked regarding the state of Samba's ability to participate in
+a Windows 2000 Domain.  Samba 2.2 is able to act as a member server of a Windows
+2000 domain operating in mixed or native mode.
+</para>
+
+<para>
+There is much confusion between the circumstances that require a "mixed" mode
+Win2k DC and a when this host can be switched to "native" mode.  A "mixed" mode
+Win2k domain controller is only needed if Windows NT BDCs must exist in the same
+domain.  By default, a Win2k DC in "native" mode will still support
+NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and 
+NT 4.0.  Samba has the same requirements as a Windows NT 4.0 member server.
+</para>
+
+<para>
+The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
+for adding a Samba server to a Windows NT 4.0 domain. The only exception is that 
+the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and 
+Computers" MMC (Microsoft Management Console) plugin.
+</para>
+
+</sect1>
+
+
+<sect1>
+	<title>Why is this better than security = server?</title>
+
+	<para>Currently, domain security in Samba doesn't free you from 
+	having to create local Unix users to represent the users attaching 
+	to your server. This means that if domain user <constant>DOM\fred
+	</constant> attaches to your domain security Samba server, there needs 
+	to be a local Unix user fred to represent that user in the Unix 
+	filesystem. This is very similar to the older Samba security mode 
+	<ulink url="smb.conf.5.html#SECURITYEQUALSSERVER">security = server</ulink>, 
+	where Samba would pass through the authentication request to a Windows 
+	NT server in the same way as a Windows 95 or Windows 98 server would.
+	</para>
+	
+	<para>Please refer to the <ulink url="winbind.html">Winbind 
+	paper</ulink> for information on a system to automatically
+	assign UNIX uids and gids to Windows NT Domain users and groups.
+	This code is available in development branches only at the moment,
+	but will be moved to release branches soon.</para>
+
+	<para>The advantage to domain-level security is that the 
+	authentication in domain-level security is passed down the authenticated 
+	RPC channel in exactly the same way that an NT server would do it. This 
+	means Samba servers now participate in domain trust relationships in 
+	exactly the same way NT servers do (i.e., you can add Samba servers into 
+	a resource domain and have the authentication passed on from a resource
+	domain PDC to an account domain PDC.</para>
+
+	<para>In addition, with <command>security = server</command> every Samba 
+	daemon on a server has to keep a connection open to the 
+	authenticating server for as long as that daemon lasts. This can drain 
+	the connection resources on a Microsoft NT server and cause it to run 
+	out of available connections. With <command>security = domain</command>, 
+	however, the Samba daemons connect to the PDC/BDC only for as long 
+	as is necessary to authenticate the user, and then drop the connection, 
+	thus conserving PDC connection resources.</para>
+
+	<para>And finally, acting in the same manner as an NT server 
+	authenticating to a PDC means that as part of the authentication 
+	reply, the Samba server gets the user identification information such 
+	as the user SID, the list of NT groups the user belongs to, etc. All 
+	this information will allow Samba to be extended in the future into 
+	a mode the developers currently call appliance mode. In this mode, 
+	no local Unix users will be necessary, and Samba will generate Unix 
+	uids and gids from the information passed back from the PDC when a 
+	user is authenticated, making a Samba server truly plug and play 
+	in an NT domain environment. Watch for this code soon.</para>
+
+	<para><emphasis>NOTE:</emphasis> Much of the text of this document 
+	was first published in the Web magazine <ulink url="http://www.linuxworld.com"> 	
+	LinuxWorld</ulink> as the article <ulink
+	url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html">Doing 
+	the NIS/NT Samba</ulink>.</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml
new file mode 100755
index 00000000000..6a26dbeffac
--- /dev/null
+++ b/docs/docbook/projdoc/ENCRYPTION.sgml
@@ -0,0 +1,378 @@
+<chapter id="pwencrypt">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Jeremy</firstname><surname>Allison</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address>
+				<email>samba@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+
+	<pubdate>19 Apr 1999</pubdate>
+</chapterinfo>
+	
+<title>LanMan and NT Password Encryption in Samba 2.x</title>
+
+
+<sect1>
+	<title>Introduction</title>
+	
+	<para>With the development of LanManager and Windows NT 
+	compatible password encryption for Samba, it is now able 
+	to validate user connections in exactly the same way as 
+	a LanManager or Windows NT server.</para>
+
+	<para>This document describes how the SMB password encryption 
+	algorithm works and what issues there are in choosing whether 
+	you want to use it. You should read it carefully, especially 
+	the part about security and the "PROS and CONS" section.</para>
+	
+</sect1>
+
+<sect1>
+	<title>How does it work?</title>
+
+	<para>LanManager encryption is somewhat similar to UNIX 
+	password encryption. The server uses a file containing a 
+	hashed value of a user's password.  This is created by taking 
+	the user's plaintext password, capitalising it, and either 
+	truncating to 14 bytes or padding to 14 bytes with null bytes. 
+	This 14 byte value is used as two 56 bit DES keys to encrypt 
+	a 'magic' eight byte value, forming a 16 byte value which is 
+	stored by the server and client. Let this value be known as 
+	the "hashed password".</para>
+	
+	<para>Windows NT encryption is a higher quality mechanism, 
+	consisting of doing an MD4 hash on a Unicode version of the user's 
+	password. This also produces a 16 byte hash value that is 
+	non-reversible.</para>
+
+	<para>When a client (LanManager, Windows for WorkGroups, Windows 
+	95 or Windows NT) wishes to mount a Samba drive (or use a Samba 
+	resource), it first requests a connection and negotiates the 
+	protocol that the client and server will use. In the reply to this 
+	request the Samba server generates and appends an 8 byte, random 
+	value - this is stored in the Samba server after the reply is sent 
+	and is known as the "challenge".  The challenge is different for 
+	every client connection.</para>
+
+	<para>The client then uses the hashed password (16 byte values 
+	described above), appended with 5 null bytes, as three 56 bit 
+	DES keys, each of which is used to encrypt the challenge 8 byte 
+	value, forming a 24 byte value known as the "response".</para>
+
+	<para>In the SMB call SMBsessionsetupX (when user level security 
+	is selected) or the call SMBtconX (when share level security is 
+	selected), the 24 byte response is returned by the client to the 
+	Samba server.  For Windows NT protocol levels the above calculation 
+	is done on both hashes of the user's password and both responses are 
+	returned in the SMB call, giving two 24 byte values.</para>
+
+	<para>The Samba server then reproduces the above calculation, using 
+	its own stored value of the 16 byte hashed password (read from the 
+	<filename>smbpasswd</filename> file - described later) and the challenge 
+	value that it kept from the negotiate protocol reply. It then checks 
+	to see if the 24 byte value it calculates matches the 24 byte value 
+	returned to it from the client.</para>
+
+	<para>If these values match exactly, then the client knew the 
+	correct password (or the 16 byte hashed value - see security note 
+	below) and is thus allowed access. If not, then the client did not 
+	know the correct password and is denied access.</para>
+
+	<para>Note that the Samba server never knows or stores the cleartext 
+	of the user's password - just the 16 byte hashed values derived from 
+	it. Also note that the cleartext password or 16 byte hashed values 
+	are never transmitted over the network - thus increasing security.</para>
+</sect1>
+
+<sect1>
+	<title>Important Notes About Security</title>
+	
+	<para>The unix and SMB password encryption techniques seem similar 
+	on the surface. This similarity is, however, only skin deep. The unix 
+	scheme typically sends clear text passwords over the network when 
+	logging in. This is bad. The SMB encryption scheme never sends the 
+	cleartext password over the network but it does store the 16 byte 
+	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
+	values are a "password equivalent". You cannot derive the user's 
+	password from them, but they could potentially be used in a modified 
+	client to gain access to a server. This would require considerable 
+	technical knowledge on behalf of the attacker but is perfectly possible. 
+	You should thus treat the smbpasswd file as though it contained the 
+	cleartext passwords of all your users. Its contents must be kept 
+	secret, and the file should be protected accordingly.</para>
+	
+	<para>Ideally we would like a password scheme which neither requires 
+	plain text passwords on the net or on disk. Unfortunately this 
+	is not available as Samba is stuck with being compatible with 
+	other SMB systems (WinNT, WfWg, Win95 etc). </para>
+
+	<warning>
+		<para>Note that Windows NT 4.0 Service pack 3 changed the 
+		default for permissible authentication so that plaintext 
+		passwords are <emphasis>never</emphasis> sent over the wire. 
+		The solution to this is either to switch to encrypted passwords 
+		with Samba or edit the Windows NT registry to re-enable plaintext 
+		passwords. See the document WinNT.txt for details on how to do 
+		this.</para>
+		
+		<para>Other Microsoft operating systems which also exhibit 
+		this behavior includes</para>
+		
+		<itemizedlist>
+			<listitem><para>MS DOS Network client 3.0 with 
+			the basic network redirector installed</para></listitem>
+			
+			<listitem><para>Windows 95 with the network redirector 
+			update installed</para></listitem>
+			
+			<listitem><para>Windows 98 [se]</para></listitem>
+			
+			<listitem><para>Windows 2000</para></listitem>
+		</itemizedlist>
+		
+		<para><emphasis>Note :</emphasis>All current release of 
+		Microsoft SMB/CIFS clients support authentication via the
+		SMB Challenge/Response mechanism described here.  Enabling
+		clear text authentication does not disable the ability
+		of the client to participate in encrypted authentication.</para>
+	</warning>
+
+	<sect2>
+		<title>Advantages of SMB Encryption</title>
+
+		<itemizedlist>
+			<listitem><para>plain text passwords are not passed across 
+			the network. Someone using a network sniffer cannot just 
+			record passwords going to the SMB server.</para>
+			</listitem>
+		 
+			<listitem><para>WinNT doesn't like talking to a server 
+			that isn't using SMB encrypted passwords. It will refuse 
+			to browse the server if the server is also in user level 
+			security mode. It will insist on prompting the user for the 
+			password on each connection, which is very annoying. The
+			only things you can do to stop this is to use SMB encryption.
+			</para></listitem>
+		</itemizedlist>
+	</sect2>
+
+
+	<sect2>
+		<title>Advantages of non-encrypted passwords</title>
+
+		<itemizedlist>
+			<listitem><para>plain text passwords are not kept 
+			on disk. </para></listitem>
+			
+			<listitem><para>uses same password file as other unix 
+			services such as login and ftp</para></listitem>
+			
+			<listitem><para>you are probably already using other 
+			services (such as telnet and ftp) which send plain text 
+			passwords over the net, so sending them for SMB isn't 
+			such a big deal.</para></listitem>
+		</itemizedlist>
+	</sect2>
+</sect1>
+
+
+<sect1>
+	<title><anchor id="SMBPASSWDFILEFORMAT">The smbpasswd file</title>
+	
+	<para>In order for Samba to participate in the above protocol 
+	it must be able to look up the 16 byte hashed values given a user name.
+	Unfortunately, as the UNIX password value is also a one way hash
+	function (ie. it is impossible to retrieve the cleartext of the user's
+	password given the UNIX hash of it), a separate password file
+	containing this 16 byte value must be kept. To minimise problems with
+	these two password files, getting out of sync, the UNIX <filename>
+	/etc/passwd</filename> and the <filename>smbpasswd</filename> file, 
+	a utility, <command>mksmbpasswd.sh</command>, is provided to generate
+	a smbpasswd file from a UNIX <filename>/etc/passwd</filename> file.
+	</para
+
+
+	<para>To generate the smbpasswd file from your <filename>/etc/passwd
+	</filename> file use the following command :</para>
+	
+	<para><prompt>$ </prompt><userinput>cat /etc/passwd | mksmbpasswd.sh
+	&gt; /usr/local/samba/private/smbpasswd</userinput></para>
+	
+	<para>If you are running on a system that uses NIS, use</para>
+
+	<para><prompt>$ </prompt><userinput>ypcat passwd | mksmbpasswd.sh
+	&gt; /usr/local/samba/private/smbpasswd</userinput></para>
+	
+	<para>The <command>mksmbpasswd.sh</command> program is found in 
+	the Samba source directory. By default, the smbpasswd file is 
+	stored in :</para>
+
+	<para><filename>/usr/local/samba/private/smbpasswd</filename></para>
+
+	<para>The owner of the <filename>/usr/local/samba/private/</filename> 
+	directory should be set to root, and the permissions on it should 
+	be set to 0500 (<command>chmod 500 /usr/local/samba/private</command>).
+	</para>
+
+	<para>Likewise, the smbpasswd file inside the private directory should 
+	be owned by root and the permissions on is should be set to 0600
+	(<command>chmod 600 smbpasswd</command>).</para>
+
+
+	<para>The format of the smbpasswd file is (The line has been 
+	wrapped here. It should appear as one entry per line in 
+	your smbpasswd file.)</para>
+	
+	<para><programlisting>
+username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+	[Account type]:LCT-&lt;last-change-time&gt;:Long name
+	</programlisting></para>
+	
+	<para>Although only the <replaceable>username</replaceable>, 
+	<replaceable>uid</replaceable>, <replaceable>
+	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</replaceable>,
+	[<replaceable>Account type</replaceable>] and <replaceable>
+	last-change-time</replaceable> sections are significant 
+	and are looked at in the Samba code.</para>
+
+	<para>It is <emphasis>VITALLY</emphasis> important that there by 32 
+	'X' characters between the two ':' characters in the XXX sections - 
+	the smbpasswd and Samba code will fail to validate any entries that 
+	do not have 32 characters  between ':' characters. The first XXX 
+	section is for the Lanman password hash, the second is for the 
+	Windows NT version.</para>
+
+	<para>When the password file is created all users have password entries
+	consisting of 32 'X' characters. By default this disallows any access
+	as this user. When a user has a password set, the 'X' characters change
+	to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii
+	representation of the 16 byte hashed value of a user's password.</para>
+
+	<para>To set a user to have no password (not recommended), edit the file
+	using vi, and replace the first 11 characters with the ascii text
+	<constant>"NO PASSWORD"</constant> (minus the quotes).</para>
+
+	<para>For example, to clear the password for user bob, his smbpasswd file 
+	entry would look like :</para>
+
+	<para><programlisting>
+	bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
+	</programlisting></para>
+	
+	<para>If you are allowing users to use the smbpasswd command to set 
+	their own passwords, you may want to give users NO PASSWORD initially 
+	so they do not have to enter a previous password when changing to their 
+	new password (not recommended). In order for you to allow this the
+	<command>smbpasswd</command> program must be able to connect to the 
+	<command>smbd</command> daemon as that user with no password. Enable this 
+	by adding the line :</para>
+
+	<para><command>null passwords = yes</command></para>
+	
+	<para>to the [global] section of the smb.conf file (this is why 
+	the above scenario is not recommended). Preferably, allocate your
+	users a default password to begin with, so you do not have
+	to enable this on your server.</para>
+
+	<para><emphasis>Note : </emphasis>This file should be protected very 
+	carefully. Anyone with access to this file can (with enough knowledge of 
+	the protocols) gain access to your SMB server. The file is thus more 
+	sensitive than a normal unix <filename>/etc/passwd</filename> file.</para>
+</sect1>
+
+
+<sect1>
+	<title>The smbpasswd Command</title>
+	
+	<para>The smbpasswd command maintains the two 32 byte password fields 
+	in the smbpasswd file. If you wish to make it similar to the unix 
+	<command>passwd</command> or <command>yppasswd</command> programs, 
+	install it in <filename>/usr/local/samba/bin/</filename> (or your 
+	main Samba binary directory).</para>
+
+	<para>Note that as of Samba 1.9.18p4 this program <emphasis>MUST NOT 
+	BE INSTALLED</emphasis> setuid root (the new <command>smbpasswd</command> 
+	code enforces this restriction so it cannot be run this way by 
+	accident).</para>
+
+	<para><command>smbpasswd</command> now works in a client-server mode 
+	where it contacts the local smbd to change the user's password on its 
+	behalf. This has enormous benefits - as follows.</para>
+
+	<itemizedlist>
+		<listitem><para>smbpasswd no longer has to be setuid root - 
+		an enormous range of potential security problems is 
+		eliminated.</para></listitem>
+		
+		<listitem><para><command>smbpasswd</command> now has the capability 
+		to change passwords on Windows NT servers (this only works when 
+		the request is sent to the NT Primary Domain Controller if you 
+		are changing an NT Domain user's password).</para></listitem>
+	</itemizedlist>
+	
+	<para>To run smbpasswd as a normal user just type :</para>
+	
+	<para><prompt>$ </prompt><userinput>smbpasswd</userinput></para>
+	<para><prompt>Old SMB password: </prompt><userinput>&lt;type old value here - 
+	or hit return if there was no old password&gt;</userinput></para>
+	<para><prompt>New SMB Password: </prompt><userinput>&lt;type new value&gt;
+	</userinput></para>
+	<para><prompt>Repeat New SMB Password: </prompt><userinput>&lt;re-type new value
+	</userinput></para>
+	
+	<para>If the old value does not match the current value stored for 
+	that user, or the two new values do not match each other, then the 
+	password will not be changed.</para>
+	
+	<para>If invoked by an ordinary user it will only allow the user 
+	to change his or her own Samba password.</para>
+	
+	<para>If run by the root user smbpasswd may take an optional 
+	argument, specifying the user name whose SMB password you wish to 
+	change.  Note that when run as root smbpasswd does not prompt for 
+	or check the old password value, thus allowing root to set passwords 
+	for users who have forgotten their passwords.</para>
+	
+	<para><command>smbpasswd</command> is designed to work in the same way 
+	and be familiar to UNIX users who use the <command>passwd</command> or 
+	<command>yppasswd</command> commands.</para>
+
+	<para>For more details on using <command>smbpasswd</command> refer 
+	to the man page which will always be the definitive reference.</para>
+</sect1>
+
+
+<sect1>
+	<title>Setting up Samba to support LanManager Encryption</title>
+
+	<para>This is a very brief description on how to setup samba to 
+	support password encryption. </para>
+	
+	<orderedlist numeration="Arabic">
+		<listitem><para>compile and install samba as usual</para>
+		</listitem>
+		
+		<listitem><para>enable encrypted passwords in <filename>
+		smb.conf</filename> by adding the line <command>encrypt 
+		passwords = yes</command> in the [global] section</para>
+		</listitem>
+		
+		<listitem><para>create the initial <filename>smbpasswd</filename>
+		password file in the place you specified in the Makefile 
+		(--prefix=&lt;dir&gt;). See the notes under the <link
+		linkend="SMBPASSWDFILEFORMAT">The smbpasswd File</link>
+		section earlier in the document for details.</para>
+		</listitem>
+	</orderedlist>
+	
+	<para>Note that you can test things using smbclient.</para> 
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml
new file mode 100755
index 00000000000..ceaece313ad
--- /dev/null
+++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml
@@ -0,0 +1,935 @@
+<chapter id="integrate-ms-networks">
+ 
+ 
+<chapterinfo>
+        <author>
+		<firstname>John</firstname><surname>Terpstra</surname>
+                <affiliation>
+                        <orgname>Samba Team</orgname>
+			<address>
+			<email>jht@samba.org</email>
+			</address>
+                </affiliation>
+        </author>
+ 
+ 
+        <pubdate> (Jan 01 2001) </pubdate>
+</chapterinfo>
+ 
+<title>Integrating MS Windows networks with Samba</title>
+ 
+<sect1>
+<title>Agenda</title>
+
+<para>
+To identify the key functional mechanisms of MS Windows networking 
+to enable the deployment of Samba as a means of extending and/or 
+replacing MS Windows NT/2000 technology.
+</para>
+
+<para>
+We will examine:
+</para>
+
+<orderedlist>
+	<listitem><para>Name resolution in a pure Unix/Linux TCP/IP 
+	environment
+	</para></listitem>
+
+	<listitem><para>Name resolution as used within MS Windows 
+	networking
+	</para></listitem>
+
+	<listitem><para>How browsing functions and how to deploy stable 
+	and dependable browsing using Samba
+	</para></listitem>
+	
+	<listitem><para>MS Windows security options and how to 
+	configure Samba for seemless integration
+	</para></listitem>
+
+	<listitem><para>Configuration of Samba as:</para>
+		<orderedlist>
+		<listitem><para>A stand-alone server</para></listitem>
+		<listitem><para>An MS Windows NT 3.x/4.0 security domain member
+		</para></listitem>
+		<listitem><para>An alternative to an MS Windows NT 3.x/4.0 Domain Controller
+		</para></listitem>
+		</orderedlist>
+	</listitem>
+</orderedlist>
+
+</sect1>
+
+
+<sect1>
+<title>Name Resolution in a pure Unix/Linux world</title>
+
+<para>
+The key configuration files covered in this section are:
+</para>
+
+<itemizedlist>
+	<listitem><para><filename>/etc/hosts</filename></para></listitem>
+	<listitem><para><filename>/etc/resolv.conf</filename></para></listitem>
+	<listitem><para><filename>/etc/host.conf</filename></para></listitem>
+	<listitem><para><filename>/etc/nsswitch.conf</filename></para></listitem>
+</itemizedlist>
+
+<sect2>
+<title><filename>/etc/hosts</filename></title>
+
+<para>
+Contains a static list of IP Addresses and names.
+eg:
+</para>
+<para><programlisting>
+	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box
+</programlisting></para>
+
+<para>
+The purpose of <filename>/etc/hosts</filename> is to provide a 
+name resolution mechanism so that uses do not need to remember 
+IP addresses.
+</para>
+
+
+<para>
+Network packets that are sent over the physical network transport 
+layer communicate not via IP addresses but rather using the Media 
+Access Control address, or MAC address. IP Addresses are currently 
+32 bits in length and are typically presented as four (4) decimal 
+numbers that are separated by a dot (or period). eg: 168.192.1.1
+</para>
+
+<para>
+MAC Addresses use 48 bits (or 6 bytes) and are typically represented 
+as two digit hexadecimal numbers separated by colons. eg: 
+40:8e:0a:12:34:56
+</para>
+
+<para>
+Every network interfrace must have an MAC address. Associated with 
+a MAC address there may be one or more IP addresses. There is NO 
+relationship between an IP address and a MAC address, all such assignments 
+are arbitary or discretionary in nature. At the most basic level all 
+network communications takes place using MAC addressing. Since MAC 
+addresses must be globally unique, and generally remains fixed for 
+any particular interface, the assignment of an IP address makes sense 
+from a network management perspective. More than one IP address can 
+be assigned per MAC address. One address must be the primary IP address, 
+this is the address that will be returned in the ARP reply.
+</para>
+
+<para>
+When a user or a process wants to communicate with another machine 
+the protocol implementation ensures that the "machine name" or "host 
+name" is resolved to an IP address in a manner that is controlled 
+by the TCP/IP configuration control files. The file 
+<filename>/etc/hosts</filename> is one such file.
+</para>
+
+<para>
+When the IP address of the destination interface has been 
+determined a protocol called ARP/RARP is used to identify 
+the MAC address of the target interface. ARP stands for Address 
+Resolution Protocol, and is a broadcast oriented method that 
+uses UDP (User Datagram Protocol) to send a request to all 
+interfaces on the local network segment using the all 1's MAC 
+address. Network interfaces are programmed to respond to two 
+MAC addresses only; their own unique address and the address 
+ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will 
+contain the MAC address and the primary IP address for each 
+interface.
+</para>
+
+<para>
+The <filename>/etc/hosts</filename> file is foundational to all 
+Unix/Linux TCP/IP installations and as a minumum will contain 
+the localhost and local network interface IP addresses and the 
+primary names by which they are known within the local machine. 
+This file helps to prime the pump so that a basic level of name 
+resolution can exist before any other method of name resolution 
+becomes available.
+</para>
+
+</sect2>
+
+
+<sect2>
+<title><filename>/etc/resolv.conf</filename></title>
+
+<para>
+This file tells the name resolution libraries:
+</para>
+
+<itemizedlist>
+	<listitem><para>The name of the domain to which the machine 
+	belongs
+	</para></listitem>
+	
+	<listitem><para>The name(s) of any domains that should be 
+	automatically searched when trying to resolve unqualified 
+	host names to their IP address
+	</para></listitem>
+	
+	<listitem><para>The name or IP address of available Domain 
+	Name Servers that may be asked to perform name to address 
+	translation lookups
+	</para></listitem>
+</itemizedlist>
+
+</sect2>
+
+
+<sect2>
+<title><filename>/etc/host.conf</filename></title>
+
+
+<para>
+<filename>/etc/host.conf</filename> is the primary means by 
+which the setting in /etc/resolv.conf may be affected. It is a 
+critical configuration file.  This file controls the order by 
+which name resolution may procede. The typical structure is:
+</para>
+
+<para><programlisting>
+	order hosts,bind
+	multi on
+</programlisting></para>
+
+<para>
+then both addresses should be returned. Please refer to the 
+man page for host.conf for further details.
+</para>
+
+
+</sect2>
+
+
+
+<sect2>
+<title><filename>/etc/nsswitch.conf</filename></title>
+
+<para>
+This file controls the actual name resolution targets. The 
+file typically has resolver object specifications as follows:
+</para>
+
+
+<para><programlisting>
+	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files
+</programlisting></para>
+
+<para>
+Of course, each of these mechanisms requires that the appropriate 
+facilities and/or services are correctly configured.
+</para>
+
+<para>
+It should be noted that unless a network request/message must be 
+sent, TCP/IP networks are silent. All TCP/IP communications assumes a 
+principal of speaking only when necessary.
+</para>
+
+<para>
+Samba version 2.2.0 will add Linux support for extensions to 
+the name service switch infrastructure so that linux clients will 
+be able to obtain resolution of MS Windows NetBIOS names to IP 
+Addresses. To gain this functionality Samba needs to be compiled 
+with appropriate arguments to the make command (ie: <command>make 
+nsswitch/libnss_wins.so</command>). The resulting library should 
+then be installed in the <filename>/lib</filename> directory and 
+the "wins" parameter needs to be added to the "hosts:" line in 
+the <filename>/etc/nsswitch.conf</filename> file. At this point it 
+will be possible to ping any MS Windows machine by it's NetBIOS 
+machine name, so long as that machine is within the workgroup to 
+which both the samba machine and the MS Windows machine belong.
+</para>
+
+</sect2>
+</sect1>
+
+
+<sect1>
+<title>Name resolution as used within MS Windows networking</title>
+
+<para>
+MS Windows networking is predicated about the name each machine 
+is given. This name is known variously (and inconsistently) as 
+the "computer name", "machine name", "networking name", "netbios name", 
+"SMB name". All terms mean the same thing with the exception of 
+"netbios name" which can apply also to the name of the workgroup or the 
+domain name. The terms "workgroup" and "domain" are really just a 
+simply name with which the machine is associated. All NetBIOS names 
+are exactly 16 characters in length. The 16th character is reserved. 
+It is used to store a one byte value that indicates service level 
+information for the NetBIOS name that is registered. A NetBIOS machine 
+name is therefore registered for each service type that is provided by 
+the client/server.
+</para>
+
+<para>
+The following are typical NetBIOS name/service type registrations:
+</para>
+
+<para><programlisting>
+	Unique NetBIOS Names:
+		MACHINENAME<00>	= Server Service is running on MACHINENAME
+		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
+		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
+		WORKGROUP<1b> = Domain Master Browser
+
+	Group Names:
+		WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
+		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
+		WORKGROUP<1d> = Local Master Browsers
+		WORKGROUP<1e> = Internet Name Resolvers
+</programlisting></para>
+
+<para>
+It should be noted that all NetBIOS machines register their own 
+names as per the above. This is in vast contrast to TCP/IP 
+installations where traditionally the system administrator will 
+determine in the /etc/hosts or in the DNS database what names 
+are associated with each IP address.
+</para>
+
+<para>
+One further point of clarification should be noted, the <filename>/etc/hosts</filename> 
+file and the DNS records do not provide the NetBIOS name type information 
+that MS Windows clients depend on to locate the type of service that may 
+be needed. An example of this is what happens when an MS Windows client 
+wants to locate a domain logon server. It find this service and the IP 
+address of a server that provides it by performing a lookup (via a 
+NetBIOS broadcast) for enumeration of all machines that have 
+registered the name type *<1c>. A logon request is then sent to each 
+IP address that is returned in the enumerated list of IP addresses. Which 
+ever machine first replies then ends up providing the logon services.
+</para>
+
+<para>
+The name "workgroup" or "domain" really can be confusing since these 
+have the added significance of indicating what is the security 
+architecture of the MS Windows network. The term "workgroup" indicates 
+that the primary nature of the network environment is that of a 
+peer-to-peer design. In a WORKGROUP all machines are responsible for 
+their own security, and generally such security is limited to use of 
+just a password (known as SHARE MODE security). In most situations 
+with peer-to-peer networking the users who control their own machines 
+will simply opt to have no security at all. It is possible to have 
+USER MODE security in a WORKGROUP environment, thus requiring use 
+of a user name and a matching password.
+</para>
+
+<para>
+MS Windows networking is thus predetermined to use machine names 
+for all local and remote machine message passing. The protocol used is 
+called Server Message Block (SMB) and this is implemented using 
+the NetBIOS protocol (Network Basic Input Output System). NetBIOS can 
+be encapsulated using LLC (Logical Link Control) protocol - in which case 
+the resulting protocol is called NetBEUI (Network Basic Extended User 
+Interface). NetBIOS can also be run over IPX (Internetworking Packet 
+Exchange) protocol as used by Novell NetWare, and it can be run 
+over TCP/IP protocols - in which case the resulting protocol is called 
+NBT or NetBT, the NetBIOS over TCP/IP.
+</para>
+
+<para>
+MS Windows machines use a complex array of name resolution mechanisms. 
+Since we are primarily concerned with TCP/IP this demonstration is 
+limited to this area.
+</para>
+
+<sect2>
+<title>The NetBIOS Name Cache</title>
+
+<para>
+All MS Windows machines employ an in memory buffer in which is 
+stored the NetBIOS names and IP addresses for all external 
+machines that that machine has communicated with over the 
+past 10-15 minutes. It is more efficient to obtain an IP address 
+for a machine from the local cache than it is to go through all the 
+configured name resolution mechanisms.
+</para>
+
+<para>
+If a machine whose name is in the local name cache has been shut 
+down before the name had been expired and flushed from the cache, then 
+an attempt to exchange a message with that machine will be subject 
+to time-out delays. i.e.: Its name is in the cache, so a name resolution 
+lookup will succeed, but the machine can not respond. This can be 
+frustrating for users - but it is a characteristic of the protocol.
+</para>
+
+<para>
+The MS Windows utility that allows examination of the NetBIOS 
+name cache is called "nbtstat". The Samba equivalent of this 
+is called "nmblookup".
+</para>
+
+</sect2>
+
+<sect2>
+<title>The LMHOSTS file</title>
+
+<para>
+This file is usually located in MS Windows NT 4.0 or 
+2000 in <filename>C:\WINNT\SYSTEM32\DRIVERS\ETC</filename> and contains 
+the IP Address and the machine name in matched pairs. The 
+<filename>LMHOSTS</filename> file performs NetBIOS name 
+to IP address mapping oriented.
+</para>
+
+<para>
+It typically looks like:
+</para>
+
+<para><programlisting>
+	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:&lt;domain&gt;
+	#      #INCLUDE &lt;filename&gt;
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:&lt;domain&gt;" tag will associate the
+	# entry with the domain specified by &lt;domain&gt;. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The &lt;domain&gt; is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE &lt;filename&gt;" will force the RFC NetBIOS (NBT)
+	# software to seek the specified &lt;filename&gt; and parse it as if it were
+	# local. &lt;filename&gt; is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.
+</programlisting></para>
+
+</sect2>
+
+<sect2>
+<title>HOSTS file</title>
+
+<para>
+This file is usually located in MS Windows NT 4.0 or 2000 in 
+<filename>C:\WINNT\SYSTEM32\DRIVERS\ETC</filename> and contains 
+the IP Address and the IP hostname in matched pairs. It can be 
+used by the name resolution infrastructure in MS Windows, depending 
+on how the TCP/IP environment is configured. This file is in 
+every way the equivalent of the Unix/Linux <filename>/etc/hosts</filename> file.
+</para>
+</sect2>
+
+
+<sect2>
+<title>DNS Lookup</title>
+
+<para>
+This capability is configured in the TCP/IP setup area in the network 
+configuration facility. If enabled an elaborate name resolution sequence 
+is followed the precise nature of which isdependant on what the NetBIOS 
+Node Type parameter is configured to. A Node Type of 0 means use 
+NetBIOS broadcast (over UDP broadcast) is first used if the name 
+that is the subject of a name lookup is not found in the NetBIOS name 
+cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to 
+Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the 
+WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast 
+lookup is used.
+</para>
+
+</sect2>
+
+<sect2>
+<title>WINS Lookup</title>
+
+<para>
+A WINS (Windows Internet Name Server) service is the equivaent of the 
+rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
+the names and IP addresses that are registered by a Windows client 
+if the TCP/IP setup has been given at least one WINS Server IP Address.
+</para>
+
+<para>
+To configure Samba to be a WINS server the following parameter needs 
+to be added to the <filename>smb.conf</filename> file:
+</para>
+
+<para><programlisting>
+	wins support = Yes
+</programlisting></para>
+
+<para>
+To configure Samba to use a WINS server the following parameters are 
+needed in the smb.conf file:
+</para>
+
+<para><programlisting>
+	wins support = No
+	wins server = xxx.xxx.xxx.xxx
+</programlisting></para>
+
+<para>
+where <replaceable>xxx.xxx.xxx.xxx</replaceable> is the IP address 
+of the WINS server.
+</para>
+
+</sect2>
+</sect1>
+
+
+<sect1>
+<title>How browsing functions and how to deploy stable and 
+dependable browsing using Samba</title>
+
+
+<para>
+As stated above, MS Windows machines register their NetBIOS names 
+(i.e.: the machine name for each service type in operation) on start 
+up. Also, as stated above, the exact method by which this name registration 
+takes place is determined by whether or not the MS Windows client/server 
+has been given a WINS server address, whether or not LMHOSTS lookup 
+is enabled, or if DNS for NetBIOS name resolution is enabled, etc.
+</para>
+
+<para>
+In the case where there is no WINS server all name registrations as 
+well as name lookups are done by UDP broadcast. This isolates name 
+resolution to the local subnet, unless LMHOSTS is used to list all 
+names and IP addresses. In such situations Samba provides a means by 
+which the samba server name may be forcibly injected into the browse 
+list of a remote MS Windows network (using the "remote announce" parameter).
+</para>
+
+<para>
+Where a WINS server is used, the MS Windows client will use UDP 
+unicast to register with the WINS server. Such packets can be routed 
+and thus WINS allows name resolution to function across routed networks.
+</para>
+
+<para>
+During the startup process an election will take place to create a 
+local master browser if one does not already exist. On each NetBIOS network 
+one machine will be elected to function as the domain master browser. This 
+domain browsing has nothing to do with MS security domain control. 
+Instead, the domain master browser serves the role of contacting each local 
+master browser (found by asking WINS or from LMHOSTS) and exchanging browse 
+list contents. This way every master browser will eventually obtain a complete 
+list of all machines that are on the network. Every 11-15 minutes an election 
+is held to determine which machine will be the master browser. By the nature of 
+the election criteria used, the machine with the highest uptime, or the 
+most senior protocol version, or other criteria, will win the election 
+as domain master browser.
+</para>
+
+<para>
+Clients wishing to browse the network make use of this list, but also depend 
+on the availability of correct name resolution to the respective IP 
+address/addresses. 
+</para>
+
+<para>
+Any configuration that breaks name resolution and/or browsing intrinsics 
+will annoy users because they will have to put up with protracted 
+inability to use the network services.
+</para>
+
+<para>
+Samba supports a feature that allows forced synchonisation 
+of browse lists across routed networks using the "remote 
+browse sync" parameter in the smb.conf file. This causes Samba 
+to contact the local master browser on a remote network and 
+to request browse list synchronisation. This effectively bridges 
+two networks that are separated by routers. The two remote 
+networks may use either broadcast based name resolution or WINS 
+based name resolution, but it should be noted that the "remote 
+browse sync" parameter provides browse list synchronisation - and 
+that is distinct from name to address resolution, in other 
+words, for cross subnet browsing to function correctly it is 
+essential that a name to address resolution mechanism be provided. 
+This mechanism could be via DNS, <filename>/etc/hosts</filename>, 
+and so on.
+</para>
+
+</sect1>
+
+<sect1>
+<title>MS Windows security options and how to configure 
+Samba for seemless integration</title>
+
+<para>
+MS Windows clients may use encrypted passwords as part of a 
+challenge/response authentication model (a.k.a. NTLMv1) or 
+alone, or clear text strings for simple password based 
+authentication. It should be realized that with the SMB 
+protocol the password is passed over the network either 
+in plain text or encrypted, but not both in the same 
+authentication requets.
+</para>
+
+<para>
+When encrypted passwords are used a password that has been 
+entered by the user is encrypted in two ways:
+</para>
+
+<itemizedlist>
+	<listitem><para>An MD4 hash of the UNICODE of the password
+	string.  This is known as the NT hash.
+	</para></listitem>
+
+	<listitem><para>The password is converted to upper case,
+	and then padded or trucated to 14 bytes.  This string is 
+	then appended with 5 bytes of NULL characters and split to
+	form two 56 bit DES keys to encrypt a "magic" 8 byte value.
+	The resulting 16 bytes for the LanMan hash.
+	</para></listitem>	
+</itemizedlist>
+
+<para>
+You should refer to the <ulink url="ENCRYPTION.html">
+Password Encryption</ulink> chapter in this HOWTO collection
+for more details on the inner workings
+</para>
+
+<para>
+MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x 
+and version 4.0 pre-service pack 3 will use either mode of 
+password authentication. All versions of MS Windows that follow 
+these versions no longer support plain text passwords by default.
+</para>
+
+<para>
+MS Windows clients have a habit of dropping network mappings that 
+have been idle for 10 minutes or longer. When the user attempts to 
+use the mapped drive connection that has been dropped, the client
+re-establishes the connection using 
+a cached copy of the password.
+</para>
+
+<para>
+When Microsoft changed the default password mode, they dropped support for 
+caching of the plain text password. This means that when the registry 
+parameter is changed to re-enable use of plain text passwords it appears to 
+work, but when a dropped mapping attempts to revalidate it will fail if 
+the remote authentication server does not support encrypted passwords. 
+This means that it is definitely not a good idea to re-enable plain text 
+password support in such clients.
+</para>
+
+<para>
+The following parameters can be used to work around the 
+issue of Windows 9x client upper casing usernames and
+password before transmitting them to the SMB server
+when using clear text authentication.
+</para>
+
+<para><programlisting>
+	<ulink url="smb.conf.5.html#PASSWORDLEVEL">passsword level</ulink> = <replaceable>integer</replaceable>
+	<ulink url="smb.conf.5.html#USERNAMELEVEL">username level</ulink> = <replaceable>integer</replaceable>
+</programlisting></para>
+
+<para>
+By default Samba will lower case the username before attempting
+to lookup the user in the database of local system accounts.
+Because UNIX usernames conventionally only contain lower case
+character, the <parameter>username level</parameter> parameter
+is rarely even needed.
+</para>
+
+<para>
+However, password on UNIX systems often make use of mixed case
+characters.  This means that in order for a user on a Windows 9x
+client to connect to a Samba server using clear text authentication,
+the <parameter>password level</parameter> must be set to the maximum
+number of upper case letter which <emphasis>could</emphasis> appear
+is a password.  Note that is the server OS uses the traditional
+DES version of crypt(), then a <parameter>password level</parameter>
+of 8 will result in case insensitive passwords as seen from Windows
+users.  This will also result in longer login times as Samba
+hash to compute the permutations of the password string and 
+try them one by one until a match is located (or all combinations fail).
+</para>
+
+<para>
+The best option to adopt is to enable support for encrypted passwords 
+where ever Samba is used. There are three configuration possibilities 
+for support of encrypted passwords:
+</para>
+
+
+<sect2>
+<title>Use MS Windows NT as an authentication server</title>
+
+<para>
+This method involves the additions of the following parameters 
+in the smb.conf file:
+</para>
+
+<para><programlisting>
+	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"
+</programlisting></para>
+
+
+<para>
+There are two ways of identifying whether or not a username and 
+password pair was valid or not. One uses the reply information provided 
+as part of the authentication messaging process, the other uses 
+just and error code.
+</para>
+
+<para>
+The down-side of this mode of configuration is the fact that 
+for security reasons Samba will send the password server a bogus 
+username and a bogus password and if the remote server fails to 
+reject the username and password pair then an alternative mode 
+of identification of validation is used. Where a site uses password 
+lock out after a certain number of failed authentication attempts 
+this will result in user lockouts.
+</para>
+
+<para>
+Use of this mode of authentication does require there to be 
+a standard Unix account for the user, this account can be blocked 
+to prevent logons by other than MS Windows clients.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Make Samba a member of an MS Windows NT security domain</title>
+
+<para>
+This method involves additon of the following paramters in the smb.conf file:
+</para>
+
+<para><programlisting>
+	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *
+</programlisting></para>
+
+<para>
+The use of the "*" argument to "password server" will cause samba 
+to locate the domain controller in a way analogous to the way 
+this is done within MS Windows NT.
+</para>
+
+<para>
+In order for this method to work the Samba server needs to join the 
+MS Windows NT security domain. This is done as follows:
+</para>
+
+<itemizedlist>
+	<listitem><para>On the MS Windows NT domain controller using 
+	the Server Manager add a machine account for the Samba server.
+	</para></listitem>
+	
+	<listitem><para>Next, on the Linux system execute: 
+	<command>smbpasswd -r PDC_NAME -j DOMAIN_NAME</command>
+	</para></listitem>
+</itemizedlist>
+
+<para>
+Use of this mode of authentication does require there to be 
+a standard Unix account for the user in order to assign
+a uid once the account has been authenticated by the remote
+Windows DC.  This account can be blocked to prevent logons by 
+other than MS Windows clients by things such as setting an invalid
+shell in the <filename>/etc/passwd</filename> entry.
+</para>
+
+<para>
+An alternative to assigning UIDs to Windows users on a 
+Samba member server is presented in the <ulink
+url="winbind.html">Winbind Overview</ulink> chapter in
+this HOWTO collection.
+</para>
+
+
+</sect2>
+
+
+<sect2>
+<title>Configure Samba as an authentication server</title>
+
+<para>
+This mode of authentication demands that there be on the 
+Unix/Linux system both a Unix style account as well as an 
+smbpasswd entry for the user. The Unix system account can be 
+locked if required as only the encrypted password will be 
+used for SMB client authentication.
+</para>
+
+<para>
+This method involves addition of the following parameters to 
+the smb.conf file:
+</para>
+
+<para><programlisting>
+## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes
+</programlisting></para>
+
+<para>
+in order for this method to work a Unix system account needs 
+to be created for each user, as well as for each MS Windows NT/2000 
+machine. The following structure is required.
+</para>
+
+<sect3>
+<title>Users</title>
+
+<para>
+A user account that may provide a home directory should be 
+created. The following Linux system commands are typical of 
+the procedure for creating an account.
+</para>
+
+<para><programlisting>
+	# useradd -s /bin/bash -d /home/"userid" -m "userid"
+	# passwd "userid"
+	  Enter Password: &lt;pw&gt;
+	  
+	# smbpasswd -a "userid"
+	  Enter Password: &lt;pw&gt;
+</programlisting></para>
+</sect3>
+
+<sect3>
+<title>MS Windows NT Machine Accounts</title>
+
+<para>
+These are required only when Samba is used as a domain 
+controller.  Refer to the Samba-PDC-HOWTO for more details.
+</para>
+
+<para><programlisting>
+	# useradd -s /bin/false -d /dev/null "machine_name"\$
+	# passwd -l "machine_name"\$
+	# smbpasswd -a -m "machine_name"
+</programlisting></para>
+</sect3>
+</sect2>
+</sect1>
+
+
+<sect1>
+<title>Conclusions</title>
+
+<para>
+Samba provides a flexible means to operate as...
+</para>
+
+<itemizedlist>
+	<listitem><para>A Stand-alone server - No special action is needed 
+	other than to create user accounts. Stand-alone servers do NOT 
+	provide network logon services, meaning that machines that use this 
+	server do NOT perform a domain logon but instead make use only of 
+	the MS Windows logon which is local to the MS Windows 
+	workstation/server.
+	</para></listitem>
+	
+	<listitem><para>An MS Windows NT 3.x/4.0 security domain member.
+	</para></listitem>
+	
+
+	<listitem><para>An alternative to an MS Windows NT 3.x/4.0 
+	Domain Controller.
+	</para></listitem>
+
+</itemizedlist>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml
new file mode 100755
index 00000000000..2259dae029e
--- /dev/null
+++ b/docs/docbook/projdoc/NT_Security.sgml
@@ -0,0 +1,358 @@
+<chapter id="unix-permissions">
+
+<chapterinfo>
+	<author>
+		<firstname>Jeremy</firstname><surname>Allison</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address>
+				<email>samba@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate>12 Apr 1999</pubdate>
+</chapterinfo>
+
+
+<title>UNIX Permission Bits and Windows NT Access Control Lists</title>
+
+<sect1>
+	<title>Viewing and changing UNIX permissions using the NT 
+	security dialogs</title>
+
+
+	<para>New in the Samba 2.0.4 release is the ability for Windows 
+	NT clients to use their native security settings dialog box to 
+	view and modify the underlying UNIX permissions.</para>
+
+	<para>Note that this ability is careful not to compromise 
+	the security of the UNIX host Samba is running on, and 
+	still obeys all the file permission rules that a Samba 
+	administrator can set.</para>
+
+	<para>In Samba 2.0.4 and above the default value of the 
+	parameter <ulink url="smb.conf.5.html#NTACLSUPPORT"><parameter>
+	nt acl support</parameter></ulink> has been changed from 
+	<constant>false</constant> to <constant>true</constant>, so 
+ 	manipulation of permissions is turned on by default.</para>
+</sect1>
+
+<sect1>
+	<title>How to view file security on a Samba share</title>
+
+	<para>From an NT 4.0 client, single-click with the right 
+	mouse button on any file or directory in a Samba mounted 
+	drive letter or UNC path. When the menu pops-up, click 
+	on the <emphasis>Properties</emphasis> entry at the bottom of 
+	the menu. This brings up the normal file properties dialog
+	box, but with Samba 2.0.4 this will have a new tab along the top
+	marked <emphasis>Security</emphasis>. Click on this tab and you 
+	will see three buttons, <emphasis>Permissions</emphasis>, 	
+	<emphasis>Auditing</emphasis>, and <emphasis>Ownership</emphasis>. 
+	The <emphasis>Auditing</emphasis> button will cause either 
+	an error message <errorname>A requested privilege is not held 
+	by the client</errorname> to appear if the user is not the 
+	NT Administrator, or a dialog which is intended to allow an 
+	Administrator to add auditing requirements to a file if the 
+	user is logged on as the NT Administrator. This dialog is 
+	non-functional with a Samba share at this time, as the only 
+	useful button, the <command>Add</command> button will not currently 
+	allow a list of users to be seen.</para>
+
+</sect1>
+
+<sect1>
+	<title>Viewing file ownership</title>
+
+	<para>Clicking on the <command>"Ownership"</command> button 
+	brings up a dialog box telling you who owns the given file. The 
+	owner name will be of the form :</para>
+
+	<para><command>"SERVER\user (Long name)"</command></para>
+
+	<para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of 
+	the Samba server, <replaceable>user</replaceable> is the user name of 
+	the UNIX user who owns the file, and <replaceable>(Long name)</replaceable>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database). Click on the <command>Close
+	</command> button to remove this dialog.</para>
+
+	<para>If the parameter <parameter>nt acl support</parameter>
+	is set to <constant>false</constant> then the file owner will 
+	be shown as the NT user <command>"Everyone"</command>.</para>
+
+	<para>The <command>Take Ownership</command> button will not allow 
+	you to change the ownership of this file to yourself (clicking on 
+	it will display a dialog box complaining that the user you are 
+	currently logged onto the NT client cannot be found). The reason 
+	for this is that changing the ownership of a file is a privileged 
+	operation in UNIX, available only to the <emphasis>root</emphasis> 
+	user. As clicking on this button causes NT to attempt to change 
+	the ownership of a file to the current user logged into the NT 
+	client this will not work with Samba at this time.</para>
+
+	<para>There is an NT chown command that will work with Samba 
+	and allow a user with Administrator privilege connected 
+	to a Samba 2.0.4 server as root to change the ownership of 
+	files on both a local NTFS filesystem or remote mounted NTFS 
+	or Samba drive. This is available as part of the <emphasis>Seclib
+	</emphasis> NT security library written by Jeremy Allison of 
+	the Samba Team, available from the main Samba ftp site.</para>
+
+</sect1>
+
+<sect1>
+	<title>Viewing file or directory permissions</title>
+
+	<para>The third button is the <command>"Permissions"</command> 
+	button. Clicking on this brings up a dialog box that shows both 
+	the permissions and the UNIX owner of the file or directory. 
+	The owner is displayed in the form :</para>
+
+	<para><command>"SERVER\user (Long name)"</command></para>
+
+	<para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of 
+	the Samba server, <replaceable>user</replaceable> is the user name of 
+	the UNIX user who owns the file, and <replaceable>(Long name)</replaceable>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database).</para>
+
+	<para>If the parameter <parameter>nt acl support</parameter>
+	is set to <constant>false</constant> then the file owner will 
+	be shown as the NT user <command>"Everyone"</command> and the 
+	permissions will be shown as NT "Full Control".</para>
+
+
+	<para>The permissions field is displayed differently for files 
+	and directories, so I'll describe the way file permissions 
+	are displayed first.</para>
+
+	<sect2>
+		<title>File Permissions</title>
+
+		<para>The standard UNIX user/group/world triple and 
+		the corresponding "read", "write", "execute" permissions 
+		triples are mapped by Samba into a three element NT ACL 
+		with the 'r', 'w', and 'x' bits mapped into the corresponding 
+		NT permissions. The UNIX world permissions are mapped into 
+		the global NT group <command>Everyone</command>, followed 
+		by the list of permissions allowed for UNIX world. The UNIX 
+		owner and group permissions are displayed as an NT 
+		<command>user</command> icon and an NT <command>local 
+		group</command> icon respectively followed by the list 
+	 	of permissions allowed for the UNIX user and group.</para>
+
+		<para>As many UNIX permission sets don't map into common 
+		NT names such as <command>"read"</command>, <command>
+		"change"</command> or <command>"full control"</command> then 
+		usually the permissions will be prefixed by the words <command>
+		"Special Access"</command> in the NT display list.</para>
+
+		<para>But what happens if the file has no permissions allowed 
+		for a particular UNIX user group or world component ? In order 
+		to  allow "no permissions" to be seen and modified then Samba 
+		overloads the NT <command>"Take Ownership"</command> ACL attribute 
+		(which has no meaning in UNIX) and reports a component with 
+		no permissions as having the NT <command>"O"</command> bit set. 
+		This was chosen of course to make it look like a zero, meaning 
+		zero permissions. More details on the decision behind this will 
+		be given below.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Directory Permissions</title>
+
+		<para>Directories on an NT NTFS file system have two 
+		different sets of permissions. The first set of permissions 
+		is the ACL set on the directory itself, this is usually displayed 
+		in the first set of parentheses in the normal <command>"RW"</command> 
+		NT style. This first set of permissions is created by Samba in 
+		exactly the same way as normal file permissions are, described 
+		above, and is displayed in the same way.</para>
+
+		<para>The second set of directory permissions has no real meaning 
+		in the UNIX permissions world and represents the <command>
+		"inherited"</command> permissions that any file created within 
+		this directory would inherit.</para>
+
+		<para>Samba synthesises these inherited permissions for NT by 
+		returning as an NT ACL the UNIX permission mode that a new file 
+		created by Samba on this share would receive.</para>
+	</sect2>
+</sect1>
+	
+<sect1>
+	<title>Modifying file or directory permissions</title>
+
+	<para>Modifying file and directory permissions is as simple 
+	as changing the displayed permissions in the dialog box, and 
+	clicking the <command>OK</command> button. However, there are 
+	limitations that a user needs to be aware of, and also interactions 
+	with the standard Samba permission masks and mapping of DOS 
+	attributes that need to also be taken into account.</para>
+
+	<para>If the parameter <parameter>nt acl support</parameter>
+	is set to <constant>false</constant> then any attempt to set 
+	security permissions will fail with an <command>"Access Denied"
+	</command> message.</para>
+
+	<para>The first thing to note is that the <command>"Add"</command> 
+	button will not return a list of users in Samba 2.0.4 (it will give 
+	an error message of <command>"The remote procedure call failed 
+	and did not execute"</command>). This means that you can only 
+	manipulate the current user/group/world permissions listed in 
+	the dialog box. This actually works quite well as these are the 
+	only permissions that UNIX actually has.</para>
+
+	<para>If a permission triple (either user, group, or world) 
+	is removed from the list of permissions in the NT dialog box, 
+	then when the <command>"OK"</command> button is pressed it will 
+	be applied as "no permissions" on the UNIX side. If you then 
+	view the permissions again the "no permissions" entry will appear 
+	as the NT <command>"O"</command> flag, as described above. This 
+	allows you to add permissions back to a file or directory once 
+	you have removed them from a triple component.</para>
+
+	<para>As UNIX supports only the "r", "w" and "x" bits of 
+	an NT ACL then if other NT security attributes such as "Delete 
+	access" are selected then they will be ignored when applied on 
+	the Samba server.</para>
+
+	<para>When setting permissions on a directory the second 
+	set of permissions (in the second set of parentheses) is 
+	by default applied to all files within that directory. If this 
+	is not what you want you must uncheck the <command>"Replace 
+	permissions on existing files"</command> checkbox in the NT 
+	dialog before clicking <command>"OK"</command>.</para>
+
+	<para>If you wish to remove all permissions from a 
+	user/group/world  component then you may either highlight the 
+	component and click the <command>"Remove"</command> button, 
+	or set the component to only have the special <command>"Take
+	Ownership"</command> permission (displayed as <command>"O"
+	</command>) highlighted.</para>
+</sect1>
+
+<sect1>
+	<title>Interaction with the standard Samba create mask 
+	parameters</title>
+
+	<para>Note that with Samba 2.0.5 there are four new parameters 
+	to control this interaction.  These are :</para>
+
+	<para><parameter>security mask</parameter></para>
+	<para><parameter>force security mode</parameter></para>
+	<para><parameter>directory security mask</parameter></para>
+	<para><parameter>force directory security mode</parameter></para>
+
+	<para>Once a user clicks <command>"OK"</command> to apply the 
+	permissions Samba maps the given permissions into a user/group/world 
+	r/w/x triple set, and then will check the changed permissions for a 
+	file against the bits set in the <ulink url="smb.conf.5.html#SECURITYMASK"> 
+	<parameter>security mask</parameter></ulink> parameter. Any bits that 
+	were changed that are not set to '1' in this parameter are left alone 
+	in the file permissions.</para>
+
+	<para>Essentially, zero bits in the <parameter>security mask</parameter>
+	mask may be treated as a set of bits the user is <emphasis>not</emphasis> 
+	allowed to change, and one bits are those the user is allowed to change.
+	</para>
+
+	<para>If not set explicitly this parameter is set to the same value as 
+	the <ulink url="smb.conf.5.html#CREATEMASK"><parameter>create mask
+	</parameter></ulink> parameter to provide compatibility with Samba 2.0.4 
+	where this permission change facility was introduced. To allow a user to 
+	modify all the user/group/world permissions on a file, set this parameter 
+	to 0777.</para>
+
+	<para>Next Samba checks the changed permissions for a file against 
+	the bits set in the <ulink url="smb.conf.5.html#FORCESECURITYMODE">
+	<parameter>force security mode</parameter></ulink> parameter. Any bits 
+	that were changed that correspond to bits set to '1' in this parameter 
+	are forced to be set.</para>
+
+	<para>Essentially, bits set in the <parameter>force security mode
+	</parameter> parameter may be treated as a set of bits that, when 
+	modifying security on a file, the user has always set to be 'on'.</para>
+
+	<para>If not set explicitly this parameter is set to the same value 
+	as the <ulink url="smb.conf.5.html#FORCECREATEMODE"><parameter>force 
+	create mode</parameter></ulink> parameter to provide compatibility
+	with Samba 2.0.4 where the permission change facility was introduced.
+	To allow a user to modify all the user/group/world permissions on a file
+	with no restrictions set this parameter to 000.</para>
+
+	<para>The <parameter>security mask</parameter> and <parameter>force 
+	security mode</parameter> parameters are applied to the change 
+	request in that order.</para>
+
+	<para>For a directory Samba will perform the same operations as 
+	described above for a file except using the parameter <parameter>
+	directory security mask</parameter> instead of <parameter>security 
+	mask</parameter>, and <parameter>force directory security mode
+	</parameter> parameter instead of <parameter>force security mode
+	</parameter>.</para>
+
+	<para>The <parameter>directory security mask</parameter> parameter 
+	by default is set to the same value as the <parameter>directory mask
+	</parameter> parameter and the <parameter>force directory security 
+	mode</parameter> parameter by default is set to the same value as 
+ 	the <parameter>force directory mode</parameter> parameter to provide 
+	compatibility with Samba 2.0.4 where the permission change facility 
+	was introduced.</para>
+
+	<para>In this way Samba enforces the permission restrictions that 
+	an administrator can set on a Samba share, whilst still allowing users 
+	to modify the permission bits within that restriction.</para>
+
+	<para>If you want to set up a share that allows users full control
+	in modifying the permission bits on their files and directories and
+	doesn't force any particular bits to be set 'on', then set the following
+	parameters in the <ulink url="smb.conf.5.html"><filename>smb.conf(5)
+	</filename></ulink> file in that share specific section :</para>
+
+	<para><parameter>security mask = 0777</parameter></para>
+	<para><parameter>force security mode = 0</parameter></para>
+	<para><parameter>directory security mask = 0777</parameter></para>
+	<para><parameter>force directory security mode = 0</parameter></para>
+
+	<para>As described, in Samba 2.0.4 the parameters :</para>
+
+	<para><parameter>create mask</parameter></para>
+	<para><parameter>force create mode</parameter></para>
+	<para><parameter>directory mask</parameter></para>
+	<para><parameter>force directory mode</parameter></para>
+
+	<para>were used instead of the parameters discussed here.</para>
+</sect1>
+
+<sect1>
+	<title>Interaction with the standard Samba file attribute 
+	mapping</title>
+
+	<para>Samba maps some of the DOS attribute bits (such as "read 
+	only") into the UNIX permissions of a file. This means there can 
+	be a conflict between the permission bits set via the security 
+	dialog and the permission bits set by the file attribute mapping.
+	</para>
+
+	<para>One way this can show up is if a file has no UNIX read access
+	for the owner it will show up as "read only" in the standard 
+	file attributes tabbed dialog. Unfortunately this dialog is
+	the same one that contains the security info in another tab.</para>
+
+	<para>What this can mean is that if the owner changes the permissions
+	to allow themselves read access using the security dialog, clicks
+	<command>"OK"</command> to get back to the standard attributes tab 
+	dialog, and then clicks <command>"OK"</command> on that dialog, then 
+	NT will set the file permissions back to read-only (as that is what 
+	the attributes still say in the dialog). This means that after setting 
+	permissions and clicking <command>"OK"</command> to get back to the 
+	attributes dialog you should always hit <command>"Cancel"</command> 
+	rather than <command>"OK"</command> to ensure that your changes 
+	are not overridden.</para>
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
new file mode 100755
index 00000000000..ca7ad6a754e
--- /dev/null
+++ b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
@@ -0,0 +1,142 @@
+<chapter id="os2">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Jim</firstname><surname>McDonough</surname>
+		<affiliation>
+			<orgname>IBM</orgname>
+			<address>
+				<email>jerry@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate>5 Mar 2001</pubdate>
+</chapterinfo>
+
+<title>OS2 Client HOWTO</title>
+
+<sect1>
+	<title>FAQs</title>
+
+	<sect2>
+		<title>How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</title>
+
+		<para>A more complete answer to this question can be 
+		found on <ulink url="http://carol.wins.uva.nl/~leeuw/samba/warp.html">
+		http://carol.wins.uva.nl/~leeuw/samba/warp.html</ulink>.</para>
+		
+		<para>Basically, you need three components:</para>
+		
+		<itemizedlist>
+			<listitem><para>The File and Print Client ('IBM Peer')
+			</para></listitem>
+			<listitem><para>TCP/IP ('Internet support') 
+			</para></listitem>
+			<listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>Installing the first two together with the base operating 
+		system on a blank system is explained in the Warp manual. If Warp 
+		has already been installed, but you now want to install the 
+		networking support, use the "Selective Install for Networking" 
+		object in the "System Setup" folder.</para>
+
+		<para>Adding the "NetBIOS over TCP/IP" driver is not described 
+		in the manual and just barely in the online documentation. Start 
+		MPTS.EXE, click on OK, click on "Configure LAPS" and click 
+		on "IBM OS/2 NETBIOS OVER TCP/IP" in  'Protocols'.  This line 
+		is then moved to 'Current Configuration'. Select that line, 
+		click on "Change number" and increase it from 0 to 1. Save this
+		configuration.</para>
+
+		<para>If the Samba server(s) is not on your local subnet, you 
+		can optionally add IP names and addresses of these servers 
+		to the "Names List", or specify a  WINS server ('NetBIOS 
+		Nameserver' in IBM and RFC terminology). For Warp Connect you 
+		may need to download an update for 'IBM Peer' to bring it on 
+		the same level as Warp 4. See the webpage mentioned above.</para>
+	</sect2>
+	
+	<sect2>
+		<title>How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</title>
+		
+		<para>You can use the free Microsoft LAN Manager 2.2c Client 
+		for OS/2 from 
+		<ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
+		ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>.
+   	See <ulink url="http://carol.wins.uva.nl/~leeuw/lanman.html">
+		http://carol.wins.uva.nl/~leeuw/lanman.html</ulink> for 
+		more information on how to install and use this client. In 
+		a nutshell, edit the file \OS2VER in the root directory of 
+		the OS/2 boot partition and add the lines:</para>
+		
+		<para><programlisting>
+		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+		</programlisting></para>
+		
+		<para>before you install the client. Also, don't use the 
+		included NE2000 driver because it is buggy. Try the NE2000 
+		or NS2000 driver from 
+		<ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
+ 		ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
+		</para>
+	</sect2>
+	
+	<sect2>
+		<title>Are there any other issues when OS/2 (any version) 
+		is used as a client?</title>
+		
+		<para>When you do a NET VIEW or use the "File and Print 
+		Client Resource Browser", no Samba servers show up. This can 
+		be fixed by a patch from <ulink
+		url="http://carol.wins.uva.nl/~leeuw/samba/fix.html">
+		http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>.
+		The patch will be included in a later version of Samba. It also 
+		fixes a couple of other problems, such as preserving long 
+		filenames when objects are dragged from the Workplace Shell 
+		to the Samba server. </para>
+	</sect2>
+	
+	<sect2>
+		<title>How do I get printer driver download working 
+		for OS/2 clients?</title>
+
+		<para>First, create a share called [PRINTDRV] that is 
+		world-readable.  Copy your OS/2 driver files there.  Note 
+		that the .EA_ files must still be separate, so you will need 
+		to use the original install files, and not copy an installed 
+		driver from an OS/2 system.</para>
+		
+		<para>Install the NT driver first for that printer.  Then, 
+		add to your smb.conf a parameter, "os2 driver map = 
+		<replaceable>filename</replaceable>".  Then, in the file 
+		specified by <replaceable>filename</replaceable>, map the 
+		name of the NT driver name to the OS/2 driver name as 
+		follows:</para>
+		
+		<para>&lt;nt driver name&gt; = &lt;os2 driver 
+		name&gt;.&lt;device name&gt;, e.g.:
+		HP LaserJet 5L = LASERJET.HP LaserJet 5L</para>
+
+		<para>You can have multiple drivers mapped in this file.</para>
+	
+		<para>If you only specify the OS/2 driver name, and not the 
+		device name, the first attempt to download the driver will 
+		actually download the files, but the OS/2 client will tell 
+		you the driver is not available.  On the second attempt, it 
+		will work.  This is fixed simply by adding the device name
+  		 to the mapping, after which it will work on the first attempt.
+		</para>
+	</sect2>
+</sect1>
+
+</chapter>
+   
diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml
new file mode 100755
index 00000000000..594516640de
--- /dev/null
+++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml
@@ -0,0 +1,215 @@
+<chapter id="pam">
+ 
+ 
+<chapterinfo>
+        <author>
+		<firstname>John</firstname><surname>Terpstra</surname>
+                <affiliation>
+                        <orgname>Samba Team</orgname>
+			<address>
+			<email>jht@samba.org</email>
+			</address>
+                </affiliation>
+        </author>
+ 
+ 
+        <pubdate> (Jun 21 2001) </pubdate>
+</chapterinfo>
+ 
+<title>Configuring PAM for distributed but centrally 
+managed authentication</title>
+
+<sect1>
+<title>Samba and PAM</title>
+
+<para>
+A number of Unix systems (eg: Sun Solaris), as well as the 
+xxxxBSD family and Linux, now utilize the Pluggable Authentication 
+Modules (PAM) facility to provide all authentication, 
+authorization and resource control services. Prior to the 
+introduction of PAM, a decision to use an alternative to 
+the system password database (<filename>/etc/passwd</filename>) 
+would require the provision of alternatives for all programs that provide 
+security services. Such a choice would involve provision of 
+alternatives to such programs as: <command>login</command>, 
+<command>passwd</command>, <command>chown</command>, etc.
+</para>
+
+<para>
+PAM provides a mechanism that disconnects these security programs 
+from the underlying authentication/authorization infrastructure.
+PAM is configured either through one file <filename>/etc/pam.conf</filename> (Solaris), 
+or by editing individual files that are located in <filename>/etc/pam.d</filename>.
+</para>
+
+<para>
+The following is an example <filename>/etc/pam.d/login</filename> configuration file. 
+This example had all options been uncommented is probably not usable 
+as it stacks many conditions before allowing successful completion 
+of the login process. Essentially all conditions can be disabled 
+by commenting them out except the calls to <filename>pam_pwdb.so</filename>.
+</para>
+
+<para><programlisting>
+#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5
+</programlisting></para>
+
+<para>
+PAM allows use of replacable modules. Those available on a 
+sample system include:
+</para>
+
+<para><programlisting>
+$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so
+</programlisting></para>
+
+<para>
+The following example for the login program replaces the use of 
+the <filename>pam_pwdb.so</filename> module which uses the system 
+password database (<filename>/etc/passwd</filename>,
+<filename>/etc/shadow</filename>, <filename>/etc/group</filename>) with 
+the module <filename>pam_smbpass.so</filename> which uses the Samba 
+database which contains the Microsoft MD4 encrypted password 
+hashes. This database is stored in either 
+<filename>/usr/local/samba/private/smbpasswd</filename>, 
+<filename>/etc/samba/smbpasswd</filename>, or in 
+<filename>/etc/samba.d/smbpasswd</filename>, depending on the 
+Samba implementation for your Unix/Linux system. The 
+<filename>pam_smbpass.so</filename> module is provided by 
+Samba version 2.2.1 or later. It can be compiled by specifying the 
+<command>--with-pam_smbpass</command> options when running Samba's
+<filename>configure</filename> script.  For more information
+on the <filename>pam_smbpass</filename> module, see the documentation
+in the <filename>source/pam_smbpass</filename> directory of the Samba 
+source distribution.
+</para>
+
+<para><programlisting>
+#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay
+</programlisting></para>
+
+<para>
+The following is the PAM configuration file for a particular 
+Linux system. The default condition uses <filename>pam_pwdb.so</filename>.
+</para>
+
+<para><programlisting>
+#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5
+</programlisting></para>
+
+<para>
+In the following example the decision has been made to use the 
+smbpasswd database even for basic samba authentication. Such a 
+decision could also be made for the passwd program and would 
+thus allow the smbpasswd passwords to be changed using the passwd 
+program.
+</para>
+
+<para><programlisting>
+#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf
+</programlisting></para>
+
+<para>
+Note: PAM allows stacking of authentication mechanisms. It is 
+also possible to pass information obtained within on PAM module through 
+to the next module in the PAM stack. Please refer to the documentation for 
+your particular system implementation for details regarding the specific 
+capabilities of PAM in this environment. Some Linux implmentations also 
+provide the <filename>pam_stack.so</filename> module that allows all 
+authentication to be configured in a single central file. The 
+<filename>pam_stack.so</filename> method has some very devoted followers 
+on the basis that it allows for easier administration. As with all issues in 
+life though, every decision makes trade-offs, so you may want examine the 
+PAM documentation for further helpful information.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Distributed Authentication</title>
+
+<para>
+The astute administrator will realize from this that the 
+combination of <filename>pam_smbpass.so</filename>, 
+<command>winbindd</command>, and <command>rsync</command> (see
+<ulink url="http://rsync.samba.org/">http://rsync.samba.org/</ulink>)
+will allow the establishment of a centrally managed, distributed 
+user/password database that can also be used by all 
+PAM (eg: Linux) aware programs and applications. This arrangement 
+can have particularly potent advantages compared with the 
+use of Microsoft Active Directory Service (ADS) in so far as 
+reduction of wide area network authentication traffic.
+</para>
+
+</sect1>
+
+<sect1>
+<title>PAM Configuration in smb.conf</title>
+
+<para>
+There is an option in smb.conf called <ulink 
+url="smb.conf.5.html#OBEYPAMRESTRICTIONS">obey pam restrictions</ulink>. 
+The following is from the on-line help for this option in SWAT;
+</para>
+
+<para>
+When Samba 2.2 is configure to enable PAM support (i.e. 
+<constant>--with-pam</constant>), this parameter will 
+control whether or not Samba should obey PAM's account 
+and session management directives. The default behavior 
+is to use PAM for clear text authentication only and to 
+ignore any account or session management. Note that Samba always 
+ignores PAM for authentication in the case of 
+<ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">encrypt passwords = yes</ulink>. 
+The reason is that PAM modules cannot support the challenge/response 
+authentication mechanism needed in the presence of SMB 
+password encryption. 
+</para>
+
+<para>Default: <command>obey pam restrictions = no</command></para>
+
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
new file mode 100755
index 00000000000..02926265ab1
--- /dev/null
+++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
@@ -0,0 +1,262 @@
+<chapter id="samba-bdc">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Volker</firstname><surname>Lendecke</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address><email>Volker.Lendecke@SerNet.DE</email></address>
+		</affiliation>
+	</author>
+	<pubdate> (26 Apr 2001) </pubdate>
+</chapterinfo>
+
+<title>
+How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
+</title>
+
+<sect1>
+<title>Prerequisite Reading</title>
+
+<para>
+Before you continue reading in this chapter, please make sure
+that you are comfortable with configuring a Samba PDC
+as described in the <ulink url="Samba-PDC-HOWTO.html">Samba-PDC-HOWTO</ulink>.
+</para>
+
+
+</sect1>
+
+<sect1>
+
+<title>Background</title>
+
+<para>
+What is a Domain Controller? It is a machine that is able to answer
+logon requests from workstations in a Windows NT Domain. Whenever a
+user logs into a Windows NT Workstation, the workstation connects to a
+Domain Controller and asks him whether the username and password the
+user typed in is correct.  The Domain Controller replies with a lot of
+information about the user, for example the place where the users
+profile is stored, the users full name of the user. All this
+information is stored in the NT user database, the so-called SAM.
+</para>
+
+<para>
+There are two kinds of Domain Controller in a NT 4 compatible Domain:
+A Primary Domain Controller (PDC) and one or more Backup Domain
+Controllers (BDC). The PDC contains the master copy of the
+SAM. Whenever the SAM has to change, for example when a user changes
+his password, this change has to be done on the PDC. A Backup Domain
+Controller is a machine that maintains a read-only copy of the
+SAM. This way it is able to reply to logon requests and authenticate
+users in case the PDC is not available. During this time no changes to
+the SAM are possible. Whenever changes to the SAM are done on the PDC,
+all BDC receive the changes from the PDC.
+</para>
+
+<para>
+Since version 2.2 Samba officially supports domain logons for all
+current Windows Clients, including Windows 2000 and XP. This text
+assumes the domain to be named SAMBA. To be able to act as a PDC, some
+parameters in the [global]-section of the smb.conf have to be set:
+</para>
+
+<para><programlisting>
+[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....
+</programlisting></para>
+
+<para>
+Several other things like a [homes] and a [netlogon] share also may be
+set along with settings for the profile path, the users home drive and
+others. This will not be covered in this document.
+</para>
+
+</sect1>
+
+
+<sect1>
+<title>What qualifies a Domain Controller on the network?</title>
+
+<para>
+Every machine that is a Domain Controller for the domain SAMBA has to
+register the NetBIOS group name SAMBA#1c with the WINS server and/or
+by broadcast on the local network. The PDC also registers the unique
+NetBIOS name SAMBA#1b with the WINS server. The name type #1b is
+normally reserved for the domain master browser, a role that has
+nothing to do with anything related to authentication, but the
+Microsoft Domain implementation requires the domain master browser to
+be on the same machine as the PDC.
+</para>
+
+
+<sect2>
+<title>How does a Workstation find its domain controller?</title>
+
+<para>
+A NT workstation in the domain SAMBA that wants a local user to be
+authenticated has to find the domain controller for SAMBA. It does
+this by doing a NetBIOS name query for the group name SAMBA#1c. It
+assumes that each of the machines it gets back from the queries is a
+domain controller and can answer logon requests. To not open security
+holes both the workstation and the selected (TODO: How is the DC
+chosen) domain controller authenticate each other. After that the
+workstation sends the user's credentials (his name and password) to
+the domain controller, asking for approval.
+</para>
+
+</sect2>
+
+
+<sect2>
+<title>When is the PDC needed?</title>
+
+<para>
+Whenever a user wants to change his password, this has to be done on
+the PDC. To find the PDC, the workstation does a NetBIOS name query
+for SAMBA#1b, assuming this machine maintains the master copy of the
+SAM. The workstation contacts the PDC, both mutually authenticate and
+the password change is done.
+</para>
+
+</sect2>
+
+</sect1>
+
+
+<sect1>
+<title>Can Samba be a Backup Domain Controller?</title>
+
+<para>
+With version 2.2, no. The native NT SAM replication protocols have
+not yet been fully implemented. The Samba Team is working on
+understanding and implementing the protocols, but this work has not
+been finished for version 2.2.
+</para>
+
+<para>
+Can I get the benefits of a BDC with Samba?  Yes. The main reason for
+implementing a BDC is availability. If the PDC is a Samba machine,
+a second Samba machine can be set up to
+service logon requests whenever the PDC is down.
+</para>
+
+</sect1>
+
+
+<sect1>
+<title>How do I set up a Samba BDC?</title>
+
+<para>
+Several things have to be done:
+</para>
+
+<itemizedlist>
+
+	<listitem><para>
+	The file <filename>private/MACHINE.SID</filename> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <filename>private/secrets.tdb</filename> database.  This file cannot just
+	be copied because Samba looks under the key <constant>SECRETS/SID/<replaceable>DOMAIN</replaceable></constant>.
+	where <replaceable>DOMAIN</replaceable> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </para>
+	<para>
+	A new option has been added to the <command>smbpasswd(8)</command>
+	command to help ease this problem.  When running <command>smbpasswd -S</command> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<parameter>workgroup</parameter> parameter in <filename>smb.conf</filename> and stored as the
+	new Samba server's machine SID.  See the <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>
+	man page for more details on this functionality.
+	</para></listitem>
+
+	<listitem><para>
+	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</para></listitem>
+
+	<listitem><para>
+	The Samba password database in the file <filename>private/smbpasswd</filename>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</para></listitem>
+
+	<listitem><para>
+	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</para></listitem>
+
+</itemizedlist>
+
+<para>
+Finally, the BDC has to be found by the workstations. This can be done
+by setting
+</para>
+
+<para><programlisting>
+[global]
+     workgroup = SAMBA
+     domain master = no
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....
+</programlisting></para>
+
+<para>
+in the [global]-section of the smb.conf of the BDC. This makes the BDC
+only register the name SAMBA#1c with the WINS server. This is no
+problem as the name SAMBA#1c is a NetBIOS group name that is meant to
+be registered by more than one machine. The parameter 'domain master =
+no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
+name is reserved for the Primary Domain Controller.
+</para>
+
+<sect2>
+<title>How do I replicate the smbpasswd file?</title>
+
+<para>
+Replication of the smbpasswd file is sensitive. It has to be done
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
+replicating the smbpasswd file very often is necessary.
+</para>
+
+<para>
+As the smbpasswd file contains plain text password equivalents, it
+must not be sent unencrypted over the wire. The best way to set up
+smbpasswd replication from the PDC to the BDC is to use the utility
+<command>rsync(1)</command>. <command>rsync</command> can use
+<command>ssh(1)</command> as a transport. <command>ssh</command> itself
+can be set up to accept <emphasis>only</emphasis> <command>rsync</command> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.
+</para>
+
+<para>
+Another solution with high potential is to use Samba's <parameter>--with-ldapsam</parameter>
+for sharing and/or replicating the list of <constant>sambaAccount</constant> entries.
+This can all be done over SSL to ensure security.  See the <ulink url="Samba-LDAP-HOWTO.html">Samba-LDAP-HOWTO</ulink>
+for more details.
+</para>
+
+</sect2>
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
new file mode 100755
index 00000000000..6b153af6feb
--- /dev/null
+++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
@@ -0,0 +1,640 @@
+<chapter id="samba-ldap-howto">
+
+<chapterinfo>
+	<author>
+		<firstname>Gerald (Jerry)></firstname><surname>Carter</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address><email>jerry@samba.org</email></address>
+		</affiliation>
+		<firstname>Olivier (lem)></firstname><surname>Lemaire</surname>
+		<affiliation>
+			<orgname>IDEALX</orgname>
+			<address><email>olem@IDEALX.org</email></address>
+		</affiliation>
+	</author>
+
+
+	<pubdate> (16 Jun 2002) </pubdate>
+</chapterinfo>
+
+<title>Storing Samba's User/Machine Account information in an LDAP Directory</title>
+
+<sect1>
+<title>Purpose</title>
+
+<para>
+This document describes how to use an LDAP directory for storing Samba user
+account information traditionally stored in the smbpasswd(5) file.  It is
+assumed that the reader already has a basic understanding of LDAP concepts
+and has a working directory server already installed.  For more information
+on LDAP architectures and Directories, please refer to the following sites.
+</para>
+
+<itemizedlist>
+	<listitem><para>OpenLDAP - <ulink url="http://www.openldap.org/">http://www.openldap.org/</ulink></para></listitem>
+	<listitem><para>iPlanet Directory Server - <ulink url="http://iplanet.netscape.com/directory">http://iplanet.netscape.com/directory</ulink></para></listitem>
+</itemizedlist>
+
+<para>
+Note that <ulink url="http://www.ora.com/">O'Reilly Publishing</ulink> is working on
+a guide to LDAP for System Administrators which has a planned release date of
+late 2002.
+</para>
+
+<para>
+Two additional Samba resources which may prove to be helpful are
+</para>
+
+<itemizedlist>
+	<listitem><para>The <ulink url="http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html">Samba-PDC-LDAP-HOWTO</ulink>
+	maintained by Ignacio Coupeau.</para></listitem>
+
+	<listitem><para>The NT migration scripts from <ulink url="http://samba.idealx.org/">IDEALX</ulink> that are
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <filename>examples/LDAP/smbldap-tools/</filename> directory.
+	</para></listitem>
+</itemizedlist>
+
+</sect1>
+
+
+<sect1>
+<title>Introduction</title>
+
+<para>
+Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt
+passwords = yes"</ulink> in Samba's <filename>smb.conf</filename> file, user account
+information such as username, LM/NT password hashes, password change times, and account
+flags have been stored in the <filename>smbpasswd(5)</filename> file.  There are several
+disadvantages to this approach for sites with very large numbers of users (counted
+in the thousands).
+</para>
+
+<itemizedlist>
+<listitem><para>
+The first is that all lookups must be performed sequentially.  Given that
+there are approximately two lookups per domain logon (one for a normal
+session connection such as when mapping a network drive or printer), this
+is a performance bottleneck for large sites.  What is needed is an indexed approach
+such as is used in databases.
+</para></listitem>
+
+<listitem><para>
+The second problem is that administrators who desired to replicate a
+smbpasswd file to more than one Samba server were left to use external
+tools such as <command>rsync(1)</command> and <command>ssh(1)</command>
+and wrote custom, in-house scripts.
+</para></listitem>
+
+<listitem><para>
+And finally, the amount of information which is stored in an
+smbpasswd entry leaves no room for additional attributes such as
+a home directory, password expiration time, or even a Relative
+Identified (RID).
+</para></listitem>
+</itemizedlist>
+
+<para>
+As a result of these defeciencies, a more robust means of storing user attributes
+used by <command>smbd</command> was developed.  The API which defines access to user accounts
+is commonly referred to as the samdb interface (previously this was called the passdb
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
+for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or
+<parameter>--with-tdbsam</parameter>) requires compile time support.
+</para>
+
+<para>
+When compiling Samba to include the <parameter>--with-ldapsam</parameter> autoconf
+option, <command>smbd</command> (and associated tools) will store and lookup user accounts in
+an LDAP directory.  In reality, this is very easy to understand.  If you are
+comfortable with using an smbpasswd file, simply replace "smbpasswd" with
+"LDAP directory" in all the documentation.
+</para>
+
+<para>
+There are a few points to stress about what the <parameter>--with-ldapsam</parameter>
+does not provide.  The LDAP support referred to in the this documentation does not
+include:
+</para>
+
+<itemizedlist>
+	<listitem><para>A means of retrieving user account information from
+	an Windows 2000 Active Directory server.</para></listitem>
+	<listitem><para>A means of replacing /etc/passwd.</para></listitem>
+</itemizedlist>
+
+<para>
+The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
+versions of these libraries can be obtained from PADL Software
+(<ulink url="http://www.padl.com/">http://www.padl.com/</ulink>).  However,
+the details of configuring these packages are beyond the scope of this document.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Supported LDAP Servers</title>
+
+<para>
+The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
+2.0 server and client libraries.  The same code should be able to work with
+Netscape's Directory Server and client SDK. However, due to lack of testing
+so far, there are bound to be compile errors and bugs.  These should not be
+hard to fix. If you are so inclined, please be sure to forward all patches to
+<ulink url="samba-patches@samba.org">samba-patches@samba.org</ulink> and
+<ulink url="jerry@samba.org">jerry@samba.org</ulink>.
+</para>
+
+</sect1>
+
+
+
+
+<sect1>
+<title>Schema and Relationship to the RFC 2307 posixAccount</title>
+
+
+<para>
+Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
+<filename>examples/LDAP/samba.schema</filename>.  (Note that this schema
+file has been modified since the experimental support initially included
+in 2.2.2).  The sambaAccount objectclass is given here:
+</para>
+
+<para><programlisting>
+objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))
+</programlisting></para>
+
+<para>
+The <filename>samba.schema</filename> file has been formatted for OpenLDAP 2.0 & 2.1.  The OID's are
+owned by the Samba Team and as such is legal to be openly published.
+If you translate the schema to be used with Netscape DS, please
+submit the modified schema file as a patch to <ulink url="jerry@samba.org">jerry@samba.org</ulink>
+</para>
+
+<para>
+Since the original release, schema files for
+</para>
+
+<itemizedlist>
+	<listitem><para>IBM's SecureWay Server</para></listitem>
+	<listitem><para>Netscape Directory Server version 4.x and 5.x</para></listitem>
+</itemizedlist>
+
+<para>
+have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.
+</para>
+
+<para>
+Just as the smbpasswd file is mean to store information which supplements a
+user's <filename>/etc/passwd</filename> entry, so is the sambaAccount object
+meant to supplement the UNIX user account information.  A sambaAccount is now an
+<constant>AUXILARY</constant> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.
+</para>
+
+
+<para>
+In order to store all user account information (UNIX and Samba) in the directory,
+it is necessary to use the sambaAccount and posixAccount objectclasses in
+combination.  However, <command>smbd</command> will still obtain the user's UNIX account
+information via the standard C library calls (e.g. getpwnam(), et. al.).
+This means that the Samba server must also have the LDAP NSS library installed
+and functioning correctly.  This division of information makes it possible to
+store all Samba account information in LDAP, but still maintain UNIX account
+information in NIS while the network is transitioning to a full LDAP infrastructure.
+</para>
+</sect1>
+
+<sect1>
+<title>Configuring Samba with LDAP</title>
+
+
+<sect2>
+<title>OpenLDAP configuration</title>
+
+<para>
+To include support for the sambaAccount object in an OpenLDAP directory
+server, first copy the samba.schema file to slapd's configuration directory.
+</para>
+
+<para>
+<prompt>root# </prompt><command>cp samba.schema /etc/openldap/schema/</command>
+</para>
+
+<para>
+Next, include the <filename>samba.schema</filename> file in <filename>slapd.conf</filename>.
+The sambaAccount object contains two attributes which depend upon other schema
+files.  The 'uid' attribute is defined in <filename>cosine.schema</filename> and
+the 'displayName' attribute is defined in the <filename>inetorgperson.schema</filename>
+file.  Both of these must be included before the <filename>samba.schema</filename> file.
+</para>
+
+<para><programlisting>
+## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....
+</programlisting></para>
+
+<para>
+It is recommended that you maintain some indices on some of the most usefull attributes,
+like in the following example, to speed up searches made on sambaAccount objectclasses
+(and possibly posixAccount and posixGroup as well).
+</para>
+<para><programlisting>
+# Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pbb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsampwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq
+</programlisting></para>
+</sect2>
+
+
+<sect2>
+<title>Configuring Samba</title>
+<!--lem: <title>smb.conf LDAP parameters</title> -->
+
+<para>
+The following parameters are available in smb.conf only with <parameter>--with-ldapsam</parameter>
+was included with compiling Samba.
+</para>
+
+<itemizedlist>
+	<listitem><para><ulink url="smb.conf.5.html#LDAPSSL">ldap ssl</ulink></para></listitem>
+	<listitem><para><ulink url="smb.conf.5.html#LDAPSERVER">ldap server</ulink></para></listitem>
+	<listitem><para><ulink url="smb.conf.5.html#LDAPADMINDN">ldap admin dn</ulink></para></listitem>
+	<listitem><para><ulink url="smb.conf.5.html#LDAPSUFFIX">ldap suffix</ulink></para></listitem>
+	<listitem><para><ulink url="smb.conf.5.html#LDAPFILTER">ldap filter</ulink></para></listitem>
+	<listitem><para><ulink url="smb.conf.5.html#LDAPPORT">ldap port</ulink></para></listitem>
+</itemizedlist>
+
+<para>
+These are described in the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> man
+page and so will not be repeated here.  However, a sample smb.conf file for
+use with an LDAP directory could appear as
+</para>
+
+<para><programlisting>
+## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w <replaceable>secretpw</replaceable>' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
+</programlisting></para>
+
+
+</sect2>
+
+
+<sect2>
+<title>Importing <filename>smbpasswd</filename> entries</title>
+
+<para>
+Import existing user entries from an <filename>smbpasswd</filename> can be trivially done using
+a Perl script named <filename>import_smbpasswd.pl</filename> included in the
+<filename>examples/LDAP/</filename> directory of the Samba source distribution.  There are
+two main requirements of this script:
+</para>
+
+<itemizedlist>
+	<listitem><para>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</para></listitem>
+
+	<listitem><para>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <ulink url="http://search.cpan.org/">http://search.cpan.org/</ulink>
+	by searching for <filename>perl-ldap</filename> or directly from <ulink
+	url="http://perl-ldap.sf.net/">http://perl-ldap.sf.net/</ulink>.
+	</para></listitem>
+</itemizedlist>
+
+<para>
+Please refer to the documentation in the same directory as the script for more details.
+</para>
+
+</sect2>
+</sect1>
+
+
+
+<sect1>
+<title>Accounts and Groups management</title>
+
+<para>
+As users accounts are managed thru the sambaAccount objectclass, you should
+modify you existing administration tools to deal with sambaAccount attributes.
+</para>
+
+<para>
+Machines accounts are managed with the sambaAccount objectclass, just
+like users accounts. However, it's up to you to stored thoses accounts
+in a different tree of you LDAP namespace: you should use
+"ou=Groups,dc=plainjoe,dc=org" to store groups and
+"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
+NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
+file).
+</para>
+
+<para>
+In Samba release 2.2.3, the group management system is based on posix
+groups. This meand that Samba make usage of the posixGroup objectclass.
+For now, there is no NT-like group system management (global and local
+groups).
+</para>
+
+</sect1>
+
+<sect1>
+<title>Security and sambaAccount</title>
+
+
+<para>
+There are two important points to remember when discussing the security
+of sambaAccount entries in the directory.
+</para>
+
+<itemizedlist>
+	<listitem><para><emphasis>Never</emphasis> retrieve the lmPassword or
+	ntPassword attribute values over an unencrypted LDAP session.</para></listitem>
+	<listitem><para><emphasis>Never</emphasis> allow non-admin users to
+	view the lmPassword or ntPassword attribute values.</para></listitem>
+</itemizedlist>
+
+<para>
+These password hashes are clear text equivalents and can be used to impersonate
+the user without deriving the original clear text strings.  For more information
+on the details of LM/NT password hashes, refer to the <ulink
+url="ENCRYPTION.html">ENCRYPTION chapter</ulink> of the Samba-HOWTO-Collection.
+</para>
+
+<para>
+To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
+to require an encrypted session (<command>ldap ssl = on</command>) using
+the default port of 636
+when contacting the directory server.  When using an OpenLDAP 2.0 server, it
+is possible to use the use the StartTLS LDAP extended  operation in the place of
+LDAPS.  In either case, you are strongly discouraged to disable this security
+(<command>ldap ssl = off</command>).
+</para>
+
+<para>
+Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
+extended operation.  However, the OpenLDAP library still provides support for
+the older method of securing communication between clients and servers.
+</para>
+
+<para>
+The second security precaution is to prevent non-administrative users from
+harvesting password hashes from the directory.  This can be done using the
+following ACL in <filename>slapd.conf</filename>:
+</para>
+
+<para><programlisting>
+## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none
+</programlisting></para>
+
+
+</sect1>
+
+
+
+<sect1>
+<title>LDAP specials attributes for sambaAccounts</title>
+
+<para>
+The sambaAccount objectclass is composed of the following attributes:
+</para>
+
+<itemizedlist>
+
+	<listitem><para><constant>lmPassword</constant>: the LANMAN password 16-byte hash stored as a character
+	representation of a hexidecimal string.</para></listitem>
+
+	<listitem><para><constant>ntPassword</constant>: the NT password hash 16-byte stored as a character
+	representation of a hexidecimal string.</para></listitem>
+
+	<listitem><para><constant>pwdLastSet</constant>: The integer time in seconds since 1970 when the
+	<constant>lmPassword</constant> and <constant>ntPassword</constant> attributes were last set.
+	</para></listitem>
+
+	<listitem><para><constant>acctFlags</constant>: string of 11 characters surrounded by square brackets []
+	representing account flags such as U (user), W(workstation), X(no password expiration), and
+	D(disabled).</para></listitem>
+
+	<listitem><para><constant>logonTime</constant>: Integer value currently unused</para></listitem>
+
+	<listitem><para><constant>logoffTime</constant>: Integer value currently unused</para></listitem>
+
+	<listitem><para><constant>kickoffTime</constant>: Integer value currently unused</para></listitem>
+
+	<listitem><para><constant>pwdCanChange</constant>: Integer value currently unused</para></listitem>
+
+	<listitem><para><constant>pwdMustChange</constant>: Integer value currently unused</para></listitem>
+
+	<listitem><para><constant>homeDrive</constant>: specifies the drive letter to which to map the
+	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
+	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
+	smb.conf(5) man page for more information.</para></listitem>
+
+	<listitem><para><constant>scriptPath</constant>: The scriptPath property specifies the path of
+	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
+	is relative to the netlogon share.  Refer to the "logon script" parameter in the
+	smb.conf(5) man page for more information.</para></listitem>
+
+	<listitem><para><constant>profilePath</constant>: specifies a path to the user's profile.
+	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
+	"logon path" parameter in the smb.conf(5) man page for more information.</para></listitem>
+
+	<listitem><para><constant>smbHome</constant>: The homeDirectory property specifies the path of
+	the home directory for the user. The string can be null. If homeDrive is set and specifies
+	a drive letter, homeDirectory should be a UNC path. The path must be a network
+	UNC path of the form \\server\share\directory. This value can be a null string.
+	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
+	</para></listitem>
+
+	<listitem><para><constant>userWorkstation</constant>: character string value currently unused.
+	</para></listitem>
+
+	<listitem><para><constant>rid</constant>: the integer representation of the user's relative identifier
+	(RID).</para></listitem>
+
+	<listitem><para><constant>primaryGroupID</constant>: the relative identifier (RID) of the primary group
+	of the user.</para></listitem>
+
+</itemizedlist>
+
+<para>
+The majority of these parameters are only used when Samba is acting as a PDC of
+a domain (refer to the <ulink url="Samba-PDC-HOWTO.html">Samba-PDC-HOWTO</ulink> for details on
+how to configure Samba as a Primary Domain Controller). The following four attributes
+are only stored with the sambaAccount entry if the values are non-default values:
+</para>
+
+<itemizedlist>
+	<listitem><para>smbHome</para></listitem>
+	<listitem><para>scriptPath</para></listitem>
+	<listitem><para>logonPath</para></listitem>
+	<listitem><para>homeDrive</para></listitem>
+</itemizedlist>
+
+<para>
+These attributes are only stored with the sambaAccount entry if
+the values are non-default values.  For example, assume TASHTEGO has now been
+configured as a PDC and that <command>logon home = \\%L\%u</command> was defined in
+its <filename>smb.conf</filename> file. When a user named "becky" logons to the domain,
+the <parameter>logon home</parameter> string is expanded to \\TASHTEGO\becky.
+If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
+this value is used.  However, if this attribute does not exist, then the value
+of the <parameter>logon home</parameter> parameter is used in its place.  Samba
+will only write the attribute value to the directory entry is the value is
+something other than the default (e.g. \\MOBY\becky).
+</para>
+
+
+</sect1>
+
+
+
+<sect1>
+<title>Example LDIF Entries for a sambaAccount</title>
+
+
+<para>
+The following is a working LDIF with the inclusion of the posixAccount objectclass:
+</para>
+
+<para><programlisting>
+dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0
+</programlisting></para>
+
+<para>
+The following is an LDIF entry for using both the sambaAccount and
+posixAccount objectclasses:
+</para>
+
+<para><programlisting>
+dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+</programlisting></para>
+
+
+</sect1>
+
+
+
+<sect1>
+<title>Comments</title>
+
+
+<para>
+Please mail all comments regarding this HOWTO to <ulink
+url="mailto:jerry@samba.org">jerry@samba.org</ulink>.  This documents was
+last updated to reflect the Samba 2.2.5 release.
+
+</para>
+
+
+</sect1>
+
+
+</chapter>
diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
new file mode 100755
index 00000000000..475b66598c2
--- /dev/null
+++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
@@ -0,0 +1,1828 @@
+<chapter id="samba-pdc">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Gerald (Jerry)</firstname><surname>Carter</surname>
+		<affiliation>
+			<orgname>VA Linux Systems/Samba Team</orgname>
+			<address><email>jerry@samba.org</email></address>
+		</affiliation>
+		<firstname>David</firstname><surname>Bannon</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address><email>dbannon@samba.org</email></address>
+		</affiliation>
+		
+	</author>
+	<pubdate> (26 Apr 2001) </pubdate>
+</chapterinfo>
+
+<title>
+How to Configure Samba 2.2 as a Primary Domain Controller
+</title>
+
+
+<!-- **********************************************************
+
+     Prerequisite Reading
+
+*************************************************************** -->
+<sect1>
+<title>Prerequisite Reading</title>
+
+<para>
+Before you continue reading in this chapter, please make sure 
+that you are comfortable with configuring basic files services
+in smb.conf and how to enable and administer password 
+encryption in Samba.  Theses two topics are covered in the
+<ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> 
+manpage and the <ulink url="ENCRYPTION.html">Encryption chapter</ulink> 
+of this HOWTO Collection.
+</para>
+
+
+</sect1>
+
+
+
+<!-- **********************************************************
+
+     Background Information
+
+*************************************************************** -->
+<sect1>
+<title>
+Background
+</title>
+
+<note>
+<para>
+<emphasis>Author's Note:</emphasis> This document is a combination 
+of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". 
+Both documents are superseded by this one.
+</para>
+</note>
+
+<para>
+Versions of Samba prior to release 2.2 had marginal capabilities to act
+as a Windows NT 4.0 Primary Domain Controller
+<indexterm><primary>Primary Domain Controller</primary></indexterm>
+(PDC).  With Samba 2.2.0, we are proud to announce official support for
+Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows 
+2000 clients.  This article outlines the steps
+necessary for configuring Samba as a PDC.  It is necessary to have a
+working Samba server prior to implementing the PDC functionality.  If
+you have not followed the steps outlined in <ulink
+url="UNIX_INSTALL.html"> UNIX_INSTALL.html</ulink>, please make sure
+that your server is configured correctly before proceeding.  Another
+good resource in the <ulink url="smb.conf.5.html">smb.conf(5) man
+page</ulink>. The following functionality should work in 2.2:
+</para>
+
+<itemizedlist>
+	<listitem><para>
+	domain logons for Windows NT 4.0/2000 clients.
+	</para></listitem>
+	
+	<listitem><para>
+	placing a Windows 9x client in user level security
+	</para></listitem>
+	
+	<listitem><para>
+	retrieving a list of users and groups from a Samba PDC to
+	Windows 9x/NT/2000 clients
+	</para></listitem>
+	
+	<listitem><para>
+	roving (roaming) user profiles
+	</para></listitem>
+	
+	<listitem><para>
+	Windows NT 4.0-style system policies
+	</para></listitem>
+</itemizedlist>
+
+
+<para>
+The following pieces of functionality are not included in the 2.2 release:
+</para>
+
+<itemizedlist>
+	<listitem><para>
+	Windows NT 4 domain trusts
+	</para></listitem>
+	
+	<listitem><para>
+	SAM replication with Windows NT 4.0 Domain Controllers
+	(i.e. a Samba PDC and a Windows NT BDC or vice versa) 
+	</para></listitem>
+	
+	<listitem><para>
+	Adding users via the User Manager for Domains
+	</para></listitem>
+
+	<listitem><para>
+	Acting as a Windows 2000 Domain Controller (i.e. Kerberos and 
+	Active Directory)
+	</para></listitem>
+</itemizedlist>
+
+<para>
+Please note that Windows 9x clients are not true members of a domain
+for reasons outlined in this article.  Therefore the protocol for
+support Windows 9x-style domain logons is completely different
+from NT4 domain logons and has been officially supported for some 
+time.
+</para>
+
+
+<para>
+Implementing a Samba PDC can basically be divided into 2 broad
+steps.
+</para>
+
+<orderedlist numeration="Arabic">
+	<listitem><para>
+	Configuring the Samba PDC
+	</para></listitem>
+	
+	<listitem><para>
+	Creating machine trust accounts	and joining clients 
+	to the domain
+	</para></listitem>
+</orderedlist>
+
+<para>
+There are other minor details such as user profiles, system
+policies, etc...  However, these are not necessarily specific
+to a Samba PDC as much as they are related to Windows NT networking
+concepts.  They will be mentioned only briefly here.
+</para>
+
+</sect1>
+
+
+<!-- **********************************************************
+
+     Configuring the Samba PDC
+
+*************************************************************** -->
+
+<sect1>
+<title>Configuring the Samba Domain Controller</title>
+
+<para>
+The first step in creating a working Samba PDC is to 
+understand the parameters necessary in smb.conf.  I will not
+attempt to re-explain the parameters here as they are more that
+adequately covered in <ulink url="smb.conf.5.html"> the smb.conf
+man page</ulink>.  For convenience, the parameters have been
+linked with the actual smb.conf description.
+</para>
+
+<para>
+Here is an example <filename>smb.conf</filename> for acting as a PDC:
+</para>
+
+<para><programlisting>
+[global]
+    ; Basic server settings
+    <ulink url="smb.conf.5.html#NETBIOSNAME">netbios name</ulink> = <replaceable>POGO</replaceable>
+    <ulink url="smb.conf.5.html#WORKGROUP">workgroup</ulink> = <replaceable>NARNIA</replaceable>
+
+    ; we should act as the domain and local master browser
+    <ulink url="smb.conf.5.html#OSLEVEL">os level</ulink> = 64
+    <ulink url="smb.conf.5.html#PERFERREDMASTER">preferred master</ulink> = yes
+    <ulink url="smb.conf.5.html#DOMAINMASTER">domain master</ulink> = yes
+    <ulink url="smb.conf.5.html#LOCALMASTER">local master</ulink> = yes
+    
+    ; security settings (must user security = user)
+    <ulink url="smb.conf.5.html#SECURITYEQUALSUSER">security</ulink> = user
+    
+    ; encrypted passwords are a requirement for a PDC
+    <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">encrypt passwords</ulink> = yes
+    
+    ; support domain logons
+    <ulink url="smb.conf.5.html#DOMAINLOGONS">domain logons</ulink> = yes
+    
+    ; where to store user profiles?
+    <ulink url="smb.conf.5.html#LOGONPATH">logon path</ulink> = \\%N\profiles\%u
+    
+    ; where is a user's home directory and where should it
+    ; be mounted at?
+    <ulink url="smb.conf.5.html#LOGONDRIVE">logon drive</ulink> = H:
+    <ulink url="smb.conf.5.html#LOGONHOME">logon home</ulink> = \\homeserver\%u
+    
+    ; specify a generic logon script for all users
+    ; this is a relative **DOS** path to the [netlogon] share
+    <ulink url="smb.conf.5.html#LOGONSCRIPT">logon script</ulink> = logon.cmd
+
+; necessary share for domain controller
+[netlogon]
+    <ulink url="smb.conf.5.html#PATH">path</ulink> = /usr/local/samba/lib/netlogon
+    <ulink url="smb.conf.5.html#READONLY">read only</ulink> = yes
+    <ulink url="smb.conf.5.html#WRITELIST">write list</ulink> = <replaceable>ntadmin</replaceable>
+    
+; share for storing user profiles
+[profiles]
+    <ulink url="smb.conf.5.html#PATH">path</ulink> = /export/smb/ntprofile
+    <ulink url="smb.conf.5.html#READONLY">read only</ulink> = no
+    <ulink url="smb.conf.5.html#CREATEMASK">create mask</ulink> = 0600
+    <ulink url="smb.conf.5.html#DIRECTORYMASK">directory mask</ulink> = 0700
+</programlisting></para>
+
+<para>
+There are a couple of points to emphasize in the above configuration.
+</para>
+
+<itemizedlist>
+	<listitem><para>
+	Encrypted passwords must be enabled.  For more details on how 
+	to do this, refer to <ulink url="ENCRYPTION.html">ENCRYPTION.html</ulink>.
+	</para></listitem>
+	
+	<listitem><para>
+	The server must support domain logons and a
+	<filename>[netlogon]</filename> share
+	</para></listitem>
+	
+	<listitem><para>
+	The server must be the domain master browser in order for Windows 
+	client to locate the server as a DC.  Please refer to the various 
+	Network Browsing documentation included with this distribution for 
+	details.
+	</para></listitem>
+</itemizedlist>    
+
+<para>
+As Samba 2.2 does not offer a complete implementation of group mapping
+between Windows NT groups and Unix groups (this is really quite
+complicated to explain in a short space), you should refer to the
+<ulink url="smb.conf.5.html#DOMAINADMINGROUP">domain admin
+group</ulink> smb.conf parameter for information of creating "Domain
+Admins" style accounts.
+</para>
+
+</sect1>
+
+
+<sect1>
+<title>Creating Machine Trust Accounts and Joining Clients to the
+Domain</title>
+
+<para>
+A machine trust account is a Samba account that is used to
+authenticate a client machine (rather than a user) to the Samba
+server.  In Windows terminology, this is known as a "Computer
+Account."</para>
+
+<para>
+The password of a machine trust account acts as the shared secret for
+secure communication with the Domain Controller.  This is a security
+feature to prevent an unauthorized machine with the same NetBIOS name
+from joining the domain and gaining access to domain user/group
+accounts.  Windows NT and 2000 clients use machine trust accounts, but
+Windows 9x clients do not.  Hence, a Windows 9x client is never a true
+member of a domain because it does not possess a machine trust
+account, and thus has no shared secret with the domain controller.
+</para>
+
+<para>A Windows PDC stores each machine trust account in the Windows
+Registry.  A Samba PDC, however, stores each machine trust account 
+in two parts, as follows:
+
+<itemizedlist>
+    <listitem><para>A Samba account, stored in the same location as user
+    LanMan and NT password hashes (currently
+    <filename>smbpasswd</filename>). The Samba account 
+    possesses and uses only the NT password hash.</para></listitem>
+
+    <listitem><para>A corresponding Unix account, typically stored in
+    <filename>/etc/passwd</filename>. (Future releases will alleviate the need to
+    create <filename>/etc/passwd</filename> entries.) </para></listitem>
+</itemizedlist>
+</para>
+
+<para>
+There are two ways to create machine trust accounts:
+</para>
+
+<itemizedlist>
+	<listitem><para> Manual creation. Both the Samba and corresponding
+	Unix account are created by hand.</para></listitem>
+	
+	<listitem><para> "On-the-fly" creation. The Samba machine trust
+	account is automatically created by Samba at the time the client
+	is joined to the domain. (For security, this is the
+	recommended method.) The corresponding Unix account may be
+	created automatically or manually. </para>
+	</listitem>
+
+</itemizedlist>
+
+<sect2>
+<title>Manual Creation of Machine Trust Accounts</title>
+
+<para>
+The first step in manually creating a machine trust account is to
+manually create the corresponding Unix account in
+<filename>/etc/passwd</filename>.  This can be done using
+<command>vipw</command> or other 'add user' command that is normally
+used to create new Unix accounts.  The following is an example for a
+Linux based Samba server:
+</para>
+
+<para>
+  <prompt>root# </prompt><command>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine 
+nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ </command>
+</para>
+<para>
+<prompt>root# </prompt><command>passwd -l <replaceable>machine_name</replaceable>$</command>
+</para>
+
+<para>
+The <filename>/etc/passwd</filename> entry will list the machine name 
+with a "$" appended, won't have a password, will have a null shell and no 
+home directory. For example a machine named 'doppy' would have an 
+<filename>/etc/passwd</filename> entry like this:
+</para>
+
+<para><programlisting>
+doppy$:x:505:501:<replaceable>machine_nickname</replaceable>:/dev/null:/bin/false
+</programlisting></para>
+
+<para>
+Above, <replaceable>machine_nickname</replaceable> can be any
+descriptive name for the client, i.e., BasementComputer.
+<replaceable>machine_name</replaceable> absolutely must be the NetBIOS
+name of the client to be joined to the domain.  The "$" must be
+appended to the NetBIOS name of the client or Samba will not recognize
+this as a machine trust account.
+</para>
+
+
+<para>
+Now that the corresponding Unix account has been created, the next step is to create 
+the Samba account for the client containing the well-known initial 
+machine trust account password.  This can be done using the <ulink 
+url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> command 
+as shown here:
+</para>
+
+<para>
+<prompt>root# </prompt><command>smbpasswd -a -m <replaceable>machine_name</replaceable></command>
+</para>
+
+<para>
+where <replaceable>machine_name</replaceable> is the machine's NetBIOS
+name.  The RID of the new machine account is generated from the UID of 
+the corresponding Unix account.
+</para>
+
+<warning>
+	<title>Join the client to the domain immediately</title>
+
+	<para>
+	Manually creating a machine trust account using this method is the 
+	equivalent of creating a machine trust account on a Windows NT PDC using 
+	the "Server Manager".  From the time at which the account is created
+	to the time which the client joins the domain and changes the password,
+	your domain is vulnerable to an intruder joining your domain using a
+	a machine with the same NetBIOS name.  A PDC inherently trusts
+	members of the domain and will serve out a large degree of user 
+	information to such clients.  You have been warned!
+	</para>
+</warning>
+</sect2>
+
+
+<sect2>
+<title>"On-the-Fly" Creation of Machine Trust Accounts</title>
+
+<para>
+The second (and recommended) way of creating machine trust accounts is
+simply to allow the Samba server to create them as needed when the client
+is joined to the domain. </para>
+
+<para>Since each Samba machine trust account requires a corresponding
+Unix account, a method for automatically creating the
+Unix account is usually supplied; this requires configuration of the
+<ulink url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink> 
+option in <filename>smb.conf</filename>.  This
+method is not required, however; corresponding Unix accounts may also
+be created manually.
+</para>
+
+
+<para>Below is an example for a RedHat 6.2 Linux system.
+</para>
+
+<para><programlisting>
+[global]
+   # <...remainder of parameters...>
+   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u 
+</programlisting></para>
+
+</sect2>
+
+
+<sect2><title>Joining the Client to the Domain</title>
+
+<para>
+The procedure for joining a client to the domain varies with the
+version of Windows.
+</para>
+
+<itemizedlist>
+<listitem><para><emphasis>Windows 2000</emphasis></para>
+
+	<para> When the user elects to join the client to a domain, Windows prompts for
+	an account and password that is privileged to join the domain.  A
+	Samba administrative account (i.e., a Samba account that has root
+	privileges on the Samba server) must be entered here; the
+	operation will fail if an ordinary user account is given. 
+	The password for this account should be
+	set to a different password than the associated
+	<filename>/etc/passwd</filename> entry, for security
+	reasons. </para>
+
+	<para>The session key of the Samba administrative account acts as an
+	encryption key for setting the password of the machine trust
+	account. The machine trust account will be created on-the-fly, or
+	updated if it already exists.</para>
+</listitem>
+
+<listitem><para><emphasis>Windows NT</emphasis></para>
+
+    <para> If the machine trust account was created manually, on the
+	Identification Changes menu enter the domain name, but do not
+	check the box "Create a Computer Account in the Domain."  In this case,
+	the existing machine trust account is used to join the machine to
+	the domain.</para>
+
+    <para> If the machine trust account is to be created
+	on-the-fly, on the Identification Changes menu enter the domain
+	name, and check the box "Create a Computer Account in the Domain."  In
+	this case, joining the domain proceeds as above for Windows 2000
+	(i.e., you must supply a Samba administrative account when
+	prompted).</para>
+</listitem>
+</itemizedlist>
+
+</sect2>
+</sect1>
+<!-- **********************************************************
+
+     Common Problems
+
+*************************************************************** -->
+
+<sect1>
+<title>Common Problems and Errors</title>
+
+<para>
+</para>
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>I cannot include a '$' in a machine name.</emphasis>
+	</para>
+    
+	<para>
+	A 'machine name' in (typically) <filename>/etc/passwd</> 	
+	of the machine name with a '$' appended. FreeBSD (and other BSD 
+	systems?) won't create a user with a '$' in their name.
+	</para>
+
+	<para>
+	The problem is only in the program used to make the entry, once 
+	made, it works perfectly. So create a user without the '$' and 
+	use <command>vipw</> to edit the entry, adding the '$'. Or create 
+	the whole entry with vipw if you like, make sure you use a 
+	unique User ID !
+	</para>
+</listitem>
+  
+<listitem>
+	<para>
+	<emphasis>I get told "You already have a connection to the Domain...." 
+	or "Cannot join domain, the credentials supplied conflict with an 
+	existing set.." when creating a machine trust account.</emphasis>
+	</para>
+
+	<para>
+	This happens if you try to create a machine trust account from the 
+	machine itself and already have a connection (e.g. mapped drive) 
+	to a share (or IPC$) on the Samba PDC.  The following command
+	will remove all network drive connections:
+	</para>
+
+	<para>
+	<prompt>C:\WINNT\></prompt> <command>net use * /d</command>
+	</para>
+
+	<para>
+	Further, if the machine is a already a 'member of a workgroup' that 
+	is the same name as the domain you are joining (bad idea) you will 
+	get this message.  Change the workgroup name to something else, it 
+	does not matter what, reboot, and try again.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	<emphasis>The system can not log you on (C000019B)....</emphasis>
+	</para>
+
+	<para>I joined the domain successfully but after upgrading 
+	to a newer version of the Samba code I get the message, "The system 
+	can not log you on (C000019B), Please try a gain or consult your 
+	system administrator" when attempting to logon.
+	</para>
+
+	<para>
+	This occurs when the domain SID stored in 
+	<filename>private/WORKGROUP.SID</filename> is 
+	changed.  For example, you remove the file and <command>smbd</command> automatically 
+	creates a new one.  Or you are swapping back and forth between 
+	versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
+	only way to correct the problem is to restore the original domain 
+	SID or remove the domain client from the domain and rejoin.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	<emphasis>The machine trust account for this computer either does not 
+	exist or is not accessible.</emphasis>
+	</para>
+
+	<para>
+	When I try to join the domain I get the message "The machine account 
+	for this computer either does not exist or is not accessible". What's 
+	wrong?
+	</para>
+
+	<para>
+	This problem is caused by the PDC not having a suitable machine trust account. 
+	If you are using the <parameter>add user script</parameter> method to create 
+	accounts then this would indicate that it has not worked. Ensure the domain 
+	admin user system is working.
+	</para>
+
+	<para>
+	Alternatively if you are creating account entries manually then they 
+	have not been created correctly. Make sure that you have the entry 
+	correct for the machine trust account in smbpasswd file on the Samba PDC. 
+	If you added the account using an editor rather than using the smbpasswd 
+	utility, make sure that the account name is the machine NetBIOS name 
+	with a '$' appended to it ( i.e. computer_name$ ). There must be an entry 
+	in both /etc/passwd and the smbpasswd file. Some people have reported 
+	that inconsistent subnet masks between the Samba server and the NT 
+	client have caused this problem.   Make sure that these are consistent 
+	for both client and server.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	<emphasis>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
+	I get a message about my account being disabled.</emphasis>
+	</para>
+
+	<para>
+	This problem is caused by a PAM related bug in Samba 2.2.0.  This bug is 
+	fixed in 2.2.1.  Other symptoms could be unaccessible shares on 
+	NT/W2K member servers in the domain or the following error in your smbd.log:
+	passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%
+	</para>
+ 
+	<para>
+	At first be ensure to enable the useraccounts with <command>smbpasswd -e 
+	%user%</command>, this is normally done, when you create an account.
+	</para>
+
+	<para>
+	In order to work around this problem in 2.2.0, configure the 
+	<parameter>account</parameter> control flag in 
+	<filename>/etc/pam.d/samba</filename> file as follows:
+	</para> 
+
+	<para><programlisting>
+	account required        pam_permit.so
+	</programlisting></para>
+
+	<para>
+	If you want to remain backward compatibility to samba 2.0.x use
+	<filename>pam_permit.so</filename>, it's also possible to use 
+	<filename>pam_pwdb.so</filename>. There are some bugs if you try to 
+	use <filename>pam_unix.so</filename>, if you need this, be ensure to use
+	the most recent version of this file.
+	</para>
+</listitem>
+</itemizedlist>
+
+</sect1>
+
+
+
+<!-- **********************************************************
+
+     Policies and Profiles
+
+*************************************************************** -->
+
+<sect1>
+<title>
+System Policies and Profiles
+</title>
+
+<para>
+Much of the information necessary to implement System Policies and
+Roving User Profiles in a Samba domain is the same as that for 
+implementing these same items in a Windows NT 4.0 domain. 
+You should read the white paper <ulink url="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp">Implementing
+Profiles and Policies in Windows NT 4.0</ulink> available from Microsoft.
+</para>
+
+<para>
+Here are some additional details:
+</para>
+
+<itemizedlist>
+
+<listitem>
+	<para>
+	<emphasis>What about Windows NT Policy Editor?</emphasis>
+	</para>
+
+	<para>
+	To create or edit <filename>ntconfig.pol</filename> you must use 
+	the NT Server Policy Editor, <command>poledit.exe</command>	which 
+	is included with NT Server but <emphasis>not NT Workstation</emphasis>. 
+	There is a Policy Editor on a NTws 
+	but it is not suitable for creating <emphasis>Domain Policies</emphasis>. 
+	Further, although the Windows 95 
+	Policy Editor can be installed on an NT Workstation/Server, it will not
+	work with NT policies because the registry key that are set by the policy templates. 
+	However, the files from the NT Server will run happily enough on an NTws. 	
+	You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient
+	to put the two *.adm files in <filename>c:\winnt\inf</> which is where
+	the binary will look for them unless told otherwise. Note also that that 
+	directory is 'hidden'.
+	</para>
+
+	<para>
+	The Windows NT policy editor is also included with the Service Pack 3 (and 
+	later) for Windows NT 4.0. Extract the files using <command>servicepackname /x</command>, 
+	i.e. that's <command>Nt4sp6ai.exe /x</command> for service pack 6a.  The policy editor, 
+	<command>poledit.exe</command> and the associated template files (*.adm) should
+	be extracted as well.  It is also possible to downloaded the policy template 
+	files for Office97 and get a copy of the policy editor.  Another possible 
+	location is with the Zero Administration Kit available for download from Microsoft.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	<emphasis>Can Win95 do Policies?</emphasis>
+	</para>
+
+	<para>
+	Install the group policy handler for Win9x to pick up group 
+	policies.   Look on the Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. 
+	Install group policies on a Win9x client by double-clicking 
+	<filename>grouppol.inf</filename>. Log off and on again a couple of 
+	times and see if Win98 picks up group policies.  Unfortunately this needs 
+	to be done on every Win9x machine that uses group policies....
+	</para> 
+
+	<para>
+	If group policies don't work one reports suggests getting the updated 
+	(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
+	from /etc/group.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	<emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis>
+	</para>
+
+	<para>
+	Since I don't need to buy an NT Server CD now, how do I get 
+	the 'User Manager for Domains', the 'Server Manager'?
+	</para>
+
+	<para>
+	Microsoft distributes a version of these tools called nexus for 
+	installation on Windows 95 systems.  The tools set includes
+	</para>
+	
+	<itemizedlist>
+		<listitem><para>Server Manager</para></listitem> 
+		
+		<listitem><para>User Manager for Domains</para></listitem> 
+
+		<listitem><para>Event Viewer</para></listitem> 
+	</itemizedlist>
+
+	<para>
+	Click here to download the archived file <ulink 
+	url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink>
+	</para>
+
+	<para>
+	The Windows NT 4.0 version of the 'User Manager for 
+	Domains' and 'Server Manager' are available from Microsoft via ftp 
+	from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink>
+	</para>
+</listitem>
+</itemizedlist>
+
+</sect1>
+
+
+
+<!-- **********************************************************
+
+     Getting Help
+
+*************************************************************** -->
+
+
+<sect1>
+<title>What other help can I get? </title>
+
+<para>
+There are many sources of information available in the form 
+of mailing lists, RFC's and documentation.  The docs that come 
+with the samba distribution contain very good explanations of 
+general SMB topics such as browsing.</para> 
+
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>What are some diagnostics tools I can use to debug the domain logon 
+	process and where can I	find them?</emphasis>
+	</para>
+
+   <para>
+	One of the best diagnostic tools for debugging problems is Samba itself.  
+	You can use the -d option for both smbd and nmbd to specify what 
+	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
+	smb.conf for more information on debugging options.  The debug 
+	level can range from 1 (the default) to 10 (100 for debugging passwords).
+	</para>
+	
+	<para>
+	Another helpful method of debugging is to compile samba using the 
+	<command>gcc -g </command> flag.   This will include debug 
+	information in the binaries and allow you to attach gdb to the 
+	running smbd / nmbd process.  In order to attach gdb to an smbd 
+	process for an NT workstation, first get the workstation to make the 
+	connection. Pressing ctrl-alt-delete and going down to the domain box 
+	is sufficient (at least, on the first time you join the domain) to 
+	generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation 
+	maintains an open connection, and therefore there will be an smbd 
+	process running (assuming that you haven't set a really short smbd 
+	idle timeout)  So, in between pressing ctrl alt delete, and actually 
+	typing in your password, you can gdb attach and continue.
+	</para>
+
+	<para>
+	Some useful samba commands worth investigating:
+	</para>
+	
+	<itemizedlist>
+		<listitem><para>testparam | more</para></listitem>
+		<listitem><para>smbclient -L //{netbios name of server}</para></listitem>
+	</itemizedlist>
+    
+	<para>
+	An SMB enabled version of tcpdump is available from 
+	<ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>.
+	Ethereal, another good packet sniffer for Unix and Win32
+	hosts, can be downloaded from <ulink 
+	url="http://www.ethereal.com/">http://www.ethereal.com</ulink>.
+	</para>
+	
+	<para>
+	For tracing things on the Microsoft Windows NT, Network Monitor 
+	(aka. netmon) is available on the Microsoft Developer Network CD's, 
+	the Windows NT Server install CD and the SMS CD's.  The version of 
+	netmon that ships with SMS allows for dumping packets between any two 
+	computers (i.e. placing the network interface in promiscuous mode).  
+	The version on the NT Server install CD will only allow monitoring 
+	of network traffic directed to the local NT box and broadcasts on the 
+	local subnet.  Be aware that Ethereal can read and write netmon 
+	formatted files.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	<emphasis>How do I install 'Network Monitor' on an NT Workstation 
+	or a Windows 9x box?</emphasis>
+	</para>
+
+	<para>
+	Installing netmon on an NT workstation requires a couple 
+	of steps.  The following are for installing Netmon V4.00.349, which comes 
+	with Microsoft Windows NT Server 4.0, on Microsoft Windows NT 
+	Workstation 4.0.  The process should be similar for other version of 
+	Windows NT / Netmon.  You will need both the Microsoft Windows 
+	NT Server 4.0 Install CD and the Workstation 4.0 Install CD.
+	</para> 
+
+	<para>
+	Initially you will need to install 'Network Monitor Tools and Agent' 
+	on the NT Server.  To do this 
+	</para>
+
+	<itemizedlist>
+		<listitem><para>Goto Start - Settings - Control Panel - 
+		Network - Services - Add </para></listitem>
+		
+		<listitem><para>Select the 'Network Monitor Tools and Agent' and 
+		click on 'OK'.</para></listitem> 
+		
+		<listitem><para>Click 'OK' on the Network Control Panel.
+		</para></listitem> 
+		
+		<listitem><para>Insert the Windows NT Server 4.0 install CD 
+		when prompted.</para></listitem> 
+	</itemizedlist>
+
+	<para>
+	At this point the Netmon files should exist in 
+	<filename>%SYSTEMROOT%\System32\netmon\*.*</filename>.    
+	Two subdirectories exist as well, <filename>parsers\</filename> 
+	which contains the necessary DLL's for parsing the netmon packet 
+	dump, and <filename>captures\</filename>.
+	</para>
+
+	<para>
+	In order to install the Netmon tools on an NT Workstation, you will 
+	first need to install the 'Network  Monitor Agent' from the Workstation 
+	install CD.
+	</para>
+
+	<itemizedlist>
+		<listitem><para>Goto Start - Settings - Control Panel - 
+		Network - Services - Add</para></listitem> 
+
+		<listitem><para>Select the 'Network Monitor Agent' and click 
+		on 'OK'.</para></listitem> 
+		
+		<listitem><para>Click 'OK' on the Network Control Panel.
+		</para></listitem> 
+		
+		<listitem><para>Insert the Windows NT Workstation 4.0 install 
+		CD when prompted.</para></listitem> 
+	</itemizedlist>
+
+
+	<para>
+	Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* 
+	to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set 
+	permissions as  you deem appropriate for your site. You will need 
+	administrative rights on the NT box to run netmon.
+	</para>
+
+	<para>
+	To install Netmon on a Windows 9x box install the network monitor agent 
+	from the Windows 9x CD (\admin\nettools\netmon).  There is a readme 
+	file located with the netmon driver files on the CD if you need 
+	information on how to do this.  Copy the files from a working 
+	Netmon installation.
+	</para> 
+</listitem>
+
+
+
+
+<listitem>
+	<para>
+	The following is a list if helpful URLs and other links:
+	</para>
+
+	<itemizedlist>
+
+ 	<listitem><para>Home of Samba site <ulink url="http://samba.org">
+        http://samba.org</ulink>. We have a mirror near you !</para></listitem>
+
+	<listitem><para> The <emphasis>Development</emphasis> document 
+	on the Samba mirrors might mention your problem. If so,
+	it might mean that the developers are working on it.</para></listitem>
+ 
+	<listitem><para>See how Scott Merrill simulates a BDC behavior at 
+        <ulink url="http://www.skippy.net/linux/smb-howto.html">
+        http://www.skippy.net/linux/smb-howto.html</>. </para></listitem>
+
+	<listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will
+        keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba">
+        http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem>
+
+	<listitem><para>Misc links to CIFS information 
+        <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem>
+
+	<listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/">
+        http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem>
+
+	<listitem><para>FTP site for older SMB specs: 
+        <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/">
+        ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem>
+
+	</itemizedlist>
+</listitem>
+</itemizedlist>
+
+
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>How do I get help from the mailing lists?</emphasis>
+	</para>
+
+	<para>
+	There are a number of Samba related mailing lists. Go to <ulink 
+	url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror
+	and then click on <command>Support</> and then click on <command>
+	Samba related mailing lists</>.
+	</para>
+
+	<para>
+	For questions relating to Samba TNG go to
+	<ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> 
+	It has been requested that you don't post questions about Samba-TNG to the
+	main stream Samba lists.</para>
+	 
+	<para>
+	If you post a message to one of the lists please observe the following guide lines :
+	</para>
+
+	<itemizedlist>
+
+	<listitem><para> Always remember that the developers are volunteers, they are 
+		not paid and they never guarantee to produce a particular feature at 
+		a particular time. Any time lines are 'best guess' and nothing more.
+		</para></listitem>
+
+	<listitem><para> Always mention what version of samba you are using and what 
+		operating system its running under. You should probably list the
+        relevant sections of your smb.conf file, at least the options 
+        in [global] that affect PDC support.</para></listitem>
+
+    <listitem><para>In addition to the version, if you obtained Samba via
+        CVS mention the date when you last checked it out.</para></listitem>
+
+	<listitem><para> Try and make your question clear and brief, lots of long, 
+		convoluted questions get deleted before	they are completely read ! 
+		Don't post html encoded messages (if you can select colour or font 
+		size its html).</para></listitem>
+
+	<listitem><para> If you run one of those nifty 'I'm on holidays' things when 
+		you are away, make sure its configured	to not answer mailing lists.
+		</para></listitem> 
+
+	<listitem><para> Don't cross post. Work out which is the best list to post to 
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
+        Many people active on the lists subscribe to more 
+		than one list and get annoyed to see the same message two or more times. 
+		Often someone will see a message and thinking it would be better dealt 
+		with on another, will forward it on for you.</para></listitem>
+
+    <listitem><para>You might include <emphasis>partial</emphasis>
+        log files written at a debug level set to as much as 20.  
+        Please don't send the entire log but enough to give the context of the 
+        error messages.</para></listitem>
+
+    <listitem><para>(Possibly) If you have a complete netmon trace ( from the opening of 
+        the pipe to the error ) you can send the *.CAP file as well.</para></listitem> 
+
+    <listitem><para>Please think carefully before attaching a document to an email.
+        Consider pasting the relevant parts into the body of the message. The samba
+        mailing lists go to a huge number of people, do they all need a copy of your 
+        smb.conf in their attach directory?</para></listitem>
+
+	</itemizedlist>
+</listitem>
+
+
+<listitem>
+	<para>
+	<emphasis>How do I get off the mailing lists?</emphasis>
+	</para>
+
+	<para>To have your name removed from a samba mailing list, go to the
+	same place you went to to get on it. Go to <ulink 
+	url="http://lists.samba.org/">http://lists.samba.org</ulink>, 
+	click on your nearest mirror and then click on <command>Support</> and 
+	then click on <command> Samba related mailing lists</>. Or perhaps see 
+	<ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink>
+	</para>
+
+	<para>
+	Please don't post messages to the list asking to be removed, you will just
+	be referred to the above address (unless that process failed in some way...)
+	</para>
+</listitem>
+</itemizedlist>
+
+</sect1>
+
+
+<!-- **********************************************************
+
+     Windows 9x domain control
+
+*************************************************************** -->
+<sect1>
+<title>Domain Control for Windows 9x/ME</title>
+
+<note>
+<para>
+The following section contains much of the original 
+DOMAIN.txt file previously included with Samba.  Much of 
+the material is based on what went into the book <emphasis>Special 
+Edition, Using Samba</emphasis>, by Richard Sharpe.
+</para>
+</note>
+
+<para>
+A domain and a workgroup are exactly the same thing in terms of network
+browsing.  The difference is that a distributable authentication
+database is associated with a domain, for secure login access to a
+network.  Also, different access rights can be granted to users if they
+successfully authenticate against a domain logon server (NT server and 
+other systems based on NT server support this, as does at least Samba TNG now).
+</para>
+
+<para>
+The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+Network browsing functionality of domains and workgroups is
+identical and is explained in BROWSING.txt. It should be noted, that browsing
+is totally orthogonal to logon support.
+</para>
+
+<para>
+Issues related to the single-logon network model are discussed in this
+section.  Samba supports domain logons, network logon scripts, and user
+profiles for MS Windows for workgroups and MS Windows 9X/ME clients
+which will be the focus of this section.
+</para>
+
+
+<para>
+When an SMB client in a domain wishes to logon it broadcast requests for a
+logon server.  The first one to reply gets the job, and validates its
+password using whatever mechanism the Samba administrator has installed.
+It is possible (but very stupid) to create a domain where the user
+database is not shared between servers, i.e. they are effectively workgroup
+servers advertising themselves as participating in a domain.  This
+demonstrates how authentication is quite different from but closely
+involved with domains.
+</para>
+
+
+<para>
+Using these features you can make your clients verify their logon via
+the Samba server; make clients run a batch file when they logon to
+the network and download their preferences, desktop and start menu.
+</para>
+
+<para>
+Before launching into the configuration instructions, it is 
+worthwhile lookingat how a Windows 9x/ME client performs a logon:
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	The client broadcasts (to the IP broadcast address of the subnet it is in)
+	a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the
+	NetBIOS layer.  The client chooses the first response it receives, which
+	contains the NetBIOS name of the logon server to use in the format of 
+	\\SERVER.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then connects to that server, logs on (does an SMBsessetupX) and
+	then connects to the IPC$ share (using an SMBtconX).
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then does a NetWkstaUserLogon request, which retrieves the name
+	of the user's logon script. 
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then connects to the NetLogon share and searches for this 	
+	and if it is found and can be read, is retrieved and executed by the client.
+	After this, the client disconnects from the NetLogon share.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then sends a NetUserGetInfo request to the server, to retrieve
+	the user's home share, which is used to search for profiles. Since the
+	response to the NetUserGetInfo request does not contain much more 	
+	the user's home share, profiles for Win9X clients MUST reside in the user
+	home directory.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then connects to the user's home share and searches for the 
+	user's profile. As it turns out, you can specify the user's home share as
+	a sharename and path. For example, \\server\fred\.profile.
+	If the profiles are found, they are implemented.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then disconnects from the user's home share, and reconnects to
+	the NetLogon share and looks for CONFIG.POL, the policies file. If this is
+	found, it is read and implemented.
+	</para>
+</listitem>
+</orderedlist>
+
+
+<sect2>
+<title>Configuration Instructions:	Network Logons</title>
+
+<para>
+The main difference between a PDC and a Windows 9x logon 
+server configuration is that
+</para>
+
+<itemizedlist>
+
+<listitem><para>
+Password encryption is not required for a Windows 9x logon server.
+</para></listitem>
+
+<listitem><para>
+Windows 9x/ME clients do not possess machine trust accounts.
+</para></listitem>
+
+</itemizedlist>
+
+<para>
+Therefore, a Samba PDC will also act as a Windows 9x logon 
+server.
+</para>
+
+
+<warning>
+<title>security mode and master browsers</title>
+
+<para>
+There are a few comments to make in order to tie up some 
+loose ends.  There has been much debate over the issue of whether
+or not it is ok to configure Samba as a Domain Controller in security
+modes other than <constant>USER</constant>.  The only security mode 
+which  will not work due to technical reasons is <constant>SHARE</constant>
+mode security.  <constant>DOMAIN</constant> and <constant>SERVER</constant>
+mode security is really just a variation on SMB user level security.
+</para>
+
+<para>
+Actually, this issue is also closely tied to the debate on whether 
+or not Samba must be the domain master browser for its workgroup
+when operating as a DC.  While it may technically be possible
+to configure a server as such (after all, browsing and domain logons
+are two distinctly different functions), it is not a good idea to
+so.  You should remember that the DC must register the DOMAIN#1b NetBIOS 
+name.  This is the name used by Windows clients to locate the DC.
+Windows clients do not distinguish between the DC and the DMB.
+For this reason, it is very wise to configure the Samba DC as the DMB.
+</para>
+
+<para>
+Now back to the issue of configuring a Samba DC to use a mode other
+than "security = user".  If a Samba host is configured to use 
+another SMB server or DC in order to validate user connection 
+requests, then it is a fact that some other machine on the network 
+(the "password server") knows more about user than the Samba host.
+99% of the time, this other host is a domain controller.  Now 
+in order to operate in domain mode security, the "workgroup" parameter
+must be set to the name of the Windows NT domain (which already 
+has a domain controller, right?)
+</para>
+
+<para>
+Therefore configuring a Samba box as a DC for a domain that 
+already by definition has a PDC is asking for trouble.
+Therefore, you should always configure the Samba DC to be the DMB
+for its domain.
+</para>
+</warning>
+
+</sect2>
+
+
+<sect2>
+<title>Configuration Instructions:	Setting up Roaming User Profiles</title>
+
+<warning>
+<para>
+<emphasis>NOTE!</emphasis> Roaming profiles support is different 
+for Win9X and WinNT.
+</para>
+</warning>
+
+<para>
+Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.
+</para>
+
+<para>
+Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate 
+profiles location field, only the user's home share. This means that Win9X 
+profiles are restricted to being in the user's home directory.
+</para>
+
+
+<para>
+WinNT clients send a NetSAMLogon RPC request, which contains many fields, 
+including a separate field for the location of the user's profiles. 
+This means that support for profiles is different for Win9X and WinNT.
+</para>
+
+
+
+<sect3>
+<title>Windows NT Configuration</title>
+
+<para>
+To support WinNT clients, in the [global] section of smb.conf set the
+following (for example):
+</para>
+
+<para><programlisting>
+logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath
+</programlisting></para>
+
+<para>
+The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile.  The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable. 
+</para>
+
+<note>
+<para>
+[lkcl 26aug96 - we have discovered a problem where Windows clients can
+maintain a connection to the [homes] share in between logins.  The
+[homes] share must NOT therefore be used in a profile path.]
+</para>
+</note>
+
+</sect3>
+
+
+<sect3>
+<title>Windows 9X Configuration</title>
+
+<para>
+To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use/home" now works as well, and it, too, relies
+on the "logon home" parameter.
+</para>
+
+<para>
+By using the logon home parameter, you are restricted to putting Win9X 
+profiles in the user's home directory.   But wait! There is a trick you 
+can use. If you set the following in the [global] section of your 
+smb.conf file:
+</para>
+
+<para><programlisting>
+logon home = \\%L\%U\.profiles
+</programlisting></para>
+
+<para>
+then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).
+</para>
+
+<para>
+Not only that, but 'net use/home' will also work, because of a feature in 
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".
+</para>
+
+
+</sect3>
+
+
+<sect3>
+<title>Win9X and WinNT Configuration</title>
+
+<para>
+You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:
+</para>
+
+<para><programlisting>
+logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U
+</programlisting></para>
+
+<note>
+<para>
+I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.
+</para>
+</note>
+</sect3>
+
+
+
+<sect3>
+<title>Windows 9X Profile Setup</title>
+
+<para>
+When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each.  You will need to use the [global]
+options "preserve case = yes", "short preserve case = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.
+</para>
+
+
+<para>
+The user.DAT file contains all the user's preferences.  If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	On the Windows 95 machine, go to Control Panel | Passwords and
+	select the User Profiles tab.  Select the required level of
+	roaming preferences.  Press OK, but do _not_ allow the computer
+	to reboot.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	On the Windows 95 machine, go to Control Panel | Network |
+	Client for Microsoft Networks | Preferences.  Select 'Log on to
+	NT Domain'.  Then, ensure that the Primary Logon is 'Client for
+	Microsoft Networks'.  Press OK, and this time allow the computer
+	to reboot.
+	</para>
+</listitem>
+
+</orderedlist>
+
+<para>
+Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server.  If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.
+</para>
+
+<para>
+You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password].  Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.
+</para>
+
+<para>
+Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences?  Select 'yes'.
+</para>
+
+<para>
+Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.
+</para>
+
+<para>
+These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.
+</para>
+
+<para>
+If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile.  Basically, if
+you have any errors reported by the w95 machine, check the Unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.
+</para>
+
+<para>
+If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below.  When this user then next logs in,
+they will be told that they are logging in "for the first time".
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	instead of logging in under the [user, password, domain] dialog,
+	press escape.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	run the regedit.exe program, and look in:
+	</para>
+	
+	<para>
+	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+	</para>
+
+	<para>
+	you will find an entry, for each user, of ProfilePath.  Note the
+	contents of this key (likely to be c:\windows\profiles\username),
+	then delete the key ProfilePath for the required user.
+	</para>
+
+	<para>
+	[Exit the registry editor].
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	<emphasis>WARNING</emphasis> - before deleting the contents of the 
+	directory listed in
+   the ProfilePath (this is likely to be c:\windows\profiles\username),
+   ask them if they have any important files stored on their desktop
+   or in their start menu.  delete the contents of the directory
+   ProfilePath (making a backup if any of the files are needed).
+	</para>
+
+	<para>
+   This will have the effect of removing the local (read-only hidden
+   system file) user.DAT in their profile directory, as well as the
+   local "desktop", "nethood", "start menu" and "programs" folders.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	search for the user's .PWL password-caching file in the c:\windows
+	directory, and delete it.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	log off the windows 95 client.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	check the contents of the profile path (see "logon path" described
+	above), and delete the user.DAT or user.MAN file for the user,
+	making a backup if required.  
+	</para>
+</listitem>
+
+</orderedlist>
+
+<para>
+If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.
+</para>
+
+<para>
+If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server.  Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.
+</para>
+
+</sect3>
+
+
+<sect3>
+<title>Windows NT Workstation 4.0</title>
+
+<para>
+When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created.  The profile location can be now specified
+through the "logon path" parameter.  
+</para>
+
+<note>
+<para>
+[lkcl 10aug97 - i tried setting the path to
+\\samba-server\homes\profile, and discovered that this fails because
+a background process maintains the connection to the [homes] share
+which does _not_ close down in between user logins.  you have to
+have \\samba-server\%L\profile, where user is the username created
+from the [homes] share].
+</para>
+</note>
+
+<para>
+There is a parameter that is now available for use with NT Profiles:
+"logon drive".  This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.
+</para>
+
+<para>
+The entry for the NT 4.0 profile is a _directory_ not a file.  The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension.  The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension)
+[lkcl 10aug97 - i found that the creation of the .PDS directory failed,
+and had to create these manually for each user, with a shell script.
+also, i presume, but have not tested, that the full profile path must
+be browseable just as it is for w95, due to the manner in which they
+attempt to create the full profile path: test existence of each path
+component; create path component].
+</para>
+
+<para>
+In the profile directory, NT creates more folders than 95.  It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs".  The profile itself is stored in a file
+NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.
+</para>
+
+<para>
+You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you).  The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.
+</para>
+
+<note>
+<para>
+[lkcl 10aug97 - i notice that NT Workstation tells me that it is
+downloading a profile from a slow link.  whether this is actually the
+case, or whether there is some configuration issue, as yet unknown,
+that makes NT Workstation _think_ that the link is a slow one is a
+matter to be resolved].
+</para>
+
+<para>
+[lkcl 20aug97 - after samba digest correspondence, one user found, and
+another confirmed, that profiles cannot be loaded from a samba server
+unless "security = user" and "encrypt passwords = yes" (see the file
+ENCRYPTION.txt) or "security = server" and "password server = ip.address.
+of.yourNTserver" are used.  Either of these options will allow the NT
+workstation to access the samba server using LAN manager encrypted
+passwords, without the user intervention normally required by NT
+workstation for clear-text passwords].
+</para>
+
+<para>
+[lkcl 25aug97 - more comments received about NT profiles: the case of
+the profile _matters_.  the file _must_ be called NTuser.DAT or, for
+a mandatory profile, NTuser.MAN].
+</para>
+</note>
+
+</sect3>
+
+
+<sect3>
+<title>Windows NT Server</title>
+
+<para>
+There is nothing to stop you specifying any path that you like for the
+location of users' profiles.  Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.
+</para>
+
+</sect3>
+
+
+<sect3>
+<title>Sharing Profiles between W95 and NT Workstation 4.0</title>
+
+<warning>
+<title>Potentially outdated or incorrect material follows</title>
+<para>
+I think this is all bogus, but have not deleted it. (Richard Sharpe)
+</para>
+</warning>
+
+<para>
+The default logon path is \\%N\U%.  NT Workstation will attempt to create
+a directory "\\samba-server\username.PDS" if you specify the logon path
+as "\\samba-server\username" with the NT User Manager.  Therefore, you
+will need to specify (for example) "\\samba-server\username\profile".
+NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which
+is more likely to succeed.
+</para>
+
+<para>
+If you then want to share the same Start Menu / Desktop with W95, you will
+need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97
+this has its drawbacks: i created a shortcut to telnet.exe, which attempts
+to run from the c:\winnt\system32 directory.  this directory is obviously
+unlikely to exist on a Win95-only host].
+</para>
+
+<para>
+
+If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.
+</para>
+
+<note>
+<para>
+[lkcl 25aug97 - there are some issues to resolve with downloading of
+NT profiles, probably to do with time/date stamps.  i have found that
+NTuser.DAT is never updated on the workstation after the first time that
+it is copied to the local workstation profile directory.  this is in
+contrast to w95, where it _does_ transfer / update profiles correctly].
+</para>
+</note>
+
+</sect3>
+
+</sect2>
+</sect1>
+
+
+<!-- **********************************************************
+
+     Appendix - DOMAIN_CONTROL.txt
+
+*************************************************************** -->
+
+<sect1>
+<title>
+DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
+</title>
+
+<warning>
+	<title>Possibly Outdated Material</title>
+
+	<para>
+	This appendix was originally authored by John H Terpstra of 
+	the Samba Team and is included here for posterity.
+	</para>
+</warning>
+
+
+<para>
+<emphasis>NOTE :</emphasis> 
+The term "Domain Controller" and those related to it refer to one specific
+method of authentication that can underly an SMB domain. Domain Controllers
+prior to Windows NT Server 3.1 were sold by various companies and based on 
+private extensions to the LAN Manager 2.1 protocol. Windows NT introduced
+Microsoft-specific ways of distributing the user authentication database.
+See DOMAIN.txt for examples of how Samba can participate in or create
+SMB domains based on shared authentication database schemes other than the 
+Windows NT SAM.
+</para>
+
+<para>
+Windows NT Server can be installed as either a plain file and print server
+(WORKGROUP workstation or server) or as a server that participates in Domain
+Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
+The same is true for OS/2 Warp Server, Digital Pathworks and other similar
+products, all of which can participate in Domain Control along with Windows NT.
+</para>
+
+<para>
+To many people these terms can be confusing, so let's try to clear the air.
+</para>
+
+<para>
+Every Windows NT system (workstation or server) has a registry database.
+The registry contains entries that describe the initialization information
+for all services (the equivalent of Unix Daemons) that run within the Windows
+NT environment. The registry also contains entries that tell application
+software where to find dynamically loadable libraries that they depend upon.
+In fact, the registry contains entries that describes everything that anything
+may need to know to interact with the rest of the system.
+</para>
+
+<para>
+The registry files can be located on any Windows NT machine by opening a
+command prompt and typing:
+</para>
+
+<para>
+<prompt>C:\WINNT\></prompt> dir %SystemRoot%\System32\config
+</para>
+
+<para>
+The environment variable %SystemRoot% value can be obtained by typing:
+</para>
+
+<para>
+<prompt>C:\WINNT></prompt>echo %SystemRoot%
+</para>
+
+<para>
+The active parts of the registry that you may want to be familiar with are
+the files called: default, system, software, sam and security.
+</para>
+
+<para>
+In a domain environment, Microsoft Windows NT domain controllers participate
+in replication of the SAM and SECURITY files so that all controllers within
+the domain have an exactly identical copy of each.
+</para>
+
+<para>
+The Microsoft Windows NT system is structured within a security model that
+says that all applications and services must authenticate themselves before
+they can obtain permission from the security manager to do what they set out
+to do.
+</para>
+
+<para>
+The Windows NT User database also resides within the registry. This part of
+the registry contains the user's security identifier, home directory, group
+memberships, desktop profile, and so on.
+</para>
+
+<para>
+Every Windows NT system (workstation as well as server) will have its own
+registry. Windows NT Servers that participate in Domain Security control
+have a database that they share in common - thus they do NOT own an
+independent full registry database of their own, as do Workstations and
+plain Servers.
+</para>
+
+<para>
+The User database is called the SAM (Security Access Manager) database and
+is used for all user authentication as well as for authentication of inter-
+process authentication (i.e. to ensure that the service action a user has
+requested is permitted within the limits of that user's privileges).
+</para>
+
+<para>
+The Samba team have produced a utility that can dump the Windows NT SAM into 
+smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and
+/pub/samba/pwdump on your nearest Samba mirror for the utility. This 
+facility is useful but cannot be easily used to implement SAM replication
+to Samba systems.
+</para>
+
+<para>
+Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
+can participate in a Domain security system that is controlled by Windows NT
+servers that have been correctly configured. Almost every domain will have
+ONE Primary Domain Controller (PDC). It is desirable that each domain will
+have at least one Backup Domain Controller (BDC).
+</para>
+
+<para>
+The PDC and BDCs then participate in replication of the SAM database so that
+each Domain Controlling participant will have an up to date SAM component
+within its registry.
+</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml
new file mode 100755
index 00000000000..39c0213d79e
--- /dev/null
+++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml
@@ -0,0 +1,445 @@
+<chapter id="install">
+
+<title>How to Install and Test SAMBA</title>
+
+<sect1>
+	<title>Step 0: Read the man pages</title>
+	
+	<para>The man pages distributed with SAMBA contain 
+	lots of useful info that will help to get you started. 
+	If you don't know how to read man pages then try 
+	something like:</para>
+
+	<para><prompt>$ </prompt><userinput>nroff -man smbd.8 | more
+	</userinput></para>
+	
+	<para>Other sources of information are pointed to 
+	by the Samba web site,<ulink url="http://www.samba.org/">
+	http://www.samba.org</ulink></para>
+</sect1>
+
+<sect1>
+	<title>Step 1: Building the Binaries</title>
+	
+	<para>To do this, first run the program <command>./configure
+	</command> in the source directory. This should automatically 
+	configure Samba for your operating system. If you have unusual 
+	needs then you may wish to run</para>
+	
+	<para><prompt>root# </prompt><userinput>./configure --help
+	</userinput></para>
+	
+	<para>first to see what special options you can enable.
+	Then executing</para>
+	
+	<para><prompt>root# </prompt><userinput>make</userinput></para>
+	
+	<para>will create the binaries. Once it's successfully 
+	compiled you can use </para>
+	
+	<para><prompt>root# </prompt><userinput>make install</userinput></para>
+	
+	<para>to install the binaries and manual pages. You can 
+	separately install the binaries and/or man pages using</para>
+	
+	<para><prompt>root# </prompt><userinput>make installbin
+	</userinput></para>
+	
+	<para>and</para>
+	
+	<para><prompt>root# </prompt><userinput>make installman
+	</userinput></para>
+
+	<para>Note that if you are upgrading for a previous version 
+	of Samba you might like to know that the old versions of 
+	the binaries will be renamed with a ".old" extension. You 
+	can go back to the previous version with</para>
+	
+	<para><prompt>root# </prompt><userinput>make revert
+	</userinput></para>
+	
+	<para>if you find this version a disaster!</para>
+</sect1>
+
+<sect1>
+	<title>Step 2: The all important step</title>
+	
+	<para>At this stage you must fetch yourself a 
+	coffee or other drink you find stimulating. Getting the rest 
+	of the install right can sometimes be tricky, so you will 
+	probably need it.</para>
+
+	<para>If you have installed samba before then you can skip 
+	this step.</para>
+</sect1>
+
+<sect1>
+	<title>Step 3: Create the smb configuration file. </title>
+
+	<para>There are sample configuration files in the examples 
+	subdirectory in the distribution. I suggest you read them 
+	carefully so you can see how the options go together in 
+	practice. See the man page for all the options.</para>
+
+	<para>The simplest useful configuration file would be 
+	something like this:</para>
+
+	<para><programlisting>
+	[global]
+	   workgroup = MYGROUP
+
+	   [homes]
+	      guest ok = no
+	      read only = no
+	</programlisting</para>
+	
+	<para>which would allow connections by anyone with an 
+	account on the server, using either their login name or 
+	"homes" as the service name. (Note that I also set the 
+	workgroup that Samba is part of. See BROWSING.txt for details)</para>
+	
+	<para>Note that <command>make install</command> will not install 
+	a <filename>smb.conf</filename> file. You need to create it 
+	yourself. </para>
+	
+	<para>Make sure you put the smb.conf file in the same place 
+	you specified in the<filename>Makefile</filename> (the default is to 
+	look for it in <filename>/usr/local/samba/lib/</filename>).</para>
+
+	<para>For more information about security settings for the 
+	[homes] share please refer to the document UNIX_SECURITY.txt.</para>
+</sect1>
+
+<sect1>
+	<title>Step 4: Test your config file with 
+	<command>testparm</command></title>
+
+	<para>It's important that you test the validity of your
+	<filename>smb.conf</filename> file using the testparm program. 
+	If testparm runs OK then it will list the loaded services. If 
+	not it will give an error message.</para>
+
+	<para>Make sure it runs OK and that the services look 
+	reasonable before proceeding. </para>
+
+</sect1>
+
+<sect1>
+	<title>Step 5: Starting the smbd and nmbd</title>
+
+	<para>You must choose to start smbd and nmbd either
+	as daemons or from <command>inetd</command>. Don't try
+	to do both!  Either you can put them in <filename>
+	inetd.conf</filename> and have them started on demand
+	by <command>inetd</command>, or you can start them as
+	daemons either from the command line or in <filename>
+	/etc/rc.local</filename>. See the man pages for details
+	on the command line options. Take particular care to read
+	the bit about what user you need to be in order to start
+	Samba.  In many cases you must be root.</para>
+
+	<para>The main advantage of starting <command>smbd</command>
+	and <command>nmbd</command> using the recommended daemon method
+	is that they will respond slightly more quickly to an initial connection
+	request.</para>
+
+	<sect2>
+		<title>Step 5a: Starting from inetd.conf</title>
+
+		<para>NOTE; The following will be different if 
+		you use NIS or NIS+ to distributed services maps.</para>
+		
+		<para>Look at your <filename>/etc/services</filename>. 
+		What is defined at port 139/tcp. If nothing is defined 
+		then add a line like this:</para>
+
+		<para><userinput>netbios-ssn     139/tcp</userinput></para>
+
+		<para>similarly for 137/udp you should have an entry like:</para>
+
+		<para><userinput>netbios-ns	137/udp</userinput></para>
+
+		<para>Next edit your <filename>/etc/inetd.conf</filename> 
+		and add two lines something like this:</para>
+
+		<para><programlisting>
+		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
+		</programlisting></para>
+
+		<para>The exact syntax of <filename>/etc/inetd.conf</filename> 
+		varies between unixes. Look at the other entries in inetd.conf 
+		for a guide.</para>
+
+		<para>NOTE: Some unixes already have entries like netbios_ns 
+		(note the underscore) in <filename>/etc/services</filename>. 
+		You must either edit <filename>/etc/services</filename> or
+		<filename>/etc/inetd.conf</filename> to make them consistent.</para>
+
+		<para>NOTE: On many systems you may need to use the 
+		"interfaces" option in smb.conf to specify the IP address 
+		and netmask of your interfaces. Run <command>ifconfig</command> 
+		as root if you don't know what the broadcast is for your
+		net. <command>nmbd</command> tries to determine it at run 
+		time, but fails on some unixes. See the section on "testing nmbd" 
+		for a method of finding if you need to do this.</para>
+
+		<para>!!!WARNING!!! Many unixes only accept around 5 
+		parameters on the command line in <filename>inetd.conf</filename>. 
+		This means you shouldn't use spaces between the options and 
+		arguments, or you should use a script, and start the script 
+		from <command>inetd</command>.</para>
+
+		<para>Restart <command>inetd</command>, perhaps just send 
+		it a HUP. If you have installed an earlier version of <command>
+		nmbd</command> then you may need to kill nmbd as well.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Step 5b. Alternative: starting it as a daemon</title>
+
+		<para>To start the server as a daemon you should create 
+		a script something like this one, perhaps calling 
+		it <filename>startsmb</filename>.</para>
+
+		<para><programlisting>
+		#!/bin/sh
+		/usr/local/samba/bin/smbd -D 
+		/usr/local/samba/bin/nmbd -D 
+		</programlisting></para>
+
+		<para>then make it executable with <command>chmod 
+		+x startsmb</command></para>
+
+		<para>You can then run <command>startsmb</command> by 
+		hand or execute it from <filename>/etc/rc.local</filename>
+		</para>
+
+		<para>To kill it send a kill signal to the processes 
+		<command>nmbd</command> and <command>smbd</command>.</para>
+
+		<para>NOTE: If you use the SVR4 style init system then 
+		you may like to look at the <filename>examples/svr4-startup</filename>
+		script to make Samba fit into that system.</para>
+	</sect2>
+</sect1>
+
+<sect1>
+	<title>Step 6: Try listing the shares available on your 
+	server</title>
+
+	<para><prompt>$ </prompt><userinput>smbclient -L 
+	<replaceable>yourhostname</replaceable></userinput></para>
+
+	<para>You should get back a list of shares available on 
+	your server. If you don't then something is incorrectly setup. 
+	Note that this method can also be used to see what shares 
+	are available on other LanManager clients (such as WfWg).</para>
+
+	<para>If you choose user level security then you may find 
+	that Samba requests a password before it will list the shares. 
+	See the <command>smbclient</command> man page for details. (you 
+	can force it to list the shares without a password by
+	adding the option -U% to the command line. This will not work 
+	with non-Samba servers)</para>
+</sect1>
+
+<sect1>
+	<title>Step 7: Try connecting with the unix client</title>
+	
+	<para><prompt>$ </prompt><userinput>smbclient <replaceable>
+	//yourhostname/aservice</replaceable></userinput></para>
+	
+	<para>Typically the <replaceable>yourhostname</replaceable> 
+	would be the name of the host where you installed <command>
+	smbd</command>. The <replaceable>aservice</replaceable> is 
+	any service you have defined in the <filename>smb.conf</filename> 
+	file. Try your user name if you just have a [homes] section
+	in <filename>smb.conf</filename>.</para>
+
+	<para>For example if your unix host is bambi and your login 
+	name is fred you would type:</para>
+
+	<para><prompt>$ </prompt><userinput>smbclient //bambi/fred
+	</userinput></para>
+</sect1>
+
+<sect1>
+	<title>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
+	Win2k, OS/2, etc... client</title>
+	
+	<para>Try mounting disks. eg:</para>
+
+	<para><prompt>C:\WINDOWS\> </prompt><userinput>net use d: \\servername\service
+	</userinput></para>
+
+	<para>Try printing. eg:</para>
+
+	<para><prompt>C:\WINDOWS\> </prompt><userinput>net use lpt1:
+	\\servername\spoolservice</userinput></para>
+
+	<para><prompt>C:\WINDOWS\> </prompt><userinput>print filename
+	</userinput></para>
+
+	<para>Celebrate, or send me a bug report!</para>
+</sect1>
+
+<sect1>
+	<title>What If Things Don't Work?</title>
+	
+	<para>If nothing works and you start to think "who wrote 
+	this pile of trash" then I suggest you do step 2 again (and 
+	again) till you calm down.</para>
+
+	<para>Then you might read the file DIAGNOSIS.txt and the 
+	FAQ. If you are still stuck then try the mailing list or 
+	newsgroup (look in the README for details). Samba has been 
+	successfully installed at thousands of sites worldwide, so maybe 
+	someone else has hit your problem and has overcome it. You could 
+	also use the WWW site to scan back issues of the samba-digest.</para>
+
+	<para>When you fix the problem PLEASE send me some updates to the
+	documentation (or source code) so that the next person will find it
+	easier. </para>
+
+	<sect2>
+		<title>Diagnosing Problems</title>
+
+		<para>If you have installation problems then go to 
+		<filename>DIAGNOSIS.txt</filename> to try to find the 
+		problem.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Scope IDs</title>
+
+		<para>By default Samba uses a blank scope ID. This means 
+		all your windows boxes must also have a blank scope ID. 
+		If you really want to use a non-blank scope ID then you will 
+		need to use the 'netbios scope' smb.conf option.
+                All your PCs will need to have the same setting for 
+		this to work. I do not recommend scope IDs.</para>
+	</sect2>
+
+
+	<sect2>
+		<title>Choosing the Protocol Level</title>
+
+		<para>The SMB protocol has many dialects. Currently 
+		Samba supports 5, called CORE, COREPLUS, LANMAN1, 
+		LANMAN2 and NT1.</para>
+
+		<para>You can choose what maximum protocol to support 
+		in the <filename>smb.conf</filename> file. The default is 
+		NT1 and that is the best for the vast majority of sites.</para>
+
+		<para>In older versions of Samba you may have found it 
+		necessary to use COREPLUS. The limitations that led to 
+		this have mostly been fixed. It is now less likely that you 
+		will want to use less than LANMAN1. The only remaining advantage 
+		of COREPLUS is that for some obscure reason WfWg preserves 
+		the case of passwords in this protocol, whereas under LANMAN1, 
+		LANMAN2 or NT1 it uppercases all passwords before sending them,
+		forcing you to use the "password level=" option in some cases.</para>
+
+		<para>The main advantage of LANMAN2 and NT1 is support for 
+		long filenames with some clients (eg: smbclient, Windows NT 
+		or Win95). </para>
+
+		<para>See the smb.conf(5) manual page for more details.</para>
+
+		<para>Note: To support print queue reporting you may find 
+		that you have to use TCP/IP as the default protocol under 
+		WfWg. For some reason if you leave Netbeui as the default 
+		it may break the print queue reporting on some systems. 
+		It is presumably a WfWg bug.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Printing from UNIX to a Client PC</title>
+
+		<para>To use a printer that is available via a smb-based 
+		server from a unix host you will need to compile the 
+		smbclient program. You then need to install the script 
+		"smbprint". Read the instruction in smbprint for more details.
+		</para>
+
+		<para>There is also a SYSV style script that does much 
+		the same thing called smbprint.sysv. It contains instructions.</para>
+	</sect2>
+
+	<sect2>
+		<title>Locking</title>
+
+		<para>One area which sometimes causes trouble is locking.</para>
+
+		<para>There are two types of locking which need to be 
+		performed by a SMB server. The first is "record locking" 
+		which allows a client to lock a range of bytes in a open file. 
+		The second is the "deny modes" that are specified when a file 
+		is open.</para>
+
+		<para>Record locking semantics under Unix is very
+		different from record locking under Windows. Versions
+		of Samba before 2.2 have tried to use the native
+		fcntl() unix system call to implement proper record
+		locking between different Samba clients. This can not
+		be fully correct due to several reasons. The simplest
+		is the fact that a Windows client is allowed to lock a
+		byte range up to 2^32 or 2^64, depending on the client
+		OS. The unix locking only supports byte ranges up to
+		2^31. So it is not possible to correctly satisfy a
+		lock request above 2^31. There are many more
+		differences, too many to be listed here.</para>
+
+		<para>Samba 2.2 and above implements record locking
+		completely independent of the underlying unix
+		system. If a byte range lock that the client requests
+		happens to fall into the range 0-2^31, Samba hands
+		this request down to the Unix system. All other locks
+		can not be seen by unix anyway.</para>
+
+		<para>Strictly a SMB server should check for locks before 
+		every read and write call on a file. Unfortunately with the 
+		way fcntl() works this can be slow and may overstress the 
+		rpc.lockd. It is also almost always unnecessary as clients 
+		are supposed to independently make locking calls before reads 
+		and writes anyway if locking is important to them. By default 
+		Samba only makes locking calls when explicitly asked
+		to by a client, but if you set "strict locking = yes" then it will
+		make lock checking calls on every read and write. </para>
+
+		<para>You can also disable by range locking completely 
+		using "locking = no". This is useful for those shares that 
+		don't support locking or don't need it (such as cdroms). In 
+		this case Samba fakes the return codes of locking calls to 
+		tell clients that everything is OK.</para>
+
+		<para>The second class of locking is the "deny modes". These 
+		are set by an application when it opens a file to determine 
+		what types of access should be allowed simultaneously with 
+		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
+		or DENY_ALL. There are also special compatibility modes called 
+		DENY_FCB and  DENY_DOS.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Mapping Usernames</title>
+	
+		<para>If you have different usernames on the PCs and 
+		the unix server then take a look at the "username map" option. 
+		See the smb.conf man page for details.</para>
+	</sect2>
+
+	<sect2>
+		<title>Other Character Sets</title>
+
+		<para>If you have problems using filenames with accented 
+		characters in them (like the German, French or Scandinavian 
+		character sets) then I recommend you look at the "valid chars" 
+		option in smb.conf and also take a look at the validchars 
+		package in the examples directory.</para>
+	</sect2>
+	
+</sect1>	
+</chapter>
diff --git a/docs/docbook/projdoc/cups.sgml b/docs/docbook/projdoc/cups.sgml
new file mode 100755
index 00000000000..57a12843a84
--- /dev/null
+++ b/docs/docbook/projdoc/cups.sgml
@@ -0,0 +1,445 @@
+<chapter id="cups">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Kurt</firstname><surname>Pfeifle</surname>
+		<affiliation>
+			<address>
+				<email>kpfeifle@danka.de</email>
+			</address>
+		</affiliation>
+	</author>
+
+
+	<pubdate> (24 May 2002) </pubdate>
+</chapterinfo>
+
+<title>Printing with CUPS in Samba 2.2.x</title>
+
+
+<sect1>
+<title>Printing with CUPS in Samba 2.2.x</title>
+
+<para>
+<ulink url="http://www.cups.org/">CUPS</ulink> is a newcomer in
+the UNIX printing scene, which has convinced many people upon first trial
+already. However, it has quite a few new features, which make it different
+from other, more traditional printing systems.
+</para>
+</sect1>
+
+
+<sect1>
+<title>Configuring <filename>smb.conf</filename> for CUPS</title>
+
+<para>
+Printing with CUPS in the most basic <filename>smb.conf</filename>
+setup in Samba 2.2.x only needs two settings: <command>printing = cups</command> and
+<command>printcap = cups</command>. While CUPS itself doesn't need a printcap
+anymore, the <filename>cupsd.conf</filename> configuration file knows two directives
+(example: <command>Printcap /etc/printcap</command> and <command>PrintcapFormat
+BSD</command>), which control if such a file should be created for the
+convenience of third party applications. Make sure it is set! For details see
+<command>man cupsd.conf</command> and other CUPS-related documentation.
+</para>
+
+<para>
+If SAMBA is compiled against libcups, then <command>printcap =
+cups</command> uses the CUPS API to list printers, submit jobs, etc. Otherwise it
+maps to the System V commands with an additional <parameter>-oraw</parameter>
+option for printing. On a Linux system, you can use the <command>ldd</command> command to
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):
+</para>
+
+<para>
+<programlisting>transmeta:/home/kurt # ldd `which smbd`
+        libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x4002d000)
+        libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
+        libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000)
+        libdl.so.2 => /lib/libdl.so.2 (0x401e8000)
+        libnsl.so.1 => /lib/libnsl.so.1 (0x401ec000)
+        libpam.so.0 => /lib/libpam.so.0 (0x40202000)
+        libc.so.6 => /lib/libc.so.6 (0x4020b000)
+        /lib/ld-linux.so.2 =&gt; /lib/ld-linux.so.2 (0x40000000)
+</programlisting></para>
+
+<para>
+The line "libcups.so.2 =&gt; /usr/lib/libcups.so.2
+(0x40123000)" shows there is CUPS support compiled into this version of
+Samba. If this is the case, and <command>printing = cups</command> is set, then any
+otherwise manually set print command in smb.conf is ignored.
+</para>
+</sect1>
+
+
+
+
+<sect1>
+<title>Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</title>
+
+<para>
+You can setup Samba and your Windows clients to use the
+CUPS print subsystem just as you would with any of the more traditional print
+subsystems: that means the use of vendor provided, native Windows printer
+drivers for each target printer. If you setup the [print$] share to
+download these drivers to the clients, their GDI system (Graphical Device
+Interface) will output the Wndows EMF (Enhanced MetaFile) and
+convert it -- with the help of the printer driver -- locally into the format
+the printer is expecting. Samba and the CUPS print subsystem will have to
+treat these files as raw print files  -- they are already in the
+shape to be digestable for the printer. This is the same traditional setup
+for Unix print servers handling Windows client jobs. It does not take much
+CPU power to handle this kind of task efficiently.
+</para>
+</sect1>
+
+
+
+
+<sect1>
+<title>CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</title>
+
+
+<para>
+CUPS is perfectly able to use PPD files (PostScript
+Printer Descriptions). PPDs can control all print device options. They
+are usually provided by the manufacturer -- if you own a PostSript printer,
+that is. PPD files are always a component of PostScript printer drivers on MS
+Windows or Apple Mac OS systems. They are ASCII files containing
+user-selectable print options, mapped to appropriate PostScript, PCL or PJL
+commands for the target printer. Printer driver GUI dialogs translate these
+options "on-the-fly" into buttons and drop-down lists for the user to
+select.
+</para>
+
+<para>
+CUPS can load, without any conversions, the PPD file from
+any Windows (NT is recommended) PostScript driver and handle the options.
+There is a web browser interface to the print options (select
+http://localhost:631/printers/ and click on one "Configure Printer" button
+to see it), a commandline interface (see <command>man lpoptions</command> or
+try if you have <command>lphelp</command> on your system) plus some different GUI frontends on Linux
+UNIX, which can present PPD options to the users. PPD options are normally
+meant to become evaluated by the PostScript RIP on the real PostScript
+printer.
+</para>
+
+<para>
+CUPS doesn't stop at "real" PostScript printers in its
+usage of PPDs. The CUPS developers have extended the PPD concept, to also
+describe available device and driver options for non-PostScript printers
+through  CUPS-PPDs.
+</para>
+
+<para>
+This is logical, as CUPS includes a fully featured
+PostScript interpreter (RIP). This RIP is based on Ghostscript. It can
+process all received PostScript (and additionally many other file formats)
+from clients. All CUPS-PPDs geared to non-PostScript printers contain an
+additional line, starting with the keyword <parameter>*cupsFilter</parameter>.
+This line
+tells the CUPS print system which printer-specific filter to use for the
+interpretation of the accompanying PostScript. Thus CUPS lets all its
+printers appear as PostScript devices to its clients, because it can act as a
+PostScript RIP for those printers, processing the received PostScript code
+into a proper raster print format.
+</para>
+
+<para>
+CUPS-PPDs can also be used on Windows-Clients, on top of a
+PostScript driver (recommended is the Adobe one).
+</para>
+
+<para>
+This feature enables CUPS to do a few tricks no other
+spooler can do:
+</para>
+
+<itemizedlist>
+  <listitem><para>act as a networked PostScript RIP (Raster Image Processor), handling
+    printfiles from all client platforms in a uniform way;</para></listitem>
+  <listitem><para>act as a central accounting and billing server, as all files are passed
+    through the <command>pstops</command> Filter and are therefor logged in
+    the CUPS <filename>page&lowbar;log</filename>. - <emphasis>NOTE: </emphasis>this
+    can not happen with "raw" print jobs, which always remain unfiltered
+    per definition;</para></listitem>
+  <listitem><para>enable clients to consolidate on a single PostScript driver, even for
+    many different target printers.</para></listitem>
+</itemizedlist>
+</sect1>
+
+
+
+<sect1>
+<title>Windows Terminal Servers (WTS) as CUPS clients</title>
+
+<para>
+This setup may be of special interest to people
+experiencing major problems in WTS environments. WTS need often a multitude
+of non-PostScript drivers installed to run their clients' variety of
+different printer models. This often imposes the price of much increased
+instability. In many cases, in an attempt to overcome this problem, site
+administrators have resorted to restrict the allowed drivers installed on
+their WTS to one generic PCL- and one PostScript driver. This however
+restricts the clients in the amount of printer options available for them --
+often they can't get out more then simplex prints from one standard paper
+tray, while their devices could do much better, if driven by a different
+driver!
+</para>
+
+<para>
+Using an Adobe PostScript driver, enabled with a CUPS-PPD,
+seems to be a very elegant way to overcome all these shortcomings. The
+PostScript driver is not known to cause major stability problems on WTS (even
+if used with many different PPDs). The clients will be able to (again) chose
+paper trays, duplex printing and other settings. However, there is a certain
+price for this too: a  CUPS server acting as a PostScript RIP for its clients
+requires more CPU and RAM than just to act as  a "raw spooling" device. Plus,
+this setup is not yet widely tested, although the first feedbacks look very
+promising...
+</para>
+</sect1>
+
+
+<sect1>
+<title>Setting up CUPS for driver download</title>
+
+<para>
+The <command>cupsadsmb</command> utility (shipped with all current
+CUPS versions) makes the sharing of any (or all) installed CUPS printers very
+easy. Prior to using it, you need the following settings in smb.conf:
+</para>
+
+<para><programlisting>[global]
+         load printers = yes
+         printing = cups
+         printcap name = cups
+
+[printers]
+         comment = All Printers
+         path = /var/spool/samba
+         browseable = no
+         public = yes
+         guest ok = yes
+         writable = no
+         printable = yes
+         printer admin = root
+
+[print$]
+         comment = Printer Drivers
+         path = /etc/samba/drivers
+         browseable = yes
+         guest ok = no
+         read only = yes
+         write list = root
+</programlisting></para>
+
+<para>
+For licensing reasons the necessary files of the Adobe
+Postscript driver can not be distributed with either Samba or CUPS. You need
+to download them yourself from the Adobe website. Once extracted, create a
+<filename>drivers</filename> directory in the CUPS data directory (usually
+<filename>/usr/share/cups/</filename>). Copy the Adobe files using
+UPPERCASE filenames, to this directory as follows:
+</para>
+
+<para><programlisting>
+        ADFONTS.MFM
+        ADOBEPS4.DRV
+        ADOBEPS4.HLP
+        ADOBEPS5.DLL
+        ADOBEPSU.DLL
+        ADOBEPSU.HLP
+        DEFPRTR2.PPD
+        ICONLIB.DLL
+</programlisting></para>
+
+<para>
+Users of the ESP Print Pro software are able to install
+their "Samba Drivers" package for this purpose with no problem.
+</para>
+</sect1>
+
+
+
+<sect1>
+<title>Sources of CUPS drivers / PPDs</title>
+
+<para>
+On the internet you can find now many thousand CUPS-PPD
+files (with their companion filters), in many national languages,
+supporting more than 1.000 non-PostScript models.
+</para>
+
+<itemizedlist>
+  <listitem><para><ulink url="http://wwwl.easysw.com/printpro/">ESP PrintPro
+    (http://wwwl.easysw.com/printpro/)</ulink>
+    (commercial, non-Free) is packaged with more than 3.000 PPDs, ready for
+    successful usage "out of the box" on Linux, IBM-AIX, HP-UX, Sun-Solaris,
+    SGI-IRIX, Compaq Tru64, Digital Unix and some more commercial Unices (it
+    is written by the CUPS developers themselves and its sales help finance
+    the further development of CUPS, as they feed their creators)</para></listitem>
+  <listitem><para>the <ulink
+    url="http://gimp-print.sourceforge.net/">Gimp-Print-Project
+    (http://gimp-print.sourceforge.net/)</ulink>
+    (GPL, Free Software) provides around 120 PPDs (supporting nearly 300
+    printers, many driven to photo quality output), to be used alongside the
+    Gimp-Print CUPS filters;</para></listitem>
+  <listitem><para><ulink url="http://www.turboprint.com/">TurboPrint
+    (http://www.turboprint.com/)</ulink>
+    (Shareware, non-Freee) supports roughly the same amount of printers in
+    excellent quality;</para></listitem>
+  <listitem><para><ulink
+    url="http://www-124.ibm.com/developerworks/oss/linux/projects/omni/">OMNI
+    (http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)</ulink>
+    (LPGL, Free) is a package made by IBM, now containing support for more
+    than 400 printers, stemming from the inheritance of IBM OS/2 KnowHow
+    ported over to Linux (CUPS support is in a Beta-stage at present);</para></listitem>
+  <listitem><para><ulink url="http://hpinkjet.sourceforge.net/">HPIJS
+    (http://hpinkjet.sourceforge.net/)</ulink>
+    (BSD-style licnes, Free) supports around 120 of HP's own printers and is
+    also providing excellent print quality now;</para></listitem>
+  <listitem><para><ulink
+    url="http://www.linuxprinting.org/">Foomatic/cupsomatic (http://www.linuxprinting.org/)</ulink> 
+    (LPGL, Free) from Linuxprinting.org are providing PPDs for practically every
+    Ghostscript filter known to the world, now usable with CUPS.</para></listitem>
+</itemizedlist>
+
+<para>
+<emphasis>NOTE: </emphasis>the cupsomatic trick from Linuxprinting.org is
+working different from the other drivers. While the other drivers take the
+generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
+RIP-ping, deviates it to an external Ghostscript installation (which now
+becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...
+</para>
+
+<para>
+Once you installed a printer inside CUPS with one of the
+recommended methods (the lpadmin command, the web browser interface or one of
+the available GUI wizards), you can use <command>cupsaddsmb</command> to share the
+printer via Samba. <command>cupsaddsmb</command> prepares the driver files for
+comfortable client download and installation upon their first contact with
+this printer share.
+</para>
+
+
+
+<sect2>
+<title><command>cupsaddsmb</command></title>
+
+
+<para>
+The <command>cupsaddsmb</command> command copies the needed files
+for convenient Windows client installations from the previously prepared CUPS
+data directory to your [print$] share. Additionally, the PPD
+associated with this printer is copied from <filename>/etc/cups/ppd/</filename> to
+[print$].
+</para>
+
+<para><programlisting>
+<prompt>root# </prompt> <command>cupsaddsmb -U root infotec_IS2027</command>
+Password for root required to access localhost via SAMBA: <userinput>[type in password 'secret']</userinput>
+</programlisting></para>
+
+<para>
+To share all printers and drivers, use the <parameter>-a</parameter>
+parameter instead of a printer name.
+</para>
+
+
+<para>
+Probably you want to see what's going on. Use the
+<parameter>-v</parameter> parameter to get a more verbose output:
+</para>
+
+<para><programlisting>
+<prompt>root# </prompt> cupsaddsmb -v -U root infotec_IS2027
+    Password for root required to access localhost via SAMBA:
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3cd1cc66376c0 W32X86/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \W32X86/infotec_IS2027.PPD (17394.6 kb/s) (average 17395.2 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (10877.4 kb/s) (average 11343.0 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (5095.2 kb/s) (average 9260.4 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (8828.7 kb/s) (average 9247.1 kb/s)
+
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3cd1cc66376c0 WIN40/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \WIN40/infotec_IS2027.PPD (26091.5 kb/s) (average 26092.8 kb/s)
+    putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (11241.6 kb/s) (average 11812.9 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (16640.6 kb/s) (average 14679.3 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (11285.6 kb/s) (average 14281.5 kb/s)
+    putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (823.5 kb/s) (average 12944.0 kb/s)
+    putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (19226.2 kb/s) (average 13169.7 kb/s)
+    putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 13266.7 kb/s)
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"'
+    cmd = adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
+    cmd = adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver infotec_IS2027 infotec_IS2027'
+    cmd = setdriver infotec_IS2027 infotec_IS2027
+    Succesfully set infotec_IS2027 to driver infotec_IS2027.
+
+    <prompt>root# </prompt>
+</programlisting></para>
+
+<para>
+If you look closely, you'll discover your root password
+was transfered unencrypted over the wire, so beware! Also, if you look
+further her, you'll discover error messages like
+<constant>NT_STATUS_OBJECT_NAME_COLLISION</constant> in between. They occur, because
+the directories <filename>WIN40</filename> and <filename>W32X86</filename> already
+existed in the [print$] driver download share (from a previous driver
+installation). They are harmless here.
+</para>
+
+<para>
+Now your printer is prepared for the clients to use. From
+a client, browse to the CUPS/Samba server, open the "Printers"
+share, right-click on this printer and select "Install..." or
+"Connect..." (depending on the Windows version you use). Now their
+should be a new printer in your client's local "Printers" folder,
+named (in my case) "infotec_IS2027 on kdebitshop"
+</para>
+
+<para>
+<emphasis>NOTE: </emphasis>
+<command>cupsaddsmb</command> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.
+</para>
+</sect2>
+</sect1>
+
+
+</chapter>
diff --git a/docs/docbook/projdoc/msdfs_setup.sgml b/docs/docbook/projdoc/msdfs_setup.sgml
new file mode 100755
index 00000000000..35c9d40840a
--- /dev/null
+++ b/docs/docbook/projdoc/msdfs_setup.sgml
@@ -0,0 +1,117 @@
+<chapter id="msdfs">
+
+<chapterinfo>
+	<author>
+		<firstname>Shirish</firstname><surname>Kalele</surname>
+		<affiliation>
+			<orgname>Samba Team & Veritas Software</orgname>
+			<address>
+				<email>samba@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate>12 Jul 200</pubdate>
+</chapterinfo>
+
+
+<title>Hosting a Microsoft Distributed File System tree on Samba</title>
+
+<sect1>
+
+	<title>Instructions</title>
+
+	<para>The Distributed File System (or Dfs) provides a means of 
+	separating the logical view of files and directories that users 
+	see from the actual physical locations of these resources on the 
+	network. It allows for higher availability, smoother storage expansion, 
+	load balancing etc. For more information about Dfs, refer to  <ulink 
+	url="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp">
+	Microsoft documentation</ulink>. </para>
+
+	<para>This document explains how to host a Dfs tree on a Unix 
+	machine (for Dfs-aware clients to browse) using Samba.</para>
+
+	<para>To enable SMB-based DFS for Samba, configure it with the 
+	<parameter>--with-msdfs</parameter> option. Once built, a 
+	Samba server can be made a Dfs server by setting the global 
+	boolean <ulink url="smb.conf.5.html#HOSTMSDFS"><parameter>
+	host msdfs</parameter></ulink> parameter in the <filename>smb.conf
+	</filename> file. You designate a share as a Dfs root using the share 
+	level boolean <ulink url="smb.conf.5.html#MSDFSROOT"><parameter>
+	msdfs root</parameter></ulink> parameter. A Dfs root directory on 
+	Samba hosts Dfs links in the form of symbolic links that point 
+	to other servers. For example, a symbolic link
+	<filename>junction-&gt;msdfs:storage1\share1</filename> in 
+	the share directory acts as the Dfs junction. When Dfs-aware 
+	clients attempt to access the junction link, they are redirected 
+	to the storage location (in this case, \\storage1\share1).</para>
+
+	<para>Dfs trees on Samba work with all Dfs-aware clients ranging 
+	from Windows 95 to 2000.</para>
+	
+	<para>Here's an example of setting up a Dfs tree on a Samba 
+	server.</para>
+
+	<para><programlisting>
+# The smb.conf file:
+[global]
+	netbios name = SAMBA
+	host msdfs   = yes
+
+[dfs]
+	path = /export/dfsroot
+	msdfs root = yes
+	</programlisting></para>
+
+
+	<para>In the /export/dfsroot directory we set up our dfs links to 
+	other servers on the network.</para>
+
+	<para><prompt>root# </prompt><userinput>cd /export/dfsroot</userinput></para>
+	<para><prompt>root# </prompt><userinput>chown root /export/dfsroot</userinput></para>
+	<para><prompt>root# </prompt><userinput>chmod 755 /export/dfsroot</userinput></para>
+	<para><prompt>root# </prompt><userinput>ln -s msdfs:storageA\\shareA linka</userinput></para>
+	<para><prompt>root# </prompt><userinput>ln -s msdfs:serverB\\share,serverC\\share linkb</userinput></para>
+
+
+	<para>You should set up the permissions and ownership of 
+	the directory acting as the Dfs root such that only designated 
+	users can create, delete or modify the msdfs links. Also note 
+	that symlink names should be all lowercase. This limitation exists 
+	to have Samba avoid trying all the case combinations to get at 
+	the link name. Finally set up the symbolic links to point to the 
+	network shares you want, and start Samba.</para>
+
+	<para>Users on Dfs-aware clients can now browse the Dfs tree 
+	on the Samba server at \\samba\dfs. Accessing 
+	links linka or linkb (which appear as directories to the client) 
+	takes users directly to the appropriate shares on the network.</para>
+
+	<sect2>
+		<title>Notes</title>
+
+		<itemizedlist>
+			<listitem><para>Windows clients need to be rebooted 
+			if a previously mounted non-dfs share is made a dfs 
+			root or vice versa. A better way is to introduce a 
+			new share and make it the dfs root.</para>
+			</listitem>
+			
+			<listitem><para>Currently there's a restriction that msdfs 
+			symlink names should all be lowercase.</para>
+			</listitem>
+			
+			<listitem><para>For security purposes, the directory 
+			acting as the root of the Dfs tree should have ownership 
+			and permissions set so that only designated users can 
+			modify the symbolic links in the directory.</para>
+			</listitem>
+		</itemizedlist>
+	</sect2>
+</sect1>
+
+
+	
+</chapter>
diff --git a/docs/docbook/projdoc/printer_driver2.sgml b/docs/docbook/projdoc/printer_driver2.sgml
new file mode 100755
index 00000000000..2afba6b5968
--- /dev/null
+++ b/docs/docbook/projdoc/printer_driver2.sgml
@@ -0,0 +1,676 @@
+<chapter id="printing">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Gerald (Jerry)</firstname><surname>Carter</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address>
+				<email>jerry@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate> (3 May 2001) </pubdate>
+</chapterinfo>
+
+<title>Printing Support in Samba 2.2.x</title>
+
+<sect1>
+<title>Introduction</title>
+	
+<para>Beginning with the 2.2.0 release, Samba supports 
+the native Windows NT printing mechanisms implemented via 
+MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
+Samba only supported LanMan printing calls.</para>
+
+<para>The additional functionality provided by the new 
+SPOOLSS support includes:</para>
+	
+<itemizedlist>
+	<listitem><para>Support for downloading printer driver 
+	files to Windows 95/98/NT/2000 clients upon demand.
+	</para></listitem>
+	
+	<listitem><para>Uploading of printer drivers via the 
+	Windows NT Add Printer Wizard (APW) or the 
+	Imprints tool set (refer to <ulink 
+	url="http://imprints.sourceforge.net">http://imprints.sourceforge.net</ulink>). 
+	</para></listitem>
+		
+	<listitem><para>Support for the native MS-RPC printing 
+	calls such as StartDocPrinter, EnumJobs(), etc...  (See 
+	the MSDN documentation at <ulink 
+	url="http://msdn.microsoft.com/">http://msdn.microsoft.com/</ulink> 
+	for more information on the Win32 printing API)
+	</para></listitem>
+		
+	<listitem><para>Support for NT Access Control Lists (ACL) 
+	on printer objects</para></listitem>
+	
+	<listitem><para>Improved support for printer queue manipulation 
+	through the use of an internal databases for spooled job 
+	information</para></listitem>
+</itemizedlist>
+
+<para>
+There has been some initial confusion about what all this means
+and whether or not it is a requirement for printer drivers to be 
+installed on a Samba host in order to support printing from Windows 
+clients.  A bug existed in Samba 2.2.0 which made Windows NT/2000 clients 
+require that the Samba server possess a valid driver for the printer.  
+This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
+can use the local APW for installing drivers to be used with a Samba 
+served printer.  This is the same behavior exhibited by Windows 9x clients.
+As a side note, Samba does not use these drivers in any way to process 
+spooled files.  They are utilized entirely by the clients.
+</para>
+
+<para>
+The following MS KB article, may be of some help if you are dealing with
+Windows 2000 clients:  <emphasis>How to Add Printers with No User 
+Interaction in Windows 2000</emphasis>
+</para>
+
+<para>
+<ulink url="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP">http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</ulink>
+</para>
+
+</sect1>
+
+
+<sect1>
+<title>Configuration</title>
+
+<warning>
+<title>[print$] vs. [printer$]</title>
+
+<para>
+Previous versions of Samba recommended using a share named [printer$].  
+This name was taken from the printer$ service created by Windows 9x 
+clients when a printer was shared.  Windows 9x printer servers always have 
+a printer$ service which provides read-only access via no 
+password in order to support printer driver downloads.
+</para>
+	
+<para>
+However, the initial implementation allowed for a 
+parameter named <parameter>printer driver location</parameter> 
+to be used on a per share basis to specify the location of 
+the driver files associated with that printer.  Another 
+parameter named <parameter>printer driver</parameter> provided 
+a means of defining the printer driver name to be sent to 
+the client.
+</para>
+ 
+<para>
+These parameters, including <parameter>printer driver
+file</parameter> parameter, are being deprecated and should not
+be used in new installations.  For more information on this change, 
+you should refer to the <link linkend="MIGRATION">Migration section</link>
+of this document.
+</para>
+</warning>
+
+<sect2>
+<title>Creating [print$]</title>	
+
+<para>
+In order to support the uploading of printer driver 
+files, you must first configure a file share named [print$].  
+The name of this share is hard coded in Samba's internals so 
+the name is very important (print$ is the service used by 
+Windows NT print servers to provide support for printer driver 
+download).
+</para>
+
+<para>You should modify the server's smb.conf file to add the global
+parameters and to create the 
+following file share (of course, some of the parameter values,
+such as 'path' are arbitrary and should be replaced with
+appropriate values for your site):</para>
+
+<para><programlisting>
+[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root
+</programlisting></para>
+	
+<para>The <ulink url="smb.conf.5.html#WRITELIST"><parameter>
+write list</parameter></ulink> is used to allow administrative 
+level user accounts to have write access in order to update files 
+on the share.  See the <ulink url="smb.conf.5.html">smb.conf(5) 
+man page</ulink> for more information on configuring file shares.</para>
+	
+<para>The requirement for <ulink url="smb.conf.5.html#GUESTOK"><command>guest 
+ok = yes</command></ulink> depends upon how your
+site is configured.  If users will be guaranteed to have 
+an account on the Samba host, then this is a non-issue.</para>
+
+<note>	
+<title>Author's Note</title>
+
+<para>
+The non-issue is that if all your Windows NT users are guaranteed to be 
+authenticated by the Samba server (such as a domain member server and the NT 
+user has already been validated by the Domain Controller in 
+order to logon to the Windows NT console), then guest access 
+is not necessary.  Of course, in a workgroup environment where 
+you just want to be able to print without worrying about 
+silly accounts and security, then configure the share for 
+guest access.  You'll probably want to add <ulink 
+url="smb.conf.5.html#MAPTOGUEST"><command>map to guest = Bad User
+</command></ulink> in the [global] section as well.  Make sure 
+you understand what this parameter does before using it 
+though. --jerry
+</para>
+</note>
+
+<para>In order for a Windows NT print server to support 
+the downloading of driver files by multiple client architectures,
+it must create subdirectories within the [print$] service
+which correspond to each of the supported client architectures.
+Samba follows this model as well.</para>
+
+<para>Next create the directory tree below the [print$] share 
+for each architecture you wish to support.</para>
+
+<para><programlisting>
+[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"
+</programlisting></para>
+
+<warning>
+<title>ATTENTION!  REQUIRED PERMISSIONS</title>
+	
+<para>
+In order to currently add a new driver to you Samba host, 
+one of two conditions must hold true:
+</para>
+		
+<itemizedlist>
+	<listitem><para>The account used to connect to the Samba host 
+	must have a uid of 0 (i.e. a root account)</para></listitem>
+		
+	<listitem><para>The account used to connect to the Samba host
+	must be a member of the <ulink 
+	url="smb.conf.5.html#PRINTERADMIN"><parameter>printer 
+	admin</parameter></ulink> list.</para></listitem>
+</itemizedlist>
+
+<para>
+Of course, the connected account must still possess access
+to add files to the subdirectories beneath [print$]. Remember
+that all file shares are set to 'read only' by default.
+</para>
+</warning>
+
+
+<para>
+Once you have created the required [print$] service and 
+associated subdirectories, simply log onto the Samba server using 
+a root (or <parameter>printer admin</parameter>) account
+from a Windows NT 4.0/2k client.  Open "Network Neighbourhood" or
+"My Network Places" and browse for the Samba host.  Once you have located
+the server, navigate to the "Printers..." folder.
+You should see an initial listing of printers
+that matches the printer shares defined on your Samba host.
+</para>
+</sect2>
+
+<sect2>
+<title>Setting Drivers for Existing Printers</title>
+
+<para>The initial listing of printers in the Samba host's 
+Printers folder will have no real printer driver assigned 
+to them.  By default, in Samba 2.2.0 this driver name was set to 
+<emphasis>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</emphasis>.
+Later versions changed this to a NULL string to allow the use
+tof the local Add Printer Wizard on NT/2000 clients.
+Attempting to view the printer properties for a printer
+which has this default driver assigned will result in 
+the error message:</para>
+
+<para>
+<emphasis>Device settings cannot be displayed.  The driver 
+for the specified printer is not installed, only spooler 
+properties will be displayed.  Do you want to install the 
+driver now?</emphasis>
+</para>
+
+<para>
+Click <emphasis>No</emphasis> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
+printer is to either
+</para>
+
+<itemizedlist>
+	<listitem><para>Use the "New Driver..." button to install
+	a new printer driver, or</para></listitem>
+
+	<listitem><para>Select a driver from the popup list of
+	installed drivers.  Initially this list will be empty.</para>
+	</listitem>
+</itemizedlist>
+
+<para>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
+to use the "Sharing" tab of the printer properties dialog.</para>
+
+<para>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
+ACLs and device settings using this dialog box.</para>
+
+<para>A few closing comments for this section, it is possible
+on a Windows NT print server to have printers
+listed in the Printers folder which are not shared.  Samba does
+not make this distinction.  By definition, the only printers of
+which Samba is aware are those which are specified as shares in
+<filename>smb.conf</filename>.</para>
+
+<para>Another interesting side note is that Windows NT clients do
+not use the SMB printer share, but rather can print directly
+to any printer on another Windows NT host using MS-RPC.  This
+of course assumes that the printing client has the necessary
+privileges on the remote host serving the printer.  The default
+permissions assigned by Windows NT to a printer gives the "Print"
+permissions to the "Everyone" well-known group.
+</para>
+
+</sect2>
+
+<sect2>
+<title>DeviceModes and New Printers</title>
+
+<para>
+In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:
+</para>
+
+<itemizedlist>
+	<listitem><para>a valid Device Mode generated by the driver for the printer, and</para></listitem>
+	<listitem><para>a complete set of PrinterDriverData generated by the driver.</para></listitem>
+</itemizedlist>
+
+<para>
+If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).
+</para>
+
+<para>
+Samba also includes a service level parameter name <ulink url="smb.conf.5.html#DEFAULTDEVMODE">default
+devmode</ulink> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.
+</para>
+
+</sect2>
+
+
+<sect2>
+<title>Support a large number of printers</title>
+
+<para>One issue that has arisen during the development
+phase of Samba 2.2 is the need to support driver downloads for
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
+same driver, the <ulink url="rpcclient.1.html"><command>rpcclient's
+setdriver</command></ulink> command can be used to set the driver
+associated with an installed driver.  The following is example
+of how this could be accomplished:</para>
+
+<para><programlisting>
+<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumdrivers"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+
+[Windows NT x86]
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4000 Series PS]
+
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 2100 Series PS]
+
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
+
+<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumprinters"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
+
+<prompt>$ </prompt>rpcclient pogo -U root%secret \
+<prompt>&gt; </prompt> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.
+</programlisting></para>
+</sect2>
+
+
+
+<sect2>
+<title>Adding New Printers via the Windows NT APW</title>
+
+<para>
+By default, Samba offers all printer shares defined in <filename>smb.conf</filename>
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
+Add Printer Wizard icon.  The APW will be show only if
+</para>
+
+<itemizedlist>
+	<listitem><para>The connected user is able to successfully
+	execute an OpenPrinterEx(\\server) with administrative
+	privileges (i.e. root or <parameter>printer admin</parameter>).
+	</para></listitem>
+
+	<listitem><para><ulink url="smb.conf.5.html#SHOWADDPRINTERWIZARD"><parameter>show
+	add printer wizard = yes</parameter></ulink> (the default).
+	</para></listitem>
+</itemizedlist>
+
+<para>
+In order to be able to use the APW to successfully add a printer to a Samba
+server, the <ulink url="smb.conf.5.html#ADDPRINTERCOMMAND"><parameter>add
+printer command</parameter></ulink> must have a defined value.  The program
+hook must successfully add the printer to the system (i.e.
+<filename>/etc/printcap</filename> or appropriate files) and
+<filename>smb.conf</filename> if necessary.
+</para>
+
+<para>
+When using the APW from a client, if the named printer share does
+not exist, <command>smbd</command> will execute the <parameter>add printer
+command</parameter> and reparse to the <filename>smb.conf</filename>
+to attempt to locate the new printer share.  If the share is still not defined,
+an error of "Access Denied" is returned to the client.  Note that the 
+<parameter>add printer program</parameter> is executed under the context
+of the connected user, not necessarily a root account.
+</para>
+
+<para>
+There is a complementing <ulink url="smb.conf.5.html#DELETEPRINTERCOMMAND"><parameter>delete
+printer command</parameter></ulink> for removing entries from the "Printers..."
+folder.
+</para>
+
+</sect2>
+
+
+<sect2>
+<title>Samba and Printer Ports</title>
+
+<para>
+Windows NT/2000 print servers associate a port with each printer.  These normally
+take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
+concept of ports associated with a printer.  By default, only one printer port,
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
+order to print, rather it is a requirement of Windows clients.  
+</para>
+
+<para>
+Note that Samba does not support the concept of "Printer Pooling" internally 
+either.  This is when a logical printer is assigned to multiple ports as 
+a form of load balancing or fail over.
+</para>
+
+<para>
+If you require that multiple ports be defined for some reason,
+<filename>smb.conf</filename> possesses a <ulink 
+url="smb.conf.5.html#ENUMPORTSCOMMAND"><parameter>enumports 
+command</parameter></ulink> which can be used to define an external program 
+that generates a listing of ports on a system.
+</para>
+
+</sect2>
+
+</sect1>
+
+
+<sect1>
+	<title>The Imprints Toolset</title>
+	
+	<para>The Imprints tool set provides a UNIX equivalent of the 
+	Windows NT Add Printer Wizard.  For complete information, please 
+	refer to the Imprints web site at <ulink url="http://imprints.sourceforge.net/">
+	http://imprints.sourceforge.net/</ulink> as well as the documentation 
+	included with the imprints source distribution.  This section will 
+	only provide a brief introduction to the features of Imprints.</para>
+
+	<para>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</para>
+	
+	
+	<sect2>
+		<title>What is Imprints?</title>
+
+		<para>Imprints is a collection of tools for supporting the goals 
+		of</para>
+		
+		<itemizedlist>
+			<listitem><para>Providing a central repository information 
+			regarding Windows NT and 95/98 printer driver packages</para>
+			</listitem>
+			
+			<listitem><para>Providing the tools necessary for creating 
+			the Imprints printer driver packages.</para></listitem>
+			
+			<listitem><para>Providing an installation client which 
+			will obtain and install printer drivers on remote Samba 
+			and Windows NT 4 print servers.</para></listitem>
+		</itemizedlist>
+		
+	</sect2>
+	
+	
+	<sect2>
+		<title>Creating Printer Driver Packages</title>
+		
+		<para>The process of creating printer driver packages is beyond
+		the scope of this document (refer to Imprints.txt also included
+		with the Samba distribution for more information).  In short,
+		an Imprints driver package is a gzipped tarball containing the
+		driver files, related INF files, and a control file needed by the
+		installation client.</para>
+	</sect2>
+	
+	
+	<sect2>
+		<title>The Imprints server</title>
+		
+		<para>The Imprints server is really a database server that 
+		may be queried via standard HTTP mechanisms.  Each printer 
+		entry in the database has an associated URL for the actual
+		downloading of the package.  Each package is digitally signed
+		via GnuPG which can be used to verify that package downloaded
+		is actually the one referred in the Imprints database.  It is 
+		<emphasis>not</emphasis> recommended that this security check 
+		be disabled.</para>
+	</sect2>
+	
+	<sect2>
+		<title>The Installation Client</title>
+
+		<para>More information regarding the Imprints installation client 
+		is available in the <filename>Imprints-Client-HOWTO.ps</filename> 
+		file included with the imprints source package.</para>
+
+		<para>The Imprints installation client comes in two forms.</para>
+
+		<itemizedlist>
+			<listitem><para>a set of command line Perl scripts</para>
+			</listitem>
+			
+			<listitem><para>a GTK+ based graphical interface to 
+			the command line perl scripts</para></listitem>
+		</itemizedlist>
+		
+		<para>The installation client (in both forms) provides a means
+		of querying the Imprints database server for a matching
+		list of known printer model names as well as a means to 
+		download and install the drivers on remote Samba and Windows
+		NT print servers.</para>
+
+		<para>The basic installation process is in four steps and 
+		perl code is wrapped around <command>smbclient</command> 
+		and <command>rpcclient</command>.</para>
+
+<para><programlisting>	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
+	
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer
+</programlisting></para>
+		
+		<para>One of the problems encountered when implementing 
+		the Imprints tool set was the name space issues between 
+		various supported client architectures.  For example, Windows 
+		NT includes a driver named "Apple LaserWriter II NTX v51.8" 
+		and Windows 95 calls its version of this driver "Apple 
+		LaserWriter II NTX"</para>
+		
+		<para>The problem is how to know what client drivers have 
+		been uploaded for a printer.  As astute reader will remember 
+		that the Windows NT Printer Properties dialog only includes 
+		space for one printer driver name.  A quick look in the 
+		Windows NT 4.0 system registry at</para>
+	
+		<para><filename>HKLM\System\CurrentControlSet\Control\Print\Environment
+		</filename></para>
+		
+		<para>will reveal that Windows NT always uses the NT driver 
+		name.  This is ok as Windows NT always requires that at least 
+		the Windows NT version of the printer driver is present.  
+		However, Samba does not have the requirement internally.  
+		Therefore, how can you use the NT driver name if is has not 
+		already been installed?</para>
+		
+		<para>The way of sidestepping this limitation is to require 
+		that all Imprints printer driver packages include both the Intel 
+		Windows NT and 95/98 printer drivers and that NT driver is 
+		installed first.</para>
+	</sect2>
+	
+</sect1>
+
+
+<sect1>
+<title><anchor id="MIGRATION">Migration to from Samba 2.0.x to 2.2.x</title>
+
+<para>
+Given that printer driver management has changed (we hope improved) in 
+2.2 over prior releases, migration from an existing setup to 2.2 can 
+follow several paths. Here are the possible scenarios for 
+migration:
+</para>
+
+<itemizedlist>
+	<listitem><para>If you do not desire the new Windows NT 
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.</para></listitem>
+
+	<listitem><para>If you want to take advantage of NT printer 
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	<filename>printers.def</filename> file.  When smbd attempts 
+	to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The <command>make_printerdef</command> 
+	tool will also remain for backwards compatibility but will 
+	be removed in the next major release.</para></listitem>
+
+	<listitem><para>If you install a Windows 9x driver for a printer 
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).</para></listitem>
+
+	<listitem><para>If you want to migrate an existing <filename>printers.def</filename> 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using <command>smbclient</command> and <command>rpcclient</command>.  See the 
+	Imprints installation client at <ulink 
+	url="http://imprints.sourceforge.net/">http://imprints.sourceforge.net/</ulink> 
+	for an example.
+	</para></listitem>
+</itemizedlist>
+
+
+<warning>
+<title>Achtung!</title>
+
+<para>
+The following <filename>smb.conf</filename> parameters are considered to 
+be deprecated and will be removed soon.  Do not use them in new 
+installations
+</para>
+		
+<itemizedlist>
+	<listitem><para><parameter>printer driver file (G)</parameter>
+	</para></listitem>
+			
+	<listitem><para><parameter>printer driver (S)</parameter>
+	</para></listitem>
+			
+	<listitem><para><parameter>printer driver location (S)</parameter>
+	</para></listitem>
+</itemizedlist>
+</warning>
+
+
+<sect2>
+<title>Parameters in <filename>smb.conf(5)</filename> for Backwards Compatibility</title>
+
+<para>
+The have been two new parameters add in Samba 2.2.2 to for 
+better support of Samba 2.0.x backwards capability (<parameter>disable
+spoolss</parameter>) and for using local printers drivers on Windows 
+NT/2000 clients (<parameter>use client driver</parameter>). Both of 
+these options are described in the smb.coinf(5) man page and are 
+disabled by default.  Use them with caution.
+</para>
+</sect2>
+
+
+</sect1>
+
+
+</chapter>
diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
new file mode 100755
index 00000000000..671ff453176
--- /dev/null
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -0,0 +1,79 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
+<!ENTITY UNIX-INSTALL SYSTEM "UNIX_INSTALL.sgml">
+<!ENTITY ENCRYPTION SYSTEM "ENCRYPTION.sgml">
+<!ENTITY MS-Dfs-Setup SYSTEM "msdfs_setup.sgml">
+<!ENTITY PRINTER-DRIVER2 SYSTEM "printer_driver2.sgml">
+<!ENTITY CUPS SYSTEM "cups.sgml">
+<!ENTITY DOMAIN-MEMBER SYSTEM "DOMAIN_MEMBER.sgml">
+<!ENTITY WINBIND SYSTEM "winbind.sgml">
+<!ENTITY NT-Security SYSTEM "NT_Security.sgml">
+<!ENTITY OS2-Client SYSTEM "OS2-Client-HOWTO.sgml">
+<!ENTITY Samba-PDC-HOWTO SYSTEM "Samba-PDC-HOWTO.sgml">
+<!ENTITY Samba-BDC-HOWTO SYSTEM "Samba-BDC-HOWTO.sgml">
+<!ENTITY CVS-Access SYSTEM "CVS-Access.sgml">
+<!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml">
+<!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml">
+<!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml">
+<!ENTITY INDEX-FILE SYSTEM "index.sgml">
+]>
+
+<book id="Samba-Project-Documentation">
+
+<title>SAMBA Project Documentation</title>
+
+<bookinfo>
+	<author>
+		<surname>SAMBA Team</surname>
+	</author>
+	<address><email>samba@samba.org</email></address>
+</bookinfo>
+
+<dedication>
+<title>Abstract</title>
+
+<para>
+<emphasis>Last Update</emphasis> : Mon Apr  1 08:47:26 CST 2002
+</para>
+
+<para>
+This book is a collection of HOWTOs added to Samba documentation over the years.
+I try to ensure that all are current, but sometimes the is a larger job
+than one person can maintain.  The most recent version of this document
+can be found at <ulink url="http://www.samba.org/">http://www.samba.org/</ulink>
+on the "Documentation" page.  Please send updates to <ulink 
+url="mailto:jerry@samba.org">jerry@samba.org</ulink>.
+</para>
+
+<para>
+This documentation is distributed under the GNU General Public License (GPL) 
+version 2.  A copy of the license is included with the Samba source
+distribution.  A copy can be found on-line at <ulink 
+url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</ulink>
+</para>
+
+<para>
+Cheers, jerry
+</para>
+
+</dedication>
+
+<!-- Chapters -->
+&UNIX-INSTALL;
+&IntegratingWithWindows;
+&Samba-PAM;
+&MS-Dfs-Setup;
+&NT-Security;
+&PRINTER-DRIVER2;
+&CUPS;
+&DOMAIN-MEMBER;
+&Samba-PDC-HOWTO;
+&Samba-BDC-HOWTO;
+&Samba-LDAP;
+&WINBIND;
+&OS2-Client;
+&CVS-Access;
+
+<!-- Autogenerated Index -->
+&INDEX-FILE;
+
+</book>
diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml
new file mode 100755
index 00000000000..52f608fc276
--- /dev/null
+++ b/docs/docbook/projdoc/winbind.sgml
@@ -0,0 +1,842 @@
+<chapter id="winbind">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Tim</firstname><surname>Potter</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address><email>tpot@linuxcare.com.au</email></address>
+		</affiliation>
+	</author>
+	<author>
+		<firstname>Andrew</firstname><surname>Trigdell</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address><email>tridge@linuxcare.com.au</email></address>
+		</affiliation>
+	</author>
+	<author>
+		<firstname>John</firstname><surname>Trostel</surname>
+		<affiliation>
+			<orgname>Snapserver</orgname>
+			<address><email>jtrostel@snapserver.com</email></address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate>16 Oct 2000</pubdate>
+</chapterinfo>
+
+<title>Unified Logons between Windows NT and UNIX using Winbind</title>
+
+<sect1>
+	<title>Abstract</title>
+
+	<para>Integration of UNIX and Microsoft Windows NT through 
+	a unified logon has been considered a "holy grail" in heterogeneous 
+	computing environments for a long time. We present 
+	<emphasis>winbind</emphasis>, a component of the Samba suite 
+	of programs as a solution to the unified logon problem. Winbind 
+	uses a UNIX implementation 
+	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
+	Service Switch to allow Windows NT domain users to appear and operate 
+	as UNIX users on a UNIX machine. This paper describes the winbind 
+	system, explaining the functionality it provides, how it is configured, 
+	and how it works internally.</para>
+</sect1>
+
+
+<sect1>
+	<title>Introduction</title>
+	
+	<para>It is well known that UNIX and Microsoft Windows NT have 
+	different models for representing user and group information and 
+	use different technologies for implementing them. This fact has 
+	made it difficult to integrate the two systems in a satisfactory 
+	manner.</para>
+	
+	<para>One common solution in use today has been to create 
+	identically named user accounts on both the UNIX and Windows systems 
+	and use the Samba suite of programs to provide file and print services 
+	between the two. This solution is far from perfect however, as 
+	adding and deleting users on both sets of machines becomes a chore 
+	and two sets of passwords are required both of which
+	can lead to synchronization problems between the UNIX and Windows 
+	systems and confusion for users.</para>
+	
+	<para>We divide the unified logon problem for UNIX machines into 
+	three smaller problems:</para>
+	
+	<itemizedlist>
+		<listitem><para>Obtaining Windows NT user and group information
+		</para></listitem>
+		
+		<listitem><para>Authenticating Windows NT users
+		</para></listitem>
+		
+		<listitem><para>Password changing for Windows NT users
+		</para></listitem>
+	</itemizedlist>
+
+
+	<para>Ideally, a prospective solution to the unified logon problem 
+	would satisfy all the above components without duplication of 
+	information on the UNIX machines and without creating additional 
+	tasks for the system administrator when maintaining users and 
+	groups on either system. The winbind system provides a simple 
+	and elegant solution to all three components of the unified logon 
+	problem.</para>
+</sect1>
+
+
+<sect1>
+	<title>What Winbind Provides</title>
+
+	<para>Winbind unifies UNIX and Windows NT account management by 
+	allowing a UNIX box to become a full member of a NT domain. Once 
+	this is done the UNIX box will see NT users and groups as if 
+	they were native UNIX users and groups, allowing the NT domain 
+	to be used in much the same manner that NIS+ is used within 
+	UNIX-only environments.</para>
+	
+	<para>The end result is that whenever any 
+	program on the UNIX machine asks the operating system to lookup 
+	a user or group name, the query will be resolved by asking the 
+	NT domain controller for the specified domain to do the lookup.
+	Because Winbind hooks into the operating system at a low level 
+	(via the NSS name resolution modules in the C library) this 
+	redirection to the NT domain controller is completely 
+	transparent.</para>
+	
+	<para>Users on the UNIX machine can then use NT user and group 
+	names as they would use "native" UNIX names. They can chown files 
+	so that they are owned by NT domain users or even login to the 
+	UNIX machine and run a UNIX X-Window session as a domain user.</para>
+	
+	<para>The only obvious indication that Winbind is being used is 
+	that user and group names take the form DOMAIN\user and 
+	DOMAIN\group. This is necessary as it allows Winbind to determine 
+	that redirection to a domain controller is wanted for a particular 
+	lookup and which trusted domain is being referenced.</para>
+	
+	<para>Additionally, Winbind provides an authentication service 
+	that hooks into the Pluggable Authentication Modules (PAM) system 
+	to provide authentication via a NT domain to any PAM enabled 
+	applications. This capability solves the problem of synchronizing 
+	passwords between systems since all passwords are stored in a single 
+	location (on the domain controller).</para>
+	
+	<sect2>
+		<title>Target Uses</title>
+		
+		<para>Winbind is targeted at organizations that have an 
+		existing NT based domain infrastructure into which they wish 
+		to put UNIX workstations or servers. Winbind will allow these 
+		organizations to deploy UNIX workstations without having to 
+		maintain a separate account infrastructure. This greatly 
+		simplifies the administrative overhead of deploying UNIX 
+		workstations into a NT based organization.</para>
+		
+		<para>Another interesting way in which we expect Winbind to 
+		be used is as a central part of UNIX based appliances. Appliances
+		that provide file and print services to Microsoft based networks 
+		will be able to use Winbind to provide seamless integration of 
+		the appliance into the domain.</para>
+	</sect2>
+</sect1>
+
+
+
+<sect1>
+	<title>How Winbind Works</title>
+	
+	<para>The winbind system is designed around a client/server 
+	architecture. A long running <command>winbindd</command> daemon 
+	listens on a UNIX domain socket waiting for requests
+	to arrive. These requests are generated by the NSS and PAM 
+	clients and processed sequentially.</para>
+	
+	<para>The technologies used to implement winbind are described 
+	in detail below.</para>
+	
+	<sect2>
+		<title>Microsoft Remote Procedure Calls</title>
+		
+		<para>Over the last two years, efforts have been underway 
+		by various Samba Team members to decode various aspects of 
+		the Microsoft Remote Procedure Call (MSRPC) system. This 
+		system is used for most network related operations between 
+		Windows NT machines including remote management, user authentication
+		and print spooling. Although initially this work was done 
+		to aid the implementation of Primary Domain Controller (PDC) 
+		functionality in Samba, it has also yielded a body of code which 
+		can be used for other purposes.</para>
+		
+		<para>Winbind uses various MSRPC calls to enumerate domain users 
+		and groups and to obtain detailed information about individual 
+		users or groups. Other MSRPC calls can be used to authenticate 
+		NT domain users and to change user passwords. By directly querying 
+		a Windows PDC for user and group information, winbind maps the 
+		NT account information onto UNIX user and group names.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Name Service Switch</title>
+		
+		<para>The Name Service Switch, or NSS, is a feature that is 
+		present in many UNIX operating systems. It allows system 
+		information such as hostnames, mail aliases and user information 
+		to be resolved from different sources. For example, a standalone 
+		UNIX workstation may resolve system information from a series of 
+		flat files stored on the local filesystem. A networked workstation 
+		may first attempt to resolve system information from local files, 
+		and then consult a NIS database for user information or a DNS server 
+		for hostname information.</para>
+		
+		<para>The NSS application programming interface allows winbind 
+		to present itself as a source of system information when 
+		resolving UNIX usernames and groups.  Winbind uses this interface, 
+		and information obtained from a Windows NT server using MSRPC 
+		calls to provide a new source of account enumeration.  Using standard 
+		UNIX library calls, one can enumerate the users and groups on
+		a UNIX machine running winbind and see all users and groups in 
+		a NT domain plus any trusted domain as though they were local 
+		users and groups.</para>
+		
+		<para>The primary control file for NSS is 
+		<filename>/etc/nsswitch.conf</filename>. 
+		When a UNIX application makes a request to do a lookup 
+		the C library looks in <filename>/etc/nsswitch.conf</filename> 
+		for a line which matches the service type being requested, for 
+		example the "passwd" service type is used when user or group names 
+		are looked up. This	config line species which implementations 
+		of that service should be tried and in what order. If the passwd 
+		config line is:</para>
+
+		<para><command>passwd: files example</command></para>
+
+		<para>then the C library will first load a module called 
+		<filename>/lib/libnss_files.so</filename> followed by
+		the module <filename>/lib/libnss_example.so</filename>. The 
+		C library will dynamically load each of these modules in turn 
+		and call resolver functions within the modules to try to resolve 
+		the request. Once the request is resolved the C library returns the
+		result to the application.</para>
+		
+		<para>This NSS interface provides a very easy way for Winbind 
+		to hook into the operating system. All that needs to be done 
+		is to put <filename>libnss_winbind.so</filename> in <filename>/lib/</filename> 
+		then add "winbind" into <filename>/etc/nsswitch.conf</filename> at 
+		the appropriate place. The C library will then call Winbind to 
+		resolve user and group names.</para>
+	</sect2>
+	
+	<sect2>
+		<title>Pluggable Authentication Modules</title>
+		
+		<para>Pluggable Authentication Modules, also known as PAM, 
+		is a system for abstracting authentication and authorization 
+		technologies. With a PAM module it is possible to specify different 
+		authentication methods for different system applications without 
+		having to recompile these applications. PAM is also useful
+		for implementing a particular policy for authorization. For example, 
+		a system administrator may only allow console logins from users 
+		stored in the local password file but only allow users resolved from 
+		a NIS database to log in over the network.</para>
+		
+		<para>Winbind uses the authentication management and password 
+		management PAM interface to integrate Windows NT users into a 
+		UNIX system. This allows Windows NT users to log in to a UNIX 
+		machine and be authenticated against a suitable Primary Domain 
+		Controller. These users can also change their passwords and have 
+		this change take effect directly on the Primary Domain Controller.
+		</para>
+		
+		<para>PAM is configured by providing control files in the directory 
+		<filename>/etc/pam.d/</filename> for each of the services that 
+		require authentication. When an authentication request is made 
+		by an application the PAM code in the C library looks up this
+		control file to determine what modules to load to do the 
+		authentication check and in what order. This interface makes adding 
+		a new authentication service for Winbind very easy, all that needs 
+		to be done is that the <filename>pam_winbind.so</filename> module 
+		is copied to <filename>/lib/security/</filename> and the PAM 
+		control files for relevant services are updated to allow 
+		authentication via winbind. See the PAM documentation
+		for more details.</para>
+	</sect2>
+	
+	
+	<sect2>
+		<title>User and Group ID Allocation</title>
+		
+		<para>When a user or group is created under Windows NT 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers that are 
+		used to identify users, and the same range in which to identify 
+		groups. It is winbind's job to convert RIDs to UNIX id numbers and
+		vice versa.  When winbind is configured it is given part of the UNIX 
+		user id space and a part of the UNIX group id space in which to 
+		store Windows NT users and groups. If a Windows NT user is 
+		resolved for the first time, it is allocated the next UNIX id from 
+		the range. The same process applies for Windows NT groups. Over 
+		time, winbind will have mapped all Windows NT users and groups
+		to UNIX user ids and group ids.</para>
+
+		<para>The results of this mapping are stored persistently in 
+		an ID mapping database held in a tdb database). This ensures that 
+		RIDs are mapped to UNIX IDs in a consistent way.</para>
+	</sect2>
+	
+	
+	<sect2>
+		<title>Result Caching</title>
+
+		<para>An active system can generate a lot of user and group 
+		name lookups. To reduce the network cost of these lookups winbind 
+		uses a caching scheme based on the SAM sequence number supplied 
+		by NT domain controllers.  User or group information returned 
+		by a PDC is cached by winbind along with a sequence number also 
+		returned by the PDC. This sequence number is incremented by 
+		Windows NT whenever any user or group information is modified. If 
+		a cached entry has expired, the sequence number is requested from 
+		the PDC and compared against the sequence number of the cached entry. 
+		If the sequence numbers do not match, then the cached information 
+		is discarded and up to date information is requested directly 
+		from the PDC.</para>
+	</sect2>
+</sect1>
+
+
+<sect1>
+	<title>Installation and Configuration</title>
+	
+<para>
+Many thanks to John Trostel <ulink 
+url="mailto:jtrostel@snapserver.com">jtrostel@snapserver.com</ulink>
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
+to control access and authenticate users on your Linux box using 
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.
+</para>
+
+
+
+
+<sect2>
+<title>Introduction</title>
+
+<para>
+This HOWTO describes the procedures used to get winbind up and 
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.
+</para>
+
+<para>
+This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.
+</para>
+
+
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>Why should I to this?</emphasis>
+	</para>
+
+	<para>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
+	accounts on the SAMBA server.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	<emphasis>Who should be reading this document?</emphasis>
+	</para>
+
+	<para>
+	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
+	integrate existing NT/Win2K users from your PDC onto the
+	SAMBA server, this HOWTO is for you.
+	</para>
+</listitem>
+</itemizedlist>
+</sect2>
+
+
+<sect2>
+<title>Requirements</title>
+
+<para>
+If you have a samba configuration file that you are currently
+using... <emphasis>BACK IT UP!</emphasis>  If your system already uses PAM,
+<emphasis>back up the <filename>/etc/pam.d</filename> (or <filename>/etc/pam.conf</filename>)
+directory contents!</emphasis> If you haven't already made a boot disk,
+<emphasis>MAKE ONE NOW!</emphasis>
+</para>
+
+<para>
+Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
+<filename>/etc/pam.d</filename> (or <filename>pam.conmf</filename>) back to
+the original state they were in if
+you get frustrated with the way things are going.
+</para>
+
+<para>
+The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
+<ulink url="http://samba.org/">main SAMBA web page</ulink> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.
+</para>
+
+<para>
+To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
+SAMBA machine, PAM (pluggable authentication modules) must
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <filename>pam</filename> and <filename>pam-devel</filename> RPM.
+The former is installed by default on all Linux systems of which the author is aware.
+</para>
+
+</sect2>
+
+
+<sect2>
+<title>Testing Things Out</title>
+
+<para>
+Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <command>smbd</command>, <command>nmbd</command>, and <command>winbindd</command> processes that may
+be running (<command>winbindd</command> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <filename>/etc/pam.d</filename>
+directory structure, including the pam modules are used by pam-aware
+services, several pam libraries, and the <filename>/usr/doc</filename>
+and <filename>/usr/man</filename> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <filename>pam_winbind.so</filename> library or
+include the <command>--with-pam</command> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.
+</para>
+
+<para>
+[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]
+</para>
+
+<sect3>
+<title>Configure and Compile SAMBA</title>
+
+<para>
+The configuration and compilation of SAMBA is straightforward.
+</para>
+
+<para><programlisting>
+<prompt>root#</prompt> <command>./configure --with-winbind</command>
+<prompt>root#</prompt> <command>make</command>
+<prompt>root#</prompt> <command>make install</command>
+</programlisting></para>
+
+
+<para>
+This will, by default, install SAMBA in <filename>/usr/local/samba</filename>.
+See the main SAMBA documentation if you want to install SAMBA somewhere else.
+It will also build the winbindd executable and NSS library.
+</para>
+
+</sect3>
+
+<sect3>
+<title>Configure <filename>nsswitch.conf</filename> and the
+winbind libraries</title>
+
+<para>
+The libraries needed to run the <command>winbindd</command> daemon
+through nsswitch need to be copied to their proper locations.
+</para>
+
+<para>
+<prompt>root#</prompt> <command>cp nsswitch/libnss_winbind.so /lib</command>
+<prompt>root#</prompt> <command>chmod 755 /lib/libnss_winbind.so</command>
+</para>
+
+<para>
+It necessary to make the following symbolic link:
+</para>
+
+<para>
+<prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command>
+</para>
+
+<para>
+The <filename>.2</filename> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
+<filename>/lib/nss_winbind.so.1</filename>
+</para>
+
+<para>
+Now, as root edit <filename>/etc/nsswitch.conf</filename> to
+allow user and group entries to be visible from the <command>winbindd</command>
+daemon.  After editing, the file look appear:
+</para>
+
+<para><programlisting>
+	passwd:     files winbind
+	shadow:     files
+	group:      files winbind
+</programlisting></para>
+
+</sect3>
+
+
+<sect3>
+<title>Configure <filename>smb.conf</filename></title>
+
+<para>
+Several parameters are needed in the smb.conf file to control
+the behavior of <command>winbindd</command>. Configure
+<filename>smb.conf</filename> These are described in more detail in
+the <ulink url="winbindd.8.html">winbindd(8)</ulink> man page.  My
+<filename>smb.conf</filename> file was modified to
+include the following entries in the [global] section:
+</para>
+
+<para><programlisting>
+[global]
+     <...>
+     # separate domain and username with '+', like DOMAIN+username
+     <ulink url="winbindd.8.html#WINBINDSEPARATOR">winbind separator</ulink> = +
+     # use uids from 10000 to 20000 for domain users
+     <ulink url="winbindd.8.html#WINBINDUID">winbind uid</ulink> = 10000-20000
+     # use gids from 10000 to 20000 for domain groups
+     <ulink url="winbindd.8.html#WINBINDGID">winbind gid</ulink> = 10000-20000
+     # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
+     <ulink url="winbindd.8.html#WINBINDENUMUSERS">winbind enum users</ulink> = yes
+     <ulink url="winbindd.8.html#WINBINDENUMGROUP">winbind enum groups</ulink> = yes
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
+     <ulink url="winbindd.8.html#TEMPLATEHOMEDIR">template homedir</ulink> = /home/winnt/%D/%U
+     <ulink url="winbindd.8.html#TEMPLATESHELL">template shell</ulink> = /bin/bash
+</programlisting></para>
+
+</sect3>
+
+
+<sect3>
+<title>Join the SAMBA server to the PDC domain</title>
+
+<para>
+Enter the following command to make the SAMBA server join the
+PDC domain, where <replaceable>DOMAIN</replaceable> is the name of
+your Windows domain and <replaceable>Administrator</replaceable> is
+a domain user who has administrative privileges in the domain.
+</para>
+
+
+<para>
+<prompt>root#</prompt> <command>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</command>
+</para>
+
+
+<para>
+The proper response to the command should be: "Joined the domain
+<replaceable>DOMAIN</replaceable>" where <replaceable>DOMAIN</replaceable>
+is your DOMAIN name.
+</para>
+
+</sect3>
+
+
+<sect3>
+<title>Start up the winbindd daemon and test it!</title>
+
+<para>
+Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
+SAMBA start, but it is possible to test out just the winbind
+portion first.  To start up winbind services, enter the following
+command as root:
+</para>
+
+<para>
+<prompt>root#</prompt> <command>export PATH=$PATH:/usr/local/samba/bin</command>
+<prompt>root#</prompt> <command>winbindd</command>
+</para>
+
+<para>
+I'm always paranoid and like to make sure the daemon
+is really running...
+</para>
+
+<para>
+<prompt>root#</prompt> <command>ps -ae | grep winbindd</command>
+</para>
+<para>
+This command should produce output like this, if the daemon is running
+</para>
+<para>
+3025 ?        00:00:00 winbindd
+</para>
+
+<para>
+Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <filename>packaging/RedHat/winbind.init</filename>.
+</para>
+
+<para>
+Now... for the real test, try to get some information about the
+users on your PDC
+</para>
+
+<para>
+<prompt>root#</prompt> <command>wbinfo -u</command>
+</para>
+
+<para>
+This should echo back a list of users on your Windows users on
+your PDC.  For example, I get the following response:
+</para>
+
+<para><programlisting>
+CEO+Administrator
+CEO+burdell
+CEO+Guest
+CEO+jt-ad
+CEO+krbtgt
+CEO+TsInternetUser
+</programlisting></para>
+
+<para>
+Obviously, I have named my domain 'CEO' and my <parameter>winbind
+separator</parameter> is '+'.
+</para>
+
+<para>
+You can do the same sort of thing to get group information from
+the PDC:
+</para>
+
+<para><programlisting>
+<prompt>root#</prompt> <command>/usr/local/samba/bin/wbinfo -g</command>
+CEO+Domain Admins
+CEO+Domain Users
+CEO+Domain Guests
+CEO+Domain Computers
+CEO+Domain Controllers
+CEO+Cert Publishers
+CEO+Schema Admins
+CEO+Enterprise Admins
+CEO+Group Policy Creator Owners
+</programlisting></para>
+
+<para>
+The function 'getent' can now be used to get unified
+lists of both local and PDC users and groups.
+Try the following command:
+</para>
+
+<para>
+<prompt>root#</prompt> <command>getent passwd</command>
+</para>
+
+<para>
+You should get a list that looks like your <filename>/etc/passwd</filename>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <filename>rwxr-xr-x</filename>.
+</para>
+
+<para>
+The same thing can be done for groups with the command
+</para>
+
+<para>
+<prompt>root#</prompt> <command>getent group</command>
+</para>
+
+</sect3>
+
+
+
+<sect3>
+<title>Configure Winbind and PAM</title>
+
+<para>
+At this point we are assured that <command>winbindd</command> and <command>smbd</command>
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
+<filename>/etc/pam.d</filename> (or <filename>/etc/pam.conf</filename>) file[s]? If not, do it now.)
+</para>
+
+<para>
+You will need a PAM module to use <command>winbindd</command> with these other services.  This
+module will be compiled in the <filename>../source/nsswitch</filename> directory
+by invoking the command
+</para>
+
+<para>
+<prompt>root#</prompt> <command>make nsswitch/pam_winbind.so</command>
+</para>
+
+<para>
+from the <filename>../source</filename> directory.  The
+<filename>pam_winbind.so</filename> file should be copied to the location of
+your other pam security modules.  On Linux and Solaris systems, this is the
+<filename>/lib/security</filename> directory.
+</para>
+
+<para>
+<prompt>root#</prompt> <command>cp nsswitch/pam_winbind.so /lib/security</command>
+<prompt>root#</prompt> <command>chmod 755 /lib/security/pam_winbind.so</command>
+</para>
+
+<para>
+Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
+<filename>/etc/xinetd.d</filename> (or <filename>/etc/inetd.conf</filename>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
+to change the lines in <filename>/etc/xinetd.d/telnet</filename>
+and <filename>/etc/xinetd.d/wu-ftp</filename> from
+</para>
+
+<para><programlisting>
+enable = no
+</programlisting></para>
+
+<para>
+to
+</para>
+
+<para><programlisting>
+enable = yes
+</programlisting></para>
+
+<para>
+For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
+the server, or change the home directory template to a general
+directory for all domain users.  These can be easily set using
+the <filename>smb.conf</filename> global entry
+<command>template homedir</command>.
+</para>
+
+<para>
+The <filename>/etc/pam.d/ftp</filename> file can be changed
+to allow winbind ftp access in a manner similar to the
+samba file.  My <filename>/etc/pam.d/ftp</filename> file was
+changed to look like this:
+</para>
+
+<para><programlisting>
+auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       sufficient   /lib/security/pam_winbind.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_shells.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+</programlisting></para>
+
+<para>
+The <filename>/etc/pam.d/login</filename> file can be changed nearly the
+same way.  It now looks like this:
+</para>
+
+<para><programlisting>
+auth       required     /lib/security/pam_securetty.so
+auth       sufficient   /lib/security/pam_winbind.so
+auth       sufficient   /lib/security/pam_unix.so use_first_pass
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so
+</programlisting></para>
+
+<para>
+In this case, I added the <command>auth sufficient /lib/security/pam_winbind.so</command>
+lines as before, but also added the <command>required pam_securetty.so</command>
+above it, to disallow root logins over the network.  I also added a
+<command>sufficient /lib/security/pam_unix.so use_first_pass</command>
+line after the <command>winbind.so</command> line to get rid of annoying
+double prompts for passwords.
+</para>
+
+
+<para>
+Note that a Solaris <filename>/etc/pam.conf</filename> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.
+</para>
+
+<para><programlisting>
+## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
+</programlisting></para>
+
+
+
+
+</sect3>
+
+</sect2>
+
+</sect1>
+
+<sect1>
+	<title>Limitations</title>
+
+	<para>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
+	releases:</para>
+
+	<itemizedlist>
+		<listitem><para>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
+		containing this information is corrupted or destroyed.</para>
+		</listitem>
+
+		<listitem><para>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
+		that may be been set for Windows NT users.</para></listitem>
+	</itemizedlist>
+</sect1>
+
+
+<sect1>
+	<title>Conclusion</title>
+
+	<para>The winbind system, through the use of the Name Service 
+	Switch, Pluggable Authentication Modules, and appropriate 
+	Microsoft RPC calls have allowed us to provide seamless 
+	integration of Microsoft Windows NT domain users on a
+	UNIX system. The result is a great reduction in the administrative 
+	cost of running a mixed UNIX and NT network.</para>
+	
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/scripts/README.ldp_print b/docs/docbook/scripts/README.ldp_print
new file mode 100755
index 00000000000..8d61a855343
--- /dev/null
+++ b/docs/docbook/scripts/README.ldp_print
@@ -0,0 +1,60 @@
+
+######################################################################
+    ldp_print -  print tool/script for DocBook SGML/XML documents 
+######################################################################
+
+This process/script is used in the production environment for the
+LDP.  It relies on the HTMLDOC software package (GPL'ed) which can be
+obtained from the Easy Software Products (c) web site:
+
+        http://www.easysw.com/htmldoc/
+
+This process creates a PDF variant from the single-file HTML
+representation of a DocBook SGML (or XML) instance. The simple
+wrapper script (ldp_print) assumes that the file was created using
+{open}jade in a manner similar to:
+
+        jade -t sgml -i html -V nochunks -d $style $fname > $fname.html
+
+Give the script the filename as an argument. It will then parse the
+file into 'title.html' and 'body.html' and send each to htmldoc (as
+the corresponding title page and body of the document).
+
+
+CAVEATS
+=======
+
+o  Assumes perl is in /usr/bin; adjust if necessary
+
+o  You may need to specify where the htmldoc executable resides.
+   The script assumes it's within your $PATH.
+
+o  If you want Postscript as an output variant, uncomment the
+   appropriate lines (see below).
+
+o  Relies on output from a DocBook instance created via DSSSL/{open}jade!
+
+o  Cleans up (removes) the intermediate files it creates (but not the
+   PDF or Postscript files, obviously!)
+
+o  Works silently; PDF (PostScript) will be created in the same directory
+   as was specified for the input (single-file HTML) file.
+
+o  Provided without warranty or support!
+
+o  I ran into a problem with htmldoc v1.8.8 which required a source
+   code change (I was getting a core dump from the htmldoc process).
+   Here is the change required:
+
+	htmldoc/ps-pdf.cxx :
+	3662,3665d3661
+	<      /* gjf = 11Oct2000 */
+	<      if( temprow == NULL )
+	<          break;
+	< 
+
+
+====
+gferg (at) sgi.com / Ferg
+11 Jan 2000
+
diff --git a/docs/docbook/scripts/collateindex.pl b/docs/docbook/scripts/collateindex.pl
new file mode 100755
index 00000000000..fd757edb320
--- /dev/null
+++ b/docs/docbook/scripts/collateindex.pl
@@ -0,0 +1,595 @@
+# -*- Perl -*-
+#
+
+use Getopt::Std;
+
+$usage = "Usage: $0 <opts> file
+Where <opts> are:
+       -p        Link to points in the document.  The default is to link
+                 to the closest containing section.
+       -g        Group terms with IndexDiv based on the first letter 
+                 of the term (or its sortas attribute).
+                 (This probably doesn't handle i10n particularly well)
+       -s name   Name the IndexDiv that contains symbols.  The default
+                 is 'Symbols'.  Meaningless if -g is not used.
+       -t name   Title for the index.
+       -P file   Read a preamble from file.  The content of file will
+                 be inserted before the <index> tag.
+       -i id     The ID for the <index> tag.
+       -o file   Output to file. Defaults to stdout.
+       -S scope  Scope of the index, must be 'all', 'local', or 'global'.
+                 If unspecified, 'all' is assumed.
+       -I scope  The implied scope, must be 'all', 'local', or 'global'.
+                 IndexTerms which do not specify a scope will have the
+                 implied scope.  If unspecified, 'all' is assumed.
+       -x        Make a SetIndex.
+       -f        Force the output file to be written, even if it appears
+                 to have been edited by hand.
+       -N        New index (generates an empty index file).
+       file      The file containing index data generated by Jade
+                 with the DocBook HTML Stylesheet.\n";
+
+die $usage if ! getopts('Dfgi:NpP:s:o:S:I:t:x');
+
+$linkpoints   = $opt_p;
+$lettergroups = $opt_g;
+$symbolsname  = $opt_s || "Symbols";
+$title        = $opt_t;
+$preamble     = $opt_P;
+$outfile      = $opt_o || '-';
+$indexid      = $opt_i;
+$scope        = uc($opt_S) || 'ALL';
+$impliedscope = uc($opt_I) || 'ALL';
+$setindex     = $opt_x;
+$forceoutput  = $opt_f;
+$newindex     = $opt_N;
+$debug        = $opt_D;
+
+$indextag     = $setindex ? 'setindex' : 'index';
+
+if ($newindex) {
+    safe_open(*OUT, $outfile);
+    if ($indexid) {
+	print OUT "<$indextag id='$indexid'>\n\n";
+    } else {
+	print OUT "<$indextag>\n\n";
+    }
+
+    print OUT "<!-- This file was produced by collateindex.pl.         -->\n";
+    print OUT "<!-- Remove this comment if you edit this file by hand! -->\n";
+
+    print OUT "</$indextag>\n";
+    exit 0;
+}
+
+$dat = shift @ARGV || die $usage;
+die "$0: cannot find $dat.\n" if ! -f $dat;
+
+%legal_scopes = ('ALL' => 1, 'LOCAL' => 1, 'GLOBAL' => 1);
+if ($scope && !$legal_scopes{$scope}) {
+    die "Invalid scope.\n$usage\n";
+}
+if ($impliedscope && !$legal_scopes{$impliedscope}) {
+    die "Invalid implied scope.\n$usage\n";
+}
+
+@term = ();
+%id   = ();
+
+$termcount = 0;
+
+print STDERR "Processing $dat...\n";
+
+# Read the index file, creating an array of objects.  Each object 
+# represents and indexterm and has fields for the content of the
+# indexterm
+
+open (F, $dat);
+while (<F>) {
+    chop;
+
+    if (/^\/indexterm/i) {
+	push (@term, $idx);
+	next;
+    }
+
+    if (/^indexterm (.*)$/i) {
+	$termcount++;
+	$idx = {};
+	$idx->{'zone'} = {};
+	$idx->{'href'} = $1;
+	$idx->{'count'} = $termcount;
+	$idx->{'scope'} = $impliedscope;
+	next;
+    }
+
+    if (/^indexpoint (.*)$/i) {
+	$idx->{'hrefpoint'} = $1;
+	next;
+    }
+
+    if (/^title (.*)$/i) {
+	$idx->{'title'} = $1;
+	next;
+    }
+
+    if (/^primary[\[ ](.*)$/i) {
+	if (/^primary\[(.*?)\] (.*)$/i) {
+	    $idx->{'psortas'} = $1;
+	    $idx->{'primary'} = $2;
+	} else {
+	    $idx->{'psortas'} = $1;
+	    $idx->{'primary'} = $1;
+	}
+	next;
+    }
+
+    if (/^secondary[\[ ](.*)$/i) {
+	if (/^secondary\[(.*?)\] (.*)$/i) {
+	    $idx->{'ssortas'} = $1;
+	    $idx->{'secondary'} = $2;
+	} else {
+	    $idx->{'ssortas'} = $1;
+	    $idx->{'secondary'} = $1;
+	}
+	next;
+    }
+
+    if (/^tertiary[\[ ](.*)$/i) {
+	if (/^tertiary\[(.*?)\] (.*)$/i) {
+	    $idx->{'tsortas'} = $1;
+	    $idx->{'tertiary'} = $2;
+	} else {
+	    $idx->{'tsortas'} = $1;
+	    $idx->{'tertiary'} = $1;
+	}
+	next;
+    }
+
+    if (/^see (.*)$/i) {
+	$idx->{'see'} = $1;
+	next;
+    }
+
+    if (/^seealso (.*)$/i) {
+	$idx->{'seealso'} = $1;
+	next;
+    }
+
+    if (/^significance (.*)$/i) {
+	$idx->{'significance'} = $1;
+	next;
+    }
+
+    if (/^class (.*)$/i) {
+	$idx->{'class'} = $1;
+	next;
+    }
+
+    if (/^scope (.*)$/i) {
+	$idx->{'scope'} = uc($1);
+	next;
+    }
+
+    if (/^startref (.*)$/i) {
+	$idx->{'startref'} = $1;
+	next;
+    }
+
+    if (/^id (.*)$/i) {
+	$idx->{'id'} = $1;
+	$id{$1} = $idx;
+	next;
+    }
+
+    if (/^zone (.*)$/i) {
+	my($href) = $1;
+	$_ = scalar(<F>);
+	chop;
+	die "Bad zone: $_\n" if !/^title (.*)$/i;
+	$idx->{'zone'}->{$href} = $1;
+	next;
+    }
+
+    die "Unrecognized: $_\n";
+}
+close (F);
+
+print STDERR "$termcount entries loaded...\n";
+
+# Fixup the startrefs...
+# In DocBook, STARTREF is a #CONREF attribute; support this by copying
+# all of the fields from the indexterm with the id specified by STARTREF
+# to the indexterm that has the STARTREF.
+foreach $idx (@term) {
+    my($ididx, $field);
+    if ($idx->{'startref'}) {
+	$ididx = $id{$idx->{'startref'}};
+	foreach $field ('primary', 'secondary', 'tertiary', 'see', 'seealso',
+		        'psortas', 'ssortas', 'tsortas', 'significance',
+		        'class', 'scope') {
+	    $idx->{$field} = $ididx->{$field};
+	}
+    }
+}
+
+# Sort the index terms
+@term = sort termsort @term;
+
+# Move all of the non-alphabetic entries to the front of the index.
+@term = sortsymbols(@term);
+
+safe_open(*OUT, $outfile);
+
+# Write the index...
+if ($indexid) {
+    print OUT "<$indextag id='$indexid'>\n\n";
+} else {
+    print OUT "<$indextag>\n\n";
+}
+
+print OUT "<!-- This file was produced by collateindex.pl.         -->\n";
+print OUT "<!-- Remove this comment if you edit this file by hand! -->\n";
+
+print OUT "<!-- ULINK is abused here.
+      
+      The URL attribute holds the URL that points from the index entry
+      back to the appropriate place in the output produced by the HTML
+      stylesheet. (It's much easier to calculate this URL in the first
+      pass.)
+
+      The Role attribute holds the ID (either real or manufactured) of
+      the corresponding INDEXTERM.  This is used by the print backends
+      to produce page numbers.
+
+      The entries below are sorted and collated into the correct order.
+      Duplicates may be removed in the HTML backend, but in the print
+      backends, it is impossible to suppress duplicate pages or coalesce
+      sequences of pages into a range.
+-->\n\n";
+
+print OUT "<title>$title</title>\n\n" if $title;
+
+$last = {};     # the last indexterm we processed
+$first = 1;     # this is the first one
+$group = "";    # we're not in a group yet
+$lastout = "";  # we've not put anything out yet
+
+foreach $idx (@term) {
+    next if $idx->{'startref'}; # no way to represent spans...
+    next if ($idx->{'scope'} eq 'LOCAL') && ($scope eq 'GLOBAL');
+    next if ($idx->{'scope'} eq 'GLOBAL') && ($scope eq 'LOCAL');
+    next if &same($idx, $last); # suppress duplicates
+
+    $termcount--;
+
+    # If primary changes, output a whole new index term, otherwise just
+    # output another secondary or tertiary, as appropriate.  We know from
+    # sorting that the terms will always be in the right order.
+    if (!&tsame($last, $idx, 'primary')) { 
+	print "DIFF PRIM\n" if $debug;
+	&end_entry() if not $first;
+
+	if ($lettergroups) {
+	    # If we're grouping, make the right indexdivs
+	    $letter = $idx->{'psortas'};
+	    $letter = $idx->{'primary'} if !$letter;
+	    $letter = uc(substr($letter, 0, 1));
+	    
+	    # symbols are a special case
+	    if (($letter lt 'A') || ($letter gt 'Z')) {
+		if (($group eq '')
+		    || (($group ge 'A') && ($group le 'Z'))) {
+		    print OUT "</indexdiv>\n" if !$first;
+		    print OUT "<indexdiv><title>$symbolsname</title>\n\n";
+		    $group = $letter;
+		}
+	    } elsif (($group eq '') || ($group ne $letter)) {
+		print OUT "</indexdiv>\n" if !$first;
+		print OUT "<indexdiv><title>$letter</title>\n\n";
+		$group = $letter;
+	    }
+	}
+
+	$first = 0; # there can only be on first ;-)
+
+	print OUT "<indexentry>\n";
+	print OUT "  <primaryie>", $idx->{'primary'};
+	$lastout = "primaryie";
+
+ 	if ($idx->{'secondary'}) {
+	    print OUT "\n  </primaryie>\n";
+	    print OUT "  <secondaryie>", $idx->{'secondary'};
+	    $lastout = "secondaryie";
+	};
+
+	if ($idx->{'tertiary'}) {
+	    print OUT "\n  </secondaryie>\n";
+	    print OUT "  <tertiaryie>", $idx->{'tertiary'};
+	    $lastout = "tertiaryie";
+	}
+    } elsif (!&tsame($last, $idx, 'secondary')) {
+	print "DIFF SEC\n" if $debug;
+
+	print OUT "\n  </$lastout>\n" if $lastout;
+
+	print OUT "  <secondaryie>", $idx->{'secondary'};
+	$lastout = "secondaryie";
+	if ($idx->{'tertiary'}) {
+	    print OUT "\n  </secondaryie>\n";
+	    print OUT "  <tertiaryie>", $idx->{'tertiary'};
+	    $lastout = "tertiaryie";
+	}
+    } elsif (!&tsame($last, $idx, 'tertiary')) {
+	print "DIFF TERT\n" if $debug;
+
+	print OUT "\n  </$lastout>\n" if $lastout;
+
+	if ($idx->{'tertiary'}) {
+	    print OUT "  <tertiaryie>", $idx->{'tertiary'};
+	    $lastout = "tertiaryie";
+	}
+    }
+
+    &print_term($idx);
+    
+    $last = $idx;
+}
+
+# Termcount is > 0 iff some entries were skipped.
+print STDERR "$termcount entries ignored...\n";
+
+&end_entry();
+
+print OUT "</indexdiv>\n" if $lettergroups;
+print OUT "</$indextag>\n";
+
+close (OUT);
+
+print STDERR "Done.\n";
+
+sub same {
+    my($a) = shift;
+    my($b) = shift;
+
+    my($aP) = $a->{'psortas'} || $a->{'primary'};   
+    my($aS) = $a->{'ssortas'} || $a->{'secondary'}; 
+    my($aT) = $a->{'tsortas'} || $a->{'tertiary'};  
+	                                            
+    my($bP) = $b->{'psortas'} || $b->{'primary'};   
+    my($bS) = $b->{'ssortas'} || $b->{'secondary'}; 
+    my($bT) = $b->{'tsortas'} || $b->{'tertiary'};  
+
+    my($same);
+
+    $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP);
+    $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS);
+    $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT);
+    $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP);
+    $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS);
+    $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT);
+
+#    print "[$aP]=[$bP]\n";
+#    print "[$aS]=[$bS]\n";
+#    print "[$aT]=[$bT]\n";
+
+    # Two index terms are the same if:
+    # 1. the primary, secondary, and tertiary entries are the same
+    #    (or have the same SORTAS)
+    # AND
+    # 2. They occur in the same titled section
+    # AND
+    # 3. They point to the same place
+    #
+    # Notes: Scope is used to suppress some entries, but can't be used
+    #          for comparing duplicates.
+    #        Interpretation of "the same place" depends on whether or
+    #          not $linkpoints is true.
+
+    $same = (($aP eq $bP)
+	     && ($aS eq $bS)
+	     && ($aT eq $bT)
+	     && ($a->{'title'} eq $b->{'title'})
+	     && ($a->{'href'} eq $b->{'href'}));
+
+    # If we're linking to points, they're only the same if they link
+    # to exactly the same spot.  (surely this is redundant?)
+    $same = $same && ($a->{'hrefpoint'} eq $b->{'hrefpoint'})
+	if $linkpoints;
+
+    $same;
+}
+
+sub tsame {
+    # Unlike same(), tsame only compares a single term
+    my($a) = shift;
+    my($b) = shift;
+    my($term) = shift;
+    my($sterm) = substr($term, 0, 1) . "sortas";
+    my($A, $B);
+
+    $A = $a->{$sterm} || $a->{$term};
+    $B = $b->{$sterm} || $b->{$term};
+
+    $A =~ s/^\s*//; $A =~ s/\s*$//; $A = uc($A);
+    $B =~ s/^\s*//; $B =~ s/\s*$//; $B = uc($B);
+
+    return $A eq $B;
+}
+
+sub end_entry {
+    # End any open elements...
+    print OUT "\n  </$lastout>\n" if $lastout;
+    print OUT "</indexentry>\n\n";
+    $lastout = "";
+}
+
+sub print_term {
+    # Print out the links for an indexterm.  There can be more than
+    # one if the term has a ZONE that points to more than one place.
+    # (do we do the right thing in that case?)
+    my($idx) = shift;
+    my($key, $indent, @hrefs);
+    my(%href) = ();
+    my(%phref) = ();
+
+    $indent = "    ";
+
+    if ($idx->{'see'}) {
+	# it'd be nice to make this a link...
+	if ($lastout) {
+	    print OUT "\n  </$lastout>\n";
+	    $lastout = "";
+	}
+	print OUT $indent, "<seeie>", $idx->{'see'}, "</seeie>\n";
+	return;
+    }
+
+    if ($idx->{'seealso'}) {
+	# it'd be nice to make this a link...
+	if ($lastout) {
+	    print OUT "\n  </$lastout>\n";
+	    $lastout = "";
+	}
+	print OUT $indent, "<seealsoie>", $idx->{'seealso'}, "</seealsoie>\n";
+	return;
+    }
+
+    if (keys %{$idx->{'zone'}}) {
+	foreach $key (keys %{$idx->{'zone'}}) {
+	    $href{$key} = $idx->{'zone'}->{$key};
+	    $phref{$key} = $idx->{'zone'}->{$key};
+	}
+    } else {
+	$href{$idx->{'href'}} = $idx->{'title'};
+	$phref{$idx->{'href'}} = $idx->{'hrefpoint'};
+    }
+
+    # We can't use <LINK> because we don't know the ID of the term in the
+    # original source (and, in fact, it might not have one).
+    print OUT ",\n";
+    @hrefs = keys %href;
+    while (@hrefs) {
+	my($linkend) = "";
+	my($role) = "";
+	$key = shift @hrefs;
+	if ($linkpoints) {
+	    $linkend = $phref{$key};
+	} else {
+	    $linkend = $key;
+	}
+
+	$role = $linkend;
+	$role = $1 if $role =~ /\#(.*)$/;
+
+	print OUT $indent;
+	print OUT "<ulink url=\"$linkend\" role=\"$role\">";
+	print OUT "<emphasis>" if ($idx->{'significance'} eq 'PREFERRED');
+	print OUT $href{$key};
+	print OUT "</emphasis>" if ($idx->{'significance'} eq 'PREFERRED');
+	print OUT "</ulink>";
+    }
+}
+
+sub termsort {
+    my($aP) = $a->{'psortas'} || $a->{'primary'};   
+    my($aS) = $a->{'ssortas'} || $a->{'secondary'}; 
+    my($aT) = $a->{'tsortas'} || $a->{'tertiary'};  
+    my($ap) = $a->{'count'};
+	                                            
+    my($bP) = $b->{'psortas'} || $b->{'primary'};   
+    my($bS) = $b->{'ssortas'} || $b->{'secondary'}; 
+    my($bT) = $b->{'tsortas'} || $b->{'tertiary'};  
+    my($bp) = $b->{'count'};
+
+    $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP);
+    $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS);
+    $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT);
+    $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP);
+    $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS);
+    $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT);
+
+    if ($aP eq $bP) {
+	if ($aS eq $bS) {
+	    if ($aT eq $bT) {
+		# make sure seealso's always sort to the bottom
+		return 1 if ($a->{'seealso'});
+		return -1  if ($b->{'seealso'});
+		# if everything else is the same, keep these elements
+		# in document order (so the index links are in the right
+		# order)
+		return $ap <=> $bp;
+	    } else {
+		return $aT cmp $bT;
+	    }
+	} else {
+	    return $aS cmp $bS;
+	}
+    } else {
+	return $aP cmp $bP;
+    }
+}
+
+sub sortsymbols {
+    my(@term) = @_;
+    my(@new) = ();
+    my(@sym) = ();
+    my($letter);
+    my($idx);
+
+    # Move the non-letter things to the front.  Should digits be thier
+    # own group?  Maybe...
+    foreach $idx (@term) {
+	$letter = $idx->{'psortas'};
+	$letter = $idx->{'primary'} if !$letter;
+	$letter = uc(substr($letter, 0, 1));
+
+	if (($letter lt 'A') || ($letter gt 'Z')) {
+	    push (@sym, $idx);
+	} else {
+	    push (@new, $idx);
+	}
+    }
+
+    return (@sym, @new);
+}
+
+sub safe_open {
+    local(*OUT) = shift;
+    local(*F, $_);
+
+    if (($outfile ne '-') && (!$forceoutput)) {
+	my($handedit) = 1;
+	if (open (OUT, $outfile)) {
+	    while (<OUT>) {
+		if (/<!-- Remove this comment if you edit this file by hand! -->/){
+		    $handedit = 0;
+		    last;
+		}
+	    } 
+	    close (OUT);
+	} else {
+	    $handedit = 0;
+	}
+	
+	if ($handedit) {
+	    print "\n$outfile appears to have been edited by hand; use -f or\n";
+	    print "      change the output file.\n";
+	    exit 1;
+	}
+    }
+
+    open (OUT, ">$outfile") || die "$usage\nCannot write to $outfile.\n";
+
+    if ($preamble) { 
+	# Copy the preamble
+	if (open(F, $preamble)) {
+	    while (<F>) {
+		print OUT $_;
+	    }
+	    close(F);
+	} else {
+	    warn "$0: cannot open preamble $preamble.\n";
+	}
+    }
+}
diff --git a/docs/docbook/scripts/fix_print_html.lib b/docs/docbook/scripts/fix_print_html.lib
new file mode 100755
index 00000000000..e8a9aaa4c77
--- /dev/null
+++ b/docs/docbook/scripts/fix_print_html.lib
@@ -0,0 +1,172 @@
+#
+# fix_print_html.lib
+#
+#   Dan Scott  / <dan.scott (at) acm.org>
+#   Ferg       / <gferg (at) sgi.com>
+#
+#   Used to prepare single-file HTML variant for PDF/Postscript creation
+#   thru htmldoc.
+#
+# log:
+#     16Oct2000 - initial entry <gferg (at) sgi.com>
+#     03Apr2001 - fix for <preface>
+#
+#
+
+sub fix_print_html {
+
+   my($in,$out,$ttl) = @_;
+
+   open(IN_FILE, "< $in") || do {
+        print "fix_print_html: cannot open $in: $!\n";
+        return 0;
+   };
+
+   my($buf,$ttl_buf) = '';
+   my($indx) = -1;
+   my($is_article) = 0;
+   while(<IN_FILE>) {
+
+         if( $indx == 1 ) {
+
+             # ignore everything until we see the chapter or sect
+             #
+             if( $_ =~ /CLASS="CHAP/i || $_ =~ /CLASS="PREF/i ) {
+
+                 $buf .= $_;
+                 $indx++;
+
+             } elsif( $_ =~ /CLASS="SECT/ || $_ =~ /CLASS="sect/ )  {
+
+                 $buf .= $_;
+                 $indx++;
+                 $is_article = 1;
+
+             } else {
+                 next;
+             }
+
+         } elsif( $indx == 0 ) {
+
+             # write out the title page file
+             #
+             if( $_ =~ /CLASS="TOC"/ ) {
+
+                 $ttl_buf .= "></DIV>\n</BODY>\n</HTML>\n"; 
+                 $ttl_buf =~ s/<\/H1\n/<\/H1\n><P><BR><BR\n/ms;
+                 
+                 open(TOC_FILE, "> $ttl") || do {
+                      print "fix_print_html: cannot open $ttl: $!\n";
+                      close(IN_FILE);
+                      return 0;
+                 };
+                 print TOC_FILE $ttl_buf;
+                 close(TOC_FILE);
+                 $ttl_buf = '';
+                 $indx++;
+
+             } else {
+                $ttl_buf .= $_;
+             }
+
+         } elsif( $indx < 0 ) {
+
+             # up to this point, both buffers get the line
+             #
+             if( $_ =~ /CLASS="TITLEPAGE"/ ) {
+
+                 $ttl_buf .= $_ . ">\n<P>\n<BR><BR><BR><BR>\n<\/P\n";
+                 $indx++;
+
+             } else {
+                 $buf .= $_;
+                 $ttl_buf .= $_;
+             }
+
+         } else {
+
+             $buf .= $_;
+         }
+   }
+   close(IN_FILE);
+
+   open(OUT_FILE, "> $out") || do {
+        print "fix_print_html: cannot open $out: $!\n";
+        return 0;
+   };
+
+
+   # make these corrections and write out the file
+   #
+
+   $buf =~ s/(\n><LI\n)><P\n(.*?)<\/P\n>/$1$2\n/gms;
+   $buf =~ s/(\n><LI\n><DIV\nCLASS="FORMALPARA"\n)><P\n(.*?)<\/P\n>/$1$2\n/gms;
+   $buf =~ s/(\n><LI\nSTYLE="[^\"]+"\n)><P\n(.*?)<\/P\n>/$1$2\n/gms;
+   if( $is_article == 0 ) {
+       $buf =~ s/(\nCLASS="SECT[TION\d]+"\n>)<H1\n(.*?)<\/H1/$1<H2\n$2<\/H2/gims;
+       $buf =~ s/(\nCLASS="SECT[TION\d]+"\n><HR>)<H1\n(.*?)<\/H1/$1<H2\n$2<\/H2/gims;
+   }
+   $buf =~ s/<H1(\nCLASS="INDEXDIV"\n)(.*?)<\/H1/<H2$1$2<\/H2/gims;
+   if( ($indx = rindex($buf, "<H1\n><A\nNAME=\"DOC-INDEX\"")) > -1 ) {
+       $buf = substr($buf, 0, $indx);
+       $buf .= "\n<\/BODY>\n<\/HTML>\n\n";
+   } elsif( ($indx = rindex($buf, "<H1\n><A\nNAME=\"doc-index\"")) > -1 ) {
+       $buf = substr($buf, 0, $indx);
+       $buf .= "\n<\/BODY>\n<\/HTML>\n\n";
+   }
+   $buf =~ s/\&\#13;//g;
+   $buf =~ s/\&\#60;/\&lt;/g;
+   $buf =~ s/\&\#62;/\&gt;/g;
+   $buf =~ s/\&\#8211;/\-/g;
+   $buf =~ s/WIDTH=\"\d\"//g;
+   $buf =~ s/><[\/]*TBODY//g;
+   $buf =~ s/><[\/]*THEAD//g;
+   $buf =~ s/TYPE=\"1\"\n//gim;
+
+   if( $is_article == 0 ) {
+
+       # for books...decrement the headers by 1 and then re-set the
+       # chapter level only to H1...
+       #
+       my($cnt,$j) = 0;
+       for($cnt=5; $cnt > 0; $cnt--) {
+           $j = $cnt + 1;
+           $buf =~ s/<H${cnt}/<H${j}/g;
+           $buf =~ s/<\/H${cnt}/<\/H${j}/g;
+       }
+
+       my(@l) = split(/\n/, $buf);
+       for( $cnt=0; $cnt < (@l + 0); $cnt++ ) {
+
+            if( $j == 1 ) {
+                if( $l[$cnt] =~ /<DIV/ ) {
+                    $j = 0;
+                    next;
+                }
+                $l[$cnt] =~ s/<H2/<H1/g;
+                $l[$cnt] =~ s/<\/H2/<\/H1/g;
+            }
+            if( $l[$cnt] =~ /^CLASS=\"CHAP/i
+                ||
+                $l[$cnt] =~ /^CLASS=\"PREF/i ) {
+                $j = 1;
+            }
+       }
+
+       $buf = join("\n", @l);
+
+   }
+   $buf =~ s/><DIV\nCLASS="\w+"\n//gms;
+   $buf =~ s/><\/DIV\n//gms;
+   $buf =~ s/(><LI\n)><P\n(.*?)<\/P\n>(<\/LI\n)/$1$2$3/gms;
+
+   print OUT_FILE $buf;
+   close(OUT_FILE);
+
+   return 1;
+}
+
+# Return true from package include
+#
+1;
+
diff --git a/docs/docbook/scripts/ldp_print b/docs/docbook/scripts/ldp_print
new file mode 100755
index 00000000000..70bb801def4
--- /dev/null
+++ b/docs/docbook/scripts/ldp_print
@@ -0,0 +1,71 @@
+#!/usr/bin/perl -w
+#
+# usage: ldp_print <single_file.html>
+#
+# Creates a PDF variant of a single-file HTML representation of a
+# DocBook SGML (or XML) instance. This simple wrapper assumes that
+# the file was created using {open}jade in a manner similar to:
+#
+#	jade -t sgml -i html -V nochunks -d $style $fname > $fname.html
+#
+# Give this script the filename as an argument. It will then parse
+# the file into 'title.html' and 'body.html' and send each to
+# htmldoc (as the corresponding title page and body of the document).
+#
+#
+# CAVEATS:
+#
+# Assumes perl is in /usr/bin; adjust if necessary
+#
+# You may need to specify where the htmldoc executable resides.
+# The script assumes it's within your $PATH.
+#
+# If you want Postscript as an output variant, uncomment the 
+# appropriate lines (see below).
+#
+# Relies on output from a DocBook instance created via DSSSL/{open}jade!
+#
+# Cleans up (removes) the intermediate files it creates (but not the
+# PDF or Postscript files, obviously!)
+#
+# Works silently; PDF (PostScript) will be created in the same directory
+# as was specified for the input (single-file HTML) file.
+#
+# Provided without warranty or support!
+#
+#	gferg@sgi.com / Ferg (used as part of the LDP production env)
+#
+
+use strict;
+push(@INC, "./");
+require 'fix_print_html.lib';
+
+if( $ARGV[0] eq '' || !(-r $ARGV[0]) ) {
+    die "\nusage: ldp_print <single_file.html>\n\n";
+}
+
+my($fname_wo_ext) = $ARGV[0];
+$fname_wo_ext =~ s/\.[\w]+$//;
+
+
+# create new files from single HTML file to use for print
+#
+&fix_print_html($ARGV[0], 'body.html', 'title.html');
+
+my($cmd) = "htmldoc --size universal -t pdf  -f ${fname_wo_ext}.pdf " .
+           "--firstpage p1 --titlefile title.html body.html";
+
+# For postscript output; append onto the above cmd string:
+#
+#          "; htmldoc --size universal -t ps -f -f ${fname_wo_ext}.ps " .
+#          "--firstpage p1 --titlefile title.html body.html";
+#
+system($cmd);
+die "\nldp_print: could not create ${fname_wo_ext}.pdf ($!)\n" if ($?);
+
+# cleanup
+#
+system("rm -f body.html title.html");
+
+exit(0);
+
diff --git a/docs/docbook/scripts/make-article.pl b/docs/docbook/scripts/make-article.pl
new file mode 100755
index 00000000000..d1f8c668326
--- /dev/null
+++ b/docs/docbook/scripts/make-article.pl
@@ -0,0 +1,25 @@
+#!/usr/bin/perl
+
+$ignore = 0;
+
+print "<!DOCTYPE article PUBLIC \"-//OASIS//DTD DocBook V4.1//EN\">\n";
+
+while (<STDIN>) {
+
+	$_ =~ s/<chapter/<article/g;
+	$_ =~ s/<\/chapter/<\/article/g;
+
+	if ( $_ =~ '<articleinfo>') {
+		$ignore = 1;
+	}
+
+	if ( $_ =~ '</articleinfo>') {
+		$ignore = 0;
+		$_ = "";
+	}
+
+
+	if (! $ignore) { print "$_"; }
+
+
+}
diff --git a/docs/docbook/scripts/strip-links.pl b/docs/docbook/scripts/strip-links.pl
new file mode 100755
index 00000000000..66bc101e086
--- /dev/null
+++ b/docs/docbook/scripts/strip-links.pl
@@ -0,0 +1,16 @@
+#!/usr/bin/perl
+
+## small script to strip the <URL:...> tags from
+## manpages generated from docbook2man.  we'll leave
+## the <URL:ftp://...> and <URL:mailto:...> links for now
+
+while (<STDIN>) {
+
+	chomp ($_);
+	$_ =~ s/\s*<URL:.*html.*>\s+/ /g;
+	$_ =~ s/\s*<URL:.*html.*>\S//g;
+	$_ =~ s/\s*<URL:.*html.*>$//g;
+	print "$_\n";
+
+}
+exit 0;
diff --git a/docs/docbook/stylesheets/ldp.dsl.in b/docs/docbook/stylesheets/ldp.dsl.in
new file mode 100755
index 00000000000..d6e06f4b6d1
--- /dev/null
+++ b/docs/docbook/stylesheets/ldp.dsl.in
@@ -0,0 +1,256 @@
+<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
+<!ENTITY % html "IGNORE">
+<![%html;[
+<!ENTITY % print "IGNORE">
+<!ENTITY docbook.dsl SYSTEM "@SGML_SHARE@/dsssl/docbook/html/docbook.dsl" CDATA dsssl>
+]]>
+<!ENTITY % print "INCLUDE">
+<![%print;[
+<!ENTITY docbook.dsl SYSTEM "@SGML_SHARE@/dsssl/docbook/print/docbook.dsl" CDATA dsssl>
+]]>
+]>
+
+<style-sheet>
+
+<style-specification id="print" use="docbook">
+<style-specification-body> 
+
+;; ==============================
+;; customize the print stylesheet
+;; ==============================
+
+(declare-characteristic preserve-sdata?
+  ;; this is necessary because right now jadetex does not understand
+  ;; symbolic entities, whereas things work well with numeric entities.
+  "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"
+  #f)
+
+(define %generate-article-toc%
+  ;; Should a Table of Contents be produced for Articles?
+  #t)
+
+(define (toc-depth nd)
+  2)
+
+(define %generate-article-titlepage-on-separate-page%
+  ;; Should the article title page be on a separate page?
+  #t)
+
+(define %section-autolabel%
+  ;; Are sections enumerated?
+  #t)
+
+(define %footnote-ulinks%
+  ;; Generate footnotes for ULinks?
+  #f)
+
+(define %bop-footnotes%
+  ;; Make "bottom-of-page" footnotes?
+  #f)
+
+(define %body-start-indent%
+  ;; Default indent of body text
+  0pi)
+
+(define %para-indent-firstpara%
+  ;; First line start-indent for the first paragraph
+  0pt)
+
+(define %para-indent%
+  ;; First line start-indent for paragraphs (other than the first)
+  0pt)
+
+(define %block-start-indent%
+  ;; Extra start-indent for block-elements
+  0pt)
+
+(define formal-object-float
+  ;; Do formal objects float?
+  #t)
+
+(define %hyphenation%
+  ;; Allow automatic hyphenation?
+  #t)
+
+(define %admon-graphics%
+  ;; Use graphics in admonitions?
+  #f)
+
+</style-specification-body>
+</style-specification>
+
+
+<!--
+;; ===================================================
+;; customize the html stylesheet; borrowed from Cygnus
+;; at http://sourceware.cygnus.com/ (cygnus-both.dsl)
+;; ===================================================
+-->
+
+<style-specification id="html" use="docbook">
+<style-specification-body> 
+
+(declare-characteristic preserve-sdata?
+  ;; this is necessary because right now jadetex does not understand
+  ;; symbolic entities, whereas things work well with numeric entities.
+  "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"
+  #f)
+
+(define %generate-legalnotice-link%
+  ;; put the legal notice in a separate file
+  #t)
+
+(define %admon-graphics-path%
+  ;; use graphics in admonitions, set their
+  "../images/")
+
+(define %admon-graphics%
+  #f)
+
+(define %funcsynopsis-decoration%
+  ;; make funcsynopsis look pretty
+  #t)
+
+(define %html-ext%
+  ;; when producing HTML files, use this extension
+  ".html")
+
+(define %generate-book-toc%
+  ;; Should a Table of Contents be produced for books?
+  #t)
+
+(define %generate-article-toc% 
+  ;; Should a Table of Contents be produced for articles?
+  #t)
+
+(define %generate-part-toc%
+  ;; Should a Table of Contents be produced for parts?
+  #t)
+
+(define %generate-book-titlepage%
+  ;; produce a title page for books
+  #t)
+
+(define %generate-article-titlepage%
+  ;; produce a title page for articles
+  #t)
+
+(define (chunk-skip-first-element-list)
+  ;; forces the Table of Contents on separate page
+  '())
+
+(define (list-element-list)
+  ;; fixes bug in Table of Contents generation
+  '())
+
+(define %root-filename%
+  ;; The filename of the root HTML document (e.g, "index").
+  "index")
+
+(define %shade-verbatim%
+  ;; verbatim sections will be shaded if t(rue)
+  #t)
+
+(define %use-id-as-filename%
+  ;; Use ID attributes as name for component HTML files?
+  #t)
+
+(define %graphic-extensions%
+  ;; graphic extensions allowed
+  '("gif" "png" "jpg" "jpeg" "tif" "tiff" "eps" "epsf" ))
+
+(define %graphic-default-extension% 
+  "gif")
+
+(define %section-autolabel%
+  ;; For enumerated sections (1.1, 1.1.1, 1.2, etc.)
+  #t)
+
+(define (toc-depth nd)
+  ;; more depth (2 levels) to toc; instead of flat hierarchy
+  ;; 2)
+  4)
+
+(element emphasis
+  ;; make role=strong equate to bold for emphasis tag
+  (if (equal? (attribute-string "role") "strong")
+     (make element gi: "STRONG" (process-children))
+     (make element gi: "EM" (process-children))))
+
+(define (book-titlepage-recto-elements)
+  ;; elements on a book's titlepage
+  ;; note: added revhistory to the default list
+  (list (normalize "title")
+        (normalize "subtitle")
+        (normalize "graphic")
+        (normalize "mediaobject")
+        (normalize "corpauthor")
+        (normalize "authorgroup")
+        (normalize "author")
+        (normalize "editor")
+        (normalize "copyright")
+        (normalize "revhistory")
+        (normalize "abstract")
+        (normalize "legalnotice")))
+
+(define (article-titlepage-recto-elements)
+  ;; elements on an article's titlepage
+  ;; note: added othercredit to the default list
+  (list (normalize "title")
+        (normalize "subtitle")
+        (normalize "authorgroup")
+        (normalize "author")
+        (normalize "othercredit")
+        (normalize "releaseinfo")
+        (normalize "copyright")
+        (normalize "pubdate")
+        (normalize "revhistory")
+        (normalize "abstract")))
+
+(mode article-titlepage-recto-mode
+
+ (element contrib
+  ;; print out with othercredit information; for translators, etc.
+  (make sequence
+    (make element gi: "SPAN"
+          attributes: (list (list "CLASS" (gi)))
+          (process-children))))
+
+ (element othercredit
+  ;; print out othercredit information; for translators, etc.
+  (let ((author-name  (author-string))
+        (author-contrib (select-elements (children (current-node))
+                                          (normalize "contrib"))))
+    (make element gi: "P"
+         attributes: (list (list "CLASS" (gi)))
+         (make element gi: "B"  
+              (literal author-name)
+              (literal " - "))
+         (process-node-list author-contrib))))
+)
+
+(define (article-title nd)
+  (let* ((artchild  (children nd))
+         (artheader (select-elements artchild (normalize "artheader")))
+         (artinfo   (select-elements artchild (normalize "articleinfo")))
+         (ahdr (if (node-list-empty? artheader)
+                   artinfo
+                   artheader))
+         (ahtitles  (select-elements (children ahdr)
+                                     (normalize "title")))
+         (artitles  (select-elements artchild (normalize "title")))
+         (titles    (if (node-list-empty? artitles)
+                        ahtitles
+                        artitles)))
+    (if (node-list-empty? titles)
+        ""
+        (node-list-first titles))))
+
+
+</style-specification-body>
+</style-specification>
+
+<external-specification id="docbook" document="docbook.dsl">
+
+</style-sheet>
+
diff --git a/docs/faq/README b/docs/faq/README
new file mode 100755
index 00000000000..f4f0e8ab69a
--- /dev/null
+++ b/docs/faq/README
@@ -0,0 +1,8 @@
+This directory contains the old Samba FAQ.
+It is now horribly outdated and unmaintained.
+It is being left here in case there is some
+useful information within. 
+
+
+--jerry@samba.org
+
diff --git a/docs/faq/Samba-Server-FAQ-1.html b/docs/faq/Samba-Server-FAQ-1.html
new file mode 100755
index 00000000000..0bf7f046109
--- /dev/null
+++ b/docs/faq/Samba-Server-FAQ-1.html
@@ -0,0 +1,77 @@
+<HTML>
+<HEAD>
+<TITLE> Samba Server FAQ: What is Samba?</TITLE>
+</HEAD>
+<BODY>
+Previous
+<A HREF="Samba-Server-FAQ-2.html">Next</A>
+<A HREF="Samba-Server-FAQ.html#toc1">Table of Contents</A>
+<HR>
+<H2><A NAME="s1">1. What is Samba?</A></H2>
+
+<P>
+<A NAME="WhatIsSamba"></A> 
+</P>
+<P>See the 
+<A HREF="Samba-meta-FAQ.html#introduction">meta FAQ introduction</A> if you don't have any idea what Samba does.</P>
+<P>Samba has many features that are not supported in other CIFS and SMB
+implementations, all of which are commercial. It approaches some
+problems from a different angle.</P>
+<P>Some of its features include:
+<UL>
+<LI>extremely dynamic runtime configuration</LI>
+<LI>host as well as username/password security</LI>
+<LI>scriptable SMB client</LI>
+<LI>automatic home directory exporting</LI>
+<LI>automatic printer exporting</LI>
+<LI>intelligent dead connection timeouts</LI>
+<LI>guest connections</LI>
+</UL>
+</P>
+<P>Look at the 
+<A HREF="samba-man-index.html">manual pages</A> included with the package for a full list of
+features. The components of the suite are (in summary):</P>
+<P>
+<DL>
+
+<DT><B>smbd</B><DD><P>the SMB server. This handles actual connections from clients,
+doing all the interfacing with the 
+<A HREF="Samba-meta-FAQ.html#DomainModeSecurity">authentication database</A> for file, permission and username work.</P>
+
+<DT><B>nmbd</B><DD><P>the NetBIOS name server, which helps clients locate servers,
+maintaining the 
+<A HREF="Samba-meta-FAQ.html#BrowseAndDomainDefs">authentication database</A> doing the browsing work and managing
+domains as this capability is being built into Samba.</P>
+
+<DT><B>smbclient</B><DD><P>the scriptable commandline SMB client program.
+Useful for automated work, printer filters and testing purposes. It is
+more CIFS-compliant than most commercial implementations. Note that this
+is not a filesystem. The Samba team does not supply a network filesystem
+driver, although the smbfs filesystem for Linux is derived from
+smbclient code.</P>
+
+<DT><B>smbrun</B><DD><P>a little 'glue' program to help the server run
+external programs.</P>
+
+<DT><B>testprns</B><DD><P>a program to test server access to printers</P>
+
+<DT><B>testparms</B><DD><P>a program to test the Samba configuration file
+for correctness</P>
+
+<DT><B>smb.conf</B><DD><P>the Samba configuration file</P>
+
+<DT><B>examples</B><DD><P>many examples have been put together for the different
+operating systems that Samba supports.</P>
+
+<DT><B>Documentation!</B><DD><P>DON'T neglect to read it - you will save a great
+deal of time!</P>
+
+</DL>
+</P>
+
+<HR>
+Previous
+<A HREF="Samba-Server-FAQ-2.html">Next</A>
+<A HREF="Samba-Server-FAQ.html#toc1">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-Server-FAQ-2.html b/docs/faq/Samba-Server-FAQ-2.html
new file mode 100755
index 00000000000..37a39833990
--- /dev/null
+++ b/docs/faq/Samba-Server-FAQ-2.html
@@ -0,0 +1,500 @@
+<HTML>
+<HEAD>
+<TITLE> Samba Server FAQ: How do I get the CIFS, SMB and NetBIOS protocols?</TITLE>
+</HEAD>
+<BODY>
+<A HREF="Samba-Server-FAQ-1.html">Previous</A>
+Next
+<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A>
+<HR>
+<H2><A NAME="s2">2. How do I get the CIFS, SMB and NetBIOS protocols?</A></H2>
+
+<P>
+<A NAME="ServerProtocols"></A> 
+</P>
+<P>See the 
+<A HREF="Samba-meta-FAQ.html#CifsSmb">meta FAQ on CIFS and SMB</A> if you don't have any idea what these protocols are.</P>
+<P>CIFS and SMB are implemented by the main Samba fileserving daemon, smbd.
+<F>.....</F></P>
+<P>nmbd speaks a limited amount of CIFS (...) but is mostly concerned with
+NetBIOS. NetBIOS is <F>....</F></P>
+<P>RFC1001, RFC1002 <F>...</F></P>
+<P>So, provided you have got Samba correctly installed and running you have
+all three of these protocols. Some operating systems already come with
+stacks for all or some of these, such as SCO Unix, OS/2 and <F>...</F> In this
+case you must <F>...</F></P>
+
+<H2><A NAME="ss2.1">2.1 What server operating systems are supported?</A></H2>
+
+<P>
+<A NAME="PortInfo"></A> 
+</P>
+<P>At the last count, Samba runs on about 40 operating systems! This
+section looks at general questions about running Samba on the different
+platforms. Issues specific to particular operating systems are dealt
+with in elsewhere in this document.</P>
+<P>Many of the ports have been done by people outside the Samba team keen
+to get the advantages of Samba. The Samba team is currently trying to
+bring as many of these ports as possible into the main source tree and
+integrate the documentation. Samba is an integration tool, and so it has
+been made as easy as possible to port. The platforms most widely used
+and thus best tested are Linux and SunOS.</P>
+<P>This migration has not been completed yet. This means that some
+documentation is on web sites <F>...</F></P>
+<P>There are two main families of Samba ports, Unix and other. The Unix
+ports cover anything that remotely resembles Unix and includes some
+extremely old products as well as best-sellers, tiny PCs to massive
+multiprocessor machines supporting hundreds of thousands of users. Samba
+has been run on more than 30 Unix and Unix-like operating systems.</P>
+
+<H3>Running Samba on a Unix or Unix-like system</H3>
+
+<P>
+<A NAME="OnUnix"></A> 
+</P>
+<P>
+<A HREF="../UNIX-SMB.txt">../UNIX-SMB.txt</A> describes some of the issues that confront a
+SMB implementation on unix, and how Samba copes with them. They may help
+people who are looking at unix<->PC interoperability.</P>
+<P>There is great variation between Unix implementations, especially those
+not adhering to the Common Unix Specification agreed to in 1996. Things
+that can be quite tricky are <F>.....</F></P>
+<P>There are also some considerable advantages conferred on Samba running
+under Unix compared to, say, Windows NT or LAN Server. Unix has <F>...</F></P>
+<P>At time of writing, the Makefile claimed support for:
+<UL>
+<LI> A/UX 3.0</LI>
+<LI> AIX</LI>
+<LI> Altos Series 386/1000</LI>
+<LI> Amiga</LI>
+<LI> Apollo Domain/OS sr10.3</LI>
+<LI> BSDI </LI>
+<LI> B.O.S. (Bull Operating System)</LI>
+<LI> Cray, Unicos 8.0</LI>
+<LI> Convex</LI>
+<LI> DGUX. </LI>
+<LI> DNIX.</LI>
+<LI> FreeBSD</LI>
+<LI> HP-UX</LI>
+<LI> Intergraph. </LI>
+<LI> Linux with/without shadow passwords and quota</LI>
+<LI> LYNX 2.3.0</LI>
+<LI> MachTen (a unix like system for Macintoshes)</LI>
+<LI> Motorola 88xxx/9xx range of machines</LI>
+<LI> NetBSD</LI>
+<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI>
+<LI> OS/2 using EMX 0.9b</LI>
+<LI> OSF1</LI>
+<LI> QNX 4.22</LI>
+<LI> RiscIX. </LI>
+<LI> RISCOs 5.0B</LI>
+<LI> SEQUENT. </LI>
+<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI>
+<LI> SGI.</LI>
+<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI>
+<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI>
+<LI> SUNOS 4</LI>
+<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI>
+<LI> Sunsoft ISC SVR3V4</LI>
+<LI> SVR4</LI>
+<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI>
+<LI> ULTRIX.</LI>
+<LI> UNIXWARE</LI>
+<LI> UXP/DS</LI>
+</UL>
+</P>
+
+
+<H3>Running Samba on systems unlike Unix</H3>
+
+<P>
+<A NAME="OnUnlikeUnix"></A> 
+</P>
+<P>More recently Samba has been ported to a number of operating systems
+which can provide a BSD Unix-like implementation of TCP/IP sockets.
+These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS,
+Windows NT and several others are being worked on but not yet available
+for use.</P>
+<P>Home pages for these ports are:</P>
+<P><F>...  </F></P>
+
+
+<H2><A NAME="ss2.2">2.2 Exporting server resources with Samba</A></H2>
+
+<P>
+<A NAME="Exporting"></A> 
+</P>
+<P>Files, printers, CD ROMs and other local devices. Network devices,
+including networked filesystems and remote printer queues. Other devices
+such as <F>....</F></P>
+<P>1.4) Configuring SHARES
+1.4.1) Homes service
+1.4.2) Public services
+1.4.3) Application serving
+1.4.4) Team sharing a Samba resource</P>
+<P>1.5) Printer configuration
+1.5.1) Berkeley LPR/LPD systems
+1.5.2) ATT SysV lp systems
+1.5.3) Using a private printcap file
+1.5.4) Use of the smbprint utility
+1.5.5) Printing from Windows to Unix
+1.5.6) Printing from Unix to Windows</P>
+
+
+<H2><A NAME="ss2.3">2.3 Name Resolution and Browsing</A></H2>
+
+<P>
+<A NAME="NameBrowsing"></A> 
+</P>
+<P>See also 
+<A HREF="../BROWSING.txt">../BROWSING.txt</A></P>
+<P>1.6) Name resolution issues
+1.6.1) LMHOSTS file and when to use it
+1.6.2) configuring WINS (support, server, proxy)
+1.6.3) configuring DNS proxy</P>
+<P>1.7) Problem Diagnosis
+1.8) What NOT to do!!!!</P>
+<P>3.2) Browse list managment
+3.3) Name resolution mangement</P>
+
+
+
+<H2><A NAME="ss2.4">2.4 Handling SMB Encryption</A></H2>
+
+<P>
+<A NAME="SMBEncryptionSteps"></A> 
+</P>
+<P>SMB encryption is ...</P>
+<P>...in 
+<A HREF="../ENCRYPTION.txt">../ENCRYPTION.txt</A> there is...</P>
+<P>Samba compiled with libdes - enabling encrypted passwords</P>
+
+
+<H3>Laws in different countries affecting Samba</H3>
+
+<P>
+<A NAME="CryptoLaws"></A> 
+</P>
+
+<H3>Relationship between encryption and Domain Authentication</H3>
+
+
+
+
+<H2><A NAME="ss2.5">2.5 Files and record locking</A>                3.1.1) Old DOS clients                3.1.2) Opportunistic locking and the consequences                3.1.3) Files caching under Windows for Workgroups, Win95 and NT    Some of the foregoing links into Client-FAQ</H2>
+
+
+<H2><A NAME="ss2.6">2.6 Managing Samba Log files</A></H2>
+
+<P>
+<A NAME="LogFiles"></A> 
+</P>
+
+
+<H2><A NAME="ss2.7">2.7 I can't see the Samba server in any browse lists!</A></H2>
+
+<P>
+<A NAME="no_browse"></A> 
+
+See 
+<A HREF="ftp://samba.org/pub/samba/BROWSING.txt">BROWSING.txt</A>
+for more information on browsing.  Browsing.txt can also be found
+in the docs directory of the Samba source.</P>
+<P>If your GUI client does not permit you to select non-browsable
+servers, you may need to do so on the command line. For example, under
+Lan Manager you might connect to the above service as disk drive M:
+thusly:
+<BLOCKQUOTE><CODE>
+<PRE>
+   net use M: \\mary\fred
+</PRE>
+</CODE></BLOCKQUOTE>
+
+The details of how to do this and the specific syntax varies from
+client to client - check your client's documentation.</P>
+
+
+<H2><A NAME="ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2>
+
+<P> 
+<A NAME="missing_files"></A> 
+
+See the next question.</P>
+
+
+<H2><A NAME="ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2>
+
+<P> 
+<A NAME="strange_filenames"></A> 
+
+If you check what files are not showing up, you will note that they
+are files which contain upper case letters or which are otherwise not
+DOS-compatible (ie, they are not legal DOS filenames for some reason).</P>
+<P>The Samba server can be configured either to ignore such files
+completely, or to present them to the client in "mangled" form. If you
+are not seeing the files at all, the Samba server has most likely been
+configured to ignore them.  Consult the man page smb.conf(5) for
+details of how to change this - the parameter you need to set is
+"mangled names = yes".</P>
+
+
+<H2><A NAME="ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A></H2>
+
+<P>
+<A NAME="cant_see_server"></A> 
+
+This indicates one of three things: You supplied an incorrect server
+name, the underlying TCP/IP layer is not working correctly, or the
+name you specified cannot be resolved.</P>
+<P>After carefully checking that the name you typed is the name you
+should have typed, try doing things like pinging a host or telnetting
+to somewhere on your network to see if TCP/IP is functioning OK. If it
+is, the problem is most likely name resolution.</P>
+<P>If your client has a facility to do so, hardcode a mapping between the
+hosts IP and the name you want to use. For example, with Man Manager
+or Windows for Workgroups you would put a suitable entry in the file
+LMHOSTS. If this works, the problem is in the communication between
+your client and the netbios name server. If it does not work, then
+there is something fundamental wrong with your naming and the solution
+is beyond the scope of this document.</P>
+<P>If you do not have any server on your subnet supplying netbios name
+resolution, hardcoded mappings are your only option. If you DO have a
+netbios name server running (such as the Samba suite's nmbd program),
+the problem probably lies in the way it is set up. Refer to Section
+Two of this FAQ for more ideas.</P>
+<P>By the way, remember to REMOVE the hardcoded mapping before further
+tests :-)     </P>
+
+
+<H2><A NAME="ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A></H2>
+
+<P> 
+<A NAME="cant_see_share"></A> 
+
+This message indicates that your client CAN locate the specified
+server, which is a good start, but that it cannot find a service of
+the name you gave.</P>
+<P>The first step is to check the exact name of the service you are
+trying to connect to (consult your system administrator). Assuming it
+exists and you specified it correctly (read your client's doco on how
+to specify a service name correctly), read on:</P>
+<P>
+<UL>
+<LI> Many clients cannot accept or use service names longer than eight characters.</LI>
+<LI> Many clients cannot accept or use service names containing spaces.</LI>
+<LI> Some servers (not Samba though) are case sensitive with service names.</LI>
+<LI> Some clients force service names into upper case.</LI>
+</UL>
+</P>
+
+
+<H2><A NAME="ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2>
+
+<P> 
+<A NAME="cant_see_net"></A> 
+
+Nothing is wrong - Samba does not implement the primary domain name
+controller stuff for several reasons, including the fact that the
+whole concept of a primary domain controller and "logging in to a
+network" doesn't fit well with clients possibly running on multiuser
+machines (such as users of smbclient under Unix). Having said that,
+several developers are working hard on building it in to the next
+major version of Samba. If you can contribute, send a message to
+<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P>
+<P>Seeing this message should not affect your ability to mount redirected
+disks and printers, which is really what all this is about.</P>
+<P>For many clients (including Windows for Workgroups and Lan Manager),
+setting the domain to STANDALONE at least gets rid of the message.</P>
+
+
+<H2><A NAME="ss2.13">2.13 Printing doesn't work :-(</A></H2>
+
+<P> 
+<A NAME="no_printing"></A> 
+ </P>
+<P>Make sure that the specified print command for the service you are
+connecting to is correct and that it has a fully-qualified path (eg.,
+use "/usr/bin/lpr" rather than just "lpr", if you happen to be using
+Unix).</P>
+<P>Make sure that the spool directory specified for the service is
+writable by the user connected to the service. </P>
+<P>Make sure that the user specified in the service is permitted to use
+the printer.</P>
+<P>Check the debug log produced by smbd. Search for the printer name and
+see if the log turns up any clues. Note that error messages to do with
+a service ipc$ are meaningless - they relate to the way the client
+attempts to retrieve status information when using the LANMAN1
+protocol.</P>
+<P>If using WfWg then you need to set the default protocol to TCP/IP, not
+Netbeui. This is a WfWg bug.</P>
+<P>If using the Lanman1 protocol (the default) then try switching to
+coreplus.  Also not that print status error messages don't mean
+printing won't work. The print status is received by a different
+mechanism.</P>
+
+
+<H2><A NAME="ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A></H2>
+
+<P>
+<A NAME="programs_wont_run"></A> 
+
+There are numerous possible reasons for this, but one MAJOR
+possibility is that your software uses locking. Make sure you are
+using Samba 1.6.11 or later. It may also be possible to work around
+the problem by setting "locking=no" in the Samba configuration file
+for the service the software is installed on. This should be regarded
+as a strictly temporary solution.</P>
+<P>In earlier Samba versions there were some difficulties with the very
+latest Microsoft products, particularly Excel 5 and Word for Windows
+6. These should have all been solved. If not then please let Andrew
+Tridgell know via email at 
+<A HREF="mailto:sambas@samba.org">samba@samba.org</A>.</P>
+
+
+<H2><A NAME="ss2.15">2.15 My "server string" doesn't seem to be recognised</A></H2>
+
+<P>
+<A NAME="bad_server_string"></A> 
+
+OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
+of what I have changed it to in the smb.conf file.</P>
+<P>You need to use the -C option in nmbd. The "server string" affects
+what smbd puts out and -C affects what nmbd puts out.</P>
+<P>Current versions of Samba (1.9.16 +) have combined these options into
+the "server string" field of smb.conf, -C for nmbd is now obsolete.</P>
+
+
+<H2><A NAME="ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A></H2>
+
+<P> 
+<A NAME="cant_list_shares"></A> 
+
+Your guest account is probably invalid for some reason. Samba uses the
+guest account for browsing in smbd.  Check that your guest account is
+valid.</P>
+<P>See also 'guest account' in smb.conf man page.</P>
+
+
+<H2><A NAME="ss2.17">2.17 Issues specific to Unix and Unix-like systems</A></H2>
+
+<P>
+<A NAME="UnixIssues"></A> 
+</P>
+
+<H3>Printing doesn't work with my Unix Samba server</H3>
+
+<P> 
+<A NAME="no_printing"></A> 
+ </P>
+<P>The user "nobody" often has problems with printing, even if it worked
+with an earlier version of Samba. Try creating another guest user other
+than "nobody".</P>
+
+<H3>Log message "you appear to have a trapdoor uid system" </H3>
+
+<P>
+<A NAME="trapdoor_uid"></A> 
+
+This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.</P>
+<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P>
+<P>This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.</P>
+<P>The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.</P>
+<P>Complain to your OS vendor and ask them to fix their system.</P>
+<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!</P>
+
+
+<H2><A NAME="ss2.18">2.18 Issues specific to IBM OS/2 systems</A></H2>
+
+<P>
+<A NAME="OS2Issues"></A> 
+</P>
+<P>
+<A HREF="http://carol.wins.uva.nl/~leeuw/samba/samba2.html">Samba for OS/2</A></P>
+
+
+<H2><A NAME="ss2.19">2.19 Issues specific to IBM MVS systems</A></H2>
+
+<P>
+<A NAME="MVSIssues"></A> 
+</P>
+<P>
+<A HREF="ftp://ftp.mks.com/pub/samba/">Samba for OS/390 MVS</A></P>
+
+
+<H2><A NAME="ss2.20">2.20 Issues specific to Digital VMS systems</A></H2>
+
+<P>
+<A NAME="VMSIssues"></A> 
+</P>
+
+
+<H2><A NAME="ss2.21">2.21 Issues specific to Amiga systems</A></H2>
+
+<P>
+<A NAME="AmigaIssues"></A> 
+</P>
+<P>
+<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/">Samba for Amiga</A></P>
+<P>There is a mailing list for Samba on the Amiga.</P>
+<P>Subscribing.</P>
+<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe
+in the message. The list server will use the address in the Reply-To: or
+From: header field, in that order.</P>
+<P>Unsubscribing.</P>
+<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word
+unsubscribe in the message. The list server will use the address in the
+Reply-To: or From: header field, in that order. If you are unsure which
+address you are subscribed with, look at the headers. You should see a
+"From " (no colon) or Return-Path: header looking something like</P>
+<P>rask-samba-owner-myname=my.domain@kampsax.dtu.dk</P>
+<P>where myname=my.domain gives you the address myname@my.domain. This also
+means that I will always be able to find out which address is causing
+bounces, for example.
+List archive.</P>
+<P>Messages sent to the list are archived in HTML. See the mailing list home
+page at 
+<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/">http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/</A></P>
+
+
+<H2><A NAME="ss2.22">2.22 Issues specific to Novell IntraNetware systems</A></H2>
+
+<P>
+<A NAME="NetwareIssues"></A> 
+</P>
+
+
+<H2><A NAME="ss2.23">2.23 Issues specific to Stratus VOS systems</A></H2>
+
+<P>
+<A NAME="NetwareIssues"></A> 
+</P>
+<P>
+<A HREF="ftp://ftp.stratus.com/pub/vos/tools/">Samba for Stratus VOS</A></P>
+
+
+<HR>
+<A HREF="Samba-Server-FAQ-1.html">Previous</A>
+Next
+<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-Server-FAQ.html b/docs/faq/Samba-Server-FAQ.html
new file mode 100755
index 00000000000..2abfe50db6b
--- /dev/null
+++ b/docs/faq/Samba-Server-FAQ.html
@@ -0,0 +1,88 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<HTML>
+<HEAD>
+<TITLE> Samba Server FAQ</TITLE>
+</HEAD>
+<BODY>
+Previous
+<A HREF="Samba-Server-FAQ-1.html">Next</A>
+Table of Contents
+<HR>
+<H1> Samba Server FAQ</H1>
+
+<H2>Dan Shearer & Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.3, 7 Oct '97
+<P><HR><EM> This is the <EM>Server</EM> Frequently Asked Questions (FAQ)
+document for Samba, the free and very popular SMB and CIFS server
+product. A general 
+<A HREF="Samba-meta-FAQ.html">meta FAQ</A>
+exists and also a companion 
+<A HREF="Samba-Client-FAQ.html">Client FAQ</A>, together with more detailed HOWTO documents on
+topics to do with Samba software. This is current to Samba version
+1.9.17. Please send any corrections to the author. </EM><HR></P>
+<P>
+<H2><A NAME="toc1">1.</A> <A HREF="Samba-Server-FAQ-1.html">What is Samba?</A></H2>
+
+<P>
+<H2><A NAME="toc2">2.</A> <A HREF="Samba-Server-FAQ-2.html">How do I get the CIFS, SMB and NetBIOS protocols?</A></H2>
+<UL>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.1">2.1 What server operating systems are supported?</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.2">2.2 Exporting server resources with Samba</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.3">2.3 Name Resolution and Browsing</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.4">2.4 Handling SMB Encryption</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.5">2.5 Files and record locking</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.6">2.6 Managing Samba Log files</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.7">2.7 I can't see the Samba server in any browse lists!</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.13">2.13 Printing doesn't work :-(</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.15">2.15 My "server string" doesn't seem to be recognised</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.17">2.17 Issues specific to Unix and Unix-like systems</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.18">2.18 Issues specific to IBM OS/2 systems</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.19">2.19 Issues specific to IBM MVS systems</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.20">2.20 Issues specific to Digital VMS systems</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.21">2.21 Issues specific to Amiga systems</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.22">2.22 Issues specific to Novell IntraNetware systems</A>
+<LI><A HREF="Samba-Server-FAQ-2.html#ss2.23">2.23 Issues specific to Stratus VOS systems</A>
+</UL>
+
+
+<HR>
+Previous
+<A HREF="Samba-Server-FAQ-1.html">Next</A>
+Table of Contents
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml
new file mode 100755
index 00000000000..da6b50f99e2
--- /dev/null
+++ b/docs/faq/Samba-Server-FAQ.sgml
@@ -0,0 +1,492 @@
+<!doctype linuxdoc system> <!-- -*- SGML -*- -->
+<!--
+ v 0.1 23 Aug 1997 	Dan Shearer 
+			Original Samba-Client-FAQ.sgml from Paul's sambafaq.sgml
+ v 0.2 25 Aug 1997	Dan
+ v 0.3 7  Oct 1997	Paul, changed email address from ictinus@lake... to ictinus@samba.anu
+-->
+
+
+<article>
+
+<title> Samba Server FAQ
+
+<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt>
+
+<date>v 0.3, 7 Oct '97
+
+<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ)
+document for Samba, the free and very popular SMB and CIFS server
+product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ">
+exists and also a companion <url url="Samba-Client-FAQ.html"
+name="Client FAQ">, together with more detailed HOWTO documents on
+topics to do with Samba software. This is current to Samba version
+1.9.17. Please send any corrections to the author. 
+
+</abstract>
+
+<toc>
+
+<sect>What is Samba?<p><label id="WhatIsSamba">
+
+See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ
+introduction"> if you don't have any idea what Samba does.
+
+Samba has many features that are not supported in other CIFS and SMB
+implementations, all of which are commercial. It approaches some
+problems from a different angle.
+
+Some of its features include:
+<itemize>
+<item>extremely dynamic runtime configuration
+<item>host as well as username/password security
+<item>scriptable SMB client
+<item>automatic home directory exporting
+<item>automatic printer exporting
+<item>intelligent dead connection timeouts
+<item>guest connections
+</itemize>
+
+Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of
+features. The components of the suite are (in summary):
+
+<descrip>
+
+<tag/smbd/ the SMB server. This handles actual connections from clients,
+doing all the interfacing with the <url
+url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication
+database"> for file, permission and username work.
+
+<tag/nmbd/ the NetBIOS name server, which helps clients locate servers,
+maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs"
+name="authentication database"> doing the browsing work and managing
+domains as this capability is being built into Samba.
+
+<tag/smbclient/ the scriptable commandline SMB client program.
+Useful for automated work, printer filters and testing purposes. It is
+more CIFS-compliant than most commercial implementations. Note that this
+is not a filesystem. The Samba team does not supply a network filesystem
+driver, although the smbfs filesystem for Linux is derived from
+smbclient code.
+
+<tag/smbrun/ a little 'glue' program to help the server run
+external programs.
+
+<tag/testprns/ a program to test server access to printers
+
+<tag/testparms/ a program to test the Samba configuration file
+for correctness
+
+<tag/smb.conf/ the Samba configuration file
+
+<tag/examples/ many examples have been put together for the different
+operating systems that Samba supports.
+
+<tag/Documentation!/ DON'T neglect to read it - you will save a great
+deal of time!
+
+</descrip>
+
+<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols">
+
+See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ
+on CIFS and SMB"> if you don't have any idea what these protocols are.
+
+CIFS and SMB are implemented by the main Samba fileserving daemon, smbd.
+[.....]
+
+nmbd speaks a limited amount of CIFS (...) but is mostly concerned with
+NetBIOS. NetBIOS is [....]
+
+RFC1001, RFC1002 [...]
+
+So, provided you have got Samba correctly installed and running you have
+all three of these protocols. Some operating systems already come with
+stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this
+case you must [...]
+
+<sect1>What server operating systems are supported?<p><label id="PortInfo">
+
+At the last count, Samba runs on about 40 operating systems! This
+section looks at general questions about running Samba on the different
+platforms. Issues specific to particular operating systems are dealt
+with in elsewhere in this document.
+
+Many of the ports have been done by people outside the Samba team keen
+to get the advantages of Samba. The Samba team is currently trying to
+bring as many of these ports as possible into the main source tree and
+integrate the documentation. Samba is an integration tool, and so it has
+been made as easy as possible to port. The platforms most widely used
+and thus best tested are Linux and SunOS.
+
+This migration has not been completed yet. This means that some
+documentation is on web sites [...]
+
+There are two main families of Samba ports, Unix and other. The Unix
+ports cover anything that remotely resembles Unix and includes some
+extremely old products as well as best-sellers, tiny PCs to massive
+multiprocessor machines supporting hundreds of thousands of users. Samba
+has been run on more than 30 Unix and Unix-like operating systems.
+
+<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix">
+
+<url url="../UNIX-SMB.txt"> describes some of the issues that confront a
+SMB implementation on unix, and how Samba copes with them. They may help
+people who are looking at unix<->PC interoperability.
+
+There is great variation between Unix implementations, especially those
+not adhering to the Common Unix Specification agreed to in 1996. Things
+that can be quite tricky are [.....]
+
+There are also some considerable advantages conferred on Samba running
+under Unix compared to, say, Windows NT or LAN Server. Unix has [...]
+
+At time of writing, the Makefile claimed support for:
+<itemize>
+<item> A/UX 3.0
+<item> AIX
+<item> Altos Series 386/1000
+<item> Amiga
+<item> Apollo Domain/OS sr10.3
+<item> BSDI 
+<item> B.O.S. (Bull Operating System)
+<item> Cray, Unicos 8.0
+<item> Convex
+<item> DGUX. 
+<item> DNIX.
+<item> FreeBSD
+<item> HP-UX
+<item> Intergraph. 
+<item> Linux with/without shadow passwords and quota
+<item> LYNX 2.3.0
+<item> MachTen (a unix like system for Macintoshes)
+<item> Motorola 88xxx/9xx range of machines
+<item> NetBSD
+<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
+<item> OS/2 using EMX 0.9b
+<item> OSF1
+<item> QNX 4.22
+<item> RiscIX. 
+<item> RISCOs 5.0B
+<item> SEQUENT. 
+<item> SCO (including: 3.2v2, European dist., OpenServer 5)
+<item> SGI.
+<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series
+<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
+<item> SUNOS 4
+<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
+<item> Sunsoft ISC SVR3V4
+<item> SVR4
+<item> System V with some berkely extensions (Motorola 88k R32V3.2).
+<item> ULTRIX.
+<item> UNIXWARE
+<item> UXP/DS
+</itemize>
+
+
+<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix">
+
+More recently Samba has been ported to a number of operating systems
+which can provide a BSD Unix-like implementation of TCP/IP sockets.
+These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS,
+Windows NT and several others are being worked on but not yet available
+for use.
+
+Home pages for these ports are:
+
+[...  ]
+
+<sect1>Exporting server resources with Samba<p><label id="Exporting">
+
+Files, printers, CD ROMs and other local devices. Network devices,
+including networked filesystems and remote printer queues. Other devices
+such as [....]
+
+        1.4) Configuring SHARES
+                1.4.1) Homes service
+                1.4.2) Public services
+                1.4.3) Application serving
+                1.4.4) Team sharing a Samba resource
+
+        1.5) Printer configuration
+                1.5.1) Berkeley LPR/LPD systems
+                1.5.2) ATT SysV lp systems
+                1.5.3) Using a private printcap file
+                1.5.4) Use of the smbprint utility
+                1.5.5) Printing from Windows to Unix
+                1.5.6) Printing from Unix to Windows
+
+<sect1>Name Resolution and Browsing<p><label id="NameBrowsing">
+
+See also <url url="../BROWSING.txt">
+
+        1.6) Name resolution issues
+                1.6.1) LMHOSTS file and when to use it
+                1.6.2) configuring WINS (support, server, proxy)
+                1.6.3) configuring DNS proxy
+
+        1.7) Problem Diagnosis
+        1.8) What NOT to do!!!!
+
+	3.2) Browse list managment
+        3.3) Name resolution mangement
+
+
+<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps">
+
+SMB encryption is ...
+
+...in <url url="../ENCRYPTION.txt"> there is...
+
+Samba compiled with libdes - enabling encrypted passwords
+
+
+<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws">
+
+<sect2>Relationship between encryption and Domain Authentication<p>
+
+<sect1> Files and record locking
+
+                3.1.1) Old DOS clients
+                3.1.2) Opportunistic locking and the consequences
+                3.1.3) Files caching under Windows for Workgroups, Win95 and NT
+    
+    Some of the foregoing links into Client-FAQ
+
+<sect1>Managing Samba Log files<p><label id="LogFiles">
+
+<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse">
+ See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt">
+ for more information on browsing.  Browsing.txt can also be found
+ in the docs directory of the Samba source.
+
+If your GUI client does not permit you to select non-browsable
+servers, you may need to do so on the command line. For example, under
+Lan Manager you might connect to the above service as disk drive M:
+thusly:
+<tscreen><verb>
+   net use M: \\mary\fred
+</verb></tscreen>
+The details of how to do this and the specific syntax varies from
+client to client - check your client's documentation.
+
+<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files">
+See the next question.
+
+<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames">
+If you check what files are not showing up, you will note that they
+are files which contain upper case letters or which are otherwise not
+DOS-compatible (ie, they are not legal DOS filenames for some reason).
+
+The Samba server can be configured either to ignore such files
+completely, or to present them to the client in "mangled" form. If you
+are not seeing the files at all, the Samba server has most likely been
+configured to ignore them.  Consult the man page smb.conf(5) for
+details of how to change this - the parameter you need to set is
+"mangled names = yes".
+
+<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server">
+This indicates one of three things: You supplied an incorrect server
+name, the underlying TCP/IP layer is not working correctly, or the
+name you specified cannot be resolved.
+
+After carefully checking that the name you typed is the name you
+should have typed, try doing things like pinging a host or telnetting
+to somewhere on your network to see if TCP/IP is functioning OK. If it
+is, the problem is most likely name resolution.
+
+If your client has a facility to do so, hardcode a mapping between the
+hosts IP and the name you want to use. For example, with Man Manager
+or Windows for Workgroups you would put a suitable entry in the file
+LMHOSTS. If this works, the problem is in the communication between
+your client and the netbios name server. If it does not work, then
+there is something fundamental wrong with your naming and the solution
+is beyond the scope of this document.
+
+If you do not have any server on your subnet supplying netbios name
+resolution, hardcoded mappings are your only option. If you DO have a
+netbios name server running (such as the Samba suite's nmbd program),
+the problem probably lies in the way it is set up. Refer to Section
+Two of this FAQ for more ideas.
+
+By the way, remember to REMOVE the hardcoded mapping before further
+tests :-)     
+
+<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share">
+This message indicates that your client CAN locate the specified
+server, which is a good start, but that it cannot find a service of
+the name you gave.
+
+The first step is to check the exact name of the service you are
+trying to connect to (consult your system administrator). Assuming it
+exists and you specified it correctly (read your client's doco on how
+to specify a service name correctly), read on:
+
+<itemize>
+<item> Many clients cannot accept or use service names longer than eight characters.
+<item> Many clients cannot accept or use service names containing spaces.
+<item> Some servers (not Samba though) are case sensitive with service names.
+<item> Some clients force service names into upper case.
+</itemize>
+
+<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net">
+Nothing is wrong - Samba does not implement the primary domain name
+controller stuff for several reasons, including the fact that the
+whole concept of a primary domain controller and "logging in to a
+network" doesn't fit well with clients possibly running on multiuser
+machines (such as users of smbclient under Unix). Having said that,
+several developers are working hard on building it in to the next
+major version of Samba. If you can contribute, send a message to
+<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> !
+
+Seeing this message should not affect your ability to mount redirected
+disks and printers, which is really what all this is about.
+
+For many clients (including Windows for Workgroups and Lan Manager),
+setting the domain to STANDALONE at least gets rid of the message.
+
+<sect1>Printing doesn't work :-(<p> <label id="no_printing"> 
+
+Make sure that the specified print command for the service you are
+connecting to is correct and that it has a fully-qualified path (eg.,
+use "/usr/bin/lpr" rather than just "lpr", if you happen to be using
+Unix).
+
+Make sure that the spool directory specified for the service is
+writable by the user connected to the service. 
+
+Make sure that the user specified in the service is permitted to use
+the printer.
+
+Check the debug log produced by smbd. Search for the printer name and
+see if the log turns up any clues. Note that error messages to do with
+a service ipc$ are meaningless - they relate to the way the client
+attempts to retrieve status information when using the LANMAN1
+protocol.
+
+If using WfWg then you need to set the default protocol to TCP/IP, not
+Netbeui. This is a WfWg bug.
+
+If using the Lanman1 protocol (the default) then try switching to
+coreplus.  Also not that print status error messages don't mean
+printing won't work. The print status is received by a different
+mechanism.
+
+<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run">
+There are numerous possible reasons for this, but one MAJOR
+possibility is that your software uses locking. Make sure you are
+using Samba 1.6.11 or later. It may also be possible to work around
+the problem by setting "locking=no" in the Samba configuration file
+for the service the software is installed on. This should be regarded
+as a strictly temporary solution.
+
+In earlier Samba versions there were some difficulties with the very
+latest Microsoft products, particularly Excel 5 and Word for Windows
+6. These should have all been solved. If not then please let Andrew
+Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">.
+
+<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string">
+OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
+of what I have changed it to in the smb.conf file.
+
+You need to use the -C option in nmbd. The "server string" affects
+what smbd puts out and -C affects what nmbd puts out.
+ 
+Current versions of Samba (1.9.16 +) have combined these options into
+the "server string" field of smb.conf, -C for nmbd is now obsolete.
+
+<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares">
+Your guest account is probably invalid for some reason. Samba uses the
+guest account for browsing in smbd.  Check that your guest account is
+valid.
+
+See also 'guest account' in smb.conf man page.
+
+<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues">
+
+<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> 
+
+The user "nobody" often has problems with printing, even if it worked
+with an earlier version of Samba. Try creating another guest user other
+than "nobody".
+
+<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid">
+This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.
+
+It might also mean that your OS has a trapdoor uid/gid system :-)
+
+This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.
+
+The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.
+
+Complain to your OS vendor and ask them to fix their system.
+
+Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!
+
+<sect1>Issues specific to IBM OS/2 systems<p><label id="OS2Issues">
+
+<url url="http://carol.wins.uva.nl/~leeuw/samba/samba2.html" name="Samba for OS/2">
+
+<sect1>Issues specific to IBM MVS systems<p><label id="MVSIssues">
+
+<url url="ftp://ftp.mks.com/pub/samba/" name="Samba for OS/390 MVS">
+
+<sect1>Issues specific to Digital VMS systems<p><label id="VMSIssues">
+
+<sect1>Issues specific to Amiga systems<p><label id="AmigaIssues">
+
+<url url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/" name="Samba for Amiga">
+
+There is a mailing list for Samba on the Amiga.
+
+                                Subscribing.
+
+   Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe
+in the message. The list server will use the address in the Reply-To: or
+From: header field, in that order.
+
+                               Unsubscribing.
+
+   Send an email to rask-samba-request@kampsax.dtu.dk with the word
+unsubscribe in the message. The list server will use the address in the
+Reply-To: or From: header field, in that order. If you are unsure which
+address you are subscribed with, look at the headers. You should see a
+"From " (no colon) or Return-Path: header looking something like
+
+   rask-samba-owner-myname=my.domain@kampsax.dtu.dk
+
+where myname=my.domain gives you the address myname@my.domain. This also
+means that I will always be able to find out which address is causing
+bounces, for example.
+                                List archive.
+
+   Messages sent to the list are archived in HTML. See the mailing list home
+page at <URL url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/">
+
+<sect1>Issues specific to Novell IntraNetware systems<p><label id="NetwareIssues">
+
+<sect1>Issues specific to Stratos VOS systems<p><label id="NetwareIssues">
+
+<url url="ftp://ftp.stratus.com/pub/vos/tools/" name="Samba for Stratus VOS">
+
+</article>
diff --git a/docs/faq/Samba-meta-FAQ-1.html b/docs/faq/Samba-meta-FAQ-1.html
new file mode 100755
index 00000000000..7258a32f1e2
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ-1.html
@@ -0,0 +1,160 @@
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ: Quick Reference Guides to Samba Documentation</TITLE>
+</HEAD>
+<BODY>
+Previous
+<A HREF="Samba-meta-FAQ-2.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc1">Table of Contents</A>
+<HR>
+<H2><A NAME="s1">1. Quick Reference Guides to Samba Documentation</A></H2>
+
+<P>
+<A NAME="quickref"></A> 
+</P>
+<P>We are endeavouring to provide links here to every major class of
+information about Samba or things related to Samba. We cannot list every
+document, but we are aiming for all documents to be at most two
+referrals from those listed here. This needs constant maintaining, so
+please send the author your feedback.</P>
+
+<H2><A NAME="ss1.1">1.1 Samba for the Impatient</A></H2>
+
+<P>
+<A NAME="impatient"></A> 
+</P>
+<P>You know you should read the documentation but can't wait to start? What
+you need to do then is follow the instructions in the following
+documents in the order given. This should be enough to get a fairly
+simple site going quickly. If you have any problems, refer back to this
+meta-FAQ and follow the links to find more reading material.</P>
+<P>
+<DL>
+<P>
+<A NAME="ImpGet"></A> 
+</P>
+<DT><B>Getting Samba:</B><DD><P>The fastest way to get Samba
+going is and install it is to have an operating system for which the
+Samba team has put together an installation package. To see if your OS
+is included have a look at the directory
+/pub/samba/Binary_Packages/"OS_Vendor" on your nearest 
+<A HREF="../MIRRORS">mirror site</A>. If it is included follow the
+installation instructions in the README file there and then do some 
+<A HREF="#ImpTest">basic testing</A>. If you are not so fortunate, follow the normal 
+<A HREF="Samba-meta-FAQ-2.html#WhereFrom">download instructions</A> and then continue with 
+<A HREF="#ImpInst">building and installing Samba</A>.</P>
+<P>
+<A NAME="ImpInst"></A> 
+</P>
+<DT><B>Building and Installing Samba:</B><DD><P>At the moment
+there are two kinds of Samba server installs besides the prepackaged
+binaries mentioned in the previous step. You need to decide if you have a 
+<A HREF="../UNIX_INSTALL.txt">Unix or close relative</A> or 
+<A HREF="Samba-Server-FAQ.html#PortInfo">other supported operating system</A>.</P>
+<P>
+<A NAME="ImpTest"></A> 
+</P>
+<DT><B>Basic Testing:</B><DD><P>Try to connect using the
+supplied smbclient command-line program. You need to know the IP
+hostname of your server. A service name must be defined in smb.conf, as
+given in the examples (under many operating systems if there is a
+<F>homes</F> service you can just use a valid username.) Then type
+<CODE>smbclient \\hostname\servicename</CODE>
+Under most Unixes you will need to put the parameters within quotation
+marks. If this works, try connecting from one of the SMB clients you
+were planning to use with Samba.</P>
+<P>
+<A NAME="ImpDebug"></A> 
+</P>
+<DT><B>Debug sequence:</B><DD><P>If you think you have completed the 
+previous step and things aren't working properly work through 
+<A HREF="../DIAGNOSIS.txt">the diagnosis recipe.</A></P>
+<P>
+<A NAME="ImpExp"></A> 
+</P>
+<DT><B>Exporting files to SMB clients:</B><DD><P>You should read the manual pages
+for smb.conf, but here is a 
+<A HREF="Samba-Server-FAQ.html#Exporting">quick answer guide.</A></P>
+<P>
+<A NAME="ImpControl"></A> 
+</P>
+<DT><B>Controlling user access:</B><DD><P>the quickest and dirtiest way of sharing
+resources is to use 
+<A HREF="Samba-meta-FAQ-4.html#ShareModeSecurity">share level security.</A> If you want to spend more time and have a proper username
+and password database you must read the paragraph on 
+<A HREF="Samba-meta-FAQ-4.html#DomainModeSecurity">domain mode security.</A> If you want
+encryption (eg you are using Windows NT clients) follow the 
+<A HREF="Samba-Server-FAQ.html#SMBEncryptionSteps">SMB encryption instructions.</A></P>
+<P>
+<A NAME="ImpBrowse"></A> 
+</P>
+<DT><B>Browsing:</B><DD><P>if you are happy to type in "\\samba-server\sharename"
+at the client end then do not read any further. Otherwise you need to
+understand the 
+browsing terminology</A>
+and read 
+<A HREF="Samba-Server-FAQ.html#NameBrowsing">Samba-Server-FAQ.html#NameBrowsing</A>. </P>
+<P>
+<A NAME="ImpPrint"></A> 
+</P>
+<DT><B>Printing:</B><DD><P>See the 
+<A HREF="Samba-Server-FAQ.html#Printing">printing quick answer guide.</A></P>
+
+</DL>
+</P>
+<P>If you have got everything working to this point, you can expect Samba
+to be stable and secure: these are its greatest strengths. However Samba
+has a great deal to offer and to go further you must do some more
+reading. Speed and security optimisations, printer accounting, network
+logons, roving profiles, browsing across multiple subnets and so on are
+all covered either in this document or in those it refers to.</P>
+
+
+<H2><A NAME="ss1.2">1.2 All Samba Documentation</A></H2>
+
+<P>
+<A NAME="AllDocs"></A> 
+</P>
+<P>
+<UL>
+<LI> Meta-FAQ. This is the mother of all documents, and is the one you
+are reading now. The latest version is always at 
+<A HREF="http://samba.org/[.....]">http://samba.org/[.....]</A> but there is probably a much
+nearer 
+<A HREF="../MIRRORS">mirror site</A> which you should use
+instead.
+</LI>
+<LI> 
+<A HREF="Samba-Server-FAQ.html">Samba-Server-FAQ.html</A> is the best starting point for
+information about server-side issues. Includes configuration tips and
+pointers for Samba on particular operating systems (with 40 to choose
+from...)
+</LI>
+<LI> 
+<A HREF="Samba-Client-FAQ.html">Samba-Client-FAQ.html</A> is the best starting point for
+information about client-side issues, includes a list of all clients
+that are known to work with Samba.
+</LI>
+<LI> 
+<A HREF="samba-man-index.html">manual pages</A> contains
+descriptions of and links to all the Samba manual pages, in Unix man and
+postscript format.
+</LI>
+<LI> 
+<A HREF="samba-txt-index.html">samba-txt-index.html</A> has descriptions of and links to
+a large number of text files have been contributed to samba covering
+many topics. These are gradually being absorbed into the FAQs and HOWTOs
+but in the meantime you might find helpful answers here.
+</LI>
+<LI> 
+</LI>
+</UL>
+</P>
+
+
+<HR>
+Previous
+<A HREF="Samba-meta-FAQ-2.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc1">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ-2.html b/docs/faq/Samba-meta-FAQ-2.html
new file mode 100755
index 00000000000..1e36332d426
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ-2.html
@@ -0,0 +1,384 @@
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ: General Information</TITLE>
+</HEAD>
+<BODY>
+<A HREF="Samba-meta-FAQ-1.html">Previous</A>
+<A HREF="Samba-meta-FAQ-3.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc2">Table of Contents</A>
+<HR>
+<H2><A NAME="s2">2. General Information</A></H2>
+
+<P>
+<A NAME="general_info"></A> 
+</P>
+<P>All about Samba - what it is, how to get it, related sources of
+information, how to understand the numbering scheme, pizza
+details.</P>
+
+<H2><A NAME="ss2.1">2.1 What is Samba?</A></H2>
+
+<P>
+<A NAME="introduction"></A> 
+</P>
+<P>Samba is a suite of programs which work together to allow clients to
+access to a server's filespace and printers via the SMB (Server Message
+Block) and CIFS (Common Internet Filesystem) protocols. Initially
+written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and
+Amigas. Ports to BeOS and other operating systems are underway. Samba
+gives the capability for these operating systems to behave much like a
+LAN Server, Windows NT Server or Pathworks machine, only with added
+functionality and flexibility designed to make life easier for
+administrators. </P>
+<P>This means that using Samba you can share a server's disks and printers
+to many sorts of network clients, including Lan Manager, Windows for
+Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic
+client program supplied as part of the Samba suite which gives a user on
+the server an ftp-like interface to access filespace and printers on any
+other SMB/CIFS servers.</P>
+<P>SMB has been implemented over many protocols, including XNS, NBT, IPX,
+NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change
+although there have been some requests for NetBEUI support.</P>
+<P>Many users report that compared to other SMB implementations Samba is
+more stable, faster, and compatible with more clients. Administrators of
+some large installations say that Samba is the only SMB server available
+which will scale to many tens of thousands of users without crashing.
+The easy way to test these claims is to download it and try it for
+yourself!</P>
+<P>The suite is supplied with full source code under the 
+<A HREF="../COPYING">GNU Public License</A>. The GPL means that you can
+use Samba for whatever purpose you wish (including changing the source
+or selling it for money) but under all circumstances the source code
+must be made freely available. A copy of the GPL must always be included
+in any copy of the package.</P>
+<P>The primary creator of the Samba suite is Andrew Tridgell. Later
+versions incorporate much effort by many net.helpers. The man pages
+and this FAQ were originally written by Karl Auer.</P>
+
+
+<H2><A NAME="ss2.2">2.2 What is the current version of Samba?</A></H2>
+
+<P>
+<A NAME="current_version"></A> 
+</P>
+<P>At time of writing, the current version was 1.9.17. If you want to be
+sure check the bottom of the change-log file. 
+<A HREF="ftp://samba.org/pub/samba/alpha/change-log">ftp://samba.org/pub/samba/alpha/change-log</A></P>
+<P>For more information see 
+<A HREF="#version_nums">What do the version numbers mean?</A></P>
+
+
+<H2><A NAME="ss2.3">2.3 Where can I get it? </A></H2>
+
+<P>
+<A NAME="WhereFrom"></A> 
+</P>
+<P>The Samba suite is available via anonymous ftp from samba.org and
+many 
+<A HREF="../MIRRORS">mirror</A> sites. You will get much
+faster performance if you use a mirror site. The latest and greatest
+versions of the suite are in the directory:</P>
+<P>/pub/samba/</P>
+<P>Development (read "alpha") versions, which are NOT necessarily stable
+and which do NOT necessarily have accurate documentation, are available
+in the directory:</P>
+<P>/pub/samba/alpha</P>
+<P>Note that binaries are NOT included in any of the above. Samba is
+distributed ONLY in source form, though binaries may be available from
+other sites. Most Linux distributions, for example, do contain Samba
+binaries for that platform. The VMS, OS/2, Netware and Amiga and other
+ports typically have binaries made available.</P>
+<P>A special case is vendor-provided binary packages. Samba binaries and
+default configuration files are put into packages for a specific
+operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
+already included, and others such as OS/2 may follow. All packages are
+in the directory:</P>
+<P>/pub/samba/Binary_Packages/"OS_Vendor"</P>
+
+
+<H2><A NAME="ss2.4">2.4 What do the version numbers mean?</A></H2>
+
+<P>
+<A NAME="version_nums"></A> 
+</P>
+<P>It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.</P>
+<P>How the scheme works:</P>
+<P>
+<OL>
+<LI>When major changes are made the version number is increased. For
+example, the transition from 1.9.16 to 1.9.17. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)
+</LI>
+<LI>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing.  The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.
+</LI>
+<LI>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.17.
+</LI>
+<LI>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.17p2.
+</LI>
+</OL>
+</P>
+<P>So the progression goes:</P>
+<P>
+<PRE>
+                1.9.16p10       (production)
+                1.9.16p11       (production)
+                1.9.17alpha1    (test sites only)
+                  :
+                1.9.17alpha20   (test sites only)
+                1.9.17          (production)
+                1.9.17p1        (production)
+</PRE>
+</P>
+<P>The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.</P>
+
+
+<H2><A NAME="ss2.5">2.5 Where can I go for further information?</A></H2>
+
+<P>
+<A NAME="more"></A> 
+</P>
+<P>There are a number of places to look for more information on Samba,
+including:</P>
+<P>
+<UL>
+<LI>Two mailing lists devoted to discussion of Samba-related matters.
+See below for subscription information.
+</LI>
+<LI>The newsgroup comp.protocols.smb, which has a great deal of
+discussion about Samba. 
+</LI>
+<LI>The WWW site 'SAMBA Web Pages' at 
+<A HREF="http://samba.org/samba/">http://samba.org/samba/</A> includes:
+
+<UL>
+<LI>Links to man pages and documentation, including this FAQ</LI>
+<LI>A comprehensive survey of Samba users</LI>
+<LI>A searchable hypertext archive of the Samba mailing list</LI>
+<LI>Links to Samba source code, binaries, and mirrors of both</LI>
+<LI>This FAQ and the rest in its family</LI>
+</UL>
+
+</LI>
+</UL>
+</P>
+
+
+<H2><A NAME="ss2.6">2.6 How do I subscribe to the Samba Mailing Lists?</A></H2>
+
+<P>
+<A NAME="mailinglist"></A> 
+</P>
+<P>Send email to 
+<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank,
+and include the following two lines in the body of the message:</P>
+<P>
+<BLOCKQUOTE><CODE>
+<PRE>
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+<P>Obviously you should substitute YOUR first name for "Firstname" and
+YOUR last name for "Lastname"! Try not to send any signature, it
+sometimes confuses the list processor.</P>
+<P>The samba list is a digest list - every eight hours or so it sends a
+single message containing all the messages that have been received by
+the list since the last time and sends a copy of this message to all
+subscribers. There are thousands of people on this list.</P>
+<P>If you stop being interested in Samba, please send another email to
+<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, and
+include the following two lines in the body of the message:</P>
+<P>
+<BLOCKQUOTE><CODE>
+<PRE>
+unsubscribe samba
+unsubscribe samba-announce
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+<P>The <B>From:</B> line in your message <EM>MUST</EM> be the same
+address you used when you subscribed.</P>
+
+
+<H2><A NAME="ss2.7">2.7 Something's gone wrong - what should I do?</A></H2>
+
+<P>
+<A NAME="wrong"></A> 
+</P>
+<P><B><F>#</F> *** IMPORTANT! *** <F>#</F></B></P>
+
+<P>DO NOT post messages on mailing lists or in newsgroups until you have
+carried out the first three steps given here!</P>
+<P>
+<OL>
+<LI> See if there are any likely looking entries in this FAQ!
+If you have just installed Samba, have you run through the checklist in
+<A HREF="ftp://samba.org/pub/samba/DIAGNOSIS.txt">DIAGNOSIS.txt</A>? It can save you a lot of time and effort.
+DIAGNOSIS.txt can also be found in the docs directory of the Samba
+distribution.
+</LI>
+<LI> Read the man pages for smbd, nmbd and smb.conf, looking for
+topics that relate to what you are trying to do.
+</LI>
+<LI> If there is no obvious solution to hand, try to get a look at
+the log files for smbd and/or nmbd for the period during which you
+were having problems. You may need to reconfigure the servers to
+provide more extensive debugging information - usually level 2 or
+level 3 provide ample debugging info. Inspect these logs closely,
+looking particularly for the string "Error:".
+</LI>
+<LI> If you need urgent help and are willing to pay for it see 
+<A HREF="#PaidSupport">Paid Support</A>.
+</LI>
+</OL>
+</P>
+<P>If you still haven't got anywhere, ask the mailing list or newsgroup. In
+general nobody minds answering questions provided you have followed the
+preceding steps. It might be a good idea to scan the archives of the
+mailing list, which are available through the Samba web site described
+in the previous section. When you post be sure to include a good
+description of your environment and your problem.</P>
+<P>If you successfully solve a problem, please mail the FAQ maintainer a
+succinct description of the symptom, the problem and the solution, so
+that an explanation can be incorporated into the next version.</P>
+
+
+<H2><A NAME="ss2.8">2.8 How do I submit patches or bug reports?</A></H2>
+
+
+<P>If you make changes to the source code, <EM>please</EM> submit these patches
+so that everyone else gets the benefit of your work. This is one of
+the most important aspects to the maintainence of Samba. Send all
+patches to 
+<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any
+other individual, they may be lost if you do.</P>
+<P>Patch format
+------------</P>
+<P>If you are sending a patch to fix a problem then please don't just use
+standard diff format. As an example, samba@samba.org received this patch from
+someone:</P>
+<P>382a
+#endif
+..
+381a
+#if !defined(NEWS61)</P>
+<P>How are we supposed to work out what this does and where it goes? These
+sort of patches only work if we both have identical files in the first
+place. The Samba sources are constantly changing at the hands of multiple
+developers, so it doesn't work.</P>
+<P>Please use either context diffs or (even better) unified diffs. You
+get these using "diff -c4" or "diff -u". If you don't have a diff that
+can generate these then please send manualy commented patches to I
+know what is being changed and where. Most patches are applied by hand so
+the info must be clear.</P>
+<P>This is a basic guideline that will assist us with assessing your problem
+more efficiently :</P>
+<P>Machine Arch:
+Machine OS:
+OS Version:
+Kernel:</P>
+<P>Compiler:
+Libc Version:</P>
+<P>Samba Version:</P>
+<P>Network Layout (description):</P>
+<P>What else is on machine (services, etc):</P>
+<P>Some extras :</P>
+<P>
+<UL>
+<LI> what you did and what happened
+</LI>
+<LI> relevant parts of a debugging output file with debuglevel higher.
+If you can't find the relevant parts, please ask before mailing
+huge files.
+</LI>
+<LI> anything else you think is useful to trace down the bug
+</LI>
+</UL>
+</P>
+
+
+<H2><A NAME="ss2.9">2.9 What if I have an URGENT message for the developers?</A></H2>
+
+
+<P>If you have spotted something very serious and believe that it is
+important to contact the developers quickly send a message to
+samba-urgent@samba.org. This will be processed more quickly than
+mail to samba@samba.org. Please think carefully before using this address. An
+example of its use might be to report a security hole.</P>
+<P>Examples of things <EM>not</EM> to send to samba-urgent include problems
+getting Samba to work at all and bugs that cannot potentially cause damage.</P>
+
+
+<H2><A NAME="ss2.10">2.10 What if I need paid-for support?</A></H2>
+
+<P>
+<A NAME="PaidSupport"></A> 
+</P>
+<P>Samba has a large network of consultants who provide Samba support on a
+commercial basis. The list is included in the package in 
+<A HREF="../Support.txt">../Support.txt</A>, and the latest version will always be on the main
+samba ftp site. Any company in the world can request that the samba team
+include their details in Support.txt so we can give no guarantee of
+their services.</P>
+
+
+<H2><A NAME="ss2.11">2.11 Pizza supply details</A></H2>
+
+<P>
+<A NAME="pizza"></A> 
+
+Those who have registered in the Samba survey as "Pizza Factory" will
+already know this, but the rest may need some help. Andrew doesn't ask
+for payment, but he does appreciate it when people give him
+pizza. This calls for a little organisation when the pizza donor is
+twenty thousand kilometres away, but it has been done.</P>
+<P>
+<OL>
+<LI> Ring up your local branch of an international pizza chain
+and see if they honour their vouchers internationally. Pizza Hut do,
+which is how the entire Canberra Linux Users Group got to eat pizza
+one night, courtesy of someone in the US.
+</LI>
+<LI>Ring up a local pizza shop in Canberra and quote a credit
+card number for a certain amount, and tell them that Andrew will be
+collecting it (don't forget to tell him.) One kind soul from Germany
+did this.
+</LI>
+<LI>Purchase a pizza voucher from your local pizza shop that has
+no international affiliations and send it to Andrew. It is completely
+useless but he can hang it on the wall next to the one he already has
+from Germany :-)
+</LI>
+<LI>Air freight him a pizza with your favourite regional
+flavours. It will probably get stuck in customs or torn apart by
+hungry sniffer dogs but it will have been a noble gesture.
+</LI>
+</OL>
+</P>
+
+
+<HR>
+<A HREF="Samba-meta-FAQ-1.html">Previous</A>
+<A HREF="Samba-meta-FAQ-3.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc2">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ-3.html b/docs/faq/Samba-meta-FAQ-3.html
new file mode 100755
index 00000000000..8ebb38a3345
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ-3.html
@@ -0,0 +1,101 @@
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ: About the CIFS and SMB Protocols</TITLE>
+</HEAD>
+<BODY>
+<A HREF="Samba-meta-FAQ-2.html">Previous</A>
+<A HREF="Samba-meta-FAQ-4.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc3">Table of Contents</A>
+<HR>
+<H2><A NAME="s3">3. About the CIFS and SMB Protocols</A></H2>
+
+<P>
+<A NAME="CifsSmb"></A> 
+</P>
+
+<H2><A NAME="ss3.1">3.1 What is the Server Message Block (SMB) Protocol?</A></H2>
+
+<P>SMB is a filesharing protocol that has had several maintainers and
+contributors over the years including Xerox, 3Com and most recently
+Microsoft. Names for this protocol include LAN Manager and Microsoft 
+Networking. Parts of the specification has been made public at several 
+versions including in an X/Open document, as listed at 
+<A HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/">ftp://ftp.microsoft.com/developr/drg/CIFS/</A>. No specification
+releases were made between 1992 and 1996, and during that period
+Microsoft became the SMB implementor with the largest market share.
+Microsoft developed the specification further for its products but for
+various reasons connected with developer's workload rather than market
+strategy did not make the changes public. This culminated with the 
+"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant 
+improvements and bugs. Because Microsoft client systems are so popular,
+it is fair to say that what Microsoft with Windows affects all suppliers
+of SMB server products.</P>
+<P>From 1994 Andrew Tridgell began doing some serious work on his 
+Smbserver (now Samba) product and with some helpers started to 
+implement more and more of these protocols. Samba began to take 
+a significant share of the SMB server market.</P>
+
+
+<H2><A NAME="ss3.2">3.2 What is the Common Internet Filesystem (CIFS)?</A></H2>
+
+<P>The initial pressure for Microsoft to document their current SMB
+implementation came from the Samba team, who kept coming across things
+on the wire that Microsoft either didn't know about or hadn't documented
+anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems
+came out with their WebNFS initiative, designed to replace FTP for file
+transfers on the Internet. There are many drawbacks to WebNFS (including
+its scope - it aims to replace HTTP as well!) but the concept was
+attractive. FTP is not very clever, and why should it be harder to get
+files from across the world than across the room? </P>
+<P>Some hasty revisions were made and an Internet Draft for the Common
+Internet Filesystem (CIFS) was released. Note that CIFS is not an
+Internet standard and is a very long way from becoming one, BUT the
+protocol specification is in the public domain and ongoing discussions
+concerning the spec take place on a public mailing list according to the
+rules of the Internet Engineering Task Force. For more information and
+pointers see 
+<A HREF="http://samba.org/cifs/">http://samba.org/cifs/</A></P>
+<P>The following is taken from 
+<A HREF="http://www.microsoft.com/intdev/cifs/">http://www.microsoft.com/intdev/cifs/</A></P>
+<P>
+<PRE>
+    CIFS defines a standard remote file system access protocol for use
+    over the Internet, enabling groups of users to work together and
+    share documents across the Internet or within their corporate
+    intranets. CIFS is an open, cross-platform technology based on the
+    native file-sharing protocols built into Microsoft� Windows� and
+    other popular PC operating systems, and supported on dozens of
+    other platforms, including UNIX�. With CIFS, millions of computer
+    users can open and share remote files on the Internet without having
+    to install new software or change the way they work.&quot;
+</PRE>
+</P>
+<P>If you consider CIFS as a backwardsly-compatible refinement of SMB that
+will work reasonably efficiently over the Internet you won't be too far
+wrong.</P>
+<P>The net effect is that Microsoft is now documenting large parts of their
+Windows NT fileserver protocols. The security concepts embodied in
+Windows NT are part of the specification, which is why Samba
+documentation often talks in terms of Windows NT. However there is no
+reason why a site shouldn't conduct all its file and printer sharing
+with CIFS and yet have no Microsoft products at all.</P>
+
+
+<H2><A NAME="ss3.3">3.3 What is Browsing? </A></H2>
+
+<P>The term "Browsing" causes a lot of confusion. It is the part of the
+SMB/CIFS protocol which allows for resource discovery. For example, in
+the Windows NT Explorer it is possible to see a "Network Neighbourhood"
+of computers in the same SMB workgroup. Clicking on the name of one of 
+these machines brings up a list of file and printer resources for
+connecting to. In this way you can cruise the network, seeing what
+things are available. How this scales to the Internet is a subject for
+debate. Look at the CIFS list archives to see what the experts think.</P>
+
+
+<HR>
+<A HREF="Samba-meta-FAQ-2.html">Previous</A>
+<A HREF="Samba-meta-FAQ-4.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc3">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ-4.html b/docs/faq/Samba-meta-FAQ-4.html
new file mode 100755
index 00000000000..73a9eea8471
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ-4.html
@@ -0,0 +1,215 @@
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ: Designing A SMB and CIFS Network</TITLE>
+</HEAD>
+<BODY>
+<A HREF="Samba-meta-FAQ-3.html">Previous</A>
+<A HREF="Samba-meta-FAQ-5.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc4">Table of Contents</A>
+<HR>
+<H2><A NAME="s4">4. Designing A SMB and CIFS Network</A></H2>
+
+
+<P>The big issues for installing any network of LAN or WAN file and print
+servers are </P>
+<P>
+<UL>
+<LI>How and where usernames, passwords and other security information
+is stored 
+</LI>
+<LI>What method can be used for locating the resources that users have
+permission to use 
+</LI>
+<LI>What protocols the clients can converse with
+</LI>
+</UL>
+ </P>
+<P>If you buy Netware, Windows NT or just about any other LAN fileserver
+product you are expected to lock yourself into the product's preferred
+answers to these questions. This tendancy is restrictive and often very
+expensive for a site where there is only one kind of client or server,
+and for sites with a mixture of operating systems it often makes it
+impossible to share resources between some sets of users.</P>
+<P>The Samba philosophy is to make things as easy as possible for
+administators, which means allowing as many combinations of clients,
+servers, operating systems and protocols as possible.</P>
+
+<H2><A NAME="ss4.1">4.1 Workgroups, Domains, Authentication and Browsing</A></H2>
+
+
+<P>From the point of view of networking implementation, Domains and
+Workgroups are <EM>exactly</EM> the same, except for the client logon
+sequence. Some kind of distributed authentication database is associated
+with a domain (there are quite a few choices) and this adds so much
+flexibility that many people think of a domain as a completely different
+entity to a workgroup. From Samba's point of view a client connecting to
+a service presents an authentication token, and it if it is valid they
+have access. Samba does not care what mechanism was used to generate
+that token in the first place.</P>
+<P>The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+However the network browsing functionality of domains and workgroups is
+identical and is explained in 
+<A HREF="../BROWSING.txt">../BROWSING.txt</A>.</P>
+<P>There are some implementation differences: Windows 95 can be a member of
+both a workgroup and a domain, but Windows NT cannot. Windows 95 also
+has the concept of an "alternative workgroup". Samba can only be a
+member of a single workgroup or domain, although this is due to change
+with a future version when nmbd will be split into two daemons, one for
+WINS and the other for browsing (
+<A HREF="../NetBIOS.txt">../NetBIOS.txt</A> explains
+what WINS is.)</P>
+
+<H3>Defining the Terms</H3>
+
+<P>
+<A NAME="BrowseAndDomainDefs"></A> 
+</P>
+<P>
+<DL>
+
+<DT><B>Workgroup</B><DD><P>means a collection of machines that maintain a common
+browsing database containing information about their shared resources.
+They do not necessarily have any security information in common (if they
+do, it gets called a Domain.) The browsing database is dynamic, modified
+as servers come and go on the network and as resources are added or
+deleted. The term "browsing" refers to a user accessing the database via
+whatever interface the client provides, eg the OS/2 Workplace Shell or
+Windows 95 Explorer. SMB servers agree between themselves as to which
+ones will maintain the browsing database. Workgroups can be anywhere on
+a connected TCP/IP network, including on different subnets or even on
+the Interet. This is a very tricky part of SMB to implement.</P>
+
+<DT><B>Master Browsers</B><DD><P>are machines which holds the master browsing
+database for a workgroup or domain. There are two kinds of Master Browser:</P>
+<P>
+<UL>
+<LI> Domain Master Browser, which holds the master browsing
+information for an entire domain, which may well cross multiple TCP/IP
+subnets.
+</LI>
+<LI> Local Master Browser, which holds the master browsing database
+for a particular subnet and communicates with the Domain Master Browser
+to get information on other subnets.
+</LI>
+</UL>
+</P>
+<P>Subnets are differentiated because browsing is based on broadcasts, and
+broadcasts do not pass through routers. Subnets are not routed: while it
+is possible to have more than one subnet on a single network segment
+this is regarded as very bad practice.</P>
+<P>Master Browsers (both Domain and Local) are elected dynamically
+according to an algorithm which is supposed to take into account the
+machine's ability to sustain the browsing load. Samba can be configured
+to always act as a master browser, ie it always wins elections under all
+circumstances, even against systems such as a Windows NT Primary Domain
+Controller which themselves expect to win. </P>
+<P>There are also Backup Browsers which are promoted to Master Browsers in
+the event of a Master Browser disappearing from the network.</P>
+<P>Alternative terms include confusing variations such as "Browse Master",
+and "Master Browser" which we are trying to eliminate from the Samba
+documentation. </P>
+
+<DT><B>Domain Controller</B><DD><P>is a term which comes from the Microsoft and IBM
+etc implementation of the LAN Manager protocols. It is tied to
+authentication. There are other ways of doing domain authentication, but
+the Windows NT method has a large market share. The general issues are
+discussed in 
+<A HREF="../DOMAIN.txt">../DOMAIN.txt</A> and a Windows NT-specific
+discussion is in 
+<A HREF="../DOMAIN_CONTROL.txt">../DOMAIN_CONTROL.txt</A>.</P>
+
+</DL>
+</P>
+
+<H3>Sharelevel (Workgroup) Security Services</H3>
+
+<P>
+<A NAME="ShareModeSecurity"></A> 
+</P>
+<P>With the Samba setting "security = SHARE", all shared resources
+information about what password is associated with them but only hints
+as to what usernames might be valid (the hint can be 'all users', in
+which case any username will work. This is usually a bad idea, but
+reflects both the initial implementations of SMB in the mid-80s and
+its reincarnation with Windows for Workgroups in 1992. The idea behind
+workgroup security was that small independant groups of people could
+share information on an ad-hoc basis without there being an
+authentication infrastructure present or requiring them to do more than
+fill in a dialogue box.</P>
+
+<H3>Authentication Domain Mode Services</H3>
+
+<P>
+<A NAME="DomainModeSecurity"></A> 
+</P>
+<P>With the Samba settings "security = USER" or "security = SERVER"
+accesses to all resources are checked for username/password pair matches
+in a more rigorous manner. To the client, this has the effect of
+emulating a Microsoft Domain. The client is not concerned whether or not
+Samba looks up a Windows NT SAM or does it in some other way.</P>
+
+
+<H2><A NAME="ss4.2">4.2 Authentication Schemes</A></H2>
+
+
+<P>In the simple case authentication information is stored on a single
+server and the user types a password on connecting for the first time.
+However client operating systems often require a password before they
+can be used at all, and in addition users usually want access to more
+than one server. Asking users to remember many different passwords in
+different contexts just does not work. Some kind of distributed
+authentication database is needed. It must cope with password changes
+and provide for assigning groups of users the same level of access
+permissions. This is why Samba installations often choose to implement a
+Domain model straight away.</P>
+<P>Authentication decisions are some of the biggest in designing a network.
+Are you going to use a scheme native to the client operating system,
+native to the server operating system, or newly installed on both? A
+list of options relevant to Samba (ie that make sense in the context of
+the SMB protocol) follows. Any experiences with other setups would be
+appreciated. <F>refer to server FAQ for "passwd chat" passwd program 
+password server etc etc...</F></P>
+
+<H3>NIS</H3>
+
+
+<P>For Windows 95, Windows for Workgroups and most other clients Samba can
+be a domain controller and share the password database via NIS
+transparently. Windows NT is different. 
+<A HREF="http://www.dcs.qmw.ac.uk/~williams">Free NIS NT client</A></P>
+
+<H3>Kerberos</H3>
+
+
+<P>Kerberos for US users only:
+<A HREF="http://www.cygnus.com/product/unifying-security.html">Kerberos overview</A>
+<A HREF="http://www.cygnus.com/product/kerbnet-download.html">Download Kerberos</A></P>
+
+<H3>FTP</H3>
+
+
+<P>Other NT w/s logon hack via NT</P>
+
+<H3>Default Server Method</H3>
+
+
+
+<H3>Client-side Database Only</H3>
+
+
+
+
+<H2><A NAME="ss4.3">4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles</A></H2>
+
+
+<P>See 
+<A HREF="../DOMAIN.txt">../DOMAIN.txt</A></P>
+
+
+<HR>
+<A HREF="Samba-meta-FAQ-3.html">Previous</A>
+<A HREF="Samba-meta-FAQ-5.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc4">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ-5.html b/docs/faq/Samba-meta-FAQ-5.html
new file mode 100755
index 00000000000..ad528b0a975
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ-5.html
@@ -0,0 +1,30 @@
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ: Cross-Protocol File Sharing</TITLE>
+</HEAD>
+<BODY>
+<A HREF="Samba-meta-FAQ-4.html">Previous</A>
+<A HREF="Samba-meta-FAQ-6.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc5">Table of Contents</A>
+<HR>
+<H2><A NAME="s5">5. Cross-Protocol File Sharing</A></H2>
+
+
+<P>Samba is an important tool for...</P>
+<P>It is possible to...</P>
+<P>File protocol gateways...</P>
+<P>"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html</P>
+<P>Two free implementations of Appletalk for Unix are Netatalk, 
+<A HREF="http://www.umich.edu/~rsug/netatalk/">http://www.umich.edu/~rsug/netatalk/</A>, and CAP, 
+<A HREF="http://www.cs.mu.oz.au/appletalk/atalk.html">http://www.cs.mu.oz.au/appletalk/atalk.html</A>. What Samba offers MS
+Windows users, these packages offer to Macs. For more info on these
+packages, Samba, and Linux (and other UNIX-based systems) see 
+<A HREF="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</A> 3.5) Sniffing your nework</P>
+
+
+<HR>
+<A HREF="Samba-meta-FAQ-4.html">Previous</A>
+<A HREF="Samba-meta-FAQ-6.html">Next</A>
+<A HREF="Samba-meta-FAQ.html#toc5">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ-6.html b/docs/faq/Samba-meta-FAQ-6.html
new file mode 100755
index 00000000000..f8cd7817d69
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ-6.html
@@ -0,0 +1,30 @@
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ: Miscellaneous</TITLE>
+</HEAD>
+<BODY>
+<A HREF="Samba-meta-FAQ-5.html">Previous</A>
+Next
+<A HREF="Samba-meta-FAQ.html#toc6">Table of Contents</A>
+<HR>
+<H2><A NAME="s6">6. Miscellaneous</A></H2>
+
+<P>
+<A NAME="miscellaneous"></A> 
+</P>
+<H2><A NAME="ss6.1">6.1 Is Samba Year 2000 compliant?</A></H2>
+
+<P>
+<A NAME="Year2000Compliant"></A> 
+
+The CIFS protocol that Samba implements
+negotiates times in various formats, all of which
+are able to cope with dates beyond 2000.</P>
+
+
+<HR>
+<A HREF="Samba-meta-FAQ-5.html">Previous</A>
+Next
+<A HREF="Samba-meta-FAQ.html#toc6">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ.html b/docs/faq/Samba-meta-FAQ.html
new file mode 100755
index 00000000000..38f094bf339
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ.html
@@ -0,0 +1,102 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<HTML>
+<HEAD>
+<TITLE> Samba meta FAQ</TITLE>
+</HEAD>
+<BODY>
+Previous
+<A HREF="Samba-meta-FAQ-1.html">Next</A>
+Table of Contents
+<HR>
+<H1> Samba meta FAQ</H1>
+
+<H2>Dan Shearer & Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.3, 7 Oct '97
+<P><HR><EM> This is the meta-Frequently Asked Questions (FAQ) document
+for Samba, the free and very popular SMB and CIFS server product. It
+contains overview information for the Samba suite of programs, a
+quick-start guide, and pointers to all other Samba documentation. Other
+FAQs exist for specific client and server issues, and HOWTO documents
+for more extended topics to do with Samba software. Current to version
+Samba 1.9.17. Please send any corrections to the author. </EM><HR></P>
+<P>
+<H2><A NAME="toc1">1.</A> <A HREF="Samba-meta-FAQ-1.html">Quick Reference Guides to Samba Documentation</A></H2>
+<UL>
+<LI><A HREF="Samba-meta-FAQ-1.html#ss1.1">1.1 Samba for the Impatient</A>
+<LI><A HREF="Samba-meta-FAQ-1.html#ss1.2">1.2 All Samba Documentation</A>
+</UL>
+
+<P>
+<H2><A NAME="toc2">2.</A> <A HREF="Samba-meta-FAQ-2.html">General Information</A></H2>
+<UL>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.1">2.1 What is Samba?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.2">2.2 What is the current version of Samba?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.3">2.3 Where can I get it? </A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.4">2.4 What do the version numbers mean?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.5">2.5 Where can I go for further information?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.6">2.6 How do I subscribe to the Samba Mailing Lists?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.7">2.7 Something's gone wrong - what should I do?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.8">2.8 How do I submit patches or bug reports?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.9">2.9 What if I have an URGENT message for the developers?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.10">2.10 What if I need paid-for support?</A>
+<LI><A HREF="Samba-meta-FAQ-2.html#ss2.11">2.11 Pizza supply details</A>
+</UL>
+
+<P>
+<H2><A NAME="toc3">3.</A> <A HREF="Samba-meta-FAQ-3.html">About the CIFS and SMB Protocols</A></H2>
+<UL>
+<LI><A HREF="Samba-meta-FAQ-3.html#ss3.1">3.1 What is the Server Message Block (SMB) Protocol?</A>
+<LI><A HREF="Samba-meta-FAQ-3.html#ss3.2">3.2 What is the Common Internet Filesystem (CIFS)?</A>
+<LI><A HREF="Samba-meta-FAQ-3.html#ss3.3">3.3 What is Browsing? </A>
+</UL>
+
+<P>
+<H2><A NAME="toc4">4.</A> <A HREF="Samba-meta-FAQ-4.html">Designing A SMB and CIFS Network</A></H2>
+<UL>
+<LI><A HREF="Samba-meta-FAQ-4.html#ss4.1">4.1 Workgroups, Domains, Authentication and Browsing</A>
+<LI><A HREF="Samba-meta-FAQ-4.html#ss4.2">4.2 Authentication Schemes</A>
+<LI><A HREF="Samba-meta-FAQ-4.html#ss4.3">4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles</A>
+</UL>
+
+<P>
+<H2><A NAME="toc5">5.</A> <A HREF="Samba-meta-FAQ-5.html">Cross-Protocol File Sharing</A></H2>
+
+<P>
+<H2><A NAME="toc6">6.</A> <A HREF="Samba-meta-FAQ-6.html">Miscellaneous</A></H2>
+<UL>
+<LI><A HREF="Samba-meta-FAQ-6.html#ss6.1">6.1 Is Samba Year 2000 compliant?</A>
+</UL>
+
+
+<HR>
+Previous
+<A HREF="Samba-meta-FAQ-1.html">Next</A>
+Table of Contents
+</BODY>
+</HTML>
diff --git a/docs/faq/Samba-meta-FAQ.sgml b/docs/faq/Samba-meta-FAQ.sgml
new file mode 100755
index 00000000000..377d81663d7
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ.sgml
@@ -0,0 +1,771 @@
+<!doctype linuxdoc system> <!-- -*- SGML -*- -->
+<!--
+ v 0.1 23 Aug 1997 	Dan Shearer 
+			Original Samba-meta-FAQ.sgml from Paul's sambafaq.sgml
+ v 0.2 25 Aug 1997      Dan   
+ v 0.3 7  Oct 1997	Paul
+			Changed samba.canberra refs to samba.anu.../samba/
+-->
+
+<article>
+
+<title> Samba meta FAQ
+
+<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt>
+
+<date>v 0.3, 7 Oct '97
+
+<abstract> This is the meta-Frequently Asked Questions (FAQ) document
+for Samba, the free and very popular SMB and CIFS server product. It
+contains overview information for the Samba suite of programs, a
+quick-start guide, and pointers to all other Samba documentation. Other
+FAQs exist for specific client and server issues, and HOWTO documents
+for more extended topics to do with Samba software. Current to version
+Samba 1.9.17. Please send any corrections to the author. 
+</abstract>
+
+<toc>
+
+<sect> Quick Reference Guides to Samba Documentation<p><label id=quickref>
+
+We are endeavouring to provide links here to every major class of
+information about Samba or things related to Samba. We cannot list every
+document, but we are aiming for all documents to be at most two
+referrals from those listed here. This needs constant maintaining, so
+please send the author your feedback.
+
+<sect1> Samba for the Impatient<p><label id="impatient">
+
+You know you should read the documentation but can't wait to start? What
+you need to do then is follow the instructions in the following
+documents in the order given. This should be enough to get a fairly
+simple site going quickly. If you have any problems, refer back to this
+meta-FAQ and follow the links to find more reading material.
+
+<descrip>
+
+<label id="ImpGet"><tag/Getting Samba:/ The fastest way to get Samba
+going is and install it is to have an operating system for which the
+Samba team has put together an installation package. To see if your OS
+is included have a look at the directory
+/pub/samba/Binary_Packages/"OS_Vendor" on your nearest <url
+url="../MIRRORS" name="mirror site">. If it is included follow the
+installation instructions in the README file there and then do some <ref id="ImpTest"
+name="basic testing">. If you are not so fortunate, follow the normal <ref
+id="WhereFrom" name="download instructions"> and then continue with <ref
+id="ImpInst" name="building and installing Samba">.
+
+<label id="ImpInst"><tag/Building and Installing Samba:/ At the moment
+there are two kinds of Samba server installs besides the prepackaged
+binaries mentioned in the previous step. You need to decide if you have a <url url="../UNIX_INSTALL.txt"
+name="Unix or close relative"> or <url
+url="Samba-Server-FAQ.html#PortInfo" name="other supported operating system">.
+
+<label id="ImpTest"><tag/Basic Testing:/ Try to connect using the
+supplied smbclient command-line program. You need to know the IP
+hostname of your server. A service name must be defined in smb.conf, as
+given in the examples (under many operating systems if there is a
+[homes] service you can just use a valid username.) Then type
+<tt>
+        smbclient \\hostname\servicename
+</tt>
+Under most Unixes you will need to put the parameters within quotation
+marks. If this works, try connecting from one of the SMB clients you
+were planning to use with Samba.
+
+<label id="ImpDebug"><tag/Debug sequence:/ If you think you have completed the 
+previous step and things aren't working properly work through 
+<url url="../DIAGNOSIS.txt" name="the diagnosis recipe.">
+
+<label id="ImpExp"><tag/Exporting files to SMB clients:/ You should read the manual pages
+for smb.conf, but here is a <url url="Samba-Server-FAQ.html#Exporting"
+name="quick answer guide.">
+
+<label id="ImpControl"><tag/Controlling user access:/ the quickest and dirtiest way of sharing
+resources is to use <ref id="ShareModeSecurity" name="share level
+security."> If you want to spend more time and have a proper username
+and password database you must read the paragraph on <ref
+id="DomainModeSecurity" name="domain mode security."> If you want
+encryption (eg you are using Windows NT clients) follow the <url
+url="Samba-Server-FAQ.html#SMBEncryptionSteps" name="SMB encryption
+instructions.">
+
+<label id="ImpBrowse"><tag/Browsing:/ if you are happy to type in "\\samba-server\sharename"
+at the client end then do not read any further. Otherwise you need to
+understand the <ref id="BrowsingDefinitions" name="browsing terminology">
+and read <url url="Samba-Server-FAQ.html#NameBrowsing">. 
+
+<label id="ImpPrint"><tag/Printing:/ See the <url url="Samba-Server-FAQ.html#Printing"
+name="printing quick answer guide.">
+
+</descrip>
+
+If you have got everything working to this point, you can expect Samba
+to be stable and secure: these are its greatest strengths. However Samba
+has a great deal to offer and to go further you must do some more
+reading. Speed and security optimisations, printer accounting, network
+logons, roving profiles, browsing across multiple subnets and so on are
+all covered either in this document or in those it refers to.
+
+<sect1> All Samba Documentation<p><label id=AllDocs>
+
+<itemize>
+
+<item> Meta-FAQ. This is the mother of all documents, and is the one you
+are reading now. The latest version is always at <url
+url="http://samba.org/[.....]"> but there is probably a much
+nearer <url url="../MIRRORS" name="mirror site"> which you should use
+instead.
+
+<item> <url url="Samba-Server-FAQ.html"> is the best starting point for
+information about server-side issues. Includes configuration tips and
+pointers for Samba on particular operating systems (with 40 to choose
+from...)
+
+<item> <url url="Samba-Client-FAQ.html"> is the best starting point for
+information about client-side issues, includes a list of all clients
+that are known to work with Samba.
+
+<item> <url url="samba-man-index.html" name="manual pages"> contains
+descriptions of and links to all the Samba manual pages, in Unix man and
+postscript format.
+
+<item> <url url="samba-txt-index.html"> has descriptions of and links to
+a large number of text files have been contributed to samba covering
+many topics. These are gradually being absorbed into the FAQs and HOWTOs
+but in the meantime you might find helpful answers here.
+
+<item> 
+
+</itemize>
+
+<sect> General Information<p><label id="general_info">
+
+All about Samba - what it is, how to get it, related sources of
+information, how to understand the numbering scheme, pizza
+details.
+
+<sect1> What is Samba?<p><label id="introduction">
+
+Samba is a suite of programs which work together to allow clients to
+access to a server's filespace and printers via the SMB (Server Message
+Block) and CIFS (Common Internet Filesystem) protocols. Initially
+written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and
+Amigas. Ports to BeOS and other operating systems are underway. Samba
+gives the capability for these operating systems to behave much like a
+LAN Server, Windows NT Server or Pathworks machine, only with added
+functionality and flexibility designed to make life easier for
+administrators. 
+
+This means that using Samba you can share a server's disks and printers
+to many sorts of network clients, including Lan Manager, Windows for
+Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic
+client program supplied as part of the Samba suite which gives a user on
+the server an ftp-like interface to access filespace and printers on any
+other SMB/CIFS servers.
+
+SMB has been implemented over many protocols, including XNS, NBT, IPX,
+NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change
+although there have been some requests for NetBEUI support.
+
+Many users report that compared to other SMB implementations Samba is
+more stable, faster, and compatible with more clients. Administrators of
+some large installations say that Samba is the only SMB server available
+which will scale to many tens of thousands of users without crashing.
+The easy way to test these claims is to download it and try it for
+yourself!
+
+The suite is supplied with full source code under the <url
+url="../COPYING" name="GNU Public License">. The GPL means that you can
+use Samba for whatever purpose you wish (including changing the source
+or selling it for money) but under all circumstances the source code
+must be made freely available. A copy of the GPL must always be included
+in any copy of the package.
+
+The primary creator of the Samba suite is Andrew Tridgell. Later
+versions incorporate much effort by many net.helpers. The man pages
+and this FAQ were originally written by Karl Auer.
+
+<sect1> What is the current version of Samba?<p><label id="current_version">
+
+At time of writing, the current version was 1.9.17. If you want to be
+sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log">
+
+For more information see <ref id="version_nums" name="What do the version numbers mean?">
+
+<sect1> Where can I get it? <p><label id="WhereFrom">
+
+The Samba suite is available via anonymous ftp from samba.org and
+many <url url="../MIRRORS" name="mirror"> sites. You will get much
+faster performance if you use a mirror site. The latest and greatest
+versions of the suite are in the directory:
+
+/pub/samba/
+
+Development (read "alpha") versions, which are NOT necessarily stable
+and which do NOT necessarily have accurate documentation, are available
+in the directory:
+
+/pub/samba/alpha
+
+Note that binaries are NOT included in any of the above. Samba is
+distributed ONLY in source form, though binaries may be available from
+other sites. Most Linux distributions, for example, do contain Samba
+binaries for that platform. The VMS, OS/2, Netware and Amiga and other
+ports typically have binaries made available.
+
+A special case is vendor-provided binary packages. Samba binaries and
+default configuration files are put into packages for a specific
+operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
+already included, and others such as OS/2 may follow. All packages are
+in the directory:
+
+/pub/samba/Binary_Packages/"OS_Vendor"
+
+<sect1>What do the version numbers mean?<p><label id="version_nums">
+
+It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.
+
+How the scheme works:
+
+<enum>
+
+<item>When major changes are made the version number is increased. For
+example, the transition from 1.9.16 to 1.9.17. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)
+
+<item>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing.  The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.
+
+<item>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.17.
+
+<item>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.17p2.
+
+</enum>
+
+So the progression goes:
+
+<verb>
+		1.9.16p10	(production)
+		1.9.16p11	(production)
+		1.9.17alpha1	(test sites only)
+		  :
+		1.9.17alpha20	(test sites only)
+		1.9.17		(production)
+		1.9.17p1	(production)
+</verb>
+
+The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.
+
+<sect1> Where can I go for further information?<p><label id="more">
+
+There are a number of places to look for more information on Samba,
+including:
+
+<itemize>
+
+<item>Two mailing lists devoted to discussion of Samba-related matters.
+See below for subscription information.
+
+<item>The newsgroup comp.protocols.smb, which has a great deal of
+discussion about Samba. 
+
+<item>The WWW site 'SAMBA Web Pages' at <url
+url="http://samba.org/samba/"> includes:
+
+  <itemize>
+    <item>Links to man pages and documentation, including this FAQ
+    <item>A comprehensive survey of Samba users
+    <item>A searchable hypertext archive of the Samba mailing list
+    <item>Links to Samba source code, binaries, and mirrors of both
+    <item>This FAQ and the rest in its family
+  </itemize>
+
+</itemize>
+
+<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist">
+
+Send email to <htmlurl url="mailto:listproc@samba.org"
+name="listproc@samba.org">. Make sure the subject line is blank,
+and include the following two lines in the body of the message:
+
+<tscreen><verb>
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+</verb></tscreen>
+
+Obviously you should substitute YOUR first name for "Firstname" and
+YOUR last name for "Lastname"! Try not to send any signature, it
+sometimes confuses the list processor.
+
+The samba list is a digest list - every eight hours or so it sends a
+single message containing all the messages that have been received by
+the list since the last time and sends a copy of this message to all
+subscribers. There are thousands of people on this list.
+
+If you stop being interested in Samba, please send another email to
+<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and
+include the following two lines in the body of the message:
+
+<tscreen><verb>
+unsubscribe samba
+unsubscribe samba-announce
+</verb></tscreen>
+
+The <bf>From:</bf> line in your message <em>MUST</em> be the same
+address you used when you subscribed.
+
+<sect1> Something's gone wrong - what should I do?<p><label id="wrong">
+
+<bf>[#] *** IMPORTANT! *** [#]</bf>
+<p>
+
+DO NOT post messages on mailing lists or in newsgroups until you have
+carried out the first three steps given here!
+
+<enum> <item> See if there are any likely looking entries in this FAQ!
+If you have just installed Samba, have you run through the checklist in
+<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt"
+name="DIAGNOSIS.txt">? It can save you a lot of time and effort.
+DIAGNOSIS.txt can also be found in the docs directory of the Samba
+distribution.
+
+<item> Read the man pages for smbd, nmbd and smb.conf, looking for
+topics that relate to what you are trying to do.
+
+<item> If there is no obvious solution to hand, try to get a look at
+the log files for smbd and/or nmbd for the period during which you
+were having problems. You may need to reconfigure the servers to
+provide more extensive debugging information - usually level 2 or
+level 3 provide ample debugging info. Inspect these logs closely,
+looking particularly for the string "Error:".
+
+<item> If you need urgent help and are willing to pay for it see 
+<ref id="PaidSupport" name="Paid Support">.
+
+</enum>
+
+If you still haven't got anywhere, ask the mailing list or newsgroup. In
+general nobody minds answering questions provided you have followed the
+preceding steps. It might be a good idea to scan the archives of the
+mailing list, which are available through the Samba web site described
+in the previous section. When you post be sure to include a good
+description of your environment and your problem.
+
+If you successfully solve a problem, please mail the FAQ maintainer a
+succinct description of the symptom, the problem and the solution, so
+that an explanation can be incorporated into the next version.
+
+<sect1> How do I submit patches or bug reports?<p>
+
+If you make changes to the source code, <em>please</em> submit these patches
+so that everyone else gets the benefit of your work. This is one of
+the most important aspects to the maintainence of Samba. Send all
+patches to <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. Do not send patches to Andrew Tridgell or any
+other individual, they may be lost if you do.
+
+Patch format
+------------
+
+If you are sending a patch to fix a problem then please don't just use
+standard diff format. As an example, samba@samba.org received this patch from
+someone:
+
+382a
+#endif
+..
+381a
+#if !defined(NEWS61)
+
+How are we supposed to work out what this does and where it goes? These
+sort of patches only work if we both have identical files in the first
+place. The Samba sources are constantly changing at the hands of multiple
+developers, so it doesn't work.
+
+Please use either context diffs or (even better) unified diffs. You
+get these using "diff -c4" or "diff -u". If you don't have a diff that
+can generate these then please send manualy commented patches to I
+know what is being changed and where. Most patches are applied by hand so
+the info must be clear.
+
+This is a basic guideline that will assist us with assessing your problem
+more efficiently :
+
+Machine Arch:
+Machine OS:
+OS Version:
+Kernel:
+
+Compiler:
+Libc Version:
+
+Samba Version:
+
+Network Layout (description):
+
+What else is on machine (services, etc):
+
+Some extras :
+
+<itemize>
+
+<item> what you did and what happened
+
+<item> relevant parts of a debugging output file with debuglevel higher.
+  If you can't find the relevant parts, please ask before mailing
+  huge files.
+
+<item> anything else you think is useful to trace down the bug
+
+</itemize>
+
+<sect1> What if I have an URGENT message for the developers?<p>
+
+If you have spotted something very serious and believe that it is
+important to contact the developers quickly send a message to
+samba-urgent@samba.org. This will be processed more quickly than
+mail to samba@samba.org. Please think carefully before using this address. An
+example of its use might be to report a security hole.
+
+Examples of things <em>not</em> to send to samba-urgent include problems
+getting Samba to work at all and bugs that cannot potentially cause damage.
+
+<sect1> What if I need paid-for support?<p><label id=PaidSupport>
+
+Samba has a large network of consultants who provide Samba support on a
+commercial basis. The list is included in the package in <url
+url="../Support.txt">, and the latest version will always be on the main
+samba ftp site. Any company in the world can request that the samba team
+include their details in Support.txt so we can give no guarantee of
+their services.
+
+<sect1> Pizza supply details<p><label id="pizza">
+Those who have registered in the Samba survey as "Pizza Factory" will
+already know this, but the rest may need some help. Andrew doesn't ask
+for payment, but he does appreciate it when people give him
+pizza. This calls for a little organisation when the pizza donor is
+twenty thousand kilometres away, but it has been done.
+
+<enum>
+<item> Ring up your local branch of an international pizza chain
+and see if they honour their vouchers internationally. Pizza Hut do,
+which is how the entire Canberra Linux Users Group got to eat pizza
+one night, courtesy of someone in the US.
+
+<item>Ring up a local pizza shop in Canberra and quote a credit
+card number for a certain amount, and tell them that Andrew will be
+collecting it (don't forget to tell him.) One kind soul from Germany
+did this.
+
+<item>Purchase a pizza voucher from your local pizza shop that has
+no international affiliations and send it to Andrew. It is completely
+useless but he can hang it on the wall next to the one he already has
+from Germany :-)
+
+<item>Air freight him a pizza with your favourite regional
+flavours. It will probably get stuck in customs or torn apart by
+hungry sniffer dogs but it will have been a noble gesture.
+
+</enum>
+
+<sect>About the CIFS and SMB Protocols<p><label id="CifsSmb">
+
+<sect1> What is the Server Message Block (SMB) Protocol?<p>
+SMB is a filesharing protocol that has had several maintainers and
+contributors over the years including Xerox, 3Com and most recently
+Microsoft. Names for this protocol include LAN Manager and Microsoft 
+Networking. Parts of the specification has been made public at several 
+versions including in an X/Open document, as listed at 
+<url url="ftp://ftp.microsoft.com/developr/drg/CIFS/">. No specification
+releases were made between 1992 and 1996, and during that period
+Microsoft became the SMB implementor with the largest market share.
+Microsoft developed the specification further for its products but for
+various reasons connected with developer's workload rather than market
+strategy did not make the changes public. This culminated with the 
+"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant 
+improvements and bugs. Because Microsoft client systems are so popular,
+it is fair to say that what Microsoft with Windows affects all suppliers
+of SMB server products.
+
+From 1994 Andrew Tridgell began doing some serious work on his 
+Smbserver (now Samba) product and with some helpers started to 
+implement more and more of these protocols. Samba began to take 
+a significant share of the SMB server market.
+
+<sect1> What is the Common Internet Filesystem (CIFS)?<p>
+The initial pressure for Microsoft to document their current SMB
+implementation came from the Samba team, who kept coming across things
+on the wire that Microsoft either didn't know about or hadn't documented
+anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems
+came out with their WebNFS initiative, designed to replace FTP for file
+transfers on the Internet. There are many drawbacks to WebNFS (including
+its scope - it aims to replace HTTP as well!) but the concept was
+attractive. FTP is not very clever, and why should it be harder to get
+files from across the world than across the room? 
+
+Some hasty revisions were made and an Internet Draft for the Common
+Internet Filesystem (CIFS) was released. Note that CIFS is not an
+Internet standard and is a very long way from becoming one, BUT the
+protocol specification is in the public domain and ongoing discussions
+concerning the spec take place on a public mailing list according to the
+rules of the Internet Engineering Task Force. For more information and
+pointers see <url url="http://samba.org/cifs/">
+
+The following is taken from <url url="http://www.microsoft.com/intdev/cifs/">
+
+<verb>
+    CIFS defines a standard remote file system access protocol for use
+    over the Internet, enabling groups of users to work together and
+    share documents across the Internet or within their corporate
+    intranets. CIFS is an open, cross-platform technology based on the
+    native file-sharing protocols built into Microsoft� Windows� and
+    other popular PC operating systems, and supported on dozens of
+    other platforms, including UNIX�. With CIFS, millions of computer
+    users can open and share remote files on the Internet without having
+    to install new software or change the way they work."
+</verb>
+
+If you consider CIFS as a backwardsly-compatible refinement of SMB that
+will work reasonably efficiently over the Internet you won't be too far
+wrong.
+
+The net effect is that Microsoft is now documenting large parts of their
+Windows NT fileserver protocols. The security concepts embodied in
+Windows NT are part of the specification, which is why Samba
+documentation often talks in terms of Windows NT. However there is no
+reason why a site shouldn't conduct all its file and printer sharing
+with CIFS and yet have no Microsoft products at all.
+
+<sect1> What is Browsing? <p>
+The term "Browsing" causes a lot of confusion. It is the part of the
+SMB/CIFS protocol which allows for resource discovery. For example, in
+the Windows NT Explorer it is possible to see a "Network Neighbourhood"
+of computers in the same SMB workgroup. Clicking on the name of one of 
+these machines brings up a list of file and printer resources for
+connecting to. In this way you can cruise the network, seeing what
+things are available. How this scales to the Internet is a subject for
+debate. Look at the CIFS list archives to see what the experts think.
+
+<sect>Designing A SMB and CIFS Network<p>
+
+The big issues for installing any network of LAN or WAN file and print
+servers are 
+
+<itemize> 
+
+<item>How and where usernames, passwords and other security information
+is stored 
+
+<item>What method can be used for locating the resources that users have
+permission to use 
+
+<item>What protocols the clients can converse with
+
+</itemize> 
+
+If you buy Netware, Windows NT or just about any other LAN fileserver
+product you are expected to lock yourself into the product's preferred
+answers to these questions. This tendancy is restrictive and often very
+expensive for a site where there is only one kind of client or server,
+and for sites with a mixture of operating systems it often makes it
+impossible to share resources between some sets of users.
+
+The Samba philosophy is to make things as easy as possible for
+administators, which means allowing as many combinations of clients,
+servers, operating systems and protocols as possible.
+
+<sect1>Workgroups, Domains, Authentication and Browsing<p>
+
+From the point of view of networking implementation, Domains and
+Workgroups are <em>exactly</em> the same, except for the client logon
+sequence. Some kind of distributed authentication database is associated
+with a domain (there are quite a few choices) and this adds so much
+flexibility that many people think of a domain as a completely different
+entity to a workgroup. From Samba's point of view a client connecting to
+a service presents an authentication token, and it if it is valid they
+have access. Samba does not care what mechanism was used to generate
+that token in the first place.
+
+The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+However the network browsing functionality of domains and workgroups is
+identical and is explained in <url url="../BROWSING.txt">.
+
+There are some implementation differences: Windows 95 can be a member of
+both a workgroup and a domain, but Windows NT cannot. Windows 95 also
+has the concept of an "alternative workgroup". Samba can only be a
+member of a single workgroup or domain, although this is due to change
+with a future version when nmbd will be split into two daemons, one for
+WINS and the other for browsing (<url url="../NetBIOS.txt"> explains
+what WINS is.)
+
+<sect2> Defining the Terms<p><label id="BrowseAndDomainDefs">
+
+<descrip>
+
+<tag/Workgroup/ means a collection of machines that maintain a common
+browsing database containing information about their shared resources.
+They do not necessarily have any security information in common (if they
+do, it gets called a Domain.) The browsing database is dynamic, modified
+as servers come and go on the network and as resources are added or
+deleted. The term "browsing" refers to a user accessing the database via
+whatever interface the client provides, eg the OS/2 Workplace Shell or
+Windows 95 Explorer. SMB servers agree between themselves as to which
+ones will maintain the browsing database. Workgroups can be anywhere on
+a connected TCP/IP network, including on different subnets or even on
+the Interet. This is a very tricky part of SMB to implement.
+
+<tag/Master Browsers/ are machines which holds the master browsing
+database for a workgroup or domain. There are two kinds of Master Browser:
+
+<itemize>
+
+<item> Domain Master Browser, which holds the master browsing
+information for an entire domain, which may well cross multiple TCP/IP
+subnets.
+
+<item> Local Master Browser, which holds the master browsing database
+for a particular subnet and communicates with the Domain Master Browser
+to get information on other subnets.
+
+</itemize>
+
+Subnets are differentiated because browsing is based on broadcasts, and
+broadcasts do not pass through routers. Subnets are not routed: while it
+is possible to have more than one subnet on a single network segment
+this is regarded as very bad practice.
+
+Master Browsers (both Domain and Local) are elected dynamically
+according to an algorithm which is supposed to take into account the
+machine's ability to sustain the browsing load. Samba can be configured
+to always act as a master browser, ie it always wins elections under all
+circumstances, even against systems such as a Windows NT Primary Domain
+Controller which themselves expect to win. 
+
+There are also Backup Browsers which are promoted to Master Browsers in
+the event of a Master Browser disappearing from the network.
+
+Alternative terms include confusing variations such as "Browse Master",
+and "Master Browser" which we are trying to eliminate from the Samba
+documentation. 
+
+<tag/Domain Controller/ is a term which comes from the Microsoft and IBM
+etc implementation of the LAN Manager protocols. It is tied to
+authentication. There are other ways of doing domain authentication, but
+the Windows NT method has a large market share. The general issues are
+discussed in <url url="../DOMAIN.txt"> and a Windows NT-specific
+discussion is in <url url="../DOMAIN_CONTROL.txt">.
+
+</descrip>
+
+<sect2>Sharelevel (Workgroup) Security Services<p><label id="ShareModeSecurity">
+
+With the Samba setting "security = SHARE", all shared resources
+information about what password is associated with them but only hints
+as to what usernames might be valid (the hint can be 'all users', in
+which case any username will work. This is usually a bad idea, but
+reflects both the initial implementations of SMB in the mid-80s and
+its reincarnation with Windows for Workgroups in 1992. The idea behind
+workgroup security was that small independant groups of people could
+share information on an ad-hoc basis without there being an
+authentication infrastructure present or requiring them to do more than
+fill in a dialogue box.
+
+<sect2>Authentication Domain Mode Services<p><label id="DomainModeSecurity">
+
+With the Samba settings "security = USER" or "security = SERVER"
+accesses to all resources are checked for username/password pair matches
+in a more rigorous manner. To the client, this has the effect of
+emulating a Microsoft Domain. The client is not concerned whether or not
+Samba looks up a Windows NT SAM or does it in some other way.
+
+<sect1>Authentication Schemes<p>
+
+In the simple case authentication information is stored on a single
+server and the user types a password on connecting for the first time.
+However client operating systems often require a password before they
+can be used at all, and in addition users usually want access to more
+than one server. Asking users to remember many different passwords in
+different contexts just does not work. Some kind of distributed
+authentication database is needed. It must cope with password changes
+and provide for assigning groups of users the same level of access
+permissions. This is why Samba installations often choose to implement a
+Domain model straight away.
+
+Authentication decisions are some of the biggest in designing a network.
+Are you going to use a scheme native to the client operating system,
+native to the server operating system, or newly installed on both? A
+list of options relevant to Samba (ie that make sense in the context of
+the SMB protocol) follows. Any experiences with other setups would be
+appreciated. [refer to server FAQ for "passwd chat" passwd program 
+password server etc etc...]
+
+<sect2>NIS<p>
+
+For Windows 95, Windows for Workgroups and most other clients Samba can
+be a domain controller and share the password database via NIS
+transparently. Windows NT is different. 
+<url url="http://www.dcs.qmw.ac.uk/~williams" name="Free NIS NT client">
+
+<sect2>Kerberos<p>
+
+Kerberos for US users only:
+<url url="http://www.cygnus.com/product/unifying-security.html"
+name="Kerberos overview">
+<url url="http://www.cygnus.com/product/kerbnet-download.html"
+name="Download Kerberos">
+
+<sect2>FTP<p>
+
+Other NT w/s logon hack via NT
+
+<sect2>Default Server Method<p>
+
+<sect2>Client-side Database Only<p>
+
+<sect1>Post-Authentication: Netlogon, Logon Scripts, Profiles<p>
+
+See <url url="../DOMAIN.txt">
+
+<sect>Cross-Protocol File Sharing<p>
+
+Samba is an important tool for...
+
+It is possible to...
+
+File protocol gateways...
+
+"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html
+
+Two free implementations of Appletalk for Unix are Netatalk, <url
+url="http://www.umich.edu/~rsug/netatalk/">, and CAP, <url
+url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers MS
+Windows users, these packages offer to Macs. For more info on these
+packages, Samba, and Linux (and other UNIX-based systems) see <url
+url="http://www.eats.com/linux_mac_win.html"> 3.5) Sniffing your nework
+
+
+<sect>Miscellaneous<p><label id="miscellaneous">
+<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant">
+The CIFS protocol that Samba implements
+negotiates times in various formats, all of which
+are able to cope with dates beyond 2000.
+
+</article>
diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt
new file mode 100755
index 00000000000..01fc8d6ccf1
--- /dev/null
+++ b/docs/faq/Samba-meta-FAQ.txt
@@ -0,0 +1,924 @@
+  Samba meta FAQ
+  Dan Shearer & Paul Blackman, ictinus@samba.org
+  v 0.3, 7 Oct '97
+
+  This is the meta-Frequently Asked Questions (FAQ) document for Samba,
+  the free and very popular SMB and CIFS server product. It contains
+  overview information for the Samba suite of programs, a quick-start
+  guide, and pointers to all other Samba documentation. Other FAQs exist
+  for specific client and server issues, and HOWTO documents for more
+  extended topics to do with Samba software. Current to version Samba
+  1.9.17. Please send any corrections to the author.
+  ______________________________________________________________________
+
+  Table of Contents:
+
+  1.      Quick Reference Guides to Samba Documentation
+
+  1.1.    Samba for the Impatient
+
+  1.2.    All Samba Documentation
+
+  2.      General Information
+
+  2.1.    What is Samba?
+
+  2.2.    What is the current version of Samba?
+
+  2.3.    Where can I get it?
+
+  2.4.    What do the version numbers mean?
+
+  2.5.    Where can I go for further information?
+
+  2.6.    How do I subscribe to the Samba Mailing Lists?
+
+  2.7.    Something's gone wrong - what should I do?
+
+  2.8.    How do I submit patches or bug reports?
+
+  2.9.    What if I have an URGENT message for the developers?
+
+  2.10.   What if I need paid-for support?
+
+  2.11.   Pizza supply details
+
+  3.      About the CIFS and SMB Protocols
+
+  3.1.    What is the Server Message Block (SMB) Protocol?
+
+  3.2.    What is the Common Internet Filesystem (CIFS)?
+
+  3.3.    What is Browsing?
+
+  4.      Designing A SMB and CIFS Network
+
+  4.1.    Workgroups, Domains, Authentication and Browsing
+
+  4.1.1.  Defining the Terms
+
+  4.1.2.  Sharelevel (Workgroup) Security Services
+
+  4.1.3.  Authentication Domain Mode Services
+
+  4.2.    Authentication Schemes
+
+
+  4.2.1.  NIS
+
+  4.2.2.  Kerberos
+
+  4.2.3.  FTP
+
+  4.2.4.  Default Server Method
+
+  4.2.5.  Client-side Database Only
+
+  4.3.    Post-Authentication: Netlogon, Logon Scripts, Profiles
+
+  5.      Cross-Protocol File Sharing
+
+  6.      Miscellaneous
+
+  6.1.    Is Samba Year 2000 compliant?
+  ______________________________________________________________________
+
+  11..  QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn
+
+
+  We are endeavouring to provide links here to every major class of
+  information about Samba or things related to Samba. We cannot list
+  every document, but we are aiming for all documents to be at most two
+  referrals from those listed here. This needs constant maintaining, so
+  please send the author your feedback.
+
+
+  11..11..  SSaammbbaa ffoorr tthhee IImmppaattiieenntt
+
+
+  You know you should read the documentation but can't wait to start?
+  What you need to do then is follow the instructions in the following
+  documents in the order given. This should be enough to get a fairly
+  simple site going quickly. If you have any problems, refer back to
+  this meta-FAQ and follow the links to find more reading material.
+
+
+
+     GGeettttiinngg SSaammbbaa::
+        The fastest way to get Samba going is and install it is to have
+        an operating system for which the Samba team has put together an
+        installation package. To see if your OS is included have a look
+        at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your
+        nearest mirror site <../MIRRORS>. If it is included follow the
+        installation instructions in the README file there and then do
+        some ``basic testing''. If you are not so fortunate, follow the
+        normal ``download instructions'' and then continue with
+        ``building and installing Samba''.
+
+
+     BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa::
+        At the moment there are two kinds of Samba server installs
+        besides the prepackaged binaries mentioned in the previous step.
+        You need to decide if you have a Unix or close relative
+        <../UNIX_INSTALL.txt> or other supported operating system
+        <Samba-Server-FAQ.html#PortInfo>.
+
+
+     BBaassiicc TTeessttiinngg::
+        Try to connect using the supplied smbclient command-line
+        program. You need to know the IP hostname of your server. A
+        service name must be defined in smb.conf, as given in the
+        examples (under many operating systems if there is a homes
+        service you can just use a valid username.) Then type smbclient
+        \hostnamevicename Under most Unixes you will need to put the
+        parameters within quotation marks. If this works, try connecting
+        from one of the SMB clients you were planning to use with Samba.
+
+
+     DDeebbuugg sseeqquueennccee::
+        If you think you have completed the previous step and things
+        aren't working properly work through the diagnosis recipe.
+        <../DIAGNOSIS.txt>
+
+
+     EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss::
+        You should read the manual pages for smb.conf, but here is a
+        quick answer guide. <Samba-Server-FAQ.html#Exporting>
+
+
+     CCoonnttrroolllliinngg uusseerr aacccceessss::
+        the quickest and dirtiest way of sharing resources is to use
+        ``share level security.'' If you want to spend more time and
+        have a proper username and password database you must read the
+        paragraph on ``domain mode security.'' If you want encryption
+        (eg you are using Windows NT clients) follow the SMB encryption
+        instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps>
+
+
+     BBrroowwssiinngg::
+        if you are happy to type in "\samba-serverrename" at the client
+        end then do not read any further. Otherwise you need to
+        understand the ``browsing terminology'' and read  <Samba-Server-
+        FAQ.html#NameBrowsing>.
+
+
+     PPrriinnttiinngg::
+        See the printing quick answer guide. <Samba-Server-
+        FAQ.html#Printing>
+
+
+  If you have got everything working to this point, you can expect Samba
+  to be stable and secure: these are its greatest strengths. However
+  Samba has a great deal to offer and to go further you must do some
+  more reading. Speed and security optimisations, printer accounting,
+  network logons, roving profiles, browsing across multiple subnets and
+  so on are all covered either in this document or in those it refers
+  to.
+
+
+  11..22..  AAllll SSaammbbaa DDooccuummeennttaattiioonn
+
+
+
+  +o  Meta-FAQ. This is the mother of all documents, and is the one you
+     are reading now. The latest version is always at
+     <http://samba.org/[.....]> but there is probably a much
+     nearer mirror site <../MIRRORS> which you should use instead.
+
+  +o  <Samba-Server-FAQ.html> is the best starting point for information
+     about server-side issues. Includes configuration tips and pointers
+     for Samba on particular operating systems (with 40 to choose
+     from...)
+
+  +o  <Samba-Client-FAQ.html> is the best starting point for information
+     about client-side issues, includes a list of all clients that are
+     known to work with Samba.
+
+  +o  manual pages <samba-man-index.html> contains descriptions of and
+     links to all the Samba manual pages, in Unix man and postscript
+     format.
+
+  +o  <samba-txt-index.html> has descriptions of and links to a large
+     number of text files have been contributed to samba covering many
+     topics. These are gradually being absorbed into the FAQs and HOWTOs
+     but in the meantime you might find helpful answers here.
+
+  +o
+
+
+  22..  GGeenneerraall IInnffoorrmmaattiioonn
+
+
+  All about Samba - what it is, how to get it, related sources of
+  information, how to understand the numbering scheme, pizza details.
+
+
+  22..11..  WWhhaatt iiss SSaammbbaa??
+
+
+  Samba is a suite of programs which work together to allow clients to
+  access to a server's filespace and printers via the SMB (Server
+  Message Block) and CIFS (Common Internet Filesystem) protocols.
+  Initially written for Unix, Samba now also runs on Netware, OS/2, VMS,
+  StratOS and Amigas. Ports to BeOS and other operating systems are
+  underway. Samba gives the capability for these operating systems to
+  behave much like a LAN Server, Windows NT Server or Pathworks machine,
+  only with added functionality and flexibility designed to make life
+  easier for administrators.
+
+  This means that using Samba you can share a server's disks and
+  printers to many sorts of network clients, including Lan Manager,
+  Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is
+  also a generic client program supplied as part of the Samba suite
+  which gives a user on the server an ftp-like interface to access
+  filespace and printers on any other SMB/CIFS servers.
+
+  SMB has been implemented over many protocols, including XNS, NBT, IPX,
+  NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to
+  change although there have been some requests for NetBEUI support.
+
+  Many users report that compared to other SMB implementations Samba is
+  more stable, faster, and compatible with more clients. Administrators
+  of some large installations say that Samba is the only SMB server
+  available which will scale to many tens of thousands of users without
+  crashing.  The easy way to test these claims is to download it and try
+  it for yourself!
+
+  The suite is supplied with full source code under the GNU Public
+  License <../COPYING>. The GPL means that you can use Samba for
+  whatever purpose you wish (including changing the source or selling it
+  for money) but under all circumstances the source code must be made
+  freely available. A copy of the GPL must always be included in any
+  copy of the package.
+
+  The primary creator of the Samba suite is Andrew Tridgell. Later
+  versions incorporate much effort by many net.helpers. The man pages
+  and this FAQ were originally written by Karl Auer.
+
+
+  22..22..  WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa??
+
+
+  At time of writing, the current version was 1.9.17. If you want to be
+  sure check the bottom of the change-log file.
+  <ftp://samba.org/pub/samba/alpha/change-log>
+  For more information see ``What do the version numbers mean?''
+
+
+  22..33..  WWhheerree ccaann II ggeett iitt??
+
+
+  The Samba suite is available via anonymous ftp from samba.org
+  and many mirror <../MIRRORS> sites. You will get much faster
+  performance if you use a mirror site. The latest and greatest versions
+  of the suite are in the directory:
+
+  /pub/samba/
+
+  Development (read "alpha") versions, which are NOT necessarily stable
+  and which do NOT necessarily have accurate documentation, are
+  available in the directory:
+
+  /pub/samba/alpha
+
+  Note that binaries are NOT included in any of the above. Samba is
+  distributed ONLY in source form, though binaries may be available from
+  other sites. Most Linux distributions, for example, do contain Samba
+  binaries for that platform. The VMS, OS/2, Netware and Amiga and other
+  ports typically have binaries made available.
+
+  A special case is vendor-provided binary packages. Samba binaries and
+  default configuration files are put into packages for a specific
+  operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
+  already included, and others such as OS/2 may follow. All packages are
+  in the directory:
+
+  /pub/samba/Binary_Packages/"OS_Vendor"
+
+
+  22..44..  WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann??
+
+
+  It is not recommended that you run a version of Samba with the word
+  "alpha" in its name unless you know what you are doing and are willing
+  to do some debugging. Many, many people just get the latest
+  recommended stable release version and are happy. If you are brave, by
+  all means take the plunge and help with the testing and development -
+  but don't install it on your departmental server. Samba is typically
+  very stable and safe, and this is mostly due to the policy of many
+  public releases.
+
+  How the scheme works:
+
+
+  1. When major changes are made the version number is increased. For
+     example, the transition from 1.9.16 to 1.9.17. However, this
+     version number will not appear immediately and people should
+     continue to use 1.9.15 for production systems (see next point.)
+
+  2. Just after major changes are made the software is considered
+     unstable, and a series of alpha releases are distributed, for
+     example 1.9.16alpha1. These are for testing by those who know what
+     they are doing.  The "alpha" in the filename will hopefully scare
+     off those who are just looking for the latest version to install.
+
+  3. When Andrew thinks that the alphas have stabilised to the point
+     where he would recommend new users install it, he renames it to the
+     same version number without the alpha, for example 1.9.17.
+
+  4. Inevitably bugs are found in the "stable" releases and minor patch
+     levels are released which give us the pXX series, for example
+     1.9.17p2.
+
+  So the progression goes:
+
+
+                  1.9.16p10       (production)
+                  1.9.16p11       (production)
+                  1.9.17alpha1    (test sites only)
+                    :
+                  1.9.17alpha20   (test sites only)
+                  1.9.17          (production)
+                  1.9.17p1        (production)
+
+
+
+  The above system means that whenever someone looks at the samba ftp
+  site they will be able to grab the highest numbered release without an
+  alpha in the name and be sure of getting the current recommended
+  version.
+
+
+  22..55..  WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn??
+
+
+  There are a number of places to look for more information on Samba,
+  including:
+
+
+  +o  Two mailing lists devoted to discussion of Samba-related matters.
+     See below for subscription information.
+
+  +o  The newsgroup comp.protocols.smb, which has a great deal of
+     discussion about Samba.
+
+  +o  The WWW site 'SAMBA Web Pages' at  <http://samba.org/samba/>
+     includes:
+
+
+  +o  Links to man pages and documentation, including this FAQ
+
+  +o  A comprehensive survey of Samba users
+
+  +o  A searchable hypertext archive of the Samba mailing list
+
+  +o  Links to Samba source code, binaries, and mirrors of both
+
+  +o  This FAQ and the rest in its family
+
+
+
+  22..66..  HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss??
+
+
+  Send email to listproc@samba.org. Make sure the subject line is
+  blank, and include the following two lines in the body of the message:
+
+
+
+       subscribe samba Firstname Lastname
+       subscribe samba-announce Firstname Lastname
+
+
+
+
+  Obviously you should substitute YOUR first name for "Firstname" and
+  YOUR last name for "Lastname"! Try not to send any signature, it
+  sometimes confuses the list processor.
+
+  The samba list is a digest list - every eight hours or so it sends a
+  single message containing all the messages that have been received by
+  the list since the last time and sends a copy of this message to all
+  subscribers. There are thousands of people on this list.
+
+  If you stop being interested in Samba, please send another email to
+  listproc@samba.org. Make sure the subject line is blank, and
+  include the following two lines in the body of the message:
+
+
+
+       unsubscribe samba
+       unsubscribe samba-announce
+
+
+
+
+  The FFrroomm:: line in your message _M_U_S_T be the same address you used when
+  you subscribed.
+
+
+  22..77..  SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo??
+
+
+  ## ****** IIMMPPOORRTTAANNTT!! ****** ##
+
+
+  DO NOT post messages on mailing lists or in newsgroups until you have
+  carried out the first three steps given here!
+
+
+  1. See if there are any likely looking entries in this FAQ!  If you
+     have just installed Samba, have you run through the checklist in
+     DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It
+     can save you a lot of time and effort.  DIAGNOSIS.txt can also be
+     found in the docs directory of the Samba distribution.
+
+  2. Read the man pages for smbd, nmbd and smb.conf, looking for topics
+     that relate to what you are trying to do.
+
+  3. If there is no obvious solution to hand, try to get a look at the
+     log files for smbd and/or nmbd for the period during which you were
+     having problems. You may need to reconfigure the servers to provide
+     more extensive debugging information - usually level 2 or level 3
+     provide ample debugging info. Inspect these logs closely, looking
+     particularly for the string "Error:".
+
+  4. If you need urgent help and are willing to pay for it see ``Paid
+     Support''.
+
+  If you still haven't got anywhere, ask the mailing list or newsgroup.
+  In general nobody minds answering questions provided you have followed
+  the preceding steps. It might be a good idea to scan the archives of
+  the mailing list, which are available through the Samba web site
+  described in the previous section. When you post be sure to include a
+  good description of your environment and your problem.
+
+  If you successfully solve a problem, please mail the FAQ maintainer a
+  succinct description of the symptom, the problem and the solution, so
+  that an explanation can be incorporated into the next version.
+
+
+
+
+  22..88..  HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss??
+
+
+  If you make changes to the source code, _p_l_e_a_s_e submit these patches so
+  that everyone else gets the benefit of your work. This is one of the
+  most important aspects to the maintainence of Samba. Send all patches
+  to samba@samba.org. Do not send patches to Andrew Tridgell
+  or any other individual, they may be lost if you do.
+
+  Patch format ------------
+
+  If you are sending a patch to fix a problem then please don't just use
+  standard diff format. As an example, samba@samba.org received this patch
+  from someone:
+
+  382a #endif 381a #if !defined(NEWS61)
+
+  How are we supposed to work out what this does and where it goes?
+  These sort of patches only work if we both have identical files in the
+  first place. The Samba sources are constantly changing at the hands of
+  multiple developers, so it doesn't work.
+
+  Please use either context diffs or (even better) unified diffs. You
+  get these using "diff -c4" or "diff -u". If you don't have a diff that
+  can generate these then please send manualy commented patches to I
+  know what is being changed and where. Most patches are applied by hand
+  so the info must be clear.
+
+  This is a basic guideline that will assist us with assessing your
+  problem more efficiently :
+
+  Machine Arch: Machine OS: OS Version: Kernel:
+
+  Compiler: Libc Version:
+
+  Samba Version:
+
+  Network Layout (description):
+
+  What else is on machine (services, etc):
+
+  Some extras :
+
+
+  +o  what you did and what happened
+
+  +o  relevant parts of a debugging output file with debuglevel higher.
+     If you can't find the relevant parts, please ask before mailing
+     huge files.
+
+  +o  anything else you think is useful to trace down the bug
+
+
+  22..99..  WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss??
+
+
+  If you have spotted something very serious and believe that it is
+  important to contact the developers quickly send a message to samba-
+  urgent@samba.org. This will be processed more quickly than mail
+  to samba@samba.org. Please think carefully before using this address. An
+  example of its use might be to report a security hole.
+
+  Examples of things _n_o_t to send to samba-urgent include problems
+  getting Samba to work at all and bugs that cannot potentially cause
+  damage.
+
+  22..1100..  WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt??
+
+
+  Samba has a large network of consultants who provide Samba support on
+  a commercial basis. The list is included in the package in
+  <../Support.txt>, and the latest version will always be on the main
+  samba ftp site. Any company in the world can request that the samba
+  team include their details in Support.txt so we can give no guarantee
+  of their services.
+
+
+  22..1111..  PPiizzzzaa ssuuppppllyy ddeettaaiillss
+
+
+  Those who have registered in the Samba survey as "Pizza Factory" will
+  already know this, but the rest may need some help. Andrew doesn't ask
+  for payment, but he does appreciate it when people give him pizza.
+  This calls for a little organisation when the pizza donor is twenty
+  thousand kilometres away, but it has been done.
+
+
+  1. Ring up your local branch of an international pizza chain and see
+     if they honour their vouchers internationally. Pizza Hut do, which
+     is how the entire Canberra Linux Users Group got to eat pizza one
+     night, courtesy of someone in the US.
+
+  2. Ring up a local pizza shop in Canberra and quote a credit card
+     number for a certain amount, and tell them that Andrew will be
+     collecting it (don't forget to tell him.) One kind soul from
+     Germany did this.
+
+  3. Purchase a pizza voucher from your local pizza shop that has no
+     international affiliations and send it to Andrew. It is completely
+     useless but he can hang it on the wall next to the one he already
+     has from Germany :-)
+
+  4. Air freight him a pizza with your favourite regional flavours. It
+     will probably get stuck in customs or torn apart by hungry sniffer
+     dogs but it will have been a noble gesture.
+
+
+  33..  AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss
+
+
+
+  33..11..  WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll??
+
+  SMB is a filesharing protocol that has had several maintainers and
+  contributors over the years including Xerox, 3Com and most recently
+  Microsoft. Names for this protocol include LAN Manager and Microsoft
+  Networking. Parts of the specification has been made public at several
+  versions including in an X/Open document, as listed at
+  <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification
+  releases were made between 1992 and 1996, and during that period
+  Microsoft became the SMB implementor with the largest market share.
+  Microsoft developed the specification further for its products but for
+  various reasons connected with developer's workload rather than market
+  strategy did not make the changes public. This culminated with the
+  "Windows NT 0.12" version released with NT 3.5 in 1995 which had
+  significant improvements and bugs. Because Microsoft client systems
+  are so popular, it is fair to say that what Microsoft with Windows
+  affects all suppliers of SMB server products.
+
+  From 1994 Andrew Tridgell began doing some serious work on his
+  Smbserver (now Samba) product and with some helpers started to
+  implement more and more of these protocols. Samba began to take a
+  significant share of the SMB server market.
+
+
+  33..22..  WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))??
+
+  The initial pressure for Microsoft to document their current SMB
+  implementation came from the Samba team, who kept coming across things
+  on the wire that Microsoft either didn't know about or hadn't
+  documented anywhere (even in the sourcecode to Windows NT.) Then Sun
+  Microsystems came out with their WebNFS initiative, designed to
+  replace FTP for file transfers on the Internet. There are many
+  drawbacks to WebNFS (including its scope - it aims to replace HTTP as
+  well!) but the concept was attractive. FTP is not very clever, and why
+  should it be harder to get files from across the world than across the
+  room?
+
+  Some hasty revisions were made and an Internet Draft for the Common
+  Internet Filesystem (CIFS) was released. Note that CIFS is not an
+  Internet standard and is a very long way from becoming one, BUT the
+  protocol specification is in the public domain and ongoing discussions
+  concerning the spec take place on a public mailing list according to
+  the rules of the Internet Engineering Task Force. For more information
+  and pointers see  <http://samba.org/cifs/>
+
+  The following is taken from  <http://www.microsoft.com/intdev/cifs/>
+
+
+      CIFS defines a standard remote file system access protocol for use
+      over the Internet, enabling groups of users to work together and
+      share documents across the Internet or within their corporate
+      intranets. CIFS is an open, cross-platform technology based on the
+      native file-sharing protocols built into Microsoft Windows and
+      other popular PC operating systems, and supported on dozens of
+      other platforms, including UNIX. With CIFS, millions of computer
+      users can open and share remote files on the Internet without having
+      to install new software or change the way they work."
+
+
+
+  If you consider CIFS as a backwardsly-compatible refinement of SMB
+  that will work reasonably efficiently over the Internet you won't be
+  too far wrong.
+
+  The net effect is that Microsoft is now documenting large parts of
+  their Windows NT fileserver protocols. The security concepts embodied
+  in Windows NT are part of the specification, which is why Samba
+  documentation often talks in terms of Windows NT. However there is no
+  reason why a site shouldn't conduct all its file and printer sharing
+  with CIFS and yet have no Microsoft products at all.
+
+
+  33..33..  WWhhaatt iiss BBrroowwssiinngg??
+
+  The term "Browsing" causes a lot of confusion. It is the part of the
+  SMB/CIFS protocol which allows for resource discovery. For example, in
+  the Windows NT Explorer it is possible to see a "Network
+  Neighbourhood" of computers in the same SMB workgroup. Clicking on the
+  name of one of these machines brings up a list of file and printer
+  resources for connecting to. In this way you can cruise the network,
+  seeing what things are available. How this scales to the Internet is a
+  subject for debate. Look at the CIFS list archives to see what the
+  experts think.
+
+
+
+
+  44..  DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk
+
+
+  The big issues for installing any network of LAN or WAN file and print
+  servers are
+
+
+  +o  How and where usernames, passwords and other security information
+     is stored
+
+  +o  What method can be used for locating the resources that users have
+     permission to use
+
+  +o  What protocols the clients can converse with
+
+
+  If you buy Netware, Windows NT or just about any other LAN fileserver
+  product you are expected to lock yourself into the product's preferred
+  answers to these questions. This tendancy is restrictive and often
+  very expensive for a site where there is only one kind of client or
+  server, and for sites with a mixture of operating systems it often
+  makes it impossible to share resources between some sets of users.
+
+  The Samba philosophy is to make things as easy as possible for
+  administators, which means allowing as many combinations of clients,
+  servers, operating systems and protocols as possible.
+
+
+  44..11..  WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg
+
+
+  From the point of view of networking implementation, Domains and
+  Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence.
+  Some kind of distributed authentication database is associated with a
+  domain (there are quite a few choices) and this adds so much
+  flexibility that many people think of a domain as a completely
+  different entity to a workgroup. From Samba's point of view a client
+  connecting to a service presents an authentication token, and it if it
+  is valid they have access. Samba does not care what mechanism was used
+  to generate that token in the first place.
+
+  The SMB client logging on to a domain has an expectation that every
+  other server in the domain should accept the same authentication
+  information.  However the network browsing functionality of domains
+  and workgroups is identical and is explained in  <../BROWSING.txt>.
+
+  There are some implementation differences: Windows 95 can be a member
+  of both a workgroup and a domain, but Windows NT cannot. Windows 95
+  also has the concept of an "alternative workgroup". Samba can only be
+  a member of a single workgroup or domain, although this is due to
+  change with a future version when nmbd will be split into two daemons,
+  one for WINS and the other for browsing ( <../NetBIOS.txt> explains
+  what WINS is.)
+
+
+  44..11..11..  DDeeffiinniinngg tthhee TTeerrmmss
+
+
+
+
+     WWoorrkkggrroouupp
+        means a collection of machines that maintain a common browsing
+        database containing information about their shared resources.
+        They do not necessarily have any security information in common
+        (if they do, it gets called a Domain.) The browsing database is
+        dynamic, modified as servers come and go on the network and as
+        resources are added or deleted. The term "browsing" refers to a
+        user accessing the database via whatever interface the client
+        provides, eg the OS/2 Workplace Shell or Windows 95 Explorer.
+        SMB servers agree between themselves as to which ones will
+        maintain the browsing database. Workgroups can be anywhere on a
+        connected TCP/IP network, including on different subnets or even
+        on the Interet. This is a very tricky part of SMB to implement.
+
+
+     MMaasstteerr BBrroowwsseerrss
+        are machines which holds the master browsing database for a
+        workgroup or domain. There are two kinds of Master Browser:
+
+
+     +o  Domain Master Browser, which holds the master browsing
+        information for an entire domain, which may well cross multiple
+        TCP/IP subnets.
+
+     +o  Local Master Browser, which holds the master browsing database
+        for a particular subnet and communicates with the Domain Master
+        Browser to get information on other subnets.
+
+        Subnets are differentiated because browsing is based on
+        broadcasts, and broadcasts do not pass through routers. Subnets
+        are not routed: while it is possible to have more than one
+        subnet on a single network segment this is regarded as very bad
+        practice.
+
+        Master Browsers (both Domain and Local) are elected dynamically
+        according to an algorithm which is supposed to take into account
+        the machine's ability to sustain the browsing load. Samba can be
+        configured to always act as a master browser, ie it always wins
+        elections under all circumstances, even against systems such as
+        a Windows NT Primary Domain Controller which themselves expect
+        to win.
+
+        There are also Backup Browsers which are promoted to Master
+        Browsers in the event of a Master Browser disappearing from the
+        network.
+
+        Alternative terms include confusing variations such as "Browse
+        Master", and "Master Browser" which we are trying to eliminate
+        from the Samba documentation.
+
+
+     DDoommaaiinn CCoonnttrroolllleerr
+        is a term which comes from the Microsoft and IBM etc
+        implementation of the LAN Manager protocols. It is tied to
+        authentication. There are other ways of doing domain
+        authentication, but the Windows NT method has a large market
+        share. The general issues are discussed in  <../DOMAIN.txt> and
+        a Windows NT-specific discussion is in  <../DOMAIN_CONTROL.txt>.
+
+
+
+  44..11..22..  SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess
+
+
+  With the Samba setting "security = SHARE", all shared resources
+  information about what password is associated with them but only hints
+  as to what usernames might be valid (the hint can be 'all users', in
+  which case any username will work. This is usually a bad idea, but
+  reflects both the initial implementations of SMB in the mid-80s and
+  its reincarnation with Windows for Workgroups in 1992. The idea behind
+  workgroup security was that small independant groups of people could
+  share information on an ad-hoc basis without there being an
+  authentication infrastructure present or requiring them to do more
+  than fill in a dialogue box.
+
+
+  44..11..33..  AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess
+
+
+  With the Samba settings "security = USER" or "security = SERVER"
+  accesses to all resources are checked for username/password pair
+  matches in a more rigorous manner. To the client, this has the effect
+  of emulating a Microsoft Domain. The client is not concerned whether
+  or not Samba looks up a Windows NT SAM or does it in some other way.
+
+
+  44..22..  AAuutthheennttiiccaattiioonn SScchheemmeess
+
+
+  In the simple case authentication information is stored on a single
+  server and the user types a password on connecting for the first time.
+  However client operating systems often require a password before they
+  can be used at all, and in addition users usually want access to more
+  than one server. Asking users to remember many different passwords in
+  different contexts just does not work. Some kind of distributed
+  authentication database is needed. It must cope with password changes
+  and provide for assigning groups of users the same level of access
+  permissions. This is why Samba installations often choose to implement
+  a Domain model straight away.
+
+  Authentication decisions are some of the biggest in designing a
+  network.  Are you going to use a scheme native to the client operating
+  system, native to the server operating system, or newly installed on
+  both? A list of options relevant to Samba (ie that make sense in the
+  context of the SMB protocol) follows. Any experiences with other
+  setups would be appreciated. refer to server FAQ for "passwd chat"
+  passwd program password server etc etc...
+
+
+  44..22..11..  NNIISS
+
+
+  For Windows 95, Windows for Workgroups and most other clients Samba
+  can be a domain controller and share the password database via NIS
+  transparently. Windows NT is different.  Free NIS NT client
+  <http://www.dcs.qmw.ac.uk/~williams>
+
+
+  44..22..22..  KKeerrbbeerrooss
+
+
+  Kerberos for US users only: Kerberos overview
+  <http://www.cygnus.com/product/unifying-security.html> Download
+  Kerberos <http://www.cygnus.com/product/kerbnet-download.html>
+
+
+  44..22..33..  FFTTPP
+
+
+  Other NT w/s logon hack via NT
+
+
+  44..22..44..  DDeeffaauulltt SSeerrvveerr MMeetthhoodd
+
+
+
+
+
+  44..22..55..  CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy
+
+
+
+  44..33..  PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess
+
+
+  See  <../DOMAIN.txt>
+
+
+  55..  CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg
+
+
+  Samba is an important tool for...
+
+  It is possible to...
+
+  File protocol gateways...
+
+  "Setting up a Linux File Server"
+  http://vetrec.mit.edu/people/narf/linux.html
+
+  Two free implementations of Appletalk for Unix are Netatalk,
+  <http://www.umich.edu/~rsug/netatalk/>, and CAP,
+  <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS
+  Windows users, these packages offer to Macs. For more info on these
+  packages, Samba, and Linux (and other UNIX-based systems) see
+  <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework
+
+
+
+  66..  MMiisscceellllaanneeoouuss
+
+
+  66..11..  IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt??
+
+
+  The CIFS protocol that Samba implements negotiates times in various
+  formats, all of which are able to cope with dates beyond 2000.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/faq/sambafaq-1.html b/docs/faq/sambafaq-1.html
new file mode 100755
index 00000000000..dde07840999
--- /dev/null
+++ b/docs/faq/sambafaq-1.html
@@ -0,0 +1,392 @@
+<HTML>
+<HEAD>
+<TITLE> Samba FAQ: General Information</TITLE>
+</HEAD>
+<BODY>
+Previous
+<A HREF="sambafaq-2.html">Next</A>
+<A HREF="sambafaq.html#toc1">Table of Contents</A>
+<HR>
+<H2><A NAME="s1">1. General Information</A></H2>
+
+<P> 
+<A NAME="general_info"></A> 
+</P>
+<P>All about Samba - what it is, how to get it, related sources of
+information, how to understand the version numbering scheme, pizza
+details</P>
+
+<H2><A NAME="ss1.1">1.1 What is Samba? </A></H2>
+
+<P> 
+<A NAME="introduction"></A> 
+
+Samba is a suite of programs which work together to allow clients to
+access to a server's filespace and printers via the SMB (Server
+Message Block) protocol. Initially written for Unix, Samba now also
+runs on Netware, OS/2 and VMS.</P>
+<P>In practice, this means that you can redirect disks and printers to
+Unix disks and printers from Lan Manager clients, Windows for
+Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2
+clients. There is also a generic Unix client program supplied as part
+of the suite which allows Unix users to use an ftp-like interface to
+access filespace and printers on any other SMB servers. This gives the
+capability for these operating systems to behave much like a LAN
+Server or Windows NT Server machine, only with added functionality and
+flexibility designed to make life easier for administrators.</P>
+<P>The components of the suite are (in summary):</P>
+<P>
+<UL>
+<LI><B>smbd</B>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work</LI>
+<LI><B>nmbd</B>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba</LI>
+<LI><B>smbclient</B>, the Unix-hosted client program</LI>
+<LI><B>smbrun</B>, a little 'glue' program to help the server run external programs</LI>
+<LI><B>testprns</B>, a program to test server access to printers</LI>
+<LI><B>testparms</B>, a program to test the Samba configuration file for correctness</LI>
+<LI><B>smb.conf</B>, the Samba configuration file</LI>
+<LI><B>smbprint</B>, a sample script to allow a Unix host to use smbclient to print to an SMB server</LI>
+<LI><B>Documentation!</B> DON'T neglect to read it - you will save a great deal of time!</LI>
+</UL>
+</P>
+<P>The suite is supplied with full source (of course!) and is GPLed.</P>
+<P>The primary creator of the Samba suite is Andrew Tridgell. Later
+versions incorporate much effort by many net.helpers. The man pages
+and this FAQ were originally written by Karl Auer.</P>
+
+
+<H2><A NAME="ss1.2">1.2 What is the current version of Samba? </A></H2>
+
+<P>
+<A NAME="current_version"></A> 
+
+At time of writing, the current version was 1.9.17. If you want to be
+sure check the bottom of the change-log file. 
+<A HREF="ftp://samba.org/pub/samba/alpha/change-log">ftp://samba.org/pub/samba/alpha/change-log</A></P>
+<P>For more information see 
+<A HREF="#version_nums">What do the version numbers mean?</A></P>
+
+
+<H2><A NAME="ss1.3">1.3 Where can I get it? </A></H2>
+
+<P> 
+<A NAME="where"></A> 
+
+The Samba suite is available via anonymous ftp from
+samba.org. The latest and greatest versions of the suite are in
+the directory:</P>
+<P>/pub/samba/</P>
+<P>Development (read "alpha") versions, which are NOT necessarily stable
+and which do NOT necessarily have accurate documentation, are
+available in the directory:</P>
+<P>/pub/samba/alpha</P>
+<P>Note that binaries are NOT included in any of the above. Samba is
+distributed ONLY in source form, though binaries may be available from
+other sites. Recent versions of some Linux distributions, for example,
+do contain Samba binaries for that platform.</P>
+
+
+<H2><A NAME="ss1.4">1.4 What do the version numbers mean? </A></H2>
+
+<P> 
+<A NAME="version_nums"></A> 
+
+It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.</P>
+<P>How the scheme works:
+<OL>
+<LI>When major changes are made the version number is increased. For
+example, the transition from 1.9.15 to 1.9.16. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)
+</LI>
+<LI>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing.  The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.
+</LI>
+<LI>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.16.
+</LI>
+<LI>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.16p2.</LI>
+</OL>
+
+So the progression goes:
+<PRE>
+                1.9.15p7        (production)
+                1.9.15p8        (production)
+                1.9.16alpha1    (test sites only)
+                  :
+                1.9.16alpha20   (test sites only)
+                1.9.16          (production)
+                1.9.16p1        (production)
+</PRE>
+
+The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.</P>
+
+
+<H2><A NAME="ss1.5">1.5 What platforms are supported? </A></H2>
+
+<P> 
+<A NAME="platforms"></A> 
+
+Many different platforms have run Samba successfully. The platforms
+most widely used and thus best tested are Linux and SunOS.</P>
+<P>At time of writing, the Makefile claimed support for:
+<UL>
+<LI> A/UX 3.0</LI>
+<LI> AIX</LI>
+<LI> Altos Series 386/1000</LI>
+<LI> Amiga</LI>
+<LI> Apollo Domain/OS sr10.3</LI>
+<LI> BSDI </LI>
+<LI> B.O.S. (Bull Operating System)</LI>
+<LI> Cray, Unicos 8.0</LI>
+<LI> Convex</LI>
+<LI> DGUX. </LI>
+<LI> DNIX.</LI>
+<LI> FreeBSD</LI>
+<LI> HP-UX</LI>
+<LI> Intergraph. </LI>
+<LI> Linux with/without shadow passwords and quota</LI>
+<LI> LYNX 2.3.0</LI>
+<LI> MachTen (a unix like system for Macintoshes)</LI>
+<LI> Motorola 88xxx/9xx range of machines</LI>
+<LI> NetBSD</LI>
+<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI>
+<LI> OS/2 using EMX 0.9b</LI>
+<LI> OSF1</LI>
+<LI> QNX 4.22</LI>
+<LI> RiscIX. </LI>
+<LI> RISCOs 5.0B</LI>
+<LI> SEQUENT. </LI>
+<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI>
+<LI> SGI.</LI>
+<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI>
+<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI>
+<LI> SUNOS 4</LI>
+<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI>
+<LI> Sunsoft ISC SVR3V4</LI>
+<LI> SVR4</LI>
+<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI>
+<LI> ULTRIX.</LI>
+<LI> UNIXWARE</LI>
+<LI> UXP/DS</LI>
+</UL>
+</P>
+
+
+<H2><A NAME="ss1.6">1.6 How can I find out more about Samba? </A></H2>
+
+<P> 
+<A NAME="more"></A> 
+
+There are a number of places to look for more information on Samba, including:
+<UL>
+<LI>Two mailing lists devoted to discussion of Samba-related matters.  </LI>
+<LI>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. </LI>
+<LI>The WWW site 'SAMBA Web Pages' at 
+<A HREF="http://samba.edu.au/samba/">http://samba.edu.au/samba/</A> includes:
+<UL>
+<LI>Links to man pages and documentation, including this FAQ</LI>
+<LI>A comprehensive survey of Samba users.</LI>
+<LI>A searchable hypertext archive of the Samba mailing list.</LI>
+<LI>Links to Samba source code, binaries, and mirrors of both.</LI>
+</UL>
+</LI>
+<LI>The long list of topic documentation.  These files can be found in the 'docs' directory of the Samba source, or at 
+<A HREF="ftp://samba.org/pub/samba/docs/">ftp://samba.org/pub/samba/docs/</A>
+<UL>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Application_Serving.txt">Application_Serving.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/BROWSING.txt">BROWSING.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/BUGS.txt">BUGS.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt">DIAGNOSIS.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/DNIX.txt">DNIX.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/DOMAIN.txt">DOMAIN.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt">CONTROL.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt">ENCRYPTION.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Faxing.txt">Faxing.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/GOTCHAS.txt">GOTCHAS.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/HINTS.txt">HINTS.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/INSTALL.sambatar">INSTALL.sambatar</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/INSTALL.txt">INSTALL.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/MIRRORS">MIRRORS</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/NetBIOS.txt">NetBIOS.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/OS2.txt">OS2.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/PROJECTS">PROJECTS</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Passwords.txt">Passwords.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Printing.txt">Printing.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/README.DCEDFS">README.DCEDFS</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/README.OS2">README.OS2</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/README.jis">README.jis</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/README.sambatar">README.sambatar</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/SCO.txt">SCO.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/SMBTAR.notes">SMBTAR.notes</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Speed.txt">Speed.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Support.txt">Support.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/THANKS">THANKS</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Tracing.txt">Tracing.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt">SMB.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/Warp.txt">Warp.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/WinNT.txt">WinNT.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/history">history</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/security_level.txt">level.txt</A></LI>
+<LI>
+<A HREF="ftp://samba.org/pub/samba/docs/wfw_slip.htm">slip.htm</A></LI>
+</UL>
+</LI>
+</UL>
+</P>
+
+
+<H2><A NAME="ss1.7">1.7 How do I subscribe to the Samba Mailing Lists?</A></H2>
+
+<P>
+<A NAME="mailinglist"></A> 
+
+Send email to 
+<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is
+blank, and include the following two lines in the body of the message:
+<BLOCKQUOTE><CODE>
+<PRE>
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+</PRE>
+</CODE></BLOCKQUOTE>
+
+Obviously you should substitute YOUR first name for "Firstname" and
+YOUR last name for "Lastname"! Try not to send any signature stuff, it
+sometimes confuses the list processor.</P>
+<P>The samba list is a digest list - every eight hours or so it
+regurgitates a single message containing all the messages that have
+been received by the list since the last time and sends a copy of this
+message to all subscribers.</P>
+<P>If you stop being interested in Samba, please send another email to
+<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, and
+include the following two lines in the body of the message:
+<BLOCKQUOTE><CODE>
+<PRE>
+unsubscribe samba
+unsubscribe samba-announce
+</PRE>
+</CODE></BLOCKQUOTE>
+
+The <B>From:</B> line in your message <EM>MUST</EM> be the same address you used when
+you subscribed.</P>
+
+
+<H2><A NAME="ss1.8">1.8 Something's gone wrong - what should I do? </A></H2>
+
+<P> 
+<A NAME="wrong"></A> 
+
+<B><F>#</F> *** IMPORTANT! *** <F>#</F></B></P>
+<P>DO NOT post messages on mailing lists or in newsgroups until you have
+carried out the first three steps given here!</P>
+<P>Firstly, see if there are any likely looking entries in this FAQ! If
+you have just installed Samba, have you run through the checklist in
+<A HREF="ftp://samba.org/pub/samba/DIAGNOSIS.txt">DIAGNOSIS.txt</A>? It can save you a lot of time and effort.
+DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.</P>
+<P>Secondly, read the man pages for smbd, nmbd and smb.conf, looking for
+topics that relate to what you are trying to do.</P>
+<P>Thirdly, if there is no obvious solution to hand, try to get a look at
+the log files for smbd and/or nmbd for the period during which you
+were having problems. You may need to reconfigure the servers to
+provide more extensive debugging information - usually level 2 or
+level 3 provide ample debugging info. Inspect these logs closely,
+looking particularly for the string "Error:".</P>
+<P>Fourthly, if you still haven't got anywhere, ask the mailing list or
+newsgroup.  In general nobody minds answering questions provided you
+have followed the preceding steps. It might be a good idea to scan the
+archives of the mailing list, which are available through the Samba
+web site described in the previous
+section.</P>
+<P>If you successfully solve a problem, please mail the FAQ maintainer a
+succinct description of the symptom, the problem and the solution, so
+I can incorporate it in the next version.</P>
+<P>If you make changes to the source code, _please_ submit these patches
+so that everyone else gets the benefit of your work. This is one of
+the most important aspects to the maintainence of Samba. Send all
+patches to 
+<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any
+other individual, they may be lost if you do.</P>
+
+
+<H2><A NAME="ss1.9">1.9 Pizza supply details </A></H2>
+
+<P> 
+<A NAME="pizza"></A> 
+
+Those who have registered in the Samba survey as "Pizza Factory" will
+already know this, but the rest may need some help. Andrew doesn't ask
+for payment, but he does appreciate it when people give him
+pizza. This calls for a little organisation when the pizza donor is
+twenty thousand kilometres away, but it has been done.</P>
+<P>Method 1: Ring up your local branch of an international pizza chain
+and see if they honour their vouchers internationally. Pizza Hut do,
+which is how the entire Canberra Linux Users Group got to eat pizza
+one night, courtesy of someone in the US</P>
+<P>Method 2: Ring up a local pizza shop in Canberra and quote a credit
+card number for a certain amount, and tell them that Andrew will be
+collecting it (don't forget to tell him.) One kind soul from Germany
+did this.</P>
+<P>Method 3: Purchase a pizza voucher from your local pizza shop that has
+no international affiliations and send it to Andrew. It is completely
+useless but he can hang it on the wall next to the one he already has
+from Germany :-)</P>
+<P>Method 4: Air freight him a pizza with your favourite regional
+flavours. It will probably get stuck in customs or torn apart by
+hungry sniffer dogs but it will have been a noble gesture.</P>
+
+
+<HR>
+Previous
+<A HREF="sambafaq-2.html">Next</A>
+<A HREF="sambafaq.html#toc1">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/sambafaq-2.html b/docs/faq/sambafaq-2.html
new file mode 100755
index 00000000000..8978bc331ca
--- /dev/null
+++ b/docs/faq/sambafaq-2.html
@@ -0,0 +1,236 @@
+<HTML>
+<HEAD>
+<TITLE> Samba FAQ: Compiling and installing Samba on a Unix host</TITLE>
+</HEAD>
+<BODY>
+<A HREF="sambafaq-1.html">Previous</A>
+<A HREF="sambafaq-3.html">Next</A>
+<A HREF="sambafaq.html#toc2">Table of Contents</A>
+<HR>
+<H2><A NAME="s2">2. Compiling and installing Samba on a Unix host</A></H2>
+
+<P>
+<A NAME="unix_install"></A> 
+</P>
+
+<H2><A NAME="ss2.1">2.1 I can't see the Samba server in any browse lists!</A></H2>
+
+<P>
+<A NAME="no_browse"></A> 
+
+See BROWSING.txt for more information on browsing.  BROWSING.txt can
+be found in the docs directory of the Samba source.</P> <P>If your GUI
+client does not permit you to select non-browsable servers, you may
+need to do so on the command line. For example, under Lan Manager you
+might connect to the above service as disk drive M: thusly:
+<BLOCKQUOTE><CODE>
+<PRE>
+   net use M: \\mary\fred
+</PRE>
+</CODE></BLOCKQUOTE>
+
+The details of how to do this and the specific syntax varies from
+client to client - check your client's documentation.</P>
+
+
+<H2><A NAME="ss2.2">2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2>
+
+<P> 
+<A NAME="missing_files"></A> 
+
+See the next question.</P>
+
+<H2><A NAME="ss2.3">2.3 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2>
+
+<P> 
+<A NAME="strange_filenames"></A> 
+
+If you check what files are not showing up, you will note that they
+are files which contain upper case letters or which are otherwise not
+DOS-compatible (ie, they are not legal DOS filenames for some reason).</P>
+<P>The Samba server can be configured either to ignore such files
+completely, or to present them to the client in "mangled" form. If you
+are not seeing the files at all, the Samba server has most likely been
+configured to ignore them.  Consult the man page smb.conf(5) for
+details of how to change this - the parameter you need to set is
+"mangled names = yes".</P>
+
+
+<H2><A NAME="ss2.4">2.4 My client reports "cannot locate specified computer" or similar</A></H2>
+
+<P>
+<A NAME="cant_see_server"></A> 
+
+This indicates one of three things: You supplied an incorrect server
+name, the underlying TCP/IP layer is not working correctly, or the
+name you specified cannot be resolved.</P>
+<P>After carefully checking that the name you typed is the name you
+should have typed, try doing things like pinging a host or telnetting
+to somewhere on your network to see if TCP/IP is functioning OK. If it
+is, the problem is most likely name resolution.</P>
+<P>If your client has a facility to do so, hardcode a mapping between the
+hosts IP and the name you want to use. For example, with Man Manager
+or Windows for Workgroups you would put a suitable entry in the file
+LMHOSTS. If this works, the problem is in the communication between
+your client and the netbios name server. If it does not work, then
+there is something fundamental wrong with your naming and the solution
+is beyond the scope of this document.</P>
+<P>If you do not have any server on your subnet supplying netbios name
+resolution, hardcoded mappings are your only option. If you DO have a
+netbios name server running (such as the Samba suite's nmbd program),
+the problem probably lies in the way it is set up. Refer to Section
+Two of this FAQ for more ideas.</P>
+<P>By the way, remember to REMOVE the hardcoded mapping before further
+tests :-)     </P>
+
+
+<H2><A NAME="ss2.5">2.5 My client reports "cannot locate specified share name" or similar</A></H2>
+
+<P> 
+<A NAME="cant_see_share"></A> 
+
+This message indicates that your client CAN locate the specified
+server, which is a good start, but that it cannot find a service of
+the name you gave.</P>
+<P>The first step is to check the exact name of the service you are
+trying to connect to (consult your system administrator). Assuming it
+exists and you specified it correctly (read your client's doco on how
+to specify a service name correctly), read on:</P>
+<P>
+<UL>
+<LI> Many clients cannot accept or use service names longer than eight characters.</LI>
+<LI> Many clients cannot accept or use service names containing spaces.</LI>
+<LI> Some servers (not Samba though) are case sensitive with service names.</LI>
+<LI> Some clients force service names into upper case.</LI>
+</UL>
+</P>
+
+
+<H2><A NAME="ss2.6">2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2>
+
+<P> 
+<A NAME="cant_see_net"></A> 
+
+Nothing is wrong - Samba does not implement the primary domain name
+controller stuff for several reasons, including the fact that the
+whole concept of a primary domain controller and "logging in to a
+network" doesn't fit well with clients possibly running on multiuser
+machines (such as users of smbclient under Unix). Having said that,
+several developers are working hard on building it in to the next
+major version of Samba. If you can contribute, send a message to
+<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P>
+<P>Seeing this message should not affect your ability to mount redirected
+disks and printers, which is really what all this is about.</P>
+<P>For many clients (including Windows for Workgroups and Lan Manager),
+setting the domain to STANDALONE at least gets rid of the message.</P>
+
+
+<H2><A NAME="ss2.7">2.7 Printing doesn't work :-(</A></H2>
+
+<P> 
+<A NAME="no_printing"></A> 
+
+Make sure that the specified print command for the service you are
+connecting to is correct and that it has a fully-qualified path (eg.,
+use "/usr/bin/lpr" rather than just "lpr").</P>
+<P>Make sure that the spool directory specified for the service is
+writable by the user connected to the service. In particular the user
+"nobody" often has problems with printing, even if it worked with an
+earlier version of Samba. Try creating another guest user other than
+"nobody".</P>
+<P>Make sure that the user specified in the service is permitted to use
+the printer.</P>
+<P>Check the debug log produced by smbd. Search for the printer name and
+see if the log turns up any clues. Note that error messages to do with
+a service ipc$ are meaningless - they relate to the way the client
+attempts to retrieve status information when using the LANMAN1
+protocol.</P>
+<P>If using WfWg then you need to set the default protocol to TCP/IP, not
+Netbeui. This is a WfWg bug.</P>
+<P>If using the Lanman1 protocol (the default) then try switching to
+coreplus.  Also not that print status error messages don't mean
+printing won't work. The print status is received by a different
+mechanism.</P>
+
+
+<H2><A NAME="ss2.8">2.8 My programs install on the server OK, but refuse to work properly</A></H2>
+
+<P>
+<A NAME="programs_wont_run"></A> 
+
+There are numerous possible reasons for this, but one MAJOR
+possibility is that your software uses locking. Make sure you are
+using Samba 1.6.11 or later. It may also be possible to work around
+the problem by setting "locking=no" in the Samba configuration file
+for the service the software is installed on. This should be regarded
+as a strictly temporary solution.</P>
+<P>In earlier Samba versions there were some difficulties with the very
+latest Microsoft products, particularly Excel 5 and Word for Windows
+6. These should have all been solved. If not then please let Andrew
+Tridgell know via email at 
+<A HREF="mailto:samba@samba.org">samba@samba.org</A>.</P>
+
+
+<H2><A NAME="ss2.9">2.9 My "server string" doesn't seem to be recognised</A></H2>
+
+<P>
+<A NAME="bad_server_string"></A> 
+
+OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
+of what I have changed it to in the smb.conf file.</P>
+<P>You need to use the -C option in nmbd. The "server string" affects
+what smbd puts out and -C affects what nmbd puts out.</P>
+<P>Current versions of Samba (1.9.16 +) have combined these options into
+the "server string" field of smb.conf, -C for nmbd is now obsolete.</P>
+
+
+<H2><A NAME="ss2.10">2.10 My client reports "This server is not configured to list shared resources" </A></H2>
+
+<P> 
+<A NAME="cant_list_shares"></A> 
+
+Your guest account is probably invalid for some reason. Samba uses the
+guest account for browsing in smbd.  Check that your guest account is
+valid.</P>
+<P>See also 'guest account' in smb.conf man page.</P>
+
+
+<H2><A NAME="ss2.11">2.11 Log message "you appear to have a trapdoor uid system" </A></H2>
+
+<P>
+<A NAME="trapdoor_uid"></A> 
+
+This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.</P>
+<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P>
+<P>This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.</P>
+<P>The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.</P>
+<P>Complain to your OS vendor and ask them to fix their system.</P>
+<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!</P>
+
+
+<HR>
+<A HREF="sambafaq-1.html">Previous</A>
+<A HREF="sambafaq-3.html">Next</A>
+<A HREF="sambafaq.html#toc2">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/sambafaq-3.html b/docs/faq/sambafaq-3.html
new file mode 100755
index 00000000000..d7e0c7abd21
--- /dev/null
+++ b/docs/faq/sambafaq-3.html
@@ -0,0 +1,322 @@
+<HTML>
+<HEAD>
+<TITLE> Samba FAQ: Common client questions</TITLE>
+</HEAD>
+<BODY>
+<A HREF="sambafaq-2.html">Previous</A>
+<A HREF="sambafaq-4.html">Next</A>
+<A HREF="sambafaq.html#toc3">Table of Contents</A>
+<HR>
+<H2><A NAME="s3">3. Common client questions</A></H2>
+
+<P> 
+<A NAME="client_questions"></A> 
+</P>
+
+<H2><A NAME="ss3.1">3.1 Are there any Macintosh clients for Samba?</A></H2>
+
+<P> 
+<A NAME="mac_clients"></A> 
+
+Yes! Thursby now have a CIFS Client / Server called DAVE - see 
+<A HREF="http://www.thursby.com/">http://www.thursby.com/</A>.
+They test it against Windows 95, Windows NT and samba for compatibility issues.
+At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available 
+as a free download from the Thursby web site (the speed of finder copies has
+been greatly enhanced, and there are bug-fixes included).</P>
+<P>Alternatives - There are two free implementations of AppleTalk for
+several kinds of UNIX machnes, and several more commercial ones.
+These products allow you to run file services and print services
+natively to Macintosh users, with no additional support required on
+the Macintosh.  The two free omplementations are Netatalk,
+<A HREF="http://www.umich.edu/~rsug/netatalk/">http://www.umich.edu/~rsug/netatalk/</A>, and CAP, 
+<A HREF="http://www.cs.mu.oz.au/appletalk/atalk.html">http://www.cs.mu.oz.au/appletalk/atalk.html</A>.  What Samba offers 
+MS Windows users, these packages offer to Macs.  For more info on
+these packages, Samba, and Linux (and other UNIX-based systems)
+see 
+<A HREF="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</A></P>
+
+
+<H2><A NAME="ss3.2">3.2 "Session request failed (131,130)" error</A></H2>
+
+<P> 
+<A NAME="sess_req_fail"></A> 
+
+The following answer is provided by John E. Miller:</P>
+<P>I'll assume that you're able to ping back and forth between the
+machines by IP address and name, and that you're using some security
+model where you're confident that you've got user IDs and passwords
+right.  The logging options (-d3 or greater) can help a lot with that.
+DNS and WINS configuration can also impact connectivity as well.</P>
+<P>Now, on to 'scope id's.  Somewhere in your Win95 TCP/IP network
+configuration (I'm too much of an NT bigot to know where it's located
+in the Win95 setup, but I'll have to learn someday since I teach for a
+Microsoft Solution Provider Authorized Tech Education Center - what an
+acronym...) <F>Note: It's under Control Panel | Network | TCP/IP | WINS
+Configuration</F> there's a little text entry field called something like
+'Scope ID'.</P>
+<P>This field essentially creates 'invisible' sub-workgroups on the same
+wire.  Boxes can only see other boxes whose Scope IDs are set to the
+exact same value - it's sometimes used by OEMs to configure their
+boxes to browse only other boxes from the same vendor and, in most
+environments, this field should be left blank.  If you, in fact, have
+something in this box that EXACT value (case-sensitive!) needs to be
+provided to smbclient and nmbd as the -i (lowercase) parameter. So, if
+your Scope ID is configured as the string 'SomeStr' in Win95 then
+you'd have to use smbclient -iSomeStr <F>otherparms</F> in connecting to
+it.</P>
+
+
+<H2><A NAME="ss3.3">3.3 How do I synchronise my PC's clock with my Samba server? </A></H2>
+
+<P>
+<A NAME="synchronise_clock"></A> 
+
+To syncronize your PC's clock with your Samba server:
+<UL>
+<LI> Copy timesync.pif to your windows directory</LI>
+<LI> timesync.pif can be found at:
+<A HREF="http://samba.org/samba/binaries/miscellaneous/timesync.pif">http://samba.org/samba/binaries/miscellaneous/timesync.pif</A></LI>
+<LI> Add timesync.pif to your 'Start Up' group/folder</LI>
+<LI> Open the properties dialog box for the program/icon</LI>
+<LI> Make sure the 'Run Minimized' option is set in program 'Properties'</LI>
+<LI> Change the command line section that reads <F>\\sambahost</F> to reflect the name of your server.</LI>
+<LI> Close the properties dialog box by choosing 'OK'</LI>
+</UL>
+
+Each time you start your computer (or login for Win95) your PC will
+synchronize its clock with your Samba server.</P>
+<P>Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba
+- see: 
+<A HREF="ftp://samba.org/pub/samba/docs/BROWSING.txt">BROWSING.txt</A> *** for more information.</P>
+<P>Then add 
+<BLOCKQUOTE><CODE>
+<PRE>
+NET TIME \\%L /SET /YES
+</PRE>
+</CODE></BLOCKQUOTE>
+
+as one of the lines in the logon script.</P>
+
+<H2><A NAME="ss3.4">3.4 Problems with WinDD, NTrigue, WinCenterPro etc</A></H2>
+
+<P>
+<A NAME="multiple_session_clients"></A> 
+</P>
+<P>All of the above programs are applications that sit on an NT box and
+allow multiple users to access the NT GUI applications from remote
+workstations (often over X).</P>
+<P>What has this got to do with Samba? The problem comes when these users
+use filemanager to mount shares from a Samba server. The most common
+symptom is that the first user to connect get correct file permissions
+and has a nice day, but subsequent connections get logged in as the
+same user as the first person to login. They find that they cannot
+access files in their own home directory, but that they can access
+files in the first users home directory (maybe not such a nice day
+after all?)</P>
+<P>Why does this happen? The above products all share a common heritage
+(and code base I believe). They all open just a single TCP based SMB
+connection to the Samba server, and requests from all users are piped
+over this connection. This is unfortunate, but not fatal.</P>
+<P>It means that if you run your Samba server in share level security
+(the default) then things will definately break as described
+above. The share level SMB security model has no provision for
+multiple user IDs on the one SMB connection. See 
+<A HREF="ftp://samba.org/pub/samba/docs/security_level.txt">security_level.txt</A> in
+the docs for more info on share/user/server level security.</P>
+<P>If you run in user or server level security then you have a chance,
+but only if you have a recent version of Samba (at least 1.9.15p6). In
+older versions bugs in Samba meant you still would have had problems.</P>
+<P>If you have a trapdoor uid system in your OS then it will never work
+properly. Samba needs to be able to switch uids on the connection and
+it can't if your OS has a trapdoor uid system. You'll know this
+because Samba will note it in your logs.</P>
+<P>Also note that you should not use the magic "homes" share name with
+products like these, as otherwise all users will end up with the same
+home directory. Use <F>\\server\username</F> instead.</P>
+
+
+<H2><A NAME="ss3.5">3.5 Problem with printers under NT</A></H2>
+
+<P> 
+<A NAME="nt_printers"></A> 
+
+This info from Stefan Hergeth
+hergeth@f7axp1.informatik.fh-muenchen.de may be useful:</P>
+<P>A network-printer (with ethernetcard) is connected to the NT-Clients
+via our UNIX-Fileserver (SAMBA-Server), like the configuration told by
+Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt)
+<OL>
+<LI>If a user has choosen this printer as the default printer in his
+NT-Session and this printer is not connected to the network
+(e.g. switched off) than this user has a problem with the SAMBA-
+connection of his filesystems. It's very slow.
+</LI>
+<LI>If the printer is connected to the network everything works fine.
+</LI>
+<LI>When the smbd ist started with debug level 3, you can see that the
+NT spooling system try to connect to the printer many times. If the
+printer ist not connected to the network this request fails and the
+NT spooler is wasting a lot of time to connect to the printer service.
+This seems to be the reason for the slow network connection.
+</LI>
+<LI>Maybe it's possible to change this behaviour by setting different 
+printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.</LI>
+</OL>
+</P>
+
+
+<H2><A NAME="ss3.6">3.6 Why are my file's timestamps off by an hour, or by a few hours?</A></H2>
+
+<P>
+<A NAME="dst_bugs"></A> 
+
+This is from Paul Eggert eggert@twinsun.com.</P>
+<P>Most likely it's a problem with your time zone settings.</P>
+<P>Internally, Samba maintains time in traditional Unix format,
+namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
+(or ``GMT''), not counting leap seconds.</P>
+<P>On the server side, Samba uses the Unix TZ variable to convert
+internal timestamps to and from local time.  So on the server side, there are
+two things to get right.
+<OL>
+<LI>The Unix system clock must have the correct Universal time.
+Use the shell command "sh -c 'TZ=UTC0 date'" to check this.
+</LI>
+<LI>The TZ environment variable must be set on the server
+before Samba is invoked.  The details of this depend on the
+server OS, but typically you must edit a file whose name is
+/etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.
+</LI>
+<LI>TZ must have the correct value.
+<OL>
+<LI>If possible, use geographical time zone settings
+(e.g. TZ='America/Los_Angeles' or perhaps
+TZ=':US/Pacific').  These are supported by most
+popular Unix OSes, are easier to get right, and are
+more accurate for historical timestamps.  If your
+operating system has out-of-date tables, you should be
+able to update them from the public domain time zone
+tables at 
+<A HREF="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</A>.
+</LI>
+<LI>If your system does not support geographical timezone
+settings, you must use a Posix-style TZ strings, e.g.
+TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
+Posix TZ strings can take the following form (with optional
+items in brackets):
+<PRE>
+        StdOffset[Dst[Offset],Date/Time,Date/Time]
+</PRE>
+
+where:
+<UL>
+<LI>                        `Std' is the standard time designation (e.g. `PST').
+</LI>
+<LI>                        `Offset' is the number of hours behind UTC (e.g. `8').
+Prepend a `-' if you are ahead of UTC, and
+append `:30' if you are at a half-hour offset.
+Omit all the remaining items if you do not use
+daylight-saving time.
+</LI>
+<LI>                        `Dst' is the daylight-saving time designation
+(e.g. `PDT').
+
+The optional second `Offset' is the number of
+hours that daylight-saving time is behind UTC.
+The default is 1 hour ahead of standard time.
+</LI>
+<LI>                        `Date/Time,Date/Time' specify when daylight-saving
+time starts and ends.  The format for a date is
+`Mm.n.d', which specifies the dth day (0 is Sunday)
+of the nth week of the mth month, where week 5 means
+the last such day in the month.  The format for a
+time is <F>h</F>h<F>:mm[:ss</F>], using a 24-hour clock.</LI>
+</UL>
+
+Other Posix string formats are allowed but you don't want
+to know about them.</LI>
+</OL>
+</LI>
+</OL>
+
+On the client side, you must make sure that your client's clock and
+time zone is also set appropriately.  <F>[I don't know how to do this.</F>]
+Samba traditionally has had many problems dealing with time zones, due
+to the bizarre ways that Microsoft network protocols handle time
+zones.  A common symptom is for file timestamps to be off by an hour.
+To work around the problem, try disconnecting from your Samba server
+and then reconnecting to it; or upgrade your Samba server to
+1.9.16alpha10 or later.</P>
+
+
+<H2><A NAME="ss3.7">3.7 How do I set the printer driver name correctly? </A></H2>
+
+<P>
+<A NAME="printer_driver_name"></A> 
+
+Question:
+On NT, I opened "Printer Manager" and "Connect to Printer".
+Enter <F>"\\ptdi270\ps1"</F> in the box of printer. I got the
+following error message:
+<BLOCKQUOTE><CODE>
+<PRE>
+     You do not have sufficient access to your machine
+     to connect to the selected printer, since a driver
+     needs to be installed locally.
+</PRE>
+</CODE></BLOCKQUOTE>
+
+Answer:</P>
+<P>In the more recent versions of Samba you can now set the "printer
+driver" in smb.conf. This tells the client what driver to use. For
+example:
+<BLOCKQUOTE><CODE>
+<PRE>
+     printer driver = HP LaserJet 4L
+</PRE>
+</CODE></BLOCKQUOTE>
+
+with this, NT knows to use the right driver. You have to get this string
+exactly right.</P>
+<P>To find the exact string to use, you need to get to the dialog box in
+your client where you select which printer driver to install. The
+correct strings for all the different printers are shown in a listbox
+in that dialog box.</P>
+<P>You could also try setting the driver to NULL like this:
+<BLOCKQUOTE><CODE>
+<PRE>
+     printer driver = NULL
+</PRE>
+</CODE></BLOCKQUOTE>
+
+this is effectively what older versions of Samba did, so if that
+worked for you then give it a go. If this does work then let us know via 
+<A HREF="mailto:samba@samba.org">samba@samba.org</A>,
+and we'll make it the default. Currently the default is a 0 length
+string.</P>
+
+
+<H2><A NAME="ss3.8">3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?</A></H2>
+
+<P>
+<A NAME="NT_SP3_FIX"></A> 
+
+As of SP3, Microsoft has decided that they will no longer default to 
+passing clear text passwords over the network.  To enable access to 
+Samba shares from NT 4.0 SP3, you must do <B>ONE</B> of two things:
+<OL>
+<LI> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in 
+<A HREF="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt">ENCRYPTION.txt</A>.</LI>
+<LI> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see 
+<A HREF="http://www.microsoft.com/kb/articles/q166/7/30.htm">Knowledge Base Article Q166730</A></LI>
+</OL>
+</P>
+
+
+<HR>
+<A HREF="sambafaq-2.html">Previous</A>
+<A HREF="sambafaq-4.html">Next</A>
+<A HREF="sambafaq.html#toc3">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/sambafaq-4.html b/docs/faq/sambafaq-4.html
new file mode 100755
index 00000000000..94d5c419906
--- /dev/null
+++ b/docs/faq/sambafaq-4.html
@@ -0,0 +1,37 @@
+<HTML>
+<HEAD>
+<TITLE> Samba FAQ: Specific client application problems</TITLE>
+</HEAD>
+<BODY>
+<A HREF="sambafaq-3.html">Previous</A>
+<A HREF="sambafaq-5.html">Next</A>
+<A HREF="sambafaq.html#toc4">Table of Contents</A>
+<HR>
+<H2><A NAME="s4">4. Specific client application problems</A></H2>
+
+<P> 
+<A NAME="client_problems"></A> 
+</P>
+
+<H2><A NAME="ss4.1">4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A></H2>
+
+<P> 
+<A NAME="cant_change_properties"></A> 
+
+When installing MS Office on a Samba drive for which you have admin
+user permissions, ie. admin users = username, you will find the
+setup program unable to complete the installation.</P>
+<P>To get around this problem, do the installation without admin user
+permissions The problem is that MS Office Setup checks that a file is
+rdonly by trying to open it for writing.</P>
+<P>Admin users can always open a file for writing, as they run as root.
+You just have to install as a non-admin user and then use "chown -R"
+to fix the owner.</P>
+
+
+<HR>
+<A HREF="sambafaq-3.html">Previous</A>
+<A HREF="sambafaq-5.html">Next</A>
+<A HREF="sambafaq.html#toc4">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/sambafaq-5.html b/docs/faq/sambafaq-5.html
new file mode 100755
index 00000000000..0a6e9d08f03
--- /dev/null
+++ b/docs/faq/sambafaq-5.html
@@ -0,0 +1,30 @@
+<HTML>
+<HEAD>
+<TITLE> Samba FAQ: Miscellaneous</TITLE>
+</HEAD>
+<BODY>
+<A HREF="sambafaq-4.html">Previous</A>
+Next
+<A HREF="sambafaq.html#toc5">Table of Contents</A>
+<HR>
+<H2><A NAME="s5">5. Miscellaneous</A></H2>
+
+<P> 
+<A NAME="miscellaneous"></A> 
+</P>
+<H2><A NAME="ss5.1">5.1 Is Samba Year 2000 compliant?</A></H2>
+
+<P>
+<A NAME="Year2000Compliant"></A> 
+
+The CIFS protocol that Samba implements
+negotiates times in various formats, all of which
+are able to cope with dates beyond 2000.</P>
+
+
+<HR>
+<A HREF="sambafaq-4.html">Previous</A>
+Next
+<A HREF="sambafaq.html#toc5">Table of Contents</A>
+</BODY>
+</HTML>
diff --git a/docs/faq/sambafaq.html b/docs/faq/sambafaq.html
new file mode 100755
index 00000000000..2c703885cdf
--- /dev/null
+++ b/docs/faq/sambafaq.html
@@ -0,0 +1,115 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<HTML>
+<HEAD>
+<TITLE> Samba FAQ</TITLE>
+</HEAD>
+<BODY>
+Previous
+<A HREF="sambafaq-1.html">Next</A>
+Table of Contents
+<HR>
+<H1> Samba FAQ</H1>
+
+<H2>Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.8, June '97
+<P><HR><EM> This is the Frequently Asked Questions (FAQ) document for
+Samba, the free and very popular SMB server product. An SMB server
+allows file and printer connections from clients such as Windows,
+OS/2, Linux and others. Current to version 1.9.17. Please send any
+corrections to the author.</EM><HR></P>
+<P>
+<H2><A NAME="toc1">1.</A> <A HREF="sambafaq-1.html">General Information</A></H2>
+<UL>
+<LI><A HREF="sambafaq-1.html#ss1.1">1.1 What is Samba? </A>
+<LI><A HREF="sambafaq-1.html#ss1.2">1.2 What is the current version of Samba? </A>
+<LI><A HREF="sambafaq-1.html#ss1.3">1.3 Where can I get it? </A>
+<LI><A HREF="sambafaq-1.html#ss1.4">1.4 What do the version numbers mean? </A>
+<LI><A HREF="sambafaq-1.html#ss1.5">1.5 What platforms are supported? </A>
+<LI><A HREF="sambafaq-1.html#ss1.6">1.6 How can I find out more about Samba? </A>
+<LI><A HREF="sambafaq-1.html#ss1.7">1.7 How do I subscribe to the Samba Mailing Lists?</A>
+<LI><A HREF="sambafaq-1.html#ss1.8">1.8 Something's gone wrong - what should I do? </A>
+<LI><A HREF="sambafaq-1.html#ss1.9">1.9 Pizza supply details </A>
+</UL>
+
+<P>
+<H2><A NAME="toc2">2.</A> <A HREF="sambafaq-2.html">Compiling and installing Samba on a Unix host</A></H2>
+<UL>
+<LI><A HREF="sambafaq-2.html#ss2.1">2.1 I can't see the Samba server in any browse lists!</A>
+<LI><A HREF="sambafaq-2.html#ss2.2">2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A>
+<LI><A HREF="sambafaq-2.html#ss2.3">2.3 Some files on the server show up with really wierd filenames when I view the files from my client! </A>
+<LI><A HREF="sambafaq-2.html#ss2.4">2.4 My client reports "cannot locate specified computer" or similar</A>
+<LI><A HREF="sambafaq-2.html#ss2.5">2.5 My client reports "cannot locate specified share name" or similar</A>
+<LI><A HREF="sambafaq-2.html#ss2.6">2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A>
+<LI><A HREF="sambafaq-2.html#ss2.7">2.7 Printing doesn't work :-(</A>
+<LI><A HREF="sambafaq-2.html#ss2.8">2.8 My programs install on the server OK, but refuse to work properly</A>
+<LI><A HREF="sambafaq-2.html#ss2.9">2.9 My "server string" doesn't seem to be recognised</A>
+<LI><A HREF="sambafaq-2.html#ss2.10">2.10 My client reports "This server is not configured to list shared resources" </A>
+<LI><A HREF="sambafaq-2.html#ss2.11">2.11 Log message "you appear to have a trapdoor uid system" </A>
+</UL>
+
+<P>
+<H2><A NAME="toc3">3.</A> <A HREF="sambafaq-3.html">Common client questions</A></H2>
+<UL>
+<LI><A HREF="sambafaq-3.html#ss3.1">3.1 Are there any Macintosh clients for Samba?</A>
+<LI><A HREF="sambafaq-3.html#ss3.2">3.2 "Session request failed (131,130)" error</A>
+<LI><A HREF="sambafaq-3.html#ss3.3">3.3 How do I synchronise my PC's clock with my Samba server? </A>
+<LI><A HREF="sambafaq-3.html#ss3.4">3.4 Problems with WinDD, NTrigue, WinCenterPro etc</A>
+<LI><A HREF="sambafaq-3.html#ss3.5">3.5 Problem with printers under NT</A>
+<LI><A HREF="sambafaq-3.html#ss3.6">3.6 Why are my file's timestamps off by an hour, or by a few hours?</A>
+<LI><A HREF="sambafaq-3.html#ss3.7">3.7 How do I set the printer driver name correctly? </A>
+<LI><A HREF="sambafaq-3.html#ss3.8">3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?</A>
+</UL>
+
+<P>
+<H2><A NAME="toc4">4.</A> <A HREF="sambafaq-4.html">Specific client application problems</A></H2>
+<UL>
+<LI><A HREF="sambafaq-4.html#ss4.1">4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A>
+</UL>
+
+<P>
+<H2><A NAME="toc5">5.</A> <A HREF="sambafaq-5.html">Miscellaneous</A></H2>
+<UL>
+<LI><A HREF="sambafaq-5.html#ss5.1">5.1 Is Samba Year 2000 compliant?</A>
+</UL>
+
+
+<HR>
+Previous
+<A HREF="sambafaq-1.html">Next</A>
+Table of Contents
+</BODY>
+</HTML>
diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml
new file mode 100755
index 00000000000..333ac55f673
--- /dev/null
+++ b/docs/faq/sambafaq.sgml
@@ -0,0 +1,792 @@
+<!doctype linuxdoc system> <!-- -*- SGML -*- -->
+<!--
+ v 0.5 18 Oct 1996 Dan Shearer Dan.Shearer@unisa.edu.au
+	First linuxdoc-sgml version, outline only
+ v 0.6 25 Oct 1996 Dan
+	Filled in from current text faq
+ v 0.7 1 June 1997 Paul
+        Replicated changes in txt faq to sgml faq
+       9 June 1997 Paul
+        Lots of changes, added doco list, updated compatible systems list
+        added NT SP3 entry, added Year 2000 entry, Getting ready for 1.9.17
+ v 0.8 7th Oct 97 Paul
+        changed samba.canberra entries to samba.anu.../samba/
+-->
+
+<article>
+
+<title> Samba FAQ
+
+<author>Paul Blackman, <tt>ictinus@samba.org</tt>
+
+<date>v 0.8, June '97
+
+<abstract> This is the Frequently Asked Questions (FAQ) document for
+Samba, the free and very popular SMB server product. An SMB server
+allows file and printer connections from clients such as Windows,
+OS/2, Linux and others. Current to version 1.9.17. Please send any
+corrections to the author.
+</abstract>
+
+<toc>
+
+<sect> General Information<p> <label id="general_info">
+
+All about Samba - what it is, how to get it, related sources of
+information, how to understand the version numbering scheme, pizza
+details
+
+<sect1> What is Samba? <p> <label id="introduction">
+Samba is a suite of programs which work together to allow clients to
+access to a server's filespace and printers via the SMB (Server
+Message Block) protocol. Initially written for Unix, Samba now also
+runs on Netware, OS/2 and VMS.
+
+In practice, this means that you can redirect disks and printers to
+Unix disks and printers from Lan Manager clients, Windows for
+Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2
+clients. There is also a generic Unix client program supplied as part
+of the suite which allows Unix users to use an ftp-like interface to
+access filespace and printers on any other SMB servers. This gives the
+capability for these operating systems to behave much like a LAN
+Server or Windows NT Server machine, only with added functionality and
+flexibility designed to make life easier for administrators.
+
+The components of the suite are (in summary):
+
+<itemize>
+<item><bf>smbd</bf>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work
+<item><bf>nmbd</bf>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba
+<item><bf>smbclient</bf>, the Unix-hosted client program
+<item><bf>smbrun</bf>, a little 'glue' program to help the server run external programs
+<item><bf>testprns</bf>, a program to test server access to printers
+<item><bf>testparms</bf>, a program to test the Samba configuration file for correctness
+<item><bf>smb.conf</bf>, the Samba configuration file
+<item><bf>smbprint</bf>, a sample script to allow a Unix host to use smbclient to print to an SMB server
+<item><bf>Documentation!</bf> DON'T neglect to read it - you will save a great deal of time!
+</itemize>
+
+The suite is supplied with full source (of course!) and is GPLed.
+
+The primary creator of the Samba suite is Andrew Tridgell. Later
+versions incorporate much effort by many net.helpers. The man pages
+and this FAQ were originally written by Karl Auer.
+
+<sect1> What is the current version of Samba? <p><label id="current_version">
+At time of writing, the current version was 1.9.17. If you want to be
+sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log">
+
+For more information see <ref id="version_nums" name="What do the
+version numbers mean?">
+
+<sect1> Where can I get it? <p> <label id="where">
+The Samba suite is available via anonymous ftp from
+samba.org. The latest and greatest versions of the suite are in
+the directory:
+
+/pub/samba/
+
+Development (read "alpha") versions, which are NOT necessarily stable
+and which do NOT necessarily have accurate documentation, are
+available in the directory:
+
+/pub/samba/alpha
+
+Note that binaries are NOT included in any of the above. Samba is
+distributed ONLY in source form, though binaries may be available from
+other sites. Recent versions of some Linux distributions, for example,
+do contain Samba binaries for that platform.
+
+<sect1> What do the version numbers mean? <p> <label id="version_nums">
+It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.
+
+How the scheme works:
+<enum>
+<item>When major changes are made the version number is increased. For
+example, the transition from 1.9.15 to 1.9.16. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)
+
+<item>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing.  The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.
+
+<item>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.16.
+
+<item>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.16p2.
+</enum>
+So the progression goes:
+<verb>
+		1.9.15p7	(production)
+		1.9.15p8	(production)
+		1.9.16alpha1	(test sites only)
+		  :
+		1.9.16alpha20	(test sites only)
+		1.9.16		(production)
+		1.9.16p1	(production)
+</verb>
+The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.
+
+<sect1> What platforms are supported? <p> <label id="platforms">
+Many different platforms have run Samba successfully. The platforms
+most widely used and thus best tested are Linux and SunOS.
+
+At time of writing, the Makefile claimed support for:
+<itemize>
+<item> A/UX 3.0
+<item> AIX
+<item> Altos Series 386/1000
+<item> Amiga
+<item> Apollo Domain/OS sr10.3
+<item> BSDI 
+<item> B.O.S. (Bull Operating System)
+<item> Cray, Unicos 8.0
+<item> Convex
+<item> DGUX. 
+<item> DNIX.
+<item> FreeBSD
+<item> HP-UX
+<item> Intergraph. 
+<item> Linux with/without shadow passwords and quota
+<item> LYNX 2.3.0
+<item> MachTen (a unix like system for Macintoshes)
+<item> Motorola 88xxx/9xx range of machines
+<item> NetBSD
+<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
+<item> OS/2 using EMX 0.9b
+<item> OSF1
+<item> QNX 4.22
+<item> RiscIX. 
+<item> RISCOs 5.0B
+<item> SEQUENT. 
+<item> SCO (including: 3.2v2, European dist., OpenServer 5)
+<item> SGI.
+<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series
+<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
+<item> SUNOS 4
+<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
+<item> Sunsoft ISC SVR3V4
+<item> SVR4
+<item> System V with some berkely extensions (Motorola 88k R32V3.2).
+<item> ULTRIX.
+<item> UNIXWARE
+<item> UXP/DS
+</itemize>
+
+<sect1> How can I find out more about Samba? <p> <label id="more">
+There are a number of places to look for more information on Samba, including:
+<itemize>
+<item>Two mailing lists devoted to discussion of Samba-related matters.  
+<item>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. 
+<item>The WWW site 'SAMBA Web Pages' at <url url="http://samba.edu.au/samba/"> includes:
+  <itemize>
+    <item>Links to man pages and documentation, including this FAQ
+    <item>A comprehensive survey of Samba users.
+    <item>A searchable hypertext archive of the Samba mailing list.
+    <item>Links to Samba source code, binaries, and mirrors of both.
+  </itemize>
+<item>The long list of topic documentation.  These files can be found in the 'docs' directory of the Samba source, or at <url url="ftp://samba.org/pub/samba/docs/">
+  <itemize>
+    <item><url url="ftp://samba.org/pub/samba/docs/Application_Serving.txt" name="Application_Serving.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/BUGS.txt" name="BUGS.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt" name="DIAGNOSIS.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/DNIX.txt" name="DNIX.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN.txt" name="DOMAIN.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt" name="CONTROL.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/Faxing.txt" name="Faxing.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/GOTCHAS.txt" name="GOTCHAS.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/HINTS.txt" name="HINTS.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.sambatar" name="INSTALL.sambatar">
+    <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.txt" name="INSTALL.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/MIRRORS" name="MIRRORS">
+    <item><url url="ftp://samba.org/pub/samba/docs/NetBIOS.txt" name="NetBIOS.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/OS2.txt" name="OS2.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/PROJECTS" name="PROJECTS">
+    <item><url url="ftp://samba.org/pub/samba/docs/Passwords.txt" name="Passwords.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/Printing.txt" name="Printing.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/README.DCEDFS" name="README.DCEDFS">
+    <item><url url="ftp://samba.org/pub/samba/docs/README.OS2" name="README.OS2">
+    <item><url url="ftp://samba.org/pub/samba/docs/README.jis" name="README.jis">
+    <item><url url="ftp://samba.org/pub/samba/docs/README.sambatar" name="README.sambatar">
+    <item><url url="ftp://samba.org/pub/samba/docs/SCO.txt" name="SCO.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/SMBTAR.notes" name="SMBTAR.notes">
+    <item><url url="ftp://samba.org/pub/samba/docs/Speed.txt" name="Speed.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/Support.txt" name="Support.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/THANKS" name="THANKS">
+    <item><url url="ftp://samba.org/pub/samba/docs/Tracing.txt" name="Tracing.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt" name="SMB.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/Warp.txt" name="Warp.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/WinNT.txt" name="WinNT.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/history" name="history">
+    <item><url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="level.txt">
+    <item><url url="ftp://samba.org/pub/samba/docs/wfw_slip.htm" name="slip.htm">
+  </itemize>
+</itemize>
+
+<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist">
+Send email to <htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is
+blank, and include the following two lines in the body of the message:
+<tscreen><verb>
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+</verb></tscreen>
+Obviously you should substitute YOUR first name for "Firstname" and
+YOUR last name for "Lastname"! Try not to send any signature stuff, it
+sometimes confuses the list processor.
+
+The samba list is a digest list - every eight hours or so it
+regurgitates a single message containing all the messages that have
+been received by the list since the last time and sends a copy of this
+message to all subscribers.
+
+If you stop being interested in Samba, please send another email to
+<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and
+include the following two lines in the body of the message:
+<tscreen><verb>
+unsubscribe samba
+unsubscribe samba-announce
+</verb></tscreen>
+The <bf>From:</bf> line in your message <em>MUST</em> be the same address you used when
+you subscribed.
+
+<sect1> Something's gone wrong - what should I do? <p> <label id="wrong">
+<bf>[#] *** IMPORTANT! *** [#]</bf>
+<p>DO NOT post messages on mailing lists or in newsgroups until you have
+carried out the first three steps given here!
+
+Firstly, see if there are any likely looking entries in this FAQ! If
+you have just installed Samba, have you run through the checklist in
+<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" name="DIAGNOSIS.txt">? It can save you a lot of time and effort.
+DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.
+
+Secondly, read the man pages for smbd, nmbd and smb.conf, looking for
+topics that relate to what you are trying to do.
+
+Thirdly, if there is no obvious solution to hand, try to get a look at
+the log files for smbd and/or nmbd for the period during which you
+were having problems. You may need to reconfigure the servers to
+provide more extensive debugging information - usually level 2 or
+level 3 provide ample debugging info. Inspect these logs closely,
+looking particularly for the string "Error:".
+
+Fourthly, if you still haven't got anywhere, ask the mailing list or
+newsgroup.  In general nobody minds answering questions provided you
+have followed the preceding steps. It might be a good idea to scan the
+archives of the mailing list, which are available through the Samba
+web site described in the previous
+section.
+
+If you successfully solve a problem, please mail the FAQ maintainer a
+succinct description of the symptom, the problem and the solution, so
+I can incorporate it in the next version.
+
+If you make changes to the source code, _please_ submit these patches
+so that everyone else gets the benefit of your work. This is one of
+the most important aspects to the maintainence of Samba. Send all
+patches to <htmlurl url="mailto:samba-patches@samba.org" name="samba-patches@samba.org">. Do not send patches to Andrew Tridgell or any
+other individual, they may be lost if you do.
+
+<sect1> Pizza supply details <p> <label id="pizza">
+Those who have registered in the Samba survey as "Pizza Factory" will
+already know this, but the rest may need some help. Andrew doesn't ask
+for payment, but he does appreciate it when people give him
+pizza. This calls for a little organisation when the pizza donor is
+twenty thousand kilometres away, but it has been done.
+
+Method 1: Ring up your local branch of an international pizza chain
+and see if they honour their vouchers internationally. Pizza Hut do,
+which is how the entire Canberra Linux Users Group got to eat pizza
+one night, courtesy of someone in the US
+
+Method 2: Ring up a local pizza shop in Canberra and quote a credit
+card number for a certain amount, and tell them that Andrew will be
+collecting it (don't forget to tell him.) One kind soul from Germany
+did this.
+
+Method 3: Purchase a pizza voucher from your local pizza shop that has
+no international affiliations and send it to Andrew. It is completely
+useless but he can hang it on the wall next to the one he already has
+from Germany :-)
+
+Method 4: Air freight him a pizza with your favourite regional
+flavours. It will probably get stuck in customs or torn apart by
+hungry sniffer dogs but it will have been a noble gesture.
+
+<sect>Compiling and installing Samba on a Unix host<p><label id="unix_install">
+
+<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse">
+ See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt">
+ for more information on browsing.  Browsing.txt can also be found
+ in the docs directory of the Samba source.
+
+If your GUI client does not permit you to select non-browsable
+servers, you may need to do so on the command line. For example, under
+Lan Manager you might connect to the above service as disk drive M:
+thusly:
+<tscreen><verb>
+   net use M: \\mary\fred
+</verb></tscreen>
+The details of how to do this and the specific syntax varies from
+client to client - check your client's documentation.
+
+<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files">
+See the next question.
+<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames">
+If you check what files are not showing up, you will note that they
+are files which contain upper case letters or which are otherwise not
+DOS-compatible (ie, they are not legal DOS filenames for some reason).
+
+The Samba server can be configured either to ignore such files
+completely, or to present them to the client in "mangled" form. If you
+are not seeing the files at all, the Samba server has most likely been
+configured to ignore them.  Consult the man page smb.conf(5) for
+details of how to change this - the parameter you need to set is
+"mangled names = yes".
+
+<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server">
+This indicates one of three things: You supplied an incorrect server
+name, the underlying TCP/IP layer is not working correctly, or the
+name you specified cannot be resolved.
+
+After carefully checking that the name you typed is the name you
+should have typed, try doing things like pinging a host or telnetting
+to somewhere on your network to see if TCP/IP is functioning OK. If it
+is, the problem is most likely name resolution.
+
+If your client has a facility to do so, hardcode a mapping between the
+hosts IP and the name you want to use. For example, with Man Manager
+or Windows for Workgroups you would put a suitable entry in the file
+LMHOSTS. If this works, the problem is in the communication between
+your client and the netbios name server. If it does not work, then
+there is something fundamental wrong with your naming and the solution
+is beyond the scope of this document.
+
+If you do not have any server on your subnet supplying netbios name
+resolution, hardcoded mappings are your only option. If you DO have a
+netbios name server running (such as the Samba suite's nmbd program),
+the problem probably lies in the way it is set up. Refer to Section
+Two of this FAQ for more ideas.
+
+By the way, remember to REMOVE the hardcoded mapping before further
+tests :-)     
+
+<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share">
+This message indicates that your client CAN locate the specified
+server, which is a good start, but that it cannot find a service of
+the name you gave.
+
+The first step is to check the exact name of the service you are
+trying to connect to (consult your system administrator). Assuming it
+exists and you specified it correctly (read your client's doco on how
+to specify a service name correctly), read on:
+
+<itemize>
+<item> Many clients cannot accept or use service names longer than eight characters.
+<item> Many clients cannot accept or use service names containing spaces.
+<item> Some servers (not Samba though) are case sensitive with service names.
+<item> Some clients force service names into upper case.
+</itemize>
+
+<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net">
+Nothing is wrong - Samba does not implement the primary domain name
+controller stuff for several reasons, including the fact that the
+whole concept of a primary domain controller and "logging in to a
+network" doesn't fit well with clients possibly running on multiuser
+machines (such as users of smbclient under Unix). Having said that,
+several developers are working hard on building it in to the next
+major version of Samba. If you can contribute, send a message to
+<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> !
+
+Seeing this message should not affect your ability to mount redirected
+disks and printers, which is really what all this is about.
+
+For many clients (including Windows for Workgroups and Lan Manager),
+setting the domain to STANDALONE at least gets rid of the message.
+
+<sect1>Printing doesn't work :-(<p> <label id="no_printing">
+Make sure that the specified print command for the service you are
+connecting to is correct and that it has a fully-qualified path (eg.,
+use "/usr/bin/lpr" rather than just "lpr").
+
+Make sure that the spool directory specified for the service is
+writable by the user connected to the service. In particular the user
+"nobody" often has problems with printing, even if it worked with an
+earlier version of Samba. Try creating another guest user other than
+"nobody".
+
+Make sure that the user specified in the service is permitted to use
+the printer.
+
+Check the debug log produced by smbd. Search for the printer name and
+see if the log turns up any clues. Note that error messages to do with
+a service ipc$ are meaningless - they relate to the way the client
+attempts to retrieve status information when using the LANMAN1
+protocol.
+
+If using WfWg then you need to set the default protocol to TCP/IP, not
+Netbeui. This is a WfWg bug.
+
+If using the Lanman1 protocol (the default) then try switching to
+coreplus.  Also not that print status error messages don't mean
+printing won't work. The print status is received by a different
+mechanism.
+
+<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run">
+There are numerous possible reasons for this, but one MAJOR
+possibility is that your software uses locking. Make sure you are
+using Samba 1.6.11 or later. It may also be possible to work around
+the problem by setting "locking=no" in the Samba configuration file
+for the service the software is installed on. This should be regarded
+as a strictly temporary solution.
+
+In earlier Samba versions there were some difficulties with the very
+latest Microsoft products, particularly Excel 5 and Word for Windows
+6. These should have all been solved. If not then please let Andrew
+Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">.
+
+<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string">
+OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
+of what I have changed it to in the smb.conf file.
+
+You need to use the -C option in nmbd. The "server string" affects
+what smbd puts out and -C affects what nmbd puts out.
+ 
+Current versions of Samba (1.9.16 +) have combined these options into
+the "server string" field of smb.conf, -C for nmbd is now obsolete.
+
+<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares">
+Your guest account is probably invalid for some reason. Samba uses the
+guest account for browsing in smbd.  Check that your guest account is
+valid.
+
+See also 'guest account' in smb.conf man page.
+
+<sect1>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid">
+This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.
+
+It might also mean that your OS has a trapdoor uid/gid system :-)
+
+This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.
+
+The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.
+
+Complain to your OS vendor and ask them to fix their system.
+
+Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!
+
+<sect>Common client questions<p> <label id="client_questions">
+
+<sect1>Are there any Macintosh clients for Samba?<p> <label id="mac_clients">
+Yes! Thursby now have a CIFS Client / Server called DAVE - see <url url="http://www.thursby.com/">.
+They test it against Windows 95, Windows NT and samba for compatibility issues.
+At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available 
+as a free download from the Thursby web site (the speed of finder copies has
+been greatly enhanced, and there are bug-fixes included).
+
+Alternatives - There are two free implementations of AppleTalk for
+several kinds of UNIX machnes, and several more commercial ones.
+These products allow you to run file services and print services
+natively to Macintosh users, with no additional support required on
+the Macintosh.  The two free omplementations are Netatalk,
+<url url="http://www.umich.edu/~rsug/netatalk/">, and CAP, 
+<url url="http://www.cs.mu.oz.au/appletalk/atalk.html">.  What Samba offers 
+MS Windows users, these packages offer to Macs.  For more info on
+these packages, Samba, and Linux (and other UNIX-based systems)
+see <url url="http://www.eats.com/linux_mac_win.html">
+
+<sect1>"Session request failed (131,130)" error<p> <label id="sess_req_fail">
+The following answer is provided by John E. Miller:
+
+I'll assume that you're able to ping back and forth between the
+machines by IP address and name, and that you're using some security
+model where you're confident that you've got user IDs and passwords
+right.  The logging options (-d3 or greater) can help a lot with that.
+DNS and WINS configuration can also impact connectivity as well.
+
+Now, on to 'scope id's.  Somewhere in your Win95 TCP/IP network
+configuration (I'm too much of an NT bigot to know where it's located
+in the Win95 setup, but I'll have to learn someday since I teach for a
+Microsoft Solution Provider Authorized Tech Education Center - what an
+acronym...) [Note: It's under Control Panel | Network | TCP/IP | WINS
+Configuration] there's a little text entry field called something like
+'Scope ID'.
+
+This field essentially creates 'invisible' sub-workgroups on the same
+wire.  Boxes can only see other boxes whose Scope IDs are set to the
+exact same value - it's sometimes used by OEMs to configure their
+boxes to browse only other boxes from the same vendor and, in most
+environments, this field should be left blank.  If you, in fact, have
+something in this box that EXACT value (case-sensitive!) needs to be
+provided to smbclient and nmbd as the -i (lowercase) parameter. So, if
+your Scope ID is configured as the string 'SomeStr' in Win95 then
+you'd have to use smbclient -iSomeStr [otherparms] in connecting to
+it.
+
+<sect1>How do I synchronise my PC's clock with my Samba server? <p><label id="synchronise_clock">
+To syncronize your PC's clock with your Samba server:
+<itemize>
+<item> Copy timesync.pif to your windows directory
+ <item> timesync.pif can be found at:
+    <url 
+url="http://samba.org/samba/binaries/miscellaneous/timesync.pif">
+<item> Add timesync.pif to your 'Start Up' group/folder
+<item> Open the properties dialog box for the program/icon
+<item> Make sure the 'Run Minimized' option is set in program 'Properties'
+<iteM> Change the command line section that reads [\\sambahost] to reflect the name of your server.
+<item> Close the properties dialog box by choosing 'OK'
+</itemize>
+Each time you start your computer (or login for Win95) your PC will
+synchronize its clock with your Samba server.
+
+Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba
+ - see: <url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> *** for more information.
+<p>Then add 
+<tscreen><verb>
+NET TIME \\%L /SET /YES
+</verb></tscreen>
+as one of the lines in the logon script.
+<sect1>Problems with WinDD, NTrigue, WinCenterPro etc<p>
+<label id="multiple_session_clients">
+
+All of the above programs are applications that sit on an NT box and
+allow multiple users to access the NT GUI applications from remote
+workstations (often over X).
+
+What has this got to do with Samba? The problem comes when these users
+use filemanager to mount shares from a Samba server. The most common
+symptom is that the first user to connect get correct file permissions
+and has a nice day, but subsequent connections get logged in as the
+same user as the first person to login. They find that they cannot
+access files in their own home directory, but that they can access
+files in the first users home directory (maybe not such a nice day
+after all?)
+
+Why does this happen? The above products all share a common heritage
+(and code base I believe). They all open just a single TCP based SMB
+connection to the Samba server, and requests from all users are piped
+over this connection. This is unfortunate, but not fatal.
+
+It means that if you run your Samba server in share level security
+(the default) then things will definately break as described
+above. The share level SMB security model has no provision for
+multiple user IDs on the one SMB connection. See <url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="security_level.txt"> in
+the docs for more info on share/user/server level security.
+
+If you run in user or server level security then you have a chance,
+but only if you have a recent version of Samba (at least 1.9.15p6). In
+older versions bugs in Samba meant you still would have had problems.
+
+If you have a trapdoor uid system in your OS then it will never work
+properly. Samba needs to be able to switch uids on the connection and
+it can't if your OS has a trapdoor uid system. You'll know this
+because Samba will note it in your logs.
+
+Also note that you should not use the magic "homes" share name with
+products like these, as otherwise all users will end up with the same
+home directory. Use [\\server\username] instead.
+
+<sect1>Problem with printers under NT<p> <label id="nt_printers">
+This info from Stefan Hergeth
+hergeth@f7axp1.informatik.fh-muenchen.de may be useful:
+
+ A network-printer (with ethernetcard) is connected to the NT-Clients
+via our UNIX-Fileserver (SAMBA-Server), like the configuration told by
+ Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt)
+<enum>
+<item>If a user has choosen this printer as the default printer in his
+     NT-Session and this printer is not connected to the network
+     (e.g. switched off) than this user has a problem with the SAMBA-
+     connection of his filesystems. It's very slow.
+
+<item>If the printer is connected to the network everything works fine.
+
+<item>When the smbd ist started with debug level 3, you can see that the
+     NT spooling system try to connect to the printer many times. If the
+     printer ist not connected to the network this request fails and the
+     NT spooler is wasting a lot of time to connect to the printer service.
+     This seems to be the reason for the slow network connection.
+
+<item>Maybe it's possible to change this behaviour by setting different 
+     printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.
+</enum>
+
+<sect1>Why are my file's timestamps off by an hour, or by a few hours?<p><label id="dst_bugs">
+This is from Paul Eggert eggert@twinsun.com.
+
+Most likely it's a problem with your time zone settings.
+
+Internally, Samba maintains time in traditional Unix format,
+namely, the number of seconds since 1970-01-01 00:00:00 Universal Time
+(or ``GMT''), not counting leap seconds.
+
+On the server side, Samba uses the Unix TZ variable to convert
+internal timestamps to and from local time.  So on the server side, there are
+two things to get right.
+<enum>
+<item>The Unix system clock must have the correct Universal time.
+        Use the shell command "sh -c 'TZ=UTC0 date'" to check this.
+
+<item>The TZ environment variable must be set on the server
+        before Samba is invoked.  The details of this depend on the
+        server OS, but typically you must edit a file whose name is
+        /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'.
+
+<item>TZ must have the correct value.
+<enum>
+      <item>If possible, use geographical time zone settings
+                (e.g. TZ='America/Los_Angeles' or perhaps
+                TZ=':US/Pacific').  These are supported by most
+                popular Unix OSes, are easier to get right, and are
+                more accurate for historical timestamps.  If your
+                operating system has out-of-date tables, you should be
+                able to update them from the public domain time zone
+                tables at <url url="ftp://elsie.nci.nih.gov/pub/">.
+
+      <item>If your system does not support geographical timezone
+                settings, you must use a Posix-style TZ strings, e.g.
+                TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.
+                Posix TZ strings can take the following form (with optional
+                items in brackets):
+<verb>
+	StdOffset[Dst[Offset],Date/Time,Date/Time]
+</verb>
+                where:
+<itemize>
+<item>                        `Std' is the standard time designation (e.g. `PST').
+
+<item>                        `Offset' is the number of hours behind UTC (e.g. `8').
+                        Prepend a `-' if you are ahead of UTC, and
+                        append `:30' if you are at a half-hour offset.
+                        Omit all the remaining items if you do not use
+                        daylight-saving time.
+
+<item>                        `Dst' is the daylight-saving time designation
+                        (e.g. `PDT').
+
+                        The optional second `Offset' is the number of
+                        hours that daylight-saving time is behind UTC.
+                        The default is 1 hour ahead of standard time.
+
+<item>                        `Date/Time,Date/Time' specify when daylight-saving
+                        time starts and ends.  The format for a date is
+                        `Mm.n.d', which specifies the dth day (0 is Sunday)
+                        of the nth week of the mth month, where week 5 means
+                        the last such day in the month.  The format for a
+                        time is [h]h[:mm[:ss]], using a 24-hour clock.
+</itemize>
+                Other Posix string formats are allowed but you don't want
+                to know about them.
+</enum>
+</enum>
+On the client side, you must make sure that your client's clock and
+time zone is also set appropriately.  [[I don't know how to do this.]]
+Samba traditionally has had many problems dealing with time zones, due
+to the bizarre ways that Microsoft network protocols handle time
+zones.  A common symptom is for file timestamps to be off by an hour.
+To work around the problem, try disconnecting from your Samba server
+and then reconnecting to it; or upgrade your Samba server to
+1.9.16alpha10 or later.
+
+<sect1> How do I set the printer driver name correctly? <p><label id="printer_driver_name">
+Question:
+ On NT, I opened "Printer Manager" and "Connect to Printer".
+ Enter ["\\ptdi270\ps1"] in the box of printer. I got the
+ following error message:
+<tscreen><verb>
+     You do not have sufficient access to your machine
+     to connect to the selected printer, since a driver
+     needs to be installed locally.
+</verb></tscreen>
+Answer:
+
+In the more recent versions of Samba you can now set the "printer
+driver" in smb.conf. This tells the client what driver to use. For
+example:
+<tscreen><verb>
+     printer driver = HP LaserJet 4L
+</verb></tscreen>
+with this, NT knows to use the right driver. You have to get this string
+exactly right.
+
+To find the exact string to use, you need to get to the dialog box in
+your client where you select which printer driver to install. The
+correct strings for all the different printers are shown in a listbox
+in that dialog box.
+
+You could also try setting the driver to NULL like this:
+<tscreen><verb>
+     printer driver = NULL
+</verb></tscreen>
+this is effectively what older versions of Samba did, so if that
+worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">,
+and we'll make it the default. Currently the default is a 0 length
+string.
+
+<sect1>I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?<p><label id="NT_SP3_FIX">
+As of SP3, Microsoft has decided that they will no longer default to 
+passing clear text passwords over the network.  To enable access to 
+Samba shares from NT 4.0 SP3, you must do <bf>ONE</bf> of two things:
+<enum>
+<item> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in <url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">.
+<item> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see <url url="http://www.microsoft.com/kb/articles/q166/7/30.htm" name="Knowledge Base Article Q166730">
+</enum>
+
+<sect>Specific client application problems<p> <label id="client_problems">
+
+<sect1>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"<p> <label id="cant_change_properties">
+When installing MS Office on a Samba drive for which you have admin
+user permissions, ie. admin users = username, you will find the
+setup program unable to complete the installation.
+
+To get around this problem, do the installation without admin user
+permissions The problem is that MS Office Setup checks that a file is
+rdonly by trying to open it for writing.
+
+Admin users can always open a file for writing, as they run as root.
+You just have to install as a non-admin user and then use "chown -R"
+to fix the owner.
+
+<sect>Miscellaneous<p> <label id="miscellaneous">
+<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant">
+The CIFS protocol that Samba implements
+negotiates times in various formats, all of which
+are able to cope with dates beyond 2000.
+
+</article>
diff --git a/docs/faq/sambafaq.txt b/docs/faq/sambafaq.txt
new file mode 100755
index 00000000000..e629e8ad878
--- /dev/null
+++ b/docs/faq/sambafaq.txt
@@ -0,0 +1,1122 @@
+  Samba FAQ
+  Paul Blackman, ictinus@samba.org
+  v 0.8, June '97
+
+  This is the Frequently Asked Questions (FAQ) document for Samba, the
+  free and very popular SMB server product. An SMB server allows file
+  and printer connections from clients such as Windows, OS/2, Linux and
+  others. Current to version 1.9.17. Please send any corrections to the
+  author.
+  ______________________________________________________________________
+
+  Table of Contents:
+
+  1.      General Information
+
+  1.1.    What is Samba?
+
+  1.2.    What is the current version of Samba?
+
+  1.3.    Where can I get it?
+
+  1.4.    What do the version numbers mean?
+
+  1.5.    What platforms are supported?
+
+  1.6.    How can I find out more about Samba?
+
+  1.7.    How do I subscribe to the Samba Mailing Lists?
+
+  1.8.    Something's gone wrong - what should I do?
+
+  1.9.    Pizza supply details
+
+  2.      Compiling and installing Samba on a Unix host
+
+  2.1.    I can't see the Samba server in any browse lists!
+
+  2.2.    Some files that I KNOW are on the server doesn't show up when
+  I view the files from my client!
+
+  2.3.    Some files on the server show up with really wierd filenames
+  when I view the files from my client!
+
+  2.4.    My client reports "cannot locate specified computer" or
+  similar
+
+  2.5.    My client reports "cannot locate specified share name" or
+  similar
+
+  2.6.    My client reports "cannot find domain controller", "cannot log
+  on to the network" or similar
+
+  2.7.    Printing doesn't work :-(
+
+  2.8.    My programs install on the server OK, but refuse to work
+  properly
+
+  2.9.    My "server string" doesn't seem to be recognised
+
+  2.10.   My client reports "This server is not configured to list
+  shared resources"
+
+  2.11.   Log message "you appear to have a trapdoor uid system"
+
+  3.      Common client questions
+
+  3.1.    Are there any Macintosh clients for Samba?
+
+  3.2.    "Session request failed (131,130)" error
+
+  3.3.    How do I synchronise my PC's clock with my Samba server?
+
+  3.4.    Problems with WinDD, NTrigue, WinCenterPro etc
+
+  3.5.    Problem with printers under NT
+
+  3.6.    Why are my file's timestamps off by an hour, or by a few
+  hours?
+
+  3.7.    How do I set the printer driver name correctly?
+
+  3.8.    I've applied NT 4.0 SP3, and now I can't access Samba shares,
+  Why?
+
+  4.      Specific client application problems
+
+  4.1.    MS Office Setup reports "Cannot change properties of
+  'MSOFFICEUP.INI'"
+
+  5.      Miscellaneous
+
+  5.1.    Is Samba Year 2000 compliant?
+  ______________________________________________________________________
+
+  11..  GGeenneerraall IInnffoorrmmaattiioonn
+
+
+
+  All about Samba - what it is, how to get it, related sources of
+  information, how to understand the version numbering scheme, pizza
+  details
+
+
+  11..11..  WWhhaatt iiss SSaammbbaa??
+
+
+  Samba is a suite of programs which work together to allow clients to
+  access to a server's filespace and printers via the SMB (Server
+  Message Block) protocol. Initially written for Unix, Samba now also
+  runs on Netware, OS/2 and VMS.
+
+  In practice, this means that you can redirect disks and printers to
+  Unix disks and printers from Lan Manager clients, Windows for
+  Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2
+  clients. There is also a generic Unix client program supplied as part
+  of the suite which allows Unix users to use an ftp-like interface to
+  access filespace and printers on any other SMB servers. This gives the
+  capability for these operating systems to behave much like a LAN
+  Server or Windows NT Server machine, only with added functionality and
+  flexibility designed to make life easier for administrators.
+
+  The components of the suite are (in summary):
+
+
+  +o  ssmmbbdd, the SMB server. This handles actual connections from clients,
+     doing all the file, permission and username work
+
+  +o  nnmmbbdd, the Netbios name server, which helps clients locate servers,
+     doing the browsing work and managing domains as this capability is
+     being built into Samba
+
+
+  +o  ssmmbbcclliieenntt, the Unix-hosted client program
+
+  +o  ssmmbbrruunn, a little 'glue' program to help the server run external
+     programs
+
+  +o  tteessttpprrnnss, a program to test server access to printers
+
+  +o  tteessttppaarrmmss, a program to test the Samba configuration file for
+     correctness
+
+  +o  ssmmbb..ccoonnff, the Samba configuration file
+
+  +o  ssmmbbpprriinntt, a sample script to allow a Unix host to use smbclient to
+     print to an SMB server
+
+  +o  DDooccuummeennttaattiioonn!! DON'T neglect to read it - you will save a great
+     deal of time!
+
+  The suite is supplied with full source (of course!) and is GPLed.
+
+  The primary creator of the Samba suite is Andrew Tridgell. Later
+  versions incorporate much effort by many net.helpers. The man pages
+  and this FAQ were originally written by Karl Auer.
+
+
+  11..22..  WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa??
+
+
+  At time of writing, the current version was 1.9.17. If you want to be
+  sure check the bottom of the change-log file.
+  <ftp://samba.org/pub/samba/alpha/change-log>
+
+  For more information see ``What do the version numbers mean?''
+
+
+  11..33..  WWhheerree ccaann II ggeett iitt??
+
+
+  The Samba suite is available via anonymous ftp from samba.org.
+  The latest and greatest versions of the suite are in the directory:
+
+  /pub/samba/
+
+  Development (read "alpha") versions, which are NOT necessarily stable
+  and which do NOT necessarily have accurate documentation, are
+  available in the directory:
+
+  /pub/samba/alpha
+
+  Note that binaries are NOT included in any of the above. Samba is
+  distributed ONLY in source form, though binaries may be available from
+  other sites. Recent versions of some Linux distributions, for example,
+  do contain Samba binaries for that platform.
+
+
+  11..44..  WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann??
+
+
+  It is not recommended that you run a version of Samba with the word
+  "alpha" in its name unless you know what you are doing and are willing
+  to do some debugging. Many, many people just get the latest
+  recommended stable release version and are happy. If you are brave, by
+  all means take the plunge and help with the testing and development -
+  but don't install it on your departmental server. Samba is typically
+  very stable and safe, and this is mostly due to the policy of many
+  public releases.
+  How the scheme works:
+
+  1. When major changes are made the version number is increased. For
+     example, the transition from 1.9.15 to 1.9.16. However, this
+     version number will not appear immediately and people should
+     continue to use 1.9.15 for production systems (see next point.)
+
+  2. Just after major changes are made the software is considered
+     unstable, and a series of alpha releases are distributed, for
+     example 1.9.16alpha1. These are for testing by those who know what
+     they are doing.  The "alpha" in the filename will hopefully scare
+     off those who are just looking for the latest version to install.
+
+  3. When Andrew thinks that the alphas have stabilised to the point
+     where he would recommend new users install it, he renames it to the
+     same version number without the alpha, for example 1.9.16.
+
+  4. Inevitably bugs are found in the "stable" releases and minor patch
+     levels are released which give us the pXX series, for example
+     1.9.16p2.
+
+     So the progression goes:
+
+                     1.9.15p7        (production)
+                     1.9.15p8        (production)
+                     1.9.16alpha1    (test sites only)
+                       :
+                     1.9.16alpha20   (test sites only)
+                     1.9.16          (production)
+                     1.9.16p1        (production)
+
+
+  The above system means that whenever someone looks at the samba ftp
+  site they will be able to grab the highest numbered release without an
+  alpha in the name and be sure of getting the current recommended ver-
+  sion.
+
+
+  11..55..  WWhhaatt ppllaattffoorrmmss aarree ssuuppppoorrtteedd??
+
+
+  Many different platforms have run Samba successfully. The platforms
+  most widely used and thus best tested are Linux and SunOS.
+
+  At time of writing, the Makefile claimed support for:
+
+  +o  A/UX 3.0
+
+  +o  AIX
+
+  +o  Altos Series 386/1000
+
+  +o  Amiga
+
+  +o  Apollo Domain/OS sr10.3
+
+  +o  BSDI
+
+  +o  B.O.S. (Bull Operating System)
+
+  +o  Cray, Unicos 8.0
+
+  +o  Convex
+
+  +o  DGUX.
+
+  +o  DNIX.
+
+  +o  FreeBSD
+
+  +o  HP-UX
+
+  +o  Intergraph.
+
+  +o  Linux with/without shadow passwords and quota
+
+  +o  LYNX 2.3.0
+
+  +o  MachTen (a unix like system for Macintoshes)
+
+  +o  Motorola 88xxx/9xx range of machines
+
+  +o  NetBSD
+
+  +o  NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for
+     Mach).
+
+  +o  OS/2 using EMX 0.9b
+
+  +o  OSF1
+
+  +o  QNX 4.22
+
+  +o  RiscIX.
+
+  +o  RISCOs 5.0B
+
+  +o  SEQUENT.
+
+  +o  SCO (including: 3.2v2, European dist., OpenServer 5)
+
+  +o  SGI.
+
+  +o  SMP_DC.OSx v1.1-94c079 on Pyramid S series
+
+  +o  SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
+
+  +o  SUNOS 4
+
+  +o  SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
+
+  +o  Sunsoft ISC SVR3V4
+
+  +o  SVR4
+
+  +o  System V with some berkely extensions (Motorola 88k R32V3.2).
+
+  +o  ULTRIX.
+
+  +o  UNIXWARE
+
+  +o  UXP/DS
+
+
+  11..66..  HHooww ccaann II ffiinndd oouutt mmoorree aabboouutt SSaammbbaa??
+
+
+  There are a number of places to look for more information on Samba,
+  including:
+
+  +o  Two mailing lists devoted to discussion of Samba-related matters.
+
+  +o  The newsgroup, comp.protocols.smb, which has a great deal of
+     discussion on Samba.
+
+  +o  The WWW site 'SAMBA Web Pages' at  <http://samba.edu.au/samba/>
+     includes:
+
+  +o  Links to man pages and documentation, including this FAQ
+
+  +o  A comprehensive survey of Samba users.
+
+  +o  A searchable hypertext archive of the Samba mailing list.
+
+  +o  Links to Samba source code, binaries, and mirrors of both.
+
+  +o  The long list of topic documentation.  These files can be found in
+     the 'docs' directory of the Samba source, or at
+     <ftp://samba.org/pub/samba/docs/>
+
+  +o  Application_Serving.txt
+     <ftp://samba.org/pub/samba/docs/Application_Serving.txt>
+
+  +o  BROWSING.txt <ftp://samba.org/pub/samba/docs/BROWSING.txt>
+
+  +o  BUGS.txt <ftp://samba.org/pub/samba/docs/BUGS.txt>
+
+  +o  DIAGNOSIS.txt <ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt>
+
+  +o  DNIX.txt <ftp://samba.org/pub/samba/docs/DNIX.txt>
+
+  +o  DOMAIN.txt <ftp://samba.org/pub/samba/docs/DOMAIN.txt>
+
+  +o  CONTROL.txt
+     <ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt>
+
+  +o  ENCRYPTION.txt
+     <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt>
+
+  +o  Faxing.txt <ftp://samba.org/pub/samba/docs/Faxing.txt>
+
+  +o  GOTCHAS.txt <ftp://samba.org/pub/samba/docs/GOTCHAS.txt>
+
+  +o  HINTS.txt <ftp://samba.org/pub/samba/docs/HINTS.txt>
+
+  +o  INSTALL.sambatar
+     <ftp://samba.org/pub/samba/docs/INSTALL.sambatar>
+
+  +o  INSTALL.txt <ftp://samba.org/pub/samba/docs/INSTALL.txt>
+
+  +o  MIRRORS <ftp://samba.org/pub/samba/docs/MIRRORS>
+
+  +o  NetBIOS.txt <ftp://samba.org/pub/samba/docs/NetBIOS.txt>
+
+  +o  OS2.txt <ftp://samba.org/pub/samba/docs/OS2.txt>
+
+  +o  PROJECTS <ftp://samba.org/pub/samba/docs/PROJECTS>
+
+  +o  Passwords.txt <ftp://samba.org/pub/samba/docs/Passwords.txt>
+
+  +o  Printing.txt <ftp://samba.org/pub/samba/docs/Printing.txt>
+
+  +o  README.DCEDFS <ftp://samba.org/pub/samba/docs/README.DCEDFS>
+
+  +o  README.OS2 <ftp://samba.org/pub/samba/docs/README.OS2>
+
+  +o  README.jis <ftp://samba.org/pub/samba/docs/README.jis>
+
+  +o  README.sambatar
+     <ftp://samba.org/pub/samba/docs/README.sambatar>
+
+  +o  SCO.txt <ftp://samba.org/pub/samba/docs/SCO.txt>
+
+  +o  SMBTAR.notes <ftp://samba.org/pub/samba/docs/SMBTAR.notes>
+
+  +o  Speed.txt <ftp://samba.org/pub/samba/docs/Speed.txt>
+
+  +o  Support.txt <ftp://samba.org/pub/samba/docs/Support.txt>
+
+  +o  THANKS <ftp://samba.org/pub/samba/docs/THANKS>
+
+  +o  Tracing.txt <ftp://samba.org/pub/samba/docs/Tracing.txt>
+
+  +o  SMB.txt <ftp://samba.org/pub/samba/docs/UNIX-SMB.txt>
+
+  +o  Warp.txt <ftp://samba.org/pub/samba/docs/Warp.txt>
+
+  +o  WinNT.txt <ftp://samba.org/pub/samba/docs/WinNT.txt>
+
+  +o  history <ftp://samba.org/pub/samba/docs/history>
+
+  +o  level.txt
+     <ftp://samba.org/pub/samba/docs/security_level.txt>
+
+  +o  slip.htm <ftp://samba.org/pub/samba/docs/wfw_slip.htm>
+
+
+  11..77..  HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss??
+
+
+  Send email to listproc@samba.org. Make sure the subject line is
+  blank, and include the following two lines in the body of the message:
+
+
+       subscribe samba Firstname Lastname
+       subscribe samba-announce Firstname Lastname
+
+
+
+
+  Obviously you should substitute YOUR first name for "Firstname" and
+  YOUR last name for "Lastname"! Try not to send any signature stuff, it
+  sometimes confuses the list processor.
+
+  The samba list is a digest list - every eight hours or so it
+  regurgitates a single message containing all the messages that have
+  been received by the list since the last time and sends a copy of this
+  message to all subscribers.
+
+  If you stop being interested in Samba, please send another email to
+  listproc@samba.org. Make sure the subject line is blank, and
+  include the following two lines in the body of the message:
+
+
+       unsubscribe samba
+       unsubscribe samba-announce
+
+
+
+
+  The FFrroomm:: line in your message _M_U_S_T be the same address you used when
+  you subscribed.
+
+
+  11..88..  SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo??
+
+
+  ## ****** IIMMPPOORRTTAANNTT!! ****** ##
+
+  DO NOT post messages on mailing lists or in newsgroups until you have
+  carried out the first three steps given here!
+
+  Firstly, see if there are any likely looking entries in this FAQ! If
+  you have just installed Samba, have you run through the checklist in
+  DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It can
+  save you a lot of time and effort.  DIAGNOSIS.txt can also be found in
+  the docs directory of the Samba distribution.
+
+  Secondly, read the man pages for smbd, nmbd and smb.conf, looking for
+  topics that relate to what you are trying to do.
+
+  Thirdly, if there is no obvious solution to hand, try to get a look at
+  the log files for smbd and/or nmbd for the period during which you
+  were having problems. You may need to reconfigure the servers to
+  provide more extensive debugging information - usually level 2 or
+  level 3 provide ample debugging info. Inspect these logs closely,
+  looking particularly for the string "Error:".
+
+  Fourthly, if you still haven't got anywhere, ask the mailing list or
+  newsgroup.  In general nobody minds answering questions provided you
+  have followed the preceding steps. It might be a good idea to scan the
+  archives of the mailing list, which are available through the Samba
+  web site described in the previous section.
+
+  If you successfully solve a problem, please mail the FAQ maintainer a
+  succinct description of the symptom, the problem and the solution, so
+  I can incorporate it in the next version.
+
+  If you make changes to the source code, _please_ submit these patches
+  so that everyone else gets the benefit of your work. This is one of
+  the most important aspects to the maintainence of Samba. Send all
+  patches to samba@samba.org. Do not send patches to Andrew
+  Tridgell or any other individual, they may be lost if you do.
+
+
+  11..99..  PPiizzzzaa ssuuppppllyy ddeettaaiillss
+
+
+  Those who have registered in the Samba survey as "Pizza Factory" will
+  already know this, but the rest may need some help. Andrew doesn't ask
+  for payment, but he does appreciate it when people give him pizza.
+  This calls for a little organisation when the pizza donor is twenty
+  thousand kilometres away, but it has been done.
+
+  Method 1: Ring up your local branch of an international pizza chain
+  and see if they honour their vouchers internationally. Pizza Hut do,
+  which is how the entire Canberra Linux Users Group got to eat pizza
+  one night, courtesy of someone in the US
+
+  Method 2: Ring up a local pizza shop in Canberra and quote a credit
+  card number for a certain amount, and tell them that Andrew will be
+  collecting it (don't forget to tell him.) One kind soul from Germany
+  did this.
+
+  Method 3: Purchase a pizza voucher from your local pizza shop that has
+  no international affiliations and send it to Andrew. It is completely
+  useless but he can hang it on the wall next to the one he already has
+  from Germany :-)
+
+
+  Method 4: Air freight him a pizza with your favourite regional
+  flavours. It will probably get stuck in customs or torn apart by
+  hungry sniffer dogs but it will have been a noble gesture.
+
+
+  22..  CCoommppiilliinngg aanndd iinnssttaalllliinngg SSaammbbaa oonn aa UUnniixx hhoosstt
+
+
+
+  22..11..  II ccaann''tt sseeee tthhee SSaammbbaa sseerrvveerr iinn aannyy bbrroowwssee lliissttss!!
+
+
+  See BROWSING.txt <ftp://samba.org/pub/samba/BROWSING.txt> for
+  more information on browsing.  Browsing.txt can also be found in the
+  docs directory of the Samba source.
+
+  If your GUI client does not permit you to select non-browsable
+  servers, you may need to do so on the command line. For example, under
+  Lan Manager you might connect to the above service as disk drive M:
+  thusly:
+
+
+          net use M: \\mary\fred
+
+
+
+
+  The details of how to do this and the specific syntax varies from
+  client to client - check your client's documentation.
+
+
+  22..22..  SSoommee ffiilleess tthhaatt II KKNNOOWW aarree oonn tthhee sseerrvveerr ddooeessnn''tt sshhooww uupp wwhheenn II
+  vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!!
+
+
+  See the next question.
+
+  22..33..  SSoommee ffiilleess oonn tthhee sseerrvveerr sshhooww uupp wwiitthh rreeaallllyy wwiieerrdd ffiilleennaammeess
+  wwhheenn II vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!!
+
+
+  If you check what files are not showing up, you will note that they
+  are files which contain upper case letters or which are otherwise not
+  DOS-compatible (ie, they are not legal DOS filenames for some reason).
+
+  The Samba server can be configured either to ignore such files
+  completely, or to present them to the client in "mangled" form. If you
+  are not seeing the files at all, the Samba server has most likely been
+  configured to ignore them.  Consult the man page smb.conf(5) for
+  details of how to change this - the parameter you need to set is
+  "mangled names = yes".
+
+
+  22..44..  MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd ccoommppuutteerr"" oorr ssiimmiillaarr
+
+
+  This indicates one of three things: You supplied an incorrect server
+  name, the underlying TCP/IP layer is not working correctly, or the
+  name you specified cannot be resolved.
+
+  After carefully checking that the name you typed is the name you
+  should have typed, try doing things like pinging a host or telnetting
+  to somewhere on your network to see if TCP/IP is functioning OK. If it
+  is, the problem is most likely name resolution.
+
+
+  If your client has a facility to do so, hardcode a mapping between the
+  hosts IP and the name you want to use. For example, with Man Manager
+  or Windows for Workgroups you would put a suitable entry in the file
+  LMHOSTS. If this works, the problem is in the communication between
+  your client and the netbios name server. If it does not work, then
+  there is something fundamental wrong with your naming and the solution
+  is beyond the scope of this document.
+
+  If you do not have any server on your subnet supplying netbios name
+  resolution, hardcoded mappings are your only option. If you DO have a
+  netbios name server running (such as the Samba suite's nmbd program),
+  the problem probably lies in the way it is set up. Refer to Section
+  Two of this FAQ for more ideas.
+
+  By the way, remember to REMOVE the hardcoded mapping before further
+  tests :-)
+
+
+  22..55..  MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd sshhaarree nnaammee"" oorr ssiimmii--
+  llaarr
+
+
+  This message indicates that your client CAN locate the specified
+  server, which is a good start, but that it cannot find a service of
+  the name you gave.
+
+  The first step is to check the exact name of the service you are
+  trying to connect to (consult your system administrator). Assuming it
+  exists and you specified it correctly (read your client's doco on how
+  to specify a service name correctly), read on:
+
+
+  +o  Many clients cannot accept or use service names longer than eight
+     characters.
+
+  +o  Many clients cannot accept or use service names containing spaces.
+
+  +o  Some servers (not Samba though) are case sensitive with service
+     names.
+
+  +o  Some clients force service names into upper case.
+
+
+  22..66..  MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott ffiinndd ddoommaaiinn ccoonnttrroolllleerr"",, ""ccaannnnoott lloogg
+  oonn ttoo tthhee nneettwwoorrkk"" oorr ssiimmiillaarr
+
+
+  Nothing is wrong - Samba does not implement the primary domain name
+  controller stuff for several reasons, including the fact that the
+  whole concept of a primary domain controller and "logging in to a
+  network" doesn't fit well with clients possibly running on multiuser
+  machines (such as users of smbclient under Unix). Having said that,
+  several developers are working hard on building it in to the next
+  major version of Samba. If you can contribute, send a message to
+  samba@samba.org !
+
+  Seeing this message should not affect your ability to mount redirected
+  disks and printers, which is really what all this is about.
+
+  For many clients (including Windows for Workgroups and Lan Manager),
+  setting the domain to STANDALONE at least gets rid of the message.
+
+
+
+
+
+  22..77..  PPrriinnttiinngg ddooeessnn''tt wwoorrkk ::--((
+
+
+  Make sure that the specified print command for the service you are
+  connecting to is correct and that it has a fully-qualified path (eg.,
+  use "/usr/bin/lpr" rather than just "lpr").
+
+  Make sure that the spool directory specified for the service is
+  writable by the user connected to the service. In particular the user
+  "nobody" often has problems with printing, even if it worked with an
+  earlier version of Samba. Try creating another guest user other than
+  "nobody".
+
+  Make sure that the user specified in the service is permitted to use
+  the printer.
+
+  Check the debug log produced by smbd. Search for the printer name and
+  see if the log turns up any clues. Note that error messages to do with
+  a service ipc$ are meaningless - they relate to the way the client
+  attempts to retrieve status information when using the LANMAN1
+  protocol.
+
+  If using WfWg then you need to set the default protocol to TCP/IP, not
+  Netbeui. This is a WfWg bug.
+
+  If using the Lanman1 protocol (the default) then try switching to
+  coreplus.  Also not that print status error messages don't mean
+  printing won't work. The print status is received by a different
+  mechanism.
+
+
+  22..88..  MMyy pprrooggrraammss iinnssttaallll oonn tthhee sseerrvveerr OOKK,, bbuutt rreeffuussee ttoo wwoorrkk pprroopp--
+  eerrllyy
+
+
+  There are numerous possible reasons for this, but one MAJOR
+  possibility is that your software uses locking. Make sure you are
+  using Samba 1.6.11 or later. It may also be possible to work around
+  the problem by setting "locking=no" in the Samba configuration file
+  for the service the software is installed on. This should be regarded
+  as a strictly temporary solution.
+
+  In earlier Samba versions there were some difficulties with the very
+  latest Microsoft products, particularly Excel 5 and Word for Windows
+  6. These should have all been solved. If not then please let Andrew
+  Tridgell know via email at samba@samba.org.
+
+
+  22..99..  MMyy ""sseerrvveerr ssttrriinngg"" ddooeessnn''tt sseeeemm ttoo bbee rreeccooggnniisseedd
+
+
+  OR My client reports the default setting, eg. "Samba 1.9.15p4",
+  instead of what I have changed it to in the smb.conf file.
+
+  You need to use the -C option in nmbd. The "server string" affects
+  what smbd puts out and -C affects what nmbd puts out.
+
+  Current versions of Samba (1.9.16 +) have combined these options into
+  the "server string" field of smb.conf, -C for nmbd is now obsolete.
+
+
+  22..1100..  MMyy cclliieenntt rreeppoorrttss ""TThhiiss sseerrvveerr iiss nnoott ccoonnffiigguurreedd ttoo lliisstt sshhaarreedd
+  rreessoouurrcceess""
+
+
+  Your guest account is probably invalid for some reason. Samba uses the
+  guest account for browsing in smbd.  Check that your guest account is
+  valid.
+
+  See also 'guest account' in smb.conf man page.
+
+
+  22..1111..  LLoogg mmeessssaaggee ""yyoouu aappppeeaarr ttoo hhaavvee aa ttrraappddoooorr uuiidd ssyysstteemm""
+
+
+  This can have several causes. It might be because you are using a uid
+  or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+  hole. Check carefully in your /etc/passwd file and make sure that no
+  user has uid 65535 or -1. Especially check the "nobody" user, as many
+  broken systems are shipped with nobody setup with a uid of 65535.
+
+  It might also mean that your OS has a trapdoor uid/gid system :-)
+
+  This means that once a process changes effective uid from root to
+  another user it can't go back to root. Unfortunately Samba relies on
+  being able to change effective uid from root to non-root and back
+  again to implement its security policy. If your OS has a trapdoor uid
+  system this won't work, and several things in Samba may break. Less
+  things will break if you use user or server level security instead of
+  the default share level security, but you may still strike problems.
+
+  The problems don't give rise to any security holes, so don't panic,
+  but it does mean some of Samba's capabilities will be unavailable.  In
+  particular you will not be able to connect to the Samba server as two
+  different uids at once. This may happen if you try to print as a
+  "guest" while accessing a share as a normal user. It may also affect
+  your ability to list the available shares as this is normally done as
+  the guest user.
+
+  Complain to your OS vendor and ask them to fix their system.
+
+  Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+  it casts to -1 as a uid, and the setreuid() system call ignores (with
+  no error) uid changes to -1. This means any daemon attempting to run
+  as uid 65535 will actually run as root. This is not good!
+
+
+  33..  CCoommmmoonn cclliieenntt qquueessttiioonnss
+
+
+
+
+  33..11..  AArree tthheerree aannyy MMaacciinnttoosshh cclliieennttss ffoorr SSaammbbaa??
+
+
+  Yes! Thursby now have a CIFS Client / Server called DAVE - see
+  <http://www.thursby.com/>.  They test it against Windows 95, Windows
+  NT and samba for compatibility issues.  At the time of writing, DAVE
+  was at version 1.0.1. The 1.0.0 to 1.0.1 update is available as a free
+  download from the Thursby web site (the speed of finder copies has
+  been greatly enhanced, and there are bug-fixes included).
+
+  Alternatives - There are two free implementations of AppleTalk for
+  several kinds of UNIX machnes, and several more commercial ones.
+  These products allow you to run file services and print services
+  natively to Macintosh users, with no additional support required on
+  the Macintosh.  The two free omplementations are Netatalk,
+  <http://www.umich.edu/~rsug/netatalk/>, and CAP,
+  <http://www.cs.mu.oz.au/appletalk/atalk.html>.  What Samba offers MS
+  Windows users, these packages offer to Macs.  For more info on these
+  packages, Samba, and Linux (and other UNIX-based systems) see
+  <http://www.eats.com/linux_mac_win.html>
+  33..22..  SSeessssiioonn rreeqquueesstt ffaaiilleedd ((113311,,113300))"" eerrrroorr
+
+
+  The following answer is provided by John E. Miller:
+
+  I'll assume that you're able to ping back and forth between the
+  machines by IP address and name, and that you're using some security
+  model where you're confident that you've got user IDs and passwords
+  right.  The logging options (-d3 or greater) can help a lot with that.
+  DNS and WINS configuration can also impact connectivity as well.
+
+  Now, on to 'scope id's.  Somewhere in your Win95 TCP/IP network
+  configuration (I'm too much of an NT bigot to know where it's located
+  in the Win95 setup, but I'll have to learn someday since I teach for a
+  Microsoft Solution Provider Authorized Tech Education Center - what an
+  acronym...) Note: It's under Control Panel | Network | TCP/IP | WINS
+  Configuration there's a little text entry field called something like
+
+  This field essentially creates 'invisible' sub-workgroups on the same
+  wire.  Boxes can only see other boxes whose Scope IDs are set to the
+  exact same value - it's sometimes used by OEMs to configure their
+  boxes to browse only other boxes from the same vendor and, in most
+  environments, this field should be left blank.  If you, in fact, have
+  something in this box that EXACT value (case-sensitive!) needs to be
+  provided to smbclient and nmbd as the -i (lowercase) parameter. So, if
+  your Scope ID is configured as the string 'SomeStr' in Win95 then
+  you'd have to use smbclient -iSomeStr otherparms in connecting to it.
+
+
+  33..33..  HHooww ddoo II ssyynncchhrroonniissee mmyy PPCC''ss cclloocckk wwiitthh mmyy SSaammbbaa sseerrvveerr??
+
+
+  To syncronize your PC's clock with your Samba server:
+
+  +o  Copy timesync.pif to your windows directory
+
+  +o  timesync.pif can be found at:
+     <http://samba.org/samba/binaries/miscellaneous/timesync.pif>
+
+  +o  Add timesync.pif to your 'Start Up' group/folder
+
+  +o  Open the properties dialog box for the program/icon
+
+  +o  Make sure the 'Run Minimized' option is set in program 'Properties'
+
+  +o  Change the command line section that reads \sambahost to reflect
+     the name of your server.
+
+  +o  Close the properties dialog box by choosing 'OK'
+
+     Each time you start your computer (or login for Win95) your PC will
+     synchronize its clock with your Samba server.
+
+  Alternativley, if you clients support Domain Logons, you can setup
+  Domain Logons with Samba - see: BROWSING.txt
+  <ftp://samba.org/pub/samba/docs/BROWSING.txt> *** for more
+  information.
+
+  Then add
+
+
+       NET TIME \\%L /SET /YES
+
+
+
+
+  as one of the lines in the logon script.
+
+  33..44..  PPrroobblleemmss wwiitthh WWiinnDDDD,, NNTTrriigguuee,, WWiinnCCeenntteerrPPrroo eettcc
+
+
+  All of the above programs are applications that sit on an NT box and
+  allow multiple users to access the NT GUI applications from remote
+  workstations (often over X).
+
+  What has this got to do with Samba? The problem comes when these users
+  use filemanager to mount shares from a Samba server. The most common
+  symptom is that the first user to connect get correct file permissions
+  and has a nice day, but subsequent connections get logged in as the
+  same user as the first person to login. They find that they cannot
+  access files in their own home directory, but that they can access
+  files in the first users home directory (maybe not such a nice day
+  after all?)
+
+  Why does this happen? The above products all share a common heritage
+  (and code base I believe). They all open just a single TCP based SMB
+  connection to the Samba server, and requests from all users are piped
+  over this connection. This is unfortunate, but not fatal.
+
+  It means that if you run your Samba server in share level security
+  (the default) then things will definately break as described above.
+  The share level SMB security model has no provision for multiple user
+  IDs on the one SMB connection. See security_level.txt
+  <ftp://samba.org/pub/samba/docs/security_level.txt> in the docs
+  for more info on share/user/server level security.
+
+  If you run in user or server level security then you have a chance,
+  but only if you have a recent version of Samba (at least 1.9.15p6). In
+  older versions bugs in Samba meant you still would have had problems.
+
+  If you have a trapdoor uid system in your OS then it will never work
+  properly. Samba needs to be able to switch uids on the connection and
+  it can't if your OS has a trapdoor uid system. You'll know this
+  because Samba will note it in your logs.
+
+  Also note that you should not use the magic "homes" share name with
+  products like these, as otherwise all users will end up with the same
+  home directory. Use \serversername instead.
+
+
+  33..55..  PPrroobblleemm wwiitthh pprriinntteerrss uunnddeerr NNTT
+
+
+  This info from Stefan Hergeth hergeth@f7axp1.informatik.fh-muenchen.de
+  may be useful:
+
+  A network-printer (with ethernetcard) is connected to the NT-Clients
+  via our UNIX-Fileserver (SAMBA-Server), like the configuration told by
+  Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt)
+
+  1. If a user has choosen this printer as the default printer in his
+     NT-Session and this printer is not connected to the network (e.g.
+     switched off) than this user has a problem with the SAMBA-
+     connection of his filesystems. It's very slow.
+
+  2. If the printer is connected to the network everything works fine.
+
+  3. When the smbd ist started with debug level 3, you can see that the
+     NT spooling system try to connect to the printer many times. If the
+     printer ist not connected to the network this request fails and the
+     NT spooler is wasting a lot of time to connect to the printer
+     service.  This seems to be the reason for the slow network
+     connection.
+
+  4. Maybe it's possible to change this behaviour by setting different
+     printer properties in the Print-Manager-Menu of NT, but i didn't
+     try it yet.
+
+
+  33..66..  WWhhyy aarree mmyy ffiillee''ss ttiimmeessttaammppss ooffff bbyy aann hhoouurr,, oorr bbyy aa ffeeww hhoouurrss??
+
+
+  This is from Paul Eggert eggert@twinsun.com.
+
+  Most likely it's a problem with your time zone settings.
+
+  Internally, Samba maintains time in traditional Unix format, namely,
+  the number of seconds since 1970-01-01 00:00:00 Universal Time (or
+  ``GMT''), not counting leap seconds.
+
+  On the server side, Samba uses the Unix TZ variable to convert
+  internal timestamps to and from local time.  So on the server side,
+  there are two things to get right.
+
+  1. The Unix system clock must have the correct Universal time.  Use
+     the shell command "sh -c 'TZ=UTC0 date'" to check this.
+
+  2. The TZ environment variable must be set on the server before Samba
+     is invoked.  The details of this depend on the server OS, but
+     typically you must edit a file whose name is /etc/TIMEZONE or
+     /etc/default/init, or run the command `zic -l'.
+
+  3. TZ must have the correct value.
+
+     a. If possible, use geographical time zone settings (e.g.
+        TZ='America/Los_Angeles' or perhaps TZ=':US/Pacific').  These
+        are supported by most popular Unix OSes, are easier to get
+        right, and are more accurate for historical timestamps.  If your
+        operating system has out-of-date tables, you should be able to
+        update them from the public domain time zone tables at
+        <ftp://elsie.nci.nih.gov/pub/>.
+
+     b. If your system does not support geographical timezone settings,
+        you must use a Posix-style TZ strings, e.g.
+        TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time.  Posix TZ
+        strings can take the following form (with optional items in
+        brackets):
+
+                StdOffset[Dst[Offset],Date/Time,Date/Time]
+
+
+     where:
+
+     +o  `Std' is the standard time designation (e.g. `PST').
+
+     +o  `Offset' is the number of hours behind UTC (e.g. `8').  Prepend
+        a `-' if you are ahead of UTC, and append `:30' if you are at a
+        half-hour offset.  Omit all the remaining items if you do not
+        use daylight-saving time.
+
+     +o  `Dst' is the daylight-saving time designation (e.g. `PDT').
+
+        The optional second `Offset' is the number of hours that
+        daylight-saving time is behind UTC.  The default is 1 hour ahead
+        of standard time.
+
+     +o  `Date/Time,Date/Time' specify when daylight-saving time starts
+        and ends.  The format for a date is `Mm.n.d', which specifies
+        the dth day (0 is Sunday) of the nth week of the mth month,
+        where week 5 means the last such day in the month.  The format
+        for a time is hh:mm[:ss], using a 24-hour clock.
+
+        Other Posix string formats are allowed but you don't want to
+        know about them.
+
+     On the client side, you must make sure that your client's clock and
+     time zone is also set appropriately.  [I don't know how to do
+     this.]  Samba traditionally has had many problems dealing with time
+     zones, due to the bizarre ways that Microsoft network protocols
+     handle time zones.  A common symptom is for file timestamps to be
+     off by an hour.  To work around the problem, try disconnecting from
+     your Samba server and then reconnecting to it; or upgrade your
+     Samba server to 1.9.16alpha10 or later.
+
+
+  33..77..  HHooww ddoo II sseett tthhee pprriinntteerr ddrriivveerr nnaammee ccoorrrreeccttllyy??
+
+
+  Question: On NT, I opened "Printer Manager" and "Connect to Printer".
+  Enter "\ptdi270s1"
+  in the box of printer. I got the following error message:
+
+
+            You do not have sufficient access to your machine
+            to connect to the selected printer, since a driver
+            needs to be installed locally.
+
+
+
+
+  Answer:
+
+  In the more recent versions of Samba you can now set the "printer
+  driver" in smb.conf. This tells the client what driver to use. For
+  example:
+
+
+            printer driver = HP LaserJet 4L
+
+
+
+
+  with this, NT knows to use the right driver. You have to get this
+  string exactly right.
+
+  To find the exact string to use, you need to get to the dialog box in
+  your client where you select which printer driver to install. The
+  correct strings for all the different printers are shown in a listbox
+  in that dialog box.
+
+  You could also try setting the driver to NULL like this:
+
+
+            printer driver = NULL
+
+
+
+
+  this is effectively what older versions of Samba did, so if that
+  worked for you then give it a go. If this does work then let us know
+  via samba@samba.org, and we'll make it the default. Cur-
+  rently the default is a 0 length string.
+
+
+  33..88..  II''vvee aapppplliieedd NNTT 44..00 SSPP33,, aanndd nnooww II ccaann''tt aacccceessss SSaammbbaa sshhaarreess,,
+  WWhhyy??
+
+
+  As of SP3, Microsoft has decided that they will no longer default to
+  passing clear text passwords over the network.  To enable access to
+  Samba shares from NT 4.0 SP3, you must do OONNEE of two things:
+
+  1. Set the Samba configuration option 'security = user' and implement
+     all of the stuff detailed in ENCRYPTION.txt
+     <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt>.
+
+  2. Follow Microsoft's directions for setting your NT box to allow
+     plain text passwords. see Knowledge Base Article Q166730
+     <http://www.microsoft.com/kb/articles/q166/7/30.htm>
+
+
+  44..  SSppeecciiffiicc cclliieenntt aapppplliiccaattiioonn pprroobblleemmss
+
+
+
+
+  44..11..  MMSS OOffffiiccee SSeettuupp rreeppoorrttss ""CCaannnnoott cchhaannggee pprrooppeerrttiieess ooff ''MMSSOOFF--
+  FFIICCEEUUPP..IINNII''""
+
+
+  When installing MS Office on a Samba drive for which you have admin
+  user permissions, ie. admin users = username, you will find the setup
+  program unable to complete the installation.
+
+  To get around this problem, do the installation without admin user
+  permissions The problem is that MS Office Setup checks that a file is
+  rdonly by trying to open it for writing.
+
+  Admin users can always open a file for writing, as they run as root.
+  You just have to install as a non-admin user and then use "chown -R"
+  to fix the owner.
+
+
+  55..  MMiisscceellllaanneeoouuss
+
+
+
+  55..11..  IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt??
+
+
+  The CIFS protocol that Samba implements negotiates times in various
+  formats, all of which are able to cope with dates beyond 2000.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/history b/docs/history
new file mode 100755
index 00000000000..7bcbe3564ad
--- /dev/null
+++ b/docs/history
@@ -0,0 +1,218 @@
+Contributor:	Andrew Tridgell and the Samba Team
+Date:		June 27, 1997
+Satus:		Always out of date! (Would not be the same without it!)
+
+Subject:	A bit of history and a bit of fun
+============================================================================
+
+This is a short history of this project. It's not supposed to be
+comprehensive, just enough so that new users can get a feel for where
+this project has come from and maybe where it's going to.
+
+The whole thing really started in December 1991. I was (and still am)
+a PhD student in the Computer Sciences Laboratory at the Australian
+National University, in Canberra, Australia. We had just got a
+beta copy of eXcursion from Digital, and I was testing it on my PC. At
+this stage I was a MS-DOS user, dabbling in windows.
+
+eXcursion ran (at the time) only with Dec's `Pathworks' network for
+DOS. I had up till then been using PC-NFS to connect to our local sun
+workstations, and was reasonably happy with it. In order to run
+pathworks I had to stop using PC-NFS and try using pathworks to mount
+disk space. Unfortunately pathworks was only available for digital
+workstations running VMS or Ultrix so I couldn't mount from the suns
+anymore.
+
+I had access to a a decstation 3100 running Ultrix that I used to
+administer, and I got the crazy notion that the protocol that
+pathworks used to talk to ultrix couldn't be that hard, and maybe I
+could work it out. I had never written a network program before, and
+certainly didn't know what a socket was.
+
+In a few days, after looking at some example code for sockets, I
+discovered it was pretty easy to write a program to "spy" on the file
+sharing protocol. I wrote and installed this program (the sockspy.c
+program supplied with this package) and captured everything that the
+pathworks client said to the pathworks server.
+
+I then tried writing short C programs (using Turbo C under DOS) to do
+simple file operations on the network drive (open, read, cd etc) and
+looked at the packets that the server and client exchanged. From this
+I worked out what some of the bytes in the packets meant, and started
+to write my own program to do the same thing on a sun.
+
+After a day or so more I had my first successes and actually managed
+to get a connection and to read a file. From there it was all
+downhill, and a week later I was happily (if a little unreliably)
+mounting disk space from a sun to my PC running pathworks. The server
+code had a lot of `magic' values in it, which seemed to be always
+present with the ultrix server. It was not till 2 years later that I
+found out what all these values meant.
+
+Anyway, I thought other people might be interested in what I had done,
+so I asked a few people at uni, and noone seemed much interested. I
+also spoke to a person at Digital in Canberra (the person who had
+organised a beta test of eXcursion) and asked if I could distribute
+what I'd done, or was it illegal. It was then that I first heard the
+word "netbios" when he told me that he thought it was all covered by a
+spec of some sort (the netbios spec) and thus what I'd done was not
+only legal, but silly.
+
+I found the netbios spec after asking around a bit (the RFC1001 and
+RFC1002 specs) and found they looked nothing like what I'd written, so
+I thought maybe the Digital person was mistaken. I didn't realise RFCs
+referred to the name negotiation and packet encapsulation over TCP/IP,
+and what I'd written was really a SMB implementation.
+
+Anyway, he encouraged me to release it so I put out "Server 0.1" in
+January 1992. I got quite a good response from people wanting to use
+pathworks with non-digital unix workstations, and I soon fixed a few
+bugs, and released "Server 0.5" closely followed by "Server 1.0". All
+three releases came out within about a month of each other.
+
+At this point I got an X Terminal on my desk, and I no longer needed eXcursion
+and I prompty forgot about the whole project, apart from a few people
+who e-mailed me occasionally about it.
+
+Nearly two years then passed with just occasional e-mails asking about
+new versions and bugs. I even added a note to the ftp site asking for
+a volunteer to take over the code as I no longer used it. No one
+volunteered.
+
+During this time I did hear from a couple of people who said it should
+be possible to use my code with Lanmanager, but I never got any
+definite confirmation.
+
+One e-mail I got about the code did, however, make an impression. It
+was from Dan Shearer at the university of South Australia, and he said
+this:
+
+ 
+	I heard a hint about a free Pathworks server for Unix in the
+	Net channel of the Linux list. After quite a bit of chasing
+	(and lots of interested followups from other Linux people) I
+	got hold of a release news article from you, posted in Jan 92,
+	from someone in the UK.
+
+	Can you tell me what the latest status is? I think you might
+	suddenly find a whole lot of interested hackers in the Linux
+	world at least, which is a place where things tend to happen
+	fast (and even some reliable code gets written, BION!)
+
+I asked him what Linux was, and he told me it was a free Unix for PCs.
+This was in November 1992 and a few months later I was a Linux
+convert! I still didn't need a pathworks server though, so I didn't do
+the port, but I think Dan did.
+
+At about this time I got an e-mail from Digital, from a person working
+on the Alpha software distribution. He asked if I would mind if they
+included my server with the "contributed" cd-rom. This was a bit of a
+shock to me as I never expected Dec to ask me if they could use my
+code! I wrote back saying it was OK, but never heard from him again. I
+don't know if it went on the cd-rom.
+
+Anyway, the next big event was in December 1993, when Dan again sent
+me an e-mail saying my server had "raised its ugly head" on
+comp.protocols.tcpip.ibmpc. I had a quick look on the group, and was
+surprised to see that there were people interested in this thing.
+
+At this time a person from our computer center offered me a couple of
+cheap ethernet cards (3c505s for $15 each) and coincidentially someone
+announced on one of the Linux channels that he had written a 3c505
+driver for Linux. I bought the cards, hacked the driver a little and
+setup a home network between my wifes PC and my Linux box. I then
+needed some way to connect the two, and I didn't own PC-NFS at home,
+so I thought maybe my server could be useful. On the newsgroup among
+the discussions of my server someone had mentioned that there was a
+free client that might work with my server that Microsoft had put up
+for ftp. I downloaded it and found to my surprise that it worked first
+time with my `pathworks' server!
+
+Well, I then did a bit of hacking, asked around a bit and found (I
+think from Dan) that the spec I needed was for the "SMB" protocol, and
+that it was available via ftp. I grabbed it and started removing all
+those ugly constants from the code, now that all was explained.
+
+On December 1st 1993 I announced the start of the "Netbios for Unix"
+project, seeding the mailing list with all the people who had e-mailed
+me over the years asking about the server.
+
+About 35 versions (and two months) later I wrote a short history of
+the project, which you have just read. There are now over a hundred
+people on the mailing list, and lots of people report that they use
+the code and like it. In a few days I will be announcing the release
+of version 1.6 to some of the more popular (and relevant) newsgroups.
+
+
+Andrew Tridgell
+6th February 1994
+
+---------------------
+
+It is now May 1995 and there are about 1400 people on the mailing
+list. I got downloads from the main Samba ftp site from around 5000
+unique hosts in a two month period. There are several mirror
+sites as well. The current version number is 1.9.13.
+
+---------------------
+
+
+---------------------
+It's now March 1996 and version 1.9.16alpha1 has just been
+released. There have been lots of changes recently with master browser
+support and the ability to do domain logons etc. Samba has also been
+ported to OS/2, the amiga and NetWare. There are now 3000 people on
+the samba mailing list.
+---------------------
+
+
+---------------------
+It's now June 1997 and samba-1.9.17 is due out soon. My how time passes!
+Please refer to the WHATSNEW.txt for an update on new features. Just when
+you think you understand what is happening the ground rules change - this
+is a real world after all. Since the heady days of March 1996 there has
+been a concerted effort within the SMB protocol using community to document
+and standardize the protocols. The CIFS initiative has helped a long way
+towards creating a better understood and more interoperable environment.
+The Samba Team has grown in number and have been very active in the standards
+formation and documentation process.
+
+The net effect has been that we have had to do a lot of work to bring Samba
+into line with new features and capabilities in the SMB protocols.
+
+The past year has been a productive one with the following releases:
+	1.9.16, 1.9.16p2, 1.9.16p6, 1.9.16p9, 1.9.16p10, 1.9.16p11
+
+There are some who believe that 1.9.15p8 was the best release and others
+who would not want to be without the latest. Whatever your perception we
+hope that 1.9.17 will close the gap and convince you all that the long
+wait and the rolling changes really were worth it. Here is functionality
+and a level of code maturity that ..., well - you can be the judge!
+
+Happy SMB networking!
+Samba Team
+
+ps: The bugs are ours, so please report any you find.
+---------------------
+
+---------------------
+It's now October 1998. We just got back from the 3rd CIFS conference
+in SanJose. The Samba Team was the biggest contingent there.
+
+Samba 2.0 should be shipping in the next few weeks with much better
+domain controller support, GUI configuration, a new user space SMB
+filesystem and lots of other neat stuff. I've also noticed that a
+search of job ads in DejaNews turned up 3900 that mention Samba. Looks
+like we've created a small industry.
+
+I've been asked again where the name Samba came from. I might as well
+put it down here for everyone to read. The code in Samba was first
+called just "server", it then got renamed "smbserver" when I
+discovered that the protocol is called SMB. Then in April 1994 I got
+an email from Syntax, the makers of "TotalNet advanced Server", a
+commercial SMB server. They told me that they had a trademark on the
+name SMBserver and I would have to change the name. I ran an egrep for
+words containing S, M, and B on /usr/dict/words and the name Samba
+looked like the best choice. Strangely enough when I repeat that now I
+notice that Samba isn't in /usr/dict/words on my system anymore! 
+---------------------
diff --git a/docs/htmldocs/CVS-Access.html b/docs/htmldocs/CVS-Access.html
new file mode 100755
index 00000000000..1329433f1a1
--- /dev/null
+++ b/docs/htmldocs/CVS-Access.html
@@ -0,0 +1,193 @@
+<HTML
+><HEAD
+><TITLE
+>HOWTO Access Samba source code via CVS</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="CVS-ACCESS"
+>HOWTO Access Samba source code via CVS</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Introduction</A
+></H1
+><P
+>Samba is developed in an open environment.  Developers use CVS
+(Concurrent Versioning System) to "checkin" (also known as 
+"commit") new source code.  Samba's various CVS branches can
+be accessed via anonymous CVS using the instructions
+detailed in this chapter.</P
+><P
+>This document is a modified version of the instructions found at
+<A
+HREF="http://samba.org/samba/cvs.html"
+TARGET="_top"
+>http://samba.org/samba/cvs.html</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN8"
+>CVS Access to samba.org</A
+></H1
+><P
+>The machine samba.org runs a publicly accessible CVS 
+repository for access to the source code of several packages, 
+including samba, rsync and jitterbug. There are two main ways of 
+accessing the CVS server on this host.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN11"
+>Access via CVSweb</A
+></H2
+><P
+>You can access the source code via your 
+favourite WWW browser. This allows you to access the contents of 
+individual files in the repository and also to look at the revision 
+history and commit logs of individual files. You can also ask for a diff 
+listing between any two versions on the repository.</P
+><P
+>Use the URL : <A
+HREF="http://samba.org/cgi-bin/cvsweb"
+TARGET="_top"
+>http://samba.org/cgi-bin/cvsweb</A
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN16"
+>Access via cvs</A
+></H2
+><P
+>You can also access the source code via a 
+normal cvs client.  This gives you much more control over you can 
+do with the repository and allows you to checkout whole source trees 
+and keep them up to date via normal cvs commands. This is the 
+preferred method of access if you are a developer and not
+just a casual browser.</P
+><P
+>To download the latest cvs source code, point your
+browser at the URL : <A
+HREF="http://www.cyclic.com/"
+TARGET="_top"
+>http://www.cyclic.com/</A
+>.
+and click on the 'How to get cvs' link. CVS is free software under 
+the GNU GPL (as is Samba).  Note that there are several graphical CVS clients
+which provide a graphical interface to the sometimes mundane CVS commands.
+Links to theses clients are also available from http://www.cyclic.com.</P
+><P
+>To gain access via anonymous cvs use the following steps. 
+For this example it is assumed that you want a copy of the 
+samba source code. For the other source code repositories 
+on this system just substitute the correct package name</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Install a recent copy of cvs. All you really need is a 
+	copy of the cvs client binary. 
+	</P
+></LI
+><LI
+><P
+>	Run the command 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot login</B
+>
+	</P
+><P
+>	When it asks you for a password type <TT
+CLASS="USERINPUT"
+><B
+>cvs</B
+></TT
+>.
+	</P
+></LI
+><LI
+><P
+>	Run the command 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</B
+>
+	</P
+><P
+>	This will create a directory called samba containing the 
+	latest samba source code (i.e. the HEAD tagged cvs branch). This 
+	currently corresponds to the 3.0 development tree. 
+	</P
+><P
+>	CVS branches other HEAD can be obtained by using the <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+>
+	and defining a tag name.  A list of branch tag names can be found on the
+	"Development" page of the samba web site.  A common request is to obtain the
+	latest 2.2 release code.  This could be done by using the following command.
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</B
+>
+	</P
+></LI
+><LI
+><P
+>	Whenever you want to merge in the latest code changes use 
+	the following command from within the samba directory: 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs update -d -P</B
+>
+	</P
+></LI
+></OL
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/DOMAIN_MEMBER.html b/docs/htmldocs/DOMAIN_MEMBER.html
new file mode 100755
index 00000000000..b7ef4c9a61b
--- /dev/null
+++ b/docs/htmldocs/DOMAIN_MEMBER.html
@@ -0,0 +1,372 @@
+<HTML
+><HEAD
+><TITLE
+>security = domain in Samba 2.x</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="DOMAIN-SECURITY"
+>security = domain in Samba 2.x</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Joining an NT Domain with Samba 2.2</A
+></H1
+><P
+>Assume you have a Samba 2.x server with a NetBIOS name of 
+	<TT
+CLASS="CONSTANT"
+>SERV1</TT
+> and are joining an NT domain called
+	<TT
+CLASS="CONSTANT"
+>DOM</TT
+>, which has a PDC with a NetBIOS name
+	of <TT
+CLASS="CONSTANT"
+>DOMPDC</TT
+> and two backup domain controllers 
+	with NetBIOS names <TT
+CLASS="CONSTANT"
+>DOMBDC1</TT
+> and <TT
+CLASS="CONSTANT"
+>DOMBDC2
+	</TT
+>.</P
+><P
+>In order to join the domain, first stop all Samba daemons 
+	and run the command:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbpasswd -j DOM -r DOMPDC
+	-U<TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+></B
+></TT
+></P
+><P
+>as we are joining the domain DOM and the PDC for that domain 
+	(the only machine that has write access to the domain SAM database) 
+	is DOMPDC. The <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+> is 
+	the login name and password for an account which has the necessary 
+	privilege to add machines to the domain.  If this is successful 
+	you will see the message:</P
+><P
+><TT
+CLASS="COMPUTEROUTPUT"
+>smbpasswd: Joined domain DOM.</TT
+>
+	</P
+><P
+>in your terminal window. See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+>	smbpasswd(8)</A
+> man page for more details.</P
+><P
+>There is existing development code to join a domain
+	without having to create the machine trust account on the PDC
+	beforehand.  This code will hopefully be available soon
+	in release branches as well.</P
+><P
+>This command goes through the machine account password 
+	change protocol, then writes the new (random) machine account 
+	password for this Samba server into a file in the same directory 
+	in which an smbpasswd file would be stored - normally :</P
+><P
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/private</TT
+></P
+><P
+>In Samba 2.0.x, the filename looks like this:</P
+><P
+><TT
+CLASS="FILENAME"
+><TT
+CLASS="REPLACEABLE"
+><I
+>&lt;NT DOMAIN NAME&gt;</I
+></TT
+>.<TT
+CLASS="REPLACEABLE"
+><I
+>&lt;Samba 
+	Server Name&gt;</I
+></TT
+>.mac</TT
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>.mac</TT
+> suffix stands for machine account 
+	password file. So in our example above, the file would be called:</P
+><P
+><TT
+CLASS="FILENAME"
+>DOM.SERV1.mac</TT
+></P
+><P
+>In Samba 2.2, this file has been replaced with a TDB 
+	(Trivial Database) file named <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+>.
+	</P
+><P
+>This file is created and owned by root and is not 
+	readable by any other user. It is the key to the domain-level 
+	security for your system, and should be treated as carefully 
+	as a shadow password file.</P
+><P
+>Now, before restarting the Samba daemons you must 
+	edit your <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+	</A
+> file to tell Samba it should now use domain security.</P
+><P
+>Change (or add) your <A
+HREF="smb.conf.5.html#SECURITY"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>security =</I
+></TT
+></A
+> line in the [global] section 
+	of your smb.conf to read:</P
+><P
+><B
+CLASS="COMMAND"
+>security = domain</B
+></P
+><P
+>Next change the <A
+HREF="smb.conf.5.html#WORKGROUP"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	workgroup =</I
+></TT
+></A
+> line in the [global] section to read: </P
+><P
+><B
+CLASS="COMMAND"
+>workgroup = DOM</B
+></P
+><P
+>as this is the name of the domain we are joining. </P
+><P
+>You must also have the parameter <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>encrypt passwords</I
+></TT
+></A
+> set to <TT
+CLASS="CONSTANT"
+>yes
+	</TT
+> in order for your users to authenticate to the NT PDC.</P
+><P
+>Finally, add (or modify) a <A
+HREF="smb.conf.5.html#PASSWORDSERVER"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>password server =</I
+></TT
+></A
+> line in the [global]
+	section to read: </P
+><P
+><B
+CLASS="COMMAND"
+>password server = DOMPDC DOMBDC1 DOMBDC2</B
+></P
+><P
+>These are the primary and backup domain controllers Samba 
+	will attempt to contact in order to authenticate users. Samba will 
+	try to contact each of these servers in order, so you may want to 
+	rearrange this list in order to spread out the authentication load 
+	among domain controllers.</P
+><P
+>Alternatively, if you want smbd to automatically determine 
+	the list of Domain controllers to use for authentication, you may 
+	set this line to be :</P
+><P
+><B
+CLASS="COMMAND"
+>password server = *</B
+></P
+><P
+>This method, which was introduced in Samba 2.0.6, 
+	allows Samba to use exactly the same mechanism that NT does. This 
+	method either broadcasts or uses a WINS database in order to
+	find domain controllers to authenticate against.</P
+><P
+>Finally, restart your Samba daemons and get ready for 
+	clients to begin using domain security!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN67"
+>Samba and Windows 2000 Domains</A
+></H1
+><P
+>Many people have asked regarding the state of Samba's ability to participate in
+a Windows 2000 Domain.  Samba 2.2 is able to act as a member server of a Windows
+2000 domain operating in mixed or native mode.</P
+><P
+>There is much confusion between the circumstances that require a "mixed" mode
+Win2k DC and a when this host can be switched to "native" mode.  A "mixed" mode
+Win2k domain controller is only needed if Windows NT BDCs must exist in the same
+domain.  By default, a Win2k DC in "native" mode will still support
+NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and 
+NT 4.0.  Samba has the same requirements as a Windows NT 4.0 member server.</P
+><P
+>The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
+for adding a Samba server to a Windows NT 4.0 domain. The only exception is that 
+the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and 
+Computers" MMC (Microsoft Management Console) plugin.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN72"
+>Why is this better than security = server?</A
+></H1
+><P
+>Currently, domain security in Samba doesn't free you from 
+	having to create local Unix users to represent the users attaching 
+	to your server. This means that if domain user <TT
+CLASS="CONSTANT"
+>DOM\fred
+	</TT
+> attaches to your domain security Samba server, there needs 
+	to be a local Unix user fred to represent that user in the Unix 
+	filesystem. This is very similar to the older Samba security mode 
+	<A
+HREF="smb.conf.5.html#SECURITYEQUALSSERVER"
+TARGET="_top"
+>security = server</A
+>, 
+	where Samba would pass through the authentication request to a Windows 
+	NT server in the same way as a Windows 95 or Windows 98 server would.
+	</P
+><P
+>Please refer to the <A
+HREF="winbind.html"
+TARGET="_top"
+>Winbind 
+	paper</A
+> for information on a system to automatically
+	assign UNIX uids and gids to Windows NT Domain users and groups.
+	This code is available in development branches only at the moment,
+	but will be moved to release branches soon.</P
+><P
+>The advantage to domain-level security is that the 
+	authentication in domain-level security is passed down the authenticated 
+	RPC channel in exactly the same way that an NT server would do it. This 
+	means Samba servers now participate in domain trust relationships in 
+	exactly the same way NT servers do (i.e., you can add Samba servers into 
+	a resource domain and have the authentication passed on from a resource
+	domain PDC to an account domain PDC.</P
+><P
+>In addition, with <B
+CLASS="COMMAND"
+>security = server</B
+> every Samba 
+	daemon on a server has to keep a connection open to the 
+	authenticating server for as long as that daemon lasts. This can drain 
+	the connection resources on a Microsoft NT server and cause it to run 
+	out of available connections. With <B
+CLASS="COMMAND"
+>security = domain</B
+>, 
+	however, the Samba daemons connect to the PDC/BDC only for as long 
+	as is necessary to authenticate the user, and then drop the connection, 
+	thus conserving PDC connection resources.</P
+><P
+>And finally, acting in the same manner as an NT server 
+	authenticating to a PDC means that as part of the authentication 
+	reply, the Samba server gets the user identification information such 
+	as the user SID, the list of NT groups the user belongs to, etc. All 
+	this information will allow Samba to be extended in the future into 
+	a mode the developers currently call appliance mode. In this mode, 
+	no local Unix users will be necessary, and Samba will generate Unix 
+	uids and gids from the information passed back from the PDC when a 
+	user is authenticated, making a Samba server truly plug and play 
+	in an NT domain environment. Watch for this code soon.</P
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE:</I
+> Much of the text of this document 
+	was first published in the Web magazine <A
+HREF="http://www.linuxworld.com"
+TARGET="_top"
+> 	
+	LinuxWorld</A
+> as the article <A
+HREF="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"
+TARGET="_top"
+>Doing 
+	the NIS/NT Samba</A
+>.</P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/ENCRYPTION.html b/docs/htmldocs/ENCRYPTION.html
new file mode 100755
index 00000000000..e4d3ef5fed2
--- /dev/null
+++ b/docs/htmldocs/ENCRYPTION.html
@@ -0,0 +1,656 @@
+<HTML
+><HEAD
+><TITLE
+>LanMan and NT Password Encryption in Samba 2.x</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="PWENCRYPT"
+>LanMan and NT Password Encryption in Samba 2.x</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Introduction</A
+></H1
+><P
+>With the development of LanManager and Windows NT 
+	compatible password encryption for Samba, it is now able 
+	to validate user connections in exactly the same way as 
+	a LanManager or Windows NT server.</P
+><P
+>This document describes how the SMB password encryption 
+	algorithm works and what issues there are in choosing whether 
+	you want to use it. You should read it carefully, especially 
+	the part about security and the "PROS and CONS" section.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN7"
+>How does it work?</A
+></H1
+><P
+>LanManager encryption is somewhat similar to UNIX 
+	password encryption. The server uses a file containing a 
+	hashed value of a user's password.  This is created by taking 
+	the user's plaintext password, capitalising it, and either 
+	truncating to 14 bytes or padding to 14 bytes with null bytes. 
+	This 14 byte value is used as two 56 bit DES keys to encrypt 
+	a 'magic' eight byte value, forming a 16 byte value which is 
+	stored by the server and client. Let this value be known as 
+	the "hashed password".</P
+><P
+>Windows NT encryption is a higher quality mechanism, 
+	consisting of doing an MD4 hash on a Unicode version of the user's 
+	password. This also produces a 16 byte hash value that is 
+	non-reversible.</P
+><P
+>When a client (LanManager, Windows for WorkGroups, Windows 
+	95 or Windows NT) wishes to mount a Samba drive (or use a Samba 
+	resource), it first requests a connection and negotiates the 
+	protocol that the client and server will use. In the reply to this 
+	request the Samba server generates and appends an 8 byte, random 
+	value - this is stored in the Samba server after the reply is sent 
+	and is known as the "challenge".  The challenge is different for 
+	every client connection.</P
+><P
+>The client then uses the hashed password (16 byte values 
+	described above), appended with 5 null bytes, as three 56 bit 
+	DES keys, each of which is used to encrypt the challenge 8 byte 
+	value, forming a 24 byte value known as the "response".</P
+><P
+>In the SMB call SMBsessionsetupX (when user level security 
+	is selected) or the call SMBtconX (when share level security is 
+	selected), the 24 byte response is returned by the client to the 
+	Samba server.  For Windows NT protocol levels the above calculation 
+	is done on both hashes of the user's password and both responses are 
+	returned in the SMB call, giving two 24 byte values.</P
+><P
+>The Samba server then reproduces the above calculation, using 
+	its own stored value of the 16 byte hashed password (read from the 
+	<TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file - described later) and the challenge 
+	value that it kept from the negotiate protocol reply. It then checks 
+	to see if the 24 byte value it calculates matches the 24 byte value 
+	returned to it from the client.</P
+><P
+>If these values match exactly, then the client knew the 
+	correct password (or the 16 byte hashed value - see security note 
+	below) and is thus allowed access. If not, then the client did not 
+	know the correct password and is denied access.</P
+><P
+>Note that the Samba server never knows or stores the cleartext 
+	of the user's password - just the 16 byte hashed values derived from 
+	it. Also note that the cleartext password or 16 byte hashed values 
+	are never transmitted over the network - thus increasing security.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN18"
+>Important Notes About Security</A
+></H1
+><P
+>The unix and SMB password encryption techniques seem similar 
+	on the surface. This similarity is, however, only skin deep. The unix 
+	scheme typically sends clear text passwords over the network when 
+	logging in. This is bad. The SMB encryption scheme never sends the 
+	cleartext password over the network but it does store the 16 byte 
+	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
+	values are a "password equivalent". You cannot derive the user's 
+	password from them, but they could potentially be used in a modified 
+	client to gain access to a server. This would require considerable 
+	technical knowledge on behalf of the attacker but is perfectly possible. 
+	You should thus treat the smbpasswd file as though it contained the 
+	cleartext passwords of all your users. Its contents must be kept 
+	secret, and the file should be protected accordingly.</P
+><P
+>Ideally we would like a password scheme which neither requires 
+	plain text passwords on the net or on disk. Unfortunately this 
+	is not available as Samba is stuck with being compatible with 
+	other SMB systems (WinNT, WfWg, Win95 etc). </P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>Note that Windows NT 4.0 Service pack 3 changed the 
+		default for permissible authentication so that plaintext 
+		passwords are <I
+CLASS="EMPHASIS"
+>never</I
+> sent over the wire. 
+		The solution to this is either to switch to encrypted passwords 
+		with Samba or edit the Windows NT registry to re-enable plaintext 
+		passwords. See the document WinNT.txt for details on how to do 
+		this.</P
+><P
+>Other Microsoft operating systems which also exhibit 
+		this behavior includes</P
+><P
+></P
+><UL
+><LI
+><P
+>MS DOS Network client 3.0 with 
+			the basic network redirector installed</P
+></LI
+><LI
+><P
+>Windows 95 with the network redirector 
+			update installed</P
+></LI
+><LI
+><P
+>Windows 98 [se]</P
+></LI
+><LI
+><P
+>Windows 2000</P
+></LI
+></UL
+><P
+><I
+CLASS="EMPHASIS"
+>Note :</I
+>All current release of 
+		Microsoft SMB/CIFS clients support authentication via the
+		SMB Challenge/Response mechanism described here.  Enabling
+		clear text authentication does not disable the ability
+		of the client to participate in encrypted authentication.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN37"
+>Advantages of SMB Encryption</A
+></H2
+><P
+></P
+><UL
+><LI
+><P
+>plain text passwords are not passed across 
+			the network. Someone using a network sniffer cannot just 
+			record passwords going to the SMB server.</P
+></LI
+><LI
+><P
+>WinNT doesn't like talking to a server 
+			that isn't using SMB encrypted passwords. It will refuse 
+			to browse the server if the server is also in user level 
+			security mode. It will insist on prompting the user for the 
+			password on each connection, which is very annoying. The
+			only things you can do to stop this is to use SMB encryption.
+			</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN44"
+>Advantages of non-encrypted passwords</A
+></H2
+><P
+></P
+><UL
+><LI
+><P
+>plain text passwords are not kept 
+			on disk. </P
+></LI
+><LI
+><P
+>uses same password file as other unix 
+			services such as login and ftp</P
+></LI
+><LI
+><P
+>you are probably already using other 
+			services (such as telnet and ftp) which send plain text 
+			passwords over the net, so sending them for SMB isn't 
+			such a big deal.</P
+></LI
+></UL
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN53"
+><A
+NAME="SMBPASSWDFILEFORMAT"
+></A
+>The smbpasswd file</A
+></H1
+><P
+>In order for Samba to participate in the above protocol 
+	it must be able to look up the 16 byte hashed values given a user name.
+	Unfortunately, as the UNIX password value is also a one way hash
+	function (ie. it is impossible to retrieve the cleartext of the user's
+	password given the UNIX hash of it), a separate password file
+	containing this 16 byte value must be kept. To minimise problems with
+	these two password files, getting out of sync, the UNIX <TT
+CLASS="FILENAME"
+>	/etc/passwd</TT
+> and the <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file, 
+	a utility, <B
+CLASS="COMMAND"
+>mksmbpasswd.sh</B
+>, is provided to generate
+	a smbpasswd file from a UNIX <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> file.
+	</P
+><P
+>To generate the smbpasswd file from your <TT
+CLASS="FILENAME"
+>/etc/passwd
+	</TT
+> file use the following command :</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>cat /etc/passwd | mksmbpasswd.sh
+	&gt; /usr/local/samba/private/smbpasswd</B
+></TT
+></P
+><P
+>If you are running on a system that uses NIS, use</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>ypcat passwd | mksmbpasswd.sh
+	&gt; /usr/local/samba/private/smbpasswd</B
+></TT
+></P
+><P
+>The <B
+CLASS="COMMAND"
+>mksmbpasswd.sh</B
+> program is found in 
+	the Samba source directory. By default, the smbpasswd file is 
+	stored in :</P
+><P
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/private/smbpasswd</TT
+></P
+><P
+>The owner of the <TT
+CLASS="FILENAME"
+>/usr/local/samba/private/</TT
+> 
+	directory should be set to root, and the permissions on it should 
+	be set to 0500 (<B
+CLASS="COMMAND"
+>chmod 500 /usr/local/samba/private</B
+>).
+	</P
+><P
+>Likewise, the smbpasswd file inside the private directory should 
+	be owned by root and the permissions on is should be set to 0600
+	(<B
+CLASS="COMMAND"
+>chmod 600 smbpasswd</B
+>).</P
+><P
+>The format of the smbpasswd file is (The line has been 
+	wrapped here. It should appear as one entry per line in 
+	your smbpasswd file.)</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+	[Account type]:LCT-&lt;last-change-time&gt;:Long name
+	</PRE
+></P
+><P
+>Although only the <TT
+CLASS="REPLACEABLE"
+><I
+>username</I
+></TT
+>, 
+	<TT
+CLASS="REPLACEABLE"
+><I
+>uid</I
+></TT
+>, <TT
+CLASS="REPLACEABLE"
+><I
+>	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</I
+></TT
+>,
+	[<TT
+CLASS="REPLACEABLE"
+><I
+>Account type</I
+></TT
+>] and <TT
+CLASS="REPLACEABLE"
+><I
+>	last-change-time</I
+></TT
+> sections are significant 
+	and are looked at in the Samba code.</P
+><P
+>It is <I
+CLASS="EMPHASIS"
+>VITALLY</I
+> important that there by 32 
+	'X' characters between the two ':' characters in the XXX sections - 
+	the smbpasswd and Samba code will fail to validate any entries that 
+	do not have 32 characters  between ':' characters. The first XXX 
+	section is for the Lanman password hash, the second is for the 
+	Windows NT version.</P
+><P
+>When the password file is created all users have password entries
+	consisting of 32 'X' characters. By default this disallows any access
+	as this user. When a user has a password set, the 'X' characters change
+	to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii
+	representation of the 16 byte hashed value of a user's password.</P
+><P
+>To set a user to have no password (not recommended), edit the file
+	using vi, and replace the first 11 characters with the ascii text
+	<TT
+CLASS="CONSTANT"
+>"NO PASSWORD"</TT
+> (minus the quotes).</P
+><P
+>For example, to clear the password for user bob, his smbpasswd file 
+	entry would look like :</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
+	</PRE
+></P
+><P
+>If you are allowing users to use the smbpasswd command to set 
+	their own passwords, you may want to give users NO PASSWORD initially 
+	so they do not have to enter a previous password when changing to their 
+	new password (not recommended). In order for you to allow this the
+	<B
+CLASS="COMMAND"
+>smbpasswd</B
+> program must be able to connect to the 
+	<B
+CLASS="COMMAND"
+>smbd</B
+> daemon as that user with no password. Enable this 
+	by adding the line :</P
+><P
+><B
+CLASS="COMMAND"
+>null passwords = yes</B
+></P
+><P
+>to the [global] section of the smb.conf file (this is why 
+	the above scenario is not recommended). Preferably, allocate your
+	users a default password to begin with, so you do not have
+	to enable this on your server.</P
+><P
+><I
+CLASS="EMPHASIS"
+>Note : </I
+>This file should be protected very 
+	carefully. Anyone with access to this file can (with enough knowledge of 
+	the protocols) gain access to your SMB server. The file is thus more 
+	sensitive than a normal unix <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> file.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN105"
+>The smbpasswd Command</A
+></H1
+><P
+>The smbpasswd command maintains the two 32 byte password fields 
+	in the smbpasswd file. If you wish to make it similar to the unix 
+	<B
+CLASS="COMMAND"
+>passwd</B
+> or <B
+CLASS="COMMAND"
+>yppasswd</B
+> programs, 
+	install it in <TT
+CLASS="FILENAME"
+>/usr/local/samba/bin/</TT
+> (or your 
+	main Samba binary directory).</P
+><P
+>Note that as of Samba 1.9.18p4 this program <I
+CLASS="EMPHASIS"
+>MUST NOT 
+	BE INSTALLED</I
+> setuid root (the new <B
+CLASS="COMMAND"
+>smbpasswd</B
+> 
+	code enforces this restriction so it cannot be run this way by 
+	accident).</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> now works in a client-server mode 
+	where it contacts the local smbd to change the user's password on its 
+	behalf. This has enormous benefits - as follows.</P
+><P
+></P
+><UL
+><LI
+><P
+>smbpasswd no longer has to be setuid root - 
+		an enormous range of potential security problems is 
+		eliminated.</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> now has the capability 
+		to change passwords on Windows NT servers (this only works when 
+		the request is sent to the NT Primary Domain Controller if you 
+		are changing an NT Domain user's password).</P
+></LI
+></UL
+><P
+>To run smbpasswd as a normal user just type :</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbpasswd</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>Old SMB password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;type old value here - 
+	or hit return if there was no old password&gt;</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>New SMB Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;type new value&gt;
+	</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>Repeat New SMB Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;re-type new value
+	</B
+></TT
+></P
+><P
+>If the old value does not match the current value stored for 
+	that user, or the two new values do not match each other, then the 
+	password will not be changed.</P
+><P
+>If invoked by an ordinary user it will only allow the user 
+	to change his or her own Samba password.</P
+><P
+>If run by the root user smbpasswd may take an optional 
+	argument, specifying the user name whose SMB password you wish to 
+	change.  Note that when run as root smbpasswd does not prompt for 
+	or check the old password value, thus allowing root to set passwords 
+	for users who have forgotten their passwords.</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> is designed to work in the same way 
+	and be familiar to UNIX users who use the <B
+CLASS="COMMAND"
+>passwd</B
+> or 
+	<B
+CLASS="COMMAND"
+>yppasswd</B
+> commands.</P
+><P
+>For more details on using <B
+CLASS="COMMAND"
+>smbpasswd</B
+> refer 
+	to the man page which will always be the definitive reference.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN144"
+>Setting up Samba to support LanManager Encryption</A
+></H1
+><P
+>This is a very brief description on how to setup samba to 
+	support password encryption. </P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>compile and install samba as usual</P
+></LI
+><LI
+><P
+>enable encrypted passwords in <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> by adding the line <B
+CLASS="COMMAND"
+>encrypt 
+		passwords = yes</B
+> in the [global] section</P
+></LI
+><LI
+><P
+>create the initial <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+>
+		password file in the place you specified in the Makefile 
+		(--prefix=&lt;dir&gt;). See the notes under the <A
+HREF="#SMBPASSWDFILEFORMAT"
+>The smbpasswd File</A
+>
+		section earlier in the document for details.</P
+></LI
+></OL
+><P
+>Note that you can test things using smbclient.</P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/Integrating-with-Windows.html b/docs/htmldocs/Integrating-with-Windows.html
new file mode 100755
index 00000000000..fd2bd7fdaf6
--- /dev/null
+++ b/docs/htmldocs/Integrating-with-Windows.html
@@ -0,0 +1,1072 @@
+<HTML
+><HEAD
+><TITLE
+>Integrating MS Windows networks with Samba</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="INTEGRATE-MS-NETWORKS"
+>Integrating MS Windows networks with Samba</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Agenda</A
+></H1
+><P
+>To identify the key functional mechanisms of MS Windows networking 
+to enable the deployment of Samba as a means of extending and/or 
+replacing MS Windows NT/2000 technology.</P
+><P
+>We will examine:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>Name resolution in a pure Unix/Linux TCP/IP 
+	environment
+	</P
+></LI
+><LI
+><P
+>Name resolution as used within MS Windows 
+	networking
+	</P
+></LI
+><LI
+><P
+>How browsing functions and how to deploy stable 
+	and dependable browsing using Samba
+	</P
+></LI
+><LI
+><P
+>MS Windows security options and how to 
+	configure Samba for seemless integration
+	</P
+></LI
+><LI
+><P
+>Configuration of Samba as:</P
+><P
+></P
+><OL
+TYPE="a"
+><LI
+><P
+>A stand-alone server</P
+></LI
+><LI
+><P
+>An MS Windows NT 3.x/4.0 security domain member
+		</P
+></LI
+><LI
+><P
+>An alternative to an MS Windows NT 3.x/4.0 Domain Controller
+		</P
+></LI
+></OL
+></LI
+></OL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN25"
+>Name Resolution in a pure Unix/Linux world</A
+></H1
+><P
+>The key configuration files covered in this section are:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></P
+></LI
+></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN41"
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></H2
+><P
+>Contains a static list of IP Addresses and names.
+eg:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box</PRE
+></P
+><P
+>The purpose of <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> is to provide a 
+name resolution mechanism so that uses do not need to remember 
+IP addresses.</P
+><P
+>Network packets that are sent over the physical network transport 
+layer communicate not via IP addresses but rather using the Media 
+Access Control address, or MAC address. IP Addresses are currently 
+32 bits in length and are typically presented as four (4) decimal 
+numbers that are separated by a dot (or period). eg: 168.192.1.1</P
+><P
+>MAC Addresses use 48 bits (or 6 bytes) and are typically represented 
+as two digit hexadecimal numbers separated by colons. eg: 
+40:8e:0a:12:34:56</P
+><P
+>Every network interfrace must have an MAC address. Associated with 
+a MAC address there may be one or more IP addresses. There is NO 
+relationship between an IP address and a MAC address, all such assignments 
+are arbitary or discretionary in nature. At the most basic level all 
+network communications takes place using MAC addressing. Since MAC 
+addresses must be globally unique, and generally remains fixed for 
+any particular interface, the assignment of an IP address makes sense 
+from a network management perspective. More than one IP address can 
+be assigned per MAC address. One address must be the primary IP address, 
+this is the address that will be returned in the ARP reply.</P
+><P
+>When a user or a process wants to communicate with another machine 
+the protocol implementation ensures that the "machine name" or "host 
+name" is resolved to an IP address in a manner that is controlled 
+by the TCP/IP configuration control files. The file 
+<TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> is one such file.</P
+><P
+>When the IP address of the destination interface has been 
+determined a protocol called ARP/RARP is used to identify 
+the MAC address of the target interface. ARP stands for Address 
+Resolution Protocol, and is a broadcast oriented method that 
+uses UDP (User Datagram Protocol) to send a request to all 
+interfaces on the local network segment using the all 1's MAC 
+address. Network interfaces are programmed to respond to two 
+MAC addresses only; their own unique address and the address 
+ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will 
+contain the MAC address and the primary IP address for each 
+interface.</P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file is foundational to all 
+Unix/Linux TCP/IP installations and as a minumum will contain 
+the localhost and local network interface IP addresses and the 
+primary names by which they are known within the local machine. 
+This file helps to prime the pump so that a basic level of name 
+resolution can exist before any other method of name resolution 
+becomes available.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN57"
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
+></H2
+><P
+>This file tells the name resolution libraries:</P
+><P
+></P
+><UL
+><LI
+><P
+>The name of the domain to which the machine 
+	belongs
+	</P
+></LI
+><LI
+><P
+>The name(s) of any domains that should be 
+	automatically searched when trying to resolve unqualified 
+	host names to their IP address
+	</P
+></LI
+><LI
+><P
+>The name or IP address of available Domain 
+	Name Servers that may be asked to perform name to address 
+	translation lookups
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN68"
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
+></H2
+><P
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+> is the primary means by 
+which the setting in /etc/resolv.conf may be affected. It is a 
+critical configuration file.  This file controls the order by 
+which name resolution may procede. The typical structure is:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	order hosts,bind
+	multi on</PRE
+></P
+><P
+>then both addresses should be returned. Please refer to the 
+man page for host.conf for further details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN76"
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></H2
+><P
+>This file controls the actual name resolution targets. The 
+file typically has resolver object specifications as follows:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files</PRE
+></P
+><P
+>Of course, each of these mechanisms requires that the appropriate 
+facilities and/or services are correctly configured.</P
+><P
+>It should be noted that unless a network request/message must be 
+sent, TCP/IP networks are silent. All TCP/IP communications assumes a 
+principal of speaking only when necessary.</P
+><P
+>Samba version 2.2.0 will add Linux support for extensions to 
+the name service switch infrastructure so that linux clients will 
+be able to obtain resolution of MS Windows NetBIOS names to IP 
+Addresses. To gain this functionality Samba needs to be compiled 
+with appropriate arguments to the make command (ie: <B
+CLASS="COMMAND"
+>make 
+nsswitch/libnss_wins.so</B
+>). The resulting library should 
+then be installed in the <TT
+CLASS="FILENAME"
+>/lib</TT
+> directory and 
+the "wins" parameter needs to be added to the "hosts:" line in 
+the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file. At this point it 
+will be possible to ping any MS Windows machine by it's NetBIOS 
+machine name, so long as that machine is within the workgroup to 
+which both the samba machine and the MS Windows machine belong.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN88"
+>Name resolution as used within MS Windows networking</A
+></H1
+><P
+>MS Windows networking is predicated about the name each machine 
+is given. This name is known variously (and inconsistently) as 
+the "computer name", "machine name", "networking name", "netbios name", 
+"SMB name". All terms mean the same thing with the exception of 
+"netbios name" which can apply also to the name of the workgroup or the 
+domain name. The terms "workgroup" and "domain" are really just a 
+simply name with which the machine is associated. All NetBIOS names 
+are exactly 16 characters in length. The 16th character is reserved. 
+It is used to store a one byte value that indicates service level 
+information for the NetBIOS name that is registered. A NetBIOS machine 
+name is therefore registered for each service type that is provided by 
+the client/server.</P
+><P
+>The following are typical NetBIOS name/service type registrations:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	Unique NetBIOS Names:
+		MACHINENAME&#60;00&#62;	= Server Service is running on MACHINENAME
+		MACHINENAME&#60;03&#62; = Generic Machine Name (NetBIOS name)
+		MACHINENAME&#60;20&#62; = LanMan Server service is running on MACHINENAME
+		WORKGROUP&#60;1b&#62; = Domain Master Browser
+
+	Group Names:
+		WORKGROUP&#60;03&#62; = Generic Name registered by all members of WORKGROUP
+		WORKGROUP&#60;1c&#62; = Domain Controllers / Netlogon Servers
+		WORKGROUP&#60;1d&#62; = Local Master Browsers
+		WORKGROUP&#60;1e&#62; = Internet Name Resolvers</PRE
+></P
+><P
+>It should be noted that all NetBIOS machines register their own 
+names as per the above. This is in vast contrast to TCP/IP 
+installations where traditionally the system administrator will 
+determine in the /etc/hosts or in the DNS database what names 
+are associated with each IP address.</P
+><P
+>One further point of clarification should be noted, the <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> 
+file and the DNS records do not provide the NetBIOS name type information 
+that MS Windows clients depend on to locate the type of service that may 
+be needed. An example of this is what happens when an MS Windows client 
+wants to locate a domain logon server. It find this service and the IP 
+address of a server that provides it by performing a lookup (via a 
+NetBIOS broadcast) for enumeration of all machines that have 
+registered the name type *&#60;1c&#62;. A logon request is then sent to each 
+IP address that is returned in the enumerated list of IP addresses. Which 
+ever machine first replies then ends up providing the logon services.</P
+><P
+>The name "workgroup" or "domain" really can be confusing since these 
+have the added significance of indicating what is the security 
+architecture of the MS Windows network. The term "workgroup" indicates 
+that the primary nature of the network environment is that of a 
+peer-to-peer design. In a WORKGROUP all machines are responsible for 
+their own security, and generally such security is limited to use of 
+just a password (known as SHARE MODE security). In most situations 
+with peer-to-peer networking the users who control their own machines 
+will simply opt to have no security at all. It is possible to have 
+USER MODE security in a WORKGROUP environment, thus requiring use 
+of a user name and a matching password.</P
+><P
+>MS Windows networking is thus predetermined to use machine names 
+for all local and remote machine message passing. The protocol used is 
+called Server Message Block (SMB) and this is implemented using 
+the NetBIOS protocol (Network Basic Input Output System). NetBIOS can 
+be encapsulated using LLC (Logical Link Control) protocol - in which case 
+the resulting protocol is called NetBEUI (Network Basic Extended User 
+Interface). NetBIOS can also be run over IPX (Internetworking Packet 
+Exchange) protocol as used by Novell NetWare, and it can be run 
+over TCP/IP protocols - in which case the resulting protocol is called 
+NBT or NetBT, the NetBIOS over TCP/IP.</P
+><P
+>MS Windows machines use a complex array of name resolution mechanisms. 
+Since we are primarily concerned with TCP/IP this demonstration is 
+limited to this area.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN100"
+>The NetBIOS Name Cache</A
+></H2
+><P
+>All MS Windows machines employ an in memory buffer in which is 
+stored the NetBIOS names and IP addresses for all external 
+machines that that machine has communicated with over the 
+past 10-15 minutes. It is more efficient to obtain an IP address 
+for a machine from the local cache than it is to go through all the 
+configured name resolution mechanisms.</P
+><P
+>If a machine whose name is in the local name cache has been shut 
+down before the name had been expired and flushed from the cache, then 
+an attempt to exchange a message with that machine will be subject 
+to time-out delays. i.e.: Its name is in the cache, so a name resolution 
+lookup will succeed, but the machine can not respond. This can be 
+frustrating for users - but it is a characteristic of the protocol.</P
+><P
+>The MS Windows utility that allows examination of the NetBIOS 
+name cache is called "nbtstat". The Samba equivalent of this 
+is called "nmblookup".</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN105"
+>The LMHOSTS file</A
+></H2
+><P
+>This file is usually located in MS Windows NT 4.0 or 
+2000 in <TT
+CLASS="FILENAME"
+>C:\WINNT\SYSTEM32\DRIVERS\ETC</TT
+> and contains 
+the IP Address and the machine name in matched pairs. The 
+<TT
+CLASS="FILENAME"
+>LMHOSTS</TT
+> file performs NetBIOS name 
+to IP address mapping oriented.</P
+><P
+>It typically looks like:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:&lt;domain&gt;
+	#      #INCLUDE &lt;filename&gt;
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:&lt;domain&gt;" tag will associate the
+	# entry with the domain specified by &lt;domain&gt;. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The &lt;domain&gt; is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE &lt;filename&gt;" will force the RFC NetBIOS (NBT)
+	# software to seek the specified &lt;filename&gt; and parse it as if it were
+	# local. &lt;filename&gt; is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN113"
+>HOSTS file</A
+></H2
+><P
+>This file is usually located in MS Windows NT 4.0 or 2000 in 
+<TT
+CLASS="FILENAME"
+>C:\WINNT\SYSTEM32\DRIVERS\ETC</TT
+> and contains 
+the IP Address and the IP hostname in matched pairs. It can be 
+used by the name resolution infrastructure in MS Windows, depending 
+on how the TCP/IP environment is configured. This file is in 
+every way the equivalent of the Unix/Linux <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN118"
+>DNS Lookup</A
+></H2
+><P
+>This capability is configured in the TCP/IP setup area in the network 
+configuration facility. If enabled an elaborate name resolution sequence 
+is followed the precise nature of which isdependant on what the NetBIOS 
+Node Type parameter is configured to. A Node Type of 0 means use 
+NetBIOS broadcast (over UDP broadcast) is first used if the name 
+that is the subject of a name lookup is not found in the NetBIOS name 
+cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to 
+Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the 
+WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast 
+lookup is used.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN121"
+>WINS Lookup</A
+></H2
+><P
+>A WINS (Windows Internet Name Server) service is the equivaent of the 
+rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
+the names and IP addresses that are registered by a Windows client 
+if the TCP/IP setup has been given at least one WINS Server IP Address.</P
+><P
+>To configure Samba to be a WINS server the following parameter needs 
+to be added to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	wins support = Yes</PRE
+></P
+><P
+>To configure Samba to use a WINS server the following parameters are 
+needed in the smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	wins support = No
+	wins server = xxx.xxx.xxx.xxx</PRE
+></P
+><P
+>where <TT
+CLASS="REPLACEABLE"
+><I
+>xxx.xxx.xxx.xxx</I
+></TT
+> is the IP address 
+of the WINS server.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN133"
+>How browsing functions and how to deploy stable and 
+dependable browsing using Samba</A
+></H1
+><P
+>As stated above, MS Windows machines register their NetBIOS names 
+(i.e.: the machine name for each service type in operation) on start 
+up. Also, as stated above, the exact method by which this name registration 
+takes place is determined by whether or not the MS Windows client/server 
+has been given a WINS server address, whether or not LMHOSTS lookup 
+is enabled, or if DNS for NetBIOS name resolution is enabled, etc.</P
+><P
+>In the case where there is no WINS server all name registrations as 
+well as name lookups are done by UDP broadcast. This isolates name 
+resolution to the local subnet, unless LMHOSTS is used to list all 
+names and IP addresses. In such situations Samba provides a means by 
+which the samba server name may be forcibly injected into the browse 
+list of a remote MS Windows network (using the "remote announce" parameter).</P
+><P
+>Where a WINS server is used, the MS Windows client will use UDP 
+unicast to register with the WINS server. Such packets can be routed 
+and thus WINS allows name resolution to function across routed networks.</P
+><P
+>During the startup process an election will take place to create a 
+local master browser if one does not already exist. On each NetBIOS network 
+one machine will be elected to function as the domain master browser. This 
+domain browsing has nothing to do with MS security domain control. 
+Instead, the domain master browser serves the role of contacting each local 
+master browser (found by asking WINS or from LMHOSTS) and exchanging browse 
+list contents. This way every master browser will eventually obtain a complete 
+list of all machines that are on the network. Every 11-15 minutes an election 
+is held to determine which machine will be the master browser. By the nature of 
+the election criteria used, the machine with the highest uptime, or the 
+most senior protocol version, or other criteria, will win the election 
+as domain master browser.</P
+><P
+>Clients wishing to browse the network make use of this list, but also depend 
+on the availability of correct name resolution to the respective IP 
+address/addresses. </P
+><P
+>Any configuration that breaks name resolution and/or browsing intrinsics 
+will annoy users because they will have to put up with protracted 
+inability to use the network services.</P
+><P
+>Samba supports a feature that allows forced synchonisation 
+of browse lists across routed networks using the "remote 
+browse sync" parameter in the smb.conf file. This causes Samba 
+to contact the local master browser on a remote network and 
+to request browse list synchronisation. This effectively bridges 
+two networks that are separated by routers. The two remote 
+networks may use either broadcast based name resolution or WINS 
+based name resolution, but it should be noted that the "remote 
+browse sync" parameter provides browse list synchronisation - and 
+that is distinct from name to address resolution, in other 
+words, for cross subnet browsing to function correctly it is 
+essential that a name to address resolution mechanism be provided. 
+This mechanism could be via DNS, <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+>, 
+and so on.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN143"
+>MS Windows security options and how to configure 
+Samba for seemless integration</A
+></H1
+><P
+>MS Windows clients may use encrypted passwords as part of a 
+challenege/response authentication model (a.k.a. NTLMv1) or 
+alone, or clear text strings for simple password based 
+authentication. It should be realized that with the SMB 
+protocol the password is passed over the network either 
+in plain text or encrypted, but not both in the same 
+authentication requets.</P
+><P
+>When encrypted passwords are used a password that has been 
+entered by the user is encrypted in two ways:</P
+><P
+></P
+><UL
+><LI
+><P
+>An MD4 hash of the UNICODE of the password
+	string.  This is known as the NT hash.
+	</P
+></LI
+><LI
+><P
+>The password is converted to upper case,
+	and then padded or trucated to 14 bytes.  This string is 
+	then appended with 5 bytes of NULL characters and split to
+	form two 56 bit DES keys to encrypt a "magic" 8 byte value.
+	The resulting 16 bytes for the LanMan hash.
+	</P
+></LI
+></UL
+><P
+>You should refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Password Encryption</A
+> chapter in this HOWTO collection
+for more details on the inner workings</P
+><P
+>MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x 
+and version 4.0 pre-service pack 3 will use either mode of 
+password authentication. All versions of MS Windows that follow 
+these versions no longer support plain text passwords by default.</P
+><P
+>MS Windows clients have a habit of dropping network mappings that 
+have been idle for 10 minutes or longer. When the user attempts to 
+use the mapped drive connection that has been dropped, the client
+re-establishes the connection using 
+a cached copy of the password.</P
+><P
+>When Microsoft changed the default password mode, they dropped support for 
+caching of the plain text password. This means that when the registry 
+parameter is changed to re-enable use of plain text passwords it appears to 
+work, but when a dropped mapping attempts to revalidate it will fail if 
+the remote authentication server does not support encrypted passwords. 
+This means that it is definitely not a good idea to re-enable plain text 
+password support in such clients.</P
+><P
+>The following parameters can be used to work around the 
+issue of Windows 9x client upper casing usernames and
+password before transmitting them to the SMB server
+when using clear text authentication.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	<A
+HREF="smb.conf.5.html#PASSWORDLEVEL"
+TARGET="_top"
+>passsword level</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>integer</I
+></TT
+>
+	<A
+HREF="smb.conf.5.html#USERNAMELEVEL"
+TARGET="_top"
+>username level</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>integer</I
+></TT
+></PRE
+></P
+><P
+>By default Samba will lower case the username before attempting
+to lookup the user in the database of local system accounts.
+Because UNIX usernames conventionally only contain lower case
+character, the <TT
+CLASS="PARAMETER"
+><I
+>username level</I
+></TT
+> parameter
+is rarely even needed.</P
+><P
+>However, password on UNIX systems often make use of mixed case
+characters.  This means that in order for a user on a Windows 9x
+client to connect to a Samba server using clear text authentication,
+the <TT
+CLASS="PARAMETER"
+><I
+>password level</I
+></TT
+> must be set to the maximum
+number of upper case letter which <I
+CLASS="EMPHASIS"
+>could</I
+> appear
+is a password.  Note that is the server OS uses the traditional
+DES version of crypt(), then a <TT
+CLASS="PARAMETER"
+><I
+>password level</I
+></TT
+>
+of 8 will result in case insensitive passwords as seen from Windows
+users.  This will also result in longer login times as Samba
+hash to compute the permutations of the password string and 
+try them one by one until a match is located (or all combinations fail).</P
+><P
+>The best option to adopt is to enable support for encrypted passwords 
+where ever Samba is used. There are three configuration possibilities 
+for support of encrypted passwords:</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN171"
+>Use MS Windows NT as an authentication server</A
+></H2
+><P
+>This method involves the additions of the following parameters 
+in the smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"</PRE
+></P
+><P
+>There are two ways of identifying whether or not a username and 
+password pair was valid or not. One uses the reply information provided 
+as part of the authentication messaging process, the other uses 
+just and error code.</P
+><P
+>The down-side of this mode of configuration is the fact that 
+for security reasons Samba will send the password server a bogus 
+username and a bogus password and if the remote server fails to 
+reject the username and password pair then an alternative mode 
+of identification of validation is used. Where a site uses password 
+lock out after a certain number of failed authentication attempts 
+this will result in user lockouts.</P
+><P
+>Use of this mode of authentication does require there to be 
+a standard Unix account for the user, this account can be blocked 
+to prevent logons by other than MS Windows clients.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN179"
+>Make Samba a member of an MS Windows NT security domain</A
+></H2
+><P
+>This method involves additon of the following paramters in the smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *</PRE
+></P
+><P
+>The use of the "*" argument to "password server" will cause samba 
+to locate the domain controller in a way analogous to the way 
+this is done within MS Windows NT.</P
+><P
+>In order for this method to work the Samba server needs to join the 
+MS Windows NT security domain. This is done as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>On the MS Windows NT domain controller using 
+	the Server Manager add a machine account for the Samba server.
+	</P
+></LI
+><LI
+><P
+>Next, on the Linux system execute: 
+	<B
+CLASS="COMMAND"
+>smbpasswd -r PDC_NAME -j DOMAIN_NAME</B
+>
+	</P
+></LI
+></UL
+><P
+>Use of this mode of authentication does require there to be 
+a standard Unix account for the user in order to assign
+a uid once the account has been authenticated by the remote
+Windows DC.  This account can be blocked to prevent logons by 
+other than MS Windows clients by things such as setting an invalid
+shell in the <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry.</P
+><P
+>An alternative to assigning UIDs to Windows users on a 
+Samba member server is presented in the <A
+HREF="winbind.html"
+TARGET="_top"
+>Winbind Overview</A
+> chapter in
+this HOWTO collection.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN196"
+>Configure Samba as an authentication server</A
+></H2
+><P
+>This mode of authentication demands that there be on the 
+Unix/Linux system both a Unix style account as well as an 
+smbpasswd entry for the user. The Unix system account can be 
+locked if required as only the encrypted password will be 
+used for SMB client authentication.</P
+><P
+>This method involves addition of the following parameters to 
+the smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes</PRE
+></P
+><P
+>in order for this method to work a Unix system account needs 
+to be created for each user, as well as for each MS Windows NT/2000 
+machine. The following structure is required.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN203"
+>Users</A
+></H3
+><P
+>A user account that may provide a home directory should be 
+created. The following Linux system commands are typical of 
+the procedure for creating an account.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	# useradd -s /bin/bash -d /home/"userid" -m "userid"
+	# passwd "userid"
+	  Enter Password: &lt;pw&gt;
+	  
+	# smbpasswd -a "userid"
+	  Enter Password: &lt;pw&gt;</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN208"
+>MS Windows NT Machine Accounts</A
+></H3
+><P
+>These are required only when Samba is used as a domain 
+controller.  Refer to the Samba-PDC-HOWTO for more details.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	# useradd -s /bin/false -d /dev/null "machine_name"\$
+	# passwd -l "machine_name"\$
+	# smbpasswd -a -m "machine_name"</PRE
+></P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN213"
+>Conclusions</A
+></H1
+><P
+>Samba provides a flexible means to operate as...</P
+><P
+></P
+><UL
+><LI
+><P
+>A Stand-alone server - No special action is needed 
+	other than to create user accounts. Stand-alone servers do NOT 
+	provide network logon services, meaning that machines that use this 
+	server do NOT perform a domain logon but instead make use only of 
+	the MS Windows logon which is local to the MS Windows 
+	workstation/server.
+	</P
+></LI
+><LI
+><P
+>An MS Windows NT 3.x/4.0 security domain member.
+	</P
+></LI
+><LI
+><P
+>An alternative to an MS Windows NT 3.x/4.0 
+	Domain Controller.
+	</P
+></LI
+></UL
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/NT_Security.html b/docs/htmldocs/NT_Security.html
new file mode 100755
index 00000000000..ab8797563e3
--- /dev/null
+++ b/docs/htmldocs/NT_Security.html
@@ -0,0 +1,783 @@
+<HTML
+><HEAD
+><TITLE
+>UNIX Permission Bits and Windows NT Access Control Lists</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="UNIX-PERMISSIONS"
+>UNIX Permission Bits and Windows NT Access Control Lists</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Viewing and changing UNIX permissions using the NT 
+	security dialogs</A
+></H1
+><P
+>New in the Samba 2.0.4 release is the ability for Windows 
+	NT clients to use their native security settings dialog box to 
+	view and modify the underlying UNIX permissions.</P
+><P
+>Note that this ability is careful not to compromise 
+	the security of the UNIX host Samba is running on, and 
+	still obeys all the file permission rules that a Samba 
+	administrator can set.</P
+><P
+>In Samba 2.0.4 and above the default value of the 
+	parameter <A
+HREF="smb.conf.5.html#NTACLSUPPORT"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	nt acl support</I
+></TT
+></A
+> has been changed from 
+	<TT
+CLASS="CONSTANT"
+>false</TT
+> to <TT
+CLASS="CONSTANT"
+>true</TT
+>, so 
+ 	manipulation of permissions is turned on by default.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN12"
+>How to view file security on a Samba share</A
+></H1
+><P
+>From an NT 4.0 client, single-click with the right 
+	mouse button on any file or directory in a Samba mounted 
+	drive letter or UNC path. When the menu pops-up, click 
+	on the <I
+CLASS="EMPHASIS"
+>Properties</I
+> entry at the bottom of 
+	the menu. This brings up the normal file properties dialog
+	box, but with Samba 2.0.4 this will have a new tab along the top
+	marked <I
+CLASS="EMPHASIS"
+>Security</I
+>. Click on this tab and you 
+	will see three buttons, <I
+CLASS="EMPHASIS"
+>Permissions</I
+>, 	
+	<I
+CLASS="EMPHASIS"
+>Auditing</I
+>, and <I
+CLASS="EMPHASIS"
+>Ownership</I
+>. 
+	The <I
+CLASS="EMPHASIS"
+>Auditing</I
+> button will cause either 
+	an error message <SPAN
+CLASS="ERRORNAME"
+>A requested privilege is not held 
+	by the client</SPAN
+> to appear if the user is not the 
+	NT Administrator, or a dialog which is intended to allow an 
+	Administrator to add auditing requirements to a file if the 
+	user is logged on as the NT Administrator. This dialog is 
+	non-functional with a Samba share at this time, as the only 
+	useful button, the <B
+CLASS="COMMAND"
+>Add</B
+> button will not currently 
+	allow a list of users to be seen.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN23"
+>Viewing file ownership</A
+></H1
+><P
+>Clicking on the <B
+CLASS="COMMAND"
+>"Ownership"</B
+> button 
+	brings up a dialog box telling you who owns the given file. The 
+	owner name will be of the form :</P
+><P
+><B
+CLASS="COMMAND"
+>"SERVER\user (Long name)"</B
+></P
+><P
+>Where <TT
+CLASS="REPLACEABLE"
+><I
+>SERVER</I
+></TT
+> is the NetBIOS name of 
+	the Samba server, <TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+> is the user name of 
+	the UNIX user who owns the file, and <TT
+CLASS="REPLACEABLE"
+><I
+>(Long name)</I
+></TT
+>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database). Click on the <B
+CLASS="COMMAND"
+>Close
+	</B
+> button to remove this dialog.</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then the file owner will 
+	be shown as the NT user <B
+CLASS="COMMAND"
+>"Everyone"</B
+>.</P
+><P
+>The <B
+CLASS="COMMAND"
+>Take Ownership</B
+> button will not allow 
+	you to change the ownership of this file to yourself (clicking on 
+	it will display a dialog box complaining that the user you are 
+	currently logged onto the NT client cannot be found). The reason 
+	for this is that changing the ownership of a file is a privileged 
+	operation in UNIX, available only to the <I
+CLASS="EMPHASIS"
+>root</I
+> 
+	user. As clicking on this button causes NT to attempt to change 
+	the ownership of a file to the current user logged into the NT 
+	client this will not work with Samba at this time.</P
+><P
+>There is an NT chown command that will work with Samba 
+	and allow a user with Administrator privilege connected 
+	to a Samba 2.0.4 server as root to change the ownership of 
+	files on both a local NTFS filesystem or remote mounted NTFS 
+	or Samba drive. This is available as part of the <I
+CLASS="EMPHASIS"
+>Seclib
+	</I
+> NT security library written by Jeremy Allison of 
+	the Samba Team, available from the main Samba ftp site.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN43"
+>Viewing file or directory permissions</A
+></H1
+><P
+>The third button is the <B
+CLASS="COMMAND"
+>"Permissions"</B
+> 
+	button. Clicking on this brings up a dialog box that shows both 
+	the permissions and the UNIX owner of the file or directory. 
+	The owner is displayed in the form :</P
+><P
+><B
+CLASS="COMMAND"
+>"SERVER\user (Long name)"</B
+></P
+><P
+>Where <TT
+CLASS="REPLACEABLE"
+><I
+>SERVER</I
+></TT
+> is the NetBIOS name of 
+	the Samba server, <TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+> is the user name of 
+	the UNIX user who owns the file, and <TT
+CLASS="REPLACEABLE"
+><I
+>(Long name)</I
+></TT
+>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database).</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then the file owner will 
+	be shown as the NT user <B
+CLASS="COMMAND"
+>"Everyone"</B
+> and the 
+	permissions will be shown as NT "Full Control".</P
+><P
+>The permissions field is displayed differently for files 
+	and directories, so I'll describe the way file permissions 
+	are displayed first.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN58"
+>File Permissions</A
+></H2
+><P
+>The standard UNIX user/group/world triple and 
+		the corresponding "read", "write", "execute" permissions 
+		triples are mapped by Samba into a three element NT ACL 
+		with the 'r', 'w', and 'x' bits mapped into the corresponding 
+		NT permissions. The UNIX world permissions are mapped into 
+		the global NT group <B
+CLASS="COMMAND"
+>Everyone</B
+>, followed 
+		by the list of permissions allowed for UNIX world. The UNIX 
+		owner and group permissions are displayed as an NT 
+		<B
+CLASS="COMMAND"
+>user</B
+> icon and an NT <B
+CLASS="COMMAND"
+>local 
+		group</B
+> icon respectively followed by the list 
+	 	of permissions allowed for the UNIX user and group.</P
+><P
+>As many UNIX permission sets don't map into common 
+		NT names such as <B
+CLASS="COMMAND"
+>"read"</B
+>, <B
+CLASS="COMMAND"
+>		"change"</B
+> or <B
+CLASS="COMMAND"
+>"full control"</B
+> then 
+		usually the permissions will be prefixed by the words <B
+CLASS="COMMAND"
+>		"Special Access"</B
+> in the NT display list.</P
+><P
+>But what happens if the file has no permissions allowed 
+		for a particular UNIX user group or world component ? In order 
+		to  allow "no permissions" to be seen and modified then Samba 
+		overloads the NT <B
+CLASS="COMMAND"
+>"Take Ownership"</B
+> ACL attribute 
+		(which has no meaning in UNIX) and reports a component with 
+		no permissions as having the NT <B
+CLASS="COMMAND"
+>"O"</B
+> bit set. 
+		This was chosen of course to make it look like a zero, meaning 
+		zero permissions. More details on the decision behind this will 
+		be given below.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN72"
+>Directory Permissions</A
+></H2
+><P
+>Directories on an NT NTFS file system have two 
+		different sets of permissions. The first set of permissions 
+		is the ACL set on the directory itself, this is usually displayed 
+		in the first set of parentheses in the normal <B
+CLASS="COMMAND"
+>"RW"</B
+> 
+		NT style. This first set of permissions is created by Samba in 
+		exactly the same way as normal file permissions are, described 
+		above, and is displayed in the same way.</P
+><P
+>The second set of directory permissions has no real meaning 
+		in the UNIX permissions world and represents the <B
+CLASS="COMMAND"
+>		"inherited"</B
+> permissions that any file created within 
+		this directory would inherit.</P
+><P
+>Samba synthesises these inherited permissions for NT by 
+		returning as an NT ACL the UNIX permission mode that a new file 
+		created by Samba on this share would receive.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN79"
+>Modifying file or directory permissions</A
+></H1
+><P
+>Modifying file and directory permissions is as simple 
+	as changing the displayed permissions in the dialog box, and 
+	clicking the <B
+CLASS="COMMAND"
+>OK</B
+> button. However, there are 
+	limitations that a user needs to be aware of, and also interactions 
+	with the standard Samba permission masks and mapping of DOS 
+	attributes that need to also be taken into account.</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then any attempt to set 
+	security permissions will fail with an <B
+CLASS="COMMAND"
+>"Access Denied"
+	</B
+> message.</P
+><P
+>The first thing to note is that the <B
+CLASS="COMMAND"
+>"Add"</B
+> 
+	button will not return a list of users in Samba 2.0.4 (it will give 
+	an error message of <B
+CLASS="COMMAND"
+>"The remote procedure call failed 
+	and did not execute"</B
+>). This means that you can only 
+	manipulate the current user/group/world permissions listed in 
+	the dialog box. This actually works quite well as these are the 
+	only permissions that UNIX actually has.</P
+><P
+>If a permission triple (either user, group, or world) 
+	is removed from the list of permissions in the NT dialog box, 
+	then when the <B
+CLASS="COMMAND"
+>"OK"</B
+> button is pressed it will 
+	be applied as "no permissions" on the UNIX side. If you then 
+	view the permissions again the "no permissions" entry will appear 
+	as the NT <B
+CLASS="COMMAND"
+>"O"</B
+> flag, as described above. This 
+	allows you to add permissions back to a file or directory once 
+	you have removed them from a triple component.</P
+><P
+>As UNIX supports only the "r", "w" and "x" bits of 
+	an NT ACL then if other NT security attributes such as "Delete 
+	access" are selected then they will be ignored when applied on 
+	the Samba server.</P
+><P
+>When setting permissions on a directory the second 
+	set of permissions (in the second set of parentheses) is 
+	by default applied to all files within that directory. If this 
+	is not what you want you must uncheck the <B
+CLASS="COMMAND"
+>"Replace 
+	permissions on existing files"</B
+> checkbox in the NT 
+	dialog before clicking <B
+CLASS="COMMAND"
+>"OK"</B
+>.</P
+><P
+>If you wish to remove all permissions from a 
+	user/group/world  component then you may either highlight the 
+	component and click the <B
+CLASS="COMMAND"
+>"Remove"</B
+> button, 
+	or set the component to only have the special <B
+CLASS="COMMAND"
+>"Take
+	Ownership"</B
+> permission (displayed as <B
+CLASS="COMMAND"
+>"O"
+	</B
+>) highlighted.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN101"
+>Interaction with the standard Samba create mask 
+	parameters</A
+></H1
+><P
+>Note that with Samba 2.0.5 there are four new parameters 
+	to control this interaction.  These are :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode</I
+></TT
+></P
+><P
+>Once a user clicks <B
+CLASS="COMMAND"
+>"OK"</B
+> to apply the 
+	permissions Samba maps the given permissions into a user/group/world 
+	r/w/x triple set, and then will check the changed permissions for a 
+	file against the bits set in the <A
+HREF="smb.conf.5.html#SECURITYMASK"
+TARGET="_top"
+> 
+	<TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+> parameter. Any bits that 
+	were changed that are not set to '1' in this parameter are left alone 
+	in the file permissions.</P
+><P
+>Essentially, zero bits in the <TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+>
+	mask may be treated as a set of bits the user is <I
+CLASS="EMPHASIS"
+>not</I
+> 
+	allowed to change, and one bits are those the user is allowed to change.
+	</P
+><P
+>If not set explicitly this parameter is set to the same value as 
+	the <A
+HREF="smb.conf.5.html#CREATEMASK"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask
+	</I
+></TT
+></A
+> parameter to provide compatibility with Samba 2.0.4 
+	where this permission change facility was introduced. To allow a user to 
+	modify all the user/group/world permissions on a file, set this parameter 
+	to 0777.</P
+><P
+>Next Samba checks the changed permissions for a file against 
+	the bits set in the <A
+HREF="smb.conf.5.html#FORCESECURITYMODE"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></A
+> parameter. Any bits 
+	that were changed that correspond to bits set to '1' in this parameter 
+	are forced to be set.</P
+><P
+>Essentially, bits set in the <TT
+CLASS="PARAMETER"
+><I
+>force security mode
+	</I
+></TT
+> parameter may be treated as a set of bits that, when 
+	modifying security on a file, the user has always set to be 'on'.</P
+><P
+>If not set explicitly this parameter is set to the same value 
+	as the <A
+HREF="smb.conf.5.html#FORCECREATEMODE"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+	create mode</I
+></TT
+></A
+> parameter to provide compatibility
+	with Samba 2.0.4 where the permission change facility was introduced.
+	To allow a user to modify all the user/group/world permissions on a file
+	with no restrictions set this parameter to 000.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>force 
+	security mode</I
+></TT
+> parameters are applied to the change 
+	request in that order.</P
+><P
+>For a directory Samba will perform the same operations as 
+	described above for a file except using the parameter <TT
+CLASS="PARAMETER"
+><I
+>	directory security mask</I
+></TT
+> instead of <TT
+CLASS="PARAMETER"
+><I
+>security 
+	mask</I
+></TT
+>, and <TT
+CLASS="PARAMETER"
+><I
+>force directory security mode
+	</I
+></TT
+> parameter instead of <TT
+CLASS="PARAMETER"
+><I
+>force security mode
+	</I
+></TT
+>.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+> parameter 
+	by default is set to the same value as the <TT
+CLASS="PARAMETER"
+><I
+>directory mask
+	</I
+></TT
+> parameter and the <TT
+CLASS="PARAMETER"
+><I
+>force directory security 
+	mode</I
+></TT
+> parameter by default is set to the same value as 
+ 	the <TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+> parameter to provide 
+	compatibility with Samba 2.0.4 where the permission change facility 
+	was introduced.</P
+><P
+>In this way Samba enforces the permission restrictions that 
+	an administrator can set on a Samba share, whilst still allowing users 
+	to modify the permission bits within that restriction.</P
+><P
+>If you want to set up a share that allows users full control
+	in modifying the permission bits on their files and directories and
+	doesn't force any particular bits to be set 'on', then set the following
+	parameters in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)
+	</TT
+></A
+> file in that share specific section :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>security mask = 0777</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode = 0</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask = 0777</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode = 0</I
+></TT
+></P
+><P
+>As described, in Samba 2.0.4 the parameters :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+></P
+><P
+>were used instead of the parameters discussed here.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN165"
+>Interaction with the standard Samba file attribute 
+	mapping</A
+></H1
+><P
+>Samba maps some of the DOS attribute bits (such as "read 
+	only") into the UNIX permissions of a file. This means there can 
+	be a conflict between the permission bits set via the security 
+	dialog and the permission bits set by the file attribute mapping.
+	</P
+><P
+>One way this can show up is if a file has no UNIX read access
+	for the owner it will show up as "read only" in the standard 
+	file attributes tabbed dialog. Unfortunately this dialog is
+	the same one that contains the security info in another tab.</P
+><P
+>What this can mean is that if the owner changes the permissions
+	to allow themselves read access using the security dialog, clicks
+	<B
+CLASS="COMMAND"
+>"OK"</B
+> to get back to the standard attributes tab 
+	dialog, and then clicks <B
+CLASS="COMMAND"
+>"OK"</B
+> on that dialog, then 
+	NT will set the file permissions back to read-only (as that is what 
+	the attributes still say in the dialog). This means that after setting 
+	permissions and clicking <B
+CLASS="COMMAND"
+>"OK"</B
+> to get back to the 
+	attributes dialog you should always hit <B
+CLASS="COMMAND"
+>"Cancel"</B
+> 
+	rather than <B
+CLASS="COMMAND"
+>"OK"</B
+> to ensure that your changes 
+	are not overridden.</P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/OS2-Client-HOWTO.html b/docs/htmldocs/OS2-Client-HOWTO.html
new file mode 100755
index 00000000000..90f62306e82
--- /dev/null
+++ b/docs/htmldocs/OS2-Client-HOWTO.html
@@ -0,0 +1,210 @@
+<HTML
+><HEAD
+><TITLE
+>OS2 Client HOWTO</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="OS2"
+>OS2 Client HOWTO</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>FAQs</A
+></H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN5"
+>How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</A
+></H2
+><P
+>A more complete answer to this question can be 
+		found on <A
+HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html"
+TARGET="_top"
+>		http://carol.wins.uva.nl/~leeuw/samba/warp.html</A
+>.</P
+><P
+>Basically, you need three components:</P
+><P
+></P
+><UL
+><LI
+><P
+>The File and Print Client ('IBM Peer')
+			</P
+></LI
+><LI
+><P
+>TCP/IP ('Internet support') 
+			</P
+></LI
+><LI
+><P
+>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
+			</P
+></LI
+></UL
+><P
+>Installing the first two together with the base operating 
+		system on a blank system is explained in the Warp manual. If Warp 
+		has already been installed, but you now want to install the 
+		networking support, use the "Selective Install for Networking" 
+		object in the "System Setup" folder.</P
+><P
+>Adding the "NetBIOS over TCP/IP" driver is not described 
+		in the manual and just barely in the online documentation. Start 
+		MPTS.EXE, click on OK, click on "Configure LAPS" and click 
+		on "IBM OS/2 NETBIOS OVER TCP/IP" in  'Protocols'.  This line 
+		is then moved to 'Current Configuration'. Select that line, 
+		click on "Change number" and increase it from 0 to 1. Save this
+		configuration.</P
+><P
+>If the Samba server(s) is not on your local subnet, you 
+		can optionally add IP names and addresses of these servers 
+		to the "Names List", or specify a  WINS server ('NetBIOS 
+		Nameserver' in IBM and RFC terminology). For Warp Connect you 
+		may need to download an update for 'IBM Peer' to bring it on 
+		the same level as Warp 4. See the webpage mentioned above.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN20"
+>How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</A
+></H2
+><P
+>You can use the free Microsoft LAN Manager 2.2c Client 
+		for OS/2 from 
+		<A
+HREF="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"
+TARGET="_top"
+>		ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</A
+>.
+   	See <A
+HREF="http://carol.wins.uva.nl/~leeuw/lanman.html"
+TARGET="_top"
+>		http://carol.wins.uva.nl/~leeuw/lanman.html</A
+> for 
+		more information on how to install and use this client. In 
+		a nutshell, edit the file \OS2VER in the root directory of 
+		the OS/2 boot partition and add the lines:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+		</PRE
+></P
+><P
+>before you install the client. Also, don't use the 
+		included NE2000 driver because it is buggy. Try the NE2000 
+		or NS2000 driver from 
+		<A
+HREF="ftp://ftp.cdrom.com/pub/os2/network/ndis/"
+TARGET="_top"
+> 		ftp://ftp.cdrom.com/pub/os2/network/ndis/</A
+> instead.
+		</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN29"
+>Are there any other issues when OS/2 (any version) 
+		is used as a client?</A
+></H2
+><P
+>When you do a NET VIEW or use the "File and Print 
+		Client Resource Browser", no Samba servers show up. This can 
+		be fixed by a patch from <A
+HREF="http://carol.wins.uva.nl/~leeuw/samba/fix.html"
+TARGET="_top"
+>		http://carol.wins.uva.nl/~leeuw/samba/fix.html</A
+>.
+		The patch will be included in a later version of Samba. It also 
+		fixes a couple of other problems, such as preserving long 
+		filenames when objects are dragged from the Workplace Shell 
+		to the Samba server. </P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN33"
+>How do I get printer driver download working 
+		for OS/2 clients?</A
+></H2
+><P
+>First, create a share called [PRINTDRV] that is 
+		world-readable.  Copy your OS/2 driver files there.  Note 
+		that the .EA_ files must still be separate, so you will need 
+		to use the original install files, and not copy an installed 
+		driver from an OS/2 system.</P
+><P
+>Install the NT driver first for that printer.  Then, 
+		add to your smb.conf a parameter, "os2 driver map = 
+		<TT
+CLASS="REPLACEABLE"
+><I
+>filename</I
+></TT
+>".  Then, in the file 
+		specified by <TT
+CLASS="REPLACEABLE"
+><I
+>filename</I
+></TT
+>, map the 
+		name of the NT driver name to the OS/2 driver name as 
+		follows:</P
+><P
+>&lt;nt driver name&gt; = &lt;os2 driver 
+		name&gt;.&lt;device name&gt;, e.g.:
+		HP LaserJet 5L = LASERJET.HP LaserJet 5L</P
+><P
+>You can have multiple drivers mapped in this file.</P
+><P
+>If you only specify the OS/2 driver name, and not the 
+		device name, the first attempt to download the driver will 
+		actually download the files, but the OS/2 client will tell 
+		you the driver is not available.  On the second attempt, it 
+		will work.  This is fixed simply by adding the device name
+  		 to the mapping, after which it will work on the first attempt.
+		</P
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/PAM-Authentication-And-Samba.html b/docs/htmldocs/PAM-Authentication-And-Samba.html
new file mode 100755
index 00000000000..6dc815b87bf
--- /dev/null
+++ b/docs/htmldocs/PAM-Authentication-And-Samba.html
@@ -0,0 +1,318 @@
+<HTML
+><HEAD
+><TITLE
+>Configuring PAM for distributed but centrally 
+managed authentication</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="PAM"
+>Configuring PAM for distributed but centrally 
+managed authentication</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Samba and PAM</A
+></H1
+><P
+>A number of Unix systems (eg: Sun Solaris), as well as the 
+xxxxBSD family and Linux, now utilize the Pluggable Authentication 
+Modules (PAM) facility to provide all authentication, 
+authorization and resource control services. Prior to the 
+introduction of PAM, a decision to use an alternative to 
+the system password database (<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>) 
+would require the provision of alternatives for all programs that provide 
+security services. Such a choice would involve provision of 
+alternatives to such programs as: <B
+CLASS="COMMAND"
+>login</B
+>, 
+<B
+CLASS="COMMAND"
+>passwd</B
+>, <B
+CLASS="COMMAND"
+>chown</B
+>, etc.</P
+><P
+>PAM provides a mechanism that disconnects these security programs 
+from the underlying authentication/authorization infrastructure.
+PAM is configured either through one file <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> (Solaris), 
+or by editing individual files that are located in <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+>.</P
+><P
+>The following is an example <TT
+CLASS="FILENAME"
+>/etc/pam.d/login</TT
+> configuration file. 
+This example had all options been uncommented is probably not usable 
+as it stacks many conditions before allowing successful completion 
+of the login process. Essentially all conditions can be disabled 
+by commenting them out except the calls to <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5</PRE
+></P
+><P
+>PAM allows use of replacable modules. Those available on a 
+sample system include:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so</PRE
+></P
+><P
+>The following example for the login program replaces the use of 
+the <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+> module which uses the system 
+password database (<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>,
+<TT
+CLASS="FILENAME"
+>/etc/shadow</TT
+>, <TT
+CLASS="FILENAME"
+>/etc/group</TT
+>) with 
+the module <TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+> which uses the Samba 
+database which contains the Microsoft MD4 encrypted password 
+hashes. This database is stored in either 
+<TT
+CLASS="FILENAME"
+>/usr/local/samba/private/smbpasswd</TT
+>, 
+<TT
+CLASS="FILENAME"
+>/etc/samba/smbpasswd</TT
+>, or in 
+<TT
+CLASS="FILENAME"
+>/etc/samba.d/smbpasswd</TT
+>, depending on the 
+Samba implementation for your Unix/Linux system. The 
+<TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+> module is provided by 
+Samba version 2.2.1 or later. It can be compiled by specifying the 
+<B
+CLASS="COMMAND"
+>--with-pam_smbpass</B
+> options when running Samba's
+<TT
+CLASS="FILENAME"
+>configure</TT
+> script.  For more information
+on the <TT
+CLASS="FILENAME"
+>pam_smbpass</TT
+> module, see the documentation
+in the <TT
+CLASS="FILENAME"
+>source/pam_smbpass</TT
+> directory of the Samba 
+source distribution.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay</PRE
+></P
+><P
+>The following is the PAM configuration file for a particular 
+Linux system. The default condition uses <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5</PRE
+></P
+><P
+>In the following example the decision has been made to use the 
+smbpasswd database even for basic samba authentication. Such a 
+decision could also be made for the passwd program and would 
+thus allow the smbpasswd passwords to be changed using the passwd 
+program.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
+></P
+><P
+>Note: PAM allows stacking of authentication mechanisms. It is 
+also possible to pass information obtained within on PAM module through 
+to the next module in the PAM stack. Please refer to the documentation for 
+your particular system implementation for details regarding the specific 
+capabilities of PAM in this environment. Some Linux implmentations also 
+provide the <TT
+CLASS="FILENAME"
+>pam_stack.so</TT
+> module that allows all 
+authentication to be configured in a single central file. The 
+<TT
+CLASS="FILENAME"
+>pam_stack.so</TT
+> method has some very devoted followers 
+on the basis that it allows for easier administration. As with all issues in 
+life though, every decision makes trade-offs, so you may want examine the 
+PAM documentation for further helpful information.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN47"
+>Distributed Authentication</A
+></H1
+><P
+>The astute administrator will realize from this that the 
+combination of <TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+>, 
+<B
+CLASS="COMMAND"
+>winbindd</B
+>, and <B
+CLASS="COMMAND"
+>rsync</B
+> (see
+<A
+HREF="http://rsync.samba.org/"
+TARGET="_top"
+>http://rsync.samba.org/</A
+>)
+will allow the establishment of a centrally managed, distributed 
+user/password database that can also be used by all 
+PAM (eg: Linux) aware programs and applications. This arrangement 
+can have particularly potent advantages compared with the 
+use of Microsoft Active Directory Service (ADS) in so far as 
+reduction of wide area network authentication traffic.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN54"
+>PAM Configuration in smb.conf</A
+></H1
+><P
+>There is an option in smb.conf called <A
+HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
+TARGET="_top"
+>obey pam restrictions</A
+>. 
+The following is from the on-line help for this option in SWAT;</P
+><P
+>When Samba 2.2 is configure to enable PAM support (i.e. 
+<TT
+CLASS="CONSTANT"
+>--with-pam</TT
+>), this parameter will 
+control whether or not Samba should obey PAM's account 
+and session management directives. The default behavior 
+is to use PAM for clear text authentication only and to 
+ignore any account or session management. Note that Samba always 
+ignores PAM for authentication in the case of 
+<A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>encrypt passwords = yes</A
+>. 
+The reason is that PAM modules cannot support the challenge/response 
+authentication mechanism needed in the presence of SMB 
+password encryption. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>obey pam restrictions = no</B
+></P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html
new file mode 100755
index 00000000000..46c3541c8df
--- /dev/null
+++ b/docs/htmldocs/Samba-BDC-HOWTO.html
@@ -0,0 +1,350 @@
+<HTML
+><HEAD
+><TITLE
+>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="SAMBA-BDC"
+>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Prerequisite Reading</A
+></H1
+><P
+>Before you continue reading in this chapter, please make sure
+that you are comfortable with configuring a Samba PDC
+as described in the <A
+HREF="Samba-PDC-HOWTO.html"
+TARGET="_top"
+>Samba-PDC-HOWTO</A
+>.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN7"
+>Background</A
+></H1
+><P
+>What is a Domain Controller? It is a machine that is able to answer
+logon requests from workstations in a Windows NT Domain. Whenever a
+user logs into a Windows NT Workstation, the workstation connects to a
+Domain Controller and asks him whether the username and password the
+user typed in is correct.  The Domain Controller replies with a lot of
+information about the user, for example the place where the users
+profile is stored, the users full name of the user. All this
+information is stored in the NT user database, the so-called SAM.</P
+><P
+>There are two kinds of Domain Controller in a NT 4 compatible Domain:
+A Primary Domain Controller (PDC) and one or more Backup Domain
+Controllers (BDC). The PDC contains the master copy of the
+SAM. Whenever the SAM has to change, for example when a user changes
+his password, this change has to be done on the PDC. A Backup Domain
+Controller is a machine that maintains a read-only copy of the
+SAM. This way it is able to reply to logon requests and authenticate
+users in case the PDC is not available. During this time no changes to
+the SAM are possible. Whenever changes to the SAM are done on the PDC,
+all BDC receive the changes from the PDC.</P
+><P
+>Since version 2.2 Samba officially supports domain logons for all
+current Windows Clients, including Windows 2000 and XP. This text
+assumes the domain to be named SAMBA. To be able to act as a PDC, some
+parameters in the [global]-section of the smb.conf have to be set:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
+></P
+><P
+>Several other things like a [homes] and a [netlogon] share also may be
+set along with settings for the profile path, the users home drive and
+others. This will not be covered in this document.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN15"
+>What qualifies a Domain Controller on the network?</A
+></H1
+><P
+>Every machine that is a Domain Controller for the domain SAMBA has to
+register the NetBIOS group name SAMBA#1c with the WINS server and/or
+by broadcast on the local network. The PDC also registers the unique
+NetBIOS name SAMBA#1b with the WINS server. The name type #1b is
+normally reserved for the domain master browser, a role that has
+nothing to do with anything related to authentication, but the
+Microsoft Domain implementation requires the domain master browser to
+be on the same machine as the PDC.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN18"
+>How does a Workstation find its domain controller?</A
+></H2
+><P
+>A NT workstation in the domain SAMBA that wants a local user to be
+authenticated has to find the domain controller for SAMBA. It does
+this by doing a NetBIOS name query for the group name SAMBA#1c. It
+assumes that each of the machines it gets back from the queries is a
+domain controller and can answer logon requests. To not open security
+holes both the workstation and the selected (TODO: How is the DC
+chosen) domain controller authenticate each other. After that the
+workstation sends the user's credentials (his name and password) to
+the domain controller, asking for approval.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN21"
+>When is the PDC needed?</A
+></H2
+><P
+>Whenever a user wants to change his password, this has to be done on
+the PDC. To find the PDC, the workstation does a NetBIOS name query
+for SAMBA#1b, assuming this machine maintains the master copy of the
+SAM. The workstation contacts the PDC, both mutually authenticate and
+the password change is done.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN24"
+>Can Samba be a Backup Domain Controller?</A
+></H1
+><P
+>With version 2.2, no. The native NT SAM replication protocols have
+not yet been fully implemented. The Samba Team is working on
+understanding and implementing the protocols, but this work has not
+been finished for version 2.2.</P
+><P
+>Can I get the benefits of a BDC with Samba?  Yes. The main reason for
+implementing a BDC is availability. If the PDC is a Samba machine,
+a second Samba machine can be set up to
+service logon requests whenever the PDC is down.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN28"
+>How do I set up a Samba BDC?</A
+></H1
+><P
+>Several things have to be done:</P
+><P
+></P
+><UL
+><LI
+><P
+>	The file <TT
+CLASS="FILENAME"
+>private/MACHINE.SID</TT
+> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> database.  This file cannot just
+	be copied because Samba looks under the key <TT
+CLASS="CONSTANT"
+>SECRETS/SID/<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+></TT
+>.
+	where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </P
+><P
+>	A new option has been added to the <B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+>
+	command to help ease this problem.  When running <B
+CLASS="COMMAND"
+>smbpasswd -S</B
+> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and stored as the
+	new Samba server's machine SID.  See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>
+	man page for more details on this functionality.
+	</P
+></LI
+><LI
+><P
+>	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</P
+></LI
+><LI
+><P
+>	The Samba password database in the file <TT
+CLASS="FILENAME"
+>private/smbpasswd</TT
+>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</P
+></LI
+><LI
+><P
+>	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</P
+></LI
+></UL
+><P
+>Finally, the BDC has to be found by the workstations. This can be done
+by setting</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+     workgroup = SAMBA
+     domain master = no
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
+></P
+><P
+>in the [global]-section of the smb.conf of the BDC. This makes the BDC
+only register the name SAMBA#1c with the WINS server. This is no
+problem as the name SAMBA#1c is a NetBIOS group name that is meant to
+be registered by more than one machine. The parameter 'domain master =
+no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
+name is reserved for the Primary Domain Controller.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN57"
+>How do I replicate the smbpasswd file?</A
+></H2
+><P
+>Replication of the smbpasswd file is sensitive. It has to be done
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
+replicating the smbpasswd file very often is necessary.</P
+><P
+>As the smbpasswd file contains plain text password equivalents, it
+must not be sent unencrypted over the wire. The best way to set up
+smbpasswd replication from the PDC to the BDC is to use the utility
+<B
+CLASS="COMMAND"
+>rsync(1)</B
+>. <B
+CLASS="COMMAND"
+>rsync</B
+> can use
+<B
+CLASS="COMMAND"
+>ssh(1)</B
+> as a transport. <B
+CLASS="COMMAND"
+>ssh</B
+> itself
+can be set up to accept <I
+CLASS="EMPHASIS"
+>only</I
+> <B
+CLASS="COMMAND"
+>rsync</B
+> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.</P
+><P
+>Another solution with high potential is to use Samba's <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+for sharing and/or replicating the list of <TT
+CLASS="CONSTANT"
+>sambaAccount</TT
+> entries.
+This can all be done over SSL to ensure security.  See the <A
+HREF="Samba-LDAP-HOWTO.html"
+TARGET="_top"
+>Samba-LDAP-HOWTO</A
+>
+for more details.</P
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html
new file mode 100755
index 00000000000..c12167cf989
--- /dev/null
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
@@ -0,0 +1,11776 @@
+<HTML
+><HEAD
+><TITLE
+>SAMBA Project Documentation</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="BOOK"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="BOOK"
+><A
+NAME="SAMBA-PROJECT-DOCUMENTATION"
+></A
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="SAMBA-PROJECT-DOCUMENTATION"
+>SAMBA Project Documentation</A
+></H1
+><H3
+CLASS="AUTHOR"
+><A
+NAME="AEN4"
+>SAMBA Team</A
+></H3
+><HR></DIV
+><HR><H1
+><A
+NAME="AEN8"
+>Abstract</A
+></H1
+><P
+><EM
+>Last Update</EM
+> : Mon Apr  1 08:47:26 CST 2002</P
+><P
+>This book is a collection of HOWTOs added to Samba documentation over the years.
+I try to ensure that all are current, but sometimes the is a larger job
+than one person can maintain.  The most recent version of this document
+can be found at <A
+HREF="http://www.samba.org/"
+TARGET="_top"
+>http://www.samba.org/</A
+>
+on the "Documentation" page.  Please send updates to <A
+HREF="mailto:jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
+><P
+>This documentation is distributed under the GNU General Public License (GPL) 
+version 2.  A copy of the license is included with the Samba source
+distribution.  A copy can be found on-line at <A
+HREF="http://www.fsf.org/licenses/gpl.txt"
+TARGET="_top"
+>http://www.fsf.org/licenses/gpl.txt</A
+></P
+><P
+>Cheers, jerry</P
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>1. <A
+HREF="#INSTALL"
+>How to Install and Test SAMBA</A
+></DT
+><DD
+><DL
+><DT
+>1.1. <A
+HREF="#AEN20"
+>Step 0: Read the man pages</A
+></DT
+><DT
+>1.2. <A
+HREF="#AEN28"
+>Step 1: Building the Binaries</A
+></DT
+><DT
+>1.3. <A
+HREF="#AEN56"
+>Step 2: The all important step</A
+></DT
+><DT
+>1.4. <A
+HREF="#AEN60"
+>Step 3: Create the smb configuration file.</A
+></DT
+><DT
+>1.5. <A
+HREF="#AEN74"
+>Step 4: Test your config file with 
+	<B
+CLASS="COMMAND"
+>testparm</B
+></A
+></DT
+><DT
+>1.6. <A
+HREF="#AEN80"
+>Step 5: Starting the smbd and nmbd</A
+></DT
+><DD
+><DL
+><DT
+>1.6.1. <A
+HREF="#AEN90"
+>Step 5a: Starting from inetd.conf</A
+></DT
+><DT
+>1.6.2. <A
+HREF="#AEN119"
+>Step 5b. Alternative: starting it as a daemon</A
+></DT
+></DL
+></DD
+><DT
+>1.7. <A
+HREF="#AEN135"
+>Step 6: Try listing the shares available on your 
+	server</A
+></DT
+><DT
+>1.8. <A
+HREF="#AEN144"
+>Step 7: Try connecting with the unix client</A
+></DT
+><DT
+>1.9. <A
+HREF="#AEN160"
+>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
+	Win2k, OS/2, etc... client</A
+></DT
+><DT
+>1.10. <A
+HREF="#AEN174"
+>What If Things Don't Work?</A
+></DT
+><DD
+><DL
+><DT
+>1.10.1. <A
+HREF="#AEN179"
+>Diagnosing Problems</A
+></DT
+><DT
+>1.10.2. <A
+HREF="#AEN183"
+>Scope IDs</A
+></DT
+><DT
+>1.10.3. <A
+HREF="#AEN186"
+>Choosing the Protocol Level</A
+></DT
+><DT
+>1.10.4. <A
+HREF="#AEN195"
+>Printing from UNIX to a Client PC</A
+></DT
+><DT
+>1.10.5. <A
+HREF="#AEN199"
+>Locking</A
+></DT
+><DT
+>1.10.6. <A
+HREF="#AEN208"
+>Mapping Usernames</A
+></DT
+><DT
+>1.10.7. <A
+HREF="#AEN211"
+>Other Character Sets</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>2. <A
+HREF="#INTEGRATE-MS-NETWORKS"
+>Integrating MS Windows networks with Samba</A
+></DT
+><DD
+><DL
+><DT
+>2.1. <A
+HREF="#AEN225"
+>Agenda</A
+></DT
+><DT
+>2.2. <A
+HREF="#AEN247"
+>Name Resolution in a pure Unix/Linux world</A
+></DT
+><DD
+><DL
+><DT
+>2.2.1. <A
+HREF="#AEN263"
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></DT
+><DT
+>2.2.2. <A
+HREF="#AEN279"
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
+></DT
+><DT
+>2.2.3. <A
+HREF="#AEN290"
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
+></DT
+><DT
+>2.2.4. <A
+HREF="#AEN298"
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></DT
+></DL
+></DD
+><DT
+>2.3. <A
+HREF="#AEN310"
+>Name resolution as used within MS Windows networking</A
+></DT
+><DD
+><DL
+><DT
+>2.3.1. <A
+HREF="#AEN322"
+>The NetBIOS Name Cache</A
+></DT
+><DT
+>2.3.2. <A
+HREF="#AEN327"
+>The LMHOSTS file</A
+></DT
+><DT
+>2.3.3. <A
+HREF="#AEN335"
+>HOSTS file</A
+></DT
+><DT
+>2.3.4. <A
+HREF="#AEN340"
+>DNS Lookup</A
+></DT
+><DT
+>2.3.5. <A
+HREF="#AEN343"
+>WINS Lookup</A
+></DT
+></DL
+></DD
+><DT
+>2.4. <A
+HREF="#AEN355"
+>How browsing functions and how to deploy stable and 
+dependable browsing using Samba</A
+></DT
+><DT
+>2.5. <A
+HREF="#AEN365"
+>MS Windows security options and how to configure 
+Samba for seemless integration</A
+></DT
+><DD
+><DL
+><DT
+>2.5.1. <A
+HREF="#AEN393"
+>Use MS Windows NT as an authentication server</A
+></DT
+><DT
+>2.5.2. <A
+HREF="#AEN401"
+>Make Samba a member of an MS Windows NT security domain</A
+></DT
+><DT
+>2.5.3. <A
+HREF="#AEN418"
+>Configure Samba as an authentication server</A
+></DT
+><DD
+><DL
+><DT
+>2.5.3.1. <A
+HREF="#AEN425"
+>Users</A
+></DT
+><DT
+>2.5.3.2. <A
+HREF="#AEN430"
+>MS Windows NT Machine Accounts</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>2.6. <A
+HREF="#AEN435"
+>Conclusions</A
+></DT
+></DL
+></DD
+><DT
+>3. <A
+HREF="#PAM"
+>Configuring PAM for distributed but centrally 
+managed authentication</A
+></DT
+><DD
+><DL
+><DT
+>3.1. <A
+HREF="#AEN456"
+>Samba and PAM</A
+></DT
+><DT
+>3.2. <A
+HREF="#AEN500"
+>Distributed Authentication</A
+></DT
+><DT
+>3.3. <A
+HREF="#AEN507"
+>PAM Configuration in smb.conf</A
+></DT
+></DL
+></DD
+><DT
+>4. <A
+HREF="#MSDFS"
+>Hosting a Microsoft Distributed File System tree on Samba</A
+></DT
+><DD
+><DL
+><DT
+>4.1. <A
+HREF="#AEN527"
+>Instructions</A
+></DT
+><DD
+><DL
+><DT
+>4.1.1. <A
+HREF="#AEN562"
+>Notes</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>5. <A
+HREF="#UNIX-PERMISSIONS"
+>UNIX Permission Bits and Windows NT Access Control Lists</A
+></DT
+><DD
+><DL
+><DT
+>5.1. <A
+HREF="#AEN582"
+>Viewing and changing UNIX permissions using the NT 
+	security dialogs</A
+></DT
+><DT
+>5.2. <A
+HREF="#AEN591"
+>How to view file security on a Samba share</A
+></DT
+><DT
+>5.3. <A
+HREF="#AEN602"
+>Viewing file ownership</A
+></DT
+><DT
+>5.4. <A
+HREF="#AEN622"
+>Viewing file or directory permissions</A
+></DT
+><DD
+><DL
+><DT
+>5.4.1. <A
+HREF="#AEN637"
+>File Permissions</A
+></DT
+><DT
+>5.4.2. <A
+HREF="#AEN651"
+>Directory Permissions</A
+></DT
+></DL
+></DD
+><DT
+>5.5. <A
+HREF="#AEN658"
+>Modifying file or directory permissions</A
+></DT
+><DT
+>5.6. <A
+HREF="#AEN680"
+>Interaction with the standard Samba create mask 
+	parameters</A
+></DT
+><DT
+>5.7. <A
+HREF="#AEN744"
+>Interaction with the standard Samba file attribute 
+	mapping</A
+></DT
+></DL
+></DD
+><DT
+>6. <A
+HREF="#PRINTING"
+>Printing Support in Samba 2.2.x</A
+></DT
+><DD
+><DL
+><DT
+>6.1. <A
+HREF="#AEN765"
+>Introduction</A
+></DT
+><DT
+>6.2. <A
+HREF="#AEN787"
+>Configuration</A
+></DT
+><DD
+><DL
+><DT
+>6.2.1. <A
+HREF="#AEN798"
+>Creating [print$]</A
+></DT
+><DT
+>6.2.2. <A
+HREF="#AEN833"
+>Setting Drivers for Existing Printers</A
+></DT
+><DT
+>6.2.3. <A
+HREF="#AEN851"
+>DeviceModes and New Printers</A
+></DT
+><DT
+>6.2.4. <A
+HREF="#AEN862"
+>Support a large number of printers</A
+></DT
+><DT
+>6.2.5. <A
+HREF="#AEN873"
+>Adding New Printers via the Windows NT APW</A
+></DT
+><DT
+>6.2.6. <A
+HREF="#AEN898"
+>Samba and Printer Ports</A
+></DT
+></DL
+></DD
+><DT
+>6.3. <A
+HREF="#AEN906"
+>The Imprints Toolset</A
+></DT
+><DD
+><DL
+><DT
+>6.3.1. <A
+HREF="#AEN911"
+>What is Imprints?</A
+></DT
+><DT
+>6.3.2. <A
+HREF="#AEN921"
+>Creating Printer Driver Packages</A
+></DT
+><DT
+>6.3.3. <A
+HREF="#AEN924"
+>The Imprints server</A
+></DT
+><DT
+>6.3.4. <A
+HREF="#AEN928"
+>The Installation Client</A
+></DT
+></DL
+></DD
+><DT
+>6.4. <A
+HREF="#AEN950"
+><A
+NAME="MIGRATION"
+></A
+>Migration to from Samba 2.0.x to 2.2.x</A
+></DT
+><DD
+><DL
+><DT
+>6.4.1. <A
+HREF="#AEN983"
+>Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>7. <A
+HREF="#CUPS"
+>Printing with CUPS in Samba 2.2.x</A
+></DT
+><DD
+><DL
+><DT
+>7.1. <A
+HREF="#AEN999"
+>Printing with CUPS in Samba 2.2.x</A
+></DT
+><DT
+>7.2. <A
+HREF="#AEN1003"
+>Configuring <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for CUPS</A
+></DT
+><DT
+>7.3. <A
+HREF="#AEN1022"
+>Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</A
+></DT
+><DT
+>7.4. <A
+HREF="#AEN1025"
+>CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</A
+></DT
+><DT
+>7.5. <A
+HREF="#AEN1046"
+>Windows Terminal Servers (WTS) as CUPS clients</A
+></DT
+><DT
+>7.6. <A
+HREF="#AEN1050"
+>Setting up CUPS for driver download</A
+></DT
+><DT
+>7.7. <A
+HREF="#AEN1062"
+>Sources of CUPS drivers / PPDs</A
+></DT
+><DD
+><DL
+><DT
+>7.7.1. <A
+HREF="#AEN1089"
+><B
+CLASS="COMMAND"
+>cupsaddsmb</B
+></A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>8. <A
+HREF="#DOMAIN-SECURITY"
+>security = domain in Samba 2.x</A
+></DT
+><DD
+><DL
+><DT
+>8.1. <A
+HREF="#AEN1134"
+>Joining an NT Domain with Samba 2.2</A
+></DT
+><DT
+>8.2. <A
+HREF="#AEN1198"
+>Samba and Windows 2000 Domains</A
+></DT
+><DT
+>8.3. <A
+HREF="#AEN1203"
+>Why is this better than security = server?</A
+></DT
+></DL
+></DD
+><DT
+>9. <A
+HREF="#SAMBA-PDC"
+>How to Configure Samba 2.2 as a Primary Domain Controller</A
+></DT
+><DD
+><DL
+><DT
+>9.1. <A
+HREF="#AEN1236"
+>Prerequisite Reading</A
+></DT
+><DT
+>9.2. <A
+HREF="#AEN1242"
+>Background</A
+></DT
+><DT
+>9.3. <A
+HREF="#AEN1281"
+>Configuring the Samba Domain Controller</A
+></DT
+><DT
+>9.4. <A
+HREF="#AEN1324"
+>Creating Machine Trust Accounts and Joining Clients to the
+Domain</A
+></DT
+><DD
+><DL
+><DT
+>9.4.1. <A
+HREF="#AEN1343"
+>Manual Creation of Machine Trust Accounts</A
+></DT
+><DT
+>9.4.2. <A
+HREF="#AEN1378"
+>"On-the-Fly" Creation of Machine Trust Accounts</A
+></DT
+><DT
+>9.4.3. <A
+HREF="#AEN1387"
+>Joining the Client to the Domain</A
+></DT
+></DL
+></DD
+><DT
+>9.5. <A
+HREF="#AEN1402"
+>Common Problems and Errors</A
+></DT
+><DT
+>9.6. <A
+HREF="#AEN1450"
+>System Policies and Profiles</A
+></DT
+><DT
+>9.7. <A
+HREF="#AEN1494"
+>What other help can I get?</A
+></DT
+><DT
+>9.8. <A
+HREF="#AEN1608"
+>Domain Control for Windows 9x/ME</A
+></DT
+><DD
+><DL
+><DT
+>9.8.1. <A
+HREF="#AEN1634"
+>Configuration Instructions:	Network Logons</A
+></DT
+><DT
+>9.8.2. <A
+HREF="#AEN1653"
+>Configuration Instructions:	Setting up Roaming User Profiles</A
+></DT
+><DD
+><DL
+><DT
+>9.8.2.1. <A
+HREF="#AEN1661"
+>Windows NT Configuration</A
+></DT
+><DT
+>9.8.2.2. <A
+HREF="#AEN1669"
+>Windows 9X Configuration</A
+></DT
+><DT
+>9.8.2.3. <A
+HREF="#AEN1677"
+>Win9X and WinNT Configuration</A
+></DT
+><DT
+>9.8.2.4. <A
+HREF="#AEN1684"
+>Windows 9X Profile Setup</A
+></DT
+><DT
+>9.8.2.5. <A
+HREF="#AEN1720"
+>Windows NT Workstation 4.0</A
+></DT
+><DT
+>9.8.2.6. <A
+HREF="#AEN1733"
+>Windows NT Server</A
+></DT
+><DT
+>9.8.2.7. <A
+HREF="#AEN1736"
+>Sharing Profiles between W95 and NT Workstation 4.0</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>9.9. <A
+HREF="#AEN1746"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+></DT
+></DL
+></DD
+><DT
+>10. <A
+HREF="#SAMBA-BDC"
+>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
+></DT
+><DD
+><DL
+><DT
+>10.1. <A
+HREF="#AEN1782"
+>Prerequisite Reading</A
+></DT
+><DT
+>10.2. <A
+HREF="#AEN1786"
+>Background</A
+></DT
+><DT
+>10.3. <A
+HREF="#AEN1794"
+>What qualifies a Domain Controller on the network?</A
+></DT
+><DD
+><DL
+><DT
+>10.3.1. <A
+HREF="#AEN1797"
+>How does a Workstation find its domain controller?</A
+></DT
+><DT
+>10.3.2. <A
+HREF="#AEN1800"
+>When is the PDC needed?</A
+></DT
+></DL
+></DD
+><DT
+>10.4. <A
+HREF="#AEN1803"
+>Can Samba be a Backup Domain Controller?</A
+></DT
+><DT
+>10.5. <A
+HREF="#AEN1807"
+>How do I set up a Samba BDC?</A
+></DT
+><DD
+><DL
+><DT
+>10.5.1. <A
+HREF="#AEN1836"
+>How do I replicate the smbpasswd file?</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>11. <A
+HREF="#SAMBA-LDAP-HOWTO"
+>Storing Samba's User/Machine Account information in an LDAP Directory</A
+></DT
+><DD
+><DL
+><DT
+>11.1. <A
+HREF="#AEN1867"
+>Purpose</A
+></DT
+><DT
+>11.2. <A
+HREF="#AEN1888"
+>Introduction</A
+></DT
+><DT
+>11.3. <A
+HREF="#AEN1919"
+>Supported LDAP Servers</A
+></DT
+><DT
+>11.4. <A
+HREF="#AEN1924"
+>Schema and Relationship to the RFC 2307 posixAccount</A
+></DT
+><DT
+>11.5. <A
+HREF="#AEN1945"
+>Configuring Samba with LDAP</A
+></DT
+><DD
+><DL
+><DT
+>11.5.1. <A
+HREF="#AEN1947"
+>OpenLDAP configuration</A
+></DT
+><DT
+>11.5.2. <A
+HREF="#AEN1964"
+>Configuring Samba</A
+></DT
+><DT
+>11.5.3. <A
+HREF="#AEN1992"
+>Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></DT
+></DL
+></DD
+><DT
+>11.6. <A
+HREF="#AEN2008"
+>Accounts and Groups management</A
+></DT
+><DT
+>11.7. <A
+HREF="#AEN2013"
+>Security and sambaAccount</A
+></DT
+><DT
+>11.8. <A
+HREF="#AEN2033"
+>LDAP specials attributes for sambaAccounts</A
+></DT
+><DT
+>11.9. <A
+HREF="#AEN2103"
+>Example LDIF Entries for a sambaAccount</A
+></DT
+><DT
+>11.10. <A
+HREF="#AEN2111"
+>Comments</A
+></DT
+></DL
+></DD
+><DT
+>12. <A
+HREF="#WINBIND"
+>Unified Logons between Windows NT and UNIX using Winbind</A
+></DT
+><DD
+><DL
+><DT
+>12.1. <A
+HREF="#AEN2140"
+>Abstract</A
+></DT
+><DT
+>12.2. <A
+HREF="#AEN2144"
+>Introduction</A
+></DT
+><DT
+>12.3. <A
+HREF="#AEN2157"
+>What Winbind Provides</A
+></DT
+><DD
+><DL
+><DT
+>12.3.1. <A
+HREF="#AEN2164"
+>Target Uses</A
+></DT
+></DL
+></DD
+><DT
+>12.4. <A
+HREF="#AEN2168"
+>How Winbind Works</A
+></DT
+><DD
+><DL
+><DT
+>12.4.1. <A
+HREF="#AEN2173"
+>Microsoft Remote Procedure Calls</A
+></DT
+><DT
+>12.4.2. <A
+HREF="#AEN2177"
+>Name Service Switch</A
+></DT
+><DT
+>12.4.3. <A
+HREF="#AEN2193"
+>Pluggable Authentication Modules</A
+></DT
+><DT
+>12.4.4. <A
+HREF="#AEN2201"
+>User and Group ID Allocation</A
+></DT
+><DT
+>12.4.5. <A
+HREF="#AEN2205"
+>Result Caching</A
+></DT
+></DL
+></DD
+><DT
+>12.5. <A
+HREF="#AEN2208"
+>Installation and Configuration</A
+></DT
+><DD
+><DL
+><DT
+>12.5.1. <A
+HREF="#AEN2212"
+>Introduction</A
+></DT
+><DT
+>12.5.2. <A
+HREF="#AEN2225"
+>Requirements</A
+></DT
+><DT
+>12.5.3. <A
+HREF="#AEN2241"
+>Testing Things Out</A
+></DT
+><DD
+><DL
+><DT
+>12.5.3.1. <A
+HREF="#AEN2254"
+>Configure and Compile SAMBA</A
+></DT
+><DT
+>12.5.3.2. <A
+HREF="#AEN2267"
+>Configure <TT
+CLASS="FILENAME"
+>nsswitch.conf</TT
+> and the
+winbind libraries</A
+></DT
+><DT
+>12.5.3.3. <A
+HREF="#AEN2289"
+>Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+></DT
+><DT
+>12.5.3.4. <A
+HREF="#AEN2306"
+>Join the SAMBA server to the PDC domain</A
+></DT
+><DT
+>12.5.3.5. <A
+HREF="#AEN2317"
+>Start up the winbindd daemon and test it!</A
+></DT
+><DT
+>12.5.3.6. <A
+HREF="#AEN2358"
+>Configure Winbind and PAM</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>12.6. <A
+HREF="#AEN2411"
+>Limitations</A
+></DT
+><DT
+>12.7. <A
+HREF="#AEN2419"
+>Conclusion</A
+></DT
+></DL
+></DD
+><DT
+>13. <A
+HREF="#OS2"
+>OS2 Client HOWTO</A
+></DT
+><DD
+><DL
+><DT
+>13.1. <A
+HREF="#AEN2433"
+>FAQs</A
+></DT
+><DD
+><DL
+><DT
+>13.1.1. <A
+HREF="#AEN2435"
+>How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</A
+></DT
+><DT
+>13.1.2. <A
+HREF="#AEN2450"
+>How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</A
+></DT
+><DT
+>13.1.3. <A
+HREF="#AEN2459"
+>Are there any other issues when OS/2 (any version) 
+		is used as a client?</A
+></DT
+><DT
+>13.1.4. <A
+HREF="#AEN2463"
+>How do I get printer driver download working 
+		for OS/2 clients?</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>14. <A
+HREF="#CVS-ACCESS"
+>HOWTO Access Samba source code via CVS</A
+></DT
+><DD
+><DL
+><DT
+>14.1. <A
+HREF="#AEN2479"
+>Introduction</A
+></DT
+><DT
+>14.2. <A
+HREF="#AEN2484"
+>CVS Access to samba.org</A
+></DT
+><DD
+><DL
+><DT
+>14.2.1. <A
+HREF="#AEN2487"
+>Access via CVSweb</A
+></DT
+><DT
+>14.2.2. <A
+HREF="#AEN2492"
+>Access via cvs</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+><A
+HREF="#AEN2520"
+>Index</A
+></DT
+></DL
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="INSTALL"
+>Chapter 1. How to Install and Test SAMBA</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN20"
+>1.1. Step 0: Read the man pages</A
+></H1
+><P
+>The man pages distributed with SAMBA contain 
+	lots of useful info that will help to get you started. 
+	If you don't know how to read man pages then try 
+	something like:</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>nroff -man smbd.8 | more
+	</B
+></TT
+></P
+><P
+>Other sources of information are pointed to 
+	by the Samba web site,<A
+HREF="http://www.samba.org/"
+TARGET="_top"
+>	http://www.samba.org</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN28"
+>1.2. Step 1: Building the Binaries</A
+></H1
+><P
+>To do this, first run the program <B
+CLASS="COMMAND"
+>./configure
+	</B
+> in the source directory. This should automatically 
+	configure Samba for your operating system. If you have unusual 
+	needs then you may wish to run</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>./configure --help
+	</B
+></TT
+></P
+><P
+>first to see what special options you can enable.
+	Then executing</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make</B
+></TT
+></P
+><P
+>will create the binaries. Once it's successfully 
+	compiled you can use </P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make install</B
+></TT
+></P
+><P
+>to install the binaries and manual pages. You can 
+	separately install the binaries and/or man pages using</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make installbin
+	</B
+></TT
+></P
+><P
+>and</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make installman
+	</B
+></TT
+></P
+><P
+>Note that if you are upgrading for a previous version 
+	of Samba you might like to know that the old versions of 
+	the binaries will be renamed with a ".old" extension. You 
+	can go back to the previous version with</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make revert
+	</B
+></TT
+></P
+><P
+>if you find this version a disaster!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN56"
+>1.3. Step 2: The all important step</A
+></H1
+><P
+>At this stage you must fetch yourself a 
+	coffee or other drink you find stimulating. Getting the rest 
+	of the install right can sometimes be tricky, so you will 
+	probably need it.</P
+><P
+>If you have installed samba before then you can skip 
+	this step.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN60"
+>1.4. Step 3: Create the smb configuration file.</A
+></H1
+><P
+>There are sample configuration files in the examples 
+	subdirectory in the distribution. I suggest you read them 
+	carefully so you can see how the options go together in 
+	practice. See the man page for all the options.</P
+><P
+>The simplest useful configuration file would be 
+	something like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	[global]
+	   workgroup = MYGROUP
+
+	   [homes]
+	      guest ok = no
+	      read only = no
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>which would allow connections by anyone with an 
+	account on the server, using either their login name or 
+	"homes" as the service name. (Note that I also set the 
+	workgroup that Samba is part of. See BROWSING.txt for details)</P
+><P
+>Note that <B
+CLASS="COMMAND"
+>make install</B
+> will not install 
+	a <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. You need to create it 
+	yourself. </P
+><P
+>Make sure you put the smb.conf file in the same place 
+	you specified in the<TT
+CLASS="FILENAME"
+>Makefile</TT
+> (the default is to 
+	look for it in <TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/</TT
+>).</P
+><P
+>For more information about security settings for the 
+	[homes] share please refer to the document UNIX_SECURITY.txt.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN74"
+>1.5. Step 4: Test your config file with 
+	<B
+CLASS="COMMAND"
+>testparm</B
+></A
+></H1
+><P
+>It's important that you test the validity of your
+	<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file using the testparm program. 
+	If testparm runs OK then it will list the loaded services. If 
+	not it will give an error message.</P
+><P
+>Make sure it runs OK and that the services look 
+	reasonable before proceeding. </P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN80"
+>1.6. Step 5: Starting the smbd and nmbd</A
+></H1
+><P
+>You must choose to start smbd and nmbd either
+	as daemons or from <B
+CLASS="COMMAND"
+>inetd</B
+>. Don't try
+	to do both!  Either you can put them in <TT
+CLASS="FILENAME"
+>	inetd.conf</TT
+> and have them started on demand
+	by <B
+CLASS="COMMAND"
+>inetd</B
+>, or you can start them as
+	daemons either from the command line or in <TT
+CLASS="FILENAME"
+>	/etc/rc.local</TT
+>. See the man pages for details
+	on the command line options. Take particular care to read
+	the bit about what user you need to be in order to start
+	Samba.  In many cases you must be root.</P
+><P
+>The main advantage of starting <B
+CLASS="COMMAND"
+>smbd</B
+>
+	and <B
+CLASS="COMMAND"
+>nmbd</B
+> using the recommended daemon method
+	is that they will respond slightly more quickly to an initial connection
+	request.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN90"
+>1.6.1. Step 5a: Starting from inetd.conf</A
+></H2
+><P
+>NOTE; The following will be different if 
+		you use NIS or NIS+ to distributed services maps.</P
+><P
+>Look at your <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>. 
+		What is defined at port 139/tcp. If nothing is defined 
+		then add a line like this:</P
+><P
+><TT
+CLASS="USERINPUT"
+><B
+>netbios-ssn     139/tcp</B
+></TT
+></P
+><P
+>similarly for 137/udp you should have an entry like:</P
+><P
+><TT
+CLASS="USERINPUT"
+><B
+>netbios-ns	137/udp</B
+></TT
+></P
+><P
+>Next edit your <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> 
+		and add two lines something like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The exact syntax of <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> 
+		varies between unixes. Look at the other entries in inetd.conf 
+		for a guide.</P
+><P
+>NOTE: Some unixes already have entries like netbios_ns 
+		(note the underscore) in <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>. 
+		You must either edit <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> or
+		<TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> to make them consistent.</P
+><P
+>NOTE: On many systems you may need to use the 
+		"interfaces" option in smb.conf to specify the IP address 
+		and netmask of your interfaces. Run <B
+CLASS="COMMAND"
+>ifconfig</B
+> 
+		as root if you don't know what the broadcast is for your
+		net. <B
+CLASS="COMMAND"
+>nmbd</B
+> tries to determine it at run 
+		time, but fails on some unixes. See the section on "testing nmbd" 
+		for a method of finding if you need to do this.</P
+><P
+>!!!WARNING!!! Many unixes only accept around 5 
+		parameters on the command line in <TT
+CLASS="FILENAME"
+>inetd.conf</TT
+>. 
+		This means you shouldn't use spaces between the options and 
+		arguments, or you should use a script, and start the script 
+		from <B
+CLASS="COMMAND"
+>inetd</B
+>.</P
+><P
+>Restart <B
+CLASS="COMMAND"
+>inetd</B
+>, perhaps just send 
+		it a HUP. If you have installed an earlier version of <B
+CLASS="COMMAND"
+>		nmbd</B
+> then you may need to kill nmbd as well.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN119"
+>1.6.2. Step 5b. Alternative: starting it as a daemon</A
+></H2
+><P
+>To start the server as a daemon you should create 
+		a script something like this one, perhaps calling 
+		it <TT
+CLASS="FILENAME"
+>startsmb</TT
+>.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		#!/bin/sh
+		/usr/local/samba/bin/smbd -D 
+		/usr/local/samba/bin/nmbd -D 
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>then make it executable with <B
+CLASS="COMMAND"
+>chmod 
+		+x startsmb</B
+></P
+><P
+>You can then run <B
+CLASS="COMMAND"
+>startsmb</B
+> by 
+		hand or execute it from <TT
+CLASS="FILENAME"
+>/etc/rc.local</TT
+>
+		</P
+><P
+>To kill it send a kill signal to the processes 
+		<B
+CLASS="COMMAND"
+>nmbd</B
+> and <B
+CLASS="COMMAND"
+>smbd</B
+>.</P
+><P
+>NOTE: If you use the SVR4 style init system then 
+		you may like to look at the <TT
+CLASS="FILENAME"
+>examples/svr4-startup</TT
+>
+		script to make Samba fit into that system.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN135"
+>1.7. Step 6: Try listing the shares available on your 
+	server</A
+></H1
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbclient -L 
+	<TT
+CLASS="REPLACEABLE"
+><I
+>yourhostname</I
+></TT
+></B
+></TT
+></P
+><P
+>You should get back a list of shares available on 
+	your server. If you don't then something is incorrectly setup. 
+	Note that this method can also be used to see what shares 
+	are available on other LanManager clients (such as WfWg).</P
+><P
+>If you choose user level security then you may find 
+	that Samba requests a password before it will list the shares. 
+	See the <B
+CLASS="COMMAND"
+>smbclient</B
+> man page for details. (you 
+	can force it to list the shares without a password by
+	adding the option -U% to the command line. This will not work 
+	with non-Samba servers)</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN144"
+>1.8. Step 7: Try connecting with the unix client</A
+></H1
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbclient <TT
+CLASS="REPLACEABLE"
+><I
+>	//yourhostname/aservice</I
+></TT
+></B
+></TT
+></P
+><P
+>Typically the <TT
+CLASS="REPLACEABLE"
+><I
+>yourhostname</I
+></TT
+> 
+	would be the name of the host where you installed <B
+CLASS="COMMAND"
+>	smbd</B
+>. The <TT
+CLASS="REPLACEABLE"
+><I
+>aservice</I
+></TT
+> is 
+	any service you have defined in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> 
+	file. Try your user name if you just have a [homes] section
+	in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.</P
+><P
+>For example if your unix host is bambi and your login 
+	name is fred you would type:</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbclient //bambi/fred
+	</B
+></TT
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN160"
+>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
+	Win2k, OS/2, etc... client</A
+></H1
+><P
+>Try mounting disks. eg:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINDOWS\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>net use d: \\servername\service
+	</B
+></TT
+></P
+><P
+>Try printing. eg:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINDOWS\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>net use lpt1:
+	\\servername\spoolservice</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINDOWS\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>print filename
+	</B
+></TT
+></P
+><P
+>Celebrate, or send me a bug report!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN174"
+>1.10. What If Things Don't Work?</A
+></H1
+><P
+>If nothing works and you start to think "who wrote 
+	this pile of trash" then I suggest you do step 2 again (and 
+	again) till you calm down.</P
+><P
+>Then you might read the file DIAGNOSIS.txt and the 
+	FAQ. If you are still stuck then try the mailing list or 
+	newsgroup (look in the README for details). Samba has been 
+	successfully installed at thousands of sites worldwide, so maybe 
+	someone else has hit your problem and has overcome it. You could 
+	also use the WWW site to scan back issues of the samba-digest.</P
+><P
+>When you fix the problem PLEASE send me some updates to the
+	documentation (or source code) so that the next person will find it
+	easier. </P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN179"
+>1.10.1. Diagnosing Problems</A
+></H2
+><P
+>If you have installation problems then go to 
+		<TT
+CLASS="FILENAME"
+>DIAGNOSIS.txt</TT
+> to try to find the 
+		problem.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN183"
+>1.10.2. Scope IDs</A
+></H2
+><P
+>By default Samba uses a blank scope ID. This means 
+		all your windows boxes must also have a blank scope ID. 
+		If you really want to use a non-blank scope ID then you will 
+		need to use the 'netbios scope' smb.conf option.
+                All your PCs will need to have the same setting for 
+		this to work. I do not recommend scope IDs.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN186"
+>1.10.3. Choosing the Protocol Level</A
+></H2
+><P
+>The SMB protocol has many dialects. Currently 
+		Samba supports 5, called CORE, COREPLUS, LANMAN1, 
+		LANMAN2 and NT1.</P
+><P
+>You can choose what maximum protocol to support 
+		in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. The default is 
+		NT1 and that is the best for the vast majority of sites.</P
+><P
+>In older versions of Samba you may have found it 
+		necessary to use COREPLUS. The limitations that led to 
+		this have mostly been fixed. It is now less likely that you 
+		will want to use less than LANMAN1. The only remaining advantage 
+		of COREPLUS is that for some obscure reason WfWg preserves 
+		the case of passwords in this protocol, whereas under LANMAN1, 
+		LANMAN2 or NT1 it uppercases all passwords before sending them,
+		forcing you to use the "password level=" option in some cases.</P
+><P
+>The main advantage of LANMAN2 and NT1 is support for 
+		long filenames with some clients (eg: smbclient, Windows NT 
+		or Win95). </P
+><P
+>See the smb.conf(5) manual page for more details.</P
+><P
+>Note: To support print queue reporting you may find 
+		that you have to use TCP/IP as the default protocol under 
+		WfWg. For some reason if you leave Netbeui as the default 
+		it may break the print queue reporting on some systems. 
+		It is presumably a WfWg bug.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN195"
+>1.10.4. Printing from UNIX to a Client PC</A
+></H2
+><P
+>To use a printer that is available via a smb-based 
+		server from a unix host you will need to compile the 
+		smbclient program. You then need to install the script 
+		"smbprint". Read the instruction in smbprint for more details.
+		</P
+><P
+>There is also a SYSV style script that does much 
+		the same thing called smbprint.sysv. It contains instructions.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN199"
+>1.10.5. Locking</A
+></H2
+><P
+>One area which sometimes causes trouble is locking.</P
+><P
+>There are two types of locking which need to be 
+		performed by a SMB server. The first is "record locking" 
+		which allows a client to lock a range of bytes in a open file. 
+		The second is the "deny modes" that are specified when a file 
+		is open.</P
+><P
+>Record locking semantics under Unix is very
+		different from record locking under Windows. Versions
+		of Samba before 2.2 have tried to use the native
+		fcntl() unix system call to implement proper record
+		locking between different Samba clients. This can not
+		be fully correct due to several reasons. The simplest
+		is the fact that a Windows client is allowed to lock a
+		byte range up to 2^32 or 2^64, depending on the client
+		OS. The unix locking only supports byte ranges up to
+		2^31. So it is not possible to correctly satisfy a
+		lock request above 2^31. There are many more
+		differences, too many to be listed here.</P
+><P
+>Samba 2.2 and above implements record locking
+		completely independent of the underlying unix
+		system. If a byte range lock that the client requests
+		happens to fall into the range 0-2^31, Samba hands
+		this request down to the Unix system. All other locks
+		can not be seen by unix anyway.</P
+><P
+>Strictly a SMB server should check for locks before 
+		every read and write call on a file. Unfortunately with the 
+		way fcntl() works this can be slow and may overstress the 
+		rpc.lockd. It is also almost always unnecessary as clients 
+		are supposed to independently make locking calls before reads 
+		and writes anyway if locking is important to them. By default 
+		Samba only makes locking calls when explicitly asked
+		to by a client, but if you set "strict locking = yes" then it will
+		make lock checking calls on every read and write. </P
+><P
+>You can also disable by range locking completely 
+		using "locking = no". This is useful for those shares that 
+		don't support locking or don't need it (such as cdroms). In 
+		this case Samba fakes the return codes of locking calls to 
+		tell clients that everything is OK.</P
+><P
+>The second class of locking is the "deny modes". These 
+		are set by an application when it opens a file to determine 
+		what types of access should be allowed simultaneously with 
+		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
+		or DENY_ALL. There are also special compatibility modes called 
+		DENY_FCB and  DENY_DOS.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN208"
+>1.10.6. Mapping Usernames</A
+></H2
+><P
+>If you have different usernames on the PCs and 
+		the unix server then take a look at the "username map" option. 
+		See the smb.conf man page for details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN211"
+>1.10.7. Other Character Sets</A
+></H2
+><P
+>If you have problems using filenames with accented 
+		characters in them (like the German, French or Scandinavian 
+		character sets) then I recommend you look at the "valid chars" 
+		option in smb.conf and also take a look at the validchars 
+		package in the examples directory.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="INTEGRATE-MS-NETWORKS"
+>Chapter 2. Integrating MS Windows networks with Samba</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN225"
+>2.1. Agenda</A
+></H1
+><P
+>To identify the key functional mechanisms of MS Windows networking 
+to enable the deployment of Samba as a means of extending and/or 
+replacing MS Windows NT/2000 technology.</P
+><P
+>We will examine:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>Name resolution in a pure Unix/Linux TCP/IP 
+	environment
+	</P
+></LI
+><LI
+><P
+>Name resolution as used within MS Windows 
+	networking
+	</P
+></LI
+><LI
+><P
+>How browsing functions and how to deploy stable 
+	and dependable browsing using Samba
+	</P
+></LI
+><LI
+><P
+>MS Windows security options and how to 
+	configure Samba for seemless integration
+	</P
+></LI
+><LI
+><P
+>Configuration of Samba as:</P
+><P
+></P
+><OL
+TYPE="a"
+><LI
+><P
+>A stand-alone server</P
+></LI
+><LI
+><P
+>An MS Windows NT 3.x/4.0 security domain member
+		</P
+></LI
+><LI
+><P
+>An alternative to an MS Windows NT 3.x/4.0 Domain Controller
+		</P
+></LI
+></OL
+></LI
+></OL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN247"
+>2.2. Name Resolution in a pure Unix/Linux world</A
+></H1
+><P
+>The key configuration files covered in this section are:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></P
+></LI
+></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN263"
+>2.2.1. <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></H2
+><P
+>Contains a static list of IP Addresses and names.
+eg:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The purpose of <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> is to provide a 
+name resolution mechanism so that uses do not need to remember 
+IP addresses.</P
+><P
+>Network packets that are sent over the physical network transport 
+layer communicate not via IP addresses but rather using the Media 
+Access Control address, or MAC address. IP Addresses are currently 
+32 bits in length and are typically presented as four (4) decimal 
+numbers that are separated by a dot (or period). eg: 168.192.1.1</P
+><P
+>MAC Addresses use 48 bits (or 6 bytes) and are typically represented 
+as two digit hexadecimal numbers separated by colons. eg: 
+40:8e:0a:12:34:56</P
+><P
+>Every network interfrace must have an MAC address. Associated with 
+a MAC address there may be one or more IP addresses. There is NO 
+relationship between an IP address and a MAC address, all such assignments 
+are arbitary or discretionary in nature. At the most basic level all 
+network communications takes place using MAC addressing. Since MAC 
+addresses must be globally unique, and generally remains fixed for 
+any particular interface, the assignment of an IP address makes sense 
+from a network management perspective. More than one IP address can 
+be assigned per MAC address. One address must be the primary IP address, 
+this is the address that will be returned in the ARP reply.</P
+><P
+>When a user or a process wants to communicate with another machine 
+the protocol implementation ensures that the "machine name" or "host 
+name" is resolved to an IP address in a manner that is controlled 
+by the TCP/IP configuration control files. The file 
+<TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> is one such file.</P
+><P
+>When the IP address of the destination interface has been 
+determined a protocol called ARP/RARP is used to identify 
+the MAC address of the target interface. ARP stands for Address 
+Resolution Protocol, and is a broadcast oriented method that 
+uses UDP (User Datagram Protocol) to send a request to all 
+interfaces on the local network segment using the all 1's MAC 
+address. Network interfaces are programmed to respond to two 
+MAC addresses only; their own unique address and the address 
+ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will 
+contain the MAC address and the primary IP address for each 
+interface.</P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file is foundational to all 
+Unix/Linux TCP/IP installations and as a minumum will contain 
+the localhost and local network interface IP addresses and the 
+primary names by which they are known within the local machine. 
+This file helps to prime the pump so that a basic level of name 
+resolution can exist before any other method of name resolution 
+becomes available.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN279"
+>2.2.2. <TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
+></H2
+><P
+>This file tells the name resolution libraries:</P
+><P
+></P
+><UL
+><LI
+><P
+>The name of the domain to which the machine 
+	belongs
+	</P
+></LI
+><LI
+><P
+>The name(s) of any domains that should be 
+	automatically searched when trying to resolve unqualified 
+	host names to their IP address
+	</P
+></LI
+><LI
+><P
+>The name or IP address of available Domain 
+	Name Servers that may be asked to perform name to address 
+	translation lookups
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN290"
+>2.2.3. <TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
+></H2
+><P
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+> is the primary means by 
+which the setting in /etc/resolv.conf may be affected. It is a 
+critical configuration file.  This file controls the order by 
+which name resolution may procede. The typical structure is:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	order hosts,bind
+	multi on</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>then both addresses should be returned. Please refer to the 
+man page for host.conf for further details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN298"
+>2.2.4. <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></H2
+><P
+>This file controls the actual name resolution targets. The 
+file typically has resolver object specifications as follows:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Of course, each of these mechanisms requires that the appropriate 
+facilities and/or services are correctly configured.</P
+><P
+>It should be noted that unless a network request/message must be 
+sent, TCP/IP networks are silent. All TCP/IP communications assumes a 
+principal of speaking only when necessary.</P
+><P
+>Samba version 2.2.0 will add Linux support for extensions to 
+the name service switch infrastructure so that linux clients will 
+be able to obtain resolution of MS Windows NetBIOS names to IP 
+Addresses. To gain this functionality Samba needs to be compiled 
+with appropriate arguments to the make command (ie: <B
+CLASS="COMMAND"
+>make 
+nsswitch/libnss_wins.so</B
+>). The resulting library should 
+then be installed in the <TT
+CLASS="FILENAME"
+>/lib</TT
+> directory and 
+the "wins" parameter needs to be added to the "hosts:" line in 
+the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file. At this point it 
+will be possible to ping any MS Windows machine by it's NetBIOS 
+machine name, so long as that machine is within the workgroup to 
+which both the samba machine and the MS Windows machine belong.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN310"
+>2.3. Name resolution as used within MS Windows networking</A
+></H1
+><P
+>MS Windows networking is predicated about the name each machine 
+is given. This name is known variously (and inconsistently) as 
+the "computer name", "machine name", "networking name", "netbios name", 
+"SMB name". All terms mean the same thing with the exception of 
+"netbios name" which can apply also to the name of the workgroup or the 
+domain name. The terms "workgroup" and "domain" are really just a 
+simply name with which the machine is associated. All NetBIOS names 
+are exactly 16 characters in length. The 16th character is reserved. 
+It is used to store a one byte value that indicates service level 
+information for the NetBIOS name that is registered. A NetBIOS machine 
+name is therefore registered for each service type that is provided by 
+the client/server.</P
+><P
+>The following are typical NetBIOS name/service type registrations:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	Unique NetBIOS Names:
+		MACHINENAME&#60;00&#62;	= Server Service is running on MACHINENAME
+		MACHINENAME&#60;03&#62; = Generic Machine Name (NetBIOS name)
+		MACHINENAME&#60;20&#62; = LanMan Server service is running on MACHINENAME
+		WORKGROUP&#60;1b&#62; = Domain Master Browser
+
+	Group Names:
+		WORKGROUP&#60;03&#62; = Generic Name registered by all members of WORKGROUP
+		WORKGROUP&#60;1c&#62; = Domain Controllers / Netlogon Servers
+		WORKGROUP&#60;1d&#62; = Local Master Browsers
+		WORKGROUP&#60;1e&#62; = Internet Name Resolvers</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>It should be noted that all NetBIOS machines register their own 
+names as per the above. This is in vast contrast to TCP/IP 
+installations where traditionally the system administrator will 
+determine in the /etc/hosts or in the DNS database what names 
+are associated with each IP address.</P
+><P
+>One further point of clarification should be noted, the <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> 
+file and the DNS records do not provide the NetBIOS name type information 
+that MS Windows clients depend on to locate the type of service that may 
+be needed. An example of this is what happens when an MS Windows client 
+wants to locate a domain logon server. It find this service and the IP 
+address of a server that provides it by performing a lookup (via a 
+NetBIOS broadcast) for enumeration of all machines that have 
+registered the name type *&#60;1c&#62;. A logon request is then sent to each 
+IP address that is returned in the enumerated list of IP addresses. Which 
+ever machine first replies then ends up providing the logon services.</P
+><P
+>The name "workgroup" or "domain" really can be confusing since these 
+have the added significance of indicating what is the security 
+architecture of the MS Windows network. The term "workgroup" indicates 
+that the primary nature of the network environment is that of a 
+peer-to-peer design. In a WORKGROUP all machines are responsible for 
+their own security, and generally such security is limited to use of 
+just a password (known as SHARE MODE security). In most situations 
+with peer-to-peer networking the users who control their own machines 
+will simply opt to have no security at all. It is possible to have 
+USER MODE security in a WORKGROUP environment, thus requiring use 
+of a user name and a matching password.</P
+><P
+>MS Windows networking is thus predetermined to use machine names 
+for all local and remote machine message passing. The protocol used is 
+called Server Message Block (SMB) and this is implemented using 
+the NetBIOS protocol (Network Basic Input Output System). NetBIOS can 
+be encapsulated using LLC (Logical Link Control) protocol - in which case 
+the resulting protocol is called NetBEUI (Network Basic Extended User 
+Interface). NetBIOS can also be run over IPX (Internetworking Packet 
+Exchange) protocol as used by Novell NetWare, and it can be run 
+over TCP/IP protocols - in which case the resulting protocol is called 
+NBT or NetBT, the NetBIOS over TCP/IP.</P
+><P
+>MS Windows machines use a complex array of name resolution mechanisms. 
+Since we are primarily concerned with TCP/IP this demonstration is 
+limited to this area.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN322"
+>2.3.1. The NetBIOS Name Cache</A
+></H2
+><P
+>All MS Windows machines employ an in memory buffer in which is 
+stored the NetBIOS names and IP addresses for all external 
+machines that that machine has communicated with over the 
+past 10-15 minutes. It is more efficient to obtain an IP address 
+for a machine from the local cache than it is to go through all the 
+configured name resolution mechanisms.</P
+><P
+>If a machine whose name is in the local name cache has been shut 
+down before the name had been expired and flushed from the cache, then 
+an attempt to exchange a message with that machine will be subject 
+to time-out delays. i.e.: Its name is in the cache, so a name resolution 
+lookup will succeed, but the machine can not respond. This can be 
+frustrating for users - but it is a characteristic of the protocol.</P
+><P
+>The MS Windows utility that allows examination of the NetBIOS 
+name cache is called "nbtstat". The Samba equivalent of this 
+is called "nmblookup".</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN327"
+>2.3.2. The LMHOSTS file</A
+></H2
+><P
+>This file is usually located in MS Windows NT 4.0 or 
+2000 in <TT
+CLASS="FILENAME"
+>C:\WINNT\SYSTEM32\DRIVERS\ETC</TT
+> and contains 
+the IP Address and the machine name in matched pairs. The 
+<TT
+CLASS="FILENAME"
+>LMHOSTS</TT
+> file performs NetBIOS name 
+to IP address mapping oriented.</P
+><P
+>It typically looks like:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:&#60;domain&#62;
+	#      #INCLUDE &#60;filename&#62;
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:&#60;domain&#62;" tag will associate the
+	# entry with the domain specified by &#60;domain&#62;. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The &#60;domain&#62; is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE &#60;filename&#62;" will force the RFC NetBIOS (NBT)
+	# software to seek the specified &#60;filename&#62; and parse it as if it were
+	# local. &#60;filename&#62; is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN335"
+>2.3.3. HOSTS file</A
+></H2
+><P
+>This file is usually located in MS Windows NT 4.0 or 2000 in 
+<TT
+CLASS="FILENAME"
+>C:\WINNT\SYSTEM32\DRIVERS\ETC</TT
+> and contains 
+the IP Address and the IP hostname in matched pairs. It can be 
+used by the name resolution infrastructure in MS Windows, depending 
+on how the TCP/IP environment is configured. This file is in 
+every way the equivalent of the Unix/Linux <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN340"
+>2.3.4. DNS Lookup</A
+></H2
+><P
+>This capability is configured in the TCP/IP setup area in the network 
+configuration facility. If enabled an elaborate name resolution sequence 
+is followed the precise nature of which isdependant on what the NetBIOS 
+Node Type parameter is configured to. A Node Type of 0 means use 
+NetBIOS broadcast (over UDP broadcast) is first used if the name 
+that is the subject of a name lookup is not found in the NetBIOS name 
+cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to 
+Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the 
+WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast 
+lookup is used.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN343"
+>2.3.5. WINS Lookup</A
+></H2
+><P
+>A WINS (Windows Internet Name Server) service is the equivaent of the 
+rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
+the names and IP addresses that are registered by a Windows client 
+if the TCP/IP setup has been given at least one WINS Server IP Address.</P
+><P
+>To configure Samba to be a WINS server the following parameter needs 
+to be added to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	wins support = Yes</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>To configure Samba to use a WINS server the following parameters are 
+needed in the smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	wins support = No
+	wins server = xxx.xxx.xxx.xxx</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>where <TT
+CLASS="REPLACEABLE"
+><I
+>xxx.xxx.xxx.xxx</I
+></TT
+> is the IP address 
+of the WINS server.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN355"
+>2.4. How browsing functions and how to deploy stable and 
+dependable browsing using Samba</A
+></H1
+><P
+>As stated above, MS Windows machines register their NetBIOS names 
+(i.e.: the machine name for each service type in operation) on start 
+up. Also, as stated above, the exact method by which this name registration 
+takes place is determined by whether or not the MS Windows client/server 
+has been given a WINS server address, whether or not LMHOSTS lookup 
+is enabled, or if DNS for NetBIOS name resolution is enabled, etc.</P
+><P
+>In the case where there is no WINS server all name registrations as 
+well as name lookups are done by UDP broadcast. This isolates name 
+resolution to the local subnet, unless LMHOSTS is used to list all 
+names and IP addresses. In such situations Samba provides a means by 
+which the samba server name may be forcibly injected into the browse 
+list of a remote MS Windows network (using the "remote announce" parameter).</P
+><P
+>Where a WINS server is used, the MS Windows client will use UDP 
+unicast to register with the WINS server. Such packets can be routed 
+and thus WINS allows name resolution to function across routed networks.</P
+><P
+>During the startup process an election will take place to create a 
+local master browser if one does not already exist. On each NetBIOS network 
+one machine will be elected to function as the domain master browser. This 
+domain browsing has nothing to do with MS security domain control. 
+Instead, the domain master browser serves the role of contacting each local 
+master browser (found by asking WINS or from LMHOSTS) and exchanging browse 
+list contents. This way every master browser will eventually obtain a complete 
+list of all machines that are on the network. Every 11-15 minutes an election 
+is held to determine which machine will be the master browser. By the nature of 
+the election criteria used, the machine with the highest uptime, or the 
+most senior protocol version, or other criteria, will win the election 
+as domain master browser.</P
+><P
+>Clients wishing to browse the network make use of this list, but also depend 
+on the availability of correct name resolution to the respective IP 
+address/addresses. </P
+><P
+>Any configuration that breaks name resolution and/or browsing intrinsics 
+will annoy users because they will have to put up with protracted 
+inability to use the network services.</P
+><P
+>Samba supports a feature that allows forced synchonisation 
+of browse lists across routed networks using the "remote 
+browse sync" parameter in the smb.conf file. This causes Samba 
+to contact the local master browser on a remote network and 
+to request browse list synchronisation. This effectively bridges 
+two networks that are separated by routers. The two remote 
+networks may use either broadcast based name resolution or WINS 
+based name resolution, but it should be noted that the "remote 
+browse sync" parameter provides browse list synchronisation - and 
+that is distinct from name to address resolution, in other 
+words, for cross subnet browsing to function correctly it is 
+essential that a name to address resolution mechanism be provided. 
+This mechanism could be via DNS, <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+>, 
+and so on.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN365"
+>2.5. MS Windows security options and how to configure 
+Samba for seemless integration</A
+></H1
+><P
+>MS Windows clients may use encrypted passwords as part of a 
+challenege/response authentication model (a.k.a. NTLMv1) or 
+alone, or clear text strings for simple password based 
+authentication. It should be realized that with the SMB 
+protocol the password is passed over the network either 
+in plain text or encrypted, but not both in the same 
+authentication requets.</P
+><P
+>When encrypted passwords are used a password that has been 
+entered by the user is encrypted in two ways:</P
+><P
+></P
+><UL
+><LI
+><P
+>An MD4 hash of the UNICODE of the password
+	string.  This is known as the NT hash.
+	</P
+></LI
+><LI
+><P
+>The password is converted to upper case,
+	and then padded or trucated to 14 bytes.  This string is 
+	then appended with 5 bytes of NULL characters and split to
+	form two 56 bit DES keys to encrypt a "magic" 8 byte value.
+	The resulting 16 bytes for the LanMan hash.
+	</P
+></LI
+></UL
+><P
+>You should refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Password Encryption</A
+> chapter in this HOWTO collection
+for more details on the inner workings</P
+><P
+>MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x 
+and version 4.0 pre-service pack 3 will use either mode of 
+password authentication. All versions of MS Windows that follow 
+these versions no longer support plain text passwords by default.</P
+><P
+>MS Windows clients have a habit of dropping network mappings that 
+have been idle for 10 minutes or longer. When the user attempts to 
+use the mapped drive connection that has been dropped, the client
+re-establishes the connection using 
+a cached copy of the password.</P
+><P
+>When Microsoft changed the default password mode, they dropped support for 
+caching of the plain text password. This means that when the registry 
+parameter is changed to re-enable use of plain text passwords it appears to 
+work, but when a dropped mapping attempts to revalidate it will fail if 
+the remote authentication server does not support encrypted passwords. 
+This means that it is definitely not a good idea to re-enable plain text 
+password support in such clients.</P
+><P
+>The following parameters can be used to work around the 
+issue of Windows 9x client upper casing usernames and
+password before transmitting them to the SMB server
+when using clear text authentication.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	<A
+HREF="smb.conf.5.html#PASSWORDLEVEL"
+TARGET="_top"
+>passsword level</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>integer</I
+></TT
+>
+	<A
+HREF="smb.conf.5.html#USERNAMELEVEL"
+TARGET="_top"
+>username level</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>integer</I
+></TT
+></PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>By default Samba will lower case the username before attempting
+to lookup the user in the database of local system accounts.
+Because UNIX usernames conventionally only contain lower case
+character, the <TT
+CLASS="PARAMETER"
+><I
+>username level</I
+></TT
+> parameter
+is rarely even needed.</P
+><P
+>However, password on UNIX systems often make use of mixed case
+characters.  This means that in order for a user on a Windows 9x
+client to connect to a Samba server using clear text authentication,
+the <TT
+CLASS="PARAMETER"
+><I
+>password level</I
+></TT
+> must be set to the maximum
+number of upper case letter which <EM
+>could</EM
+> appear
+is a password.  Note that is the server OS uses the traditional
+DES version of crypt(), then a <TT
+CLASS="PARAMETER"
+><I
+>password level</I
+></TT
+>
+of 8 will result in case insensitive passwords as seen from Windows
+users.  This will also result in longer login times as Samba
+hash to compute the permutations of the password string and 
+try them one by one until a match is located (or all combinations fail).</P
+><P
+>The best option to adopt is to enable support for encrypted passwords 
+where ever Samba is used. There are three configuration possibilities 
+for support of encrypted passwords:</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN393"
+>2.5.1. Use MS Windows NT as an authentication server</A
+></H2
+><P
+>This method involves the additions of the following parameters 
+in the smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>There are two ways of identifying whether or not a username and 
+password pair was valid or not. One uses the reply information provided 
+as part of the authentication messaging process, the other uses 
+just and error code.</P
+><P
+>The down-side of this mode of configuration is the fact that 
+for security reasons Samba will send the password server a bogus 
+username and a bogus password and if the remote server fails to 
+reject the username and password pair then an alternative mode 
+of identification of validation is used. Where a site uses password 
+lock out after a certain number of failed authentication attempts 
+this will result in user lockouts.</P
+><P
+>Use of this mode of authentication does require there to be 
+a standard Unix account for the user, this account can be blocked 
+to prevent logons by other than MS Windows clients.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN401"
+>2.5.2. Make Samba a member of an MS Windows NT security domain</A
+></H2
+><P
+>This method involves additon of the following paramters in the smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The use of the "*" argument to "password server" will cause samba 
+to locate the domain controller in a way analogous to the way 
+this is done within MS Windows NT.</P
+><P
+>In order for this method to work the Samba server needs to join the 
+MS Windows NT security domain. This is done as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>On the MS Windows NT domain controller using 
+	the Server Manager add a machine account for the Samba server.
+	</P
+></LI
+><LI
+><P
+>Next, on the Linux system execute: 
+	<B
+CLASS="COMMAND"
+>smbpasswd -r PDC_NAME -j DOMAIN_NAME</B
+>
+	</P
+></LI
+></UL
+><P
+>Use of this mode of authentication does require there to be 
+a standard Unix account for the user in order to assign
+a uid once the account has been authenticated by the remote
+Windows DC.  This account can be blocked to prevent logons by 
+other than MS Windows clients by things such as setting an invalid
+shell in the <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry.</P
+><P
+>An alternative to assigning UIDs to Windows users on a 
+Samba member server is presented in the <A
+HREF="winbind.html"
+TARGET="_top"
+>Winbind Overview</A
+> chapter in
+this HOWTO collection.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN418"
+>2.5.3. Configure Samba as an authentication server</A
+></H2
+><P
+>This mode of authentication demands that there be on the 
+Unix/Linux system both a Unix style account as well as an 
+smbpasswd entry for the user. The Unix system account can be 
+locked if required as only the encrypted password will be 
+used for SMB client authentication.</P
+><P
+>This method involves addition of the following parameters to 
+the smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>in order for this method to work a Unix system account needs 
+to be created for each user, as well as for each MS Windows NT/2000 
+machine. The following structure is required.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN425"
+>2.5.3.1. Users</A
+></H3
+><P
+>A user account that may provide a home directory should be 
+created. The following Linux system commands are typical of 
+the procedure for creating an account.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# useradd -s /bin/bash -d /home/"userid" -m "userid"
+	# passwd "userid"
+	  Enter Password: &#60;pw&#62;
+	  
+	# smbpasswd -a "userid"
+	  Enter Password: &#60;pw&#62;</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN430"
+>2.5.3.2. MS Windows NT Machine Accounts</A
+></H3
+><P
+>These are required only when Samba is used as a domain 
+controller.  Refer to the Samba-PDC-HOWTO for more details.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# useradd -s /bin/false -d /dev/null "machine_name"\$
+	# passwd -l "machine_name"\$
+	# smbpasswd -a -m "machine_name"</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN435"
+>2.6. Conclusions</A
+></H1
+><P
+>Samba provides a flexible means to operate as...</P
+><P
+></P
+><UL
+><LI
+><P
+>A Stand-alone server - No special action is needed 
+	other than to create user accounts. Stand-alone servers do NOT 
+	provide network logon services, meaning that machines that use this 
+	server do NOT perform a domain logon but instead make use only of 
+	the MS Windows logon which is local to the MS Windows 
+	workstation/server.
+	</P
+></LI
+><LI
+><P
+>An MS Windows NT 3.x/4.0 security domain member.
+	</P
+></LI
+><LI
+><P
+>An alternative to an MS Windows NT 3.x/4.0 
+	Domain Controller.
+	</P
+></LI
+></UL
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="PAM"
+>Chapter 3. Configuring PAM for distributed but centrally 
+managed authentication</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN456"
+>3.1. Samba and PAM</A
+></H1
+><P
+>A number of Unix systems (eg: Sun Solaris), as well as the 
+xxxxBSD family and Linux, now utilize the Pluggable Authentication 
+Modules (PAM) facility to provide all authentication, 
+authorization and resource control services. Prior to the 
+introduction of PAM, a decision to use an alternative to 
+the system password database (<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>) 
+would require the provision of alternatives for all programs that provide 
+security services. Such a choice would involve provision of 
+alternatives to such programs as: <B
+CLASS="COMMAND"
+>login</B
+>, 
+<B
+CLASS="COMMAND"
+>passwd</B
+>, <B
+CLASS="COMMAND"
+>chown</B
+>, etc.</P
+><P
+>PAM provides a mechanism that disconnects these security programs 
+from the underlying authentication/authorization infrastructure.
+PAM is configured either through one file <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> (Solaris), 
+or by editing individual files that are located in <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+>.</P
+><P
+>The following is an example <TT
+CLASS="FILENAME"
+>/etc/pam.d/login</TT
+> configuration file. 
+This example had all options been uncommented is probably not usable 
+as it stacks many conditions before allowing successful completion 
+of the login process. Essentially all conditions can be disabled 
+by commenting them out except the calls to <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>PAM allows use of replacable modules. Those available on a 
+sample system include:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The following example for the login program replaces the use of 
+the <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+> module which uses the system 
+password database (<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>,
+<TT
+CLASS="FILENAME"
+>/etc/shadow</TT
+>, <TT
+CLASS="FILENAME"
+>/etc/group</TT
+>) with 
+the module <TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+> which uses the Samba 
+database which contains the Microsoft MD4 encrypted password 
+hashes. This database is stored in either 
+<TT
+CLASS="FILENAME"
+>/usr/local/samba/private/smbpasswd</TT
+>, 
+<TT
+CLASS="FILENAME"
+>/etc/samba/smbpasswd</TT
+>, or in 
+<TT
+CLASS="FILENAME"
+>/etc/samba.d/smbpasswd</TT
+>, depending on the 
+Samba implementation for your Unix/Linux system. The 
+<TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+> module is provided by 
+Samba version 2.2.1 or later. It can be compiled by specifying the 
+<B
+CLASS="COMMAND"
+>--with-pam_smbpass</B
+> options when running Samba's
+<TT
+CLASS="FILENAME"
+>configure</TT
+> script.  For more information
+on the <TT
+CLASS="FILENAME"
+>pam_smbpass</TT
+> module, see the documentation
+in the <TT
+CLASS="FILENAME"
+>source/pam_smbpass</TT
+> directory of the Samba 
+source distribution.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The following is the PAM configuration file for a particular 
+Linux system. The default condition uses <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>In the following example the decision has been made to use the 
+smbpasswd database even for basic samba authentication. Such a 
+decision could also be made for the passwd program and would 
+thus allow the smbpasswd passwords to be changed using the passwd 
+program.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Note: PAM allows stacking of authentication mechanisms. It is 
+also possible to pass information obtained within on PAM module through 
+to the next module in the PAM stack. Please refer to the documentation for 
+your particular system implementation for details regarding the specific 
+capabilities of PAM in this environment. Some Linux implmentations also 
+provide the <TT
+CLASS="FILENAME"
+>pam_stack.so</TT
+> module that allows all 
+authentication to be configured in a single central file. The 
+<TT
+CLASS="FILENAME"
+>pam_stack.so</TT
+> method has some very devoted followers 
+on the basis that it allows for easier administration. As with all issues in 
+life though, every decision makes trade-offs, so you may want examine the 
+PAM documentation for further helpful information.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN500"
+>3.2. Distributed Authentication</A
+></H1
+><P
+>The astute administrator will realize from this that the 
+combination of <TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+>, 
+<B
+CLASS="COMMAND"
+>winbindd</B
+>, and <B
+CLASS="COMMAND"
+>rsync</B
+> (see
+<A
+HREF="http://rsync.samba.org/"
+TARGET="_top"
+>http://rsync.samba.org/</A
+>)
+will allow the establishment of a centrally managed, distributed 
+user/password database that can also be used by all 
+PAM (eg: Linux) aware programs and applications. This arrangement 
+can have particularly potent advantages compared with the 
+use of Microsoft Active Directory Service (ADS) in so far as 
+reduction of wide area network authentication traffic.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN507"
+>3.3. PAM Configuration in smb.conf</A
+></H1
+><P
+>There is an option in smb.conf called <A
+HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
+TARGET="_top"
+>obey pam restrictions</A
+>. 
+The following is from the on-line help for this option in SWAT;</P
+><P
+>When Samba 2.2 is configure to enable PAM support (i.e. 
+<TT
+CLASS="CONSTANT"
+>--with-pam</TT
+>), this parameter will 
+control whether or not Samba should obey PAM's account 
+and session management directives. The default behavior 
+is to use PAM for clear text authentication only and to 
+ignore any account or session management. Note that Samba always 
+ignores PAM for authentication in the case of 
+<A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>encrypt passwords = yes</A
+>. 
+The reason is that PAM modules cannot support the challenge/response 
+authentication mechanism needed in the presence of SMB 
+password encryption. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>obey pam restrictions = no</B
+></P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="MSDFS"
+>Chapter 4. Hosting a Microsoft Distributed File System tree on Samba</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN527"
+>4.1. Instructions</A
+></H1
+><P
+>The Distributed File System (or Dfs) provides a means of 
+	separating the logical view of files and directories that users 
+	see from the actual physical locations of these resources on the 
+	network. It allows for higher availability, smoother storage expansion, 
+	load balancing etc. For more information about Dfs, refer to  <A
+HREF="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp"
+TARGET="_top"
+>	Microsoft documentation</A
+>. </P
+><P
+>This document explains how to host a Dfs tree on a Unix 
+	machine (for Dfs-aware clients to browse) using Samba.</P
+><P
+>To enable SMB-based DFS for Samba, configure it with the 
+	<TT
+CLASS="PARAMETER"
+><I
+>--with-msdfs</I
+></TT
+> option. Once built, a 
+	Samba server can be made a Dfs server by setting the global 
+	boolean <A
+HREF="smb.conf.5.html#HOSTMSDFS"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	host msdfs</I
+></TT
+></A
+> parameter in the <TT
+CLASS="FILENAME"
+>smb.conf
+	</TT
+> file. You designate a share as a Dfs root using the share 
+	level boolean <A
+HREF="smb.conf.5.html#MSDFSROOT"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	msdfs root</I
+></TT
+></A
+> parameter. A Dfs root directory on 
+	Samba hosts Dfs links in the form of symbolic links that point 
+	to other servers. For example, a symbolic link
+	<TT
+CLASS="FILENAME"
+>junction-&#62;msdfs:storage1\share1</TT
+> in 
+	the share directory acts as the Dfs junction. When Dfs-aware 
+	clients attempt to access the junction link, they are redirected 
+	to the storage location (in this case, \\storage1\share1).</P
+><P
+>Dfs trees on Samba work with all Dfs-aware clients ranging 
+	from Windows 95 to 2000.</P
+><P
+>Here's an example of setting up a Dfs tree on a Samba 
+	server.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+># The smb.conf file:
+[global]
+	netbios name = SAMBA
+	host msdfs   = yes
+
+[dfs]
+	path = /export/dfsroot
+	msdfs root = yes
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>In the /export/dfsroot directory we set up our dfs links to 
+	other servers on the network.</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>cd /export/dfsroot</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>chown root /export/dfsroot</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>chmod 755 /export/dfsroot</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>ln -s msdfs:storageA\\shareA linka</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>ln -s msdfs:serverB\\share,serverC\\share linkb</B
+></TT
+></P
+><P
+>You should set up the permissions and ownership of 
+	the directory acting as the Dfs root such that only designated 
+	users can create, delete or modify the msdfs links. Also note 
+	that symlink names should be all lowercase. This limitation exists 
+	to have Samba avoid trying all the case combinations to get at 
+	the link name. Finally set up the symbolic links to point to the 
+	network shares you want, and start Samba.</P
+><P
+>Users on Dfs-aware clients can now browse the Dfs tree 
+	on the Samba server at \\samba\dfs. Accessing 
+	links linka or linkb (which appear as directories to the client) 
+	takes users directly to the appropriate shares on the network.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN562"
+>4.1.1. Notes</A
+></H2
+><P
+></P
+><UL
+><LI
+><P
+>Windows clients need to be rebooted 
+			if a previously mounted non-dfs share is made a dfs 
+			root or vice versa. A better way is to introduce a 
+			new share and make it the dfs root.</P
+></LI
+><LI
+><P
+>Currently there's a restriction that msdfs 
+			symlink names should all be lowercase.</P
+></LI
+><LI
+><P
+>For security purposes, the directory 
+			acting as the root of the Dfs tree should have ownership 
+			and permissions set so that only designated users can 
+			modify the symbolic links in the directory.</P
+></LI
+></UL
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="UNIX-PERMISSIONS"
+>Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN582"
+>5.1. Viewing and changing UNIX permissions using the NT 
+	security dialogs</A
+></H1
+><P
+>New in the Samba 2.0.4 release is the ability for Windows 
+	NT clients to use their native security settings dialog box to 
+	view and modify the underlying UNIX permissions.</P
+><P
+>Note that this ability is careful not to compromise 
+	the security of the UNIX host Samba is running on, and 
+	still obeys all the file permission rules that a Samba 
+	administrator can set.</P
+><P
+>In Samba 2.0.4 and above the default value of the 
+	parameter <A
+HREF="smb.conf.5.html#NTACLSUPPORT"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	nt acl support</I
+></TT
+></A
+> has been changed from 
+	<TT
+CLASS="CONSTANT"
+>false</TT
+> to <TT
+CLASS="CONSTANT"
+>true</TT
+>, so 
+ 	manipulation of permissions is turned on by default.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN591"
+>5.2. How to view file security on a Samba share</A
+></H1
+><P
+>From an NT 4.0 client, single-click with the right 
+	mouse button on any file or directory in a Samba mounted 
+	drive letter or UNC path. When the menu pops-up, click 
+	on the <EM
+>Properties</EM
+> entry at the bottom of 
+	the menu. This brings up the normal file properties dialog
+	box, but with Samba 2.0.4 this will have a new tab along the top
+	marked <EM
+>Security</EM
+>. Click on this tab and you 
+	will see three buttons, <EM
+>Permissions</EM
+>, 	
+	<EM
+>Auditing</EM
+>, and <EM
+>Ownership</EM
+>. 
+	The <EM
+>Auditing</EM
+> button will cause either 
+	an error message <SPAN
+CLASS="ERRORNAME"
+>A requested privilege is not held 
+	by the client</SPAN
+> to appear if the user is not the 
+	NT Administrator, or a dialog which is intended to allow an 
+	Administrator to add auditing requirements to a file if the 
+	user is logged on as the NT Administrator. This dialog is 
+	non-functional with a Samba share at this time, as the only 
+	useful button, the <B
+CLASS="COMMAND"
+>Add</B
+> button will not currently 
+	allow a list of users to be seen.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN602"
+>5.3. Viewing file ownership</A
+></H1
+><P
+>Clicking on the <B
+CLASS="COMMAND"
+>"Ownership"</B
+> button 
+	brings up a dialog box telling you who owns the given file. The 
+	owner name will be of the form :</P
+><P
+><B
+CLASS="COMMAND"
+>"SERVER\user (Long name)"</B
+></P
+><P
+>Where <TT
+CLASS="REPLACEABLE"
+><I
+>SERVER</I
+></TT
+> is the NetBIOS name of 
+	the Samba server, <TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+> is the user name of 
+	the UNIX user who owns the file, and <TT
+CLASS="REPLACEABLE"
+><I
+>(Long name)</I
+></TT
+>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database). Click on the <B
+CLASS="COMMAND"
+>Close
+	</B
+> button to remove this dialog.</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then the file owner will 
+	be shown as the NT user <B
+CLASS="COMMAND"
+>"Everyone"</B
+>.</P
+><P
+>The <B
+CLASS="COMMAND"
+>Take Ownership</B
+> button will not allow 
+	you to change the ownership of this file to yourself (clicking on 
+	it will display a dialog box complaining that the user you are 
+	currently logged onto the NT client cannot be found). The reason 
+	for this is that changing the ownership of a file is a privileged 
+	operation in UNIX, available only to the <EM
+>root</EM
+> 
+	user. As clicking on this button causes NT to attempt to change 
+	the ownership of a file to the current user logged into the NT 
+	client this will not work with Samba at this time.</P
+><P
+>There is an NT chown command that will work with Samba 
+	and allow a user with Administrator privilege connected 
+	to a Samba 2.0.4 server as root to change the ownership of 
+	files on both a local NTFS filesystem or remote mounted NTFS 
+	or Samba drive. This is available as part of the <EM
+>Seclib
+	</EM
+> NT security library written by Jeremy Allison of 
+	the Samba Team, available from the main Samba ftp site.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN622"
+>5.4. Viewing file or directory permissions</A
+></H1
+><P
+>The third button is the <B
+CLASS="COMMAND"
+>"Permissions"</B
+> 
+	button. Clicking on this brings up a dialog box that shows both 
+	the permissions and the UNIX owner of the file or directory. 
+	The owner is displayed in the form :</P
+><P
+><B
+CLASS="COMMAND"
+>"SERVER\user (Long name)"</B
+></P
+><P
+>Where <TT
+CLASS="REPLACEABLE"
+><I
+>SERVER</I
+></TT
+> is the NetBIOS name of 
+	the Samba server, <TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+> is the user name of 
+	the UNIX user who owns the file, and <TT
+CLASS="REPLACEABLE"
+><I
+>(Long name)</I
+></TT
+>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database).</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then the file owner will 
+	be shown as the NT user <B
+CLASS="COMMAND"
+>"Everyone"</B
+> and the 
+	permissions will be shown as NT "Full Control".</P
+><P
+>The permissions field is displayed differently for files 
+	and directories, so I'll describe the way file permissions 
+	are displayed first.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN637"
+>5.4.1. File Permissions</A
+></H2
+><P
+>The standard UNIX user/group/world triple and 
+		the corresponding "read", "write", "execute" permissions 
+		triples are mapped by Samba into a three element NT ACL 
+		with the 'r', 'w', and 'x' bits mapped into the corresponding 
+		NT permissions. The UNIX world permissions are mapped into 
+		the global NT group <B
+CLASS="COMMAND"
+>Everyone</B
+>, followed 
+		by the list of permissions allowed for UNIX world. The UNIX 
+		owner and group permissions are displayed as an NT 
+		<B
+CLASS="COMMAND"
+>user</B
+> icon and an NT <B
+CLASS="COMMAND"
+>local 
+		group</B
+> icon respectively followed by the list 
+	 	of permissions allowed for the UNIX user and group.</P
+><P
+>As many UNIX permission sets don't map into common 
+		NT names such as <B
+CLASS="COMMAND"
+>"read"</B
+>, <B
+CLASS="COMMAND"
+>		"change"</B
+> or <B
+CLASS="COMMAND"
+>"full control"</B
+> then 
+		usually the permissions will be prefixed by the words <B
+CLASS="COMMAND"
+>		"Special Access"</B
+> in the NT display list.</P
+><P
+>But what happens if the file has no permissions allowed 
+		for a particular UNIX user group or world component ? In order 
+		to  allow "no permissions" to be seen and modified then Samba 
+		overloads the NT <B
+CLASS="COMMAND"
+>"Take Ownership"</B
+> ACL attribute 
+		(which has no meaning in UNIX) and reports a component with 
+		no permissions as having the NT <B
+CLASS="COMMAND"
+>"O"</B
+> bit set. 
+		This was chosen of course to make it look like a zero, meaning 
+		zero permissions. More details on the decision behind this will 
+		be given below.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN651"
+>5.4.2. Directory Permissions</A
+></H2
+><P
+>Directories on an NT NTFS file system have two 
+		different sets of permissions. The first set of permissions 
+		is the ACL set on the directory itself, this is usually displayed 
+		in the first set of parentheses in the normal <B
+CLASS="COMMAND"
+>"RW"</B
+> 
+		NT style. This first set of permissions is created by Samba in 
+		exactly the same way as normal file permissions are, described 
+		above, and is displayed in the same way.</P
+><P
+>The second set of directory permissions has no real meaning 
+		in the UNIX permissions world and represents the <B
+CLASS="COMMAND"
+>		"inherited"</B
+> permissions that any file created within 
+		this directory would inherit.</P
+><P
+>Samba synthesises these inherited permissions for NT by 
+		returning as an NT ACL the UNIX permission mode that a new file 
+		created by Samba on this share would receive.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN658"
+>5.5. Modifying file or directory permissions</A
+></H1
+><P
+>Modifying file and directory permissions is as simple 
+	as changing the displayed permissions in the dialog box, and 
+	clicking the <B
+CLASS="COMMAND"
+>OK</B
+> button. However, there are 
+	limitations that a user needs to be aware of, and also interactions 
+	with the standard Samba permission masks and mapping of DOS 
+	attributes that need to also be taken into account.</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then any attempt to set 
+	security permissions will fail with an <B
+CLASS="COMMAND"
+>"Access Denied"
+	</B
+> message.</P
+><P
+>The first thing to note is that the <B
+CLASS="COMMAND"
+>"Add"</B
+> 
+	button will not return a list of users in Samba 2.0.4 (it will give 
+	an error message of <B
+CLASS="COMMAND"
+>"The remote procedure call failed 
+	and did not execute"</B
+>). This means that you can only 
+	manipulate the current user/group/world permissions listed in 
+	the dialog box. This actually works quite well as these are the 
+	only permissions that UNIX actually has.</P
+><P
+>If a permission triple (either user, group, or world) 
+	is removed from the list of permissions in the NT dialog box, 
+	then when the <B
+CLASS="COMMAND"
+>"OK"</B
+> button is pressed it will 
+	be applied as "no permissions" on the UNIX side. If you then 
+	view the permissions again the "no permissions" entry will appear 
+	as the NT <B
+CLASS="COMMAND"
+>"O"</B
+> flag, as described above. This 
+	allows you to add permissions back to a file or directory once 
+	you have removed them from a triple component.</P
+><P
+>As UNIX supports only the "r", "w" and "x" bits of 
+	an NT ACL then if other NT security attributes such as "Delete 
+	access" are selected then they will be ignored when applied on 
+	the Samba server.</P
+><P
+>When setting permissions on a directory the second 
+	set of permissions (in the second set of parentheses) is 
+	by default applied to all files within that directory. If this 
+	is not what you want you must uncheck the <B
+CLASS="COMMAND"
+>"Replace 
+	permissions on existing files"</B
+> checkbox in the NT 
+	dialog before clicking <B
+CLASS="COMMAND"
+>"OK"</B
+>.</P
+><P
+>If you wish to remove all permissions from a 
+	user/group/world  component then you may either highlight the 
+	component and click the <B
+CLASS="COMMAND"
+>"Remove"</B
+> button, 
+	or set the component to only have the special <B
+CLASS="COMMAND"
+>"Take
+	Ownership"</B
+> permission (displayed as <B
+CLASS="COMMAND"
+>"O"
+	</B
+>) highlighted.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN680"
+>5.6. Interaction with the standard Samba create mask 
+	parameters</A
+></H1
+><P
+>Note that with Samba 2.0.5 there are four new parameters 
+	to control this interaction.  These are :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode</I
+></TT
+></P
+><P
+>Once a user clicks <B
+CLASS="COMMAND"
+>"OK"</B
+> to apply the 
+	permissions Samba maps the given permissions into a user/group/world 
+	r/w/x triple set, and then will check the changed permissions for a 
+	file against the bits set in the <A
+HREF="smb.conf.5.html#SECURITYMASK"
+TARGET="_top"
+> 
+	<TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+> parameter. Any bits that 
+	were changed that are not set to '1' in this parameter are left alone 
+	in the file permissions.</P
+><P
+>Essentially, zero bits in the <TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+>
+	mask may be treated as a set of bits the user is <EM
+>not</EM
+> 
+	allowed to change, and one bits are those the user is allowed to change.
+	</P
+><P
+>If not set explicitly this parameter is set to the same value as 
+	the <A
+HREF="smb.conf.5.html#CREATEMASK"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask
+	</I
+></TT
+></A
+> parameter to provide compatibility with Samba 2.0.4 
+	where this permission change facility was introduced. To allow a user to 
+	modify all the user/group/world permissions on a file, set this parameter 
+	to 0777.</P
+><P
+>Next Samba checks the changed permissions for a file against 
+	the bits set in the <A
+HREF="smb.conf.5.html#FORCESECURITYMODE"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></A
+> parameter. Any bits 
+	that were changed that correspond to bits set to '1' in this parameter 
+	are forced to be set.</P
+><P
+>Essentially, bits set in the <TT
+CLASS="PARAMETER"
+><I
+>force security mode
+	</I
+></TT
+> parameter may be treated as a set of bits that, when 
+	modifying security on a file, the user has always set to be 'on'.</P
+><P
+>If not set explicitly this parameter is set to the same value 
+	as the <A
+HREF="smb.conf.5.html#FORCECREATEMODE"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+	create mode</I
+></TT
+></A
+> parameter to provide compatibility
+	with Samba 2.0.4 where the permission change facility was introduced.
+	To allow a user to modify all the user/group/world permissions on a file
+	with no restrictions set this parameter to 000.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>force 
+	security mode</I
+></TT
+> parameters are applied to the change 
+	request in that order.</P
+><P
+>For a directory Samba will perform the same operations as 
+	described above for a file except using the parameter <TT
+CLASS="PARAMETER"
+><I
+>	directory security mask</I
+></TT
+> instead of <TT
+CLASS="PARAMETER"
+><I
+>security 
+	mask</I
+></TT
+>, and <TT
+CLASS="PARAMETER"
+><I
+>force directory security mode
+	</I
+></TT
+> parameter instead of <TT
+CLASS="PARAMETER"
+><I
+>force security mode
+	</I
+></TT
+>.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+> parameter 
+	by default is set to the same value as the <TT
+CLASS="PARAMETER"
+><I
+>directory mask
+	</I
+></TT
+> parameter and the <TT
+CLASS="PARAMETER"
+><I
+>force directory security 
+	mode</I
+></TT
+> parameter by default is set to the same value as 
+ 	the <TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+> parameter to provide 
+	compatibility with Samba 2.0.4 where the permission change facility 
+	was introduced.</P
+><P
+>In this way Samba enforces the permission restrictions that 
+	an administrator can set on a Samba share, whilst still allowing users 
+	to modify the permission bits within that restriction.</P
+><P
+>If you want to set up a share that allows users full control
+	in modifying the permission bits on their files and directories and
+	doesn't force any particular bits to be set 'on', then set the following
+	parameters in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)
+	</TT
+></A
+> file in that share specific section :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>security mask = 0777</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode = 0</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask = 0777</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode = 0</I
+></TT
+></P
+><P
+>As described, in Samba 2.0.4 the parameters :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+></P
+><P
+>were used instead of the parameters discussed here.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN744"
+>5.7. Interaction with the standard Samba file attribute 
+	mapping</A
+></H1
+><P
+>Samba maps some of the DOS attribute bits (such as "read 
+	only") into the UNIX permissions of a file. This means there can 
+	be a conflict between the permission bits set via the security 
+	dialog and the permission bits set by the file attribute mapping.
+	</P
+><P
+>One way this can show up is if a file has no UNIX read access
+	for the owner it will show up as "read only" in the standard 
+	file attributes tabbed dialog. Unfortunately this dialog is
+	the same one that contains the security info in another tab.</P
+><P
+>What this can mean is that if the owner changes the permissions
+	to allow themselves read access using the security dialog, clicks
+	<B
+CLASS="COMMAND"
+>"OK"</B
+> to get back to the standard attributes tab 
+	dialog, and then clicks <B
+CLASS="COMMAND"
+>"OK"</B
+> on that dialog, then 
+	NT will set the file permissions back to read-only (as that is what 
+	the attributes still say in the dialog). This means that after setting 
+	permissions and clicking <B
+CLASS="COMMAND"
+>"OK"</B
+> to get back to the 
+	attributes dialog you should always hit <B
+CLASS="COMMAND"
+>"Cancel"</B
+> 
+	rather than <B
+CLASS="COMMAND"
+>"OK"</B
+> to ensure that your changes 
+	are not overridden.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="PRINTING"
+>Chapter 6. Printing Support in Samba 2.2.x</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN765"
+>6.1. Introduction</A
+></H1
+><P
+>Beginning with the 2.2.0 release, Samba supports 
+the native Windows NT printing mechanisms implemented via 
+MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
+Samba only supported LanMan printing calls.</P
+><P
+>The additional functionality provided by the new 
+SPOOLSS support includes:</P
+><P
+></P
+><UL
+><LI
+><P
+>Support for downloading printer driver 
+	files to Windows 95/98/NT/2000 clients upon demand.
+	</P
+></LI
+><LI
+><P
+>Uploading of printer drivers via the 
+	Windows NT Add Printer Wizard (APW) or the 
+	Imprints tool set (refer to <A
+HREF="http://imprints.sourceforge.net"
+TARGET="_top"
+>http://imprints.sourceforge.net</A
+>). 
+	</P
+></LI
+><LI
+><P
+>Support for the native MS-RPC printing 
+	calls such as StartDocPrinter, EnumJobs(), etc...  (See 
+	the MSDN documentation at <A
+HREF="http://msdn.microsoft.com/"
+TARGET="_top"
+>http://msdn.microsoft.com/</A
+> 
+	for more information on the Win32 printing API)
+	</P
+></LI
+><LI
+><P
+>Support for NT Access Control Lists (ACL) 
+	on printer objects</P
+></LI
+><LI
+><P
+>Improved support for printer queue manipulation 
+	through the use of an internal databases for spooled job 
+	information</P
+></LI
+></UL
+><P
+>There has been some initial confusion about what all this means
+and whether or not it is a requirement for printer drivers to be 
+installed on a Samba host in order to support printing from Windows 
+clients.  A bug existed in Samba 2.2.0 which made Windows NT/2000 clients 
+require that the Samba server possess a valid driver for the printer.  
+This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
+can use the local APW for installing drivers to be used with a Samba 
+served printer.  This is the same behavior exhibited by Windows 9x clients.
+As a side note, Samba does not use these drivers in any way to process 
+spooled files.  They are utilized entirely by the clients.</P
+><P
+>The following MS KB article, may be of some help if you are dealing with
+Windows 2000 clients:  <EM
+>How to Add Printers with No User 
+Interaction in Windows 2000</EM
+></P
+><P
+><A
+HREF="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP"
+TARGET="_top"
+>http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN787"
+>6.2. Configuration</A
+></H1
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>[print$] vs. [printer$]</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>Previous versions of Samba recommended using a share named [printer$].  
+This name was taken from the printer$ service created by Windows 9x 
+clients when a printer was shared.  Windows 9x printer servers always have 
+a printer$ service which provides read-only access via no 
+password in order to support printer driver downloads.</P
+><P
+>However, the initial implementation allowed for a 
+parameter named <TT
+CLASS="PARAMETER"
+><I
+>printer driver location</I
+></TT
+> 
+to be used on a per share basis to specify the location of 
+the driver files associated with that printer.  Another 
+parameter named <TT
+CLASS="PARAMETER"
+><I
+>printer driver</I
+></TT
+> provided 
+a means of defining the printer driver name to be sent to 
+the client.</P
+><P
+>These parameters, including <TT
+CLASS="PARAMETER"
+><I
+>printer driver
+file</I
+></TT
+> parameter, are being deprecated and should not
+be used in new installations.  For more information on this change, 
+you should refer to the <A
+HREF="#MIGRATION"
+>Migration section</A
+>
+of this document.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN798"
+>6.2.1. Creating [print$]</A
+></H2
+><P
+>In order to support the uploading of printer driver 
+files, you must first configure a file share named [print$].  
+The name of this share is hard coded in Samba's internals so 
+the name is very important (print$ is the service used by 
+Windows NT print servers to provide support for printer driver 
+download).</P
+><P
+>You should modify the server's smb.conf file to add the global
+parameters and to create the 
+following file share (of course, some of the parameter values,
+such as 'path' are arbitrary and should be replaced with
+appropriate values for your site):</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The <A
+HREF="smb.conf.5.html#WRITELIST"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>write list</I
+></TT
+></A
+> is used to allow administrative 
+level user accounts to have write access in order to update files 
+on the share.  See the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) 
+man page</A
+> for more information on configuring file shares.</P
+><P
+>The requirement for <A
+HREF="smb.conf.5.html#GUESTOK"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>guest 
+ok = yes</B
+></A
+> depends upon how your
+site is configured.  If users will be guaranteed to have 
+an account on the Samba host, then this is a non-issue.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Author's Note: </B
+>The non-issue is that if all your Windows NT users are guaranteed to be 
+authenticated by the Samba server (such as a domain member server and the NT 
+user has already been validated by the Domain Controller in 
+order to logon to the Windows NT console), then guest access 
+is not necessary.  Of course, in a workgroup environment where 
+you just want to be able to print without worrying about 
+silly accounts and security, then configure the share for 
+guest access.  You'll probably want to add <A
+HREF="smb.conf.5.html#MAPTOGUEST"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>map to guest = Bad User</B
+></A
+> in the [global] section as well.  Make sure 
+you understand what this parameter does before using it 
+though. --jerry</P
+></BLOCKQUOTE
+></DIV
+><P
+>In order for a Windows NT print server to support 
+the downloading of driver files by multiple client architectures,
+it must create subdirectories within the [print$] service
+which correspond to each of the supported client architectures.
+Samba follows this model as well.</P
+><P
+>Next create the directory tree below the [print$] share 
+for each architecture you wish to support.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"</PRE
+></TD
+></TR
+></TABLE
+></P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>ATTENTION!  REQUIRED PERMISSIONS</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>In order to currently add a new driver to you Samba host, 
+one of two conditions must hold true:</P
+><P
+></P
+><UL
+><LI
+><P
+>The account used to connect to the Samba host 
+	must have a uid of 0 (i.e. a root account)</P
+></LI
+><LI
+><P
+>The account used to connect to the Samba host
+	must be a member of the <A
+HREF="smb.conf.5.html#PRINTERADMIN"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>printer 
+	admin</I
+></TT
+></A
+> list.</P
+></LI
+></UL
+><P
+>Of course, the connected account must still possess access
+to add files to the subdirectories beneath [print$]. Remember
+that all file shares are set to 'read only' by default.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Once you have created the required [print$] service and 
+associated subdirectories, simply log onto the Samba server using 
+a root (or <TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+>) account
+from a Windows NT 4.0/2k client.  Open "Network Neighbourhood" or
+"My Network Places" and browse for the Samba host.  Once you have located
+the server, navigate to the "Printers..." folder.
+You should see an initial listing of printers
+that matches the printer shares defined on your Samba host.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN833"
+>6.2.2. Setting Drivers for Existing Printers</A
+></H2
+><P
+>The initial listing of printers in the Samba host's 
+Printers folder will have no real printer driver assigned 
+to them.  By default, in Samba 2.2.0 this driver name was set to 
+<EM
+>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</EM
+>.
+Later versions changed this to a NULL string to allow the use
+tof the local Add Printer Wizard on NT/2000 clients.
+Attempting to view the printer properties for a printer
+which has this default driver assigned will result in 
+the error message:</P
+><P
+><EM
+>Device settings cannot be displayed.  The driver 
+for the specified printer is not installed, only spooler 
+properties will be displayed.  Do you want to install the 
+driver now?</EM
+></P
+><P
+>Click <EM
+>No</EM
+> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
+printer is to either</P
+><P
+></P
+><UL
+><LI
+><P
+>Use the "New Driver..." button to install
+	a new printer driver, or</P
+></LI
+><LI
+><P
+>Select a driver from the popup list of
+	installed drivers.  Initially this list will be empty.</P
+></LI
+></UL
+><P
+>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
+to use the "Sharing" tab of the printer properties dialog.</P
+><P
+>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
+ACLs and device settings using this dialog box.</P
+><P
+>A few closing comments for this section, it is possible
+on a Windows NT print server to have printers
+listed in the Printers folder which are not shared.  Samba does
+not make this distinction.  By definition, the only printers of
+which Samba is aware are those which are specified as shares in
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.</P
+><P
+>Another interesting side note is that Windows NT clients do
+not use the SMB printer share, but rather can print directly
+to any printer on another Windows NT host using MS-RPC.  This
+of course assumes that the printing client has the necessary
+privileges on the remote host serving the printer.  The default
+permissions assigned by Windows NT to a printer gives the "Print"
+permissions to the "Everyone" well-known group.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN851"
+>6.2.3. DeviceModes and New Printers</A
+></H2
+><P
+>In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:</P
+><P
+></P
+><UL
+><LI
+><P
+>a valid Device Mode generated by the driver for the printer, and</P
+></LI
+><LI
+><P
+>a complete set of PrinterDriverData generated by the driver.</P
+></LI
+></UL
+><P
+>If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).</P
+><P
+>Samba also includes a service level parameter name <A
+HREF="smb.conf.5.html#DEFAULTDEVMODE"
+TARGET="_top"
+>default
+devmode</A
+> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN862"
+>6.2.4. Support a large number of printers</A
+></H2
+><P
+>One issue that has arisen during the development
+phase of Samba 2.2 is the need to support driver downloads for
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
+same driver, the <A
+HREF="rpcclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>rpcclient's
+setdriver</B
+></A
+> command can be used to set the driver
+associated with an installed driver.  The following is example
+of how this could be accomplished:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>$ </TT
+>rpcclient pogo -U root%secret -c "enumdrivers"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+
+[Windows NT x86]
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4000 Series PS]
+
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 2100 Series PS]
+
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
+
+<TT
+CLASS="PROMPT"
+>$ </TT
+>rpcclient pogo -U root%secret -c "enumprinters"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
+
+<TT
+CLASS="PROMPT"
+>$ </TT
+>rpcclient pogo -U root%secret \
+<TT
+CLASS="PROMPT"
+>&#62; </TT
+> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN873"
+>6.2.5. Adding New Printers via the Windows NT APW</A
+></H2
+><P
+>By default, Samba offers all printer shares defined in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
+Add Printer Wizard icon.  The APW will be show only if</P
+><P
+></P
+><UL
+><LI
+><P
+>The connected user is able to successfully
+	execute an OpenPrinterEx(\\server) with administrative
+	privileges (i.e. root or <TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+>).
+	</P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>show
+	add printer wizard = yes</I
+></TT
+></A
+> (the default).
+	</P
+></LI
+></UL
+><P
+>In order to be able to use the APW to successfully add a printer to a Samba
+server, the <A
+HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>add
+printer command</I
+></TT
+></A
+> must have a defined value.  The program
+hook must successfully add the printer to the system (i.e.
+<TT
+CLASS="FILENAME"
+>/etc/printcap</TT
+> or appropriate files) and
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> if necessary.</P
+><P
+>When using the APW from a client, if the named printer share does
+not exist, <B
+CLASS="COMMAND"
+>smbd</B
+> will execute the <TT
+CLASS="PARAMETER"
+><I
+>add printer
+command</I
+></TT
+> and reparse to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+to attempt to locate the new printer share.  If the share is still not defined,
+an error of "Access Denied" is returned to the client.  Note that the 
+<TT
+CLASS="PARAMETER"
+><I
+>add printer program</I
+></TT
+> is executed under the context
+of the connected user, not necessarily a root account.</P
+><P
+>There is a complementing <A
+HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>delete
+printer command</I
+></TT
+></A
+> for removing entries from the "Printers..."
+folder.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN898"
+>6.2.6. Samba and Printer Ports</A
+></H2
+><P
+>Windows NT/2000 print servers associate a port with each printer.  These normally
+take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
+concept of ports associated with a printer.  By default, only one printer port,
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
+order to print, rather it is a requirement of Windows clients.  </P
+><P
+>Note that Samba does not support the concept of "Printer Pooling" internally 
+either.  This is when a logical printer is assigned to multiple ports as 
+a form of load balancing or fail over.</P
+><P
+>If you require that multiple ports be defined for some reason,
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> possesses a <A
+HREF="smb.conf.5.html#ENUMPORTSCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>enumports 
+command</I
+></TT
+></A
+> which can be used to define an external program 
+that generates a listing of ports on a system.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN906"
+>6.3. The Imprints Toolset</A
+></H1
+><P
+>The Imprints tool set provides a UNIX equivalent of the 
+	Windows NT Add Printer Wizard.  For complete information, please 
+	refer to the Imprints web site at <A
+HREF="http://imprints.sourceforge.net/"
+TARGET="_top"
+>	http://imprints.sourceforge.net/</A
+> as well as the documentation 
+	included with the imprints source distribution.  This section will 
+	only provide a brief introduction to the features of Imprints.</P
+><P
+>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN911"
+>6.3.1. What is Imprints?</A
+></H2
+><P
+>Imprints is a collection of tools for supporting the goals 
+		of</P
+><P
+></P
+><UL
+><LI
+><P
+>Providing a central repository information 
+			regarding Windows NT and 95/98 printer driver packages</P
+></LI
+><LI
+><P
+>Providing the tools necessary for creating 
+			the Imprints printer driver packages.</P
+></LI
+><LI
+><P
+>Providing an installation client which 
+			will obtain and install printer drivers on remote Samba 
+			and Windows NT 4 print servers.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN921"
+>6.3.2. Creating Printer Driver Packages</A
+></H2
+><P
+>The process of creating printer driver packages is beyond
+		the scope of this document (refer to Imprints.txt also included
+		with the Samba distribution for more information).  In short,
+		an Imprints driver package is a gzipped tarball containing the
+		driver files, related INF files, and a control file needed by the
+		installation client.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN924"
+>6.3.3. The Imprints server</A
+></H2
+><P
+>The Imprints server is really a database server that 
+		may be queried via standard HTTP mechanisms.  Each printer 
+		entry in the database has an associated URL for the actual
+		downloading of the package.  Each package is digitally signed
+		via GnuPG which can be used to verify that package downloaded
+		is actually the one referred in the Imprints database.  It is 
+		<EM
+>not</EM
+> recommended that this security check 
+		be disabled.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN928"
+>6.3.4. The Installation Client</A
+></H2
+><P
+>More information regarding the Imprints installation client 
+		is available in the <TT
+CLASS="FILENAME"
+>Imprints-Client-HOWTO.ps</TT
+> 
+		file included with the imprints source package.</P
+><P
+>The Imprints installation client comes in two forms.</P
+><P
+></P
+><UL
+><LI
+><P
+>a set of command line Perl scripts</P
+></LI
+><LI
+><P
+>a GTK+ based graphical interface to 
+			the command line perl scripts</P
+></LI
+></UL
+><P
+>The installation client (in both forms) provides a means
+		of querying the Imprints database server for a matching
+		list of known printer model names as well as a means to 
+		download and install the drivers on remote Samba and Windows
+		NT print servers.</P
+><P
+>The basic installation process is in four steps and 
+		perl code is wrapped around <B
+CLASS="COMMAND"
+>smbclient</B
+> 
+		and <B
+CLASS="COMMAND"
+>rpcclient</B
+>.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
+	
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>One of the problems encountered when implementing 
+		the Imprints tool set was the name space issues between 
+		various supported client architectures.  For example, Windows 
+		NT includes a driver named "Apple LaserWriter II NTX v51.8" 
+		and Windows 95 calls its version of this driver "Apple 
+		LaserWriter II NTX"</P
+><P
+>The problem is how to know what client drivers have 
+		been uploaded for a printer.  As astute reader will remember 
+		that the Windows NT Printer Properties dialog only includes 
+		space for one printer driver name.  A quick look in the 
+		Windows NT 4.0 system registry at</P
+><P
+><TT
+CLASS="FILENAME"
+>HKLM\System\CurrentControlSet\Control\Print\Environment
+		</TT
+></P
+><P
+>will reveal that Windows NT always uses the NT driver 
+		name.  This is ok as Windows NT always requires that at least 
+		the Windows NT version of the printer driver is present.  
+		However, Samba does not have the requirement internally.  
+		Therefore, how can you use the NT driver name if is has not 
+		already been installed?</P
+><P
+>The way of sidestepping this limitation is to require 
+		that all Imprints printer driver packages include both the Intel 
+		Windows NT and 95/98 printer drivers and that NT driver is 
+		installed first.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN950"
+>6.4. <A
+NAME="MIGRATION"
+></A
+>Migration to from Samba 2.0.x to 2.2.x</A
+></H1
+><P
+>Given that printer driver management has changed (we hope improved) in 
+2.2 over prior releases, migration from an existing setup to 2.2 can 
+follow several paths. Here are the possible scenarios for 
+migration:</P
+><P
+></P
+><UL
+><LI
+><P
+>If you do not desire the new Windows NT 
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.</P
+></LI
+><LI
+><P
+>If you want to take advantage of NT printer 
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	<TT
+CLASS="FILENAME"
+>printers.def</TT
+> file.  When smbd attempts 
+	to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The <B
+CLASS="COMMAND"
+>make_printerdef</B
+> 
+	tool will also remain for backwards compatibility but will 
+	be removed in the next major release.</P
+></LI
+><LI
+><P
+>If you install a Windows 9x driver for a printer 
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).</P
+></LI
+><LI
+><P
+>If you want to migrate an existing <TT
+CLASS="FILENAME"
+>printers.def</TT
+> 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using <B
+CLASS="COMMAND"
+>smbclient</B
+> and <B
+CLASS="COMMAND"
+>rpcclient</B
+>.  See the 
+	Imprints installation client at <A
+HREF="http://imprints.sourceforge.net/"
+TARGET="_top"
+>http://imprints.sourceforge.net/</A
+> 
+	for an example.
+	</P
+></LI
+></UL
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Achtung!</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>The following <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> parameters are considered to 
+be deprecated and will be removed soon.  Do not use them in new 
+installations</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver file (G)</I
+></TT
+>
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver (S)</I
+></TT
+>
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver location (S)</I
+></TT
+>
+	</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN983"
+>6.4.1. Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
+></H2
+><P
+>The have been two new parameters add in Samba 2.2.2 to for 
+better support of Samba 2.0.x backwards capability (<TT
+CLASS="PARAMETER"
+><I
+>disable
+spoolss</I
+></TT
+>) and for using local printers drivers on Windows 
+NT/2000 clients (<TT
+CLASS="PARAMETER"
+><I
+>use client driver</I
+></TT
+>). Both of 
+these options are described in the smb.coinf(5) man page and are 
+disabled by default.  Use them with caution.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="CUPS"
+>Chapter 7. Printing with CUPS in Samba 2.2.x</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN999"
+>7.1. Printing with CUPS in Samba 2.2.x</A
+></H1
+><P
+><A
+HREF="http://www.cups.org/"
+TARGET="_top"
+>CUPS</A
+> is a newcomer in
+the UNIX printing scene, which has convinced many people upon first trial
+already. However, it has quite a few new features, which make it different
+from other, more traditional printing systems.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1003"
+>7.2. Configuring <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for CUPS</A
+></H1
+><P
+>Printing with CUPS in the most basic <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+setup in Samba 2.2.x only needs two settings: <B
+CLASS="COMMAND"
+>printing = cups</B
+> and
+<B
+CLASS="COMMAND"
+>printcap = cups</B
+>. While CUPS itself doesn't need a printcap
+anymore, the <TT
+CLASS="FILENAME"
+>cupsd.conf</TT
+> configuration file knows two directives
+(example: <B
+CLASS="COMMAND"
+>Printcap /etc/printcap</B
+> and <B
+CLASS="COMMAND"
+>PrintcapFormat
+BSD</B
+>), which control if such a file should be created for the
+convenience of third party applications. Make sure it is set! For details see
+<B
+CLASS="COMMAND"
+>man cupsd.conf</B
+> and other CUPS-related documentation.</P
+><P
+>If SAMBA is compiled against libcups, then <B
+CLASS="COMMAND"
+>printcap =
+cups</B
+> uses the CUPS API to list printers, submit jobs, etc. Otherwise it
+maps to the System V commands with an additional <TT
+CLASS="PARAMETER"
+><I
+>-oraw</I
+></TT
+>
+option for printing. On a Linux system, you can use the <B
+CLASS="COMMAND"
+>ldd</B
+> command to
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>transmeta:/home/kurt # ldd `which smbd`
+        libssl.so.0.9.6 =&#62; /usr/lib/libssl.so.0.9.6 (0x4002d000)
+        libcrypto.so.0.9.6 =&#62; /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
+        libcups.so.2 =&#62; /usr/lib/libcups.so.2 (0x40123000)
+        libdl.so.2 =&#62; /lib/libdl.so.2 (0x401e8000)
+        libnsl.so.1 =&#62; /lib/libnsl.so.1 (0x401ec000)
+        libpam.so.0 =&#62; /lib/libpam.so.0 (0x40202000)
+        libc.so.6 =&#62; /lib/libc.so.6 (0x4020b000)
+        /lib/ld-linux.so.2 =&#62; /lib/ld-linux.so.2 (0x40000000)</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The line "libcups.so.2 =&#62; /usr/lib/libcups.so.2
+(0x40123000)" shows there is CUPS support compiled into this version of
+Samba. If this is the case, and <B
+CLASS="COMMAND"
+>printing = cups</B
+> is set, then any
+otherwise manually set print command in smb.conf is ignored.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1022"
+>7.3. Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</A
+></H1
+><P
+>You can setup Samba and your Windows clients to use the
+CUPS print subsystem just as you would with any of the more traditional print
+subsystems: that means the use of vendor provided, native Windows printer
+drivers for each target printer. If you setup the [print$] share to
+download these drivers to the clients, their GDI system (Graphical Device
+Interface) will output the Wndows EMF (Enhanced MetaFile) and
+convert it -- with the help of the printer driver -- locally into the format
+the printer is expecting. Samba and the CUPS print subsystem will have to
+treat these files as raw print files  -- they are already in the
+shape to be digestable for the printer. This is the same traditional setup
+for Unix print servers handling Windows client jobs. It does not take much
+CPU power to handle this kind of task efficiently.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1025"
+>7.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</A
+></H1
+><P
+>CUPS is perfectly able to use PPD files (PostScript
+Printer Descriptions). PPDs can control all print device options. They
+are usually provided by the manufacturer -- if you own a PostSript printer,
+that is. PPD files are always a component of PostScript printer drivers on MS
+Windows or Apple Mac OS systems. They are ASCII files containing
+user-selectable print options, mapped to appropriate PostScript, PCL or PJL
+commands for the target printer. Printer driver GUI dialogs translate these
+options "on-the-fly" into buttons and drop-down lists for the user to
+select.</P
+><P
+>CUPS can load, without any conversions, the PPD file from
+any Windows (NT is recommended) PostScript driver and handle the options.
+There is a web browser interface to the print options (select
+http://localhost:631/printers/ and click on one "Configure Printer" button
+to see it), a commandline interface (see <B
+CLASS="COMMAND"
+>man lpoptions</B
+> or
+try if you have <B
+CLASS="COMMAND"
+>lphelp</B
+> on your system) plus some different GUI frontends on Linux
+UNIX, which can present PPD options to the users. PPD options are normally
+meant to become evaluated by the PostScript RIP on the real PostScript
+printer.</P
+><P
+>CUPS doesn't stop at "real" PostScript printers in its
+usage of PPDs. The CUPS developers have extended the PPD concept, to also
+describe available device and driver options for non-PostScript printers
+through  CUPS-PPDs.</P
+><P
+>This is logical, as CUPS includes a fully featured
+PostScript interpreter (RIP). This RIP is based on Ghostscript. It can
+process all received PostScript (and additionally many other file formats)
+from clients. All CUPS-PPDs geared to non-PostScript printers contain an
+additional line, starting with the keyword <TT
+CLASS="PARAMETER"
+><I
+>*cupsFilter</I
+></TT
+>.
+This line
+tells the CUPS print system which printer-specific filter to use for the
+interpretation of the accompanying PostScript. Thus CUPS lets all its
+printers appear as PostScript devices to its clients, because it can act as a
+PostScript RIP for those printers, processing the received PostScript code
+into a proper raster print format.</P
+><P
+>CUPS-PPDs can also be used on Windows-Clients, on top of a
+PostScript driver (recommended is the Adobe one).</P
+><P
+>This feature enables CUPS to do a few tricks no other
+spooler can do:</P
+><P
+></P
+><UL
+><LI
+><P
+>act as a networked PostScript RIP (Raster Image Processor), handling
+    printfiles from all client platforms in a uniform way;</P
+></LI
+><LI
+><P
+>act as a central accounting and billing server, as all files are passed
+    through the <B
+CLASS="COMMAND"
+>pstops</B
+> Filter and are therefor logged in
+    the CUPS <TT
+CLASS="FILENAME"
+>page_log</TT
+>. - <EM
+>NOTE: </EM
+>this
+    can not happen with "raw" print jobs, which always remain unfiltered
+    per definition;</P
+></LI
+><LI
+><P
+>enable clients to consolidate on a single PostScript driver, even for
+    many different target printers.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1046"
+>7.5. Windows Terminal Servers (WTS) as CUPS clients</A
+></H1
+><P
+>This setup may be of special interest to people
+experiencing major problems in WTS environments. WTS need often a multitude
+of non-PostScript drivers installed to run their clients' variety of
+different printer models. This often imposes the price of much increased
+instability. In many cases, in an attempt to overcome this problem, site
+administrators have resorted to restrict the allowed drivers installed on
+their WTS to one generic PCL- and one PostScript driver. This however
+restricts the clients in the amount of printer options available for them --
+often they can't get out more then simplex prints from one standard paper
+tray, while their devices could do much better, if driven by a different
+driver!</P
+><P
+>Using an Adobe PostScript driver, enabled with a CUPS-PPD,
+seems to be a very elegant way to overcome all these shortcomings. The
+PostScript driver is not known to cause major stability problems on WTS (even
+if used with many different PPDs). The clients will be able to (again) chose
+paper trays, duplex printing and other settings. However, there is a certain
+price for this too: a  CUPS server acting as a PostScript RIP for its clients
+requires more CPU and RAM than just to act as  a "raw spooling" device. Plus,
+this setup is not yet widely tested, although the first feedbacks look very
+promising...</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1050"
+>7.6. Setting up CUPS for driver download</A
+></H1
+><P
+>The <B
+CLASS="COMMAND"
+>cupsadsmb</B
+> utility (shipped with all current
+CUPS versions) makes the sharing of any (or all) installed CUPS printers very
+easy. Prior to using it, you need the following settings in smb.conf:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+         load printers = yes
+         printing = cups
+         printcap name = cups
+
+[printers]
+         comment = All Printers
+         path = /var/spool/samba
+         browseable = no
+         public = yes
+         guest ok = yes
+         writable = no
+         printable = yes
+         printer admin = root
+
+[print$]
+         comment = Printer Drivers
+         path = /etc/samba/drivers
+         browseable = yes
+         guest ok = no
+         read only = yes
+         write list = root</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>For licensing reasons the necessary files of the Adobe
+Postscript driver can not be distributed with either Samba or CUPS. You need
+to download them yourself from the Adobe website. Once extracted, create a
+<TT
+CLASS="FILENAME"
+>drivers</TT
+> directory in the CUPS data directory (usually
+<TT
+CLASS="FILENAME"
+>/usr/share/cups/</TT
+>). Copy the Adobe files using
+UPPERCASE filenames, to this directory as follows:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>        ADFONTS.MFM
+        ADOBEPS4.DRV
+        ADOBEPS4.HLP
+        ADOBEPS5.DLL
+        ADOBEPSU.DLL
+        ADOBEPSU.HLP
+        DEFPRTR2.PPD
+        ICONLIB.DLL</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Users of the ESP Print Pro software are able to install
+their "Samba Drivers" package for this purpose with no problem.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1062"
+>7.7. Sources of CUPS drivers / PPDs</A
+></H1
+><P
+>On the internet you can find now many thousand CUPS-PPD
+files (with their companion filters), in many national languages,
+supporting more than 1.000 non-PostScript models.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="http://wwwl.easysw.com/printpro/"
+TARGET="_top"
+>ESP PrintPro
+    (http://wwwl.easysw.com/printpro/)</A
+>
+    (commercial, non-Free) is packaged with more than 3.000 PPDs, ready for
+    successful usage "out of the box" on Linux, IBM-AIX, HP-UX, Sun-Solaris,
+    SGI-IRIX, Compaq Tru64, Digital Unix and some more commercial Unices (it
+    is written by the CUPS developers themselves and its sales help finance
+    the further development of CUPS, as they feed their creators)</P
+></LI
+><LI
+><P
+>the <A
+HREF="http://gimp-print.sourceforge.net/"
+TARGET="_top"
+>Gimp-Print-Project
+    (http://gimp-print.sourceforge.net/)</A
+>
+    (GPL, Free Software) provides around 120 PPDs (supporting nearly 300
+    printers, many driven to photo quality output), to be used alongside the
+    Gimp-Print CUPS filters;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www.turboprint.com/"
+TARGET="_top"
+>TurboPrint
+    (http://www.turboprint.com/)</A
+>
+    (Shareware, non-Freee) supports roughly the same amount of printers in
+    excellent quality;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www-124.ibm.com/developerworks/oss/linux/projects/omni/"
+TARGET="_top"
+>OMNI
+    (http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)</A
+>
+    (LPGL, Free) is a package made by IBM, now containing support for more
+    than 400 printers, stemming from the inheritance of IBM OS/2 KnowHow
+    ported over to Linux (CUPS support is in a Beta-stage at present);</P
+></LI
+><LI
+><P
+><A
+HREF="http://hpinkjet.sourceforge.net/"
+TARGET="_top"
+>HPIJS
+    (http://hpinkjet.sourceforge.net/)</A
+>
+    (BSD-style licnes, Free) supports around 120 of HP's own printers and is
+    also providing excellent print quality now;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www.linuxprinting.org/"
+TARGET="_top"
+>Foomatic/cupsomatic (http://www.linuxprinting.org/)</A
+> 
+    (LPGL, Free) from Linuxprinting.org are providing PPDs for practically every
+    Ghostscript filter known to the world, now usable with CUPS.</P
+></LI
+></UL
+><P
+><EM
+>NOTE: </EM
+>the cupsomatic trick from Linuxprinting.org is
+working different from the other drivers. While the other drivers take the
+generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
+RIP-ping, deviates it to an external Ghostscript installation (which now
+becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...</P
+><P
+>Once you installed a printer inside CUPS with one of the
+recommended methods (the lpadmin command, the web browser interface or one of
+the available GUI wizards), you can use <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> to share the
+printer via Samba. <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> prepares the driver files for
+comfortable client download and installation upon their first contact with
+this printer share.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1089"
+>7.7.1. <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+></A
+></H2
+><P
+>The <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> command copies the needed files
+for convenient Windows client installations from the previously prepared CUPS
+data directory to your [print$] share. Additionally, the PPD
+associated with this printer is copied from <TT
+CLASS="FILENAME"
+>/etc/cups/ppd/</TT
+> to
+[print$].</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> <B
+CLASS="COMMAND"
+>cupsaddsmb -U root infotec_IS2027</B
+>
+Password for root required to access localhost via SAMBA: <TT
+CLASS="USERINPUT"
+><B
+>[type in password 'secret']</B
+></TT
+></PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>To share all printers and drivers, use the <TT
+CLASS="PARAMETER"
+><I
+>-a</I
+></TT
+>
+parameter instead of a printer name.</P
+><P
+>Probably you want to see what's going on. Use the
+<TT
+CLASS="PARAMETER"
+><I
+>-v</I
+></TT
+> parameter to get a more verbose output:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> cupsaddsmb -v -U root infotec_IS2027
+    Password for root required to access localhost via SAMBA:
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3cd1cc66376c0 W32X86/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \W32X86/infotec_IS2027.PPD (17394.6 kb/s) (average 17395.2 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (10877.4 kb/s) (average 11343.0 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (5095.2 kb/s) (average 9260.4 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (8828.7 kb/s) (average 9247.1 kb/s)
+
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3cd1cc66376c0 WIN40/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \WIN40/infotec_IS2027.PPD (26091.5 kb/s) (average 26092.8 kb/s)
+    putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (11241.6 kb/s) (average 11812.9 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (16640.6 kb/s) (average 14679.3 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (11285.6 kb/s) (average 14281.5 kb/s)
+    putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (823.5 kb/s) (average 12944.0 kb/s)
+    putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (19226.2 kb/s) (average 13169.7 kb/s)
+    putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 13266.7 kb/s)
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"'
+    cmd = adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
+    cmd = adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver infotec_IS2027 infotec_IS2027'
+    cmd = setdriver infotec_IS2027 infotec_IS2027
+    Succesfully set infotec_IS2027 to driver infotec_IS2027.
+
+    <TT
+CLASS="PROMPT"
+>root# </TT
+></PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>If you look closely, you'll discover your root password
+was transfered unencrypted over the wire, so beware! Also, if you look
+further her, you'll discover error messages like
+<TT
+CLASS="CONSTANT"
+>NT_STATUS_OBJECT_NAME_COLLISION</TT
+> in between. They occur, because
+the directories <TT
+CLASS="FILENAME"
+>WIN40</TT
+> and <TT
+CLASS="FILENAME"
+>W32X86</TT
+> already
+existed in the [print$] driver download share (from a previous driver
+installation). They are harmless here.</P
+><P
+>Now your printer is prepared for the clients to use. From
+a client, browse to the CUPS/Samba server, open the "Printers"
+share, right-click on this printer and select "Install..." or
+"Connect..." (depending on the Windows version you use). Now their
+should be a new printer in your client's local "Printers" folder,
+named (in my case) "infotec_IS2027 on kdebitshop"</P
+><P
+><EM
+>NOTE: </EM
+>
+<B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="DOMAIN-SECURITY"
+>Chapter 8. security = domain in Samba 2.x</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN1134"
+>8.1. Joining an NT Domain with Samba 2.2</A
+></H1
+><P
+>Assume you have a Samba 2.x server with a NetBIOS name of 
+	<TT
+CLASS="CONSTANT"
+>SERV1</TT
+> and are joining an NT domain called
+	<TT
+CLASS="CONSTANT"
+>DOM</TT
+>, which has a PDC with a NetBIOS name
+	of <TT
+CLASS="CONSTANT"
+>DOMPDC</TT
+> and two backup domain controllers 
+	with NetBIOS names <TT
+CLASS="CONSTANT"
+>DOMBDC1</TT
+> and <TT
+CLASS="CONSTANT"
+>DOMBDC2
+	</TT
+>.</P
+><P
+>In order to join the domain, first stop all Samba daemons 
+	and run the command:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbpasswd -j DOM -r DOMPDC
+	-U<TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+></B
+></TT
+></P
+><P
+>as we are joining the domain DOM and the PDC for that domain 
+	(the only machine that has write access to the domain SAM database) 
+	is DOMPDC. The <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+> is 
+	the login name and password for an account which has the necessary 
+	privilege to add machines to the domain.  If this is successful 
+	you will see the message:</P
+><P
+><TT
+CLASS="COMPUTEROUTPUT"
+>smbpasswd: Joined domain DOM.</TT
+>
+	</P
+><P
+>in your terminal window. See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+>	smbpasswd(8)</A
+> man page for more details.</P
+><P
+>There is existing development code to join a domain
+	without having to create the machine trust account on the PDC
+	beforehand.  This code will hopefully be available soon
+	in release branches as well.</P
+><P
+>This command goes through the machine account password 
+	change protocol, then writes the new (random) machine account 
+	password for this Samba server into a file in the same directory 
+	in which an smbpasswd file would be stored - normally :</P
+><P
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/private</TT
+></P
+><P
+>In Samba 2.0.x, the filename looks like this:</P
+><P
+><TT
+CLASS="FILENAME"
+><TT
+CLASS="REPLACEABLE"
+><I
+>&#60;NT DOMAIN NAME&#62;</I
+></TT
+>.<TT
+CLASS="REPLACEABLE"
+><I
+>&#60;Samba 
+	Server Name&#62;</I
+></TT
+>.mac</TT
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>.mac</TT
+> suffix stands for machine account 
+	password file. So in our example above, the file would be called:</P
+><P
+><TT
+CLASS="FILENAME"
+>DOM.SERV1.mac</TT
+></P
+><P
+>In Samba 2.2, this file has been replaced with a TDB 
+	(Trivial Database) file named <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+>.
+	</P
+><P
+>This file is created and owned by root and is not 
+	readable by any other user. It is the key to the domain-level 
+	security for your system, and should be treated as carefully 
+	as a shadow password file.</P
+><P
+>Now, before restarting the Samba daemons you must 
+	edit your <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+	</A
+> file to tell Samba it should now use domain security.</P
+><P
+>Change (or add) your <A
+HREF="smb.conf.5.html#SECURITY"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>security =</I
+></TT
+></A
+> line in the [global] section 
+	of your smb.conf to read:</P
+><P
+><B
+CLASS="COMMAND"
+>security = domain</B
+></P
+><P
+>Next change the <A
+HREF="smb.conf.5.html#WORKGROUP"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	workgroup =</I
+></TT
+></A
+> line in the [global] section to read: </P
+><P
+><B
+CLASS="COMMAND"
+>workgroup = DOM</B
+></P
+><P
+>as this is the name of the domain we are joining. </P
+><P
+>You must also have the parameter <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>encrypt passwords</I
+></TT
+></A
+> set to <TT
+CLASS="CONSTANT"
+>yes
+	</TT
+> in order for your users to authenticate to the NT PDC.</P
+><P
+>Finally, add (or modify) a <A
+HREF="smb.conf.5.html#PASSWORDSERVER"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>password server =</I
+></TT
+></A
+> line in the [global]
+	section to read: </P
+><P
+><B
+CLASS="COMMAND"
+>password server = DOMPDC DOMBDC1 DOMBDC2</B
+></P
+><P
+>These are the primary and backup domain controllers Samba 
+	will attempt to contact in order to authenticate users. Samba will 
+	try to contact each of these servers in order, so you may want to 
+	rearrange this list in order to spread out the authentication load 
+	among domain controllers.</P
+><P
+>Alternatively, if you want smbd to automatically determine 
+	the list of Domain controllers to use for authentication, you may 
+	set this line to be :</P
+><P
+><B
+CLASS="COMMAND"
+>password server = *</B
+></P
+><P
+>This method, which was introduced in Samba 2.0.6, 
+	allows Samba to use exactly the same mechanism that NT does. This 
+	method either broadcasts or uses a WINS database in order to
+	find domain controllers to authenticate against.</P
+><P
+>Finally, restart your Samba daemons and get ready for 
+	clients to begin using domain security!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1198"
+>8.2. Samba and Windows 2000 Domains</A
+></H1
+><P
+>Many people have asked regarding the state of Samba's ability to participate in
+a Windows 2000 Domain.  Samba 2.2 is able to act as a member server of a Windows
+2000 domain operating in mixed or native mode.</P
+><P
+>There is much confusion between the circumstances that require a "mixed" mode
+Win2k DC and a when this host can be switched to "native" mode.  A "mixed" mode
+Win2k domain controller is only needed if Windows NT BDCs must exist in the same
+domain.  By default, a Win2k DC in "native" mode will still support
+NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and 
+NT 4.0.  Samba has the same requirements as a Windows NT 4.0 member server.</P
+><P
+>The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
+for adding a Samba server to a Windows NT 4.0 domain. The only exception is that 
+the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and 
+Computers" MMC (Microsoft Management Console) plugin.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1203"
+>8.3. Why is this better than security = server?</A
+></H1
+><P
+>Currently, domain security in Samba doesn't free you from 
+	having to create local Unix users to represent the users attaching 
+	to your server. This means that if domain user <TT
+CLASS="CONSTANT"
+>DOM\fred
+	</TT
+> attaches to your domain security Samba server, there needs 
+	to be a local Unix user fred to represent that user in the Unix 
+	filesystem. This is very similar to the older Samba security mode 
+	<A
+HREF="smb.conf.5.html#SECURITYEQUALSSERVER"
+TARGET="_top"
+>security = server</A
+>, 
+	where Samba would pass through the authentication request to a Windows 
+	NT server in the same way as a Windows 95 or Windows 98 server would.
+	</P
+><P
+>Please refer to the <A
+HREF="winbind.html"
+TARGET="_top"
+>Winbind 
+	paper</A
+> for information on a system to automatically
+	assign UNIX uids and gids to Windows NT Domain users and groups.
+	This code is available in development branches only at the moment,
+	but will be moved to release branches soon.</P
+><P
+>The advantage to domain-level security is that the 
+	authentication in domain-level security is passed down the authenticated 
+	RPC channel in exactly the same way that an NT server would do it. This 
+	means Samba servers now participate in domain trust relationships in 
+	exactly the same way NT servers do (i.e., you can add Samba servers into 
+	a resource domain and have the authentication passed on from a resource
+	domain PDC to an account domain PDC.</P
+><P
+>In addition, with <B
+CLASS="COMMAND"
+>security = server</B
+> every Samba 
+	daemon on a server has to keep a connection open to the 
+	authenticating server for as long as that daemon lasts. This can drain 
+	the connection resources on a Microsoft NT server and cause it to run 
+	out of available connections. With <B
+CLASS="COMMAND"
+>security = domain</B
+>, 
+	however, the Samba daemons connect to the PDC/BDC only for as long 
+	as is necessary to authenticate the user, and then drop the connection, 
+	thus conserving PDC connection resources.</P
+><P
+>And finally, acting in the same manner as an NT server 
+	authenticating to a PDC means that as part of the authentication 
+	reply, the Samba server gets the user identification information such 
+	as the user SID, the list of NT groups the user belongs to, etc. All 
+	this information will allow Samba to be extended in the future into 
+	a mode the developers currently call appliance mode. In this mode, 
+	no local Unix users will be necessary, and Samba will generate Unix 
+	uids and gids from the information passed back from the PDC when a 
+	user is authenticated, making a Samba server truly plug and play 
+	in an NT domain environment. Watch for this code soon.</P
+><P
+><EM
+>NOTE:</EM
+> Much of the text of this document 
+	was first published in the Web magazine <A
+HREF="http://www.linuxworld.com"
+TARGET="_top"
+> 	
+	LinuxWorld</A
+> as the article <A
+HREF="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"
+TARGET="_top"
+>Doing 
+	the NIS/NT Samba</A
+>.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="SAMBA-PDC"
+>Chapter 9. How to Configure Samba 2.2 as a Primary Domain Controller</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN1236"
+>9.1. Prerequisite Reading</A
+></H1
+><P
+>Before you continue reading in this chapter, please make sure 
+that you are comfortable with configuring basic files services
+in smb.conf and how to enable and administer password 
+encryption in Samba.  Theses two topics are covered in the
+<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> 
+manpage and the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Encryption chapter</A
+> 
+of this HOWTO Collection.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1242"
+>9.2. Background</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+><EM
+>Author's Note:</EM
+> This document is a combination 
+of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". 
+Both documents are superseded by this one.</P
+></BLOCKQUOTE
+></DIV
+><P
+>Versions of Samba prior to release 2.2 had marginal capabilities to act
+as a Windows NT 4.0 Primary Domain Controller
+
+(PDC).  With Samba 2.2.0, we are proud to announce official support for
+Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows 
+2000 clients.  This article outlines the steps
+necessary for configuring Samba as a PDC.  It is necessary to have a
+working Samba server prior to implementing the PDC functionality.  If
+you have not followed the steps outlined in <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+> UNIX_INSTALL.html</A
+>, please make sure
+that your server is configured correctly before proceeding.  Another
+good resource in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) man
+page</A
+>. The following functionality should work in 2.2:</P
+><P
+></P
+><UL
+><LI
+><P
+>	domain logons for Windows NT 4.0/2000 clients.
+	</P
+></LI
+><LI
+><P
+>	placing a Windows 9x client in user level security
+	</P
+></LI
+><LI
+><P
+>	retrieving a list of users and groups from a Samba PDC to
+	Windows 9x/NT/2000 clients
+	</P
+></LI
+><LI
+><P
+>	roving (roaming) user profiles
+	</P
+></LI
+><LI
+><P
+>	Windows NT 4.0-style system policies
+	</P
+></LI
+></UL
+><P
+>The following pieces of functionality are not included in the 2.2 release:</P
+><P
+></P
+><UL
+><LI
+><P
+>	Windows NT 4 domain trusts
+	</P
+></LI
+><LI
+><P
+>	SAM replication with Windows NT 4.0 Domain Controllers
+	(i.e. a Samba PDC and a Windows NT BDC or vice versa) 
+	</P
+></LI
+><LI
+><P
+>	Adding users via the User Manager for Domains
+	</P
+></LI
+><LI
+><P
+>	Acting as a Windows 2000 Domain Controller (i.e. Kerberos and 
+	Active Directory)
+	</P
+></LI
+></UL
+><P
+>Please note that Windows 9x clients are not true members of a domain
+for reasons outlined in this article.  Therefore the protocol for
+support Windows 9x-style domain logons is completely different
+from NT4 domain logons and has been officially supported for some 
+time.</P
+><P
+>Implementing a Samba PDC can basically be divided into 2 broad
+steps.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Configuring the Samba PDC
+	</P
+></LI
+><LI
+><P
+>	Creating machine trust accounts	and joining clients 
+	to the domain
+	</P
+></LI
+></OL
+><P
+>There are other minor details such as user profiles, system
+policies, etc...  However, these are not necessarily specific
+to a Samba PDC as much as they are related to Windows NT networking
+concepts.  They will be mentioned only briefly here.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1281"
+>9.3. Configuring the Samba Domain Controller</A
+></H1
+><P
+>The first step in creating a working Samba PDC is to 
+understand the parameters necessary in smb.conf.  I will not
+attempt to re-explain the parameters here as they are more that
+adequately covered in <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+> the smb.conf
+man page</A
+>.  For convenience, the parameters have been
+linked with the actual smb.conf description.</P
+><P
+>Here is an example <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for acting as a PDC:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+    ; Basic server settings
+    <A
+HREF="smb.conf.5.html#NETBIOSNAME"
+TARGET="_top"
+>netbios name</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>POGO</I
+></TT
+>
+    <A
+HREF="smb.conf.5.html#WORKGROUP"
+TARGET="_top"
+>workgroup</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>NARNIA</I
+></TT
+>
+
+    ; we should act as the domain and local master browser
+    <A
+HREF="smb.conf.5.html#OSLEVEL"
+TARGET="_top"
+>os level</A
+> = 64
+    <A
+HREF="smb.conf.5.html#PERFERREDMASTER"
+TARGET="_top"
+>preferred master</A
+> = yes
+    <A
+HREF="smb.conf.5.html#DOMAINMASTER"
+TARGET="_top"
+>domain master</A
+> = yes
+    <A
+HREF="smb.conf.5.html#LOCALMASTER"
+TARGET="_top"
+>local master</A
+> = yes
+    
+    ; security settings (must user security = user)
+    <A
+HREF="smb.conf.5.html#SECURITYEQUALSUSER"
+TARGET="_top"
+>security</A
+> = user
+    
+    ; encrypted passwords are a requirement for a PDC
+    <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>encrypt passwords</A
+> = yes
+    
+    ; support domain logons
+    <A
+HREF="smb.conf.5.html#DOMAINLOGONS"
+TARGET="_top"
+>domain logons</A
+> = yes
+    
+    ; where to store user profiles?
+    <A
+HREF="smb.conf.5.html#LOGONPATH"
+TARGET="_top"
+>logon path</A
+> = \\%N\profiles\%u
+    
+    ; where is a user's home directory and where should it
+    ; be mounted at?
+    <A
+HREF="smb.conf.5.html#LOGONDRIVE"
+TARGET="_top"
+>logon drive</A
+> = H:
+    <A
+HREF="smb.conf.5.html#LOGONHOME"
+TARGET="_top"
+>logon home</A
+> = \\homeserver\%u
+    
+    ; specify a generic logon script for all users
+    ; this is a relative **DOS** path to the [netlogon] share
+    <A
+HREF="smb.conf.5.html#LOGONSCRIPT"
+TARGET="_top"
+>logon script</A
+> = logon.cmd
+
+; necessary share for domain controller
+[netlogon]
+    <A
+HREF="smb.conf.5.html#PATH"
+TARGET="_top"
+>path</A
+> = /usr/local/samba/lib/netlogon
+    <A
+HREF="smb.conf.5.html#READONLY"
+TARGET="_top"
+>read only</A
+> = yes
+    <A
+HREF="smb.conf.5.html#WRITELIST"
+TARGET="_top"
+>write list</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>ntadmin</I
+></TT
+>
+    
+; share for storing user profiles
+[profiles]
+    <A
+HREF="smb.conf.5.html#PATH"
+TARGET="_top"
+>path</A
+> = /export/smb/ntprofile
+    <A
+HREF="smb.conf.5.html#READONLY"
+TARGET="_top"
+>read only</A
+> = no
+    <A
+HREF="smb.conf.5.html#CREATEMASK"
+TARGET="_top"
+>create mask</A
+> = 0600
+    <A
+HREF="smb.conf.5.html#DIRECTORYMASK"
+TARGET="_top"
+>directory mask</A
+> = 0700</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>There are a couple of points to emphasize in the above configuration.</P
+><P
+></P
+><UL
+><LI
+><P
+>	Encrypted passwords must be enabled.  For more details on how 
+	to do this, refer to <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION.html</A
+>.
+	</P
+></LI
+><LI
+><P
+>	The server must support domain logons and a
+	<TT
+CLASS="FILENAME"
+>[netlogon]</TT
+> share
+	</P
+></LI
+><LI
+><P
+>	The server must be the domain master browser in order for Windows 
+	client to locate the server as a DC.  Please refer to the various 
+	Network Browsing documentation included with this distribution for 
+	details.
+	</P
+></LI
+></UL
+><P
+>As Samba 2.2 does not offer a complete implementation of group mapping
+between Windows NT groups and Unix groups (this is really quite
+complicated to explain in a short space), you should refer to the
+<A
+HREF="smb.conf.5.html#DOMAINADMINGROUP"
+TARGET="_top"
+>domain admin
+group</A
+> smb.conf parameter for information of creating "Domain
+Admins" style accounts.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1324"
+>9.4. Creating Machine Trust Accounts and Joining Clients to the
+Domain</A
+></H1
+><P
+>A machine trust account is a Samba account that is used to
+authenticate a client machine (rather than a user) to the Samba
+server.  In Windows terminology, this is known as a "Computer
+Account."</P
+><P
+>The password of a machine trust account acts as the shared secret for
+secure communication with the Domain Controller.  This is a security
+feature to prevent an unauthorized machine with the same NetBIOS name
+from joining the domain and gaining access to domain user/group
+accounts.  Windows NT and 2000 clients use machine trust accounts, but
+Windows 9x clients do not.  Hence, a Windows 9x client is never a true
+member of a domain because it does not possess a machine trust
+account, and thus has no shared secret with the domain controller.</P
+><P
+>A Windows PDC stores each machine trust account in the Windows
+Registry.  A Samba PDC, however, stores each machine trust account 
+in two parts, as follows:
+
+<P
+></P
+><UL
+><LI
+><P
+>A Samba account, stored in the same location as user
+    LanMan and NT password hashes (currently
+    <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+>). The Samba account 
+    possesses and uses only the NT password hash.</P
+></LI
+><LI
+><P
+>A corresponding Unix account, typically stored in
+    <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>. (Future releases will alleviate the need to
+    create <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entries.) </P
+></LI
+></UL
+></P
+><P
+>There are two ways to create machine trust accounts:</P
+><P
+></P
+><UL
+><LI
+><P
+> Manual creation. Both the Samba and corresponding
+	Unix account are created by hand.</P
+></LI
+><LI
+><P
+> "On-the-fly" creation. The Samba machine trust
+	account is automatically created by Samba at the time the client
+	is joined to the domain. (For security, this is the
+	recommended method.) The corresponding Unix account may be
+	created automatically or manually. </P
+></LI
+></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1343"
+>9.4.1. Manual Creation of Machine Trust Accounts</A
+></H2
+><P
+>The first step in manually creating a machine trust account is to
+manually create the corresponding Unix account in
+<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>.  This can be done using
+<B
+CLASS="COMMAND"
+>vipw</B
+> or other 'add user' command that is normally
+used to create new Unix accounts.  The following is an example for a
+Linux based Samba server:</P
+><P
+>  <TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>/usr/sbin/useradd -g 100 -d /dev/null -c <TT
+CLASS="REPLACEABLE"
+><I
+>"machine 
+nickname"</I
+></TT
+> -s /bin/false <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+>$ </B
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>passwd -l <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+>$</B
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry will list the machine name 
+with a "$" appended, won't have a password, will have a null shell and no 
+home directory. For example a machine named 'doppy' would have an 
+<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>doppy$:x:505:501:<TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+>:/dev/null:/bin/false</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Above, <TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+> can be any
+descriptive name for the client, i.e., BasementComputer.
+<TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+> absolutely must be the NetBIOS
+name of the client to be joined to the domain.  The "$" must be
+appended to the NetBIOS name of the client or Samba will not recognize
+this as a machine trust account.</P
+><P
+>Now that the corresponding Unix account has been created, the next step is to create 
+the Samba account for the client containing the well-known initial 
+machine trust account password.  This can be done using the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+> command 
+as shown here:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>smbpasswd -a -m <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+></B
+></P
+><P
+>where <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+> is the machine's NetBIOS
+name.  The RID of the new machine account is generated from the UID of 
+the corresponding Unix account.</P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Join the client to the domain immediately</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	Manually creating a machine trust account using this method is the 
+	equivalent of creating a machine trust account on a Windows NT PDC using 
+	the "Server Manager".  From the time at which the account is created
+	to the time which the client joins the domain and changes the password,
+	your domain is vulnerable to an intruder joining your domain using a
+	a machine with the same NetBIOS name.  A PDC inherently trusts
+	members of the domain and will serve out a large degree of user 
+	information to such clients.  You have been warned!
+	</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1378"
+>9.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A
+></H2
+><P
+>The second (and recommended) way of creating machine trust accounts is
+simply to allow the Samba server to create them as needed when the client
+is joined to the domain. </P
+><P
+>Since each Samba machine trust account requires a corresponding
+Unix account, a method for automatically creating the
+Unix account is usually supplied; this requires configuration of the
+<A
+HREF="smb.conf.5.html#ADDUSERSCRIPT"
+TARGET="_top"
+>add user script</A
+> 
+option in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  This
+method is not required, however; corresponding Unix accounts may also
+be created manually.</P
+><P
+>Below is an example for a RedHat 6.2 Linux system.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+   # &#60;...remainder of parameters...&#62;
+   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1387"
+>9.4.3. Joining the Client to the Domain</A
+></H2
+><P
+>The procedure for joining a client to the domain varies with the
+version of Windows.</P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>Windows 2000</EM
+></P
+><P
+> When the user elects to join the client to a domain, Windows prompts for
+	an account and password that is privileged to join the domain.  A
+	Samba administrative account (i.e., a Samba account that has root
+	privileges on the Samba server) must be entered here; the
+	operation will fail if an ordinary user account is given. 
+	The password for this account should be
+	set to a different password than the associated
+	<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry, for security
+	reasons. </P
+><P
+>The session key of the Samba administrative account acts as an
+	encryption key for setting the password of the machine trust
+	account. The machine trust account will be created on-the-fly, or
+	updated if it already exists.</P
+></LI
+><LI
+><P
+><EM
+>Windows NT</EM
+></P
+><P
+> If the machine trust account was created manually, on the
+	Identification Changes menu enter the domain name, but do not
+	check the box "Create a Computer Account in the Domain."  In this case,
+	the existing machine trust account is used to join the machine to
+	the domain.</P
+><P
+> If the machine trust account is to be created
+	on-the-fly, on the Identification Changes menu enter the domain
+	name, and check the box "Create a Computer Account in the Domain."  In
+	this case, joining the domain proceeds as above for Windows 2000
+	(i.e., you must supply a Samba administrative account when
+	prompted).</P
+></LI
+></UL
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1402"
+>9.5. Common Problems and Errors</A
+></H1
+><P
+></P
+><P
+></P
+><UL
+><LI
+><P
+>	<EM
+>I cannot include a '$' in a machine name.</EM
+>
+	</P
+><P
+>	A 'machine name' in (typically) <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> 	
+	of the machine name with a '$' appended. FreeBSD (and other BSD 
+	systems?) won't create a user with a '$' in their name.
+	</P
+><P
+>	The problem is only in the program used to make the entry, once 
+	made, it works perfectly. So create a user without the '$' and 
+	use <B
+CLASS="COMMAND"
+>vipw</B
+> to edit the entry, adding the '$'. Or create 
+	the whole entry with vipw if you like, make sure you use a 
+	unique User ID !
+	</P
+></LI
+><LI
+><P
+>	<EM
+>I get told "You already have a connection to the Domain...." 
+	or "Cannot join domain, the credentials supplied conflict with an 
+	existing set.." when creating a machine trust account.</EM
+>
+	</P
+><P
+>	This happens if you try to create a machine trust account from the 
+	machine itself and already have a connection (e.g. mapped drive) 
+	to a share (or IPC$) on the Samba PDC.  The following command
+	will remove all network drive connections:
+	</P
+><P
+>	<TT
+CLASS="PROMPT"
+>C:\WINNT\&#62;</TT
+> <B
+CLASS="COMMAND"
+>net use * /d</B
+>
+	</P
+><P
+>	Further, if the machine is a already a 'member of a workgroup' that 
+	is the same name as the domain you are joining (bad idea) you will 
+	get this message.  Change the workgroup name to something else, it 
+	does not matter what, reboot, and try again.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>The system can not log you on (C000019B)....</EM
+>
+	</P
+><P
+>I joined the domain successfully but after upgrading 
+	to a newer version of the Samba code I get the message, "The system 
+	can not log you on (C000019B), Please try a gain or consult your 
+	system administrator" when attempting to logon.
+	</P
+><P
+>	This occurs when the domain SID stored in 
+	<TT
+CLASS="FILENAME"
+>private/WORKGROUP.SID</TT
+> is 
+	changed.  For example, you remove the file and <B
+CLASS="COMMAND"
+>smbd</B
+> automatically 
+	creates a new one.  Or you are swapping back and forth between 
+	versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
+	only way to correct the problem is to restore the original domain 
+	SID or remove the domain client from the domain and rejoin.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>The machine trust account for this computer either does not 
+	exist or is not accessible.</EM
+>
+	</P
+><P
+>	When I try to join the domain I get the message "The machine account 
+	for this computer either does not exist or is not accessible". What's 
+	wrong?
+	</P
+><P
+>	This problem is caused by the PDC not having a suitable machine trust account. 
+	If you are using the <TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+> method to create 
+	accounts then this would indicate that it has not worked. Ensure the domain 
+	admin user system is working.
+	</P
+><P
+>	Alternatively if you are creating account entries manually then they 
+	have not been created correctly. Make sure that you have the entry 
+	correct for the machine trust account in smbpasswd file on the Samba PDC. 
+	If you added the account using an editor rather than using the smbpasswd 
+	utility, make sure that the account name is the machine NetBIOS name 
+	with a '$' appended to it ( i.e. computer_name$ ). There must be an entry 
+	in both /etc/passwd and the smbpasswd file. Some people have reported 
+	that inconsistent subnet masks between the Samba server and the NT 
+	client have caused this problem.   Make sure that these are consistent 
+	for both client and server.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
+	I get a message about my account being disabled.</EM
+>
+	</P
+><P
+>	This problem is caused by a PAM related bug in Samba 2.2.0.  This bug is 
+	fixed in 2.2.1.  Other symptoms could be unaccessible shares on 
+	NT/W2K member servers in the domain or the following error in your smbd.log:
+	passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%
+	</P
+><P
+>	At first be ensure to enable the useraccounts with <B
+CLASS="COMMAND"
+>smbpasswd -e 
+	%user%</B
+>, this is normally done, when you create an account.
+	</P
+><P
+>	In order to work around this problem in 2.2.0, configure the 
+	<TT
+CLASS="PARAMETER"
+><I
+>account</I
+></TT
+> control flag in 
+	<TT
+CLASS="FILENAME"
+>/etc/pam.d/samba</TT
+> file as follows:
+	</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	account required        pam_permit.so
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>	If you want to remain backward compatibility to samba 2.0.x use
+	<TT
+CLASS="FILENAME"
+>pam_permit.so</TT
+>, it's also possible to use 
+	<TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>. There are some bugs if you try to 
+	use <TT
+CLASS="FILENAME"
+>pam_unix.so</TT
+>, if you need this, be ensure to use
+	the most recent version of this file.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1450"
+>9.6. System Policies and Profiles</A
+></H1
+><P
+>Much of the information necessary to implement System Policies and
+Roving User Profiles in a Samba domain is the same as that for 
+implementing these same items in a Windows NT 4.0 domain. 
+You should read the white paper <A
+HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp"
+TARGET="_top"
+>Implementing
+Profiles and Policies in Windows NT 4.0</A
+> available from Microsoft.</P
+><P
+>Here are some additional details:</P
+><P
+></P
+><UL
+><LI
+><P
+>	<EM
+>What about Windows NT Policy Editor?</EM
+>
+	</P
+><P
+>	To create or edit <TT
+CLASS="FILENAME"
+>ntconfig.pol</TT
+> you must use 
+	the NT Server Policy Editor, <B
+CLASS="COMMAND"
+>poledit.exe</B
+>	which 
+	is included with NT Server but <EM
+>not NT Workstation</EM
+>. 
+	There is a Policy Editor on a NTws 
+	but it is not suitable for creating <EM
+>Domain Policies</EM
+>. 
+	Further, although the Windows 95 
+	Policy Editor can be installed on an NT Workstation/Server, it will not
+	work with NT policies because the registry key that are set by the policy templates. 
+	However, the files from the NT Server will run happily enough on an NTws. 	
+	You need <TT
+CLASS="FILENAME"
+>poledit.exe, common.adm</TT
+> and <TT
+CLASS="FILENAME"
+>winnt.adm</TT
+>. It is convenient
+	to put the two *.adm files in <TT
+CLASS="FILENAME"
+>c:\winnt\inf</TT
+> which is where
+	the binary will look for them unless told otherwise. Note also that that 
+	directory is 'hidden'.
+	</P
+><P
+>	The Windows NT policy editor is also included with the Service Pack 3 (and 
+	later) for Windows NT 4.0. Extract the files using <B
+CLASS="COMMAND"
+>servicepackname /x</B
+>, 
+	i.e. that's <B
+CLASS="COMMAND"
+>Nt4sp6ai.exe /x</B
+> for service pack 6a.  The policy editor, 
+	<B
+CLASS="COMMAND"
+>poledit.exe</B
+> and the associated template files (*.adm) should
+	be extracted as well.  It is also possible to downloaded the policy template 
+	files for Office97 and get a copy of the policy editor.  Another possible 
+	location is with the Zero Administration Kit available for download from Microsoft.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>Can Win95 do Policies?</EM
+>
+	</P
+><P
+>	Install the group policy handler for Win9x to pick up group 
+	policies.   Look on the Win98 CD in <TT
+CLASS="FILENAME"
+>\tools\reskit\netadmin\poledit</TT
+>. 
+	Install group policies on a Win9x client by double-clicking 
+	<TT
+CLASS="FILENAME"
+>grouppol.inf</TT
+>. Log off and on again a couple of 
+	times and see if Win98 picks up group policies.  Unfortunately this needs 
+	to be done on every Win9x machine that uses group policies....
+	</P
+><P
+>	If group policies don't work one reports suggests getting the updated 
+	(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
+	from /etc/group.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>How do I get 'User Manager' and 'Server Manager'</EM
+>
+	</P
+><P
+>	Since I don't need to buy an NT Server CD now, how do I get 
+	the 'User Manager for Domains', the 'Server Manager'?
+	</P
+><P
+>	Microsoft distributes a version of these tools called nexus for 
+	installation on Windows 95 systems.  The tools set includes
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Server Manager</P
+></LI
+><LI
+><P
+>User Manager for Domains</P
+></LI
+><LI
+><P
+>Event Viewer</P
+></LI
+></UL
+><P
+>	Click here to download the archived file <A
+HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"
+TARGET="_top"
+>ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A
+>
+	</P
+><P
+>	The Windows NT 4.0 version of the 'User Manager for 
+	Domains' and 'Server Manager' are available from Microsoft via ftp 
+	from <A
+HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"
+TARGET="_top"
+>ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A
+>
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1494"
+>9.7. What other help can I get?</A
+></H1
+><P
+>There are many sources of information available in the form 
+of mailing lists, RFC's and documentation.  The docs that come 
+with the samba distribution contain very good explanations of 
+general SMB topics such as browsing.</P
+><P
+></P
+><UL
+><LI
+><P
+>	<EM
+>What are some diagnostics tools I can use to debug the domain logon 
+	process and where can I	find them?</EM
+>
+	</P
+><P
+>	One of the best diagnostic tools for debugging problems is Samba itself.  
+	You can use the -d option for both smbd and nmbd to specify what 
+	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
+	smb.conf for more information on debugging options.  The debug 
+	level can range from 1 (the default) to 10 (100 for debugging passwords).
+	</P
+><P
+>	Another helpful method of debugging is to compile samba using the 
+	<B
+CLASS="COMMAND"
+>gcc -g </B
+> flag.   This will include debug 
+	information in the binaries and allow you to attach gdb to the 
+	running smbd / nmbd process.  In order to attach gdb to an smbd 
+	process for an NT workstation, first get the workstation to make the 
+	connection. Pressing ctrl-alt-delete and going down to the domain box 
+	is sufficient (at least, on the first time you join the domain) to 
+	generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation 
+	maintains an open connection, and therefore there will be an smbd 
+	process running (assuming that you haven't set a really short smbd 
+	idle timeout)  So, in between pressing ctrl alt delete, and actually 
+	typing in your password, you can gdb attach and continue.
+	</P
+><P
+>	Some useful samba commands worth investigating:
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>testparam | more</P
+></LI
+><LI
+><P
+>smbclient -L //{netbios name of server}</P
+></LI
+></UL
+><P
+>	An SMB enabled version of tcpdump is available from 
+	<A
+HREF="http://www.tcpdump.org/"
+TARGET="_top"
+>http://www.tcpdup.org/</A
+>.
+	Ethereal, another good packet sniffer for Unix and Win32
+	hosts, can be downloaded from <A
+HREF="http://www.ethereal.com/"
+TARGET="_top"
+>http://www.ethereal.com</A
+>.
+	</P
+><P
+>	For tracing things on the Microsoft Windows NT, Network Monitor 
+	(aka. netmon) is available on the Microsoft Developer Network CD's, 
+	the Windows NT Server install CD and the SMS CD's.  The version of 
+	netmon that ships with SMS allows for dumping packets between any two 
+	computers (i.e. placing the network interface in promiscuous mode).  
+	The version on the NT Server install CD will only allow monitoring 
+	of network traffic directed to the local NT box and broadcasts on the 
+	local subnet.  Be aware that Ethereal can read and write netmon 
+	formatted files.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>How do I install 'Network Monitor' on an NT Workstation 
+	or a Windows 9x box?</EM
+>
+	</P
+><P
+>	Installing netmon on an NT workstation requires a couple 
+	of steps.  The following are for installing Netmon V4.00.349, which comes 
+	with Microsoft Windows NT Server 4.0, on Microsoft Windows NT 
+	Workstation 4.0.  The process should be similar for other version of 
+	Windows NT / Netmon.  You will need both the Microsoft Windows 
+	NT Server 4.0 Install CD and the Workstation 4.0 Install CD.
+	</P
+><P
+>	Initially you will need to install 'Network Monitor Tools and Agent' 
+	on the NT Server.  To do this 
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Goto Start - Settings - Control Panel - 
+		Network - Services - Add </P
+></LI
+><LI
+><P
+>Select the 'Network Monitor Tools and Agent' and 
+		click on 'OK'.</P
+></LI
+><LI
+><P
+>Click 'OK' on the Network Control Panel.
+		</P
+></LI
+><LI
+><P
+>Insert the Windows NT Server 4.0 install CD 
+		when prompted.</P
+></LI
+></UL
+><P
+>	At this point the Netmon files should exist in 
+	<TT
+CLASS="FILENAME"
+>%SYSTEMROOT%\System32\netmon\*.*</TT
+>.    
+	Two subdirectories exist as well, <TT
+CLASS="FILENAME"
+>parsers\</TT
+> 
+	which contains the necessary DLL's for parsing the netmon packet 
+	dump, and <TT
+CLASS="FILENAME"
+>captures\</TT
+>.
+	</P
+><P
+>	In order to install the Netmon tools on an NT Workstation, you will 
+	first need to install the 'Network  Monitor Agent' from the Workstation 
+	install CD.
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Goto Start - Settings - Control Panel - 
+		Network - Services - Add</P
+></LI
+><LI
+><P
+>Select the 'Network Monitor Agent' and click 
+		on 'OK'.</P
+></LI
+><LI
+><P
+>Click 'OK' on the Network Control Panel.
+		</P
+></LI
+><LI
+><P
+>Insert the Windows NT Workstation 4.0 install 
+		CD when prompted.</P
+></LI
+></UL
+><P
+>	Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* 
+	to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set 
+	permissions as  you deem appropriate for your site. You will need 
+	administrative rights on the NT box to run netmon.
+	</P
+><P
+>	To install Netmon on a Windows 9x box install the network monitor agent 
+	from the Windows 9x CD (\admin\nettools\netmon).  There is a readme 
+	file located with the netmon driver files on the CD if you need 
+	information on how to do this.  Copy the files from a working 
+	Netmon installation.
+	</P
+></LI
+><LI
+><P
+>	The following is a list if helpful URLs and other links:
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Home of Samba site <A
+HREF="http://samba.org"
+TARGET="_top"
+>        http://samba.org</A
+>. We have a mirror near you !</P
+></LI
+><LI
+><P
+> The <EM
+>Development</EM
+> document 
+	on the Samba mirrors might mention your problem. If so,
+	it might mean that the developers are working on it.</P
+></LI
+><LI
+><P
+>See how Scott Merrill simulates a BDC behavior at 
+        <A
+HREF="http://www.skippy.net/linux/smb-howto.html"
+TARGET="_top"
+>        http://www.skippy.net/linux/smb-howto.html</A
+>. </P
+></LI
+><LI
+><P
+>Although 2.0.7 has almost had its day as a PDC, David Bannon will
+        keep the 2.0.7 PDC pages at <A
+HREF="http://bioserve.latrobe.edu.au/samba"
+TARGET="_top"
+>        http://bioserve.latrobe.edu.au/samba</A
+> going for a while yet.</P
+></LI
+><LI
+><P
+>Misc links to CIFS information 
+        <A
+HREF="http://samba.org/cifs/"
+TARGET="_top"
+>http://samba.org/cifs/</A
+></P
+></LI
+><LI
+><P
+>NT Domains for Unix <A
+HREF="http://mailhost.cb1.com/~lkcl/ntdom/"
+TARGET="_top"
+>        http://mailhost.cb1.com/~lkcl/ntdom/</A
+></P
+></LI
+><LI
+><P
+>FTP site for older SMB specs: 
+        <A
+HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/"
+TARGET="_top"
+>        ftp://ftp.microsoft.com/developr/drg/CIFS/</A
+></P
+></LI
+></UL
+></LI
+></UL
+><P
+></P
+><UL
+><LI
+><P
+>	<EM
+>How do I get help from the mailing lists?</EM
+>
+	</P
+><P
+>	There are a number of Samba related mailing lists. Go to <A
+HREF="http://samba.org"
+TARGET="_top"
+>http://samba.org</A
+>, click on your nearest mirror
+	and then click on <B
+CLASS="COMMAND"
+>Support</B
+> and then click on <B
+CLASS="COMMAND"
+>	Samba related mailing lists</B
+>.
+	</P
+><P
+>	For questions relating to Samba TNG go to
+	<A
+HREF="http://www.samba-tng.org/"
+TARGET="_top"
+>http://www.samba-tng.org/</A
+> 
+	It has been requested that you don't post questions about Samba-TNG to the
+	main stream Samba lists.</P
+><P
+>	If you post a message to one of the lists please observe the following guide lines :
+	</P
+><P
+></P
+><UL
+><LI
+><P
+> Always remember that the developers are volunteers, they are 
+		not paid and they never guarantee to produce a particular feature at 
+		a particular time. Any time lines are 'best guess' and nothing more.
+		</P
+></LI
+><LI
+><P
+> Always mention what version of samba you are using and what 
+		operating system its running under. You should probably list the
+        relevant sections of your smb.conf file, at least the options 
+        in [global] that affect PDC support.</P
+></LI
+><LI
+><P
+>In addition to the version, if you obtained Samba via
+        CVS mention the date when you last checked it out.</P
+></LI
+><LI
+><P
+> Try and make your question clear and brief, lots of long, 
+		convoluted questions get deleted before	they are completely read ! 
+		Don't post html encoded messages (if you can select colour or font 
+		size its html).</P
+></LI
+><LI
+><P
+> If you run one of those nifty 'I'm on holidays' things when 
+		you are away, make sure its configured	to not answer mailing lists.
+		</P
+></LI
+><LI
+><P
+> Don't cross post. Work out which is the best list to post to 
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
+        Many people active on the lists subscribe to more 
+		than one list and get annoyed to see the same message two or more times. 
+		Often someone will see a message and thinking it would be better dealt 
+		with on another, will forward it on for you.</P
+></LI
+><LI
+><P
+>You might include <EM
+>partial</EM
+>
+        log files written at a debug level set to as much as 20.  
+        Please don't send the entire log but enough to give the context of the 
+        error messages.</P
+></LI
+><LI
+><P
+>(Possibly) If you have a complete netmon trace ( from the opening of 
+        the pipe to the error ) you can send the *.CAP file as well.</P
+></LI
+><LI
+><P
+>Please think carefully before attaching a document to an email.
+        Consider pasting the relevant parts into the body of the message. The samba
+        mailing lists go to a huge number of people, do they all need a copy of your 
+        smb.conf in their attach directory?</P
+></LI
+></UL
+></LI
+><LI
+><P
+>	<EM
+>How do I get off the mailing lists?</EM
+>
+	</P
+><P
+>To have your name removed from a samba mailing list, go to the
+	same place you went to to get on it. Go to <A
+HREF="http://lists.samba.org/"
+TARGET="_top"
+>http://lists.samba.org</A
+>, 
+	click on your nearest mirror and then click on <B
+CLASS="COMMAND"
+>Support</B
+> and 
+	then click on <B
+CLASS="COMMAND"
+> Samba related mailing lists</B
+>. Or perhaps see 
+	<A
+HREF="http://lists.samba.org/mailman/roster/samba-ntdom"
+TARGET="_top"
+>here</A
+>
+	</P
+><P
+>	Please don't post messages to the list asking to be removed, you will just
+	be referred to the above address (unless that process failed in some way...)
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1608"
+>9.8. Domain Control for Windows 9x/ME</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>The following section contains much of the original 
+DOMAIN.txt file previously included with Samba.  Much of 
+the material is based on what went into the book <EM
+>Special 
+Edition, Using Samba</EM
+>, by Richard Sharpe.</P
+></BLOCKQUOTE
+></DIV
+><P
+>A domain and a workgroup are exactly the same thing in terms of network
+browsing.  The difference is that a distributable authentication
+database is associated with a domain, for secure login access to a
+network.  Also, different access rights can be granted to users if they
+successfully authenticate against a domain logon server (NT server and 
+other systems based on NT server support this, as does at least Samba TNG now).</P
+><P
+>The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+Network browsing functionality of domains and workgroups is
+identical and is explained in BROWSING.txt. It should be noted, that browsing
+is totally orthogonal to logon support.</P
+><P
+>Issues related to the single-logon network model are discussed in this
+section.  Samba supports domain logons, network logon scripts, and user
+profiles for MS Windows for workgroups and MS Windows 9X/ME clients
+which will be the focus of this section.</P
+><P
+>When an SMB client in a domain wishes to logon it broadcast requests for a
+logon server.  The first one to reply gets the job, and validates its
+password using whatever mechanism the Samba administrator has installed.
+It is possible (but very stupid) to create a domain where the user
+database is not shared between servers, i.e. they are effectively workgroup
+servers advertising themselves as participating in a domain.  This
+demonstrates how authentication is quite different from but closely
+involved with domains.</P
+><P
+>Using these features you can make your clients verify their logon via
+the Samba server; make clients run a batch file when they logon to
+the network and download their preferences, desktop and start menu.</P
+><P
+>Before launching into the configuration instructions, it is 
+worthwhile lookingat how a Windows 9x/ME client performs a logon:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	The client broadcasts (to the IP broadcast address of the subnet it is in)
+	a NetLogon request. This is sent to the NetBIOS name DOMAIN&#60;1c&#62; at the
+	NetBIOS layer.  The client chooses the first response it receives, which
+	contains the NetBIOS name of the logon server to use in the format of 
+	\\SERVER.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to that server, logs on (does an SMBsessetupX) and
+	then connects to the IPC$ share (using an SMBtconX).
+	</P
+></LI
+><LI
+><P
+>	The client then does a NetWkstaUserLogon request, which retrieves the name
+	of the user's logon script. 
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the NetLogon share and searches for this 	
+	and if it is found and can be read, is retrieved and executed by the client.
+	After this, the client disconnects from the NetLogon share.
+	</P
+></LI
+><LI
+><P
+>	The client then sends a NetUserGetInfo request to the server, to retrieve
+	the user's home share, which is used to search for profiles. Since the
+	response to the NetUserGetInfo request does not contain much more 	
+	the user's home share, profiles for Win9X clients MUST reside in the user
+	home directory.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the user's home share and searches for the 
+	user's profile. As it turns out, you can specify the user's home share as
+	a sharename and path. For example, \\server\fred\.profile.
+	If the profiles are found, they are implemented.
+	</P
+></LI
+><LI
+><P
+>	The client then disconnects from the user's home share, and reconnects to
+	the NetLogon share and looks for CONFIG.POL, the policies file. If this is
+	found, it is read and implemented.
+	</P
+></LI
+></OL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1634"
+>9.8.1. Configuration Instructions:	Network Logons</A
+></H2
+><P
+>The main difference between a PDC and a Windows 9x logon 
+server configuration is that</P
+><P
+></P
+><UL
+><LI
+><P
+>Password encryption is not required for a Windows 9x logon server.</P
+></LI
+><LI
+><P
+>Windows 9x/ME clients do not possess machine trust accounts.</P
+></LI
+></UL
+><P
+>Therefore, a Samba PDC will also act as a Windows 9x logon 
+server.</P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>security mode and master browsers</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>There are a few comments to make in order to tie up some 
+loose ends.  There has been much debate over the issue of whether
+or not it is ok to configure Samba as a Domain Controller in security
+modes other than <TT
+CLASS="CONSTANT"
+>USER</TT
+>.  The only security mode 
+which  will not work due to technical reasons is <TT
+CLASS="CONSTANT"
+>SHARE</TT
+>
+mode security.  <TT
+CLASS="CONSTANT"
+>DOMAIN</TT
+> and <TT
+CLASS="CONSTANT"
+>SERVER</TT
+>
+mode security is really just a variation on SMB user level security.</P
+><P
+>Actually, this issue is also closely tied to the debate on whether 
+or not Samba must be the domain master browser for its workgroup
+when operating as a DC.  While it may technically be possible
+to configure a server as such (after all, browsing and domain logons
+are two distinctly different functions), it is not a good idea to
+so.  You should remember that the DC must register the DOMAIN#1b NetBIOS 
+name.  This is the name used by Windows clients to locate the DC.
+Windows clients do not distinguish between the DC and the DMB.
+For this reason, it is very wise to configure the Samba DC as the DMB.</P
+><P
+>Now back to the issue of configuring a Samba DC to use a mode other
+than "security = user".  If a Samba host is configured to use 
+another SMB server or DC in order to validate user connection 
+requests, then it is a fact that some other machine on the network 
+(the "password server") knows more about user than the Samba host.
+99% of the time, this other host is a domain controller.  Now 
+in order to operate in domain mode security, the "workgroup" parameter
+must be set to the name of the Windows NT domain (which already 
+has a domain controller, right?)</P
+><P
+>Therefore configuring a Samba box as a DC for a domain that 
+already by definition has a PDC is asking for trouble.
+Therefore, you should always configure the Samba DC to be the DMB
+for its domain.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1653"
+>9.8.2. Configuration Instructions:	Setting up Roaming User Profiles</A
+></H2
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+><EM
+>NOTE!</EM
+> Roaming profiles support is different 
+for Win9X and WinNT.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.</P
+><P
+>Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate 
+profiles location field, only the user's home share. This means that Win9X 
+profiles are restricted to being in the user's home directory.</P
+><P
+>WinNT clients send a NetSAMLogon RPC request, which contains many fields, 
+including a separate field for the location of the user's profiles. 
+This means that support for profiles is different for Win9X and WinNT.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1661"
+>9.8.2.1. Windows NT Configuration</A
+></H3
+><P
+>To support WinNT clients, in the [global] section of smb.conf set the
+following (for example):</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile.  The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable. </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 26aug96 - we have discovered a problem where Windows clients can
+maintain a connection to the [homes] share in between logins.  The
+[homes] share must NOT therefore be used in a profile path.]</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1669"
+>9.8.2.2. Windows 9X Configuration</A
+></H3
+><P
+>To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use/home" now works as well, and it, too, relies
+on the "logon home" parameter.</P
+><P
+>By using the logon home parameter, you are restricted to putting Win9X 
+profiles in the user's home directory.   But wait! There is a trick you 
+can use. If you set the following in the [global] section of your 
+smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).</P
+><P
+>Not only that, but 'net use/home' will also work, because of a feature in 
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1677"
+>9.8.2.3. Win9X and WinNT Configuration</A
+></H3
+><P
+>You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U</PRE
+></TD
+></TR
+></TABLE
+></P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1684"
+>9.8.2.4. Windows 9X Profile Setup</A
+></H3
+><P
+>When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each.  You will need to use the [global]
+options "preserve case = yes", "short preserve case = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.</P
+><P
+>The user.DAT file contains all the user's preferences.  If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Passwords and
+	select the User Profiles tab.  Select the required level of
+	roaming preferences.  Press OK, but do _not_ allow the computer
+	to reboot.
+	</P
+></LI
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Network |
+	Client for Microsoft Networks | Preferences.  Select 'Log on to
+	NT Domain'.  Then, ensure that the Primary Logon is 'Client for
+	Microsoft Networks'.  Press OK, and this time allow the computer
+	to reboot.
+	</P
+></LI
+></OL
+><P
+>Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server.  If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.</P
+><P
+>You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password].  Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.</P
+><P
+>Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences?  Select 'yes'.</P
+><P
+>Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.</P
+><P
+>These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.</P
+><P
+>If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile.  Basically, if
+you have any errors reported by the w95 machine, check the Unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.</P
+><P
+>If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below.  When this user then next logs in,
+they will be told that they are logging in "for the first time".</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	instead of logging in under the [user, password, domain] dialog,
+	press escape.
+	</P
+></LI
+><LI
+><P
+>	run the regedit.exe program, and look in:
+	</P
+><P
+>	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+	</P
+><P
+>	you will find an entry, for each user, of ProfilePath.  Note the
+	contents of this key (likely to be c:\windows\profiles\username),
+	then delete the key ProfilePath for the required user.
+	</P
+><P
+>	[Exit the registry editor].
+	</P
+></LI
+><LI
+><P
+>	<EM
+>WARNING</EM
+> - before deleting the contents of the 
+	directory listed in
+   the ProfilePath (this is likely to be c:\windows\profiles\username),
+   ask them if they have any important files stored on their desktop
+   or in their start menu.  delete the contents of the directory
+   ProfilePath (making a backup if any of the files are needed).
+	</P
+><P
+>   This will have the effect of removing the local (read-only hidden
+   system file) user.DAT in their profile directory, as well as the
+   local "desktop", "nethood", "start menu" and "programs" folders.
+	</P
+></LI
+><LI
+><P
+>	search for the user's .PWL password-caching file in the c:\windows
+	directory, and delete it.
+	</P
+></LI
+><LI
+><P
+>	log off the windows 95 client.
+	</P
+></LI
+><LI
+><P
+>	check the contents of the profile path (see "logon path" described
+	above), and delete the user.DAT or user.MAN file for the user,
+	making a backup if required.  
+	</P
+></LI
+></OL
+><P
+>If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.</P
+><P
+>If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server.  Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1720"
+>9.8.2.5. Windows NT Workstation 4.0</A
+></H3
+><P
+>When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created.  The profile location can be now specified
+through the "logon path" parameter.  </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i tried setting the path to
+\\samba-server\homes\profile, and discovered that this fails because
+a background process maintains the connection to the [homes] share
+which does _not_ close down in between user logins.  you have to
+have \\samba-server\%L\profile, where user is the username created
+from the [homes] share].</P
+></BLOCKQUOTE
+></DIV
+><P
+>There is a parameter that is now available for use with NT Profiles:
+"logon drive".  This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.</P
+><P
+>The entry for the NT 4.0 profile is a _directory_ not a file.  The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension.  The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension)
+[lkcl 10aug97 - i found that the creation of the .PDS directory failed,
+and had to create these manually for each user, with a shell script.
+also, i presume, but have not tested, that the full profile path must
+be browseable just as it is for w95, due to the manner in which they
+attempt to create the full profile path: test existence of each path
+component; create path component].</P
+><P
+>In the profile directory, NT creates more folders than 95.  It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs".  The profile itself is stored in a file
+NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.</P
+><P
+>You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you).  The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i notice that NT Workstation tells me that it is
+downloading a profile from a slow link.  whether this is actually the
+case, or whether there is some configuration issue, as yet unknown,
+that makes NT Workstation _think_ that the link is a slow one is a
+matter to be resolved].</P
+><P
+>[lkcl 20aug97 - after samba digest correspondence, one user found, and
+another confirmed, that profiles cannot be loaded from a samba server
+unless "security = user" and "encrypt passwords = yes" (see the file
+ENCRYPTION.txt) or "security = server" and "password server = ip.address.
+of.yourNTserver" are used.  Either of these options will allow the NT
+workstation to access the samba server using LAN manager encrypted
+passwords, without the user intervention normally required by NT
+workstation for clear-text passwords].</P
+><P
+>[lkcl 25aug97 - more comments received about NT profiles: the case of
+the profile _matters_.  the file _must_ be called NTuser.DAT or, for
+a mandatory profile, NTuser.MAN].</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1733"
+>9.8.2.6. Windows NT Server</A
+></H3
+><P
+>There is nothing to stop you specifying any path that you like for the
+location of users' profiles.  Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1736"
+>9.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</A
+></H3
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Potentially outdated or incorrect material follows</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>I think this is all bogus, but have not deleted it. (Richard Sharpe)</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>The default logon path is \\%N\U%.  NT Workstation will attempt to create
+a directory "\\samba-server\username.PDS" if you specify the logon path
+as "\\samba-server\username" with the NT User Manager.  Therefore, you
+will need to specify (for example) "\\samba-server\username\profile".
+NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which
+is more likely to succeed.</P
+><P
+>If you then want to share the same Start Menu / Desktop with W95, you will
+need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97
+this has its drawbacks: i created a shortcut to telnet.exe, which attempts
+to run from the c:\winnt\system32 directory.  this directory is obviously
+unlikely to exist on a Win95-only host].</P
+><P
+>&#13;If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 25aug97 - there are some issues to resolve with downloading of
+NT profiles, probably to do with time/date stamps.  i have found that
+NTuser.DAT is never updated on the workstation after the first time that
+it is copied to the local workstation profile directory.  this is in
+contrast to w95, where it _does_ transfer / update profiles correctly].</P
+></BLOCKQUOTE
+></DIV
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1746"
+>9.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+></H1
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Possibly Outdated Material</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	This appendix was originally authored by John H Terpstra of 
+	the Samba Team and is included here for posterity.
+	</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+><EM
+>NOTE :</EM
+> 
+The term "Domain Controller" and those related to it refer to one specific
+method of authentication that can underly an SMB domain. Domain Controllers
+prior to Windows NT Server 3.1 were sold by various companies and based on 
+private extensions to the LAN Manager 2.1 protocol. Windows NT introduced
+Microsoft-specific ways of distributing the user authentication database.
+See DOMAIN.txt for examples of how Samba can participate in or create
+SMB domains based on shared authentication database schemes other than the 
+Windows NT SAM.</P
+><P
+>Windows NT Server can be installed as either a plain file and print server
+(WORKGROUP workstation or server) or as a server that participates in Domain
+Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
+The same is true for OS/2 Warp Server, Digital Pathworks and other similar
+products, all of which can participate in Domain Control along with Windows NT.</P
+><P
+>To many people these terms can be confusing, so let's try to clear the air.</P
+><P
+>Every Windows NT system (workstation or server) has a registry database.
+The registry contains entries that describe the initialization information
+for all services (the equivalent of Unix Daemons) that run within the Windows
+NT environment. The registry also contains entries that tell application
+software where to find dynamically loadable libraries that they depend upon.
+In fact, the registry contains entries that describes everything that anything
+may need to know to interact with the rest of the system.</P
+><P
+>The registry files can be located on any Windows NT machine by opening a
+command prompt and typing:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINNT\&#62;</TT
+> dir %SystemRoot%\System32\config</P
+><P
+>The environment variable %SystemRoot% value can be obtained by typing:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINNT&#62;</TT
+>echo %SystemRoot%</P
+><P
+>The active parts of the registry that you may want to be familiar with are
+the files called: default, system, software, sam and security.</P
+><P
+>In a domain environment, Microsoft Windows NT domain controllers participate
+in replication of the SAM and SECURITY files so that all controllers within
+the domain have an exactly identical copy of each.</P
+><P
+>The Microsoft Windows NT system is structured within a security model that
+says that all applications and services must authenticate themselves before
+they can obtain permission from the security manager to do what they set out
+to do.</P
+><P
+>The Windows NT User database also resides within the registry. This part of
+the registry contains the user's security identifier, home directory, group
+memberships, desktop profile, and so on.</P
+><P
+>Every Windows NT system (workstation as well as server) will have its own
+registry. Windows NT Servers that participate in Domain Security control
+have a database that they share in common - thus they do NOT own an
+independent full registry database of their own, as do Workstations and
+plain Servers.</P
+><P
+>The User database is called the SAM (Security Access Manager) database and
+is used for all user authentication as well as for authentication of inter-
+process authentication (i.e. to ensure that the service action a user has
+requested is permitted within the limits of that user's privileges).</P
+><P
+>The Samba team have produced a utility that can dump the Windows NT SAM into 
+smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and
+/pub/samba/pwdump on your nearest Samba mirror for the utility. This 
+facility is useful but cannot be easily used to implement SAM replication
+to Samba systems.</P
+><P
+>Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
+can participate in a Domain security system that is controlled by Windows NT
+servers that have been correctly configured. Almost every domain will have
+ONE Primary Domain Controller (PDC). It is desirable that each domain will
+have at least one Backup Domain Controller (BDC).</P
+><P
+>The PDC and BDCs then participate in replication of the SAM database so that
+each Domain Controlling participant will have an up to date SAM component
+within its registry.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="SAMBA-BDC"
+>Chapter 10. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN1782"
+>10.1. Prerequisite Reading</A
+></H1
+><P
+>Before you continue reading in this chapter, please make sure
+that you are comfortable with configuring a Samba PDC
+as described in the <A
+HREF="Samba-PDC-HOWTO.html"
+TARGET="_top"
+>Samba-PDC-HOWTO</A
+>.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1786"
+>10.2. Background</A
+></H1
+><P
+>What is a Domain Controller? It is a machine that is able to answer
+logon requests from workstations in a Windows NT Domain. Whenever a
+user logs into a Windows NT Workstation, the workstation connects to a
+Domain Controller and asks him whether the username and password the
+user typed in is correct.  The Domain Controller replies with a lot of
+information about the user, for example the place where the users
+profile is stored, the users full name of the user. All this
+information is stored in the NT user database, the so-called SAM.</P
+><P
+>There are two kinds of Domain Controller in a NT 4 compatible Domain:
+A Primary Domain Controller (PDC) and one or more Backup Domain
+Controllers (BDC). The PDC contains the master copy of the
+SAM. Whenever the SAM has to change, for example when a user changes
+his password, this change has to be done on the PDC. A Backup Domain
+Controller is a machine that maintains a read-only copy of the
+SAM. This way it is able to reply to logon requests and authenticate
+users in case the PDC is not available. During this time no changes to
+the SAM are possible. Whenever changes to the SAM are done on the PDC,
+all BDC receive the changes from the PDC.</P
+><P
+>Since version 2.2 Samba officially supports domain logons for all
+current Windows Clients, including Windows 2000 and XP. This text
+assumes the domain to be named SAMBA. To be able to act as a PDC, some
+parameters in the [global]-section of the smb.conf have to be set:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Several other things like a [homes] and a [netlogon] share also may be
+set along with settings for the profile path, the users home drive and
+others. This will not be covered in this document.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1794"
+>10.3. What qualifies a Domain Controller on the network?</A
+></H1
+><P
+>Every machine that is a Domain Controller for the domain SAMBA has to
+register the NetBIOS group name SAMBA#1c with the WINS server and/or
+by broadcast on the local network. The PDC also registers the unique
+NetBIOS name SAMBA#1b with the WINS server. The name type #1b is
+normally reserved for the domain master browser, a role that has
+nothing to do with anything related to authentication, but the
+Microsoft Domain implementation requires the domain master browser to
+be on the same machine as the PDC.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1797"
+>10.3.1. How does a Workstation find its domain controller?</A
+></H2
+><P
+>A NT workstation in the domain SAMBA that wants a local user to be
+authenticated has to find the domain controller for SAMBA. It does
+this by doing a NetBIOS name query for the group name SAMBA#1c. It
+assumes that each of the machines it gets back from the queries is a
+domain controller and can answer logon requests. To not open security
+holes both the workstation and the selected (TODO: How is the DC
+chosen) domain controller authenticate each other. After that the
+workstation sends the user's credentials (his name and password) to
+the domain controller, asking for approval.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1800"
+>10.3.2. When is the PDC needed?</A
+></H2
+><P
+>Whenever a user wants to change his password, this has to be done on
+the PDC. To find the PDC, the workstation does a NetBIOS name query
+for SAMBA#1b, assuming this machine maintains the master copy of the
+SAM. The workstation contacts the PDC, both mutually authenticate and
+the password change is done.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1803"
+>10.4. Can Samba be a Backup Domain Controller?</A
+></H1
+><P
+>With version 2.2, no. The native NT SAM replication protocols have
+not yet been fully implemented. The Samba Team is working on
+understanding and implementing the protocols, but this work has not
+been finished for version 2.2.</P
+><P
+>Can I get the benefits of a BDC with Samba?  Yes. The main reason for
+implementing a BDC is availability. If the PDC is a Samba machine,
+a second Samba machine can be set up to
+service logon requests whenever the PDC is down.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1807"
+>10.5. How do I set up a Samba BDC?</A
+></H1
+><P
+>Several things have to be done:</P
+><P
+></P
+><UL
+><LI
+><P
+>	The file <TT
+CLASS="FILENAME"
+>private/MACHINE.SID</TT
+> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> database.  This file cannot just
+	be copied because Samba looks under the key <TT
+CLASS="CONSTANT"
+>SECRETS/SID/<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+></TT
+>.
+	where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </P
+><P
+>	A new option has been added to the <B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+>
+	command to help ease this problem.  When running <B
+CLASS="COMMAND"
+>smbpasswd -S</B
+> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and stored as the
+	new Samba server's machine SID.  See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>
+	man page for more details on this functionality.
+	</P
+></LI
+><LI
+><P
+>	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</P
+></LI
+><LI
+><P
+>	The Samba password database in the file <TT
+CLASS="FILENAME"
+>private/smbpasswd</TT
+>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</P
+></LI
+><LI
+><P
+>	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</P
+></LI
+></UL
+><P
+>Finally, the BDC has to be found by the workstations. This can be done
+by setting</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+     workgroup = SAMBA
+     domain master = no
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>in the [global]-section of the smb.conf of the BDC. This makes the BDC
+only register the name SAMBA#1c with the WINS server. This is no
+problem as the name SAMBA#1c is a NetBIOS group name that is meant to
+be registered by more than one machine. The parameter 'domain master =
+no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
+name is reserved for the Primary Domain Controller.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1836"
+>10.5.1. How do I replicate the smbpasswd file?</A
+></H2
+><P
+>Replication of the smbpasswd file is sensitive. It has to be done
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
+replicating the smbpasswd file very often is necessary.</P
+><P
+>As the smbpasswd file contains plain text password equivalents, it
+must not be sent unencrypted over the wire. The best way to set up
+smbpasswd replication from the PDC to the BDC is to use the utility
+<B
+CLASS="COMMAND"
+>rsync(1)</B
+>. <B
+CLASS="COMMAND"
+>rsync</B
+> can use
+<B
+CLASS="COMMAND"
+>ssh(1)</B
+> as a transport. <B
+CLASS="COMMAND"
+>ssh</B
+> itself
+can be set up to accept <EM
+>only</EM
+> <B
+CLASS="COMMAND"
+>rsync</B
+> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.</P
+><P
+>Another solution with high potential is to use Samba's <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+for sharing and/or replicating the list of <TT
+CLASS="CONSTANT"
+>sambaAccount</TT
+> entries.
+This can all be done over SSL to ensure security.  See the <A
+HREF="Samba-LDAP-HOWTO.html"
+TARGET="_top"
+>Samba-LDAP-HOWTO</A
+>
+for more details.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="SAMBA-LDAP-HOWTO"
+>Chapter 11. Storing Samba's User/Machine Account information in an LDAP Directory</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN1867"
+>11.1. Purpose</A
+></H1
+><P
+>This document describes how to use an LDAP directory for storing Samba user
+account information traditionally stored in the smbpasswd(5) file.  It is
+assumed that the reader already has a basic understanding of LDAP concepts
+and has a working directory server already installed.  For more information
+on LDAP architectures and Directories, please refer to the following sites.</P
+><P
+></P
+><UL
+><LI
+><P
+>OpenLDAP - <A
+HREF="http://www.openldap.org/"
+TARGET="_top"
+>http://www.openldap.org/</A
+></P
+></LI
+><LI
+><P
+>iPlanet Directory Server - <A
+HREF="http://iplanet.netscape.com/directory"
+TARGET="_top"
+>http://iplanet.netscape.com/directory</A
+></P
+></LI
+></UL
+><P
+>Note that <A
+HREF="http://www.ora.com/"
+TARGET="_top"
+>O'Reilly Publishing</A
+> is working on
+a guide to LDAP for System Administrators which has a planned release date of
+late 2002.</P
+><P
+>Two additional Samba resources which may prove to be helpful are</P
+><P
+></P
+><UL
+><LI
+><P
+>The <A
+HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html"
+TARGET="_top"
+>Samba-PDC-LDAP-HOWTO</A
+>
+	maintained by Ignacio Coupeau.</P
+></LI
+><LI
+><P
+>The NT migration scripts from <A
+HREF="http://samba.idealx.org/"
+TARGET="_top"
+>IDEALX</A
+> that are
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <TT
+CLASS="FILENAME"
+>examples/LDAP/smbldap-tools/</TT
+> directory.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1888"
+>11.2. Introduction</A
+></H1
+><P
+>Traditionally, when configuring <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>"encrypt
+passwords = yes"</A
+> in Samba's <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file, user account
+information such as username, LM/NT password hashes, password change times, and account
+flags have been stored in the <TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+> file.  There are several
+disadvantages to this approach for sites with very large numbers of users (counted
+in the thousands).</P
+><P
+></P
+><UL
+><LI
+><P
+>The first is that all lookups must be performed sequentially.  Given that
+there are approximately two lookups per domain logon (one for a normal
+session connection such as when mapping a network drive or printer), this
+is a performance bottleneck for large sites.  What is needed is an indexed approach
+such as is used in databases.</P
+></LI
+><LI
+><P
+>The second problem is that administrators who desired to replicate a
+smbpasswd file to more than one Samba server were left to use external
+tools such as <B
+CLASS="COMMAND"
+>rsync(1)</B
+> and <B
+CLASS="COMMAND"
+>ssh(1)</B
+>
+and wrote custom, in-house scripts.</P
+></LI
+><LI
+><P
+>And finally, the amount of information which is stored in an
+smbpasswd entry leaves no room for additional attributes such as
+a home directory, password expiration time, or even a Relative
+Identified (RID).</P
+></LI
+></UL
+><P
+>As a result of these defeciencies, a more robust means of storing user attributes
+used by <B
+CLASS="COMMAND"
+>smbd</B
+> was developed.  The API which defines access to user accounts
+is commonly referred to as the samdb interface (previously this was called the passdb
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
+for a samdb backend (e.g. <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> or
+<TT
+CLASS="PARAMETER"
+><I
+>--with-tdbsam</I
+></TT
+>) requires compile time support.</P
+><P
+>When compiling Samba to include the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> autoconf
+option, <B
+CLASS="COMMAND"
+>smbd</B
+> (and associated tools) will store and lookup user accounts in
+an LDAP directory.  In reality, this is very easy to understand.  If you are
+comfortable with using an smbpasswd file, simply replace "smbpasswd" with
+"LDAP directory" in all the documentation.</P
+><P
+>There are a few points to stress about what the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+does not provide.  The LDAP support referred to in the this documentation does not
+include:</P
+><P
+></P
+><UL
+><LI
+><P
+>A means of retrieving user account information from
+	an Windows 2000 Active Directory server.</P
+></LI
+><LI
+><P
+>A means of replacing /etc/passwd.</P
+></LI
+></UL
+><P
+>The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
+versions of these libraries can be obtained from PADL Software
+(<A
+HREF="http://www.padl.com/"
+TARGET="_top"
+>http://www.padl.com/</A
+>).  However,
+the details of configuring these packages are beyond the scope of this document.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1919"
+>11.3. Supported LDAP Servers</A
+></H1
+><P
+>The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
+2.0 server and client libraries.  The same code should be able to work with
+Netscape's Directory Server and client SDK. However, due to lack of testing
+so far, there are bound to be compile errors and bugs.  These should not be
+hard to fix. If you are so inclined, please be sure to forward all patches to
+<A
+HREF="samba-patches@samba.org"
+TARGET="_top"
+>samba-patches@samba.org</A
+> and
+<A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1924"
+>11.4. Schema and Relationship to the RFC 2307 posixAccount</A
+></H1
+><P
+>Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
+<TT
+CLASS="FILENAME"
+>examples/LDAP/samba.schema</TT
+>.  (Note that this schema
+file has been modified since the experimental support initially included
+in 2.2.2).  The sambaAccount objectclass is given here:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file has been formatted for OpenLDAP 2.0 &#38; 2.1.  The OID's are
+owned by the Samba Team and as such is legal to be openly published.
+If you translate the schema to be used with Netscape DS, please
+submit the modified schema file as a patch to <A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+></P
+><P
+>Since the original release, schema files for</P
+><P
+></P
+><UL
+><LI
+><P
+>IBM's SecureWay Server</P
+></LI
+><LI
+><P
+>Netscape Directory Server version 4.x and 5.x</P
+></LI
+></UL
+><P
+>have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.</P
+><P
+>Just as the smbpasswd file is mean to store information which supplements a
+user's <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry, so is the sambaAccount object
+meant to supplement the UNIX user account information.  A sambaAccount is now an
+<TT
+CLASS="CONSTANT"
+>AUXILARY</TT
+> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.</P
+><P
+>In order to store all user account information (UNIX and Samba) in the directory,
+it is necessary to use the sambaAccount and posixAccount objectclasses in
+combination.  However, <B
+CLASS="COMMAND"
+>smbd</B
+> will still obtain the user's UNIX account
+information via the standard C library calls (e.g. getpwnam(), et. al.).
+This means that the Samba server must also have the LDAP NSS library installed
+and functioning correctly.  This division of information makes it possible to
+store all Samba account information in LDAP, but still maintain UNIX account
+information in NIS while the network is transitioning to a full LDAP infrastructure.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1945"
+>11.5. Configuring Samba with LDAP</A
+></H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN1947"
+>11.5.1. OpenLDAP configuration</A
+></H2
+><P
+>To include support for the sambaAccount object in an OpenLDAP directory
+server, first copy the samba.schema file to slapd's configuration directory.</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>cp samba.schema /etc/openldap/schema/</B
+></P
+><P
+>Next, include the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>.
+The sambaAccount object contains two attributes which depend upon other schema
+files.  The 'uid' attribute is defined in <TT
+CLASS="FILENAME"
+>cosine.schema</TT
+> and
+the 'displayName' attribute is defined in the <TT
+CLASS="FILENAME"
+>inetorgperson.schema</TT
+>
+file.  Both of these must be included before the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>It is recommended that you maintain some indices on some of the most usefull attributes,
+like in the following example, to speed up searches made on sambaAccount objectclasses
+(and possibly posixAccount and posixGroup as well).</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+># Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pbb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsampwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1964"
+>11.5.2. Configuring Samba</A
+></H2
+><P
+>The following parameters are available in smb.conf only with <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+was included with compiling Samba.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSSL"
+TARGET="_top"
+>ldap ssl</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSERVER"
+TARGET="_top"
+>ldap server</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPADMINDN"
+TARGET="_top"
+>ldap admin dn</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSUFFIX"
+TARGET="_top"
+>ldap suffix</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPFILTER"
+TARGET="_top"
+>ldap filter</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPPORT"
+TARGET="_top"
+>ldap port</A
+></P
+></LI
+></UL
+><P
+>These are described in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+> man
+page and so will not be repeated here.  However, a sample smb.conf file for
+use with an LDAP directory could appear as</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w <TT
+CLASS="REPLACEABLE"
+><I
+>secretpw</I
+></TT
+>' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&#38;(uid=%u)(objectclass=sambaAccount))"</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1992"
+>11.5.3. Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></H2
+><P
+>Import existing user entries from an <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> can be trivially done using
+a Perl script named <TT
+CLASS="FILENAME"
+>import_smbpasswd.pl</TT
+> included in the
+<TT
+CLASS="FILENAME"
+>examples/LDAP/</TT
+> directory of the Samba source distribution.  There are
+two main requirements of this script:</P
+><P
+></P
+><UL
+><LI
+><P
+>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</P
+></LI
+><LI
+><P
+>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <A
+HREF="http://search.cpan.org/"
+TARGET="_top"
+>http://search.cpan.org/</A
+>
+	by searching for <TT
+CLASS="FILENAME"
+>perl-ldap</TT
+> or directly from <A
+HREF="http://perl-ldap.sf.net/"
+TARGET="_top"
+>http://perl-ldap.sf.net/</A
+>.
+	</P
+></LI
+></UL
+><P
+>Please refer to the documentation in the same directory as the script for more details.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2008"
+>11.6. Accounts and Groups management</A
+></H1
+><P
+>As users accounts are managed thru the sambaAccount objectclass, you should
+modify you existing administration tools to deal with sambaAccount attributes.</P
+><P
+>Machines accounts are managed with the sambaAccount objectclass, just
+like users accounts. However, it's up to you to stored thoses accounts
+in a different tree of you LDAP namespace: you should use
+"ou=Groups,dc=plainjoe,dc=org" to store groups and
+"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
+NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
+file).</P
+><P
+>In Samba release 2.2.3, the group management system is based on posix
+groups. This meand that Samba make usage of the posixGroup objectclass.
+For now, there is no NT-like group system management (global and local
+groups).</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2013"
+>11.7. Security and sambaAccount</A
+></H1
+><P
+>There are two important points to remember when discussing the security
+of sambaAccount entries in the directory.</P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>Never</EM
+> retrieve the lmPassword or
+	ntPassword attribute values over an unencrypted LDAP session.</P
+></LI
+><LI
+><P
+><EM
+>Never</EM
+> allow non-admin users to
+	view the lmPassword or ntPassword attribute values.</P
+></LI
+></UL
+><P
+>These password hashes are clear text equivalents and can be used to impersonate
+the user without deriving the original clear text strings.  For more information
+on the details of LM/NT password hashes, refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION chapter</A
+> of the Samba-HOWTO-Collection.</P
+><P
+>To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
+to require an encrypted session (<B
+CLASS="COMMAND"
+>ldap ssl = on</B
+>) using
+the default port of 636
+when contacting the directory server.  When using an OpenLDAP 2.0 server, it
+is possible to use the use the StartTLS LDAP extended  operation in the place of
+LDAPS.  In either case, you are strongly discouraged to disable this security
+(<B
+CLASS="COMMAND"
+>ldap ssl = off</B
+>).</P
+><P
+>Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
+extended operation.  However, the OpenLDAP library still provides support for
+the older method of securing communication between clients and servers.</P
+><P
+>The second security precaution is to prevent non-administrative users from
+harvesting password hashes from the directory.  This can be done using the
+following ACL in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2033"
+>11.8. LDAP specials attributes for sambaAccounts</A
+></H1
+><P
+>The sambaAccount objectclass is composed of the following attributes:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmPassword</TT
+>: the LANMAN password 16-byte hash stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ntPassword</TT
+>: the NT password hash 16-byte stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdLastSet</TT
+>: The integer time in seconds since 1970 when the
+	<TT
+CLASS="CONSTANT"
+>lmPassword</TT
+> and <TT
+CLASS="CONSTANT"
+>ntPassword</TT
+> attributes were last set.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>acctFlags</TT
+>: string of 11 characters surrounded by square brackets []
+	representing account flags such as U (user), W(workstation), X(no password expiration), and
+	D(disabled).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logonTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>kickoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdCanChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdMustChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>homeDrive</TT
+>: specifies the drive letter to which to map the
+	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
+	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>scriptPath</TT
+>: The scriptPath property specifies the path of
+	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
+	is relative to the netlogon share.  Refer to the "logon script" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>profilePath</TT
+>: specifies a path to the user's profile.
+	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
+	"logon path" parameter in the smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>smbHome</TT
+>: The homeDirectory property specifies the path of
+	the home directory for the user. The string can be null. If homeDrive is set and specifies
+	a drive letter, homeDirectory should be a UNC path. The path must be a network
+	UNC path of the form \\server\share\directory. This value can be a null string.
+	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>userWorkstation</TT
+>: character string value currently unused.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>rid</TT
+>: the integer representation of the user's relative identifier
+	(RID).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>primaryGroupID</TT
+>: the relative identifier (RID) of the primary group
+	of the user.</P
+></LI
+></UL
+><P
+>The majority of these parameters are only used when Samba is acting as a PDC of
+a domain (refer to the <A
+HREF="Samba-PDC-HOWTO.html"
+TARGET="_top"
+>Samba-PDC-HOWTO</A
+> for details on
+how to configure Samba as a Primary Domain Controller). The following four attributes
+are only stored with the sambaAccount entry if the values are non-default values:</P
+><P
+></P
+><UL
+><LI
+><P
+>smbHome</P
+></LI
+><LI
+><P
+>scriptPath</P
+></LI
+><LI
+><P
+>logonPath</P
+></LI
+><LI
+><P
+>homeDrive</P
+></LI
+></UL
+><P
+>These attributes are only stored with the sambaAccount entry if
+the values are non-default values.  For example, assume TASHTEGO has now been
+configured as a PDC and that <B
+CLASS="COMMAND"
+>logon home = \\%L\%u</B
+> was defined in
+its <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. When a user named "becky" logons to the domain,
+the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> string is expanded to \\TASHTEGO\becky.
+If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
+this value is used.  However, if this attribute does not exist, then the value
+of the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> parameter is used in its place.  Samba
+will only write the attribute value to the directory entry is the value is
+something other than the default (e.g. \\MOBY\becky).</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2103"
+>11.9. Example LDIF Entries for a sambaAccount</A
+></H1
+><P
+>The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The following is an LDIF entry for using both the sambaAccount and
+posixAccount objectclasses:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2111"
+>11.10. Comments</A
+></H1
+><P
+>Please mail all comments regarding this HOWTO to <A
+HREF="mailto:jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.  This documents was
+last updated to reflect the Samba 2.2.5 release.&#13;</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="WINBIND"
+>Chapter 12. Unified Logons between Windows NT and UNIX using Winbind</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN2140"
+>12.1. Abstract</A
+></H1
+><P
+>Integration of UNIX and Microsoft Windows NT through 
+	a unified logon has been considered a "holy grail" in heterogeneous 
+	computing environments for a long time. We present 
+	<EM
+>winbind</EM
+>, a component of the Samba suite 
+	of programs as a solution to the unified logon problem. Winbind 
+	uses a UNIX implementation 
+	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
+	Service Switch to allow Windows NT domain users to appear and operate 
+	as UNIX users on a UNIX machine. This paper describes the winbind 
+	system, explaining the functionality it provides, how it is configured, 
+	and how it works internally.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2144"
+>12.2. Introduction</A
+></H1
+><P
+>It is well known that UNIX and Microsoft Windows NT have 
+	different models for representing user and group information and 
+	use different technologies for implementing them. This fact has 
+	made it difficult to integrate the two systems in a satisfactory 
+	manner.</P
+><P
+>One common solution in use today has been to create 
+	identically named user accounts on both the UNIX and Windows systems 
+	and use the Samba suite of programs to provide file and print services 
+	between the two. This solution is far from perfect however, as 
+	adding and deleting users on both sets of machines becomes a chore 
+	and two sets of passwords are required both of which
+	can lead to synchronization problems between the UNIX and Windows 
+	systems and confusion for users.</P
+><P
+>We divide the unified logon problem for UNIX machines into 
+	three smaller problems:</P
+><P
+></P
+><UL
+><LI
+><P
+>Obtaining Windows NT user and group information
+		</P
+></LI
+><LI
+><P
+>Authenticating Windows NT users
+		</P
+></LI
+><LI
+><P
+>Password changing for Windows NT users
+		</P
+></LI
+></UL
+><P
+>Ideally, a prospective solution to the unified logon problem 
+	would satisfy all the above components without duplication of 
+	information on the UNIX machines and without creating additional 
+	tasks for the system administrator when maintaining users and 
+	groups on either system. The winbind system provides a simple 
+	and elegant solution to all three components of the unified logon 
+	problem.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2157"
+>12.3. What Winbind Provides</A
+></H1
+><P
+>Winbind unifies UNIX and Windows NT account management by 
+	allowing a UNIX box to become a full member of a NT domain. Once 
+	this is done the UNIX box will see NT users and groups as if 
+	they were native UNIX users and groups, allowing the NT domain 
+	to be used in much the same manner that NIS+ is used within 
+	UNIX-only environments.</P
+><P
+>The end result is that whenever any 
+	program on the UNIX machine asks the operating system to lookup 
+	a user or group name, the query will be resolved by asking the 
+	NT domain controller for the specified domain to do the lookup.
+	Because Winbind hooks into the operating system at a low level 
+	(via the NSS name resolution modules in the C library) this 
+	redirection to the NT domain controller is completely 
+	transparent.</P
+><P
+>Users on the UNIX machine can then use NT user and group 
+	names as they would use "native" UNIX names. They can chown files 
+	so that they are owned by NT domain users or even login to the 
+	UNIX machine and run a UNIX X-Window session as a domain user.</P
+><P
+>The only obvious indication that Winbind is being used is 
+	that user and group names take the form DOMAIN\user and 
+	DOMAIN\group. This is necessary as it allows Winbind to determine 
+	that redirection to a domain controller is wanted for a particular 
+	lookup and which trusted domain is being referenced.</P
+><P
+>Additionally, Winbind provides an authentication service 
+	that hooks into the Pluggable Authentication Modules (PAM) system 
+	to provide authentication via a NT domain to any PAM enabled 
+	applications. This capability solves the problem of synchronizing 
+	passwords between systems since all passwords are stored in a single 
+	location (on the domain controller).</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2164"
+>12.3.1. Target Uses</A
+></H2
+><P
+>Winbind is targeted at organizations that have an 
+		existing NT based domain infrastructure into which they wish 
+		to put UNIX workstations or servers. Winbind will allow these 
+		organizations to deploy UNIX workstations without having to 
+		maintain a separate account infrastructure. This greatly 
+		simplifies the administrative overhead of deploying UNIX 
+		workstations into a NT based organization.</P
+><P
+>Another interesting way in which we expect Winbind to 
+		be used is as a central part of UNIX based appliances. Appliances
+		that provide file and print services to Microsoft based networks 
+		will be able to use Winbind to provide seamless integration of 
+		the appliance into the domain.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2168"
+>12.4. How Winbind Works</A
+></H1
+><P
+>The winbind system is designed around a client/server 
+	architecture. A long running <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+	listens on a UNIX domain socket waiting for requests
+	to arrive. These requests are generated by the NSS and PAM 
+	clients and processed sequentially.</P
+><P
+>The technologies used to implement winbind are described 
+	in detail below.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2173"
+>12.4.1. Microsoft Remote Procedure Calls</A
+></H2
+><P
+>Over the last two years, efforts have been underway 
+		by various Samba Team members to decode various aspects of 
+		the Microsoft Remote Procedure Call (MSRPC) system. This 
+		system is used for most network related operations between 
+		Windows NT machines including remote management, user authentication
+		and print spooling. Although initially this work was done 
+		to aid the implementation of Primary Domain Controller (PDC) 
+		functionality in Samba, it has also yielded a body of code which 
+		can be used for other purposes.</P
+><P
+>Winbind uses various MSRPC calls to enumerate domain users 
+		and groups and to obtain detailed information about individual 
+		users or groups. Other MSRPC calls can be used to authenticate 
+		NT domain users and to change user passwords. By directly querying 
+		a Windows PDC for user and group information, winbind maps the 
+		NT account information onto UNIX user and group names.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2177"
+>12.4.2. Name Service Switch</A
+></H2
+><P
+>The Name Service Switch, or NSS, is a feature that is 
+		present in many UNIX operating systems. It allows system 
+		information such as hostnames, mail aliases and user information 
+		to be resolved from different sources. For example, a standalone 
+		UNIX workstation may resolve system information from a series of 
+		flat files stored on the local filesystem. A networked workstation 
+		may first attempt to resolve system information from local files, 
+		and then consult a NIS database for user information or a DNS server 
+		for hostname information.</P
+><P
+>The NSS application programming interface allows winbind 
+		to present itself as a source of system information when 
+		resolving UNIX usernames and groups.  Winbind uses this interface, 
+		and information obtained from a Windows NT server using MSRPC 
+		calls to provide a new source of account enumeration.  Using standard 
+		UNIX library calls, one can enumerate the users and groups on
+		a UNIX machine running winbind and see all users and groups in 
+		a NT domain plus any trusted domain as though they were local 
+		users and groups.</P
+><P
+>The primary control file for NSS is 
+		<TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+>. 
+		When a UNIX application makes a request to do a lookup 
+		the C library looks in <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> 
+		for a line which matches the service type being requested, for 
+		example the "passwd" service type is used when user or group names 
+		are looked up. This	config line species which implementations 
+		of that service should be tried and in what order. If the passwd 
+		config line is:</P
+><P
+><B
+CLASS="COMMAND"
+>passwd: files example</B
+></P
+><P
+>then the C library will first load a module called 
+		<TT
+CLASS="FILENAME"
+>/lib/libnss_files.so</TT
+> followed by
+		the module <TT
+CLASS="FILENAME"
+>/lib/libnss_example.so</TT
+>. The 
+		C library will dynamically load each of these modules in turn 
+		and call resolver functions within the modules to try to resolve 
+		the request. Once the request is resolved the C library returns the
+		result to the application.</P
+><P
+>This NSS interface provides a very easy way for Winbind 
+		to hook into the operating system. All that needs to be done 
+		is to put <TT
+CLASS="FILENAME"
+>libnss_winbind.so</TT
+> in <TT
+CLASS="FILENAME"
+>/lib/</TT
+> 
+		then add "winbind" into <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> at 
+		the appropriate place. The C library will then call Winbind to 
+		resolve user and group names.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2193"
+>12.4.3. Pluggable Authentication Modules</A
+></H2
+><P
+>Pluggable Authentication Modules, also known as PAM, 
+		is a system for abstracting authentication and authorization 
+		technologies. With a PAM module it is possible to specify different 
+		authentication methods for different system applications without 
+		having to recompile these applications. PAM is also useful
+		for implementing a particular policy for authorization. For example, 
+		a system administrator may only allow console logins from users 
+		stored in the local password file but only allow users resolved from 
+		a NIS database to log in over the network.</P
+><P
+>Winbind uses the authentication management and password 
+		management PAM interface to integrate Windows NT users into a 
+		UNIX system. This allows Windows NT users to log in to a UNIX 
+		machine and be authenticated against a suitable Primary Domain 
+		Controller. These users can also change their passwords and have 
+		this change take effect directly on the Primary Domain Controller.
+		</P
+><P
+>PAM is configured by providing control files in the directory 
+		<TT
+CLASS="FILENAME"
+>/etc/pam.d/</TT
+> for each of the services that 
+		require authentication. When an authentication request is made 
+		by an application the PAM code in the C library looks up this
+		control file to determine what modules to load to do the 
+		authentication check and in what order. This interface makes adding 
+		a new authentication service for Winbind very easy, all that needs 
+		to be done is that the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> module 
+		is copied to <TT
+CLASS="FILENAME"
+>/lib/security/</TT
+> and the PAM 
+		control files for relevant services are updated to allow 
+		authentication via winbind. See the PAM documentation
+		for more details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2201"
+>12.4.4. User and Group ID Allocation</A
+></H2
+><P
+>When a user or group is created under Windows NT 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers that are 
+		used to identify users, and the same range in which to identify 
+		groups. It is winbind's job to convert RIDs to UNIX id numbers and
+		vice versa.  When winbind is configured it is given part of the UNIX 
+		user id space and a part of the UNIX group id space in which to 
+		store Windows NT users and groups. If a Windows NT user is 
+		resolved for the first time, it is allocated the next UNIX id from 
+		the range. The same process applies for Windows NT groups. Over 
+		time, winbind will have mapped all Windows NT users and groups
+		to UNIX user ids and group ids.</P
+><P
+>The results of this mapping are stored persistently in 
+		an ID mapping database held in a tdb database). This ensures that 
+		RIDs are mapped to UNIX IDs in a consistent way.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2205"
+>12.4.5. Result Caching</A
+></H2
+><P
+>An active system can generate a lot of user and group 
+		name lookups. To reduce the network cost of these lookups winbind 
+		uses a caching scheme based on the SAM sequence number supplied 
+		by NT domain controllers.  User or group information returned 
+		by a PDC is cached by winbind along with a sequence number also 
+		returned by the PDC. This sequence number is incremented by 
+		Windows NT whenever any user or group information is modified. If 
+		a cached entry has expired, the sequence number is requested from 
+		the PDC and compared against the sequence number of the cached entry. 
+		If the sequence numbers do not match, then the cached information 
+		is discarded and up to date information is requested directly 
+		from the PDC.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2208"
+>12.5. Installation and Configuration</A
+></H1
+><P
+>Many thanks to John Trostel <A
+HREF="mailto:jtrostel@snapserver.com"
+TARGET="_top"
+>jtrostel@snapserver.com</A
+>
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
+to control access and authenticate users on your Linux box using 
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2212"
+>12.5.1. Introduction</A
+></H2
+><P
+>This HOWTO describes the procedures used to get winbind up and 
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.</P
+><P
+>This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.</P
+><P
+></P
+><UL
+><LI
+><P
+>	<EM
+>Why should I to this?</EM
+>
+	</P
+><P
+>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
+	accounts on the SAMBA server.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>Who should be reading this document?</EM
+>
+	</P
+><P
+>	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
+	integrate existing NT/Win2K users from your PDC onto the
+	SAMBA server, this HOWTO is for you.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2225"
+>12.5.2. Requirements</A
+></H2
+><P
+>If you have a samba configuration file that you are currently
+using... <EM
+>BACK IT UP!</EM
+>  If your system already uses PAM,
+<EM
+>back up the <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>)
+directory contents!</EM
+> If you haven't already made a boot disk,
+<EM
+>MAKE ONE NOW!</EM
+></P
+><P
+>Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
+<TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>pam.conmf</TT
+>) back to
+the original state they were in if
+you get frustrated with the way things are going.</P
+><P
+>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
+<A
+HREF="http://samba.org/"
+TARGET="_top"
+>main SAMBA web page</A
+> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.</P
+><P
+>To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
+SAMBA machine, PAM (pluggable authentication modules) must
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <TT
+CLASS="FILENAME"
+>pam</TT
+> and <TT
+CLASS="FILENAME"
+>pam-devel</TT
+> RPM.
+The former is installed by default on all Linux systems of which the author is aware.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2241"
+>12.5.3. Testing Things Out</A
+></H2
+><P
+>Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <B
+CLASS="COMMAND"
+>smbd</B
+>, <B
+CLASS="COMMAND"
+>nmbd</B
+>, and <B
+CLASS="COMMAND"
+>winbindd</B
+> processes that may
+be running (<B
+CLASS="COMMAND"
+>winbindd</B
+> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+>
+directory structure, including the pam modules are used by pam-aware
+services, several pam libraries, and the <TT
+CLASS="FILENAME"
+>/usr/doc</TT
+>
+and <TT
+CLASS="FILENAME"
+>/usr/man</TT
+> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> library or
+include the <B
+CLASS="COMMAND"
+>--with-pam</B
+> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.</P
+><P
+>[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2254"
+>12.5.3.1. Configure and Compile SAMBA</A
+></H3
+><P
+>The configuration and compilation of SAMBA is straightforward.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>./configure --with-winbind</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make install</B
+></PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>This will, by default, install SAMBA in <TT
+CLASS="FILENAME"
+>/usr/local/samba</TT
+>.
+See the main SAMBA documentation if you want to install SAMBA somewhere else.
+It will also build the winbindd executable and NSS library.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2267"
+>12.5.3.2. Configure <TT
+CLASS="FILENAME"
+>nsswitch.conf</TT
+> and the
+winbind libraries</A
+></H3
+><P
+>The libraries needed to run the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon
+through nsswitch need to be copied to their proper locations.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>cp nsswitch/libnss_winbind.so /lib</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/libnss_winbind.so</B
+></P
+><P
+>It necessary to make the following symbolic link:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>.2</TT
+> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
+<TT
+CLASS="FILENAME"
+>/lib/nss_winbind.so.1</TT
+></P
+><P
+>Now, as root edit <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> to
+allow user and group entries to be visible from the <B
+CLASS="COMMAND"
+>winbindd</B
+>
+daemon.  After editing, the file look appear:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	passwd:     files winbind
+	shadow:     files
+	group:      files winbind</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2289"
+>12.5.3.3. Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+></H3
+><P
+>Several parameters are needed in the smb.conf file to control
+the behavior of <B
+CLASS="COMMAND"
+>winbindd</B
+>. Configure
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> These are described in more detail in
+the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> man page.  My
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file was modified to
+include the following entries in the [global] section:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+     &#60;...&#62;
+     # separate domain and username with '+', like DOMAIN+username
+     <A
+HREF="winbindd.8.html#WINBINDSEPARATOR"
+TARGET="_top"
+>winbind separator</A
+> = +
+     # use uids from 10000 to 20000 for domain users
+     <A
+HREF="winbindd.8.html#WINBINDUID"
+TARGET="_top"
+>winbind uid</A
+> = 10000-20000
+     # use gids from 10000 to 20000 for domain groups
+     <A
+HREF="winbindd.8.html#WINBINDGID"
+TARGET="_top"
+>winbind gid</A
+> = 10000-20000
+     # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
+     <A
+HREF="winbindd.8.html#WINBINDENUMUSERS"
+TARGET="_top"
+>winbind enum users</A
+> = yes
+     <A
+HREF="winbindd.8.html#WINBINDENUMGROUP"
+TARGET="_top"
+>winbind enum groups</A
+> = yes
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
+     <A
+HREF="winbindd.8.html#TEMPLATEHOMEDIR"
+TARGET="_top"
+>template homedir</A
+> = /home/winnt/%D/%U
+     <A
+HREF="winbindd.8.html#TEMPLATESHELL"
+TARGET="_top"
+>template shell</A
+> = /bin/bash</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2306"
+>12.5.3.4. Join the SAMBA server to the PDC domain</A
+></H3
+><P
+>Enter the following command to make the SAMBA server join the
+PDC domain, where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the name of
+your Windows domain and <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator</I
+></TT
+> is
+a domain user who has administrative privileges in the domain.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B
+></P
+><P
+>The proper response to the command should be: "Joined the domain
+<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+>" where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+>
+is your DOMAIN name.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2317"
+>12.5.3.5. Start up the winbindd daemon and test it!</A
+></H3
+><P
+>Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
+SAMBA start, but it is possible to test out just the winbind
+portion first.  To start up winbind services, enter the following
+command as root:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>export PATH=$PATH:/usr/local/samba/bin</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>winbindd</B
+></P
+><P
+>I'm always paranoid and like to make sure the daemon
+is really running...</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ps -ae | grep winbindd</B
+></P
+><P
+>This command should produce output like this, if the daemon is running</P
+><P
+>3025 ?        00:00:00 winbindd</P
+><P
+>Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <TT
+CLASS="FILENAME"
+>packaging/RedHat/winbind.init</TT
+>.</P
+><P
+>Now... for the real test, try to get some information about the
+users on your PDC</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>wbinfo -u</B
+></P
+><P
+>This should echo back a list of users on your Windows users on
+your PDC.  For example, I get the following response:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>CEO+Administrator
+CEO+burdell
+CEO+Guest
+CEO+jt-ad
+CEO+krbtgt
+CEO+TsInternetUser</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Obviously, I have named my domain 'CEO' and my <TT
+CLASS="PARAMETER"
+><I
+>winbind
+separator</I
+></TT
+> is '+'.</P
+><P
+>You can do the same sort of thing to get group information from
+the PDC:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>/usr/local/samba/bin/wbinfo -g</B
+>
+CEO+Domain Admins
+CEO+Domain Users
+CEO+Domain Guests
+CEO+Domain Computers
+CEO+Domain Controllers
+CEO+Cert Publishers
+CEO+Schema Admins
+CEO+Enterprise Admins
+CEO+Group Policy Creator Owners</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The function 'getent' can now be used to get unified
+lists of both local and PDC users and groups.
+Try the following command:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>getent passwd</B
+></P
+><P
+>You should get a list that looks like your <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <TT
+CLASS="FILENAME"
+>rwxr-xr-x</TT
+>.</P
+><P
+>The same thing can be done for groups with the command</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>getent group</B
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2358"
+>12.5.3.6. Configure Winbind and PAM</A
+></H3
+><P
+>At this point we are assured that <B
+CLASS="COMMAND"
+>winbindd</B
+> and <B
+CLASS="COMMAND"
+>smbd</B
+>
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
+<TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>) file[s]? If not, do it now.)</P
+><P
+>You will need a PAM module to use <B
+CLASS="COMMAND"
+>winbindd</B
+> with these other services.  This
+module will be compiled in the <TT
+CLASS="FILENAME"
+>../source/nsswitch</TT
+> directory
+by invoking the command</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make nsswitch/pam_winbind.so</B
+></P
+><P
+>from the <TT
+CLASS="FILENAME"
+>../source</TT
+> directory.  The
+<TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> file should be copied to the location of
+your other pam security modules.  On Linux and Solaris systems, this is the
+<TT
+CLASS="FILENAME"
+>/lib/security</TT
+> directory.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>cp nsswitch/pam_winbind.so /lib/security</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/security/pam_winbind.so</B
+></P
+><P
+>Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
+<TT
+CLASS="FILENAME"
+>/etc/xinetd.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
+to change the lines in <TT
+CLASS="FILENAME"
+>/etc/xinetd.d/telnet</TT
+>
+and <TT
+CLASS="FILENAME"
+>/etc/xinetd.d/wu-ftp</TT
+> from</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>enable = no</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>to</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>enable = yes</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
+the server, or change the home directory template to a general
+directory for all domain users.  These can be easily set using
+the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> global entry
+<B
+CLASS="COMMAND"
+>template homedir</B
+>.</P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/pam.d/ftp</TT
+> file can be changed
+to allow winbind ftp access in a manner similar to the
+samba file.  My <TT
+CLASS="FILENAME"
+>/etc/pam.d/ftp</TT
+> file was
+changed to look like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       sufficient   /lib/security/pam_winbind.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_shells.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/pam.d/login</TT
+> file can be changed nearly the
+same way.  It now looks like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>auth       required     /lib/security/pam_securetty.so
+auth       sufficient   /lib/security/pam_winbind.so
+auth       sufficient   /lib/security/pam_unix.so use_first_pass
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>In this case, I added the <B
+CLASS="COMMAND"
+>auth sufficient /lib/security/pam_winbind.so</B
+>
+lines as before, but also added the <B
+CLASS="COMMAND"
+>required pam_securetty.so</B
+>
+above it, to disallow root logins over the network.  I also added a
+<B
+CLASS="COMMAND"
+>sufficient /lib/security/pam_unix.so use_first_pass</B
+>
+line after the <B
+CLASS="COMMAND"
+>winbind.so</B
+> line to get rid of annoying
+double prompts for passwords.</P
+><P
+>Note that a Solaris <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2411"
+>12.6. Limitations</A
+></H1
+><P
+>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
+	releases:</P
+><P
+></P
+><UL
+><LI
+><P
+>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
+		containing this information is corrupted or destroyed.</P
+></LI
+><LI
+><P
+>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
+		that may be been set for Windows NT users.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2419"
+>12.7. Conclusion</A
+></H1
+><P
+>The winbind system, through the use of the Name Service 
+	Switch, Pluggable Authentication Modules, and appropriate 
+	Microsoft RPC calls have allowed us to provide seamless 
+	integration of Microsoft Windows NT domain users on a
+	UNIX system. The result is a great reduction in the administrative 
+	cost of running a mixed UNIX and NT network.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="OS2"
+>Chapter 13. OS2 Client HOWTO</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN2433"
+>13.1. FAQs</A
+></H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN2435"
+>13.1.1. How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</A
+></H2
+><P
+>A more complete answer to this question can be 
+		found on <A
+HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html"
+TARGET="_top"
+>		http://carol.wins.uva.nl/~leeuw/samba/warp.html</A
+>.</P
+><P
+>Basically, you need three components:</P
+><P
+></P
+><UL
+><LI
+><P
+>The File and Print Client ('IBM Peer')
+			</P
+></LI
+><LI
+><P
+>TCP/IP ('Internet support') 
+			</P
+></LI
+><LI
+><P
+>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
+			</P
+></LI
+></UL
+><P
+>Installing the first two together with the base operating 
+		system on a blank system is explained in the Warp manual. If Warp 
+		has already been installed, but you now want to install the 
+		networking support, use the "Selective Install for Networking" 
+		object in the "System Setup" folder.</P
+><P
+>Adding the "NetBIOS over TCP/IP" driver is not described 
+		in the manual and just barely in the online documentation. Start 
+		MPTS.EXE, click on OK, click on "Configure LAPS" and click 
+		on "IBM OS/2 NETBIOS OVER TCP/IP" in  'Protocols'.  This line 
+		is then moved to 'Current Configuration'. Select that line, 
+		click on "Change number" and increase it from 0 to 1. Save this
+		configuration.</P
+><P
+>If the Samba server(s) is not on your local subnet, you 
+		can optionally add IP names and addresses of these servers 
+		to the "Names List", or specify a  WINS server ('NetBIOS 
+		Nameserver' in IBM and RFC terminology). For Warp Connect you 
+		may need to download an update for 'IBM Peer' to bring it on 
+		the same level as Warp 4. See the webpage mentioned above.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2450"
+>13.1.2. How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</A
+></H2
+><P
+>You can use the free Microsoft LAN Manager 2.2c Client 
+		for OS/2 from 
+		<A
+HREF="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"
+TARGET="_top"
+>		ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</A
+>.
+   	See <A
+HREF="http://carol.wins.uva.nl/~leeuw/lanman.html"
+TARGET="_top"
+>		http://carol.wins.uva.nl/~leeuw/lanman.html</A
+> for 
+		more information on how to install and use this client. In 
+		a nutshell, edit the file \OS2VER in the root directory of 
+		the OS/2 boot partition and add the lines:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>before you install the client. Also, don't use the 
+		included NE2000 driver because it is buggy. Try the NE2000 
+		or NS2000 driver from 
+		<A
+HREF="ftp://ftp.cdrom.com/pub/os2/network/ndis/"
+TARGET="_top"
+> 		ftp://ftp.cdrom.com/pub/os2/network/ndis/</A
+> instead.
+		</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2459"
+>13.1.3. Are there any other issues when OS/2 (any version) 
+		is used as a client?</A
+></H2
+><P
+>When you do a NET VIEW or use the "File and Print 
+		Client Resource Browser", no Samba servers show up. This can 
+		be fixed by a patch from <A
+HREF="http://carol.wins.uva.nl/~leeuw/samba/fix.html"
+TARGET="_top"
+>		http://carol.wins.uva.nl/~leeuw/samba/fix.html</A
+>.
+		The patch will be included in a later version of Samba. It also 
+		fixes a couple of other problems, such as preserving long 
+		filenames when objects are dragged from the Workplace Shell 
+		to the Samba server. </P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2463"
+>13.1.4. How do I get printer driver download working 
+		for OS/2 clients?</A
+></H2
+><P
+>First, create a share called [PRINTDRV] that is 
+		world-readable.  Copy your OS/2 driver files there.  Note 
+		that the .EA_ files must still be separate, so you will need 
+		to use the original install files, and not copy an installed 
+		driver from an OS/2 system.</P
+><P
+>Install the NT driver first for that printer.  Then, 
+		add to your smb.conf a parameter, "os2 driver map = 
+		<TT
+CLASS="REPLACEABLE"
+><I
+>filename</I
+></TT
+>".  Then, in the file 
+		specified by <TT
+CLASS="REPLACEABLE"
+><I
+>filename</I
+></TT
+>, map the 
+		name of the NT driver name to the OS/2 driver name as 
+		follows:</P
+><P
+>&#60;nt driver name&#62; = &#60;os2 driver 
+		name&#62;.&#60;device name&#62;, e.g.:
+		HP LaserJet 5L = LASERJET.HP LaserJet 5L</P
+><P
+>You can have multiple drivers mapped in this file.</P
+><P
+>If you only specify the OS/2 driver name, and not the 
+		device name, the first attempt to download the driver will 
+		actually download the files, but the OS/2 client will tell 
+		you the driver is not available.  On the second attempt, it 
+		will work.  This is fixed simply by adding the device name
+  		 to the mapping, after which it will work on the first attempt.
+		</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="CVS-ACCESS"
+>Chapter 14. HOWTO Access Samba source code via CVS</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN2479"
+>14.1. Introduction</A
+></H1
+><P
+>Samba is developed in an open environment.  Developers use CVS
+(Concurrent Versioning System) to "checkin" (also known as 
+"commit") new source code.  Samba's various CVS branches can
+be accessed via anonymous CVS using the instructions
+detailed in this chapter.</P
+><P
+>This document is a modified version of the instructions found at
+<A
+HREF="http://samba.org/samba/cvs.html"
+TARGET="_top"
+>http://samba.org/samba/cvs.html</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2484"
+>14.2. CVS Access to samba.org</A
+></H1
+><P
+>The machine samba.org runs a publicly accessible CVS 
+repository for access to the source code of several packages, 
+including samba, rsync and jitterbug. There are two main ways of 
+accessing the CVS server on this host.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2487"
+>14.2.1. Access via CVSweb</A
+></H2
+><P
+>You can access the source code via your 
+favourite WWW browser. This allows you to access the contents of 
+individual files in the repository and also to look at the revision 
+history and commit logs of individual files. You can also ask for a diff 
+listing between any two versions on the repository.</P
+><P
+>Use the URL : <A
+HREF="http://samba.org/cgi-bin/cvsweb"
+TARGET="_top"
+>http://samba.org/cgi-bin/cvsweb</A
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2492"
+>14.2.2. Access via cvs</A
+></H2
+><P
+>You can also access the source code via a 
+normal cvs client.  This gives you much more control over you can 
+do with the repository and allows you to checkout whole source trees 
+and keep them up to date via normal cvs commands. This is the 
+preferred method of access if you are a developer and not
+just a casual browser.</P
+><P
+>To download the latest cvs source code, point your
+browser at the URL : <A
+HREF="http://www.cyclic.com/"
+TARGET="_top"
+>http://www.cyclic.com/</A
+>.
+and click on the 'How to get cvs' link. CVS is free software under 
+the GNU GPL (as is Samba).  Note that there are several graphical CVS clients
+which provide a graphical interface to the sometimes mundane CVS commands.
+Links to theses clients are also available from http://www.cyclic.com.</P
+><P
+>To gain access via anonymous cvs use the following steps. 
+For this example it is assumed that you want a copy of the 
+samba source code. For the other source code repositories 
+on this system just substitute the correct package name</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Install a recent copy of cvs. All you really need is a 
+	copy of the cvs client binary. 
+	</P
+></LI
+><LI
+><P
+>	Run the command 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot login</B
+>
+	</P
+><P
+>	When it asks you for a password type <TT
+CLASS="USERINPUT"
+><B
+>cvs</B
+></TT
+>.
+	</P
+></LI
+><LI
+><P
+>	Run the command 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</B
+>
+	</P
+><P
+>	This will create a directory called samba containing the 
+	latest samba source code (i.e. the HEAD tagged cvs branch). This 
+	currently corresponds to the 3.0 development tree. 
+	</P
+><P
+>	CVS branches other HEAD can be obtained by using the <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+>
+	and defining a tag name.  A list of branch tag names can be found on the
+	"Development" page of the samba web site.  A common request is to obtain the
+	latest 2.2 release code.  This could be done by using the following command.
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</B
+>
+	</P
+></LI
+><LI
+><P
+>	Whenever you want to merge in the latest code changes use 
+	the following command from within the samba directory: 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs update -d -P</B
+>
+	</P
+></LI
+></OL
+></DIV
+></DIV
+></DIV
+><HR><H1
+><A
+NAME="AEN2520"
+>Index</A
+></H1
+><DL
+><DT
+>Primary Domain Controller,
+    <A
+HREF="x1242.htm"
+>Background</A
+>
+  </DT
+></DL
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/Samba-LDAP-HOWTO.html b/docs/htmldocs/Samba-LDAP-HOWTO.html
new file mode 100755
index 00000000000..7fbfbf5247b
--- /dev/null
+++ b/docs/htmldocs/Samba-LDAP-HOWTO.html
@@ -0,0 +1,985 @@
+<HTML
+><HEAD
+><TITLE
+>Storing Samba's User/Machine Account information in an LDAP Directory</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="SAMBA-LDAP-HOWTO"
+>Storing Samba's User/Machine Account information in an LDAP Directory</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Purpose</A
+></H1
+><P
+>This document describes how to use an LDAP directory for storing Samba user
+account information traditionally stored in the smbpasswd(5) file.  It is
+assumed that the reader already has a basic understanding of LDAP concepts
+and has a working directory server already installed.  For more information
+on LDAP architectures and Directories, please refer to the following sites.</P
+><P
+></P
+><UL
+><LI
+><P
+>OpenLDAP - <A
+HREF="http://www.openldap.org/"
+TARGET="_top"
+>http://www.openldap.org/</A
+></P
+></LI
+><LI
+><P
+>iPlanet Directory Server - <A
+HREF="http://iplanet.netscape.com/directory"
+TARGET="_top"
+>http://iplanet.netscape.com/directory</A
+></P
+></LI
+></UL
+><P
+>Note that <A
+HREF="http://www.ora.com/"
+TARGET="_top"
+>O'Reilly Publishing</A
+> is working on
+a guide to LDAP for System Administrators which has a planned release date of
+late 2002.</P
+><P
+>Two additional Samba resources which may prove to be helpful are</P
+><P
+></P
+><UL
+><LI
+><P
+>The <A
+HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html"
+TARGET="_top"
+>Samba-PDC-LDAP-HOWTO</A
+>
+	maintained by Ignacio Coupeau.</P
+></LI
+><LI
+><P
+>The NT migration scripts from <A
+HREF="http://samba.idealx.org/"
+TARGET="_top"
+>IDEALX</A
+> that are
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <TT
+CLASS="FILENAME"
+>examples/LDAP/smbldap-tools/</TT
+> directory.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN24"
+>Introduction</A
+></H1
+><P
+>Traditionally, when configuring <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>"encrypt
+passwords = yes"</A
+> in Samba's <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file, user account
+information such as username, LM/NT password hashes, password change times, and account
+flags have been stored in the <TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+> file.  There are several
+disadvantages to this approach for sites with very large numbers of users (counted
+in the thousands).</P
+><P
+></P
+><UL
+><LI
+><P
+>The first is that all lookups must be performed sequentially.  Given that
+there are approximately two lookups per domain logon (one for a normal
+session connection such as when mapping a network drive or printer), this
+is a performance bottleneck for large sites.  What is needed is an indexed approach
+such as is used in databases.</P
+></LI
+><LI
+><P
+>The second problem is that administrators who desired to replicate a
+smbpasswd file to more than one Samba server were left to use external
+tools such as <B
+CLASS="COMMAND"
+>rsync(1)</B
+> and <B
+CLASS="COMMAND"
+>ssh(1)</B
+>
+and wrote custom, in-house scripts.</P
+></LI
+><LI
+><P
+>And finally, the amount of information which is stored in an
+smbpasswd entry leaves no room for additional attributes such as
+a home directory, password expiration time, or even a Relative
+Identified (RID).</P
+></LI
+></UL
+><P
+>As a result of these defeciencies, a more robust means of storing user attributes
+used by <B
+CLASS="COMMAND"
+>smbd</B
+> was developed.  The API which defines access to user accounts
+is commonly referred to as the samdb interface (previously this was called the passdb
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
+for a samdb backend (e.g. <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> or
+<TT
+CLASS="PARAMETER"
+><I
+>--with-tdbsam</I
+></TT
+>) requires compile time support.</P
+><P
+>When compiling Samba to include the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> autoconf
+option, <B
+CLASS="COMMAND"
+>smbd</B
+> (and associated tools) will store and lookup user accounts in
+an LDAP directory.  In reality, this is very easy to understand.  If you are
+comfortable with using an smbpasswd file, simply replace "smbpasswd" with
+"LDAP directory" in all the documentation.</P
+><P
+>There are a few points to stress about what the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+does not provide.  The LDAP support referred to in the this documentation does not
+include:</P
+><P
+></P
+><UL
+><LI
+><P
+>A means of retrieving user account information from
+	an Windows 2000 Active Directory server.</P
+></LI
+><LI
+><P
+>A means of replacing /etc/passwd.</P
+></LI
+></UL
+><P
+>The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
+versions of these libraries can be obtained from PADL Software
+(<A
+HREF="http://www.padl.com/"
+TARGET="_top"
+>http://www.padl.com/</A
+>).  However,
+the details of configuring these packages are beyond the scope of this document.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN55"
+>Supported LDAP Servers</A
+></H1
+><P
+>The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
+2.0 server and client libraries.  The same code should be able to work with
+Netscape's Directory Server and client SDK. However, due to lack of testing
+so far, there are bound to be compile errors and bugs.  These should not be
+hard to fix. If you are so inclined, please be sure to forward all patches to
+<A
+HREF="samba-patches@samba.org"
+TARGET="_top"
+>samba-patches@samba.org</A
+> and
+<A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN60"
+>Schema and Relationship to the RFC 2307 posixAccount</A
+></H1
+><P
+>Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
+<TT
+CLASS="FILENAME"
+>examples/LDAP/samba.schema</TT
+>.  (Note that this schema
+file has been modified since the experimental support initially included
+in 2.2.2).  The sambaAccount objectclass is given here:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))</PRE
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file has been formatted for OpenLDAP 2.0 &#38; 2.1.  The OID's are
+owned by the Samba Team and as such is legal to be openly published.
+If you translate the schema to be used with Netscape DS, please
+submit the modified schema file as a patch to <A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+></P
+><P
+>Since the original release, schema files for</P
+><P
+></P
+><UL
+><LI
+><P
+>IBM's SecureWay Server</P
+></LI
+><LI
+><P
+>Netscape Directory Server version 4.x and 5.x</P
+></LI
+></UL
+><P
+>have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.</P
+><P
+>Just as the smbpasswd file is mean to store information which supplements a
+user's <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry, so is the sambaAccount object
+meant to supplement the UNIX user account information.  A sambaAccount is now an
+<TT
+CLASS="CONSTANT"
+>AUXILARY</TT
+> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.</P
+><P
+>In order to store all user account information (UNIX and Samba) in the directory,
+it is necessary to use the sambaAccount and posixAccount objectclasses in
+combination.  However, <B
+CLASS="COMMAND"
+>smbd</B
+> will still obtain the user's UNIX account
+information via the standard C library calls (e.g. getpwnam(), et. al.).
+This means that the Samba server must also have the LDAP NSS library installed
+and functioning correctly.  This division of information makes it possible to
+store all Samba account information in LDAP, but still maintain UNIX account
+information in NIS while the network is transitioning to a full LDAP infrastructure.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN81"
+>Configuring Samba with LDAP</A
+></H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN83"
+>OpenLDAP configuration</A
+></H2
+><P
+>To include support for the sambaAccount object in an OpenLDAP directory
+server, first copy the samba.schema file to slapd's configuration directory.</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>cp samba.schema /etc/openldap/schema/</B
+></P
+><P
+>Next, include the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>.
+The sambaAccount object contains two attributes which depend upon other schema
+files.  The 'uid' attribute is defined in <TT
+CLASS="FILENAME"
+>cosine.schema</TT
+> and
+the 'displayName' attribute is defined in the <TT
+CLASS="FILENAME"
+>inetorgperson.schema</TT
+>
+file.  Both of these must be included before the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....</PRE
+></P
+><P
+>It is recommended that you maintain some indices on some of the most usefull attributes,
+like in the following example, to speed up searches made on sambaAccount objectclasses
+(and possibly posixAccount and posixGroup as well).</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+># Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pbb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsampwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN100"
+>Configuring Samba</A
+></H2
+><P
+>The following parameters are available in smb.conf only with <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+was included with compiling Samba.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSSL"
+TARGET="_top"
+>ldap ssl</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSERVER"
+TARGET="_top"
+>ldap server</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPADMINDN"
+TARGET="_top"
+>ldap admin dn</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSUFFIX"
+TARGET="_top"
+>ldap suffix</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPFILTER"
+TARGET="_top"
+>ldap filter</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPPORT"
+TARGET="_top"
+>ldap port</A
+></P
+></LI
+></UL
+><P
+>These are described in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+> man
+page and so will not be repeated here.  However, a sample smb.conf file for
+use with an LDAP directory could appear as</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w <TT
+CLASS="REPLACEABLE"
+><I
+>secretpw</I
+></TT
+>' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&#38;(uid=%u)(objectclass=sambaAccount))"</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN128"
+>Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></H2
+><P
+>Import existing user entries from an <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> can be trivially done using
+a Perl script named <TT
+CLASS="FILENAME"
+>import_smbpasswd.pl</TT
+> included in the
+<TT
+CLASS="FILENAME"
+>examples/LDAP/</TT
+> directory of the Samba source distribution.  There are
+two main requirements of this script:</P
+><P
+></P
+><UL
+><LI
+><P
+>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</P
+></LI
+><LI
+><P
+>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <A
+HREF="http://search.cpan.org/"
+TARGET="_top"
+>http://search.cpan.org/</A
+>
+	by searching for <TT
+CLASS="FILENAME"
+>perl-ldap</TT
+> or directly from <A
+HREF="http://perl-ldap.sf.net/"
+TARGET="_top"
+>http://perl-ldap.sf.net/</A
+>.
+	</P
+></LI
+></UL
+><P
+>Please refer to the documentation in the same directory as the script for more details.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN144"
+>Accounts and Groups management</A
+></H1
+><P
+>As users accounts are managed thru the sambaAccount objectclass, you should
+modify you existing administration tools to deal with sambaAccount attributes.</P
+><P
+>Machines accounts are managed with the sambaAccount objectclass, just
+like users accounts. However, it's up to you to stored thoses accounts
+in a different tree of you LDAP namespace: you should use
+"ou=Groups,dc=plainjoe,dc=org" to store groups and
+"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
+NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
+file).</P
+><P
+>In Samba release 2.2.3, the group management system is based on posix
+groups. This meand that Samba make usage of the posixGroup objectclass.
+For now, there is no NT-like group system management (global and local
+groups).</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN149"
+>Security and sambaAccount</A
+></H1
+><P
+>There are two important points to remember when discussing the security
+of sambaAccount entries in the directory.</P
+><P
+></P
+><UL
+><LI
+><P
+><I
+CLASS="EMPHASIS"
+>Never</I
+> retrieve the lmPassword or
+	ntPassword attribute values over an unencrypted LDAP session.</P
+></LI
+><LI
+><P
+><I
+CLASS="EMPHASIS"
+>Never</I
+> allow non-admin users to
+	view the lmPassword or ntPassword attribute values.</P
+></LI
+></UL
+><P
+>These password hashes are clear text equivalents and can be used to impersonate
+the user without deriving the original clear text strings.  For more information
+on the details of LM/NT password hashes, refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION chapter</A
+> of the Samba-HOWTO-Collection.</P
+><P
+>To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
+to require an encrypted session (<B
+CLASS="COMMAND"
+>ldap ssl = on</B
+>) using
+the default port of 636
+when contacting the directory server.  When using an OpenLDAP 2.0 server, it
+is possible to use the use the StartTLS LDAP extended  operation in the place of
+LDAPS.  In either case, you are strongly discouraged to disable this security
+(<B
+CLASS="COMMAND"
+>ldap ssl = off</B
+>).</P
+><P
+>Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
+extended operation.  However, the OpenLDAP library still provides support for
+the older method of securing communication between clients and servers.</P
+><P
+>The second security precaution is to prevent non-administrative users from
+harvesting password hashes from the directory.  This can be done using the
+following ACL in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN169"
+>LDAP specials attributes for sambaAccounts</A
+></H1
+><P
+>The sambaAccount objectclass is composed of the following attributes:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmPassword</TT
+>: the LANMAN password 16-byte hash stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ntPassword</TT
+>: the NT password hash 16-byte stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdLastSet</TT
+>: The integer time in seconds since 1970 when the
+	<TT
+CLASS="CONSTANT"
+>lmPassword</TT
+> and <TT
+CLASS="CONSTANT"
+>ntPassword</TT
+> attributes were last set.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>acctFlags</TT
+>: string of 11 characters surrounded by square brackets []
+	representing account flags such as U (user), W(workstation), X(no password expiration), and
+	D(disabled).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logonTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>kickoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdCanChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdMustChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>homeDrive</TT
+>: specifies the drive letter to which to map the
+	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
+	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>scriptPath</TT
+>: The scriptPath property specifies the path of
+	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
+	is relative to the netlogon share.  Refer to the "logon script" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>profilePath</TT
+>: specifies a path to the user's profile.
+	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
+	"logon path" parameter in the smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>smbHome</TT
+>: The homeDirectory property specifies the path of
+	the home directory for the user. The string can be null. If homeDrive is set and specifies
+	a drive letter, homeDirectory should be a UNC path. The path must be a network
+	UNC path of the form \\server\share\directory. This value can be a null string.
+	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>userWorkstation</TT
+>: character string value currently unused.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>rid</TT
+>: the integer representation of the user's relative identifier
+	(RID).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>primaryGroupID</TT
+>: the relative identifier (RID) of the primary group
+	of the user.</P
+></LI
+></UL
+><P
+>The majority of these parameters are only used when Samba is acting as a PDC of
+a domain (refer to the <A
+HREF="Samba-PDC-HOWTO.html"
+TARGET="_top"
+>Samba-PDC-HOWTO</A
+> for details on
+how to configure Samba as a Primary Domain Controller). The following four attributes
+are only stored with the sambaAccount entry if the values are non-default values:</P
+><P
+></P
+><UL
+><LI
+><P
+>smbHome</P
+></LI
+><LI
+><P
+>scriptPath</P
+></LI
+><LI
+><P
+>logonPath</P
+></LI
+><LI
+><P
+>homeDrive</P
+></LI
+></UL
+><P
+>These attributes are only stored with the sambaAccount entry if
+the values are non-default values.  For example, assume TASHTEGO has now been
+configured as a PDC and that <B
+CLASS="COMMAND"
+>logon home = \\%L\%u</B
+> was defined in
+its <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. When a user named "becky" logons to the domain,
+the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> string is expanded to \\TASHTEGO\becky.
+If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
+this value is used.  However, if this attribute does not exist, then the value
+of the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> parameter is used in its place.  Samba
+will only write the attribute value to the directory entry is the value is
+something other than the default (e.g. \\MOBY\becky).</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN239"
+>Example LDIF Entries for a sambaAccount</A
+></H1
+><P
+>The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0</PRE
+></P
+><P
+>The following is an LDIF entry for using both the sambaAccount and
+posixAccount objectclasses:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN247"
+>Comments</A
+></H1
+><P
+>Please mail all comments regarding this HOWTO to <A
+HREF="mailto:jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.  This documents was
+last updated to reflect the Samba 2.2.5 release.&#13;</P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html
new file mode 100755
index 00000000000..58f3989b4f0
--- /dev/null
+++ b/docs/htmldocs/Samba-PDC-HOWTO.html
@@ -0,0 +1,2284 @@
+<HTML
+><HEAD
+><TITLE
+>How to Configure Samba 2.2 as a Primary Domain Controller</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="SAMBA-PDC"
+>How to Configure Samba 2.2 as a Primary Domain Controller</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Prerequisite Reading</A
+></H1
+><P
+>Before you continue reading in this chapter, please make sure 
+that you are comfortable with configuring basic files services
+in smb.conf and how to enable and administer password 
+encryption in Samba.  Theses two topics are covered in the
+<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> 
+manpage and the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Encryption chapter</A
+> 
+of this HOWTO Collection.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN9"
+>Background</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+><I
+CLASS="EMPHASIS"
+>Author's Note:</I
+> This document is a combination 
+of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". 
+Both documents are superseded by this one.</P
+></BLOCKQUOTE
+></DIV
+><P
+>Versions of Samba prior to release 2.2 had marginal capabilities to act
+as a Windows NT 4.0 Primary Domain Controller
+
+(PDC).  With Samba 2.2.0, we are proud to announce official support for
+Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows 
+2000 clients.  This article outlines the steps
+necessary for configuring Samba as a PDC.  It is necessary to have a
+working Samba server prior to implementing the PDC functionality.  If
+you have not followed the steps outlined in <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+> UNIX_INSTALL.html</A
+>, please make sure
+that your server is configured correctly before proceeding.  Another
+good resource in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) man
+page</A
+>. The following functionality should work in 2.2:</P
+><P
+></P
+><UL
+><LI
+><P
+>	domain logons for Windows NT 4.0/2000 clients.
+	</P
+></LI
+><LI
+><P
+>	placing a Windows 9x client in user level security
+	</P
+></LI
+><LI
+><P
+>	retrieving a list of users and groups from a Samba PDC to
+	Windows 9x/NT/2000 clients
+	</P
+></LI
+><LI
+><P
+>	roving (roaming) user profiles
+	</P
+></LI
+><LI
+><P
+>	Windows NT 4.0-style system policies
+	</P
+></LI
+></UL
+><P
+>The following pieces of functionality are not included in the 2.2 release:</P
+><P
+></P
+><UL
+><LI
+><P
+>	Windows NT 4 domain trusts
+	</P
+></LI
+><LI
+><P
+>	SAM replication with Windows NT 4.0 Domain Controllers
+	(i.e. a Samba PDC and a Windows NT BDC or vice versa) 
+	</P
+></LI
+><LI
+><P
+>	Adding users via the User Manager for Domains
+	</P
+></LI
+><LI
+><P
+>	Acting as a Windows 2000 Domain Controller (i.e. Kerberos and 
+	Active Directory)
+	</P
+></LI
+></UL
+><P
+>Please note that Windows 9x clients are not true members of a domain
+for reasons outlined in this article.  Therefore the protocol for
+support Windows 9x-style domain logons is completely different
+from NT4 domain logons and has been officially supported for some 
+time.</P
+><P
+>Implementing a Samba PDC can basically be divided into 2 broad
+steps.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Configuring the Samba PDC
+	</P
+></LI
+><LI
+><P
+>	Creating machine trust accounts	and joining clients 
+	to the domain
+	</P
+></LI
+></OL
+><P
+>There are other minor details such as user profiles, system
+policies, etc...  However, these are not necessarily specific
+to a Samba PDC as much as they are related to Windows NT networking
+concepts.  They will be mentioned only briefly here.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN48"
+>Configuring the Samba Domain Controller</A
+></H1
+><P
+>The first step in creating a working Samba PDC is to 
+understand the parameters necessary in smb.conf.  I will not
+attempt to re-explain the parameters here as they are more that
+adequately covered in <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+> the smb.conf
+man page</A
+>.  For convenience, the parameters have been
+linked with the actual smb.conf description.</P
+><P
+>Here is an example <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for acting as a PDC:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+    ; Basic server settings
+    <A
+HREF="smb.conf.5.html#NETBIOSNAME"
+TARGET="_top"
+>netbios name</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>POGO</I
+></TT
+>
+    <A
+HREF="smb.conf.5.html#WORKGROUP"
+TARGET="_top"
+>workgroup</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>NARNIA</I
+></TT
+>
+
+    ; we should act as the domain and local master browser
+    <A
+HREF="smb.conf.5.html#OSLEVEL"
+TARGET="_top"
+>os level</A
+> = 64
+    <A
+HREF="smb.conf.5.html#PERFERREDMASTER"
+TARGET="_top"
+>preferred master</A
+> = yes
+    <A
+HREF="smb.conf.5.html#DOMAINMASTER"
+TARGET="_top"
+>domain master</A
+> = yes
+    <A
+HREF="smb.conf.5.html#LOCALMASTER"
+TARGET="_top"
+>local master</A
+> = yes
+    
+    ; security settings (must user security = user)
+    <A
+HREF="smb.conf.5.html#SECURITYEQUALSUSER"
+TARGET="_top"
+>security</A
+> = user
+    
+    ; encrypted passwords are a requirement for a PDC
+    <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>encrypt passwords</A
+> = yes
+    
+    ; support domain logons
+    <A
+HREF="smb.conf.5.html#DOMAINLOGONS"
+TARGET="_top"
+>domain logons</A
+> = yes
+    
+    ; where to store user profiles?
+    <A
+HREF="smb.conf.5.html#LOGONPATH"
+TARGET="_top"
+>logon path</A
+> = \\%N\profiles\%u
+    
+    ; where is a user's home directory and where should it
+    ; be mounted at?
+    <A
+HREF="smb.conf.5.html#LOGONDRIVE"
+TARGET="_top"
+>logon drive</A
+> = H:
+    <A
+HREF="smb.conf.5.html#LOGONHOME"
+TARGET="_top"
+>logon home</A
+> = \\homeserver\%u
+    
+    ; specify a generic logon script for all users
+    ; this is a relative **DOS** path to the [netlogon] share
+    <A
+HREF="smb.conf.5.html#LOGONSCRIPT"
+TARGET="_top"
+>logon script</A
+> = logon.cmd
+
+; necessary share for domain controller
+[netlogon]
+    <A
+HREF="smb.conf.5.html#PATH"
+TARGET="_top"
+>path</A
+> = /usr/local/samba/lib/netlogon
+    <A
+HREF="smb.conf.5.html#READONLY"
+TARGET="_top"
+>read only</A
+> = yes
+    <A
+HREF="smb.conf.5.html#WRITELIST"
+TARGET="_top"
+>write list</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>ntadmin</I
+></TT
+>
+    
+; share for storing user profiles
+[profiles]
+    <A
+HREF="smb.conf.5.html#PATH"
+TARGET="_top"
+>path</A
+> = /export/smb/ntprofile
+    <A
+HREF="smb.conf.5.html#READONLY"
+TARGET="_top"
+>read only</A
+> = no
+    <A
+HREF="smb.conf.5.html#CREATEMASK"
+TARGET="_top"
+>create mask</A
+> = 0600
+    <A
+HREF="smb.conf.5.html#DIRECTORYMASK"
+TARGET="_top"
+>directory mask</A
+> = 0700</PRE
+></P
+><P
+>There are a couple of points to emphasize in the above configuration.</P
+><P
+></P
+><UL
+><LI
+><P
+>	Encrypted passwords must be enabled.  For more details on how 
+	to do this, refer to <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION.html</A
+>.
+	</P
+></LI
+><LI
+><P
+>	The server must support domain logons and a
+	<TT
+CLASS="FILENAME"
+>[netlogon]</TT
+> share
+	</P
+></LI
+><LI
+><P
+>	The server must be the domain master browser in order for Windows 
+	client to locate the server as a DC.  Please refer to the various 
+	Network Browsing documentation included with this distribution for 
+	details.
+	</P
+></LI
+></UL
+><P
+>As Samba 2.2 does not offer a complete implementation of group mapping
+between Windows NT groups and Unix groups (this is really quite
+complicated to explain in a short space), you should refer to the
+<A
+HREF="smb.conf.5.html#DOMAINADMINGROUP"
+TARGET="_top"
+>domain admin
+group</A
+> smb.conf parameter for information of creating "Domain
+Admins" style accounts.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN91"
+>Creating Machine Trust Accounts and Joining Clients to the
+Domain</A
+></H1
+><P
+>A machine trust account is a Samba account that is used to
+authenticate a client machine (rather than a user) to the Samba
+server.  In Windows terminology, this is known as a "Computer
+Account."</P
+><P
+>The password of a machine trust account acts as the shared secret for
+secure communication with the Domain Controller.  This is a security
+feature to prevent an unauthorized machine with the same NetBIOS name
+from joining the domain and gaining access to domain user/group
+accounts.  Windows NT and 2000 clients use machine trust accounts, but
+Windows 9x clients do not.  Hence, a Windows 9x client is never a true
+member of a domain because it does not possess a machine trust
+account, and thus has no shared secret with the domain controller.</P
+><P
+>A Windows PDC stores each machine trust account in the Windows
+Registry.  A Samba PDC, however, stores each machine trust account 
+in two parts, as follows:
+
+<P
+></P
+><UL
+><LI
+><P
+>A Samba account, stored in the same location as user
+    LanMan and NT password hashes (currently
+    <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+>). The Samba account 
+    possesses and uses only the NT password hash.</P
+></LI
+><LI
+><P
+>A corresponding Unix account, typically stored in
+    <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>. (Future releases will alleviate the need to
+    create <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entries.) </P
+></LI
+></UL
+></P
+><P
+>There are two ways to create machine trust accounts:</P
+><P
+></P
+><UL
+><LI
+><P
+> Manual creation. Both the Samba and corresponding
+	Unix account are created by hand.</P
+></LI
+><LI
+><P
+> "On-the-fly" creation. The Samba machine trust
+	account is automatically created by Samba at the time the client
+	is joined to the domain. (For security, this is the
+	recommended method.) The corresponding Unix account may be
+	created automatically or manually. </P
+></LI
+></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN110"
+>Manual Creation of Machine Trust Accounts</A
+></H2
+><P
+>The first step in manually creating a machine trust account is to
+manually create the corresponding Unix account in
+<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>.  This can be done using
+<B
+CLASS="COMMAND"
+>vipw</B
+> or other 'add user' command that is normally
+used to create new Unix accounts.  The following is an example for a
+Linux based Samba server:</P
+><P
+>  <TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>/usr/sbin/useradd -g 100 -d /dev/null -c <TT
+CLASS="REPLACEABLE"
+><I
+>"machine 
+nickname"</I
+></TT
+> -s /bin/false <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+>$ </B
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>passwd -l <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+>$</B
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry will list the machine name 
+with a "$" appended, won't have a password, will have a null shell and no 
+home directory. For example a machine named 'doppy' would have an 
+<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>doppy$:x:505:501:<TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+>:/dev/null:/bin/false</PRE
+></P
+><P
+>Above, <TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+> can be any
+descriptive name for the client, i.e., BasementComputer.
+<TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+> absolutely must be the NetBIOS
+name of the client to be joined to the domain.  The "$" must be
+appended to the NetBIOS name of the client or Samba will not recognize
+this as a machine trust account.</P
+><P
+>Now that the corresponding Unix account has been created, the next step is to create 
+the Samba account for the client containing the well-known initial 
+machine trust account password.  This can be done using the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+> command 
+as shown here:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>smbpasswd -a -m <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+></B
+></P
+><P
+>where <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+> is the machine's NetBIOS
+name.  The RID of the new machine account is generated from the UID of 
+the corresponding Unix account.</P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Join the client to the domain immediately</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	Manually creating a machine trust account using this method is the 
+	equivalent of creating a machine trust account on a Windows NT PDC using 
+	the "Server Manager".  From the time at which the account is created
+	to the time which the client joins the domain and changes the password,
+	your domain is vulnerable to an intruder joining your domain using a
+	a machine with the same NetBIOS name.  A PDC inherently trusts
+	members of the domain and will serve out a large degree of user 
+	information to such clients.  You have been warned!
+	</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN145"
+>"On-the-Fly" Creation of Machine Trust Accounts</A
+></H2
+><P
+>The second (and recommended) way of creating machine trust accounts is
+simply to allow the Samba server to create them as needed when the client
+is joined to the domain. </P
+><P
+>Since each Samba machine trust account requires a corresponding
+Unix account, a method for automatically creating the
+Unix account is usually supplied; this requires configuration of the
+<A
+HREF="smb.conf.5.html#ADDUSERSCRIPT"
+TARGET="_top"
+>add user script</A
+> 
+option in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  This
+method is not required, however; corresponding Unix accounts may also
+be created manually.</P
+><P
+>Below is an example for a RedHat 6.2 Linux system.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+   # &#60;...remainder of parameters...&#62;
+   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN154"
+>Joining the Client to the Domain</A
+></H2
+><P
+>The procedure for joining a client to the domain varies with the
+version of Windows.</P
+><P
+></P
+><UL
+><LI
+><P
+><I
+CLASS="EMPHASIS"
+>Windows 2000</I
+></P
+><P
+> When the user elects to join the client to a domain, Windows prompts for
+	an account and password that is privileged to join the domain.  A
+	Samba administrative account (i.e., a Samba account that has root
+	privileges on the Samba server) must be entered here; the
+	operation will fail if an ordinary user account is given. 
+	The password for this account should be
+	set to a different password than the associated
+	<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry, for security
+	reasons. </P
+><P
+>The session key of the Samba administrative account acts as an
+	encryption key for setting the password of the machine trust
+	account. The machine trust account will be created on-the-fly, or
+	updated if it already exists.</P
+></LI
+><LI
+><P
+><I
+CLASS="EMPHASIS"
+>Windows NT</I
+></P
+><P
+> If the machine trust account was created manually, on the
+	Identification Changes menu enter the domain name, but do not
+	check the box "Create a Computer Account in the Domain."  In this case,
+	the existing machine trust account is used to join the machine to
+	the domain.</P
+><P
+> If the machine trust account is to be created
+	on-the-fly, on the Identification Changes menu enter the domain
+	name, and check the box "Create a Computer Account in the Domain."  In
+	this case, joining the domain proceeds as above for Windows 2000
+	(i.e., you must supply a Samba administrative account when
+	prompted).</P
+></LI
+></UL
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN169"
+>Common Problems and Errors</A
+></H1
+><P
+></P
+><P
+></P
+><UL
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>I cannot include a '$' in a machine name.</I
+>
+	</P
+><P
+>	A 'machine name' in (typically) <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> 	
+	of the machine name with a '$' appended. FreeBSD (and other BSD 
+	systems?) won't create a user with a '$' in their name.
+	</P
+><P
+>	The problem is only in the program used to make the entry, once 
+	made, it works perfectly. So create a user without the '$' and 
+	use <B
+CLASS="COMMAND"
+>vipw</B
+> to edit the entry, adding the '$'. Or create 
+	the whole entry with vipw if you like, make sure you use a 
+	unique User ID !
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>I get told "You already have a connection to the Domain...." 
+	or "Cannot join domain, the credentials supplied conflict with an 
+	existing set.." when creating a machine trust account.</I
+>
+	</P
+><P
+>	This happens if you try to create a machine trust account from the 
+	machine itself and already have a connection (e.g. mapped drive) 
+	to a share (or IPC$) on the Samba PDC.  The following command
+	will remove all network drive connections:
+	</P
+><P
+>	<TT
+CLASS="PROMPT"
+>C:\WINNT\&#62;</TT
+> <B
+CLASS="COMMAND"
+>net use * /d</B
+>
+	</P
+><P
+>	Further, if the machine is a already a 'member of a workgroup' that 
+	is the same name as the domain you are joining (bad idea) you will 
+	get this message.  Change the workgroup name to something else, it 
+	does not matter what, reboot, and try again.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>The system can not log you on (C000019B)....</I
+>
+	</P
+><P
+>I joined the domain successfully but after upgrading 
+	to a newer version of the Samba code I get the message, "The system 
+	can not log you on (C000019B), Please try a gain or consult your 
+	system administrator" when attempting to logon.
+	</P
+><P
+>	This occurs when the domain SID stored in 
+	<TT
+CLASS="FILENAME"
+>private/WORKGROUP.SID</TT
+> is 
+	changed.  For example, you remove the file and <B
+CLASS="COMMAND"
+>smbd</B
+> automatically 
+	creates a new one.  Or you are swapping back and forth between 
+	versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
+	only way to correct the problem is to restore the original domain 
+	SID or remove the domain client from the domain and rejoin.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>The machine trust account for this computer either does not 
+	exist or is not accessible.</I
+>
+	</P
+><P
+>	When I try to join the domain I get the message "The machine account 
+	for this computer either does not exist or is not accessible". What's 
+	wrong?
+	</P
+><P
+>	This problem is caused by the PDC not having a suitable machine trust account. 
+	If you are using the <TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+> method to create 
+	accounts then this would indicate that it has not worked. Ensure the domain 
+	admin user system is working.
+	</P
+><P
+>	Alternatively if you are creating account entries manually then they 
+	have not been created correctly. Make sure that you have the entry 
+	correct for the machine trust account in smbpasswd file on the Samba PDC. 
+	If you added the account using an editor rather than using the smbpasswd 
+	utility, make sure that the account name is the machine NetBIOS name 
+	with a '$' appended to it ( i.e. computer_name$ ). There must be an entry 
+	in both /etc/passwd and the smbpasswd file. Some people have reported 
+	that inconsistent subnet masks between the Samba server and the NT 
+	client have caused this problem.   Make sure that these are consistent 
+	for both client and server.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
+	I get a message about my account being disabled.</I
+>
+	</P
+><P
+>	This problem is caused by a PAM related bug in Samba 2.2.0.  This bug is 
+	fixed in 2.2.1.  Other symptoms could be unaccessible shares on 
+	NT/W2K member servers in the domain or the following error in your smbd.log:
+	passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%
+	</P
+><P
+>	At first be ensure to enable the useraccounts with <B
+CLASS="COMMAND"
+>smbpasswd -e 
+	%user%</B
+>, this is normally done, when you create an account.
+	</P
+><P
+>	In order to work around this problem in 2.2.0, configure the 
+	<TT
+CLASS="PARAMETER"
+><I
+>account</I
+></TT
+> control flag in 
+	<TT
+CLASS="FILENAME"
+>/etc/pam.d/samba</TT
+> file as follows:
+	</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	account required        pam_permit.so
+	</PRE
+></P
+><P
+>	If you want to remain backward compatibility to samba 2.0.x use
+	<TT
+CLASS="FILENAME"
+>pam_permit.so</TT
+>, it's also possible to use 
+	<TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>. There are some bugs if you try to 
+	use <TT
+CLASS="FILENAME"
+>pam_unix.so</TT
+>, if you need this, be ensure to use
+	the most recent version of this file.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN217"
+>System Policies and Profiles</A
+></H1
+><P
+>Much of the information necessary to implement System Policies and
+Roving User Profiles in a Samba domain is the same as that for 
+implementing these same items in a Windows NT 4.0 domain. 
+You should read the white paper <A
+HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp"
+TARGET="_top"
+>Implementing
+Profiles and Policies in Windows NT 4.0</A
+> available from Microsoft.</P
+><P
+>Here are some additional details:</P
+><P
+></P
+><UL
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>What about Windows NT Policy Editor?</I
+>
+	</P
+><P
+>	To create or edit <TT
+CLASS="FILENAME"
+>ntconfig.pol</TT
+> you must use 
+	the NT Server Policy Editor, <B
+CLASS="COMMAND"
+>poledit.exe</B
+>	which 
+	is included with NT Server but <I
+CLASS="EMPHASIS"
+>not NT Workstation</I
+>. 
+	There is a Policy Editor on a NTws 
+	but it is not suitable for creating <I
+CLASS="EMPHASIS"
+>Domain Policies</I
+>. 
+	Further, although the Windows 95 
+	Policy Editor can be installed on an NT Workstation/Server, it will not
+	work with NT policies because the registry key that are set by the policy templates. 
+	However, the files from the NT Server will run happily enough on an NTws. 	
+	You need <TT
+CLASS="FILENAME"
+>poledit.exe, common.adm</TT
+> and <TT
+CLASS="FILENAME"
+>winnt.adm</TT
+>. It is convenient
+	to put the two *.adm files in <TT
+CLASS="FILENAME"
+>c:\winnt\inf</TT
+> which is where
+	the binary will look for them unless told otherwise. Note also that that 
+	directory is 'hidden'.
+	</P
+><P
+>	The Windows NT policy editor is also included with the Service Pack 3 (and 
+	later) for Windows NT 4.0. Extract the files using <B
+CLASS="COMMAND"
+>servicepackname /x</B
+>, 
+	i.e. that's <B
+CLASS="COMMAND"
+>Nt4sp6ai.exe /x</B
+> for service pack 6a.  The policy editor, 
+	<B
+CLASS="COMMAND"
+>poledit.exe</B
+> and the associated template files (*.adm) should
+	be extracted as well.  It is also possible to downloaded the policy template 
+	files for Office97 and get a copy of the policy editor.  Another possible 
+	location is with the Zero Administration Kit available for download from Microsoft.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>Can Win95 do Policies?</I
+>
+	</P
+><P
+>	Install the group policy handler for Win9x to pick up group 
+	policies.   Look on the Win98 CD in <TT
+CLASS="FILENAME"
+>\tools\reskit\netadmin\poledit</TT
+>. 
+	Install group policies on a Win9x client by double-clicking 
+	<TT
+CLASS="FILENAME"
+>grouppol.inf</TT
+>. Log off and on again a couple of 
+	times and see if Win98 picks up group policies.  Unfortunately this needs 
+	to be done on every Win9x machine that uses group policies....
+	</P
+><P
+>	If group policies don't work one reports suggests getting the updated 
+	(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
+	from /etc/group.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>How do I get 'User Manager' and 'Server Manager'</I
+>
+	</P
+><P
+>	Since I don't need to buy an NT Server CD now, how do I get 
+	the 'User Manager for Domains', the 'Server Manager'?
+	</P
+><P
+>	Microsoft distributes a version of these tools called nexus for 
+	installation on Windows 95 systems.  The tools set includes
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Server Manager</P
+></LI
+><LI
+><P
+>User Manager for Domains</P
+></LI
+><LI
+><P
+>Event Viewer</P
+></LI
+></UL
+><P
+>	Click here to download the archived file <A
+HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"
+TARGET="_top"
+>ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A
+>
+	</P
+><P
+>	The Windows NT 4.0 version of the 'User Manager for 
+	Domains' and 'Server Manager' are available from Microsoft via ftp 
+	from <A
+HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"
+TARGET="_top"
+>ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A
+>
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN261"
+>What other help can I get?</A
+></H1
+><P
+>There are many sources of information available in the form 
+of mailing lists, RFC's and documentation.  The docs that come 
+with the samba distribution contain very good explanations of 
+general SMB topics such as browsing.</P
+><P
+></P
+><UL
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>What are some diagnostics tools I can use to debug the domain logon 
+	process and where can I	find them?</I
+>
+	</P
+><P
+>	One of the best diagnostic tools for debugging problems is Samba itself.  
+	You can use the -d option for both smbd and nmbd to specify what 
+	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
+	smb.conf for more information on debugging options.  The debug 
+	level can range from 1 (the default) to 10 (100 for debugging passwords).
+	</P
+><P
+>	Another helpful method of debugging is to compile samba using the 
+	<B
+CLASS="COMMAND"
+>gcc -g </B
+> flag.   This will include debug 
+	information in the binaries and allow you to attach gdb to the 
+	running smbd / nmbd process.  In order to attach gdb to an smbd 
+	process for an NT workstation, first get the workstation to make the 
+	connection. Pressing ctrl-alt-delete and going down to the domain box 
+	is sufficient (at least, on the first time you join the domain) to 
+	generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation 
+	maintains an open connection, and therefore there will be an smbd 
+	process running (assuming that you haven't set a really short smbd 
+	idle timeout)  So, in between pressing ctrl alt delete, and actually 
+	typing in your password, you can gdb attach and continue.
+	</P
+><P
+>	Some useful samba commands worth investigating:
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>testparam | more</P
+></LI
+><LI
+><P
+>smbclient -L //{netbios name of server}</P
+></LI
+></UL
+><P
+>	An SMB enabled version of tcpdump is available from 
+	<A
+HREF="http://www.tcpdump.org/"
+TARGET="_top"
+>http://www.tcpdup.org/</A
+>.
+	Ethereal, another good packet sniffer for Unix and Win32
+	hosts, can be downloaded from <A
+HREF="http://www.ethereal.com/"
+TARGET="_top"
+>http://www.ethereal.com</A
+>.
+	</P
+><P
+>	For tracing things on the Microsoft Windows NT, Network Monitor 
+	(aka. netmon) is available on the Microsoft Developer Network CD's, 
+	the Windows NT Server install CD and the SMS CD's.  The version of 
+	netmon that ships with SMS allows for dumping packets between any two 
+	computers (i.e. placing the network interface in promiscuous mode).  
+	The version on the NT Server install CD will only allow monitoring 
+	of network traffic directed to the local NT box and broadcasts on the 
+	local subnet.  Be aware that Ethereal can read and write netmon 
+	formatted files.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>How do I install 'Network Monitor' on an NT Workstation 
+	or a Windows 9x box?</I
+>
+	</P
+><P
+>	Installing netmon on an NT workstation requires a couple 
+	of steps.  The following are for installing Netmon V4.00.349, which comes 
+	with Microsoft Windows NT Server 4.0, on Microsoft Windows NT 
+	Workstation 4.0.  The process should be similar for other version of 
+	Windows NT / Netmon.  You will need both the Microsoft Windows 
+	NT Server 4.0 Install CD and the Workstation 4.0 Install CD.
+	</P
+><P
+>	Initially you will need to install 'Network Monitor Tools and Agent' 
+	on the NT Server.  To do this 
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Goto Start - Settings - Control Panel - 
+		Network - Services - Add </P
+></LI
+><LI
+><P
+>Select the 'Network Monitor Tools and Agent' and 
+		click on 'OK'.</P
+></LI
+><LI
+><P
+>Click 'OK' on the Network Control Panel.
+		</P
+></LI
+><LI
+><P
+>Insert the Windows NT Server 4.0 install CD 
+		when prompted.</P
+></LI
+></UL
+><P
+>	At this point the Netmon files should exist in 
+	<TT
+CLASS="FILENAME"
+>%SYSTEMROOT%\System32\netmon\*.*</TT
+>.    
+	Two subdirectories exist as well, <TT
+CLASS="FILENAME"
+>parsers\</TT
+> 
+	which contains the necessary DLL's for parsing the netmon packet 
+	dump, and <TT
+CLASS="FILENAME"
+>captures\</TT
+>.
+	</P
+><P
+>	In order to install the Netmon tools on an NT Workstation, you will 
+	first need to install the 'Network  Monitor Agent' from the Workstation 
+	install CD.
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Goto Start - Settings - Control Panel - 
+		Network - Services - Add</P
+></LI
+><LI
+><P
+>Select the 'Network Monitor Agent' and click 
+		on 'OK'.</P
+></LI
+><LI
+><P
+>Click 'OK' on the Network Control Panel.
+		</P
+></LI
+><LI
+><P
+>Insert the Windows NT Workstation 4.0 install 
+		CD when prompted.</P
+></LI
+></UL
+><P
+>	Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* 
+	to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set 
+	permissions as  you deem appropriate for your site. You will need 
+	administrative rights on the NT box to run netmon.
+	</P
+><P
+>	To install Netmon on a Windows 9x box install the network monitor agent 
+	from the Windows 9x CD (\admin\nettools\netmon).  There is a readme 
+	file located with the netmon driver files on the CD if you need 
+	information on how to do this.  Copy the files from a working 
+	Netmon installation.
+	</P
+></LI
+><LI
+><P
+>	The following is a list if helpful URLs and other links:
+	</P
+><P
+></P
+><UL
+><LI
+><P
+>Home of Samba site <A
+HREF="http://samba.org"
+TARGET="_top"
+>        http://samba.org</A
+>. We have a mirror near you !</P
+></LI
+><LI
+><P
+> The <I
+CLASS="EMPHASIS"
+>Development</I
+> document 
+	on the Samba mirrors might mention your problem. If so,
+	it might mean that the developers are working on it.</P
+></LI
+><LI
+><P
+>See how Scott Merrill simulates a BDC behavior at 
+        <A
+HREF="http://www.skippy.net/linux/smb-howto.html"
+TARGET="_top"
+>        http://www.skippy.net/linux/smb-howto.html</A
+>. </P
+></LI
+><LI
+><P
+>Although 2.0.7 has almost had its day as a PDC, David Bannon will
+        keep the 2.0.7 PDC pages at <A
+HREF="http://bioserve.latrobe.edu.au/samba"
+TARGET="_top"
+>        http://bioserve.latrobe.edu.au/samba</A
+> going for a while yet.</P
+></LI
+><LI
+><P
+>Misc links to CIFS information 
+        <A
+HREF="http://samba.org/cifs/"
+TARGET="_top"
+>http://samba.org/cifs/</A
+></P
+></LI
+><LI
+><P
+>NT Domains for Unix <A
+HREF="http://mailhost.cb1.com/~lkcl/ntdom/"
+TARGET="_top"
+>        http://mailhost.cb1.com/~lkcl/ntdom/</A
+></P
+></LI
+><LI
+><P
+>FTP site for older SMB specs: 
+        <A
+HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/"
+TARGET="_top"
+>        ftp://ftp.microsoft.com/developr/drg/CIFS/</A
+></P
+></LI
+></UL
+></LI
+></UL
+><P
+></P
+><UL
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>How do I get help from the mailing lists?</I
+>
+	</P
+><P
+>	There are a number of Samba related mailing lists. Go to <A
+HREF="http://samba.org"
+TARGET="_top"
+>http://samba.org</A
+>, click on your nearest mirror
+	and then click on <B
+CLASS="COMMAND"
+>Support</B
+> and then click on <B
+CLASS="COMMAND"
+>	Samba related mailing lists</B
+>.
+	</P
+><P
+>	For questions relating to Samba TNG go to
+	<A
+HREF="http://www.samba-tng.org/"
+TARGET="_top"
+>http://www.samba-tng.org/</A
+> 
+	It has been requested that you don't post questions about Samba-TNG to the
+	main stream Samba lists.</P
+><P
+>	If you post a message to one of the lists please observe the following guide lines :
+	</P
+><P
+></P
+><UL
+><LI
+><P
+> Always remember that the developers are volunteers, they are 
+		not paid and they never guarantee to produce a particular feature at 
+		a particular time. Any time lines are 'best guess' and nothing more.
+		</P
+></LI
+><LI
+><P
+> Always mention what version of samba you are using and what 
+		operating system its running under. You should probably list the
+        relevant sections of your smb.conf file, at least the options 
+        in [global] that affect PDC support.</P
+></LI
+><LI
+><P
+>In addition to the version, if you obtained Samba via
+        CVS mention the date when you last checked it out.</P
+></LI
+><LI
+><P
+> Try and make your question clear and brief, lots of long, 
+		convoluted questions get deleted before	they are completely read ! 
+		Don't post html encoded messages (if you can select colour or font 
+		size its html).</P
+></LI
+><LI
+><P
+> If you run one of those nifty 'I'm on holidays' things when 
+		you are away, make sure its configured	to not answer mailing lists.
+		</P
+></LI
+><LI
+><P
+> Don't cross post. Work out which is the best list to post to 
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
+        Many people active on the lists subscribe to more 
+		than one list and get annoyed to see the same message two or more times. 
+		Often someone will see a message and thinking it would be better dealt 
+		with on another, will forward it on for you.</P
+></LI
+><LI
+><P
+>You might include <I
+CLASS="EMPHASIS"
+>partial</I
+>
+        log files written at a debug level set to as much as 20.  
+        Please don't send the entire log but enough to give the context of the 
+        error messages.</P
+></LI
+><LI
+><P
+>(Possibly) If you have a complete netmon trace ( from the opening of 
+        the pipe to the error ) you can send the *.CAP file as well.</P
+></LI
+><LI
+><P
+>Please think carefully before attaching a document to an email.
+        Consider pasting the relevant parts into the body of the message. The samba
+        mailing lists go to a huge number of people, do they all need a copy of your 
+        smb.conf in their attach directory?</P
+></LI
+></UL
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>How do I get off the mailing lists?</I
+>
+	</P
+><P
+>To have your name removed from a samba mailing list, go to the
+	same place you went to to get on it. Go to <A
+HREF="http://lists.samba.org/"
+TARGET="_top"
+>http://lists.samba.org</A
+>, 
+	click on your nearest mirror and then click on <B
+CLASS="COMMAND"
+>Support</B
+> and 
+	then click on <B
+CLASS="COMMAND"
+> Samba related mailing lists</B
+>. Or perhaps see 
+	<A
+HREF="http://lists.samba.org/mailman/roster/samba-ntdom"
+TARGET="_top"
+>here</A
+>
+	</P
+><P
+>	Please don't post messages to the list asking to be removed, you will just
+	be referred to the above address (unless that process failed in some way...)
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN375"
+>Domain Control for Windows 9x/ME</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>The following section contains much of the original 
+DOMAIN.txt file previously included with Samba.  Much of 
+the material is based on what went into the book <I
+CLASS="EMPHASIS"
+>Special 
+Edition, Using Samba</I
+>, by Richard Sharpe.</P
+></BLOCKQUOTE
+></DIV
+><P
+>A domain and a workgroup are exactly the same thing in terms of network
+browsing.  The difference is that a distributable authentication
+database is associated with a domain, for secure login access to a
+network.  Also, different access rights can be granted to users if they
+successfully authenticate against a domain logon server (NT server and 
+other systems based on NT server support this, as does at least Samba TNG now).</P
+><P
+>The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+Network browsing functionality of domains and workgroups is
+identical and is explained in BROWSING.txt. It should be noted, that browsing
+is totally orthogonal to logon support.</P
+><P
+>Issues related to the single-logon network model are discussed in this
+section.  Samba supports domain logons, network logon scripts, and user
+profiles for MS Windows for workgroups and MS Windows 9X/ME clients
+which will be the focus of this section.</P
+><P
+>When an SMB client in a domain wishes to logon it broadcast requests for a
+logon server.  The first one to reply gets the job, and validates its
+password using whatever mechanism the Samba administrator has installed.
+It is possible (but very stupid) to create a domain where the user
+database is not shared between servers, i.e. they are effectively workgroup
+servers advertising themselves as participating in a domain.  This
+demonstrates how authentication is quite different from but closely
+involved with domains.</P
+><P
+>Using these features you can make your clients verify their logon via
+the Samba server; make clients run a batch file when they logon to
+the network and download their preferences, desktop and start menu.</P
+><P
+>Before launching into the configuration instructions, it is 
+worthwhile lookingat how a Windows 9x/ME client performs a logon:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	The client broadcasts (to the IP broadcast address of the subnet it is in)
+	a NetLogon request. This is sent to the NetBIOS name DOMAIN&#60;1c&#62; at the
+	NetBIOS layer.  The client chooses the first response it receives, which
+	contains the NetBIOS name of the logon server to use in the format of 
+	\\SERVER.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to that server, logs on (does an SMBsessetupX) and
+	then connects to the IPC$ share (using an SMBtconX).
+	</P
+></LI
+><LI
+><P
+>	The client then does a NetWkstaUserLogon request, which retrieves the name
+	of the user's logon script. 
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the NetLogon share and searches for this 	
+	and if it is found and can be read, is retrieved and executed by the client.
+	After this, the client disconnects from the NetLogon share.
+	</P
+></LI
+><LI
+><P
+>	The client then sends a NetUserGetInfo request to the server, to retrieve
+	the user's home share, which is used to search for profiles. Since the
+	response to the NetUserGetInfo request does not contain much more 	
+	the user's home share, profiles for Win9X clients MUST reside in the user
+	home directory.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the user's home share and searches for the 
+	user's profile. As it turns out, you can specify the user's home share as
+	a sharename and path. For example, \\server\fred\.profile.
+	If the profiles are found, they are implemented.
+	</P
+></LI
+><LI
+><P
+>	The client then disconnects from the user's home share, and reconnects to
+	the NetLogon share and looks for CONFIG.POL, the policies file. If this is
+	found, it is read and implemented.
+	</P
+></LI
+></OL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN401"
+>Configuration Instructions:	Network Logons</A
+></H2
+><P
+>The main difference between a PDC and a Windows 9x logon 
+server configuration is that</P
+><P
+></P
+><UL
+><LI
+><P
+>Password encryption is not required for a Windows 9x logon server.</P
+></LI
+><LI
+><P
+>Windows 9x/ME clients do not possess machine trust accounts.</P
+></LI
+></UL
+><P
+>Therefore, a Samba PDC will also act as a Windows 9x logon 
+server.</P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>security mode and master browsers</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>There are a few comments to make in order to tie up some 
+loose ends.  There has been much debate over the issue of whether
+or not it is ok to configure Samba as a Domain Controller in security
+modes other than <TT
+CLASS="CONSTANT"
+>USER</TT
+>.  The only security mode 
+which  will not work due to technical reasons is <TT
+CLASS="CONSTANT"
+>SHARE</TT
+>
+mode security.  <TT
+CLASS="CONSTANT"
+>DOMAIN</TT
+> and <TT
+CLASS="CONSTANT"
+>SERVER</TT
+>
+mode security is really just a variation on SMB user level security.</P
+><P
+>Actually, this issue is also closely tied to the debate on whether 
+or not Samba must be the domain master browser for its workgroup
+when operating as a DC.  While it may technically be possible
+to configure a server as such (after all, browsing and domain logons
+are two distinctly different functions), it is not a good idea to
+so.  You should remember that the DC must register the DOMAIN#1b NetBIOS 
+name.  This is the name used by Windows clients to locate the DC.
+Windows clients do not distinguish between the DC and the DMB.
+For this reason, it is very wise to configure the Samba DC as the DMB.</P
+><P
+>Now back to the issue of configuring a Samba DC to use a mode other
+than "security = user".  If a Samba host is configured to use 
+another SMB server or DC in order to validate user connection 
+requests, then it is a fact that some other machine on the network 
+(the "password server") knows more about user than the Samba host.
+99% of the time, this other host is a domain controller.  Now 
+in order to operate in domain mode security, the "workgroup" parameter
+must be set to the name of the Windows NT domain (which already 
+has a domain controller, right?)</P
+><P
+>Therefore configuring a Samba box as a DC for a domain that 
+already by definition has a PDC is asking for trouble.
+Therefore, you should always configure the Samba DC to be the DMB
+for its domain.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN420"
+>Configuration Instructions:	Setting up Roaming User Profiles</A
+></H2
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE!</I
+> Roaming profiles support is different 
+for Win9X and WinNT.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.</P
+><P
+>Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate 
+profiles location field, only the user's home share. This means that Win9X 
+profiles are restricted to being in the user's home directory.</P
+><P
+>WinNT clients send a NetSAMLogon RPC request, which contains many fields, 
+including a separate field for the location of the user's profiles. 
+This means that support for profiles is different for Win9X and WinNT.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN428"
+>Windows NT Configuration</A
+></H3
+><P
+>To support WinNT clients, in the [global] section of smb.conf set the
+following (for example):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
+></P
+><P
+>The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile.  The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable. </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 26aug96 - we have discovered a problem where Windows clients can
+maintain a connection to the [homes] share in between logins.  The
+[homes] share must NOT therefore be used in a profile path.]</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN436"
+>Windows 9X Configuration</A
+></H3
+><P
+>To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use/home" now works as well, and it, too, relies
+on the "logon home" parameter.</P
+><P
+>By using the logon home parameter, you are restricted to putting Win9X 
+profiles in the user's home directory.   But wait! There is a trick you 
+can use. If you set the following in the [global] section of your 
+smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles</PRE
+></P
+><P
+>then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).</P
+><P
+>Not only that, but 'net use/home' will also work, because of a feature in 
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN444"
+>Win9X and WinNT Configuration</A
+></H3
+><P
+>You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U</PRE
+></P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN451"
+>Windows 9X Profile Setup</A
+></H3
+><P
+>When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each.  You will need to use the [global]
+options "preserve case = yes", "short preserve case = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.</P
+><P
+>The user.DAT file contains all the user's preferences.  If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Passwords and
+	select the User Profiles tab.  Select the required level of
+	roaming preferences.  Press OK, but do _not_ allow the computer
+	to reboot.
+	</P
+></LI
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Network |
+	Client for Microsoft Networks | Preferences.  Select 'Log on to
+	NT Domain'.  Then, ensure that the Primary Logon is 'Client for
+	Microsoft Networks'.  Press OK, and this time allow the computer
+	to reboot.
+	</P
+></LI
+></OL
+><P
+>Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server.  If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.</P
+><P
+>You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password].  Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.</P
+><P
+>Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences?  Select 'yes'.</P
+><P
+>Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.</P
+><P
+>These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.</P
+><P
+>If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile.  Basically, if
+you have any errors reported by the w95 machine, check the Unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.</P
+><P
+>If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below.  When this user then next logs in,
+they will be told that they are logging in "for the first time".</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	instead of logging in under the [user, password, domain] dialog,
+	press escape.
+	</P
+></LI
+><LI
+><P
+>	run the regedit.exe program, and look in:
+	</P
+><P
+>	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+	</P
+><P
+>	you will find an entry, for each user, of ProfilePath.  Note the
+	contents of this key (likely to be c:\windows\profiles\username),
+	then delete the key ProfilePath for the required user.
+	</P
+><P
+>	[Exit the registry editor].
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>WARNING</I
+> - before deleting the contents of the 
+	directory listed in
+   the ProfilePath (this is likely to be c:\windows\profiles\username),
+   ask them if they have any important files stored on their desktop
+   or in their start menu.  delete the contents of the directory
+   ProfilePath (making a backup if any of the files are needed).
+	</P
+><P
+>   This will have the effect of removing the local (read-only hidden
+   system file) user.DAT in their profile directory, as well as the
+   local "desktop", "nethood", "start menu" and "programs" folders.
+	</P
+></LI
+><LI
+><P
+>	search for the user's .PWL password-caching file in the c:\windows
+	directory, and delete it.
+	</P
+></LI
+><LI
+><P
+>	log off the windows 95 client.
+	</P
+></LI
+><LI
+><P
+>	check the contents of the profile path (see "logon path" described
+	above), and delete the user.DAT or user.MAN file for the user,
+	making a backup if required.  
+	</P
+></LI
+></OL
+><P
+>If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.</P
+><P
+>If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server.  Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN487"
+>Windows NT Workstation 4.0</A
+></H3
+><P
+>When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created.  The profile location can be now specified
+through the "logon path" parameter.  </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i tried setting the path to
+\\samba-server\homes\profile, and discovered that this fails because
+a background process maintains the connection to the [homes] share
+which does _not_ close down in between user logins.  you have to
+have \\samba-server\%L\profile, where user is the username created
+from the [homes] share].</P
+></BLOCKQUOTE
+></DIV
+><P
+>There is a parameter that is now available for use with NT Profiles:
+"logon drive".  This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.</P
+><P
+>The entry for the NT 4.0 profile is a _directory_ not a file.  The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension.  The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension)
+[lkcl 10aug97 - i found that the creation of the .PDS directory failed,
+and had to create these manually for each user, with a shell script.
+also, i presume, but have not tested, that the full profile path must
+be browseable just as it is for w95, due to the manner in which they
+attempt to create the full profile path: test existence of each path
+component; create path component].</P
+><P
+>In the profile directory, NT creates more folders than 95.  It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs".  The profile itself is stored in a file
+NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.</P
+><P
+>You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you).  The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i notice that NT Workstation tells me that it is
+downloading a profile from a slow link.  whether this is actually the
+case, or whether there is some configuration issue, as yet unknown,
+that makes NT Workstation _think_ that the link is a slow one is a
+matter to be resolved].</P
+><P
+>[lkcl 20aug97 - after samba digest correspondence, one user found, and
+another confirmed, that profiles cannot be loaded from a samba server
+unless "security = user" and "encrypt passwords = yes" (see the file
+ENCRYPTION.txt) or "security = server" and "password server = ip.address.
+of.yourNTserver" are used.  Either of these options will allow the NT
+workstation to access the samba server using LAN manager encrypted
+passwords, without the user intervention normally required by NT
+workstation for clear-text passwords].</P
+><P
+>[lkcl 25aug97 - more comments received about NT profiles: the case of
+the profile _matters_.  the file _must_ be called NTuser.DAT or, for
+a mandatory profile, NTuser.MAN].</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN500"
+>Windows NT Server</A
+></H3
+><P
+>There is nothing to stop you specifying any path that you like for the
+location of users' profiles.  Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN503"
+>Sharing Profiles between W95 and NT Workstation 4.0</A
+></H3
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Potentially outdated or incorrect material follows</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>I think this is all bogus, but have not deleted it. (Richard Sharpe)</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>The default logon path is \\%N\U%.  NT Workstation will attempt to create
+a directory "\\samba-server\username.PDS" if you specify the logon path
+as "\\samba-server\username" with the NT User Manager.  Therefore, you
+will need to specify (for example) "\\samba-server\username\profile".
+NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which
+is more likely to succeed.</P
+><P
+>If you then want to share the same Start Menu / Desktop with W95, you will
+need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97
+this has its drawbacks: i created a shortcut to telnet.exe, which attempts
+to run from the c:\winnt\system32 directory.  this directory is obviously
+unlikely to exist on a Win95-only host].</P
+><P
+>&#13;If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 25aug97 - there are some issues to resolve with downloading of
+NT profiles, probably to do with time/date stamps.  i have found that
+NTuser.DAT is never updated on the workstation after the first time that
+it is copied to the local workstation profile directory.  this is in
+contrast to w95, where it _does_ transfer / update profiles correctly].</P
+></BLOCKQUOTE
+></DIV
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN513"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+></H1
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Possibly Outdated Material</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	This appendix was originally authored by John H Terpstra of 
+	the Samba Team and is included here for posterity.
+	</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE :</I
+> 
+The term "Domain Controller" and those related to it refer to one specific
+method of authentication that can underly an SMB domain. Domain Controllers
+prior to Windows NT Server 3.1 were sold by various companies and based on 
+private extensions to the LAN Manager 2.1 protocol. Windows NT introduced
+Microsoft-specific ways of distributing the user authentication database.
+See DOMAIN.txt for examples of how Samba can participate in or create
+SMB domains based on shared authentication database schemes other than the 
+Windows NT SAM.</P
+><P
+>Windows NT Server can be installed as either a plain file and print server
+(WORKGROUP workstation or server) or as a server that participates in Domain
+Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
+The same is true for OS/2 Warp Server, Digital Pathworks and other similar
+products, all of which can participate in Domain Control along with Windows NT.</P
+><P
+>To many people these terms can be confusing, so let's try to clear the air.</P
+><P
+>Every Windows NT system (workstation or server) has a registry database.
+The registry contains entries that describe the initialization information
+for all services (the equivalent of Unix Daemons) that run within the Windows
+NT environment. The registry also contains entries that tell application
+software where to find dynamically loadable libraries that they depend upon.
+In fact, the registry contains entries that describes everything that anything
+may need to know to interact with the rest of the system.</P
+><P
+>The registry files can be located on any Windows NT machine by opening a
+command prompt and typing:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINNT\&#62;</TT
+> dir %SystemRoot%\System32\config</P
+><P
+>The environment variable %SystemRoot% value can be obtained by typing:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINNT&#62;</TT
+>echo %SystemRoot%</P
+><P
+>The active parts of the registry that you may want to be familiar with are
+the files called: default, system, software, sam and security.</P
+><P
+>In a domain environment, Microsoft Windows NT domain controllers participate
+in replication of the SAM and SECURITY files so that all controllers within
+the domain have an exactly identical copy of each.</P
+><P
+>The Microsoft Windows NT system is structured within a security model that
+says that all applications and services must authenticate themselves before
+they can obtain permission from the security manager to do what they set out
+to do.</P
+><P
+>The Windows NT User database also resides within the registry. This part of
+the registry contains the user's security identifier, home directory, group
+memberships, desktop profile, and so on.</P
+><P
+>Every Windows NT system (workstation as well as server) will have its own
+registry. Windows NT Servers that participate in Domain Security control
+have a database that they share in common - thus they do NOT own an
+independent full registry database of their own, as do Workstations and
+plain Servers.</P
+><P
+>The User database is called the SAM (Security Access Manager) database and
+is used for all user authentication as well as for authentication of inter-
+process authentication (i.e. to ensure that the service action a user has
+requested is permitted within the limits of that user's privileges).</P
+><P
+>The Samba team have produced a utility that can dump the Windows NT SAM into 
+smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and
+/pub/samba/pwdump on your nearest Samba mirror for the utility. This 
+facility is useful but cannot be easily used to implement SAM replication
+to Samba systems.</P
+><P
+>Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
+can participate in a Domain security system that is controlled by Windows NT
+servers that have been correctly configured. Almost every domain will have
+ONE Primary Domain Controller (PDC). It is desirable that each domain will
+have at least one Backup Domain Controller (BDC).</P
+><P
+>The PDC and BDCs then participate in replication of the SAM database so that
+each Domain Controlling participant will have an up to date SAM component
+within its registry.</P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html
new file mode 100755
index 00000000000..e3c1934adaa
--- /dev/null
+++ b/docs/htmldocs/UNIX_INSTALL.html
@@ -0,0 +1,814 @@
+<HTML
+><HEAD
+><TITLE
+>How to Install and Test SAMBA</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="INSTALL"
+>How to Install and Test SAMBA</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Step 0: Read the man pages</A
+></H1
+><P
+>The man pages distributed with SAMBA contain 
+	lots of useful info that will help to get you started. 
+	If you don't know how to read man pages then try 
+	something like:</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>nroff -man smbd.8 | more
+	</B
+></TT
+></P
+><P
+>Other sources of information are pointed to 
+	by the Samba web site,<A
+HREF="http://www.samba.org/"
+TARGET="_top"
+>	http://www.samba.org</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN11"
+>Step 1: Building the Binaries</A
+></H1
+><P
+>To do this, first run the program <B
+CLASS="COMMAND"
+>./configure
+	</B
+> in the source directory. This should automatically 
+	configure Samba for your operating system. If you have unusual 
+	needs then you may wish to run</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>./configure --help
+	</B
+></TT
+></P
+><P
+>first to see what special options you can enable.
+	Then executing</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make</B
+></TT
+></P
+><P
+>will create the binaries. Once it's successfully 
+	compiled you can use </P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make install</B
+></TT
+></P
+><P
+>to install the binaries and manual pages. You can 
+	separately install the binaries and/or man pages using</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make installbin
+	</B
+></TT
+></P
+><P
+>and</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make installman
+	</B
+></TT
+></P
+><P
+>Note that if you are upgrading for a previous version 
+	of Samba you might like to know that the old versions of 
+	the binaries will be renamed with a ".old" extension. You 
+	can go back to the previous version with</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>make revert
+	</B
+></TT
+></P
+><P
+>if you find this version a disaster!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN39"
+>Step 2: The all important step</A
+></H1
+><P
+>At this stage you must fetch yourself a 
+	coffee or other drink you find stimulating. Getting the rest 
+	of the install right can sometimes be tricky, so you will 
+	probably need it.</P
+><P
+>If you have installed samba before then you can skip 
+	this step.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN43"
+>Step 3: Create the smb configuration file.</A
+></H1
+><P
+>There are sample configuration files in the examples 
+	subdirectory in the distribution. I suggest you read them 
+	carefully so you can see how the options go together in 
+	practice. See the man page for all the options.</P
+><P
+>The simplest useful configuration file would be 
+	something like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	[global]
+	   workgroup = MYGROUP
+
+	   [homes]
+	      guest ok = no
+	      read only = no
+	</PRE
+></P
+><P
+>which would allow connections by anyone with an 
+	account on the server, using either their login name or 
+	"homes" as the service name. (Note that I also set the 
+	workgroup that Samba is part of. See BROWSING.txt for details)</P
+><P
+>Note that <B
+CLASS="COMMAND"
+>make install</B
+> will not install 
+	a <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. You need to create it 
+	yourself. </P
+><P
+>Make sure you put the smb.conf file in the same place 
+	you specified in the<TT
+CLASS="FILENAME"
+>Makefile</TT
+> (the default is to 
+	look for it in <TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/</TT
+>).</P
+><P
+>For more information about security settings for the 
+	[homes] share please refer to the document UNIX_SECURITY.txt.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN57"
+>Step 4: Test your config file with 
+	<B
+CLASS="COMMAND"
+>testparm</B
+></A
+></H1
+><P
+>It's important that you test the validity of your
+	<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file using the testparm program. 
+	If testparm runs OK then it will list the loaded services. If 
+	not it will give an error message.</P
+><P
+>Make sure it runs OK and that the services look 
+	reasonable before proceeding. </P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN63"
+>Step 5: Starting the smbd and nmbd</A
+></H1
+><P
+>You must choose to start smbd and nmbd either
+	as daemons or from <B
+CLASS="COMMAND"
+>inetd</B
+>. Don't try
+	to do both!  Either you can put them in <TT
+CLASS="FILENAME"
+>	inetd.conf</TT
+> and have them started on demand
+	by <B
+CLASS="COMMAND"
+>inetd</B
+>, or you can start them as
+	daemons either from the command line or in <TT
+CLASS="FILENAME"
+>	/etc/rc.local</TT
+>. See the man pages for details
+	on the command line options. Take particular care to read
+	the bit about what user you need to be in order to start
+	Samba.  In many cases you must be root.</P
+><P
+>The main advantage of starting <B
+CLASS="COMMAND"
+>smbd</B
+>
+	and <B
+CLASS="COMMAND"
+>nmbd</B
+> using the recommended daemon method
+	is that they will respond slightly more quickly to an initial connection
+	request.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN73"
+>Step 5a: Starting from inetd.conf</A
+></H2
+><P
+>NOTE; The following will be different if 
+		you use NIS or NIS+ to distributed services maps.</P
+><P
+>Look at your <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>. 
+		What is defined at port 139/tcp. If nothing is defined 
+		then add a line like this:</P
+><P
+><TT
+CLASS="USERINPUT"
+><B
+>netbios-ssn     139/tcp</B
+></TT
+></P
+><P
+>similarly for 137/udp you should have an entry like:</P
+><P
+><TT
+CLASS="USERINPUT"
+><B
+>netbios-ns	137/udp</B
+></TT
+></P
+><P
+>Next edit your <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> 
+		and add two lines something like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
+		</PRE
+></P
+><P
+>The exact syntax of <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> 
+		varies between unixes. Look at the other entries in inetd.conf 
+		for a guide.</P
+><P
+>NOTE: Some unixes already have entries like netbios_ns 
+		(note the underscore) in <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>. 
+		You must either edit <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> or
+		<TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> to make them consistent.</P
+><P
+>NOTE: On many systems you may need to use the 
+		"interfaces" option in smb.conf to specify the IP address 
+		and netmask of your interfaces. Run <B
+CLASS="COMMAND"
+>ifconfig</B
+> 
+		as root if you don't know what the broadcast is for your
+		net. <B
+CLASS="COMMAND"
+>nmbd</B
+> tries to determine it at run 
+		time, but fails on some unixes. See the section on "testing nmbd" 
+		for a method of finding if you need to do this.</P
+><P
+>!!!WARNING!!! Many unixes only accept around 5 
+		parameters on the command line in <TT
+CLASS="FILENAME"
+>inetd.conf</TT
+>. 
+		This means you shouldn't use spaces between the options and 
+		arguments, or you should use a script, and start the script 
+		from <B
+CLASS="COMMAND"
+>inetd</B
+>.</P
+><P
+>Restart <B
+CLASS="COMMAND"
+>inetd</B
+>, perhaps just send 
+		it a HUP. If you have installed an earlier version of <B
+CLASS="COMMAND"
+>		nmbd</B
+> then you may need to kill nmbd as well.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN102"
+>Step 5b. Alternative: starting it as a daemon</A
+></H2
+><P
+>To start the server as a daemon you should create 
+		a script something like this one, perhaps calling 
+		it <TT
+CLASS="FILENAME"
+>startsmb</TT
+>.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>		#!/bin/sh
+		/usr/local/samba/bin/smbd -D 
+		/usr/local/samba/bin/nmbd -D 
+		</PRE
+></P
+><P
+>then make it executable with <B
+CLASS="COMMAND"
+>chmod 
+		+x startsmb</B
+></P
+><P
+>You can then run <B
+CLASS="COMMAND"
+>startsmb</B
+> by 
+		hand or execute it from <TT
+CLASS="FILENAME"
+>/etc/rc.local</TT
+>
+		</P
+><P
+>To kill it send a kill signal to the processes 
+		<B
+CLASS="COMMAND"
+>nmbd</B
+> and <B
+CLASS="COMMAND"
+>smbd</B
+>.</P
+><P
+>NOTE: If you use the SVR4 style init system then 
+		you may like to look at the <TT
+CLASS="FILENAME"
+>examples/svr4-startup</TT
+>
+		script to make Samba fit into that system.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN118"
+>Step 6: Try listing the shares available on your 
+	server</A
+></H1
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbclient -L 
+	<TT
+CLASS="REPLACEABLE"
+><I
+>yourhostname</I
+></TT
+></B
+></TT
+></P
+><P
+>You should get back a list of shares available on 
+	your server. If you don't then something is incorrectly setup. 
+	Note that this method can also be used to see what shares 
+	are available on other LanManager clients (such as WfWg).</P
+><P
+>If you choose user level security then you may find 
+	that Samba requests a password before it will list the shares. 
+	See the <B
+CLASS="COMMAND"
+>smbclient</B
+> man page for details. (you 
+	can force it to list the shares without a password by
+	adding the option -U% to the command line. This will not work 
+	with non-Samba servers)</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN127"
+>Step 7: Try connecting with the unix client</A
+></H1
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbclient <TT
+CLASS="REPLACEABLE"
+><I
+>	//yourhostname/aservice</I
+></TT
+></B
+></TT
+></P
+><P
+>Typically the <TT
+CLASS="REPLACEABLE"
+><I
+>yourhostname</I
+></TT
+> 
+	would be the name of the host where you installed <B
+CLASS="COMMAND"
+>	smbd</B
+>. The <TT
+CLASS="REPLACEABLE"
+><I
+>aservice</I
+></TT
+> is 
+	any service you have defined in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> 
+	file. Try your user name if you just have a [homes] section
+	in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.</P
+><P
+>For example if your unix host is bambi and your login 
+	name is fred you would type:</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbclient //bambi/fred
+	</B
+></TT
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN143"
+>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
+	Win2k, OS/2, etc... client</A
+></H1
+><P
+>Try mounting disks. eg:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINDOWS\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>net use d: \\servername\service
+	</B
+></TT
+></P
+><P
+>Try printing. eg:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINDOWS\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>net use lpt1:
+	\\servername\spoolservice</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINDOWS\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>print filename
+	</B
+></TT
+></P
+><P
+>Celebrate, or send me a bug report!</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN157"
+>What If Things Don't Work?</A
+></H1
+><P
+>If nothing works and you start to think "who wrote 
+	this pile of trash" then I suggest you do step 2 again (and 
+	again) till you calm down.</P
+><P
+>Then you might read the file DIAGNOSIS.txt and the 
+	FAQ. If you are still stuck then try the mailing list or 
+	newsgroup (look in the README for details). Samba has been 
+	successfully installed at thousands of sites worldwide, so maybe 
+	someone else has hit your problem and has overcome it. You could 
+	also use the WWW site to scan back issues of the samba-digest.</P
+><P
+>When you fix the problem PLEASE send me some updates to the
+	documentation (or source code) so that the next person will find it
+	easier. </P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN162"
+>Diagnosing Problems</A
+></H2
+><P
+>If you have installation problems then go to 
+		<TT
+CLASS="FILENAME"
+>DIAGNOSIS.txt</TT
+> to try to find the 
+		problem.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN166"
+>Scope IDs</A
+></H2
+><P
+>By default Samba uses a blank scope ID. This means 
+		all your windows boxes must also have a blank scope ID. 
+		If you really want to use a non-blank scope ID then you will 
+		need to use the 'netbios scope' smb.conf option.
+                All your PCs will need to have the same setting for 
+		this to work. I do not recommend scope IDs.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN169"
+>Choosing the Protocol Level</A
+></H2
+><P
+>The SMB protocol has many dialects. Currently 
+		Samba supports 5, called CORE, COREPLUS, LANMAN1, 
+		LANMAN2 and NT1.</P
+><P
+>You can choose what maximum protocol to support 
+		in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. The default is 
+		NT1 and that is the best for the vast majority of sites.</P
+><P
+>In older versions of Samba you may have found it 
+		necessary to use COREPLUS. The limitations that led to 
+		this have mostly been fixed. It is now less likely that you 
+		will want to use less than LANMAN1. The only remaining advantage 
+		of COREPLUS is that for some obscure reason WfWg preserves 
+		the case of passwords in this protocol, whereas under LANMAN1, 
+		LANMAN2 or NT1 it uppercases all passwords before sending them,
+		forcing you to use the "password level=" option in some cases.</P
+><P
+>The main advantage of LANMAN2 and NT1 is support for 
+		long filenames with some clients (eg: smbclient, Windows NT 
+		or Win95). </P
+><P
+>See the smb.conf(5) manual page for more details.</P
+><P
+>Note: To support print queue reporting you may find 
+		that you have to use TCP/IP as the default protocol under 
+		WfWg. For some reason if you leave Netbeui as the default 
+		it may break the print queue reporting on some systems. 
+		It is presumably a WfWg bug.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN178"
+>Printing from UNIX to a Client PC</A
+></H2
+><P
+>To use a printer that is available via a smb-based 
+		server from a unix host you will need to compile the 
+		smbclient program. You then need to install the script 
+		"smbprint". Read the instruction in smbprint for more details.
+		</P
+><P
+>There is also a SYSV style script that does much 
+		the same thing called smbprint.sysv. It contains instructions.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN182"
+>Locking</A
+></H2
+><P
+>One area which sometimes causes trouble is locking.</P
+><P
+>There are two types of locking which need to be 
+		performed by a SMB server. The first is "record locking" 
+		which allows a client to lock a range of bytes in a open file. 
+		The second is the "deny modes" that are specified when a file 
+		is open.</P
+><P
+>Record locking semantics under Unix is very
+		different from record locking under Windows. Versions
+		of Samba before 2.2 have tried to use the native
+		fcntl() unix system call to implement proper record
+		locking between different Samba clients. This can not
+		be fully correct due to several reasons. The simplest
+		is the fact that a Windows client is allowed to lock a
+		byte range up to 2^32 or 2^64, depending on the client
+		OS. The unix locking only supports byte ranges up to
+		2^31. So it is not possible to correctly satisfy a
+		lock request above 2^31. There are many more
+		differences, too many to be listed here.</P
+><P
+>Samba 2.2 and above implements record locking
+		completely independent of the underlying unix
+		system. If a byte range lock that the client requests
+		happens to fall into the range 0-2^31, Samba hands
+		this request down to the Unix system. All other locks
+		can not be seen by unix anyway.</P
+><P
+>Strictly a SMB server should check for locks before 
+		every read and write call on a file. Unfortunately with the 
+		way fcntl() works this can be slow and may overstress the 
+		rpc.lockd. It is also almost always unnecessary as clients 
+		are supposed to independently make locking calls before reads 
+		and writes anyway if locking is important to them. By default 
+		Samba only makes locking calls when explicitly asked
+		to by a client, but if you set "strict locking = yes" then it will
+		make lock checking calls on every read and write. </P
+><P
+>You can also disable by range locking completely 
+		using "locking = no". This is useful for those shares that 
+		don't support locking or don't need it (such as cdroms). In 
+		this case Samba fakes the return codes of locking calls to 
+		tell clients that everything is OK.</P
+><P
+>The second class of locking is the "deny modes". These 
+		are set by an application when it opens a file to determine 
+		what types of access should be allowed simultaneously with 
+		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
+		or DENY_ALL. There are also special compatibility modes called 
+		DENY_FCB and  DENY_DOS.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN191"
+>Mapping Usernames</A
+></H2
+><P
+>If you have different usernames on the PCs and 
+		the unix server then take a look at the "username map" option. 
+		See the smb.conf man page for details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN194"
+>Other Character Sets</A
+></H2
+><P
+>If you have problems using filenames with accented 
+		characters in them (like the German, French or Scandinavian 
+		character sets) then I recommend you look at the "valid chars" 
+		option in smb.conf and also take a look at the validchars 
+		package in the examples directory.</P
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/cups.html b/docs/htmldocs/cups.html
new file mode 100755
index 00000000000..c4191e25524
--- /dev/null
+++ b/docs/htmldocs/cups.html
@@ -0,0 +1,612 @@
+<HTML
+><HEAD
+><TITLE
+>Printing with CUPS in Samba 2.2.x</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="CUPS"
+>Printing with CUPS in Samba 2.2.x</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Printing with CUPS in Samba 2.2.x</A
+></H1
+><P
+><A
+HREF="http://www.cups.org/"
+TARGET="_top"
+>CUPS</A
+> is a newcomer in
+the UNIX printing scene, which has convinced many people upon first trial
+already. However, it has quite a few new features, which make it different
+from other, more traditional printing systems.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN7"
+>Configuring <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for CUPS</A
+></H1
+><P
+>Printing with CUPS in the most basic <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+setup in Samba 2.2.x only needs two settings: <B
+CLASS="COMMAND"
+>printing = cups</B
+> and
+<B
+CLASS="COMMAND"
+>printcap = cups</B
+>. While CUPS itself doesn't need a printcap
+anymore, the <TT
+CLASS="FILENAME"
+>cupsd.conf</TT
+> configuration file knows two directives
+(example: <B
+CLASS="COMMAND"
+>Printcap /etc/printcap</B
+> and <B
+CLASS="COMMAND"
+>PrintcapFormat
+BSD</B
+>), which control if such a file should be created for the
+convenience of third party applications. Make sure it is set! For details see
+<B
+CLASS="COMMAND"
+>man cupsd.conf</B
+> and other CUPS-related documentation.</P
+><P
+>If SAMBA is compiled against libcups, then <B
+CLASS="COMMAND"
+>printcap =
+cups</B
+> uses the CUPS API to list printers, submit jobs, etc. Otherwise it
+maps to the System V commands with an additional <TT
+CLASS="PARAMETER"
+><I
+>-oraw</I
+></TT
+>
+option for printing. On a Linux system, you can use the <B
+CLASS="COMMAND"
+>ldd</B
+> command to
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>transmeta:/home/kurt # ldd `which smbd`
+        libssl.so.0.9.6 =&#62; /usr/lib/libssl.so.0.9.6 (0x4002d000)
+        libcrypto.so.0.9.6 =&#62; /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
+        libcups.so.2 =&#62; /usr/lib/libcups.so.2 (0x40123000)
+        libdl.so.2 =&#62; /lib/libdl.so.2 (0x401e8000)
+        libnsl.so.1 =&#62; /lib/libnsl.so.1 (0x401ec000)
+        libpam.so.0 =&#62; /lib/libpam.so.0 (0x40202000)
+        libc.so.6 =&#62; /lib/libc.so.6 (0x4020b000)
+        /lib/ld-linux.so.2 =&gt; /lib/ld-linux.so.2 (0x40000000)</PRE
+></P
+><P
+>The line "libcups.so.2 =&gt; /usr/lib/libcups.so.2
+(0x40123000)" shows there is CUPS support compiled into this version of
+Samba. If this is the case, and <B
+CLASS="COMMAND"
+>printing = cups</B
+> is set, then any
+otherwise manually set print command in smb.conf is ignored.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN26"
+>Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</A
+></H1
+><P
+>You can setup Samba and your Windows clients to use the
+CUPS print subsystem just as you would with any of the more traditional print
+subsystems: that means the use of vendor provided, native Windows printer
+drivers for each target printer. If you setup the [print$] share to
+download these drivers to the clients, their GDI system (Graphical Device
+Interface) will output the Wndows EMF (Enhanced MetaFile) and
+convert it -- with the help of the printer driver -- locally into the format
+the printer is expecting. Samba and the CUPS print subsystem will have to
+treat these files as raw print files  -- they are already in the
+shape to be digestable for the printer. This is the same traditional setup
+for Unix print servers handling Windows client jobs. It does not take much
+CPU power to handle this kind of task efficiently.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN29"
+>CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</A
+></H1
+><P
+>CUPS is perfectly able to use PPD files (PostScript
+Printer Descriptions). PPDs can control all print device options. They
+are usually provided by the manufacturer -- if you own a PostSript printer,
+that is. PPD files are always a component of PostScript printer drivers on MS
+Windows or Apple Mac OS systems. They are ASCII files containing
+user-selectable print options, mapped to appropriate PostScript, PCL or PJL
+commands for the target printer. Printer driver GUI dialogs translate these
+options "on-the-fly" into buttons and drop-down lists for the user to
+select.</P
+><P
+>CUPS can load, without any conversions, the PPD file from
+any Windows (NT is recommended) PostScript driver and handle the options.
+There is a web browser interface to the print options (select
+http://localhost:631/printers/ and click on one "Configure Printer" button
+to see it), a commandline interface (see <B
+CLASS="COMMAND"
+>man lpoptions</B
+> or
+try if you have <B
+CLASS="COMMAND"
+>lphelp</B
+> on your system) plus some different GUI frontends on Linux
+UNIX, which can present PPD options to the users. PPD options are normally
+meant to become evaluated by the PostScript RIP on the real PostScript
+printer.</P
+><P
+>CUPS doesn't stop at "real" PostScript printers in its
+usage of PPDs. The CUPS developers have extended the PPD concept, to also
+describe available device and driver options for non-PostScript printers
+through  CUPS-PPDs.</P
+><P
+>This is logical, as CUPS includes a fully featured
+PostScript interpreter (RIP). This RIP is based on Ghostscript. It can
+process all received PostScript (and additionally many other file formats)
+from clients. All CUPS-PPDs geared to non-PostScript printers contain an
+additional line, starting with the keyword <TT
+CLASS="PARAMETER"
+><I
+>*cupsFilter</I
+></TT
+>.
+This line
+tells the CUPS print system which printer-specific filter to use for the
+interpretation of the accompanying PostScript. Thus CUPS lets all its
+printers appear as PostScript devices to its clients, because it can act as a
+PostScript RIP for those printers, processing the received PostScript code
+into a proper raster print format.</P
+><P
+>CUPS-PPDs can also be used on Windows-Clients, on top of a
+PostScript driver (recommended is the Adobe one).</P
+><P
+>This feature enables CUPS to do a few tricks no other
+spooler can do:</P
+><P
+></P
+><UL
+><LI
+><P
+>act as a networked PostScript RIP (Raster Image Processor), handling
+    printfiles from all client platforms in a uniform way;</P
+></LI
+><LI
+><P
+>act as a central accounting and billing server, as all files are passed
+    through the <B
+CLASS="COMMAND"
+>pstops</B
+> Filter and are therefor logged in
+    the CUPS <TT
+CLASS="FILENAME"
+>page&lowbar;log</TT
+>. - <I
+CLASS="EMPHASIS"
+>NOTE: </I
+>this
+    can not happen with "raw" print jobs, which always remain unfiltered
+    per definition;</P
+></LI
+><LI
+><P
+>enable clients to consolidate on a single PostScript driver, even for
+    many different target printers.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN50"
+>Windows Terminal Servers (WTS) as CUPS clients</A
+></H1
+><P
+>This setup may be of special interest to people
+experiencing major problems in WTS environments. WTS need often a multitude
+of non-PostScript drivers installed to run their clients' variety of
+different printer models. This often imposes the price of much increased
+instability. In many cases, in an attempt to overcome this problem, site
+administrators have resorted to restrict the allowed drivers installed on
+their WTS to one generic PCL- and one PostScript driver. This however
+restricts the clients in the amount of printer options available for them --
+often they can't get out more then simplex prints from one standard paper
+tray, while their devices could do much better, if driven by a different
+driver!</P
+><P
+>Using an Adobe PostScript driver, enabled with a CUPS-PPD,
+seems to be a very elegant way to overcome all these shortcomings. The
+PostScript driver is not known to cause major stability problems on WTS (even
+if used with many different PPDs). The clients will be able to (again) chose
+paper trays, duplex printing and other settings. However, there is a certain
+price for this too: a  CUPS server acting as a PostScript RIP for its clients
+requires more CPU and RAM than just to act as  a "raw spooling" device. Plus,
+this setup is not yet widely tested, although the first feedbacks look very
+promising...</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN54"
+>Setting up CUPS for driver download</A
+></H1
+><P
+>The <B
+CLASS="COMMAND"
+>cupsadsmb</B
+> utility (shipped with all current
+CUPS versions) makes the sharing of any (or all) installed CUPS printers very
+easy. Prior to using it, you need the following settings in smb.conf:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+         load printers = yes
+         printing = cups
+         printcap name = cups
+
+[printers]
+         comment = All Printers
+         path = /var/spool/samba
+         browseable = no
+         public = yes
+         guest ok = yes
+         writable = no
+         printable = yes
+         printer admin = root
+
+[print$]
+         comment = Printer Drivers
+         path = /etc/samba/drivers
+         browseable = yes
+         guest ok = no
+         read only = yes
+         write list = root</PRE
+></P
+><P
+>For licensing reasons the necessary files of the Adobe
+Postscript driver can not be distributed with either Samba or CUPS. You need
+to download them yourself from the Adobe website. Once extracted, create a
+<TT
+CLASS="FILENAME"
+>drivers</TT
+> directory in the CUPS data directory (usually
+<TT
+CLASS="FILENAME"
+>/usr/share/cups/</TT
+>). Copy the Adobe files using
+UPPERCASE filenames, to this directory as follows:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>        ADFONTS.MFM
+        ADOBEPS4.DRV
+        ADOBEPS4.HLP
+        ADOBEPS5.DLL
+        ADOBEPSU.DLL
+        ADOBEPSU.HLP
+        DEFPRTR2.PPD
+        ICONLIB.DLL</PRE
+></P
+><P
+>Users of the ESP Print Pro software are able to install
+their "Samba Drivers" package for this purpose with no problem.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN66"
+>Sources of CUPS drivers / PPDs</A
+></H1
+><P
+>On the internet you can find now many thousand CUPS-PPD
+files (with their companion filters), in many national languages,
+supporting more than 1.000 non-PostScript models.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="http://wwwl.easysw.com/printpro/"
+TARGET="_top"
+>ESP PrintPro
+    (http://wwwl.easysw.com/printpro/)</A
+>
+    (commercial, non-Free) is packaged with more than 3.000 PPDs, ready for
+    successful usage "out of the box" on Linux, IBM-AIX, HP-UX, Sun-Solaris,
+    SGI-IRIX, Compaq Tru64, Digital Unix and some more commercial Unices (it
+    is written by the CUPS developers themselves and its sales help finance
+    the further development of CUPS, as they feed their creators)</P
+></LI
+><LI
+><P
+>the <A
+HREF="http://gimp-print.sourceforge.net/"
+TARGET="_top"
+>Gimp-Print-Project
+    (http://gimp-print.sourceforge.net/)</A
+>
+    (GPL, Free Software) provides around 120 PPDs (supporting nearly 300
+    printers, many driven to photo quality output), to be used alongside the
+    Gimp-Print CUPS filters;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www.turboprint.com/"
+TARGET="_top"
+>TurboPrint
+    (http://www.turboprint.com/)</A
+>
+    (Shareware, non-Freee) supports roughly the same amount of printers in
+    excellent quality;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www-124.ibm.com/developerworks/oss/linux/projects/omni/"
+TARGET="_top"
+>OMNI
+    (http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)</A
+>
+    (LPGL, Free) is a package made by IBM, now containing support for more
+    than 400 printers, stemming from the inheritance of IBM OS/2 KnowHow
+    ported over to Linux (CUPS support is in a Beta-stage at present);</P
+></LI
+><LI
+><P
+><A
+HREF="http://hpinkjet.sourceforge.net/"
+TARGET="_top"
+>HPIJS
+    (http://hpinkjet.sourceforge.net/)</A
+>
+    (BSD-style licnes, Free) supports around 120 of HP's own printers and is
+    also providing excellent print quality now;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www.linuxprinting.org/"
+TARGET="_top"
+>Foomatic/cupsomatic (http://www.linuxprinting.org/)</A
+> 
+    (LPGL, Free) from Linuxprinting.org are providing PPDs for practically every
+    Ghostscript filter known to the world, now usable with CUPS.</P
+></LI
+></UL
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE: </I
+>the cupsomatic trick from Linuxprinting.org is
+working different from the other drivers. While the other drivers take the
+generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
+RIP-ping, deviates it to an external Ghostscript installation (which now
+becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...</P
+><P
+>Once you installed a printer inside CUPS with one of the
+recommended methods (the lpadmin command, the web browser interface or one of
+the available GUI wizards), you can use <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> to share the
+printer via Samba. <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> prepares the driver files for
+comfortable client download and installation upon their first contact with
+this printer share.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN93"
+><B
+CLASS="COMMAND"
+>cupsaddsmb</B
+></A
+></H2
+><P
+>The <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> command copies the needed files
+for convenient Windows client installations from the previously prepared CUPS
+data directory to your [print$] share. Additionally, the PPD
+associated with this printer is copied from <TT
+CLASS="FILENAME"
+>/etc/cups/ppd/</TT
+> to
+[print$].</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> <B
+CLASS="COMMAND"
+>cupsaddsmb -U root infotec_IS2027</B
+>
+Password for root required to access localhost via SAMBA: <TT
+CLASS="USERINPUT"
+><B
+>[type in password 'secret']</B
+></TT
+></PRE
+></P
+><P
+>To share all printers and drivers, use the <TT
+CLASS="PARAMETER"
+><I
+>-a</I
+></TT
+>
+parameter instead of a printer name.</P
+><P
+>Probably you want to see what's going on. Use the
+<TT
+CLASS="PARAMETER"
+><I
+>-v</I
+></TT
+> parameter to get a more verbose output:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> cupsaddsmb -v -U root infotec_IS2027
+    Password for root required to access localhost via SAMBA:
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3cd1cc66376c0 W32X86/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \W32X86/infotec_IS2027.PPD (17394.6 kb/s) (average 17395.2 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (10877.4 kb/s) (average 11343.0 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (5095.2 kb/s) (average 9260.4 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (8828.7 kb/s) (average 9247.1 kb/s)
+
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3cd1cc66376c0 WIN40/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \WIN40/infotec_IS2027.PPD (26091.5 kb/s) (average 26092.8 kb/s)
+    putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (11241.6 kb/s) (average 11812.9 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (16640.6 kb/s) (average 14679.3 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (11285.6 kb/s) (average 14281.5 kb/s)
+    putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (823.5 kb/s) (average 12944.0 kb/s)
+    putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (19226.2 kb/s) (average 13169.7 kb/s)
+    putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 13266.7 kb/s)
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"'
+    cmd = adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
+    cmd = adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver infotec_IS2027 infotec_IS2027'
+    cmd = setdriver infotec_IS2027 infotec_IS2027
+    Succesfully set infotec_IS2027 to driver infotec_IS2027.
+
+    <TT
+CLASS="PROMPT"
+>root# </TT
+></PRE
+></P
+><P
+>If you look closely, you'll discover your root password
+was transfered unencrypted over the wire, so beware! Also, if you look
+further her, you'll discover error messages like
+<TT
+CLASS="CONSTANT"
+>NT_STATUS_OBJECT_NAME_COLLISION</TT
+> in between. They occur, because
+the directories <TT
+CLASS="FILENAME"
+>WIN40</TT
+> and <TT
+CLASS="FILENAME"
+>W32X86</TT
+> already
+existed in the [print$] driver download share (from a previous driver
+installation). They are harmless here.</P
+><P
+>Now your printer is prepared for the clients to use. From
+a client, browse to the CUPS/Samba server, open the "Printers"
+share, right-click on this printer and select "Install..." or
+"Connect..." (depending on the Windows version you use). Now their
+should be a new printer in your client's local "Printers" folder,
+named (in my case) "infotec_IS2027 on kdebitshop"</P
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE: </I
+>
+<B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.</P
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/findsmb.1.html b/docs/htmldocs/findsmb.1.html
new file mode 100755
index 00000000000..2f246d666d8
--- /dev/null
+++ b/docs/htmldocs/findsmb.1.html
@@ -0,0 +1,267 @@
+<HTML
+><HEAD
+><TITLE
+>findsmb</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="FINDSMB"
+>findsmb</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>findsmb&nbsp;--&nbsp;list info about machines that respond to SMB 
+	name queries on a subnet</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>findsmb</B
+>  [subnet broadcast address]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN12"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This perl script is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>findsmb</B
+> is a perl script that
+	prints out several pieces of information about machines 
+	on a subnet that respond to SMB  name query requests.
+	It uses <A
+HREF="nmblookup.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>	nmblookup(1)</B
+></A
+> and <A
+HREF="smbclient.1.html"
+TARGET="_top"
+>	<B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+> to obtain this information.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN22"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>subnet broadcast address</DT
+><DD
+><P
+>Without this option, <B
+CLASS="COMMAND"
+>findsmb
+		</B
+> will probe the subnet of the machine where 
+		<B
+CLASS="COMMAND"
+>findsmb</B
+> is run. This value is passed 
+		to <B
+CLASS="COMMAND"
+>nmblookup</B
+> as part of the 
+		<TT
+CLASS="CONSTANT"
+>-B</TT
+> option</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN33"
+></A
+><H2
+>EXAMPLES</H2
+><P
+>The output of <B
+CLASS="COMMAND"
+>findsmb</B
+> lists the following 
+	information for all machines that respond to the initial 
+	<B
+CLASS="COMMAND"
+>nmblookup</B
+> for any name: IP address, NetBIOS name, 
+	Workgroup name, operating system, and SMB server version.</P
+><P
+>There will be a '+' in front of the workgroup name for 
+	machines that are local master browsers for that workgroup. There 
+	will be an '*' in front of the workgroup name for 
+	machines that are the domain master browser for that workgroup. 
+	Machines that are running Windows, Windows 95 or Windows 98 will 
+	not show any information about the operating system or server 
+	version.</P
+><P
+>The command must be run on a system without <A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd</B
+></A
+> running. 
+	If <B
+CLASS="COMMAND"
+>nmbd</B
+> is running on the system, you will 
+	only  get the IP address and the DNS name of the machine. To 
+	get proper responses  from Windows 95 and Windows 98 machines, 
+	the command must be run as root. </P
+><P
+>For example running <B
+CLASS="COMMAND"
+>findsmb</B
+> on a machine 
+	without <B
+CLASS="COMMAND"
+>nmbd</B
+> running would yield output similar
+	to the following</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+><TT
+CLASS="COMPUTEROUTPUT"
+>IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
+--------------------------------------------------------------------- 
+192.168.35.10   MINESET-TEST1  [DMVENGR]
+192.168.35.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2.0.6]
+192.168.35.56   HERBNT2        [HERB-NT]
+192.168.35.63   GANDALF        [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
+192.168.35.65   SAUNA          [WORKGROUP] [Unix] [Samba 1.9.18p10]
+192.168.35.71   FROGSTAR       [ENGR] [Unix] [Samba 2.0.0 for IRIX]
+192.168.35.78   HERBDHCP1     +[HERB]
+192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
+192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
+192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
+	</TT
+></PRE
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN48"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN51"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd(8)</B
+></A
+>, 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)
+	</B
+></A
+>, and	<A
+HREF="nmblookup.1.html"
+TARGET="_top"
+>	<B
+CLASS="COMMAND"
+>nmblookup(1)</B
+></A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN60"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/lmhosts.5.html b/docs/htmldocs/lmhosts.5.html
new file mode 100755
index 00000000000..13b162ce44f
--- /dev/null
+++ b/docs/htmldocs/lmhosts.5.html
@@ -0,0 +1,214 @@
+<HTML
+><HEAD
+><TITLE
+>lmhosts</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="LMHOSTS"
+>lmhosts</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>lmhosts&nbsp;--&nbsp;The Samba NetBIOS hosts file</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><TT
+CLASS="FILENAME"
+>lmhosts</TT
+> is the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> NetBIOS name to IP address mapping file.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN12"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This file is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><TT
+CLASS="FILENAME"
+>lmhosts</TT
+> is the <EM
+>Samba
+	</EM
+> NetBIOS name to IP address mapping file.  It 
+	is very similar to the <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file 
+	format, except that the hostname component must correspond 
+	to the NetBIOS naming format.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN20"
+></A
+><H2
+>FILE FORMAT</H2
+><P
+>It is an ASCII file containing one line for NetBIOS name. 
+	The two fields on each line are separated from each other by 
+	white space. Any entry beginning with '#' is ignored. Each line 
+	in the lmhosts file contains the following information :</P
+><P
+></P
+><UL
+><LI
+><P
+>IP Address - in dotted decimal format.</P
+></LI
+><LI
+><P
+>NetBIOS Name - This name format is a 
+		maximum fifteen character host name, with an optional 
+		trailing '#' character followed by the NetBIOS name type 
+		as two hexadecimal digits.</P
+><P
+>If the trailing '#' is omitted then the given IP 
+		address will be returned for all names that match the given 
+		name, whatever the NetBIOS name type in the lookup.</P
+></LI
+></UL
+><P
+>An example follows :</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#
+# Sample Samba lmhosts file.
+#
+192.9.200.1	TESTPC
+192.9.200.20	NTSERVER#20
+192.9.200.21	SAMBASERVER
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Contains three IP to NetBIOS name mappings. The first 
+	and third will be returned for any queries for the names "TESTPC" 
+	and "SAMBASERVER" respectively, whatever the type component of 
+	the NetBIOS name requested.</P
+><P
+>The second mapping will be returned only when the "0x20" name 
+	type for a name "NTSERVER" is queried. Any other name type will not 
+	be resolved.</P
+><P
+>The default location of the <TT
+CLASS="FILENAME"
+>lmhosts</TT
+> file 
+	is in the same directory as the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+> 		
+	smb.conf(5)&#62;</A
+> file.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN37"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN40"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)
+	</B
+></A
+>, <A
+HREF="smb.conf.5.html#NAMERESOLVEORDER"
+TARGET="_top"
+>	smb.conf(5)</A
+>, and <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>	smbpasswd(8)</B
+></A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN48"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html
new file mode 100755
index 00000000000..8e792e31221
--- /dev/null
+++ b/docs/htmldocs/make_smbcodepage.1.html
@@ -0,0 +1,354 @@
+<HTML
+><HEAD
+><TITLE
+>make_smbcodepage</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="MAKE-SMBCODEPAGE"
+>make_smbcodepage</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>make_smbcodepage&nbsp;--&nbsp;construct a codepage file for Samba</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>make_smbcodepage</B
+>  {c|d} {codepage} {inputfile} {outputfile}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN15"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>make_smbcodepage</B
+> compiles or de-compiles 
+	codepage files for use with the internationalization features 
+	of Samba 2.2</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN21"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>c|d</DT
+><DD
+><P
+>This tells <B
+CLASS="COMMAND"
+>make_smbcodepage</B
+> 
+		if it is compiling (<TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+>) a text format code 
+		page file to binary, or (<TT
+CLASS="PARAMETER"
+><I
+>d</I
+></TT
+>) de-compiling 
+		a binary codepage file to text. </P
+></DD
+><DT
+>codepage</DT
+><DD
+><P
+>This is the codepage we are processing (a 
+		number, e.g. 850). </P
+></DD
+><DT
+>inputfile</DT
+><DD
+><P
+>This is the input file to process. In 
+		the <TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+> case this will be a text 
+		codepage definition file such as the ones found in the Samba 	
+		<TT
+CLASS="FILENAME"
+>source/codepages</TT
+> directory. In
+		the <TT
+CLASS="PARAMETER"
+><I
+>d</I
+></TT
+> case this will be the 
+		binary format codepage definition file normally found in 
+		the <TT
+CLASS="FILENAME"
+>lib/codepages</TT
+> directory in the 
+		Samba install directory path.</P
+></DD
+><DT
+>outputfile</DT
+><DD
+><P
+>This is the output file to produce.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN47"
+></A
+><H2
+>Samba Codepage Files</H2
+><P
+>A text Samba codepage definition file is a description 
+	that tells  Samba how to map from upper to lower case for 
+	characters greater than ascii 127 in the specified DOS code page. 
+	Note that for certain DOS codepages (437 for example) mapping 
+	from lower to upper case may be non-symmetrical. For example, in
+	code page 437 lower case a acute maps to a plain upper case A 
+	when going from lower to upper case, but plain upper case A maps 
+	to plain lower case a when lower casing a character. </P
+><P
+>A binary Samba codepage definition file is a binary 
+	representation of the same information, including a value that
+	specifies what codepage this file is describing. </P
+><P
+>As Samba does not yet use UNICODE (current for Samba version 2.2) 
+	you must specify the client code page that your DOS and Windows 
+	clients are using if you wish to have case insensitivity done 
+	correctly for your particular language. The default codepage Samba 
+	uses is 850 (Western European). Text codepage definition sample files
+	are provided in the Samba distribution for codepages 437 (USA), 737 (Greek),
+	850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic),
+	932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional
+	Chinese). Users are encouraged to write text codepage definition files for
+	their own code pages and donate them to samba@samba.org. All codepage files
+	in the Samba <TT
+CLASS="FILENAME"
+>source/codepages</TT
+> directory are 
+ 	compiled and installed when a <B
+CLASS="COMMAND"
+>'make install'</B
+> 
+	command is issued there. </P
+><P
+>The client codepage used by the <B
+CLASS="COMMAND"
+>smbd</B
+> server 
+	is configured using the <B
+CLASS="COMMAND"
+>client code page</B
+> parameter 
+	in the <B
+CLASS="COMMAND"
+>smb.conf</B
+> file. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN58"
+></A
+><H2
+>Files</H2
+><P
+><B
+CLASS="COMMAND"
+>codepage_def.&#60;codepage&#62;</B
+></P
+><P
+>These are the input (text) codepage files provided in the 
+	Samba <TT
+CLASS="FILENAME"
+>source/codepages</TT
+> directory.</P
+><P
+>A text codepage definition file consists of multiple lines 
+	containing four fields. These fields are:</P
+><P
+></P
+><UL
+><LI
+><P
+><B
+CLASS="COMMAND"
+>lower</B
+>: which is the 
+		(hex) lower case character mapped on this line.</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>upper</B
+>: which is the (hex) 
+		upper case character that the lower case character will map to.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>map upper to lower</B
+> which 
+		is a boolean value (put either True or False here) which tells 
+		Samba if it is to map the given upper case character to the 
+		given lower case character when lower casing a filename.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>map lower to upper</B
+> which 
+		is a boolean value (put either True or False here) which tells 
+		Samba if it is to map the given lower case character to the 
+		given upper case character when upper casing a filename.
+		</P
+></LI
+></UL
+><P
+><B
+CLASS="COMMAND"
+>codepage.&#60;codepage&#62;</B
+> - These are the 
+	output (binary) codepage files produced  and placed in the Samba 
+	destination <TT
+CLASS="FILENAME"
+>lib/codepage</TT
+> directory. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN81"
+></A
+><H2
+>Installation</H2
+><P
+>The location of the server and its support files is a 
+	matter for individual system administrators. The following are 
+	thus suggestions only. </P
+><P
+>It is recommended that the <B
+CLASS="COMMAND"
+>make_smbcodepage
+	</B
+> program be installed under the <TT
+CLASS="FILENAME"
+>/usr/local/samba
+	</TT
+> hierarchy, in a directory readable by all, writeable 
+	only by root. The program itself should be executable by all.  The 
+	program should NOT be setuid or setgid! </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN87"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN90"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN96"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/make_unicodemap.1.html b/docs/htmldocs/make_unicodemap.1.html
new file mode 100755
index 00000000000..b8b768ce40d
--- /dev/null
+++ b/docs/htmldocs/make_unicodemap.1.html
@@ -0,0 +1,276 @@
+<HTML
+><HEAD
+><TITLE
+>make_unicodemap</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="MAKE-UNICODEMAP"
+>make_unicodemap</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>make_unicodemap&nbsp;--&nbsp;construct a unicode map file for Samba</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>make_unicodemap</B
+>  {codepage} {inputfile} {outputfile}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN14"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>	This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>Samba</A
+> 
+	suite.
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>make_unicodemap</B
+> compiles text unicode map 
+	files into binary unicode map files for use with the 
+	internationalization features of Samba 2.2.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN20"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>codepage</DT
+><DD
+><P
+>This is the codepage or UNIX character 
+		set we are processing (a number, e.g. 850).
+		</P
+></DD
+><DT
+>inputfile</DT
+><DD
+><P
+>This is the input file to process. This is a 
+		text unicode map file such as the ones found in the Samba
+		<TT
+CLASS="FILENAME"
+>source/codepages</TT
+> directory. 
+		</P
+></DD
+><DT
+>outputfile</DT
+><DD
+><P
+>This is the binary output file to produce. 
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN36"
+></A
+><H2
+>Samba Unicode Map Files</H2
+><P
+>	A text Samba unicode map file is a description that tells Samba 
+	how to map characters from a specified DOS code page or UNIX character 
+	set to 16 bit unicode.
+	</P
+><P
+>A binary Samba unicode map file is a binary representation 
+	of the same information, including a value that specifies what 
+	codepage or UNIX character set this file is describing. 
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN40"
+></A
+><H2
+>Files</H2
+><P
+><TT
+CLASS="FILENAME"
+>CP&#60;codepage&#62;.TXT</TT
+></P
+><P
+>	These are the input (text) unicode map files provided 
+	in the Samba <TT
+CLASS="FILENAME"
+>source/codepages</TT
+> 
+	directory. 
+	</P
+><P
+>	A text unicode map file consists of multiple lines 
+	containing two fields. These fields are :  
+	</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>character</I
+></TT
+> - which is 
+		the (hex) character mapped on this line.
+		</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>unicode</I
+></TT
+> - which 
+		is the (hex) 16 bit unicode character that the character
+		will map to. 
+		</P
+></LI
+></UL
+><P
+>	<TT
+CLASS="FILENAME"
+>unicode_map.&#60;codepage&#62;</TT
+>  - These are 
+	the output (binary) unicode map files produced and placed in 
+	the Samba destination <TT
+CLASS="FILENAME"
+>lib/codepage</TT
+> 
+	directory.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN57"
+></A
+><H2
+>Installation</H2
+><P
+>	The location of the server and its support files is a matter
+	for individual system administrators. The following are thus 
+	suggestions only. 
+	</P
+><P
+>	It is recommended that the <B
+CLASS="COMMAND"
+>make_unicodemap</B
+> 
+	program be installed under the 
+	<TT
+CLASS="FILENAME"
+>$prefix/samba</TT
+> hierarchy, 
+	in a directory readable by all, writeable only by root. The 
+	program itself should be executable by all.  The program
+	should NOT be setuid or setgid! 
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN63"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN66"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN72"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/msdfs_setup.html b/docs/htmldocs/msdfs_setup.html
new file mode 100755
index 00000000000..36b9911baec
--- /dev/null
+++ b/docs/htmldocs/msdfs_setup.html
@@ -0,0 +1,210 @@
+<HTML
+><HEAD
+><TITLE
+>Hosting a Microsoft Distributed File System tree on Samba</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="MSDFS"
+>Hosting a Microsoft Distributed File System tree on Samba</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Instructions</A
+></H1
+><P
+>The Distributed File System (or Dfs) provides a means of 
+	separating the logical view of files and directories that users 
+	see from the actual physical locations of these resources on the 
+	network. It allows for higher availability, smoother storage expansion, 
+	load balancing etc. For more information about Dfs, refer to  <A
+HREF="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp"
+TARGET="_top"
+>	Microsoft documentation</A
+>. </P
+><P
+>This document explains how to host a Dfs tree on a Unix 
+	machine (for Dfs-aware clients to browse) using Samba.</P
+><P
+>To enable SMB-based DFS for Samba, configure it with the 
+	<TT
+CLASS="PARAMETER"
+><I
+>--with-msdfs</I
+></TT
+> option. Once built, a 
+	Samba server can be made a Dfs server by setting the global 
+	boolean <A
+HREF="smb.conf.5.html#HOSTMSDFS"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	host msdfs</I
+></TT
+></A
+> parameter in the <TT
+CLASS="FILENAME"
+>smb.conf
+	</TT
+> file. You designate a share as a Dfs root using the share 
+	level boolean <A
+HREF="smb.conf.5.html#MSDFSROOT"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	msdfs root</I
+></TT
+></A
+> parameter. A Dfs root directory on 
+	Samba hosts Dfs links in the form of symbolic links that point 
+	to other servers. For example, a symbolic link
+	<TT
+CLASS="FILENAME"
+>junction-&gt;msdfs:storage1\share1</TT
+> in 
+	the share directory acts as the Dfs junction. When Dfs-aware 
+	clients attempt to access the junction link, they are redirected 
+	to the storage location (in this case, \\storage1\share1).</P
+><P
+>Dfs trees on Samba work with all Dfs-aware clients ranging 
+	from Windows 95 to 2000.</P
+><P
+>Here's an example of setting up a Dfs tree on a Samba 
+	server.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+># The smb.conf file:
+[global]
+	netbios name = SAMBA
+	host msdfs   = yes
+
+[dfs]
+	path = /export/dfsroot
+	msdfs root = yes
+	</PRE
+></P
+><P
+>In the /export/dfsroot directory we set up our dfs links to 
+	other servers on the network.</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>cd /export/dfsroot</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>chown root /export/dfsroot</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>chmod 755 /export/dfsroot</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>ln -s msdfs:storageA\\shareA linka</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>ln -s msdfs:serverB\\share,serverC\\share linkb</B
+></TT
+></P
+><P
+>You should set up the permissions and ownership of 
+	the directory acting as the Dfs root such that only designated 
+	users can create, delete or modify the msdfs links. Also note 
+	that symlink names should be all lowercase. This limitation exists 
+	to have Samba avoid trying all the case combinations to get at 
+	the link name. Finally set up the symbolic links to point to the 
+	network shares you want, and start Samba.</P
+><P
+>Users on Dfs-aware clients can now browse the Dfs tree 
+	on the Samba server at \\samba\dfs. Accessing 
+	links linka or linkb (which appear as directories to the client) 
+	takes users directly to the appropriate shares on the network.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN38"
+>Notes</A
+></H2
+><P
+></P
+><UL
+><LI
+><P
+>Windows clients need to be rebooted 
+			if a previously mounted non-dfs share is made a dfs 
+			root or vice versa. A better way is to introduce a 
+			new share and make it the dfs root.</P
+></LI
+><LI
+><P
+>Currently there's a restriction that msdfs 
+			symlink names should all be lowercase.</P
+></LI
+><LI
+><P
+>For security purposes, the directory 
+			acting as the root of the Dfs tree should have ownership 
+			and permissions set so that only designated users can 
+			modify the symbolic links in the directory.</P
+></LI
+></UL
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html
new file mode 100755
index 00000000000..828ebb13a42
--- /dev/null
+++ b/docs/htmldocs/nmbd.8.html
@@ -0,0 +1,717 @@
+<HTML
+><HEAD
+><TITLE
+>nmbd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="NMBD"
+>nmbd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>nmbd&nbsp;--&nbsp;NetBIOS name server to provide NetBIOS 
+	over IP naming services to clients</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+>  [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d &#60;debug level&#62;] [-H &#60;lmhosts file&#62;] [-l &#60;log directory&#62;] [-n &#60;primary netbios name&#62;] [-p &#60;port number&#62;] [-s &#60;configuration file&#62;]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN24"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This program is part of the Samba suite.</P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> is a server that understands 
+	and can reply to NetBIOS over IP name service requests, like 
+	those produced by SMB/CIFS clients such as Windows 95/98/ME, 
+	Windows NT, Windows 2000, and LanManager clients. It also
+	participates in the browsing protocols which make up the 
+	Windows "Network Neighborhood" view.</P
+><P
+>SMB/CIFS clients, when they start up, may wish to 
+	locate an SMB/CIFS server. That is, they wish to know what 
+	IP number a specified host is using.</P
+><P
+>Amongst other services, <B
+CLASS="COMMAND"
+>nmbd</B
+> will 
+	listen for such requests, and if its own NetBIOS name is 
+	specified it will respond with the IP number of the host it 
+	is running on.  Its "own NetBIOS name" is by
+	default the primary DNS name of the host it is running on, 
+	but this can be overridden with the <EM
+>-n</EM
+> 
+	option (see OPTIONS below). Thus <B
+CLASS="COMMAND"
+>nmbd</B
+> will 
+	reply to broadcast queries for its own name(s). Additional
+	names for <B
+CLASS="COMMAND"
+>nmbd</B
+> to respond on can be set 
+	via parameters in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>	smb.conf(5)</TT
+></A
+> configuration file.</P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> can also be used as a WINS 
+	(Windows Internet Name Server) server. What this basically means 
+	is that it will act as a WINS database server, creating a 
+	database from name registration requests that it receives and 
+	replying to queries from clients for these names.</P
+><P
+>In addition, <B
+CLASS="COMMAND"
+>nmbd</B
+> can act as a WINS 
+	proxy, relaying broadcast queries from clients that do 
+	not understand how to talk the WINS protocol to a WIN 
+	server.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN41"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-D</DT
+><DD
+><P
+>If specified, this parameter causes 
+		<B
+CLASS="COMMAND"
+>nmbd</B
+> to operate as a daemon. That is, 
+		it detaches itself and runs in the background, fielding 
+		requests on the appropriate port. By default, <B
+CLASS="COMMAND"
+>nmbd</B
+> 
+		will operate as a daemon if launched from a command shell. 
+		nmbd can also be operated from the <B
+CLASS="COMMAND"
+>inetd</B
+> 
+		meta-daemon, although this is not recommended.
+		</P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>If this parameter is specified, each new 
+		connection will append log messages to the log file.  
+		This is the default.</P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>If this parameter is specified it causes the
+		server to run "interactively", not as a daemon, even if the
+		server is executed on the command line of a shell. Setting this
+		parameter negates the implicit deamon mode when run from the
+		command line.
+		</P
+></DD
+><DT
+>-o</DT
+><DD
+><P
+>If this parameter is specified, the 
+		log files will be overwritten when opened.  By default, 
+		<B
+CLASS="COMMAND"
+>smbd</B
+> will append entries to the log 
+		files.</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Prints the help information (usage) 
+		for <B
+CLASS="COMMAND"
+>nmbd</B
+>.</P
+></DD
+><DT
+>-H &#60;filename&#62;</DT
+><DD
+><P
+>NetBIOS lmhosts file.  The lmhosts 
+		file is a list of NetBIOS names to IP addresses that 
+		is loaded by the nmbd server and used via the name 
+		resolution mechanism <A
+HREF="smb.conf.5.html#nameresolveorder"
+TARGET="_top"
+>		name resolve order</A
+> described in <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+> <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+>
+		to resolve any NetBIOS name queries needed by the server. Note 
+		that the contents of this file are <EM
+>NOT</EM
+> 
+		used by <B
+CLASS="COMMAND"
+>nmbd</B
+> to answer any name queries. 
+		Adding a line to this file affects name NetBIOS resolution 
+		from this host <EM
+>ONLY</EM
+>.</P
+><P
+>The default path to this file is compiled into 
+		Samba as part of the build process. Common defaults 
+		are <TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/lmhosts</TT
+>,
+		<TT
+CLASS="FILENAME"
+>/usr/samba/lib/lmhosts</TT
+> or
+		<TT
+CLASS="FILENAME"
+>/etc/lmhosts</TT
+>. See the <A
+HREF="lmhosts.5.html"
+TARGET="_top"
+>		<TT
+CLASS="FILENAME"
+>lmhosts(5)</TT
+></A
+> man page for details on the 
+		contents of this file.</P
+></DD
+><DT
+>-V</DT
+><DD
+><P
+>Prints the version number for 
+		<B
+CLASS="COMMAND"
+>nmbd</B
+>.</P
+></DD
+><DT
+>-d &#60;debug level&#62;</DT
+><DD
+><P
+>debuglevel is an integer 
+		from 0 to 10.  The default value if this parameter is 
+		not specified is zero.</P
+><P
+>The higher this value, the more detail will 
+		be logged to the log files about the activities of the 
+		server. At level 0, only critical errors and serious 
+		warnings will be logged. Level 1 is a reasonable level for
+		day to day running - it generates a small amount of 
+		information about operations carried out.</P
+><P
+>Levels above 1 will generate considerable amounts 
+		of log data, and should only be used when investigating 
+ 		a problem. Levels above 3 are designed for use only by developers 
+		and generate HUGE amounts of log data, most of which is extremely 
+		cryptic.</P
+><P
+>Note that specifying this parameter here will override 
+		the <A
+HREF="smb.conf.5.html#loglevel"
+TARGET="_top"
+>log level</A
+> 
+		parameter in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>		smb.conf</TT
+></A
+> file.</P
+></DD
+><DT
+>-l &#60;log directory&#62;</DT
+><DD
+><P
+>The -l parameter specifies a directory 
+		into which the "log.nmbd" log file will be created
+		for operational data from the running
+		<B
+CLASS="COMMAND"
+>nmbd</B
+> server. The default log directory is compiled into Samba
+		as part of the build process. Common defaults are <TT
+CLASS="FILENAME"
+>		/usr/local/samba/var/log.nmb</TT
+>, <TT
+CLASS="FILENAME"
+>		/usr/samba/var/log.nmb</TT
+> or
+		<TT
+CLASS="FILENAME"
+>/var/log/log.nmb</TT
+>.  <EM
+>Beware:</EM
+>
+                If the directory specified does not exist, <B
+CLASS="COMMAND"
+>nmbd</B
+>
+                will log to the default debug log location defined at compile time.
+		</P
+></DD
+><DT
+>-n &#60;primary NetBIOS name&#62;</DT
+><DD
+><P
+>This option allows you to override
+		the NetBIOS name that Samba uses for itself. This is identical 
+		to setting the <A
+HREF="smb.conf.5.html#netbiosname"
+TARGET="_top"
+>		NetBIOS name</A
+> parameter in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>	
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+> file.  However, a command
+		line setting will take precedence over settings in 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.</P
+></DD
+><DT
+>-p &#60;UDP port number&#62;</DT
+><DD
+><P
+>UDP port number is a positive integer value.
+		This option changes the default UDP port number (normally 137)
+		that <B
+CLASS="COMMAND"
+>nmbd</B
+> responds to name queries on. Don't
+		use this option unless you are an expert, in which case you
+		won't need help!</P
+></DD
+><DT
+>-s &#60;configuration file&#62;</DT
+><DD
+><P
+>The default configuration file name
+		is set at build time, typically as <TT
+CLASS="FILENAME"
+>		/usr/local/samba/lib/smb.conf</TT
+>, but
+		this may be changed when Samba is autoconfigured.</P
+><P
+>The file specified contains the configuration details
+		required by the server. See <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>		<TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> for more information.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN131"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+></DT
+><DD
+><P
+>If the server is to be run by the
+		<B
+CLASS="COMMAND"
+>inetd</B
+> meta-daemon, this file
+		must contain suitable startup information for the
+		meta-daemon. See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+> document
+		for details.
+		</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/rc</TT
+></DT
+><DD
+><P
+>or whatever initialization script your
+		system uses).</P
+><P
+>If running the server as a daemon at startup,
+		this file will need to contain an appropriate startup
+		sequence for the server. See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+> document
+		for details.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/services</TT
+></DT
+><DD
+><P
+>If running the server via the
+		meta-daemon <B
+CLASS="COMMAND"
+>inetd</B
+>, this file
+		must contain a mapping of service name (e.g., netbios-ssn)
+		to service port (e.g., 139) and protocol type (e.g., tcp).
+		See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+		document for details.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/smb.conf</TT
+></DT
+><DD
+><P
+>This is the default location of the
+		<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+>
+		server configuration file. Other common places that systems
+		install this file are <TT
+CLASS="FILENAME"
+>/usr/samba/lib/smb.conf</TT
+>
+		and <TT
+CLASS="FILENAME"
+>/etc/smb.conf</TT
+>.</P
+><P
+>When run as a WINS server (see the
+		<A
+HREF="smb.conf.5.html#WINSSUPPORT"
+TARGET="_top"
+>wins support</A
+>
+		parameter in the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> man page),
+		<B
+CLASS="COMMAND"
+>nmbd</B
+>
+		will store the WINS database in the file <TT
+CLASS="FILENAME"
+>wins.dat</TT
+>
+		in the <TT
+CLASS="FILENAME"
+>var/locks</TT
+> directory configured under
+		wherever Samba was configured to install itself.</P
+><P
+>If <B
+CLASS="COMMAND"
+>nmbd</B
+> is acting as a <EM
+>		browse master</EM
+> (see the <A
+HREF="smb.conf.5.html#LOCALMASTER"
+TARGET="_top"
+>local master</A
+>
+		parameter in the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> man page,
+		<B
+CLASS="COMMAND"
+>nmbd</B
+>
+		will store the browsing database in the file <TT
+CLASS="FILENAME"
+>browse.dat
+		</TT
+> in the <TT
+CLASS="FILENAME"
+>var/locks</TT
+> directory
+		configured under wherever Samba was configured to install itself.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN178"
+></A
+><H2
+>SIGNALS</H2
+><P
+>To shut down an <B
+CLASS="COMMAND"
+>nmbd</B
+> process it is recommended
+	that SIGKILL (-9) <EM
+>NOT</EM
+> be used, except as a last
+	resort, as this may leave the name database in an inconsistent state.
+	The correct way to terminate <B
+CLASS="COMMAND"
+>nmbd</B
+> is to send it
+	a SIGTERM (-15) signal and wait for it to die on its own.</P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> will accept SIGHUP, which will cause
+	it to dump out its namelists into the file <TT
+CLASS="FILENAME"
+>namelist.debug
+	</TT
+> in the <TT
+CLASS="FILENAME"
+>/usr/local/samba/var/locks</TT
+>
+	directory (or the <TT
+CLASS="FILENAME"
+>var/locks</TT
+> directory configured
+	under wherever Samba was configured to install itself). This will also
+	cause <B
+CLASS="COMMAND"
+>nmbd</B
+> to dump out its server database in
+	the <TT
+CLASS="FILENAME"
+>log.nmb</TT
+> file.</P
+><P
+>The debug log level of nmbd may be raised or lowered using
+	<A
+HREF="smbcontrol.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbcontrol(1)</B
+>
+	</A
+> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
+	to allow transient problems to be diagnosed, whilst still running
+	at a normally low log level.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN194"
+></A
+><H2
+>TROUBLESHOOTING</H2
+><P
+>        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN197"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN200"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><B
+CLASS="COMMAND"
+>inetd(8)</B
+>, <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+	</A
+>, <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)
+	</B
+></A
+>, <A
+HREF="testparm.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>	testparm(1)</B
+></A
+>, <A
+HREF="testprns.1.html"
+TARGET="_top"
+>	<B
+CLASS="COMMAND"
+>testprns(1)</B
+></A
+>, and the Internet RFC's
+	<TT
+CLASS="FILENAME"
+>rfc1001.txt</TT
+>, <TT
+CLASS="FILENAME"
+>rfc1002.txt</TT
+>. 
+	In addition the CIFS (formerly SMB) specification is available 
+	as a link from the Web page <A
+HREF="http://samba.org/cifs/"
+TARGET="_top"
+> 
+	http://samba.org/cifs/</A
+>.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN217"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html
new file mode 100755
index 00000000000..22cc35526cc
--- /dev/null
+++ b/docs/htmldocs/nmblookup.1.html
@@ -0,0 +1,403 @@
+<HTML
+><HEAD
+><TITLE
+>nmblookup</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="NMBLOOKUP"
+>nmblookup</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>nmblookup&nbsp;--&nbsp;NetBIOS over TCP/IP client used to lookup NetBIOS 
+	names</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+>  [-f] [-M] [-R] [-S] [-r] [-A] [-h] [-B &#60;broadcast address&#62;] [-U &#60;unicast address&#62;] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-i &#60;NetBIOS scope&#62;] [-T] {name}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN25"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+> is used to query NetBIOS names 
+	and map them to IP addresses in a network using NetBIOS over TCP/IP 
+	queries. The options allow the name queries to be directed at a 
+	particular IP broadcast area or to a particular machine. All queries 
+	are done over UDP.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN31"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-f</DT
+><DD
+><P
+>Causes nmblookup to print out the flags
+		in the NMB packet headers. These flags will print out as 
+		strings like Authoritative, Recursion_Desired, Recursion_available, etc.
+		</P
+></DD
+><DT
+>-M</DT
+><DD
+><P
+>Searches for a master browser by looking 
+		up the  NetBIOS name <TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+> with a 
+		type of <TT
+CLASS="CONSTANT"
+>0x1d</TT
+>. If <TT
+CLASS="REPLACEABLE"
+><I
+>		name</I
+></TT
+> is "-" then it does a lookup on the special name 
+		<TT
+CLASS="CONSTANT"
+>__MSBROWSE__</TT
+>.</P
+></DD
+><DT
+>-R</DT
+><DD
+><P
+>Set the recursion desired bit in the packet 
+		to do a recursive lookup. This is used when sending a name 
+		query to a machine running a WINS server and the user wishes 
+		to query the names in the WINS server.  If this bit is unset 
+		the normal (broadcast responding) NetBIOS processing code 
+		on a machine is used instead. See rfc1001, rfc1002 for details.
+		</P
+></DD
+><DT
+>-S</DT
+><DD
+><P
+>Once the name query has returned an IP 
+		address then do a node status query as well. A node status 
+		query returns the NetBIOS names registered by a host.
+		</P
+></DD
+><DT
+>-r</DT
+><DD
+><P
+>Try and bind to UDP port 137 to send and receive UDP
+		datagrams. The reason for this option is a bug in Windows 95 
+		where it ignores the source port of the requesting packet 
+	 	and only replies to UDP port 137. Unfortunately, on most UNIX 
+		systems root privilege is needed to bind to this port, and 
+		in addition, if the <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> 
+		daemon is running on this machine it also binds to this port.
+		</P
+></DD
+><DT
+>-A</DT
+><DD
+><P
+>Interpret <TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+> as 
+		an IP Address and do a node status query on this address.</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Print a help (usage) message.</P
+></DD
+><DT
+>-B &#60;broadcast address&#62;</DT
+><DD
+><P
+>Send the query to the given broadcast address. Without 
+		this option the default behavior of nmblookup is to send the 
+		query to the broadcast address of the network interfaces as 
+		either auto-detected or defined in the <A
+HREF="smb.conf.5.html#INTERFACES"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+>
+		</A
+> parameter of the  <TT
+CLASS="FILENAME"
+>smb.conf (5)</TT
+> file.
+		</P
+></DD
+><DT
+>-U &#60;unicast address&#62;</DT
+><DD
+><P
+>Do a unicast query to the specified address or 
+		host <TT
+CLASS="REPLACEABLE"
+><I
+>unicast address</I
+></TT
+>. This option 
+		(along with the <TT
+CLASS="PARAMETER"
+><I
+>-R</I
+></TT
+> option) is needed to 
+		query a WINS server.</P
+></DD
+><DT
+>-d &#60;debuglevel&#62;</DT
+><DD
+><P
+>debuglevel is an integer from 0 to 10.</P
+><P
+>The default value if this parameter is not specified 
+		is zero.</P
+><P
+>The higher this value, the more detail will be logged 
+		about the activities of <B
+CLASS="COMMAND"
+>nmblookup</B
+>. At level 
+		0, only critical errors and serious warnings will be logged.</P
+><P
+>Levels above 1 will generate considerable amounts of 
+		log data, and should only be used when investigating a problem. 
+		Levels above 3 are designed for use only by developers and 
+		generate HUGE amounts of data, most of which is extremely cryptic.</P
+><P
+>Note that specifying this parameter here will override 
+		the <A
+HREF="smb.conf.5.html#LOGLEVEL"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>		log level</I
+></TT
+></A
+> parameter in the <TT
+CLASS="FILENAME"
+>		smb.conf(5)</TT
+> file.</P
+></DD
+><DT
+>-s &#60;smb.conf&#62;</DT
+><DD
+><P
+>This parameter specifies the pathname to 
+		the Samba configuration file, <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>		smb.conf(5)</A
+>.  This file controls all aspects of
+		the Samba setup on the machine.</P
+></DD
+><DT
+>-i &#60;scope&#62;</DT
+><DD
+><P
+>This specifies a NetBIOS scope that
+		<B
+CLASS="COMMAND"
+>nmblookup</B
+> will use to communicate with when 
+		generating NetBIOS names. For details on the use of NetBIOS 
+		scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are 
+		<EM
+>very</EM
+> rarely used, only set this parameter 
+		if you are the system administrator in charge of all the 
+		NetBIOS systems you communicate with.</P
+></DD
+><DT
+>-T</DT
+><DD
+><P
+>This causes any IP addresses found in the 
+		lookup to be looked up via a reverse DNS lookup into a 
+		DNS name, and printed out before each</P
+><P
+><EM
+>IP address .... NetBIOS name</EM
+></P
+><P
+> pair that is the normal output.</P
+></DD
+><DT
+>name</DT
+><DD
+><P
+>This is the NetBIOS name being queried. Depending 
+		upon the previous options this may be a NetBIOS name or IP address. 
+		If a NetBIOS name then the different name types may be specified 
+		by appending '#&#60;type&#62;' to the name. This name may also be
+		'*', which will return all registered names within a broadcast 
+		area.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN115"
+></A
+><H2
+>EXAMPLES</H2
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+> can be used to query 
+		a WINS server (in the same way <B
+CLASS="COMMAND"
+>nslookup</B
+> is 
+		used to query DNS servers). To query a WINS server, 
+		<B
+CLASS="COMMAND"
+>nmblookup</B
+> must be called like this:</P
+><P
+><B
+CLASS="COMMAND"
+>nmblookup -U server -R 'name'</B
+></P
+><P
+>For example, running :</P
+><P
+><B
+CLASS="COMMAND"
+>nmblookup -U samba.org -R 'IRIX#1B'</B
+></P
+><P
+>would query the WINS server samba.org for the domain 
+		master browser (1B name type) for the IRIX workgroup.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN127"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN130"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd(8)</B
+></A
+>, 
+	<A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>, and	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN137"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/pdbedit.8.html b/docs/htmldocs/pdbedit.8.html
new file mode 100755
index 00000000000..9609664af05
--- /dev/null
+++ b/docs/htmldocs/pdbedit.8.html
@@ -0,0 +1,426 @@
+<HTML
+><HEAD
+><TITLE
+>pdbedit</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="PDBEDIT"
+>pdbedit</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>pdbedit&nbsp;--&nbsp;manage the SAM database</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>pdbedit</B
+>  [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i file]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN24"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+>The pdbedit program is used to manage the users accounts
+	stored in the sam database and can be run only by root.</P
+><P
+>The pdbedit tool use the passdb modular interface and is
+	independent from the kind of users database used (currently there
+	are smbpasswd, ldap, nis+ and tdb based and more can be addedd
+	without changing the tool).</P
+><P
+>There are five main ways to use pdbedit: adding a user account,
+	removing a user account, modifing a user account, listing user
+	accounts, importing users accounts.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN31"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-l</DT
+><DD
+><P
+>This option list all the user accounts
+		present in the users database.
+		This option prints a list of user/uid pairs separated by
+		the ':' character.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -l</B
+></P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		sorce:500:Simo Sorce
+		samba:45:Test User
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+>This option sets the verbose listing format.
+		It will make pdbedit list the users in the database printing
+		out the account fields in a descriptive format.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -l -v</B
+></P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		---------------
+		username:       sorce
+		user ID/Group:  500/500
+		user RID/GRID:  2000/2001
+		Full Name:      Simo Sorce
+		Home Directory: \\BERSERKER\sorce
+		HomeDir Drive:  H:
+		Logon Script:   \\BERSERKER\netlogon\sorce.bat
+		Profile Path:   \\BERSERKER\profile
+		---------------
+		username:       samba
+		user ID/Group:  45/45
+		user RID/GRID:  1090/1091
+		Full Name:      Test User
+		Home Directory: \\BERSERKER\samba
+		HomeDir Drive:  
+		Logon Script:   
+		Profile Path:   \\BERSERKER\profile
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+></DD
+><DT
+>-w</DT
+><DD
+><P
+>This option sets the "smbpasswd" listing format.
+		It will make pdbedit list the users in the database printing
+		out the account fields in a format compatible with the
+		<TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file format. (see the <A
+HREF="smbpasswd.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+></A
+> for details)</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -l -w</B
+></P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+></DD
+><DT
+>-u username</DT
+><DD
+><P
+>This option specifies that the username to be
+		used for the operation requested (listing, adding, removing)
+		It is <EM
+>required</EM
+> in add, remove and modify
+		operations and <EM
+>optional</EM
+> in list
+		operations.</P
+></DD
+><DT
+>-f fullname</DT
+><DD
+><P
+>This option can be used while adding or
+		modifing a user account. It will specify the user's full
+		name. </P
+><P
+>Example: <B
+CLASS="COMMAND"
+>-f "Simo Sorce"</B
+></P
+></DD
+><DT
+>-h homedir</DT
+><DD
+><P
+>This option can be used while adding or
+		modifing a user account. It will specify the user's home
+		directory network path.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>-h "\\\\BERSERKER\\sorce"</B
+>
+		</P
+></DD
+><DT
+>-d drive</DT
+><DD
+><P
+>This option can be used while adding or
+		modifing a user account. It will specify the windows drive
+		letter to be used to map the home directory.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>-d "H:"</B
+>
+		</P
+></DD
+><DT
+>-s script</DT
+><DD
+><P
+>This option can be used while adding or
+		modifing a user account. It will specify the user's logon
+		script path.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</B
+>
+		</P
+></DD
+><DT
+>-p profile</DT
+><DD
+><P
+>This option can be used while adding or
+		modifing a user account. It will specify the user's profile
+		directory.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>-p "\\\\BERSERKER\\netlogon"</B
+>
+		</P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>This option is used to add a user into the
+		database. This command need the user name be specified with
+		the -u switch. When adding a new user pdbedit will also
+		ask for the password to be used</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -a -u sorce</B
+>
+		<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>new password:
+		retype new password</PRE
+></TD
+></TR
+></TABLE
+>
+                </P
+></DD
+><DT
+>-m</DT
+><DD
+><P
+>This option may only be used in conjunction 
+		with the <TT
+CLASS="PARAMETER"
+><I
+>-a</I
+></TT
+> option. It will make
+		pdbedit to add a machine trust account instead of a user
+		account (-u username will provide the machine name).</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -a -m -u w2k-wks</B
+>
+		</P
+></DD
+><DT
+>-x</DT
+><DD
+><P
+>This option causes pdbedit to delete an account
+		from the database. It need the username be specified with the
+		-u switch.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -x -u bob</B
+></P
+></DD
+><DT
+>-i file</DT
+><DD
+><P
+>This command is used to import a smbpasswd
+		file into the database.</P
+><P
+>This option will ease migration from the plain smbpasswd
+		file database to more powerful backend databases like tdb and
+		ldap.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pdbedit -i /etc/smbpasswd.old</B
+>
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN124"
+></A
+><H2
+>NOTES</H2
+><P
+>This command may be used only by root.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN127"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN130"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+>smbpasswd(8)</A
+>, 
+	<A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN135"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html
new file mode 100755
index 00000000000..38a7e280668
--- /dev/null
+++ b/docs/htmldocs/printer_driver2.html
@@ -0,0 +1,1052 @@
+<HTML
+><HEAD
+><TITLE
+>Printing Support in Samba 2.2.x</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="PRINTING"
+>Printing Support in Samba 2.2.x</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Introduction</A
+></H1
+><P
+>Beginning with the 2.2.0 release, Samba supports 
+the native Windows NT printing mechanisms implemented via 
+MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
+Samba only supported LanMan printing calls.</P
+><P
+>The additional functionality provided by the new 
+SPOOLSS support includes:</P
+><P
+></P
+><UL
+><LI
+><P
+>Support for downloading printer driver 
+	files to Windows 95/98/NT/2000 clients upon demand.
+	</P
+></LI
+><LI
+><P
+>Uploading of printer drivers via the 
+	Windows NT Add Printer Wizard (APW) or the 
+	Imprints tool set (refer to <A
+HREF="http://imprints.sourceforge.net"
+TARGET="_top"
+>http://imprints.sourceforge.net</A
+>). 
+	</P
+></LI
+><LI
+><P
+>Support for the native MS-RPC printing 
+	calls such as StartDocPrinter, EnumJobs(), etc...  (See 
+	the MSDN documentation at <A
+HREF="http://msdn.microsoft.com/"
+TARGET="_top"
+>http://msdn.microsoft.com/</A
+> 
+	for more information on the Win32 printing API)
+	</P
+></LI
+><LI
+><P
+>Support for NT Access Control Lists (ACL) 
+	on printer objects</P
+></LI
+><LI
+><P
+>Improved support for printer queue manipulation 
+	through the use of an internal databases for spooled job 
+	information</P
+></LI
+></UL
+><P
+>There has been some initial confusion about what all this means
+and whether or not it is a requirement for printer drivers to be 
+installed on a Samba host in order to support printing from Windows 
+clients.  A bug existed in Samba 2.2.0 which made Windows NT/2000 clients 
+require that the Samba server possess a valid driver for the printer.  
+This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
+can use the local APW for installing drivers to be used with a Samba 
+served printer.  This is the same behavior exhibited by Windows 9x clients.
+As a side note, Samba does not use these drivers in any way to process 
+spooled files.  They are utilized entirely by the clients.</P
+><P
+>The following MS KB article, may be of some help if you are dealing with
+Windows 2000 clients:  <I
+CLASS="EMPHASIS"
+>How to Add Printers with No User 
+Interaction in Windows 2000</I
+></P
+><P
+><A
+HREF="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP"
+TARGET="_top"
+>http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN25"
+>Configuration</A
+></H1
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>[print$] vs. [printer$]</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>Previous versions of Samba recommended using a share named [printer$].  
+This name was taken from the printer$ service created by Windows 9x 
+clients when a printer was shared.  Windows 9x printer servers always have 
+a printer$ service which provides read-only access via no 
+password in order to support printer driver downloads.</P
+><P
+>However, the initial implementation allowed for a 
+parameter named <TT
+CLASS="PARAMETER"
+><I
+>printer driver location</I
+></TT
+> 
+to be used on a per share basis to specify the location of 
+the driver files associated with that printer.  Another 
+parameter named <TT
+CLASS="PARAMETER"
+><I
+>printer driver</I
+></TT
+> provided 
+a means of defining the printer driver name to be sent to 
+the client.</P
+><P
+>These parameters, including <TT
+CLASS="PARAMETER"
+><I
+>printer driver
+file</I
+></TT
+> parameter, are being deprecated and should not
+be used in new installations.  For more information on this change, 
+you should refer to the <A
+HREF="#MIGRATION"
+>Migration section</A
+>
+of this document.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN36"
+>Creating [print$]</A
+></H2
+><P
+>In order to support the uploading of printer driver 
+files, you must first configure a file share named [print$].  
+The name of this share is hard coded in Samba's internals so 
+the name is very important (print$ is the service used by 
+Windows NT print servers to provide support for printer driver 
+download).</P
+><P
+>You should modify the server's smb.conf file to add the global
+parameters and to create the 
+following file share (of course, some of the parameter values,
+such as 'path' are arbitrary and should be replaced with
+appropriate values for your site):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root</PRE
+></P
+><P
+>The <A
+HREF="smb.conf.5.html#WRITELIST"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>write list</I
+></TT
+></A
+> is used to allow administrative 
+level user accounts to have write access in order to update files 
+on the share.  See the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) 
+man page</A
+> for more information on configuring file shares.</P
+><P
+>The requirement for <A
+HREF="smb.conf.5.html#GUESTOK"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>guest 
+ok = yes</B
+></A
+> depends upon how your
+site is configured.  If users will be guaranteed to have 
+an account on the Samba host, then this is a non-issue.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Author's Note: </B
+>The non-issue is that if all your Windows NT users are guaranteed to be 
+authenticated by the Samba server (such as a domain member server and the NT 
+user has already been validated by the Domain Controller in 
+order to logon to the Windows NT console), then guest access 
+is not necessary.  Of course, in a workgroup environment where 
+you just want to be able to print without worrying about 
+silly accounts and security, then configure the share for 
+guest access.  You'll probably want to add <A
+HREF="smb.conf.5.html#MAPTOGUEST"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>map to guest = Bad User</B
+></A
+> in the [global] section as well.  Make sure 
+you understand what this parameter does before using it 
+though. --jerry</P
+></BLOCKQUOTE
+></DIV
+><P
+>In order for a Windows NT print server to support 
+the downloading of driver files by multiple client architectures,
+it must create subdirectories within the [print$] service
+which correspond to each of the supported client architectures.
+Samba follows this model as well.</P
+><P
+>Next create the directory tree below the [print$] share 
+for each architecture you wish to support.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"</PRE
+></P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>ATTENTION!  REQUIRED PERMISSIONS</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>In order to currently add a new driver to you Samba host, 
+one of two conditions must hold true:</P
+><P
+></P
+><UL
+><LI
+><P
+>The account used to connect to the Samba host 
+	must have a uid of 0 (i.e. a root account)</P
+></LI
+><LI
+><P
+>The account used to connect to the Samba host
+	must be a member of the <A
+HREF="smb.conf.5.html#PRINTERADMIN"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>printer 
+	admin</I
+></TT
+></A
+> list.</P
+></LI
+></UL
+><P
+>Of course, the connected account must still possess access
+to add files to the subdirectories beneath [print$]. Remember
+that all file shares are set to 'read only' by default.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Once you have created the required [print$] service and 
+associated subdirectories, simply log onto the Samba server using 
+a root (or <TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+>) account
+from a Windows NT 4.0/2k client.  Open "Network Neighbourhood" or
+"My Network Places" and browse for the Samba host.  Once you have located
+the server, navigate to the "Printers..." folder.
+You should see an initial listing of printers
+that matches the printer shares defined on your Samba host.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN71"
+>Setting Drivers for Existing Printers</A
+></H2
+><P
+>The initial listing of printers in the Samba host's 
+Printers folder will have no real printer driver assigned 
+to them.  By default, in Samba 2.2.0 this driver name was set to 
+<I
+CLASS="EMPHASIS"
+>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</I
+>.
+Later versions changed this to a NULL string to allow the use
+tof the local Add Printer Wizard on NT/2000 clients.
+Attempting to view the printer properties for a printer
+which has this default driver assigned will result in 
+the error message:</P
+><P
+><I
+CLASS="EMPHASIS"
+>Device settings cannot be displayed.  The driver 
+for the specified printer is not installed, only spooler 
+properties will be displayed.  Do you want to install the 
+driver now?</I
+></P
+><P
+>Click <I
+CLASS="EMPHASIS"
+>No</I
+> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
+printer is to either</P
+><P
+></P
+><UL
+><LI
+><P
+>Use the "New Driver..." button to install
+	a new printer driver, or</P
+></LI
+><LI
+><P
+>Select a driver from the popup list of
+	installed drivers.  Initially this list will be empty.</P
+></LI
+></UL
+><P
+>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
+to use the "Sharing" tab of the printer properties dialog.</P
+><P
+>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
+ACLs and device settings using this dialog box.</P
+><P
+>A few closing comments for this section, it is possible
+on a Windows NT print server to have printers
+listed in the Printers folder which are not shared.  Samba does
+not make this distinction.  By definition, the only printers of
+which Samba is aware are those which are specified as shares in
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.</P
+><P
+>Another interesting side note is that Windows NT clients do
+not use the SMB printer share, but rather can print directly
+to any printer on another Windows NT host using MS-RPC.  This
+of course assumes that the printing client has the necessary
+privileges on the remote host serving the printer.  The default
+permissions assigned by Windows NT to a printer gives the "Print"
+permissions to the "Everyone" well-known group.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN89"
+>DeviceModes and New Printers</A
+></H2
+><P
+>In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:</P
+><P
+></P
+><UL
+><LI
+><P
+>a valid Device Mode generated by the driver for the printer, and</P
+></LI
+><LI
+><P
+>a complete set of PrinterDriverData generated by the driver.</P
+></LI
+></UL
+><P
+>If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).</P
+><P
+>Samba also includes a service level parameter name <A
+HREF="smb.conf.5.html#DEFAULTDEVMODE"
+TARGET="_top"
+>default
+devmode</A
+> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN100"
+>Support a large number of printers</A
+></H2
+><P
+>One issue that has arisen during the development
+phase of Samba 2.2 is the need to support driver downloads for
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
+same driver, the <A
+HREF="rpcclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>rpcclient's
+setdriver</B
+></A
+> command can be used to set the driver
+associated with an installed driver.  The following is example
+of how this could be accomplished:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>$ </TT
+>rpcclient pogo -U root%secret -c "enumdrivers"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+
+[Windows NT x86]
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4000 Series PS]
+
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 2100 Series PS]
+
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
+
+<TT
+CLASS="PROMPT"
+>$ </TT
+>rpcclient pogo -U root%secret -c "enumprinters"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
+
+<TT
+CLASS="PROMPT"
+>$ </TT
+>rpcclient pogo -U root%secret \
+<TT
+CLASS="PROMPT"
+>&gt; </TT
+> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN111"
+>Adding New Printers via the Windows NT APW</A
+></H2
+><P
+>By default, Samba offers all printer shares defined in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
+Add Printer Wizard icon.  The APW will be show only if</P
+><P
+></P
+><UL
+><LI
+><P
+>The connected user is able to successfully
+	execute an OpenPrinterEx(\\server) with administrative
+	privileges (i.e. root or <TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+>).
+	</P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>show
+	add printer wizard = yes</I
+></TT
+></A
+> (the default).
+	</P
+></LI
+></UL
+><P
+>In order to be able to use the APW to successfully add a printer to a Samba
+server, the <A
+HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>add
+printer command</I
+></TT
+></A
+> must have a defined value.  The program
+hook must successfully add the printer to the system (i.e.
+<TT
+CLASS="FILENAME"
+>/etc/printcap</TT
+> or appropriate files) and
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> if necessary.</P
+><P
+>When using the APW from a client, if the named printer share does
+not exist, <B
+CLASS="COMMAND"
+>smbd</B
+> will execute the <TT
+CLASS="PARAMETER"
+><I
+>add printer
+command</I
+></TT
+> and reparse to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+to attempt to locate the new printer share.  If the share is still not defined,
+an error of "Access Denied" is returned to the client.  Note that the 
+<TT
+CLASS="PARAMETER"
+><I
+>add printer program</I
+></TT
+> is executed under the context
+of the connected user, not necessarily a root account.</P
+><P
+>There is a complementing <A
+HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>delete
+printer command</I
+></TT
+></A
+> for removing entries from the "Printers..."
+folder.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN136"
+>Samba and Printer Ports</A
+></H2
+><P
+>Windows NT/2000 print servers associate a port with each printer.  These normally
+take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
+concept of ports associated with a printer.  By default, only one printer port,
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
+order to print, rather it is a requirement of Windows clients.  </P
+><P
+>Note that Samba does not support the concept of "Printer Pooling" internally 
+either.  This is when a logical printer is assigned to multiple ports as 
+a form of load balancing or fail over.</P
+><P
+>If you require that multiple ports be defined for some reason,
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> possesses a <A
+HREF="smb.conf.5.html#ENUMPORTSCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>enumports 
+command</I
+></TT
+></A
+> which can be used to define an external program 
+that generates a listing of ports on a system.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN144"
+>The Imprints Toolset</A
+></H1
+><P
+>The Imprints tool set provides a UNIX equivalent of the 
+	Windows NT Add Printer Wizard.  For complete information, please 
+	refer to the Imprints web site at <A
+HREF="http://imprints.sourceforge.net/"
+TARGET="_top"
+>	http://imprints.sourceforge.net/</A
+> as well as the documentation 
+	included with the imprints source distribution.  This section will 
+	only provide a brief introduction to the features of Imprints.</P
+><P
+>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN149"
+>What is Imprints?</A
+></H2
+><P
+>Imprints is a collection of tools for supporting the goals 
+		of</P
+><P
+></P
+><UL
+><LI
+><P
+>Providing a central repository information 
+			regarding Windows NT and 95/98 printer driver packages</P
+></LI
+><LI
+><P
+>Providing the tools necessary for creating 
+			the Imprints printer driver packages.</P
+></LI
+><LI
+><P
+>Providing an installation client which 
+			will obtain and install printer drivers on remote Samba 
+			and Windows NT 4 print servers.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN159"
+>Creating Printer Driver Packages</A
+></H2
+><P
+>The process of creating printer driver packages is beyond
+		the scope of this document (refer to Imprints.txt also included
+		with the Samba distribution for more information).  In short,
+		an Imprints driver package is a gzipped tarball containing the
+		driver files, related INF files, and a control file needed by the
+		installation client.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN162"
+>The Imprints server</A
+></H2
+><P
+>The Imprints server is really a database server that 
+		may be queried via standard HTTP mechanisms.  Each printer 
+		entry in the database has an associated URL for the actual
+		downloading of the package.  Each package is digitally signed
+		via GnuPG which can be used to verify that package downloaded
+		is actually the one referred in the Imprints database.  It is 
+		<I
+CLASS="EMPHASIS"
+>not</I
+> recommended that this security check 
+		be disabled.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN166"
+>The Installation Client</A
+></H2
+><P
+>More information regarding the Imprints installation client 
+		is available in the <TT
+CLASS="FILENAME"
+>Imprints-Client-HOWTO.ps</TT
+> 
+		file included with the imprints source package.</P
+><P
+>The Imprints installation client comes in two forms.</P
+><P
+></P
+><UL
+><LI
+><P
+>a set of command line Perl scripts</P
+></LI
+><LI
+><P
+>a GTK+ based graphical interface to 
+			the command line perl scripts</P
+></LI
+></UL
+><P
+>The installation client (in both forms) provides a means
+		of querying the Imprints database server for a matching
+		list of known printer model names as well as a means to 
+		download and install the drivers on remote Samba and Windows
+		NT print servers.</P
+><P
+>The basic installation process is in four steps and 
+		perl code is wrapped around <B
+CLASS="COMMAND"
+>smbclient</B
+> 
+		and <B
+CLASS="COMMAND"
+>rpcclient</B
+>.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
+	
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer</PRE
+></P
+><P
+>One of the problems encountered when implementing 
+		the Imprints tool set was the name space issues between 
+		various supported client architectures.  For example, Windows 
+		NT includes a driver named "Apple LaserWriter II NTX v51.8" 
+		and Windows 95 calls its version of this driver "Apple 
+		LaserWriter II NTX"</P
+><P
+>The problem is how to know what client drivers have 
+		been uploaded for a printer.  As astute reader will remember 
+		that the Windows NT Printer Properties dialog only includes 
+		space for one printer driver name.  A quick look in the 
+		Windows NT 4.0 system registry at</P
+><P
+><TT
+CLASS="FILENAME"
+>HKLM\System\CurrentControlSet\Control\Print\Environment
+		</TT
+></P
+><P
+>will reveal that Windows NT always uses the NT driver 
+		name.  This is ok as Windows NT always requires that at least 
+		the Windows NT version of the printer driver is present.  
+		However, Samba does not have the requirement internally.  
+		Therefore, how can you use the NT driver name if is has not 
+		already been installed?</P
+><P
+>The way of sidestepping this limitation is to require 
+		that all Imprints printer driver packages include both the Intel 
+		Windows NT and 95/98 printer drivers and that NT driver is 
+		installed first.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN188"
+><A
+NAME="MIGRATION"
+></A
+>Migration to from Samba 2.0.x to 2.2.x</A
+></H1
+><P
+>Given that printer driver management has changed (we hope improved) in 
+2.2 over prior releases, migration from an existing setup to 2.2 can 
+follow several paths. Here are the possible scenarios for 
+migration:</P
+><P
+></P
+><UL
+><LI
+><P
+>If you do not desire the new Windows NT 
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.</P
+></LI
+><LI
+><P
+>If you want to take advantage of NT printer 
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	<TT
+CLASS="FILENAME"
+>printers.def</TT
+> file.  When smbd attempts 
+	to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The <B
+CLASS="COMMAND"
+>make_printerdef</B
+> 
+	tool will also remain for backwards compatibility but will 
+	be removed in the next major release.</P
+></LI
+><LI
+><P
+>If you install a Windows 9x driver for a printer 
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).</P
+></LI
+><LI
+><P
+>If you want to migrate an existing <TT
+CLASS="FILENAME"
+>printers.def</TT
+> 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using <B
+CLASS="COMMAND"
+>smbclient</B
+> and <B
+CLASS="COMMAND"
+>rpcclient</B
+>.  See the 
+	Imprints installation client at <A
+HREF="http://imprints.sourceforge.net/"
+TARGET="_top"
+>http://imprints.sourceforge.net/</A
+> 
+	for an example.
+	</P
+></LI
+></UL
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Achtung!</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>The following <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> parameters are considered to 
+be deprecated and will be removed soon.  Do not use them in new 
+installations</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver file (G)</I
+></TT
+>
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver (S)</I
+></TT
+>
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver location (S)</I
+></TT
+>
+	</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN221"
+>Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
+></H2
+><P
+>The have been two new parameters add in Samba 2.2.2 to for 
+better support of Samba 2.0.x backwards capability (<TT
+CLASS="PARAMETER"
+><I
+>disable
+spoolss</I
+></TT
+>) and for using local printers drivers on Windows 
+NT/2000 clients (<TT
+CLASS="PARAMETER"
+><I
+>use client driver</I
+></TT
+>). Both of 
+these options are described in the smb.coinf(5) man page and are 
+disabled by default.  Use them with caution.</P
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html
new file mode 100755
index 00000000000..d18966fa238
--- /dev/null
+++ b/docs/htmldocs/rpcclient.1.html
@@ -0,0 +1,719 @@
+<HTML
+><HEAD
+><TITLE
+>rpcclient</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="RPCCLIENT"
+>rpcclient</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>rpcclient&nbsp;--&nbsp;tool for executing client side 
+	MS-RPC functions</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>rpcclient</B
+>  [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] {server}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN22"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>rpcclient</B
+> is a utility initially developed
+	to test MS-RPC functionality in Samba itself.  It has undergone 
+	several stages of development and stability.  Many system administrators
+	have now written scripts around it to manage Windows NT clients from 
+	their UNIX workstation. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN28"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>server</DT
+><DD
+><P
+>NetBIOS name of Server to which to connect. 
+		The server can be  any SMB/CIFS server.  The name is 
+		resolved using the <A
+HREF="smb.conf.5.html#NAMERESOLVEORDER"
+TARGET="_top"
+>		<TT
+CLASS="PARAMETER"
+><I
+>name resolve order</I
+></TT
+></A
+> line from 
+		<TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>.</P
+></DD
+><DT
+>-A filename</DT
+><DD
+><P
+>This option allows 
+		you to specify a file from which to read the username and 
+		password used in the connection.  The format of the file is 
+		</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		username = &#60;value&#62; 
+		password = &#60;value&#62;
+		domain   = &#60;value&#62;
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Make certain that the permissions on the file restrict 
+		access from unwanted users. </P
+></DD
+><DT
+>-c 'command string'</DT
+><DD
+><P
+>execute semicolon separated commands (listed 
+		below)) </P
+></DD
+><DT
+>-d debuglevel</DT
+><DD
+><P
+>set the debuglevel. Debug level 0 is the lowest 
+		and 100 being the highest. This should be set to 100 if you are
+		planning on submitting a bug report to the Samba team (see <TT
+CLASS="FILENAME"
+>BUGS.txt</TT
+>). 
+		</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Print a summary of command line options.
+		</P
+></DD
+><DT
+>-l logbasename</DT
+><DD
+><P
+>File name for log/debug files. The extension 
+		<TT
+CLASS="CONSTANT"
+>'.client'</TT
+> will be appended. The log file is never removed  
+		by the client.
+		</P
+></DD
+><DT
+>-N</DT
+><DD
+><P
+>instruct <B
+CLASS="COMMAND"
+>rpcclient</B
+> not to ask 
+		for a password.   By default, <B
+CLASS="COMMAND"
+>rpcclient</B
+> will prompt 
+		for a password.  See also the <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> option.</P
+></DD
+><DT
+>-s smb.conf</DT
+><DD
+><P
+>Specifies the location of the all important 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. </P
+></DD
+><DT
+>-U username[%password]</DT
+><DD
+><P
+>Sets the SMB username or username and password. </P
+><P
+>If %password is not specified, the user will be prompted. The 
+		client will first check the <TT
+CLASS="ENVAR"
+>USER</TT
+> environment variable, then the 
+		<TT
+CLASS="ENVAR"
+>LOGNAME</TT
+> variable and if either exists, the 
+		string is uppercased. If these environmental variables are not 
+		found, the username <TT
+CLASS="CONSTANT"
+>GUEST</TT
+> is used. </P
+><P
+>A third option is to use a credentials file which 
+		contains the plaintext of the username and password.  This 
+		option is mainly provided for scripts where the admin doesn't 
+		desire to pass the credentials on the command line or via environment 
+		variables. If this method is used, make certain that the permissions 
+		on the file restrict access from unwanted users.  See the 
+		<TT
+CLASS="PARAMETER"
+><I
+>-A</I
+></TT
+> for more details. </P
+><P
+>Be cautious about including passwords in scripts. Also, on 
+		many systems the command line of a running process may be seen 
+		via the <B
+CLASS="COMMAND"
+>ps</B
+> command.  To be safe always allow 
+		<B
+CLASS="COMMAND"
+>rpcclient</B
+> to prompt for a password and type 
+		it in directly. </P
+></DD
+><DT
+>-W domain</DT
+><DD
+><P
+>Set the SMB domain of the username.   This 
+		overrides the default domain which is the domain defined in 
+		smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
+		it causes the client to log on using the  server's local SAM (as 
+		opposed to the Domain SAM). </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN92"
+></A
+><H2
+>COMMANDS</H2
+><P
+><EM
+>LSARPC</EM
+></P
+><P
+></P
+><UL
+><LI
+><P
+><B
+CLASS="COMMAND"
+>lsaquery</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>lookupsids</B
+> - Resolve a list 
+		of SIDs to usernames.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>lookupnames</B
+> - Resolve s list 
+		of usernames to SIDs.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumtrusts</B
+></P
+></LI
+></UL
+><P
+> </P
+><P
+><EM
+>SAMR</EM
+></P
+><P
+></P
+><UL
+><LI
+><P
+><B
+CLASS="COMMAND"
+>queryuser</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>querygroup</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>queryusergroups</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>querygroupmem</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>queryaliasmem</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>querydispinfo</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>querydominfo</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumdomgroups</B
+></P
+></LI
+></UL
+><P
+> </P
+><P
+><EM
+>SPOOLSS</EM
+></P
+><P
+></P
+><UL
+><LI
+><P
+><B
+CLASS="COMMAND"
+>adddriver &#60;arch&#62; &#60;config&#62;</B
+> 
+		- Execute an AddPrinterDriver() RPC to install the printer driver 
+		information on the server.  Note that the driver files should 
+		already exist in the directory returned by  
+		<B
+CLASS="COMMAND"
+>getdriverdir</B
+>.  Possible values for 
+		<TT
+CLASS="PARAMETER"
+><I
+>arch</I
+></TT
+> are the same as those for 
+		the <B
+CLASS="COMMAND"
+>getdriverdir</B
+> command.
+		The <TT
+CLASS="PARAMETER"
+><I
+>config</I
+></TT
+> parameter is defined as 
+		follows: </P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		Long Printer Name:\
+		Driver File Name:\
+		Data File Name:\
+		Config File Name:\
+		Help File Name:\
+		Language Monitor Name:\
+		Default Data Type:\
+		Comma Separated list of Files
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Any empty fields should be enter as the string "NULL". </P
+><P
+>Samba does not need to support the concept of Print Monitors
+		since these only apply to local printers whose driver can make
+		use of a bi-directional link for communication.  This field should 
+		be "NULL".   On a remote NT print server, the Print Monitor for a 
+		driver must already be installed prior to adding the driver or 
+		else the RPC will fail. </P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>addprinter &#60;printername&#62; 
+		&#60;sharename&#62; &#60;drivername&#62; &#60;port&#62;</B
+> 
+		- Add a printer on the remote server.  This printer 
+ 		will be automatically shared.  Be aware that the printer driver 
+		must already be installed on the server (see <B
+CLASS="COMMAND"
+>adddriver</B
+>) 
+		and the <TT
+CLASS="PARAMETER"
+><I
+>port</I
+></TT
+>must be a valid port name (see
+		<B
+CLASS="COMMAND"
+>enumports</B
+>.</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>deldriver</B
+> - Delete the 
+		specified printer driver for all architectures.  This
+		does not delete the actual driver files from the server,
+		only the entry from the server's list of drivers.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumdata</B
+> - Enumerate all 
+		printer setting data stored on the server. On Windows NT  clients, 
+		these values are stored  in the registry, while Samba servers 
+		store them in the printers TDB.  This command corresponds
+		to the MS Platform SDK GetPrinterData() function (* This
+		command is currently unimplemented).</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumjobs &#60;printer&#62;</B
+> 
+		- List the jobs and status of a given printer.  
+		This command corresponds to the MS Platform SDK EnumJobs() 
+		function (* This command is currently unimplemented).</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumports [level]</B
+> 
+		- Executes an EnumPorts() call using the specified 
+		info level. Currently only info levels 1 and 2 are supported. 
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumdrivers [level]</B
+> 
+		- Execute an EnumPrinterDrivers() call.  This lists the various installed 
+		printer drivers for all architectures.  Refer to the MS Platform SDK 
+		documentation for more details of the various flags and calling 
+		options. Currently supported info levels are 1, 2, and 3.</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumprinters [level]</B
+> 
+		- Execute an EnumPrinters() call.  This lists the various installed 
+		and share printers.  Refer to the MS Platform SDK documentation for 
+		more details of the various flags and calling options. Currently
+		supported info levels are 0, 1, and 2.</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>getdata &#60;printername&#62;</B
+> 
+		- Retrieve the data for a given printer setting.  See 
+		the  <B
+CLASS="COMMAND"
+>enumdata</B
+> command for more information.  
+		This command corresponds to the GetPrinterData() MS Platform 
+		SDK function (* This command is currently unimplemented). </P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>getdriver &#60;printername&#62;</B
+> 
+		- Retrieve the printer driver information (such as driver file, 
+		config file, dependent files, etc...) for 
+		the given printer. This command corresponds to the GetPrinterDriver()
+		MS Platform  SDK function. Currently info level 1, 2, and 3 are supported.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>getdriverdir &#60;arch&#62;</B
+> 
+		- Execute a GetPrinterDriverDirectory()
+		RPC to retreive the SMB share name and subdirectory for 
+		storing printer driver files for a given architecture.  Possible 
+		values for <TT
+CLASS="PARAMETER"
+><I
+>arch</I
+></TT
+> are "Windows 4.0" 
+		(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
+		Alpha_AXP", and "Windows NT R4000". </P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>getprinter &#60;printername&#62;</B
+> 
+		- Retrieve the current printer information.  This command 
+		corresponds to the GetPrinter() MS Platform SDK function. 
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>openprinter &#60;printername&#62;</B
+> 
+		- Execute an OpenPrinterEx() and ClosePrinter() RPC 
+		against a given printer. </P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>setdriver &#60;printername&#62; &#60;drivername&#62;</B
+> 
+		- Execute a SetPrinter() command to update the printer driver associated
+		with an installed printer.  The printer driver must already be correctly
+		installed on the print server.  </P
+><P
+>See also the <B
+CLASS="COMMAND"
+>enumprinters</B
+> and 
+		<B
+CLASS="COMMAND"
+>enumdrivers</B
+> commands for obtaining a list of
+		of installed printers and drivers.</P
+></LI
+></UL
+><P
+><EM
+>GENERAL OPTIONS</EM
+></P
+><P
+></P
+><UL
+><LI
+><P
+><B
+CLASS="COMMAND"
+>debuglevel</B
+> - Set the current debug level
+		used to log information.</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>help (?)</B
+> - Print a listing of all 
+		known commands or extended help  on a particular command. 
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>quit (exit)</B
+> - Exit <B
+CLASS="COMMAND"
+>rpcclient
+		</B
+>.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN212"
+></A
+><H2
+>BUGS</H2
+><P
+><B
+CLASS="COMMAND"
+>rpcclient</B
+> is designed as a developer testing tool 
+	and may not be robust in certain areas (such as command line parsing).  
+	It has been known to  generate a core dump upon failures when invalid 
+	parameters where passed to the interpreter. </P
+><P
+>From Luke Leighton's original rpcclient man page:</P
+><P
+><EM
+>"WARNING!</EM
+> The MSRPC over SMB code has 
+	been developed from examining  Network traces. No documentation is 
+	available from the original creators  (Microsoft) on how MSRPC over 
+	SMB works, or how the individual MSRPC services  work. Microsoft's 
+	implementation of these services has been demonstrated  (and reported) 
+	to be... a bit flaky in places. </P
+><P
+>The development of Samba's implementation is also a bit rough, 
+	and as more  of the services are understood, it can even result in 
+	versions of  <B
+CLASS="COMMAND"
+>smbd(8)</B
+> and <B
+CLASS="COMMAND"
+>rpcclient(1)</B
+> 
+	that are incompatible for some commands or  services. Additionally, 
+	the developers are sending reports to Microsoft,  and problems found 
+	or reported to Microsoft are fixed in Service Packs,  which may 
+	result in incompatibilities." </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN222"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of the Samba 
+	suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN225"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original rpcclient man page was written by Matthew 
+	Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
+	The conversion to DocBook for Samba 2.2 was done by Gerald 
+	Carter.</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/samba.7.html b/docs/htmldocs/samba.7.html
new file mode 100755
index 00000000000..6fb9eac5784
--- /dev/null
+++ b/docs/htmldocs/samba.7.html
@@ -0,0 +1,365 @@
+<HTML
+><HEAD
+><TITLE
+>samba</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SAMBA"
+>samba</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>SAMBA&nbsp;--&nbsp;A Windows SMB/CIFS fileserver for UNIX</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>Samba</B
+> </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN11"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>The Samba software suite is a collection of programs 
+	that implements the Server Message Block (commonly abbreviated 
+	as SMB) protocol for UNIX systems. This protocol is sometimes 
+	also referred to as the Common Internet File System (CIFS), 
+	LanManager or NetBIOS protocol.</P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><B
+CLASS="COMMAND"
+>smbd</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>smbd </B
+>
+		daemon provides the file and print services to 
+		SMB clients, such as Windows 95/98, Windows NT, Windows 
+		for Workgroups or LanManager. The configuration file 
+		for this daemon is described in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+		</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>nmbd</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>nmbd</B
+>
+		daemon provides NetBIOS nameserving and browsing
+		support. The configuration file for this daemon 
+		is described in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>smbclient</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>smbclient</B
+>
+		program implements a simple ftp-like client. This 
+		is useful for accessing SMB shares on other compatible
+		servers (such as Windows NT), and can also be used 
+		to allow a UNIX box to print to a printer attached to 
+		any SMB server (such as a PC running Windows NT).</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>testparm</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>testparm</B
+>
+		utility is a simple syntax checker for Samba's
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>configuration file.</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>testprns</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>testprns</B
+>
+		utility supports testing printer names defined 
+		in your <TT
+CLASS="FILENAME"
+>printcap&#62;</TT
+> file used 
+		by Samba.</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>smbstatus</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>smbstatus</B
+>
+		tool provides access to information about the 
+		current connections to <B
+CLASS="COMMAND"
+>smbd</B
+>.</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>nmblookup</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>nmblookup</B
+>
+		tools allows NetBIOS name queries to be made 
+		from a UNIX host.</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>make_smbcodepage</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>make_smbcodepage</B
+>
+		utility provides a means of creating SMB code page 
+		definition files for your <B
+CLASS="COMMAND"
+>smbd</B
+> server.</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+></DT
+><DD
+><P
+>The <B
+CLASS="COMMAND"
+>smbpasswd</B
+>
+		command is a tool for changing LanMan and Windows NT 
+		password hashes on Samba and Windows NT servers.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN75"
+></A
+><H2
+>COMPONENTS</H2
+><P
+>The Samba suite is made up of several components. Each 
+	component is described in a separate manual page. It is strongly 
+	recommended that you read the documentation that comes with Samba 
+	and the manual pages of those components that you use. If the 
+	manual pages aren't clear enough then please send a patch or 
+	bug report to <A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>	samba@samba.org</A
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN79"
+></A
+><H2
+>AVAILABILITY</H2
+><P
+>The Samba software suite is licensed under the 
+	GNU Public License(GPL). A copy of that license should 
+	have come with the package in the file COPYING. You are 
+	encouraged to distribute copies of the Samba suite, but 
+	please obey the terms of this license.</P
+><P
+>The latest version of the Samba suite can be 
+	obtained via anonymous ftp from samba.org in the
+	directory pub/samba/. It is also available on several 
+	mirror sites worldwide.</P
+><P
+>You may also find useful information about Samba 
+	on the newsgroup <A
+HREF="news:comp.protocols.smb"
+TARGET="_top"
+>	comp.protocol.smb</A
+> and the Samba mailing 
+	list. Details on how to join the mailing list are given in 
+	the README file that comes with Samba.</P
+><P
+>If you have access to a WWW viewer (such as Netscape 
+	or Mosaic) then you will also find lots of useful information, 
+	including back issues of the Samba mailing list, at
+	<A
+HREF="http://lists.samba.org/"
+TARGET="_top"
+>http://lists.samba.org</A
+>.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN87"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of the 
+	Samba suite. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN90"
+></A
+><H2
+>CONTRIBUTIONS</H2
+><P
+>If you wish to contribute to the Samba project, 
+	then I suggest you join the Samba mailing list at 
+	<A
+HREF="http://lists.samba.org/"
+TARGET="_top"
+>http://lists.samba.org</A
+>.
+	</P
+><P
+>If you have patches to submit or bugs to report 
+	then you may mail them directly to samba-patches@samba.org.
+	Note, however, that due to the enormous popularity of this 
+	package the Samba Team may take some time to respond to mail. We 
+	prefer patches in <B
+CLASS="COMMAND"
+>diff -u</B
+> format.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN96"
+></A
+><H2
+>CONTRIBUTORS</H2
+><P
+>Contributors to the project are now too numerous 
+	to mention here but all deserve the thanks of all Samba 
+	users. To see a full list, look at <A
+HREF="ftp://samba.org/pub/samba/alpha/change-log"
+TARGET="_top"
+>	ftp://samba.org/pub/samba/alpha/change-log</A
+>
+	for the pre-CVS changes and at <A
+HREF="ftp://samba.org/pub/samba/alpha/cvs.log"
+TARGET="_top"
+>	ftp://samba.org/pub/samba/alpha/cvs.log</A
+>
+	for the contributors to Samba post-CVS. CVS is the Open Source 
+	source code control system used by the Samba Team to develop 
+	Samba. The project would have been unmanageable without it.</P
+><P
+>In addition, several commercial organizations now help 
+	fund the Samba Team with money and equipment. For details see 
+	the Samba Web pages at <A
+HREF="http://samba.org/samba/samba-thanks.html"
+TARGET="_top"
+>	http://samba.org/samba/samba-thanks.html</A
+>.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN103"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html
new file mode 100755
index 00000000000..97d06b131b7
--- /dev/null
+++ b/docs/htmldocs/smb.conf.5.html
@@ -0,0 +1,19921 @@
+<HTML
+><HEAD
+><TITLE
+>smb.conf</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMB.CONF"
+>smb.conf</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smb.conf&nbsp;--&nbsp;The configuration file for the Samba suite</DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN8"
+></A
+><H2
+>SYNOPSIS</H2
+><P
+>The <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file is a configuration 
+	file for the Samba suite. <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> contains 
+	runtime configuration information for the Samba programs. The
+	<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file is designed to be configured and 
+	administered by the <A
+HREF="swat.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>swat(8)</B
+>
+	</A
+> program. The complete description of the file format and 
+	possible parameters held within are here for reference purposes.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN16"
+></A
+><H2
+>FILE FORMAT</H2
+><P
+>The file consists of sections and parameters. A section 
+	begins with the name of the section in square brackets and continues 
+	until the next section begins. Sections contain parameters of the 
+	form</P
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>name</I
+></TT
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>value
+	</I
+></TT
+></P
+><P
+>The file is line-based - that is, each newline-terminated 
+	line represents either a comment, a section name or a parameter.</P
+><P
+>Section and parameter names are not case sensitive.</P
+><P
+>Only the first equals sign in a parameter is significant. 
+	Whitespace before or after the first equals sign is discarded.
+	Leading, trailing and internal whitespace in section and parameter 
+	names is irrelevant. Leading and trailing whitespace in a parameter 
+	value is discarded. Internal whitespace within a parameter value 
+	is retained verbatim.</P
+><P
+>Any line beginning with a semicolon (';') or a hash ('#') 
+	character is ignored, as are lines containing only whitespace.</P
+><P
+>Any line ending in a '\' is continued
+	on the next line in the customary UNIX fashion.</P
+><P
+>The values following the equals sign in parameters are all 
+	either a string (no quotes needed) or a boolean, which may be given 
+	as yes/no, 0/1 or true/false. Case is not significant in boolean 
+	values, but is preserved in string values. Some items such as 
+	create modes are numeric.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN28"
+></A
+><H2
+>SECTION DESCRIPTIONS</H2
+><P
+>Each section in the configuration file (except for the
+	[global] section) describes a shared resource (known
+	as a "share"). The section name is the name of the 
+	shared resource and the parameters within the section define 
+	the shares attributes.</P
+><P
+>There are three special sections, [global],
+	[homes] and [printers], which are
+	described under <EM
+>special sections</EM
+>. The
+	following notes apply to ordinary section descriptions.</P
+><P
+>A share consists of a directory to which access is being 
+	given plus a description of the access rights which are granted 
+	to the user of the service. Some housekeeping options are 
+	also specifiable.</P
+><P
+>Sections are either file share services (used by the 
+	client as an extension of their native file systems) or 
+	printable services (used by the client to access print services 
+	on the host running the server).</P
+><P
+>Sections may be designated <EM
+>guest</EM
+> services,
+	in which case no password is required to access them. A specified 
+	UNIX <EM
+>guest account</EM
+> is used to define access
+	privileges in this case.</P
+><P
+>Sections other than guest services will require a password 
+	to access them. The client provides the username. As older clients 
+	only provide passwords and not usernames, you may specify a list 
+	of usernames to check against the password using the "user =" 
+	option in the share definition. For modern clients such as 
+	Windows 95/98/ME/NT/2000, this should not be necessary.</P
+><P
+>Note that the access rights granted by the server are 
+	masked by the access rights granted to the specified or guest 
+	UNIX user by the host system. The server does not grant more
+	access than the host system grants.</P
+><P
+>The following sample section defines a file space share. 
+	The user has write access to the path <TT
+CLASS="FILENAME"
+>/home/bar</TT
+>. 
+	The share is accessed via the share name "foo":</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>	<TT
+CLASS="COMPUTEROUTPUT"
+> 	[foo]
+ 		path = /home/bar
+ 		read only = no
+	</TT
+>
+	</PRE
+></TD
+></TR
+></TABLE
+><P
+>The following sample section defines a printable share. 
+	The share is readonly, but printable. That is, the only write 
+	access permitted is via calls to open, write to and close a 
+	spool file. The <EM
+>guest ok</EM
+> parameter means 
+	access will be permitted as the default guest user (specified 
+	elsewhere):</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>	<TT
+CLASS="COMPUTEROUTPUT"
+> 	[aprinter]
+ 		path = /usr/spool/public
+ 		read only = yes
+ 		printable = yes
+ 		guest ok = yes
+	</TT
+>
+	</PRE
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN48"
+></A
+><H2
+>SPECIAL SECTIONS</H2
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN50"
+></A
+><H3
+>The [global] section</H3
+><P
+>parameters in this section apply to the server 
+		as a whole, or are defaults for sections which do not 
+		specifically define certain items. See the notes
+		under PARAMETERS for more information.</P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN53"
+></A
+><H3
+>The [homes] section</H3
+><P
+>If a section called homes is included in the 
+		configuration file, services connecting clients to their 
+		home directories can be created on the fly by the server.</P
+><P
+>When the connection request is made, the existing 
+		sections are scanned. If a match is found, it is used. If no 
+		match is found, the requested section name is treated as a 
+		user name and looked up in the local password file. If the 
+		name exists and the correct password has been given, a share is 
+		created by cloning the [homes] section.</P
+><P
+>Some modifications are then made to the newly 
+		created share:</P
+><P
+></P
+><UL
+><LI
+><P
+>The share name is changed from homes to 
+		the located username.</P
+></LI
+><LI
+><P
+>If no path was given, the path is set to
+		the user's home directory.</P
+></LI
+></UL
+><P
+>If you decide to use a <EM
+>path =</EM
+> line 
+		in your [homes] section then you may find it useful 
+		to use the %S macro. For example :</P
+><P
+><TT
+CLASS="USERINPUT"
+><B
+>path = /data/pchome/%S</B
+></TT
+></P
+><P
+>would be useful if you have different home directories 
+		for your PCs than for UNIX access.</P
+><P
+>This is a fast and simple way to give a large number 
+		of clients access to their home directories with a minimum 
+		of fuss.</P
+><P
+>A similar process occurs if the requested section 
+		name is "homes", except that the share name is not 
+		changed to that of the requesting user. This method of using
+		the [homes] section works well if different users share 
+		a client PC.</P
+><P
+>The [homes] section can specify all the parameters 
+		a normal service section can specify, though some make more sense 
+		than others. The following is a typical and suitable [homes]
+		section:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>		<TT
+CLASS="COMPUTEROUTPUT"
+>	 	[homes]
+ 			read only = no
+		</TT
+>
+		</PRE
+></TD
+></TR
+></TABLE
+><P
+>An important point is that if guest access is specified 
+		in the [homes] section, all home directories will be 
+		visible to all clients <EM
+>without a password</EM
+>. 
+		In the very unlikely event that this is actually desirable, it 
+		would be wise to also specify <EM
+>read only
+		access</EM
+>.</P
+><P
+>Note that the <EM
+>browseable</EM
+> flag for 
+		auto home directories will be inherited from the global browseable 
+		flag, not the [homes] browseable flag. This is useful as 
+		it means setting <EM
+>browseable = no</EM
+> in
+		the [homes] section will hide the [homes] share but make
+		any auto home directories visible.</P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN79"
+></A
+><H3
+>The [printers] section</H3
+><P
+>This section works like [homes], 
+		but for printers.</P
+><P
+>If a [printers] section occurs in the 
+		configuration file, users are able to connect to any printer 
+		specified in the local host's printcap file.</P
+><P
+>When a connection request is made, the existing sections 
+		are scanned. If a match is found, it is used. If no match is found, 
+		but a [homes] section exists, it is used as described
+		above. Otherwise, the requested section name is treated as a
+		printer name and the appropriate printcap file is scanned to see 
+		if the requested section name is a valid printer share name. If 
+		a match is found, a new printer share is created by cloning 
+		the [printers] section.</P
+><P
+>A few modifications are then made to the newly created 
+		share:</P
+><P
+></P
+><UL
+><LI
+><P
+>The share name is set to the located printer 
+		name</P
+></LI
+><LI
+><P
+>If no printer name was given, the printer name 
+		is set to the located printer name</P
+></LI
+><LI
+><P
+>If the share does not permit guest access and 
+		no username was given, the username is set to the located 
+		printer name.</P
+></LI
+></UL
+><P
+>Note that the [printers] service MUST be 
+		printable - if you specify otherwise, the server will refuse 
+		to load the configuration file.</P
+><P
+>Typically the path specified would be that of a 
+		world-writeable spool directory with the sticky bit set on 
+		it. A typical [printers] entry would look like 
+		this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+><TT
+CLASS="COMPUTEROUTPUT"
+>	 	[printers]
+ 			path = /usr/spool/public
+ 			guest ok = yes
+ 			printable = yes 
+		</TT
+></PRE
+></TD
+></TR
+></TABLE
+><P
+>All aliases given for a printer in the printcap file 
+		are legitimate printer names as far as the server is concerned. 
+		If your printing subsystem doesn't work like that, you will have 
+		to set up a pseudo-printcap. This is a file consisting of one or 
+		more lines like this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>		<TT
+CLASS="COMPUTEROUTPUT"
+>	        alias|alias|alias|alias...    
+		</TT
+>
+		</PRE
+></TD
+></TR
+></TABLE
+><P
+>Each alias should be an acceptable printer name for 
+		your printing subsystem. In the [global] section, specify 
+		the new file as your printcap.  The server will then only recognize 
+		names found in your pseudo-printcap, which of course can contain 
+		whatever aliases you like. The same technique could be used 
+		simply to limit access to a subset of your local printers.</P
+><P
+>An alias, by the way, is defined as any component of the 
+		first entry of a printcap record. Records are separated by newlines,
+		components (if there are more than one) are separated by vertical 
+		bar symbols ('|').</P
+><P
+>NOTE: On SYSV systems which use lpstat to determine what 
+		printers are defined on the system you may be able to use
+		"printcap name = lpstat" to automatically obtain a list 
+		of printers. See the "printcap name" option 
+		for more details.</P
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN102"
+></A
+><H2
+>PARAMETERS</H2
+><P
+>parameters define the specific attributes of sections.</P
+><P
+>Some parameters are specific to the [global] section
+	(e.g., <EM
+>security</EM
+>).  Some parameters are usable 
+	in all sections (e.g., <EM
+>create mode</EM
+>). All others 
+	are permissible only in normal sections. For the purposes of the 
+	following descriptions the [homes] and [printers]
+	sections will be considered normal.  The letter <EM
+>G</EM
+> 
+	in parentheses indicates that a parameter is specific to the
+	[global] section. The letter <EM
+>S</EM
+>
+	indicates that a parameter can be specified in a service specific
+	section. Note that all <EM
+>S</EM
+> parameters can also be specified in 
+	the [global] section - in which case they will define
+	the default behavior for all services.</P
+><P
+>parameters are arranged here in alphabetical order - this may 
+	not create best bedfellows, but at least you can find them! Where
+	there are synonyms, the preferred synonym is described, others refer 
+	to the preferred synonym.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN112"
+></A
+><H2
+>VARIABLE SUBSTITUTIONS</H2
+><P
+>Many of the strings that are settable in the config file 
+	can take substitutions. For example the option "path =
+	/tmp/%u" would be interpreted as "path = 
+	/tmp/john" if the user connected with the username john.</P
+><P
+>These substitutions are mostly noted in the descriptions below, 
+	but there are some general substitutions which apply whenever they 
+	might be relevant. These are:</P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>%S</DT
+><DD
+><P
+>the name of the current service, if any.</P
+></DD
+><DT
+>%P</DT
+><DD
+><P
+>the root directory of the current service, 
+		if any.</P
+></DD
+><DT
+>%u</DT
+><DD
+><P
+>user name of the current service, if any.</P
+></DD
+><DT
+>%g</DT
+><DD
+><P
+>primary group name of %u.</P
+></DD
+><DT
+>%U</DT
+><DD
+><P
+>session user name (the user name that the client 
+		wanted, not necessarily the same as the one they got).</P
+></DD
+><DT
+>%G</DT
+><DD
+><P
+>primary group name of %U.</P
+></DD
+><DT
+>%H</DT
+><DD
+><P
+>the home directory of the user given 
+		by %u.</P
+></DD
+><DT
+>%v</DT
+><DD
+><P
+>the Samba version.</P
+></DD
+><DT
+>%h</DT
+><DD
+><P
+>the Internet hostname that Samba is running 
+		on.</P
+></DD
+><DT
+>%m</DT
+><DD
+><P
+>the NetBIOS name of the client machine 
+		(very useful).</P
+></DD
+><DT
+>%L</DT
+><DD
+><P
+>the NetBIOS name of the server. This allows you 
+		to change your config based on what the client calls you. Your 
+		server can have a "dual personality".</P
+><P
+>Note that this paramater is not available when Samba listens
+                on port 445, as clients no longer send this information </P
+></DD
+><DT
+>%M</DT
+><DD
+><P
+>the Internet name of the client machine.
+		</P
+></DD
+><DT
+>%N</DT
+><DD
+><P
+>the name of your NIS home directory server.  
+		This is obtained from your NIS auto.map entry.  If you have 
+		not compiled Samba with the <EM
+>--with-automount</EM
+> 
+		option then this value will be the same as %L.</P
+></DD
+><DT
+>%p</DT
+><DD
+><P
+>the path of the service's home directory, 
+		obtained from your NIS auto.map entry. The NIS auto.map entry 
+		is split up as "%N:%p".</P
+></DD
+><DT
+>%R</DT
+><DD
+><P
+>the selected protocol level after 
+		protocol negotiation. It can be one of CORE, COREPLUS, 
+		LANMAN1, LANMAN2 or NT1.</P
+></DD
+><DT
+>%d</DT
+><DD
+><P
+>The process id of the current server
+		process.</P
+></DD
+><DT
+>%a</DT
+><DD
+><P
+>the architecture of the remote
+		machine. Only some are recognized, and those may not be 
+		100% reliable. It currently recognizes Samba, "WfWg", "Win95",
+		"WinNT", "Win2K", WinXP, and "Win2K3". Anything else will be known as 
+		"UNKNOWN". If it gets it wrong then sending a level 
+		3 log to <A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>samba@samba.org
+		</A
+> should allow it to be fixed.</P
+></DD
+><DT
+>%I</DT
+><DD
+><P
+>The IP address of the client machine.</P
+></DD
+><DT
+>%T</DT
+><DD
+><P
+>the current date and time.</P
+></DD
+><DT
+>%$(<TT
+CLASS="REPLACEABLE"
+><I
+>envvar</I
+></TT
+>)</DT
+><DD
+><P
+>The value of the environment variable
+		<TT
+CLASS="REPLACEABLE"
+><I
+>envar</I
+></TT
+>.</P
+></DD
+></DL
+></DIV
+><P
+>There are some quite creative things that can be done 
+	with these substitutions and other smb.conf options.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN203"
+></A
+><H2
+>NAME MANGLING</H2
+><P
+>Samba supports "name mangling" so that DOS and 
+	Windows clients can use files that don't conform to the 8.3 format. 
+	It can also be set to adjust the case of 8.3 format filenames.</P
+><P
+>There are several options that control the way mangling is 
+	performed, and they are grouped here rather than listed separately. 
+	For the defaults look at the output of the testparm program. </P
+><P
+>All of these options can be set separately for each service 
+	(or globally, of course). </P
+><P
+>The options are: </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>mangling method</DT
+><DD
+><P
+> controls the algorithm used for the generating
+		the mangled names. Can take two different values, "hash" and
+		"hash2". "hash" is  the default and is the algorithm that has been
+		used in Samba for many years. "hash2" is a newer and considered
+		a better algorithm (generates less collisions) in the names.
+		However, many Win32 applications store the
+		mangled names and so changing to the new algorithm must not be done
+		lightly as these applications may break unless reinstalled.
+		New installations of Samba may set the default to hash2.
+		Default <EM
+>hash</EM
+>.</P
+></DD
+><DT
+>mangle case = yes/no</DT
+><DD
+><P
+> controls if names that have characters that 
+		aren't of the "default" case are mangled. For example, 
+		if this is yes then a name like "Mail" would be mangled. 
+		Default <EM
+>no</EM
+>.</P
+></DD
+><DT
+>case sensitive = yes/no</DT
+><DD
+><P
+>controls whether filenames are case sensitive. If 
+		they aren't then Samba must do a filename search and match on passed 
+		names. Default <EM
+>no</EM
+>.</P
+></DD
+><DT
+>default case = upper/lower</DT
+><DD
+><P
+>controls what the default case is for new 
+		filenames. Default <EM
+>lower</EM
+>.</P
+></DD
+><DT
+>preserve case = yes/no</DT
+><DD
+><P
+>controls if new files are created with the 
+		case that the client passes, or if they are forced to be the 
+		"default" case. Default <EM
+>yes</EM
+>.
+		</P
+></DD
+><DT
+>short preserve case = yes/no</DT
+><DD
+><P
+>controls if new files which conform to 8.3 syntax,
+		that is all in upper case and of suitable length, are created 
+		upper case, or if they are forced to be the "default" 
+		case. This option can be use with "preserve case = yes" 
+		to permit long filenames to retain their case, while short names 
+		are lowercased. Default <EM
+>yes</EM
+>.</P
+></DD
+></DL
+></DIV
+><P
+>By default, Samba 2.2 has the same semantics as a Windows 
+	NT server, in that it is case insensitive but case preserving.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN241"
+></A
+><H2
+>NOTE ABOUT USERNAME/PASSWORD VALIDATION</H2
+><P
+>There are a number of ways in which a user can connect 
+	to a service. The server uses the following steps in determining 
+	if it will allow a connection to a specified service. If all the 
+	steps fail, then the connection request is rejected.  However, if one of the 
+	steps succeeds, then the following steps are not checked.</P
+><P
+>If the service is marked "guest only = yes" and the
+	server is running with share-level security ("security = share")
+	then steps 1 to 5 are skipped.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>If the client has passed a username/password 
+		pair and that username/password pair is validated by the UNIX 
+		system's password programs then the connection is made as that 
+		username. Note that this includes the 
+		\\server\service%<TT
+CLASS="REPLACEABLE"
+><I
+>username</I
+></TT
+> method of passing 
+		a username.</P
+></LI
+><LI
+><P
+>If the client has previously registered a username 
+		with the system and now supplies a correct password for that 
+		username then the connection is allowed.</P
+></LI
+><LI
+><P
+>The client's NetBIOS name and any previously 
+		used user names are checked against the supplied password, if 
+		they match then the connection is allowed as the corresponding 
+		user.</P
+></LI
+><LI
+><P
+>If the client has previously validated a
+		username/password pair with the server and the client has passed 
+		the validation token then that username is used. </P
+></LI
+><LI
+><P
+>If a "user = " field is given in the
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file for the service and the client 
+		has supplied a password, and that password matches (according to 
+		the UNIX system's password checking) with one of the usernames 
+		from the "user =" field then the connection is made as 
+		the username in the "user =" line. If one 
+		of the username in the "user =" list begins with a
+		'@' then that name expands to a list of names in 
+		the group of the same name.</P
+></LI
+><LI
+><P
+>If the service is a guest service then a 
+		connection is made as the username given in the "guest 
+		account =" for the service, irrespective of the 
+		supplied password.</P
+></LI
+></OL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN260"
+></A
+><H2
+>COMPLETE LIST OF GLOBAL PARAMETERS</H2
+><P
+>Here is a list of all global parameters. See the section of 
+	each parameter for details.  Note that some are synonyms.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="#ACLCOMPATIBILITY"
+><TT
+CLASS="PARAMETER"
+><I
+>acl compatibility</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ADDPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add printer command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ADDSHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ADDUSERSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ALLOWTRUSTEDDOMAINS"
+><TT
+CLASS="PARAMETER"
+><I
+>allow trusted domains</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ANNOUNCEAS"
+><TT
+CLASS="PARAMETER"
+><I
+>announce as</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ANNOUNCEVERSION"
+><TT
+CLASS="PARAMETER"
+><I
+>announce version</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#AUTOSERVICES"
+><TT
+CLASS="PARAMETER"
+><I
+>auto services</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#BINDINTERFACESONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>bind interfaces only</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#BROWSELIST"
+><TT
+CLASS="PARAMETER"
+><I
+>browse list</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CHANGENOTIFYTIMEOUT"
+><TT
+CLASS="PARAMETER"
+><I
+>change notify timeout</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CHANGESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CHARACTERSET"
+><TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CODEPAGEDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>code page directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CODINGSYSTEM"
+><TT
+CLASS="PARAMETER"
+><I
+>coding system</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CONFIGFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>config file</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEADTIME"
+><TT
+CLASS="PARAMETER"
+><I
+>deadtime</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEBUGHIRESTIMESTAMP"
+><TT
+CLASS="PARAMETER"
+><I
+>debug hires timestamp</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEBUGPID"
+><TT
+CLASS="PARAMETER"
+><I
+>debug pid</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEBUGTIMESTAMP"
+><TT
+CLASS="PARAMETER"
+><I
+>debug timestamp</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEBUGUID"
+><TT
+CLASS="PARAMETER"
+><I
+>debug uid</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEBUGLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>debuglevel</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEFAULT"
+><TT
+CLASS="PARAMETER"
+><I
+>default</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEFAULTSERVICE"
+><TT
+CLASS="PARAMETER"
+><I
+>default service</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DELETEPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete printer command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DELETESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DELETEUSERSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>delete user script</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DFREECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>dfree command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DISABLESPOOLSS"
+><TT
+CLASS="PARAMETER"
+><I
+>disable spoolss</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DNSPROXY"
+><TT
+CLASS="PARAMETER"
+><I
+>dns proxy</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOMAINADMINGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>domain admin group</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOMAINGUESTGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>domain guest group</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOMAINLOGONS"
+><TT
+CLASS="PARAMETER"
+><I
+>domain logons</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOMAINMASTER"
+><TT
+CLASS="PARAMETER"
+><I
+>domain master</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypt passwords</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ENHANCEDBROWSING"
+><TT
+CLASS="PARAMETER"
+><I
+>enhanced browsing</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ENUMPORTSCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>enumports command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#GETWDCACHE"
+><TT
+CLASS="PARAMETER"
+><I
+>getwd cache</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HIDELOCALUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>hide local users</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HIDEUNREADABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>hide unreadable</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HOMEDIRMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>homedir map</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HOSTMSDFS"
+><TT
+CLASS="PARAMETER"
+><I
+>host msdfs</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HOSTSEQUIV"
+><TT
+CLASS="PARAMETER"
+><I
+>hosts equiv</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#INTERFACES"
+><TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#KEEPALIVE"
+><TT
+CLASS="PARAMETER"
+><I
+>keepalive</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#KERNELOPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>kernel oplocks</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LANMANAUTH"
+><TT
+CLASS="PARAMETER"
+><I
+>lanman auth</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LARGEREADWRITE"
+><TT
+CLASS="PARAMETER"
+><I
+>large readwrite</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LDAPADMINDN"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap admin dn</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LDAPFILTER"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap filter</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LDAPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap port</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LDAPSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap server</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LDAPSSL"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap ssl</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LDAPSUFFIX"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap suffix</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LMANNOUNCE"
+><TT
+CLASS="PARAMETER"
+><I
+>lm announce</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LMINTERVAL"
+><TT
+CLASS="PARAMETER"
+><I
+>lm interval</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOADPRINTERS"
+><TT
+CLASS="PARAMETER"
+><I
+>load printers</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOCALMASTER"
+><TT
+CLASS="PARAMETER"
+><I
+>local master</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOCKDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>lock dir</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOCKDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>lock directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOCKSPINCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>lock spin count</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOCKSPINTIME"
+><TT
+CLASS="PARAMETER"
+><I
+>lock spin time</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PIDDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>pid directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOGFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>log file</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOGLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>log level</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOGONDRIVE"
+><TT
+CLASS="PARAMETER"
+><I
+>logon drive</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOGONHOME"
+><TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOGONPATH"
+><TT
+CLASS="PARAMETER"
+><I
+>logon path</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOGONSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>logon script</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LPQCACHETIME"
+><TT
+CLASS="PARAMETER"
+><I
+>lpq cache time</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MACHINEPASSWORDTIMEOUT"
+><TT
+CLASS="PARAMETER"
+><I
+>machine password timeout</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MANGLEDSTACK"
+><TT
+CLASS="PARAMETER"
+><I
+>mangled stack</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MANGLINGMETHOD"
+><TT
+CLASS="PARAMETER"
+><I
+>mangling method</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAPTOGUEST"
+><TT
+CLASS="PARAMETER"
+><I
+>map to guest</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXDISKSIZE"
+><TT
+CLASS="PARAMETER"
+><I
+>max disk size</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXLOGSIZE"
+><TT
+CLASS="PARAMETER"
+><I
+>max log size</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXMUX"
+><TT
+CLASS="PARAMETER"
+><I
+>max mux</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXOPENFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>max open files</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXPROTOCOL"
+><TT
+CLASS="PARAMETER"
+><I
+>max protocol</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXSMBDPROCESSES"
+><TT
+CLASS="PARAMETER"
+><I
+>max smbd processes</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXTTL"
+><TT
+CLASS="PARAMETER"
+><I
+>max ttl</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXWINSTTL"
+><TT
+CLASS="PARAMETER"
+><I
+>max wins ttl</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXXMIT"
+><TT
+CLASS="PARAMETER"
+><I
+>max xmit</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MESSAGECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>message command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MINPASSWDLENGTH"
+><TT
+CLASS="PARAMETER"
+><I
+>min passwd length</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MINPASSWORDLENGTH"
+><TT
+CLASS="PARAMETER"
+><I
+>min password length</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MINPROTOCOL"
+><TT
+CLASS="PARAMETER"
+><I
+>min protocol</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MINWINSTTL"
+><TT
+CLASS="PARAMETER"
+><I
+>min wins ttl</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NAMERESOLVEORDER"
+><TT
+CLASS="PARAMETER"
+><I
+>name resolve order</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NETBIOSALIASES"
+><TT
+CLASS="PARAMETER"
+><I
+>netbios aliases</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NETBIOSNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>netbios name</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NETBIOSSCOPE"
+><TT
+CLASS="PARAMETER"
+><I
+>netbios scope</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NISHOMEDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>nis homedir</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NTPIPESUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>nt pipe support</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NTSMBSUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>nt smb support</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NTSTATUSSUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>nt status support</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NULLPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>null passwords</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#OBEYPAMRESTRICTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>obey pam restrictions</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#OPLOCKBREAKWAITTIME"
+><TT
+CLASS="PARAMETER"
+><I
+>oplock break wait time</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#OSLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>os level</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#OS2DRIVERMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>os2 driver map</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PANICACTION"
+><TT
+CLASS="PARAMETER"
+><I
+>panic action</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PASSWDCHAT"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd chat</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PASSWDCHATDEBUG"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd chat debug</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PASSWORDLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>password level</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PASSWORDSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PREFEREDMASTER"
+><TT
+CLASS="PARAMETER"
+><I
+>prefered master</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PREFERREDMASTER"
+><TT
+CLASS="PARAMETER"
+><I
+>preferred master</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRELOAD"
+><TT
+CLASS="PARAMETER"
+><I
+>preload</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTCAP"
+><TT
+CLASS="PARAMETER"
+><I
+>printcap</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTCAPNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>printcap name</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTERDRIVERFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver file</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PROTOCOL"
+><TT
+CLASS="PARAMETER"
+><I
+>protocol</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#READBMPX"
+><TT
+CLASS="PARAMETER"
+><I
+>read bmpx</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#READRAW"
+><TT
+CLASS="PARAMETER"
+><I
+>read raw</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#READSIZE"
+><TT
+CLASS="PARAMETER"
+><I
+>read size</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#REMOTEANNOUNCE"
+><TT
+CLASS="PARAMETER"
+><I
+>remote announce</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#REMOTEBROWSESYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>remote browse sync</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#RESTRICTANONYMOUS"
+><TT
+CLASS="PARAMETER"
+><I
+>restrict anonymous</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ROOT"
+><TT
+CLASS="PARAMETER"
+><I
+>root</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ROOTDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>root dir</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ROOTDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>root directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>security</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SERVERSTRING"
+><TT
+CLASS="PARAMETER"
+><I
+>server string</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SHOWADDPRINTERWIZARD"
+><TT
+CLASS="PARAMETER"
+><I
+>show add printer wizard</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SMBPASSWDFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>smb passwd file</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SOCKETADDRESS"
+><TT
+CLASS="PARAMETER"
+><I
+>socket address</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SOCKETOPTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>socket options</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SOURCEENVIRONMENT"
+><TT
+CLASS="PARAMETER"
+><I
+>source environment</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSL"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLCACERTDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl CA certDir</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLCACERTFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl CA certFile</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLCIPHERS"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl ciphers</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLCLIENTCERT"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl client cert</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLCLIENTKEY"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl client key</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLCOMPATIBILITY"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl compatibility</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLEGDSOCKET"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl egd socket</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLENTROPYBYTES"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl entropy bytes</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLENTROPYFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl entropy file</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLHOSTS"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl hosts</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLHOSTSRESIGN"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl hosts resign</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLREQUIRECLIENTCERT"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl require clientcert</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLREQUIRESERVERCERT"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl require servercert</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLSERVERCERT"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl server cert</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLSERVERKEY"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl server key</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SSLVERSION"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl version</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STATCACHE"
+><TT
+CLASS="PARAMETER"
+><I
+>stat cache</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STATCACHESIZE"
+><TT
+CLASS="PARAMETER"
+><I
+>stat cache size</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STRIPDOT"
+><TT
+CLASS="PARAMETER"
+><I
+>strip dot</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SYSLOG"
+><TT
+CLASS="PARAMETER"
+><I
+>syslog</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SYSLOGONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>syslog only</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#TEMPLATEHOMEDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>template homedir</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#TEMPLATESHELL"
+><TT
+CLASS="PARAMETER"
+><I
+>template shell</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#TIMEOFFSET"
+><TT
+CLASS="PARAMETER"
+><I
+>time offset</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#TIMESERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>time server</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#TIMESTAMPLOGS"
+><TT
+CLASS="PARAMETER"
+><I
+>timestamp logs</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#TOTALPRINTJOBS"
+><TT
+CLASS="PARAMETER"
+><I
+>total print jobs</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#UNIXEXTENSIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>unix extensions</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#UNIXPASSWORDSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>unix password sync</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#UPDATEENCRYPTED"
+><TT
+CLASS="PARAMETER"
+><I
+>update encrypted</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USEMMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>use mmap</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USERHOSTS"
+><TT
+CLASS="PARAMETER"
+><I
+>use rhosts</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USERNAMELEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>username level</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USERNAMEMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>username map</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#UTMP"
+><TT
+CLASS="PARAMETER"
+><I
+>utmp</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#UTMPDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>utmp directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VALIDCHARS"
+><TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDCACHETIME"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind cache time</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDENUMUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind enum users</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDENUMGROUPS"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind enum groups</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDGID"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind gid</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDSEPARATOR"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind separator</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDUID"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind uid</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINBINDUSEDEFAULTDOMAIN"
+><TT
+CLASS="PARAMETER"
+><I
+>winbind use default domain</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINSHOOK"
+><TT
+CLASS="PARAMETER"
+><I
+>wins hook</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINSPROXY"
+><TT
+CLASS="PARAMETER"
+><I
+>wins proxy</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINSSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>wins server</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WINSSUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>wins support</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WORKGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WRITERAW"
+><TT
+CLASS="PARAMETER"
+><I
+>write raw</I
+></TT
+></A
+></P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN996"
+></A
+><H2
+>COMPLETE LIST OF SERVICE PARAMETERS</H2
+><P
+>Here is a list of all service parameters. See the section on 
+	each parameter for details. Note that some are synonyms.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="#ADMINUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>admin users</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ALLOWHOSTS"
+><TT
+CLASS="PARAMETER"
+><I
+>allow hosts</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#AVAILABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>available</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#BLOCKINGLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>blocking locks</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#BLOCKSIZE"
+><TT
+CLASS="PARAMETER"
+><I
+>block size</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#BROWSABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>browsable</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#BROWSEABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>browseable</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CASESENSITIVE"
+><TT
+CLASS="PARAMETER"
+><I
+>case sensitive</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CASESIGNAMES"
+><TT
+CLASS="PARAMETER"
+><I
+>casesignames</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#COMMENT"
+><TT
+CLASS="PARAMETER"
+><I
+>comment</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#COPY"
+><TT
+CLASS="PARAMETER"
+><I
+>copy</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>create mode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#CSCPOLICY"
+><TT
+CLASS="PARAMETER"
+><I
+>csc policy</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEFAULTCASE"
+><TT
+CLASS="PARAMETER"
+><I
+>default case</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DEFAULTDEVMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>default devmode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DELETEREADONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>delete readonly</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DELETEVETOFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>delete veto files</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DENYHOSTS"
+><TT
+CLASS="PARAMETER"
+><I
+>deny hosts</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DIRECTORYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>directory mode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DONTDESCEND"
+><TT
+CLASS="PARAMETER"
+><I
+>dont descend</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOSFILEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>dos filemode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOSFILETIMERESOLUTION"
+><TT
+CLASS="PARAMETER"
+><I
+>dos filetime resolution</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#DOSFILETIMES"
+><TT
+CLASS="PARAMETER"
+><I
+>dos filetimes</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#EXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>exec</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FAKEDIRECTORYCREATETIMES"
+><TT
+CLASS="PARAMETER"
+><I
+>fake directory create times</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FAKEOPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>fake oplocks</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FOLLOWSYMLINKS"
+><TT
+CLASS="PARAMETER"
+><I
+>follow symlinks</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCECREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCEDIRECTORYSECURITYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCEGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>force group</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCESECURITYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCEUNKNOWNACLUSER"
+><TT
+CLASS="PARAMETER"
+><I
+>force unknown acl user</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCEUSER"
+><TT
+CLASS="PARAMETER"
+><I
+>force user</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FSTYPE"
+><TT
+CLASS="PARAMETER"
+><I
+>fstype</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#GROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>group</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#GUESTOK"
+><TT
+CLASS="PARAMETER"
+><I
+>guest ok</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#GUESTONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>guest only</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HIDEDOTFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>hide dot files</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HIDEFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>hide files</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HOSTSALLOW"
+><TT
+CLASS="PARAMETER"
+><I
+>hosts allow</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#HOSTSDENY"
+><TT
+CLASS="PARAMETER"
+><I
+>hosts deny</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#INCLUDE"
+><TT
+CLASS="PARAMETER"
+><I
+>include</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#INHERITACLS"
+><TT
+CLASS="PARAMETER"
+><I
+>inherit acls</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#INHERITPERMISSIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>inherit permissions</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#INVALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>invalid users</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LEVEL2OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>level2 oplocks</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LOCKING"
+><TT
+CLASS="PARAMETER"
+><I
+>locking</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LPPAUSECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>lppause command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LPQCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>lpq command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LPRESUMECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>lpresume command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#LPRMCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>lprm command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAGICOUTPUT"
+><TT
+CLASS="PARAMETER"
+><I
+>magic output</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAGICSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>magic script</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MANGLECASE"
+><TT
+CLASS="PARAMETER"
+><I
+>mangle case</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MANGLEDMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>mangled map</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MANGLEDNAMES"
+><TT
+CLASS="PARAMETER"
+><I
+>mangled names</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MANGLINGCHAR"
+><TT
+CLASS="PARAMETER"
+><I
+>mangling char</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAPARCHIVE"
+><TT
+CLASS="PARAMETER"
+><I
+>map archive</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAPHIDDEN"
+><TT
+CLASS="PARAMETER"
+><I
+>map hidden</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAPSYSTEM"
+><TT
+CLASS="PARAMETER"
+><I
+>map system</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXCONNECTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>max connections</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MAXPRINTJOBS"
+><TT
+CLASS="PARAMETER"
+><I
+>max print jobs</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MINPRINTSPACE"
+><TT
+CLASS="PARAMETER"
+><I
+>min print space</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#MSDFSROOT"
+><TT
+CLASS="PARAMETER"
+><I
+>msdfs root</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#NTACLSUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ONLYGUEST"
+><TT
+CLASS="PARAMETER"
+><I
+>only guest</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ONLYUSER"
+><TT
+CLASS="PARAMETER"
+><I
+>only user</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#OPLOCKCONTENTIONLIMIT"
+><TT
+CLASS="PARAMETER"
+><I
+>oplock contention limit</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PATH"
+><TT
+CLASS="PARAMETER"
+><I
+>path</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#POSIXLOCKING"
+><TT
+CLASS="PARAMETER"
+><I
+>posix locking</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#POSTEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>postexec</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#POSTSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>postscript</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PREEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>preexec</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PREEXECCLOSE"
+><TT
+CLASS="PARAMETER"
+><I
+>preexec close</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRESERVECASE"
+><TT
+CLASS="PARAMETER"
+><I
+>preserve case</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>print command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTOK"
+><TT
+CLASS="PARAMETER"
+><I
+>print ok</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>printable</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTER"
+><TT
+CLASS="PARAMETER"
+><I
+>printer</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTERADMIN"
+><TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTERDRIVER"
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTERDRIVERLOCATION"
+><TT
+CLASS="PARAMETER"
+><I
+>printer driver location</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTERNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>printer name</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PROFILEACLS"
+><TT
+CLASS="PARAMETER"
+><I
+>profile acls</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#PUBLIC"
+><TT
+CLASS="PARAMETER"
+><I
+>public</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#QUEUEPAUSECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>queuepause command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#QUEUERESUMECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>queueresume command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#READLIST"
+><TT
+CLASS="PARAMETER"
+><I
+>read list</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#READONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>read only</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ROOTPOSTEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>root postexec</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ROOTPREEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>root preexec</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ROOTPREEXECCLOSE"
+><TT
+CLASS="PARAMETER"
+><I
+>root preexec close</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SETDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>set directory</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SHAREMODES"
+><TT
+CLASS="PARAMETER"
+><I
+>share modes</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SHORTPRESERVECASE"
+><TT
+CLASS="PARAMETER"
+><I
+>short preserve case</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STATUS"
+><TT
+CLASS="PARAMETER"
+><I
+>status</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STRICTALLOCATE"
+><TT
+CLASS="PARAMETER"
+><I
+>strict allocate</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STRICTLOCKING"
+><TT
+CLASS="PARAMETER"
+><I
+>strict locking</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#STRICTSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>strict sync</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#SYNCALWAYS"
+><TT
+CLASS="PARAMETER"
+><I
+>sync always</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USECLIENTDRIVER"
+><TT
+CLASS="PARAMETER"
+><I
+>use client driver</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USESENDFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>use sendfile</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USER"
+><TT
+CLASS="PARAMETER"
+><I
+>user</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USERNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>username</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#USERS"
+><TT
+CLASS="PARAMETER"
+><I
+>users</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>valid users</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VETOFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>veto files</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VETOOPLOCKFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>veto oplock files</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VFSOBJECT"
+><TT
+CLASS="PARAMETER"
+><I
+>vfs object</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VFSOPTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>vfs options</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#VOLUME"
+><TT
+CLASS="PARAMETER"
+><I
+>volume</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WIDELINKS"
+><TT
+CLASS="PARAMETER"
+><I
+>wide links</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WRITABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>writable</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WRITECACHESIZE"
+><TT
+CLASS="PARAMETER"
+><I
+>write cache size</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WRITELIST"
+><TT
+CLASS="PARAMETER"
+><I
+>write list</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WRITEOK"
+><TT
+CLASS="PARAMETER"
+><I
+>write ok</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#WRITEABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>writeable</I
+></TT
+></A
+></P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN1504"
+></A
+><H2
+>EXPLANATION OF EACH PARAMETER</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><A
+NAME="ACLCOMPATIBILITY"
+></A
+>acl compatibility (G)</DT
+><DD
+><P
+>New in Samba 2.2.8 and above, this string parameter tells
+		smbd if it should modify any Windows access control lists created
+		from POSIX access control lists to remove features which are not
+		supported by Windows 2000 but not supported by the Windows NT ACL edit.
+		control.</P
+><P
+>By default this parameter is set automatically by detecting the
+		client type and is set to "true" if the client is Windows NT.</P
+><P
+>Default: <EM
+>client detected</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>acl compatibility = Win2k</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>acl compatibility = winnt</B
+></P
+></DD
+><DT
+><A
+NAME="ADDPRINTERCOMMAND"
+></A
+>add printer command (G)</DT
+><DD
+><P
+>With the introduction of MS-RPC based printing
+		support for Windows NT/2000 clients in Samba 2.2, The MS Add
+		Printer Wizard (APW) icon is now also available in the 
+		"Printers..." folder displayed a share listing.  The APW
+		allows for printers to be add remotely to a Samba or Windows 
+		NT/2000 print server.</P
+><P
+>For a Samba host this means that the printer must be 
+		physically added to the underlying printing system.  The <TT
+CLASS="PARAMETER"
+><I
+>add 
+		printer command</I
+></TT
+> defines a script to be run which 
+		will perform the necessary operations for adding the printer
+		to the print system and to add the appropriate service definition 
+		to the  <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file in order that it can be 
+		shared by <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+>
+		</A
+>.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>add printer command</I
+></TT
+> is
+		automatically invoked with the following parameter (in 
+		order:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>printer name</I
+></TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>share name</I
+></TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>port name</I
+></TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>driver name</I
+></TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>location</I
+></TT
+></P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>Windows 9x driver location</I
+></TT
+>
+			</P
+></LI
+></UL
+><P
+>All parameters are filled in from the PRINTER_INFO_2 structure sent 
+		by the Windows NT/2000 client with one exception.  The "Windows 9x
+		driver location" parameter is included for backwards compatibility
+		only.  The remaining fields in the structure are generated from answers
+		to the APW questions.</P
+><P
+>Once the <TT
+CLASS="PARAMETER"
+><I
+>add printer command</I
+></TT
+> has 
+		been executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will reparse the <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> to determine if the share defined by the APW
+		exists.  If the sharename is still invalid, then <B
+CLASS="COMMAND"
+>smbd
+		</B
+> will return an ACCESS_DENIED error to the client.</P
+><P
+>See also <A
+HREF="#DELETEPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>		delete printer command</I
+></TT
+></A
+>, <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+></A
+>,
+		<A
+HREF="#SHOWADDPRINTERWIZARD"
+><TT
+CLASS="PARAMETER"
+><I
+>show add
+		printer wizard</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>addprinter command = /usr/bin/addprinter
+		</B
+></P
+></DD
+><DT
+><A
+NAME="ADDSHARECOMMAND"
+></A
+>add share command (G)</DT
+><DD
+><P
+>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+> is used to define an 
+		external program or script which will add a new service definition 
+		to <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  In order to successfully 
+		execute the <TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+>, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</P
+><P
+>		When executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will automatically invoke the 
+		<TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+> with four parameters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>configFile</I
+></TT
+> - the location 
+			of the global <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>shareName</I
+></TT
+> - the name of the new 
+			share.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>pathName</I
+></TT
+> - path to an **existing**
+			directory on disk.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>comment</I
+></TT
+> - comment string to associate 
+			with the new share.
+			</P
+></LI
+></UL
+><P
+>		This parameter is only used for add file shares.  To add printer shares, 
+		see the <A
+HREF="#ADDPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add printer 
+		command</I
+></TT
+></A
+>.
+		</P
+><P
+>		See also <A
+HREF="#CHANGESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>change share 
+		command</I
+></TT
+></A
+>, <A
+HREF="#DELETESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete share
+		command</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>add share command = /usr/local/bin/addshare</B
+></P
+></DD
+><DT
+><A
+NAME="ADDUSERSCRIPT"
+></A
+>add user script (G)</DT
+><DD
+><P
+>This is the full pathname to a script that will 
+		be run <EM
+>AS ROOT</EM
+> by <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)
+		</A
+> under special circumstances described below.</P
+><P
+>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> to create the required UNIX users 
+		<EM
+>ON DEMAND</EM
+> when a user accesses the Samba server.</P
+><P
+>In order to use this option, <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> 
+		must <EM
+>NOT</EM
+> be set to <TT
+CLASS="PARAMETER"
+><I
+>security = share</I
+></TT
+>
+		and <TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+>
+		must be set to a full pathname for a script that will create a UNIX 
+		user given one argument of <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+>, which expands into 
+		the UNIX user name to create.</P
+><P
+>When the Windows user attempts to access the Samba server, 
+		at login (session setup in the SMB protocol) time, <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		smbd</A
+> contacts the <TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> and 
+		attempts to authenticate the given user with the given password. If the 
+		authentication succeeds then <B
+CLASS="COMMAND"
+>smbd</B
+> 
+		attempts to find a UNIX user in the UNIX password database to map the 
+		Windows user into. If this lookup fails, and <TT
+CLASS="PARAMETER"
+><I
+>add user script
+		</I
+></TT
+> is set then <B
+CLASS="COMMAND"
+>smbd</B
+> will
+		call the specified script <EM
+>AS ROOT</EM
+>, expanding 
+		any <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+> argument to be the user name to create.</P
+><P
+>If this script successfully creates the user then <B
+CLASS="COMMAND"
+>smbd
+		</B
+> will continue on as though the UNIX user
+		already existed. In this way, UNIX users are dynamically created to
+		match existing Windows NT accounts.</P
+><P
+>See also <A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>		security</I
+></TT
+></A
+>, <A
+HREF="#PASSWORDSERVER"
+>		<TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+></A
+>, 
+		<A
+HREF="#DELETEUSERSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>delete user 
+		script</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>add user script = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>add user script = /usr/local/samba/bin/add_user 
+		%u</B
+></P
+></DD
+><DT
+><A
+NAME="ADMINUSERS"
+></A
+>admin users (S)</DT
+><DD
+><P
+>This is a list of users who will be granted 
+		administrative privileges on the share. This means that they 
+		will do all file operations as the super-user (root).</P
+><P
+>You should use this option very carefully, as any user in 
+		this list will be able to do anything they like on the share, 
+		irrespective of file permissions.</P
+><P
+>Default: <EM
+>no admin users</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>admin users = jason</B
+></P
+></DD
+><DT
+><A
+NAME="ALLOWHOSTS"
+></A
+>allow hosts (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#HOSTSALLOW"
+>		<TT
+CLASS="PARAMETER"
+><I
+>hosts allow</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="ALLOWTRUSTEDDOMAINS"
+></A
+>allow trusted domains (G)</DT
+><DD
+><P
+>This option only takes effect when the <A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>security</I
+></TT
+></A
+> option is set to 
+		<TT
+CLASS="CONSTANT"
+>server</TT
+> or <TT
+CLASS="CONSTANT"
+>domain</TT
+>.  
+		If it is set to no, then attempts to connect to a resource from 
+		a domain or workgroup other than the one which <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> is running 
+		in will fail, even if that domain is trusted by the remote server 
+		doing the authentication.</P
+><P
+>This is useful if you only want your Samba server to 
+		serve resources to users in the domain it is a member of. As 
+		an example, suppose that there are two domains DOMA and DOMB.  DOMB 
+		is trusted by DOMA, which contains the Samba server.  Under normal 
+		circumstances, a user with an account in DOMB can then access the 
+		resources of a UNIX account with the same account name on the 
+		Samba server even if they do not have an account in DOMA.  This 
+		can make implementing a security boundary difficult.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>allow trusted domains = yes</B
+></P
+></DD
+><DT
+><A
+NAME="ANNOUNCEAS"
+></A
+>announce as (G)</DT
+><DD
+><P
+>This specifies what type of server 
+		<A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd</B
+></A
+> 
+		will announce itself as, to a network neighborhood browse 
+		list. By default this is set to Windows NT. The valid options 
+		are : "NT Server" (which can also be written as "NT"), 
+		"NT Workstation", "Win95" or "WfW" meaning Windows NT Server, 
+		Windows NT Workstation, Windows 95 and Windows for Workgroups 
+		respectively. Do not change this parameter unless you have a 
+		specific need to stop Samba appearing as an NT server as this 
+		may prevent Samba servers from participating as browser servers 
+		correctly.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>announce as = NT Server</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>announce as = Win95</B
+></P
+></DD
+><DT
+><A
+NAME="ANNOUNCEVERSION"
+></A
+>announce version (G)</DT
+><DD
+><P
+>This specifies the major and minor version numbers 
+		that nmbd will use when announcing itself as a server. The default 
+		is 4.9.  Do not change this parameter unless you have a specific 
+		need to set a Samba server to be a downlevel server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>announce version = 4.9</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>announce version = 2.0</B
+></P
+></DD
+><DT
+><A
+NAME="AUTOSERVICES"
+></A
+>auto services (G)</DT
+><DD
+><P
+>This is a synonym for the <A
+HREF="#PRELOAD"
+>		<TT
+CLASS="PARAMETER"
+><I
+>preload</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="AVAILABLE"
+></A
+>available (S)</DT
+><DD
+><P
+>This parameter lets you "turn off" a service. If 
+		<TT
+CLASS="PARAMETER"
+><I
+>available = no</I
+></TT
+>, then <EM
+>ALL</EM
+> 
+		attempts to connect to the service will fail. Such failures are 
+		logged.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>available = yes</B
+></P
+></DD
+><DT
+><A
+NAME="BINDINTERFACESONLY"
+></A
+>bind interfaces only (G)</DT
+><DD
+><P
+>This global parameter allows the Samba admin 
+		to limit what interfaces on a machine will serve SMB requests. If 
+		affects file service <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> and 
+		name service <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> in slightly 
+		different ways.</P
+><P
+>For name service it causes <B
+CLASS="COMMAND"
+>nmbd</B
+> to bind 
+		to ports 137 and 138 on the interfaces listed in the <A
+HREF="#INTERFACES"
+>interfaces</A
+> parameter. <B
+CLASS="COMMAND"
+>nmbd
+		</B
+> also binds to the "all addresses" interface (0.0.0.0) 
+		on ports 137 and 138 for the purposes of reading broadcast messages. 
+		If this option is not set then <B
+CLASS="COMMAND"
+>nmbd</B
+> will service 
+		name requests on all of these sockets. If <TT
+CLASS="PARAMETER"
+><I
+>bind interfaces
+		only</I
+></TT
+> is set then <B
+CLASS="COMMAND"
+>nmbd</B
+> will check the 
+		source address of any packets coming in on the broadcast sockets 
+		and discard any that don't match the broadcast addresses of the 
+		interfaces in the <TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+> parameter list. 
+		As unicast packets are received on the other sockets it allows 
+		<B
+CLASS="COMMAND"
+>nmbd</B
+> to refuse to serve names to machines that 
+		send packets that arrive through any interfaces not listed in the
+		<TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+> list.  IP Source address spoofing
+		does defeat this simple check, however so it must not be used
+		seriously as a security feature for <B
+CLASS="COMMAND"
+>nmbd</B
+>.</P
+><P
+>For file service it causes <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+>
+		to bind only to the interface list given in the <A
+HREF="#INTERFACES"
+>		interfaces</A
+> parameter. This restricts the networks that 
+		<B
+CLASS="COMMAND"
+>smbd</B
+> will serve to packets coming in those 
+		interfaces.  Note that you should not use this parameter for machines 
+		that are serving PPP or other intermittent or non-broadcast network 
+		interfaces as it will not cope with non-permanent interfaces.</P
+><P
+>If <TT
+CLASS="PARAMETER"
+><I
+>bind interfaces only</I
+></TT
+> is set then 
+		unless the network address <EM
+>127.0.0.1</EM
+> is added 
+		to the <TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+> parameter list <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+> 
+		and <A
+HREF="swat.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>swat(8)</B
+></A
+> may 
+		not work as expected due to the reasons covered below.</P
+><P
+>To change a users SMB password, the <B
+CLASS="COMMAND"
+>smbpasswd</B
+>
+		by default connects to the <EM
+>localhost - 127.0.0.1</EM
+> 
+		address as an SMB client to issue the password change request. If 
+		<TT
+CLASS="PARAMETER"
+><I
+>bind interfaces only</I
+></TT
+> is set then unless the 
+		network address <EM
+>127.0.0.1</EM
+> is added to the
+		<TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+> parameter list then <B
+CLASS="COMMAND"
+>		smbpasswd</B
+> will fail to connect in it's default mode. 
+		<B
+CLASS="COMMAND"
+>smbpasswd</B
+> can be forced to use the primary IP interface 
+		of the local host by using its <A
+HREF="smbpasswd.8.html#minusr"
+TARGET="_top"
+>		<TT
+CLASS="PARAMETER"
+><I
+>-r <TT
+CLASS="REPLACEABLE"
+><I
+>remote machine</I
+></TT
+></I
+></TT
+>
+		</A
+> parameter, with <TT
+CLASS="REPLACEABLE"
+><I
+>remote machine</I
+></TT
+> set 
+		to the IP name of the primary interface of the local host.</P
+><P
+>The <B
+CLASS="COMMAND"
+>swat</B
+> status page tries to connect with
+		<B
+CLASS="COMMAND"
+>smbd</B
+> and <B
+CLASS="COMMAND"
+>nmbd</B
+> at the address 
+		<EM
+>127.0.0.1</EM
+> to determine if they are running.  
+		Not adding <EM
+>127.0.0.1</EM
+>  will cause <B
+CLASS="COMMAND"
+>		smbd</B
+> and <B
+CLASS="COMMAND"
+>nmbd</B
+> to always show
+		"not running" even if they really are.  This can prevent <B
+CLASS="COMMAND"
+>		swat</B
+> from starting/stopping/restarting <B
+CLASS="COMMAND"
+>smbd</B
+>
+		and <B
+CLASS="COMMAND"
+>nmbd</B
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>bind interfaces only = no</B
+></P
+></DD
+><DT
+><A
+NAME="BLOCKSIZE"
+></A
+>block size (S)</DT
+><DD
+><P
+>This parameter controls the behavior of <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> when reporting disk free sizes.
+		By default, this reports a disk block size of 1024 bytes.</P
+><P
+>Changing this parameter may have some effect on the
+		efficiency of client writes, this is not yet confirmed. This
+		parameter was added to allow advanced administrators to change
+		it (usually to a higher value) and test the effect it has on
+		client write performance without re-compiling the code. As this
+		is an experimental option it may be removed in a future release.
+		</P
+><P
+>Changing this option does not change the disk free reporting
+		size, just the block size unit reported to the client.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>block size = 1024</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>block size = 65536</B
+></P
+></DD
+><DT
+><A
+NAME="BLOCKINGLOCKS"
+></A
+>blocking locks (S)</DT
+><DD
+><P
+>This parameter controls the behavior of <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> when given a request by a client 
+		to obtain a byte range lock on a region of an open file, and the 
+		request has a time limit associated with it.</P
+><P
+>If this parameter is set and the lock range requested 
+		cannot be immediately satisfied, Samba 2.2 will internally 
+		queue the lock request, and periodically attempt to obtain 
+		the lock until the timeout period expires.</P
+><P
+>If this parameter is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>, then 
+		Samba 2.2 will behave as previous versions of Samba would and 
+		will fail the lock request immediately if the lock range 
+		cannot be obtained.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>blocking locks = yes</B
+></P
+></DD
+><DT
+><A
+NAME="BROWSABLE"
+></A
+>browsable (S)</DT
+><DD
+><P
+>See the <A
+HREF="#BROWSEABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>		browseable</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="BROWSELIST"
+></A
+>browse list (G)</DT
+><DD
+><P
+>This controls whether <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> will serve a browse list to 
+		a client doing a <B
+CLASS="COMMAND"
+>NetServerEnum</B
+> call. Normally 
+		set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>. You should never need to change 
+		this.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>browse list = yes</B
+></P
+></DD
+><DT
+><A
+NAME="BROWSEABLE"
+></A
+>browseable (S)</DT
+><DD
+><P
+>This controls whether this share is seen in 
+		the list of available shares in a net view and in the browse list.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>browseable = yes</B
+></P
+></DD
+><DT
+><A
+NAME="CASESENSITIVE"
+></A
+>case sensitive (S)</DT
+><DD
+><P
+>See the discussion in the section <A
+HREF="#AEN203"
+>NAME MANGLING</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>case sensitive = no</B
+></P
+></DD
+><DT
+><A
+NAME="CASESIGNAMES"
+></A
+>casesignames (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#CASESENSITIVE"
+>case 
+		sensitive</A
+>.</P
+></DD
+><DT
+><A
+NAME="CHANGENOTIFYTIMEOUT"
+></A
+>change notify timeout (G)</DT
+><DD
+><P
+>This SMB allows a client to tell a server to 
+		"watch" a particular directory for any changes and only reply to
+		the SMB request when a change has occurred. Such constant scanning of
+		a directory is expensive under UNIX, hence an <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> daemon only performs such a scan 
+		on each requested directory once every <TT
+CLASS="PARAMETER"
+><I
+>change notify 
+		timeout</I
+></TT
+> seconds.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>change notify timeout = 60</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>change notify timeout = 300</B
+></P
+><P
+>Would change the scan time to every 5 minutes.</P
+></DD
+><DT
+><A
+NAME="CHANGESHARECOMMAND"
+></A
+>change share command (G)</DT
+><DD
+><P
+>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+> is used to define an 
+		external program or script which will modify an existing service definition 
+		in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  In order to successfully 
+		execute the <TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+>, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</P
+><P
+>		When executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will automatically invoke the 
+		<TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+> with four parameters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>configFile</I
+></TT
+> - the location 
+			of the global <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>shareName</I
+></TT
+> - the name of the new 
+			share.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>pathName</I
+></TT
+> - path to an **existing**
+			directory on disk.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>comment</I
+></TT
+> - comment string to associate 
+			with the new share.
+			</P
+></LI
+></UL
+><P
+>		This parameter is only used modify existing file shares definitions.  To modify 
+		printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+		</P
+><P
+>		See also <A
+HREF="#ADDSHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add share
+		command</I
+></TT
+></A
+>, <A
+HREF="#DELETESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete 
+		share command</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>change share command = /usr/local/bin/addshare</B
+></P
+></DD
+><DT
+><A
+NAME="CHARACTERSET"
+></A
+>character set (G)</DT
+><DD
+><P
+>This allows <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> to map incoming filenames 
+		from a DOS Code page (see the <A
+HREF="#CLIENTCODEPAGE"
+>client 
+		code page</A
+> parameter) to several built in UNIX character sets. 
+		The built in code page translations are:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-1</TT
+> : Western European 
+			UNIX character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+>
+			<EM
+>MUST</EM
+> be set to code page 850 if the 
+			<TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+> parameter is set to
+			<TT
+CLASS="CONSTANT"
+>ISO8859-1</TT
+> in order for the conversion to the 
+			UNIX character set to be done correctly.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-2</TT
+> : Eastern European 
+			UNIX character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page
+			</I
+></TT
+> <EM
+>MUST</EM
+> be set to code page 852 if 
+			the <TT
+CLASS="PARAMETER"
+><I
+> character set</I
+></TT
+> parameter is set 
+			to <TT
+CLASS="CONSTANT"
+>ISO8859-2</TT
+> in order for the conversion 
+			to the UNIX character set to be done correctly. </P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-5</TT
+> : Russian Cyrillic 
+			UNIX character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page
+			</I
+></TT
+> <EM
+>MUST</EM
+> be set to code page 
+			866 if the <TT
+CLASS="PARAMETER"
+><I
+>character set </I
+></TT
+> parameter is 
+			set to <TT
+CLASS="CONSTANT"
+>ISO8859-5</TT
+> in order for the conversion 
+			to the UNIX character set to be done correctly. </P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-7</TT
+> : Greek UNIX 
+			character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page
+			</I
+></TT
+> <EM
+>MUST</EM
+> be set to code page 
+			737 if the <TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+> parameter is 
+			set to <TT
+CLASS="CONSTANT"
+>ISO8859-7</TT
+> in order for the conversion 
+			to the UNIX character set to be done correctly.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>KOI8-R</TT
+> : Alternate mapping 
+			for Russian Cyrillic UNIX character set. The parameter 
+			<TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> <EM
+>MUST</EM
+> 
+			be set to code page 866 if the <TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+> 
+			parameter is set to <TT
+CLASS="CONSTANT"
+>KOI8-R</TT
+> in order for the 
+			conversion to the UNIX character set to be done correctly.</P
+></LI
+></UL
+><P
+><EM
+>BUG</EM
+>. These MSDOS code page to UNIX character 
+		set mappings should be dynamic, like the loading of MS DOS code pages, 
+		not static.</P
+><P
+>Normally this parameter is not set, meaning no filename 
+		translation is done.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>character set = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>character set = ISO8859-1</B
+></P
+></DD
+><DT
+><A
+NAME="CLIENTCODEPAGE"
+></A
+>client code page (G)</DT
+><DD
+><P
+>This parameter specifies the DOS code page 
+		that the clients accessing Samba are using. To determine what code 
+		page a Windows or DOS client is using, open a DOS command prompt 
+		and type the command <B
+CLASS="COMMAND"
+>chcp</B
+>. This will output 
+		the code page. The default for USA MS-DOS, Windows 95, and
+		Windows NT releases is code page 437. The default for western 
+		European releases of the above operating systems is code page 850.</P
+><P
+>This parameter tells <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> 
+		which of the <TT
+CLASS="FILENAME"
+>codepage.<TT
+CLASS="REPLACEABLE"
+><I
+>XXX</I
+></TT
+>
+		</TT
+> files to dynamically load on startup. These files,
+		described more fully in the manual page <A
+HREF="make_smbcodepage.1.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>make_smbcodepage(1)</B
+></A
+>, tell <B
+CLASS="COMMAND"
+>		smbd</B
+> how to map lower to upper case characters to provide 
+		the case insensitivity of filenames that Windows clients expect.</P
+><P
+>Samba currently ships with the following code page files :</P
+><P
+></P
+><UL
+><LI
+><P
+>Code Page 437 - MS-DOS Latin US</P
+></LI
+><LI
+><P
+>Code Page 737 - Windows '95 Greek</P
+></LI
+><LI
+><P
+>Code Page 850 - MS-DOS Latin 1</P
+></LI
+><LI
+><P
+>Code Page 852 - MS-DOS Latin 2</P
+></LI
+><LI
+><P
+>Code Page 861 - MS-DOS Icelandic</P
+></LI
+><LI
+><P
+>Code Page 866 - MS-DOS Cyrillic</P
+></LI
+><LI
+><P
+>Code Page 932 - MS-DOS Japanese SJIS</P
+></LI
+><LI
+><P
+>Code Page 936 - MS-DOS Simplified Chinese</P
+></LI
+><LI
+><P
+>Code Page 949 - MS-DOS Korean Hangul</P
+></LI
+><LI
+><P
+>Code Page 950 - MS-DOS Traditional Chinese</P
+></LI
+></UL
+><P
+>Thus this parameter may have any of the values 437, 737, 850, 852,
+		861, 932, 936, 949, or 950.  If you don't find the codepage you need,
+		read the comments in one of the other codepage files and the
+		<B
+CLASS="COMMAND"
+>make_smbcodepage(1)</B
+> man page and write one. Please 
+		remember to donate it back to the Samba user community.</P
+><P
+>This parameter co-operates with the <TT
+CLASS="PARAMETER"
+><I
+>valid
+		chars</I
+></TT
+> parameter in determining what characters are
+		valid in filenames and how capitalization is done. If you set both
+		this parameter and the <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> parameter
+		the <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> parameter 
+		<EM
+>MUST</EM
+> be set before the <TT
+CLASS="PARAMETER"
+><I
+>valid 
+		chars</I
+></TT
+> parameter in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+		file. The <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> string will then 
+		augment the character settings in the <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> 
+		parameter.</P
+><P
+>If not set, <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> defaults 
+		to 850.</P
+><P
+>See also : <A
+HREF="#VALIDCHARS"
+><TT
+CLASS="PARAMETER"
+><I
+>valid 
+		chars</I
+></TT
+></A
+>, <A
+HREF="#CODEPAGEDIRECTORY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>code page directory</I
+></TT
+></A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>client code page = 850</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>client code page = 936</B
+></P
+></DD
+><DT
+><A
+NAME="CODEPAGEDIRECTORY"
+></A
+>code page directory (G)</DT
+><DD
+><P
+>Define the location of the various client code page
+		files.</P
+><P
+>See also <A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
+><I
+>client
+		code page</I
+></TT
+></A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>code page directory = ${prefix}/lib/codepages
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>code page directory = /usr/share/samba/codepages
+		</B
+></P
+></DD
+><DT
+><A
+NAME="CODINGSYSTEM"
+></A
+>coding system (G)</DT
+><DD
+><P
+>This parameter is used to determine how incoming 
+		Shift-JIS Japanese characters are mapped from the incoming <A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+>
+		</A
+> used by the client, into file names in the UNIX filesystem. 
+		Only useful if <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> is set to 
+		932 (Japanese Shift-JIS).  The options are :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>SJIS</TT
+>  - Shift-JIS. Does no 
+			conversion of the incoming filename.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>JIS8, J8BB, J8BH, J8@B, 
+			J8@J, J8@H </TT
+> - Convert from incoming Shift-JIS to eight 
+			bit JIS code with different shift-in, shift out codes.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>JIS7, J7BB, J7BH, J7@B, J7@J, 
+			J7@H </TT
+> - Convert from incoming Shift-JIS to seven bit 
+			JIS code with different shift-in, shift out codes.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>JUNET, JUBB, JUBH, JU@B, JU@J, JU@H </TT
+> 
+			- Convert from incoming Shift-JIS to JUNET code with different shift-in, 
+			shift out codes.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>EUC</TT
+> - Convert an incoming 
+			Shift-JIS character to EUC code.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>HEX</TT
+> - Convert an incoming 
+			Shift-JIS character to a 3 byte hex representation, i.e. 
+			<TT
+CLASS="CONSTANT"
+>:AB</TT
+>.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>CAP</TT
+> - Convert an incoming 
+			Shift-JIS character to the 3 byte hex representation used by 
+			the Columbia AppleTalk Program (CAP), i.e. <TT
+CLASS="CONSTANT"
+>:AB</TT
+>.  
+			This is used for compatibility between Samba and CAP.</P
+></LI
+></UL
+><P
+>Default: <B
+CLASS="COMMAND"
+>coding system = &#60;empty value&#62;</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="COMMENT"
+></A
+>comment (S)</DT
+><DD
+><P
+>This is a text field that is seen next to a share 
+		when a client does a queries the server, either via the network 
+		neighborhood or via <B
+CLASS="COMMAND"
+>net view</B
+> to list what shares 
+		are available.</P
+><P
+>If you want to set the string that is displayed next to the 
+		machine name then see the <A
+HREF="#SERVERSTRING"
+><TT
+CLASS="PARAMETER"
+><I
+>		server string</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <EM
+>No comment string</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>comment = Fred's Files</B
+></P
+></DD
+><DT
+><A
+NAME="CONFIGFILE"
+></A
+>config file (G)</DT
+><DD
+><P
+>This allows you to override the config file 
+		to use, instead of the default (usually <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>). 
+		There is a chicken and egg problem here as this option is set 
+		in the config file!</P
+><P
+>For this reason, if the name of the config file has changed 
+		when the parameters are loaded then it will reload them from 
+		the new config file.</P
+><P
+>This option takes the usual substitutions, which can 
+		be very useful.</P
+><P
+>If the config file doesn't exist then it won't be loaded 
+		(allowing you to special case the config files of just a few 
+		clients).</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>config file = /usr/local/samba/lib/smb.conf.%m
+		</B
+></P
+></DD
+><DT
+><A
+NAME="COPY"
+></A
+>copy (S)</DT
+><DD
+><P
+>This parameter allows you to "clone" service 
+		entries. The specified service is simply duplicated under the 
+		current service's name. Any parameters specified in the current 
+		section will override those in the section being copied.</P
+><P
+>This feature lets you set up a 'template' service and 
+		create similar services easily. Note that the service being 
+		copied must occur earlier in the configuration file than the 
+		service doing the copying.</P
+><P
+>Default: <EM
+>no value</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>copy = otherservice</B
+></P
+></DD
+><DT
+><A
+NAME="CREATEMASK"
+></A
+>create mask (S)</DT
+><DD
+><P
+>A synonym for this parameter is 
+		<A
+HREF="#CREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>create mode</I
+></TT
+>
+		</A
+>.</P
+><P
+>When a file is created, the necessary permissions are 
+		calculated according to the mapping from DOS modes to UNIX 
+		permissions, and the resulting UNIX mode is then bit-wise 'AND'ed 
+		with this parameter. This parameter may be thought of as a bit-wise 
+		MASK for the UNIX modes of a file. Any bit <EM
+>not</EM
+> 
+		set here will be removed from the modes set on a file when it is 
+		created.</P
+><P
+>The default value of this parameter removes the 
+		'group' and 'other' write and execute bits from the UNIX modes.</P
+><P
+>Following this Samba will bit-wise 'OR' the UNIX mode created 
+		from this parameter with the value of the <A
+HREF="#FORCECREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></A
+>
+		parameter which is set to 000 by default.</P
+><P
+>This parameter does not affect directory modes. See the 
+		parameter <A
+HREF="#DIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>directory mode
+		</I
+></TT
+></A
+> for details.</P
+><P
+>See also the <A
+HREF="#FORCECREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+		create mode</I
+></TT
+></A
+> parameter for forcing particular mode 
+		bits to be set on created files. See also the <A
+HREF="#DIRECTORYMODE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>directory mode</I
+></TT
+></A
+> parameter for masking 
+		mode bits on created directories.  See also the <A
+HREF="#INHERITPERMISSIONS"
+>		<TT
+CLASS="PARAMETER"
+><I
+>inherit permissions</I
+></TT
+></A
+> parameter.</P
+><P
+>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <A
+HREF="#SECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>create mask = 0744</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>create mask = 0775</B
+></P
+></DD
+><DT
+><A
+NAME="CREATEMODE"
+></A
+>create mode (S)</DT
+><DD
+><P
+>This is a synonym for <A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		create mask</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="CSCPOLICY"
+></A
+>csc policy (S)</DT
+><DD
+><P
+>This stands for <EM
+>client-side caching 
+		policy</EM
+>, and specifies how clients capable of offline
+		caching will cache the files in the share. The valid values
+		are: manual, documents, programs, disable.</P
+><P
+>These values correspond to those used on Windows
+		servers.</P
+><P
+>For example, shares containing roaming profiles can have
+		offline caching disabled using <B
+CLASS="COMMAND"
+>csc policy = disable
+		</B
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>csc policy = manual</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>csc policy = programs</B
+></P
+></DD
+><DT
+><A
+NAME="DEADTIME"
+></A
+>deadtime (G)</DT
+><DD
+><P
+>The value of the parameter (a decimal integer) 
+		represents the number of minutes of inactivity before a connection 
+		is considered dead, and it is disconnected. The deadtime only takes 
+		effect if the number of open files is zero.</P
+><P
+>This is useful to stop a server's resources being 
+		exhausted by a large number of inactive connections.</P
+><P
+>Most clients have an auto-reconnect feature when a 
+		connection is broken so in most cases this parameter should be 
+		transparent to users.</P
+><P
+>Using this parameter with a timeout of a few minutes 
+		is recommended for most systems.</P
+><P
+>A deadtime of zero indicates that no auto-disconnection 
+		should be performed.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>deadtime = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>deadtime = 15</B
+></P
+></DD
+><DT
+><A
+NAME="DEBUGHIRESTIMESTAMP"
+></A
+>debug hires timestamp (G)</DT
+><DD
+><P
+>Sometimes the timestamps in the log messages 
+		are needed with a resolution of higher that seconds, this 
+		boolean parameter adds microsecond resolution to the timestamp 
+		message header when turned on.</P
+><P
+>Note that the parameter <A
+HREF="#DEBUGTIMESTAMP"
+><TT
+CLASS="PARAMETER"
+><I
+>		debug timestamp</I
+></TT
+></A
+> must be on for this to have an 
+		effect.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>debug hires timestamp = no</B
+></P
+></DD
+><DT
+><A
+NAME="DEBUGPID"
+></A
+>debug pid (G)</DT
+><DD
+><P
+>When using only one log file for more then one 
+		forked <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+>-process there may be hard to follow which process 
+		outputs which message. This boolean parameter is adds the process-id 
+		to the timestamp message headers in the logfile when turned on.</P
+><P
+>Note that the parameter <A
+HREF="#DEBUGTIMESTAMP"
+><TT
+CLASS="PARAMETER"
+><I
+>		debug timestamp</I
+></TT
+></A
+> must be on for this to have an 
+		effect.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>debug pid = no</B
+></P
+></DD
+><DT
+><A
+NAME="DEBUGTIMESTAMP"
+></A
+>debug timestamp (G)</DT
+><DD
+><P
+>Samba 2.2 debug log messages are timestamped 
+		by default. If you are running at a high <A
+HREF="#DEBUGLEVEL"
+>		<TT
+CLASS="PARAMETER"
+><I
+>debug level</I
+></TT
+></A
+> these timestamps
+		can be distracting. This boolean parameter allows timestamping 
+		to be turned off.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>debug timestamp = yes</B
+></P
+></DD
+><DT
+><A
+NAME="DEBUGUID"
+></A
+>debug uid (G)</DT
+><DD
+><P
+>Samba is sometimes run as root and sometime 
+		run as the connected user, this boolean parameter inserts the 
+		current euid, egid, uid and gid to the timestamp message headers 
+		in the log file if turned on.</P
+><P
+>Note that the parameter <A
+HREF="#DEBUGTIMESTAMP"
+><TT
+CLASS="PARAMETER"
+><I
+>		debug timestamp</I
+></TT
+></A
+> must be on for this to have an 
+		effect.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>debug uid = no</B
+></P
+></DD
+><DT
+><A
+NAME="DEBUGLEVEL"
+></A
+>debuglevel (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#LOGLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>		log level</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="DEFAULT"
+></A
+>default (G)</DT
+><DD
+><P
+>A synonym for <A
+HREF="#DEFAULTSERVICE"
+><TT
+CLASS="PARAMETER"
+><I
+>		default service</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="DEFAULTCASE"
+></A
+>default case (S)</DT
+><DD
+><P
+>See the section on <A
+HREF="#AEN203"
+>		NAME MANGLING</A
+>. Also note the <A
+HREF="#SHORTPRESERVECASE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>short preserve case</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>default case = lower</B
+></P
+></DD
+><DT
+><A
+NAME="DEFAULTDEVMODE"
+></A
+>default devmode (S)</DT
+><DD
+><P
+>This parameter is only applicable to <A
+HREF="#PRINTOK"
+>printable</A
+> services.  When smbd is serving
+		Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
+		server has a Device Mode which defines things such as paper size and
+		orientation and duplex settings.  The device mode can only correctly be
+		generated by the printer driver itself (which can only be executed on a
+		Win32 platform).  Because smbd is unable to execute the driver code
+		to generate the device mode, the default behavior is to set this field
+		to NULL.
+		</P
+><P
+>Most problems with serving printer drivers to Windows NT/2k/XP clients
+		can be traced to a problem with the generated device mode.  Certain drivers
+		will do things such as crashing the client's Explorer.exe with a NULL devmode.
+		However, other printer drivers can cause the client's spooler service
+		(spoolsv.exe) to die if the devmode was not created by the driver itself
+		(i.e. smbd generates a default devmode).
+		</P
+><P
+>This parameter should be used with care and tested with the printer
+		driver in question.  It is better to leave the device mode to NULL
+		and let the Windows client set the correct values.  Because drivers do not
+		do this all the time, setting <B
+CLASS="COMMAND"
+>default devmode = yes</B
+>
+		will instruct smbd to generate a default one.
+		</P
+><P
+>For more information on Windows NT/2k printing and Device Modes,
+		see the <A
+HREF="http://msdn.microsoft.com/"
+TARGET="_top"
+>MSDN documentation</A
+>.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>default devmode = no</B
+></P
+></DD
+><DT
+><A
+NAME="DEFAULTSERVICE"
+></A
+>default service (G)</DT
+><DD
+><P
+>This parameter specifies the name of a service
+		which will be connected to if the service actually requested cannot
+		be found. Note that the square brackets are <EM
+>NOT</EM
+>
+		given in the parameter value (see example below).</P
+><P
+>There is no default value for this parameter. If this 
+		parameter is not given, attempting to connect to a nonexistent 
+		service results in an error.</P
+><P
+>Typically the default service would be a <A
+HREF="#GUESTOK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>guest ok</I
+></TT
+></A
+>, <A
+HREF="#READONLY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>read-only</I
+></TT
+></A
+> service.</P
+><P
+>Also note that the apparent service name will be changed 
+		to equal that of the requested service, this is very useful as it 
+		allows you to use macros like <TT
+CLASS="PARAMETER"
+><I
+>%S</I
+></TT
+> to make 
+		a wildcard service.</P
+><P
+>Note also that any "_" characters in the name of the service 
+		used in the default service will get mapped to a "/". This allows for
+		interesting things.</P
+><P
+>Example:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+	default service = pub
+        
+[pub]
+	path = /%S
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+></DD
+><DT
+><A
+NAME="DELETEPRINTERCOMMAND"
+></A
+>delete printer command (G)</DT
+><DD
+><P
+>With the introduction of MS-RPC based printer
+		support for Windows NT/2000 clients in Samba 2.2, it is now 
+		possible to delete printer at run time by issuing the 
+		DeletePrinter() RPC call.</P
+><P
+>For a Samba host this means that the printer must be 
+		physically deleted from underlying printing system.  The <TT
+CLASS="PARAMETER"
+><I
+>		deleteprinter command</I
+></TT
+> defines a script to be run which 
+		will perform the necessary operations for removing the printer
+		from the print system and from <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.
+		</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>delete printer command</I
+></TT
+> is 
+		automatically called with only one parameter: <TT
+CLASS="PARAMETER"
+><I
+>		"printer name"</I
+></TT
+>.</P
+><P
+>Once the <TT
+CLASS="PARAMETER"
+><I
+>delete printer command</I
+></TT
+> has 
+		been executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will reparse the <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> to associated printer no longer exists.  
+		If the sharename is still valid, then <B
+CLASS="COMMAND"
+>smbd
+		</B
+> will return an ACCESS_DENIED error to the client.</P
+><P
+>See also <A
+HREF="#ADDPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>		add printer command</I
+></TT
+></A
+>, <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+></A
+>,
+		<A
+HREF="#SHOWADDPRINTERWIZARD"
+><TT
+CLASS="PARAMETER"
+><I
+>show add
+		printer wizard</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>deleteprinter command = /usr/bin/removeprinter
+		</B
+></P
+></DD
+><DT
+><A
+NAME="DELETEREADONLY"
+></A
+>delete readonly (S)</DT
+><DD
+><P
+>This parameter allows readonly files to be deleted.  
+		This is not normal DOS semantics, but is allowed by UNIX.</P
+><P
+>This option may be useful for running applications such 
+		as rcs, where UNIX file ownership prevents changing file 
+		permissions, and DOS semantics prevent deletion of a read only file.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>delete readonly = no</B
+></P
+></DD
+><DT
+><A
+NAME="DELETESHARECOMMAND"
+></A
+>delete share command (G)</DT
+><DD
+><P
+>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+> is used to define an 
+		external program or script which will remove an existing service 
+		definition from <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  In order to successfully 
+		execute the <TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+>, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</P
+><P
+>		When executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will automatically invoke the 
+		<TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+> with two parameters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>configFile</I
+></TT
+> - the location 
+			of the global <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>shareName</I
+></TT
+> - the name of 
+			the existing service.
+			</P
+></LI
+></UL
+><P
+>		This parameter is only used to remove file shares.  To delete printer shares, 
+		see the <A
+HREF="#DELETEPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete printer 
+		command</I
+></TT
+></A
+>.
+		</P
+><P
+>		See also <A
+HREF="#ADDSHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add share
+		command</I
+></TT
+></A
+>, <A
+HREF="#CHANGESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>change 
+		share command</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>delete share command = /usr/local/bin/delshare</B
+></P
+></DD
+><DT
+><A
+NAME="DELETEUSERSCRIPT"
+></A
+>delete user script (G)</DT
+><DD
+><P
+>This is the full pathname to a script that will 
+		be run <EM
+>AS ROOT</EM
+> by <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> under special circumstances 
+		described below.</P
+><P
+>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <B
+CLASS="COMMAND"
+>		smbd</B
+> to delete the required UNIX users <EM
+>ON 
+		DEMAND</EM
+> when a user accesses the Samba server and the 
+		Windows NT user no longer exists.</P
+><P
+>In order to use this option, <B
+CLASS="COMMAND"
+>smbd</B
+> must be 
+		set to <TT
+CLASS="PARAMETER"
+><I
+>security = domain</I
+></TT
+> or <TT
+CLASS="PARAMETER"
+><I
+>security =
+		user</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>delete user script</I
+></TT
+> 
+		must be set to a full pathname for a script 
+		that will delete a UNIX user given one argument of <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+>, 
+		which expands into the UNIX user name to delete.</P
+><P
+>When the Windows user attempts to access the Samba server, 
+		at <EM
+>login</EM
+> (session setup in the SMB protocol) 
+		time, <B
+CLASS="COMMAND"
+>smbd</B
+> contacts the <A
+HREF="#PASSWORDSERVER"
+>		<TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+></A
+> and attempts to authenticate 
+		the given user with the given password. If the authentication fails 
+		with the specific Domain error code meaning that the user no longer 
+		exists then <B
+CLASS="COMMAND"
+>smbd</B
+> attempts to find a UNIX user in 
+		the UNIX password database that matches the Windows user account. If 
+		this lookup succeeds, and <TT
+CLASS="PARAMETER"
+><I
+>delete user script</I
+></TT
+> is 
+		set then <B
+CLASS="COMMAND"
+>smbd</B
+> will all the specified script 
+		<EM
+>AS ROOT</EM
+>, expanding any <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+> 
+		argument to be the user name to delete.</P
+><P
+>This script should delete the given UNIX username. In this way, 
+		UNIX users are dynamically deleted to match existing Windows NT 
+		accounts.</P
+><P
+>See also <A
+HREF="#SECURITYEQUALSDOMAIN"
+>security = domain</A
+>,
+		<A
+HREF="#PASSWORDSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+>
+		</A
+>, <A
+HREF="#ADDUSERSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+>
+		</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>delete user script = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>delete user script = /usr/local/samba/bin/del_user 
+		%u</B
+></P
+></DD
+><DT
+><A
+NAME="DELETEVETOFILES"
+></A
+>delete veto files (S)</DT
+><DD
+><P
+>This option is used when Samba is attempting to 
+		delete a directory that contains one or more vetoed directories 
+		(see the <A
+HREF="#VETOFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>veto files</I
+></TT
+></A
+>
+		option).  If this option is set to <TT
+CLASS="CONSTANT"
+>no</TT
+> (the default) then if a vetoed 
+		directory contains any non-vetoed files or directories then the 
+		directory delete will fail. This is usually what you want.</P
+><P
+>If this option is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, then Samba 
+		will attempt to recursively delete any files and directories within 
+		the vetoed directory. This can be useful for integration with file 
+		serving systems such as NetAtalk which create meta-files within 
+		directories you might normally veto DOS/Windows users from seeing 
+		(e.g. <TT
+CLASS="FILENAME"
+>.AppleDouble</TT
+>)</P
+><P
+>Setting <B
+CLASS="COMMAND"
+>delete veto files = yes</B
+> allows these 
+		directories to be  transparently deleted when the parent directory 
+		is deleted (so long as the user has permissions to do so).</P
+><P
+>See also the <A
+HREF="#VETOFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>veto 
+		files</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>delete veto files = no</B
+></P
+></DD
+><DT
+><A
+NAME="DENYHOSTS"
+></A
+>deny hosts (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#HOSTSDENY"
+><TT
+CLASS="PARAMETER"
+><I
+>hosts 
+		deny</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="DFREECOMMAND"
+></A
+>dfree command (G)</DT
+><DD
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>dfree command</I
+></TT
+> setting should 
+		only be used on systems where a problem occurs with the internal 
+		disk space calculations. This has been known to happen with Ultrix, 
+		but may occur with other operating systems. The symptom that was 
+		seen was an error of "Abort Retry Ignore" at the end of each 
+		directory listing.</P
+><P
+>This setting allows the replacement of the internal routines to
+		calculate the total disk space and amount available with an external
+		routine. The example below gives a possible script that might fulfill
+		this function.</P
+><P
+>The external program will be passed a single parameter indicating 
+		a directory in the filesystem being queried. This will typically consist
+		of the string <TT
+CLASS="FILENAME"
+>./</TT
+>. The script should return two 
+		integers in ASCII. The first should be the total disk space in blocks, 
+		and the second should be the number of available blocks. An optional 
+		third return value can give the block size in bytes. The default 
+		blocksize is 1024 bytes.</P
+><P
+>Note: Your script should <EM
+>NOT</EM
+> be setuid or 
+		setgid and should be owned by (and writeable only by) root!</P
+><P
+>Default: <EM
+>By default internal routines for 
+		determining the disk capacity and remaining space will be used.
+		</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>dfree command = /usr/local/samba/bin/dfree
+		</B
+></P
+><P
+>Where the script dfree (which must be made executable) could be:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+> 
+		#!/bin/sh
+		df $1 | tail -1 | awk '{print $2" "$4}'
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>or perhaps (on Sys V based systems):</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+> 
+		#!/bin/sh
+		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Note that you may have to replace the command names 
+		with full path names on some systems.</P
+></DD
+><DT
+><A
+NAME="DIRECTORY"
+></A
+>directory (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#PATH"
+><TT
+CLASS="PARAMETER"
+><I
+>path
+		</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="DIRECTORYMASK"
+></A
+>directory mask (S)</DT
+><DD
+><P
+>This parameter is the octal modes which are 
+		used when converting DOS modes to UNIX modes when creating UNIX 
+		directories.</P
+><P
+>When a directory is created, the necessary permissions are 
+		calculated according to the mapping from DOS modes to UNIX permissions, 
+		and the resulting UNIX mode is then bit-wise 'AND'ed with this 
+		parameter. This parameter may be thought of as a bit-wise MASK for 
+		the UNIX modes of a directory. Any bit <EM
+>not</EM
+> set 
+		here will be removed from the modes set on a directory when it is 
+		created.</P
+><P
+>The default value of this parameter removes the 'group' 
+		and 'other' write bits from the UNIX mode, allowing only the 
+		user who owns the directory to modify it.</P
+><P
+>Following this Samba will bit-wise 'OR' the UNIX mode 
+		created from this parameter with the value of the <A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode
+		</I
+></TT
+></A
+> parameter. This parameter is set to 000 by 
+		default (i.e. no extra mode bits are added).</P
+><P
+>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+></A
+>.</P
+><P
+>See the <A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+		directory mode</I
+></TT
+></A
+> parameter to cause particular mode 
+		bits to always be set on created directories.</P
+><P
+>See also the <A
+HREF="#CREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>create mode
+		</I
+></TT
+></A
+> parameter for masking mode bits on created files, 
+		and the <A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory 
+		security mask</I
+></TT
+></A
+> parameter.</P
+><P
+>Also refer to the <A
+HREF="#INHERITPERMISSIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>		inherit permissions</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>directory mask = 0755</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>directory mask = 0775</B
+></P
+></DD
+><DT
+><A
+NAME="DIRECTORYMODE"
+></A
+>directory mode (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#DIRECTORYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		directory mask</I
+></TT
+></A
+></P
+></DD
+><DT
+><A
+NAME="DIRECTORYSECURITYMASK"
+></A
+>directory security mask (S)</DT
+><DD
+><P
+>This parameter controls what UNIX permission bits 
+		can be modified when a Windows NT client is manipulating the UNIX 
+		permission on a directory using the native NT security dialog 
+		box.</P
+><P
+>This parameter is applied as a mask (AND'ed with) to 
+		the changed permission bits, thus preventing any bits not in 
+		this mask from being modified. Essentially, zero bits in this 
+		mask may be treated as a set of bits the user is not allowed 
+		to change.</P
+><P
+>If not set explicitly this parameter is set to 0777
+		meaning a user is allowed to modify all the user/group/world
+		permissions on a directory.</P
+><P
+><EM
+>Note</EM
+> that users who can access the 
+		Samba server through other means can easily bypass this restriction, 
+		so it is primarily useful for standalone "appliance" systems.  
+		Administrators of most normal systems will probably want to leave
+		it as the default of <TT
+CLASS="CONSTANT"
+>0777</TT
+>.</P
+><P
+>See also the <A
+HREF="#FORCEDIRECTORYSECURITYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>		force directory security mode</I
+></TT
+></A
+>, <A
+HREF="#SECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+>, 
+		<A
+HREF="#FORCESECURITYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode
+		</I
+></TT
+></A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>directory security mask = 0777</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>directory security mask = 0700</B
+></P
+></DD
+><DT
+><A
+NAME="DISABLESPOOLSS"
+></A
+>disable spoolss (G)</DT
+><DD
+><P
+>Enabling this parameter will disables Samba's support
+		for the SPOOLSS set of MS-RPC's and will yield identical behavior
+		as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
+		Lanman style printing commands. Windows 9x/ME will be uneffected by
+		the parameter. However, this will also disable the ability to upload
+		printer drivers to a Samba server via the Windows NT Add Printer
+		Wizard or by using the NT printer properties dialog window.  It will
+		also disable the capability of Windows NT/2000 clients to download
+		print drivers from the Samba host upon demand.
+		<EM
+>Be very careful about enabling this parameter.</EM
+>
+		</P
+><P
+>See also <A
+HREF="#USECLIENTDRIVER"
+>use client driver</A
+>
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>disable spoolss = no</B
+></P
+></DD
+><DT
+><A
+NAME="DNSPROXY"
+></A
+>dns proxy (G)</DT
+><DD
+><P
+>Specifies that <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> 
+		when acting as a WINS server and finding that a NetBIOS name has not 
+		been registered, should treat the NetBIOS name word-for-word as a DNS 
+		name and do a lookup with the DNS server for that name on behalf of 
+		the name-querying client.</P
+><P
+>Note that the maximum length for a NetBIOS name is 15 
+		characters, so the DNS name (or DNS alias) can likewise only be 
+		15 characters, maximum.</P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> spawns a second copy of itself to do the
+		DNS name lookup requests, as doing a name lookup is a blocking 
+		action.</P
+><P
+>See also the parameter <A
+HREF="#WINSSUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>		wins support</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>dns proxy = yes</B
+></P
+></DD
+><DT
+><A
+NAME="DOMAINADMINGROUP"
+></A
+>domain admin group (G)</DT
+><DD
+><P
+>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Admins" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>	notation.
+		</P
+><P
+>See also <A
+HREF="#DOMAINGUESTGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		guest group</I
+></TT
+></A
+>, <A
+HREF="#DOMAINLOGONS"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		logons</I
+></TT
+></A
+>
+		</P
+><P
+>Default: <EM
+>no domain administrators</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>domain admin group = root @wheel</B
+></P
+></DD
+><DT
+><A
+NAME="DOMAINGUESTGROUP"
+></A
+>domain guest group (G)</DT
+><DD
+><P
+>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Guests" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>	notation.
+		</P
+><P
+>See also <A
+HREF="#DOMAINADMINGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		admin group</I
+></TT
+></A
+>, <A
+HREF="#DOMAINLOGONS"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		logons</I
+></TT
+></A
+>
+		</P
+><P
+>Default: <EM
+>no domain guests</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>domain guest group = nobody @guest</B
+></P
+></DD
+><DT
+><A
+NAME="DOMAINLOGONS"
+></A
+>domain logons (G)</DT
+><DD
+><P
+>If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, the Samba server will serve 
+		Windows 95/98 Domain logons for the <A
+HREF="#WORKGROUP"
+>		<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+></A
+> it is in. Samba 2.2 also 
+		has limited capability to act as a domain controller for Windows 
+		NT 4 Domains.  For more details on setting up this feature see 
+		the Samba-PDC-HOWTO included in the <TT
+CLASS="FILENAME"
+>htmldocs/</TT
+>
+		directory shipped with the source code.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>domain logons = no</B
+></P
+></DD
+><DT
+><A
+NAME="DOMAINMASTER"
+></A
+>domain master (G)</DT
+><DD
+><P
+>Tell <A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>		nmbd(8)</B
+></A
+> to enable WAN-wide browse list
+		collation. Setting this option causes <B
+CLASS="COMMAND"
+>nmbd</B
+> to
+		claim a special domain specific NetBIOS name that identifies 
+		it as a domain master browser for its given <A
+HREF="#WORKGROUP"
+>		<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+></A
+>. Local master browsers 
+		in the same <TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> on broadcast-isolated 
+		subnets will give this <B
+CLASS="COMMAND"
+>nmbd</B
+> their local browse lists, 
+		and then ask <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> 
+		for a complete copy of the browse list for the whole wide area 
+		network.  Browser clients will then contact their local master browser, 
+		and will receive the domain-wide browse list, instead of just the list 
+		for their broadcast-isolated subnet.</P
+><P
+>Note that Windows NT Primary Domain Controllers expect to be 
+		able to claim this <TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> specific special 
+		NetBIOS name that identifies them as domain master browsers for 
+		that <TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> by default (i.e. there is no 
+		way to prevent a Windows NT PDC from attempting to do this). This 
+		means that if this parameter is set and <B
+CLASS="COMMAND"
+>nmbd</B
+> claims 
+		the special name for a <TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> before a Windows 
+		NT PDC is able to do so then cross subnet browsing will behave 
+		strangely and may fail.</P
+><P
+>If <A
+HREF="#DOMAINLOGONS"
+><B
+CLASS="COMMAND"
+>domain logons = yes</B
+>
+		</A
+>, then the default behavior is to enable the <TT
+CLASS="PARAMETER"
+><I
+>domain 
+		master</I
+></TT
+> parameter.  If <TT
+CLASS="PARAMETER"
+><I
+>domain logons</I
+></TT
+> is 
+		not enabled (the default setting), then neither will <TT
+CLASS="PARAMETER"
+><I
+>domain 
+		master</I
+></TT
+> be enabled by default.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>domain master = auto</B
+></P
+></DD
+><DT
+><A
+NAME="DONTDESCEND"
+></A
+>dont descend (S)</DT
+><DD
+><P
+>There are certain directories on some systems 
+		(e.g., the <TT
+CLASS="FILENAME"
+>/proc</TT
+> tree under Linux) that are either not 
+		of interest to clients or are infinitely deep (recursive). This 
+		parameter allows you to specify a comma-delimited list of directories 
+		that the server should always show as empty.</P
+><P
+>Note that Samba can be very fussy about the exact format 
+		of the "dont descend" entries. For example you may need <TT
+CLASS="FILENAME"
+>		./proc</TT
+> instead of just <TT
+CLASS="FILENAME"
+>/proc</TT
+>. 
+		Experimentation is the best policy :-)  </P
+><P
+>Default: <EM
+>none (i.e., all directories are OK 
+		to descend)</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>dont descend = /proc,/dev</B
+></P
+></DD
+><DT
+><A
+NAME="DOSFILEMODE"
+></A
+>dos filemode (S)</DT
+><DD
+><P
+> The default behavior in Samba is to provide 
+		UNIX-like behavior where only the owner of a file/directory is 
+		able to change the permissions on it.  However, this behavior
+		is often confusing to  DOS/Windows users.  Enabling this parameter 
+		allows a user who has write access to the file (by whatever 
+		means) to modify the permissions on it.  Note that a user
+		belonging to the group owning the file will not be allowed to
+		change permissions if the group is only granted read access.
+		Ownership of the file/directory is not changed, only the permissions 
+		are modified.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>dos filemode = no</B
+></P
+></DD
+><DT
+><A
+NAME="DOSFILETIMERESOLUTION"
+></A
+>dos filetime resolution (S)</DT
+><DD
+><P
+>Under the DOS and Windows FAT filesystem, the finest 
+		granularity on time resolution is two seconds. Setting this parameter 
+		for a share causes Samba to round the reported time down to the 
+		nearest two second boundary when a query call that requires one second 
+		resolution is made to <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+>
+		</A
+>.</P
+><P
+>This option is mainly used as a compatibility option for Visual 
+		C++ when used against Samba shares. If oplocks are enabled on a 
+		share, Visual C++ uses two different time reading calls to check if a 
+		file has changed since it was last read. One of these calls uses a
+		one-second granularity, the other uses a two second granularity. As
+		the two second call rounds any odd second down, then if the file has a
+		timestamp of an odd number of seconds then the two timestamps will not
+		match and Visual C++ will keep reporting the file has changed. Setting
+		this option causes the two timestamps to match, and Visual C++ is
+		happy.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>dos filetime resolution = no</B
+></P
+></DD
+><DT
+><A
+NAME="DOSFILETIMES"
+></A
+>dos filetimes (S)</DT
+><DD
+><P
+>Under DOS and Windows, if a user can write to a 
+		file they can change the timestamp on it. Under POSIX semantics, 
+		only the owner of the file or root may change the timestamp. By 
+		default, Samba runs with POSIX semantics and refuses to change the 
+		timestamp on a file if the user <B
+CLASS="COMMAND"
+>smbd</B
+> is acting 
+		on behalf of is not the file owner. Setting this option to <TT
+CLASS="CONSTANT"
+>		yes</TT
+> allows DOS semantics and <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> will change the file 
+		timestamp as DOS requires.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>dos filetimes = no</B
+></P
+></DD
+><DT
+><A
+NAME="ENCRYPTPASSWORDS"
+></A
+>encrypt passwords (G)</DT
+><DD
+><P
+>This boolean controls whether encrypted passwords 
+		will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
+		above and also Windows 98 will by default expect encrypted passwords 
+		unless a registry entry is changed. To use encrypted passwords in 
+		Samba see the file ENCRYPTION.txt in the Samba documentation 
+		directory <TT
+CLASS="FILENAME"
+>docs/</TT
+> shipped with the source code.</P
+><P
+>In order for encrypted passwords to work correctly
+		<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> must either 
+		have access to a local <A
+HREF="smbpasswd.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smbpasswd(5)
+		</TT
+></A
+> file (see the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>		smbpasswd(8)</B
+></A
+> program for information on how to set up 
+ 		and maintain this file), or set the <A
+HREF="#SECURITY"
+>security = [server|domain]</A
+> parameter which 
+		causes <B
+CLASS="COMMAND"
+>smbd</B
+> to authenticate against another 
+		server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>encrypt passwords = no</B
+></P
+></DD
+><DT
+><A
+NAME="ENHANCEDBROWSING"
+></A
+>enhanced browsing (G)</DT
+><DD
+><P
+>This option enables a couple of enhancements to 
+		cross-subnet browse propagation that have been added in Samba 
+		but which are not standard in Microsoft implementations.  
+		</P
+><P
+>The first enhancement to browse propagation consists of a regular
+		wildcard query to a Samba WINS server for all Domain Master Browsers,
+		followed by a browse synchronization with each of the returned
+		DMBs. The second enhancement consists of a regular randomised browse
+		synchronization with all currently known DMBs.</P
+><P
+>You may wish to disable this option if you have a problem with empty
+		workgroups not disappearing from browse lists. Due to the restrictions
+		of the browse protocols these enhancements can cause a empty workgroup
+		to stay around forever which can be annoying.</P
+><P
+>In general you should leave this option enabled as it makes
+		cross-subnet browse propagation much more reliable.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>enhanced browsing = yes</B
+></P
+></DD
+><DT
+><A
+NAME="ENUMPORTSCOMMAND"
+></A
+>enumports command (G)</DT
+><DD
+><P
+>The concept of a "port" is fairly foreign
+		to UNIX hosts.  Under Windows NT/2000 print servers, a port
+		is associated with a port monitor and generally takes the form of
+		a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
+		(i.e. LPD Port Monitor, etc...).  By default, Samba has only one
+		port defined--<TT
+CLASS="CONSTANT"
+>"Samba Printer Port"</TT
+>.  Under 
+		Windows NT/2000, all printers must have a valid port name.  
+		If you wish to have a list of ports displayed (<B
+CLASS="COMMAND"
+>smbd
+		</B
+> does not use a port name for anything) other than 
+		the default <TT
+CLASS="CONSTANT"
+>"Samba Printer Port"</TT
+>, you 
+		can define <TT
+CLASS="PARAMETER"
+><I
+>enumports command</I
+></TT
+> to point to
+		a program which should generate a list of ports, one per line,
+		to standard output.  This listing will then be used in response
+		to the level 1 and 2 EnumPorts() RPC.</P
+><P
+>Default: <EM
+>no enumports command</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>enumports command = /usr/bin/listports
+		</B
+></P
+></DD
+><DT
+><A
+NAME="EXEC"
+></A
+>exec (S)</DT
+><DD
+><P
+>This is a synonym for <A
+HREF="#PREEXEC"
+>		<TT
+CLASS="PARAMETER"
+><I
+>preexec</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="FAKEDIRECTORYCREATETIMES"
+></A
+>fake directory create times (S)</DT
+><DD
+><P
+>NTFS and Windows VFAT file systems keep a create 
+		time for all files and directories. This is not the same as the 
+		ctime - status change time - that Unix keeps, so Samba by default 
+		reports the earliest of the various times Unix does keep. Setting 
+		this parameter for a share causes Samba to always report midnight 
+		1-1-1980 as the create time for directories.</P
+><P
+>This option is mainly used as a compatibility option for 
+		Visual C++ when used against Samba shares. Visual C++ generated 
+		makefiles have the object directory as a dependency for each object 
+		file, and a make rule to create the directory. Also, when NMAKE 
+		compares timestamps it uses the creation time when examining a 
+		directory. Thus the object directory will be created if it does not 
+		exist, but once it does exist it will always have an earlier 
+		timestamp than the object files it contains.</P
+><P
+>However, Unix time semantics mean that the create time 
+		reported by Samba will be updated whenever a file is created or 
+		or deleted in the directory.  NMAKE finds all object files in 
+		the object directory.  The timestamp of the last one built is then 
+		compared to the timestamp of the object directory.  If the 
+		directory's timestamp if newer, then all object files
+		will be rebuilt.  Enabling this option 
+		ensures directories always predate their contents and an NMAKE build 
+		will proceed as expected.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>fake directory create times = no</B
+></P
+></DD
+><DT
+><A
+NAME="FAKEOPLOCKS"
+></A
+>fake oplocks (S)</DT
+><DD
+><P
+>Oplocks are the way that SMB clients get permission 
+		from a server to locally cache file operations. If a server grants 
+		an oplock (opportunistic lock) then the client is free to assume 
+		that it is the only one accessing the file and it will aggressively 
+		cache file data. With some oplock types the client may even cache 
+		file open/close operations. This can give enormous performance benefits.
+		</P
+><P
+>When you set <B
+CLASS="COMMAND"
+>fake oplocks = yes</B
+>, <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> will
+		always grant oplock requests no matter how many clients are using 
+		the file.</P
+><P
+>It is generally much better to use the real <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+></A
+> support rather 
+		than this parameter.</P
+><P
+>If you enable this option on all read-only shares or 
+		shares that you know will only be accessed from one client at a 
+		time such as physically read-only media like CDROMs, you will see 
+		a big performance improvement on many operations. If you enable 
+		this option on shares where multiple clients may be accessing the 
+		files read-write at the same time you can get data corruption. Use 
+		this option carefully!</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>fake oplocks = no</B
+></P
+></DD
+><DT
+><A
+NAME="FOLLOWSYMLINKS"
+></A
+>follow symlinks (S)</DT
+><DD
+><P
+>This parameter allows the Samba administrator 
+		to stop <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> 
+		from following symbolic links in a particular share. Setting this 
+		parameter to <TT
+CLASS="CONSTANT"
+>no</TT
+> prevents any file or directory 
+		that is a symbolic link from being followed (the user will get an 
+		error).  This option is very useful to stop users from adding a 
+		symbolic link to <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> in their home 
+		directory for instance.  However it will slow filename lookups 
+		down slightly.</P
+><P
+>This option is enabled (i.e. <B
+CLASS="COMMAND"
+>smbd</B
+> will 
+		follow symbolic links) by default.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>follow symlinks = yes</B
+></P
+></DD
+><DT
+><A
+NAME="FORCECREATEMODE"
+></A
+>force create mode (S)</DT
+><DD
+><P
+>This parameter specifies a set of UNIX mode bit 
+		permissions that will <EM
+>always</EM
+> be set on a 
+		file created by Samba. This is done by bitwise 'OR'ing these bits onto 
+		the mode bits of a file that is being created or having its 
+		permissions changed. The default for this parameter is (in octal) 
+		000. The modes in this parameter are bitwise 'OR'ed onto the file 
+		mode after the mask set in the <TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+> 
+		parameter is applied.</P
+><P
+>See also the parameter <A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>create 
+		mask</I
+></TT
+></A
+> for details on masking mode bits on files.</P
+><P
+>See also the <A
+HREF="#INHERITPERMISSIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>inherit 
+		permissions</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>force create mode = 000</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force create mode = 0755</B
+></P
+><P
+>would force all created files to have read and execute 
+		permissions set for 'group' and 'other' as well as the 
+		read/write/execute bits set for the 'user'.</P
+></DD
+><DT
+><A
+NAME="FORCEDIRECTORYMODE"
+></A
+>force directory mode (S)</DT
+><DD
+><P
+>This parameter specifies a set of UNIX mode bit 
+		permissions that will <EM
+>always</EM
+> be set on a directory 
+		created by Samba. This is done by bitwise 'OR'ing these bits onto the 
+		mode bits of a directory that is being created. The default for this 
+		parameter is (in octal) 0000 which will not add any extra permission 
+		bits to a created directory. This operation is done after the mode 
+		mask in the parameter <TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+> is 
+		applied.</P
+><P
+>See also the parameter <A
+HREF="#DIRECTORYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		directory mask</I
+></TT
+></A
+> for details on masking mode bits 
+		on created directories.</P
+><P
+>See also the <A
+HREF="#INHERITPERMISSIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>		inherit permissions</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>force directory mode = 000</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force directory mode = 0755</B
+></P
+><P
+>would force all created directories to have read and execute
+		permissions set for 'group' and 'other' as well as the
+		read/write/execute bits set for the 'user'.</P
+></DD
+><DT
+><A
+NAME="FORCEDIRECTORYSECURITYMODE"
+></A
+>force directory 
+		security mode (S)</DT
+><DD
+><P
+>This parameter controls what UNIX permission bits 
+		can be modified when a Windows NT client is manipulating the UNIX 
+		permission on a directory using the native NT security dialog box.</P
+><P
+>This parameter is applied as a mask (OR'ed with) to the 
+		changed permission bits, thus forcing any bits in this mask that 
+		the user may have modified to be on. Essentially, one bits in this 
+		mask may be treated as a set of bits that, when modifying security 
+		on a directory, the user has always set to be 'on'.</P
+><P
+>If not set explicitly this parameter is 000, which 
+		allows a user to modify all the user/group/world permissions on a 
+		directory without restrictions.</P
+><P
+><EM
+>Note</EM
+> that users who can access the 
+		Samba server through other means can easily bypass this restriction, 
+		so it is primarily useful for standalone "appliance" systems.  
+		Administrators of most normal systems will probably want to leave
+		it set as 0000.</P
+><P
+>See also the <A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		directory security mask</I
+></TT
+></A
+>, <A
+HREF="#SECURITYMASK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+>, 
+		<A
+HREF="#FORCESECURITYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode
+		</I
+></TT
+></A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>force directory security mode = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force directory security mode = 700</B
+></P
+></DD
+><DT
+><A
+NAME="FORCEGROUP"
+></A
+>force group (S)</DT
+><DD
+><P
+>This specifies a UNIX group name that will be 
+		assigned as the default primary group for all users connecting 
+		to this service. This is useful for sharing files by ensuring 
+		that all access to files on service will use the named group for 
+		their permissions checking. Thus, by assigning permissions for this 
+		group to the files and directories within this service the Samba 
+		administrator can restrict or allow sharing of these files.</P
+><P
+>In Samba 2.0.5 and above this parameter has extended 
+		functionality in the following way. If the group name listed here 
+		has a '+' character prepended to it then the current user accessing 
+		the share only has the primary group default assigned to this group 
+		if they are already assigned as a member of that group. This allows 
+		an administrator to decide that only users who are already in a 
+		particular group will create files with group ownership set to that 
+		group. This gives a finer granularity of ownership assignment. For 
+		example, the setting <TT
+CLASS="FILENAME"
+>force group = +sys</TT
+> means 
+		that only users who are already in group sys will have their default
+		primary group assigned to sys when accessing this Samba share. All
+		other users will retain their ordinary primary group.</P
+><P
+>If the <A
+HREF="#FORCEUSER"
+><TT
+CLASS="PARAMETER"
+><I
+>force user
+		</I
+></TT
+></A
+> parameter is also set the group specified in 
+		<TT
+CLASS="PARAMETER"
+><I
+>force group</I
+></TT
+> will override the primary group
+		set in <TT
+CLASS="PARAMETER"
+><I
+>force user</I
+></TT
+>.</P
+><P
+>See also <A
+HREF="#FORCEUSER"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+		user</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>no forced group</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force group = agroup</B
+></P
+></DD
+><DT
+><A
+NAME="FORCESECURITYMODE"
+></A
+>force security mode (S)</DT
+><DD
+><P
+>This parameter controls what UNIX permission 
+		bits can be modified when a Windows NT client is manipulating 
+		the UNIX permission on a file using the native NT security dialog 
+		box.</P
+><P
+>This parameter is applied as a mask (OR'ed with) to the 
+		changed permission bits, thus forcing any bits in this mask that 
+		the user may have modified to be on. Essentially, one bits in this 
+		mask may be treated as a set of bits that, when modifying security 
+		on a file, the user has always set to be 'on'.</P
+><P
+>If not set explicitly this parameter is set to 0,
+		and allows a user to modify all the user/group/world permissions on a file,
+		with no restrictions.</P
+><P
+><EM
+>Note</EM
+> that users who can access 
+		the Samba server through other means can easily bypass this restriction, 
+		so it is primarily useful for standalone "appliance" systems.  
+		Administrators of most normal systems will probably want to leave
+		this set to 0000.</P
+><P
+>See also the <A
+HREF="#FORCEDIRECTORYSECURITYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>		force directory security mode</I
+></TT
+></A
+>,
+		<A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory security
+		mask</I
+></TT
+></A
+>, <A
+HREF="#SECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		security mask</I
+></TT
+></A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>force security mode = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force security mode = 700</B
+></P
+></DD
+><DT
+><A
+NAME="FORCEUNKNOWNACLUSER"
+></A
+>force unknown acl user (S)</DT
+><DD
+><P
+>If this parameter is set, a Windows NT ACL that contains
+		an unknown SID (security descriptor, or representation of a user or group id)
+		as the owner or group owner of the file will be silently mapped into the
+		current UNIX uid or gid of the currently connected user.</P
+><P
+>This is designed to allow Windows NT clients to copy files and
+		folders containing ACLs that were created locally on the client machine
+		and contain users local to that machine only (no domain users) to be
+		copied to a Samba server (usually with XCOPY /O) and have the unknown
+		userid and groupid of the file owner map to the current connected user.
+		This can only be fixed correctly when winbindd allows arbitrary mapping
+		from any Windows NT SID to a UNIX uid or gid.</P
+><P
+>Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+		</P
+><P
+>See also <A
+HREF="#FORCEGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>force group
+		</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>False</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force unknown acl user = yes</B
+></P
+></DD
+><DT
+><A
+NAME="FORCEUSER"
+></A
+>force user (S)</DT
+><DD
+><P
+>This specifies a UNIX user name that will be 
+		assigned as the default user for all users connecting to this service. 
+		This is useful for sharing files. You should also use it carefully 
+		as using it incorrectly can cause security problems.</P
+><P
+>This user name only gets used once a connection is established. 
+		Thus clients still need to connect as a valid user and supply a 
+		valid password. Once connected, all file operations will be performed 
+		as the "forced user", no matter what username the client connected 
+		as.  This can be very useful.</P
+><P
+>In Samba 2.0.5 and above this parameter also causes the 
+		primary group of the forced user to be used as the primary group 
+		for all file activity. Prior to 2.0.5 the primary group was left 
+		as the primary group of the connecting user (this was a bug).</P
+><P
+>See also <A
+HREF="#FORCEGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>force group
+		</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>no forced user</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force user = auser</B
+></P
+></DD
+><DT
+><A
+NAME="FSTYPE"
+></A
+>fstype (S)</DT
+><DD
+><P
+>This parameter allows the administrator to 
+		configure the string that specifies the type of filesystem a share 
+		is using that is reported by <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)
+		</B
+></A
+> when a client queries the filesystem type
+		for a share. The default type is <TT
+CLASS="CONSTANT"
+>NTFS</TT
+> for 
+		compatibility with Windows NT but this can be changed to other 
+		strings such as <TT
+CLASS="CONSTANT"
+>Samba</TT
+> or <TT
+CLASS="CONSTANT"
+>FAT
+		</TT
+> if required.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>fstype = NTFS</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>fstype = Samba</B
+></P
+></DD
+><DT
+><A
+NAME="GETWDCACHE"
+></A
+>getwd cache (G)</DT
+><DD
+><P
+>This is a tuning option. When this is enabled a 
+		caching algorithm will be used to reduce the time taken for getwd() 
+		calls. This can have a significant impact on performance, especially 
+		when the <A
+HREF="#WIDELINKS"
+><TT
+CLASS="PARAMETER"
+><I
+>wide links</I
+></TT
+>
+		</A
+>parameter is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>getwd cache = yes</B
+></P
+></DD
+><DT
+><A
+NAME="GROUP"
+></A
+>group (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#FORCEGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+		group</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="GUESTACCOUNT"
+></A
+>guest account (S)</DT
+><DD
+><P
+>This is a username which will be used for access 
+		to services which are specified as <A
+HREF="#GUESTOK"
+><TT
+CLASS="PARAMETER"
+><I
+>		guest ok</I
+></TT
+></A
+> (see below). Whatever privileges this 
+		user has will be available to any client connecting to the guest service. 
+		Typically this user will exist in the password file, but will not
+		have a valid login. The user account "ftp" is often a good choice 
+		for this parameter. If a username is specified in a given service, 
+		the specified username overrides this one.</P
+><P
+>One some systems the default guest account "nobody" may not 
+		be able to print. Use another account in this case. You should test 
+		this by trying to log in as your guest user (perhaps by using the 
+		<B
+CLASS="COMMAND"
+>su -</B
+> command) and trying to print using the 
+		system print command such as <B
+CLASS="COMMAND"
+>lpr(1)</B
+> or <B
+CLASS="COMMAND"
+>		lp(1)</B
+>.</P
+><P
+>Default: <EM
+>specified at compile time, usually 
+		"nobody"</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>guest account = ftp</B
+></P
+></DD
+><DT
+><A
+NAME="GUESTOK"
+></A
+>guest ok (S)</DT
+><DD
+><P
+>If this parameter is <TT
+CLASS="CONSTANT"
+>yes</TT
+> for 
+		a service, then no password is required to connect to the service. 
+		Privileges will be those of the <A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>		guest account</I
+></TT
+></A
+>.</P
+><P
+>See the section below on <A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>		security</I
+></TT
+></A
+> for more information about this option.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>guest ok = no</B
+></P
+></DD
+><DT
+><A
+NAME="GUESTONLY"
+></A
+>guest only (S)</DT
+><DD
+><P
+>If this parameter is <TT
+CLASS="CONSTANT"
+>yes</TT
+> for 
+		a service, then only guest connections to the service are permitted. 
+		This parameter will have no effect if <A
+HREF="#GUESTOK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>guest ok</I
+></TT
+></A
+> is not set for the service.</P
+><P
+>See the section below on <A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>		security</I
+></TT
+></A
+> for more information about this option.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>guest only = no</B
+></P
+></DD
+><DT
+><A
+NAME="HIDEDOTFILES"
+></A
+>hide dot files (S)</DT
+><DD
+><P
+>This is a boolean parameter that controls whether 
+		files starting with a dot appear as hidden files.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>hide dot files = yes</B
+></P
+></DD
+><DT
+><A
+NAME="HIDEFILES"
+></A
+>hide files(S)</DT
+><DD
+><P
+>This is a list of files or directories that are not 
+		visible but are accessible.  The DOS 'hidden' attribute is applied 
+		to any files or directories that match.</P
+><P
+>Each entry in the list must be separated by a '/', 
+		which allows spaces to be included in the entry.  '*'
+		and '?' can be used to specify multiple files or directories 
+		as in DOS wildcards.</P
+><P
+>Each entry must be a Unix path, not a DOS path and must 
+		not include the Unix directory separator '/'.</P
+><P
+>Note that the case sensitivity option is applicable 
+		in hiding files.</P
+><P
+>Setting this parameter will affect the performance of Samba, 
+		as it will be forced to check all files and directories for a match 
+		as they are scanned.</P
+><P
+>See also <A
+HREF="#HIDEDOTFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>hide 
+		dot files</I
+></TT
+></A
+>, <A
+HREF="#VETOFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>		veto files</I
+></TT
+></A
+> and <A
+HREF="#CASESENSITIVE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>case sensitive</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>no file are hidden</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>hide files =
+		/.*/DesktopFolderDB/TrashFor%m/resource.frk/</B
+></P
+><P
+>The above example is based on files that the Macintosh 
+		SMB client (DAVE) available from <A
+HREF="http://www.thursby.com"
+TARGET="_top"
+> 
+		Thursby</A
+> creates for internal use, and also still hides 
+		all files beginning with a dot.</P
+></DD
+><DT
+><A
+NAME="HIDELOCALUSERS"
+></A
+>hide local users(G)</DT
+><DD
+><P
+>This parameter toggles the hiding of local UNIX 
+		users (root, wheel, floppy, etc) from remote clients.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>hide local users = no</B
+></P
+></DD
+><DT
+><A
+NAME="HIDEUNREADABLE"
+></A
+>hide unreadable (S)</DT
+><DD
+><P
+>This parameter prevents clients from seeing the
+		existance of files that cannot be read. Defaults to off.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>hide unreadable = no</B
+></P
+></DD
+><DT
+><A
+NAME="HOMEDIRMAP"
+></A
+>homedir map (G)</DT
+><DD
+><P
+>If<A
+HREF="#NISHOMEDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>nis homedir
+		</I
+></TT
+></A
+> is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, and <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> is also acting 
+		as a Win95/98 <TT
+CLASS="PARAMETER"
+><I
+>logon server</I
+></TT
+> then this parameter 
+		specifies the NIS (or YP) map from which the server for the user's 
+		home directory should be extracted.  At present, only the Sun 
+		auto.home map format is understood. The form of the map is:</P
+><P
+><B
+CLASS="COMMAND"
+>username	server:/some/file/system</B
+></P
+><P
+>and the program will extract the servername from before 
+		the first ':'.  There should probably be a better parsing system 
+		that copes with different map formats and also Amd (another 
+		automounter) maps.</P
+><P
+><EM
+>NOTE :</EM
+>A working NIS client is required on 
+		the system for this option to work.</P
+><P
+>See also <A
+HREF="#NISHOMEDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>nis homedir</I
+></TT
+>
+		</A
+>, <A
+HREF="#DOMAINLOGONS"
+><TT
+CLASS="PARAMETER"
+><I
+>domain logons</I
+></TT
+>
+		</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>homedir map = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>homedir map = amd.homedir</B
+></P
+></DD
+><DT
+><A
+NAME="HOSTMSDFS"
+></A
+>host msdfs (G)</DT
+><DD
+><P
+>This boolean parameter is only available 
+		if Samba has been configured and compiled with the <B
+CLASS="COMMAND"
+>		--with-msdfs</B
+> option. If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, 
+		Samba will act as a Dfs server, and  allow Dfs-aware clients 
+		to browse Dfs trees hosted on the server.</P
+><P
+>See also the <A
+HREF="#MSDFSROOT"
+><TT
+CLASS="PARAMETER"
+><I
+>		msdfs root</I
+></TT
+></A
+> share  level  parameter.  For
+		more  information  on  setting  up a Dfs tree on Samba,
+		refer to <A
+HREF="msdfs_setup.html"
+TARGET="_top"
+>msdfs_setup.html</A
+>.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>host msdfs = no</B
+></P
+></DD
+><DT
+><A
+NAME="HOSTSALLOW"
+></A
+>hosts allow (S)</DT
+><DD
+><P
+>A synonym for this parameter is <TT
+CLASS="PARAMETER"
+><I
+>allow 
+		hosts</I
+></TT
+>.</P
+><P
+>This parameter is a comma, space, or tab delimited 
+		set of hosts which are permitted to access a service.</P
+><P
+>If specified in the [global] section then it will
+		apply to all services, regardless of whether the individual 
+		service has a different setting.</P
+><P
+>You can specify the hosts by name or IP number. For 
+		example, you could restrict access to only the hosts on a 
+		Class C subnet with something like <B
+CLASS="COMMAND"
+>allow hosts = 150.203.5.
+		</B
+>. The full syntax of the list is described in the man 
+		page <TT
+CLASS="FILENAME"
+>hosts_access(5)</TT
+>. Note that this man
+		page may not be present on your system, so a brief description will
+		be given here also.</P
+><P
+>Note that the localhost address 127.0.0.1 will always 
+		be allowed access unless specifically denied by a <A
+HREF="#HOSTSDENY"
+><TT
+CLASS="PARAMETER"
+><I
+>hosts deny</I
+></TT
+></A
+> option.</P
+><P
+>You can also specify hosts by network/netmask pairs and 
+		by netgroup names if your system supports netgroups. The 
+		<EM
+>EXCEPT</EM
+> keyword can also be used to limit a 
+		wildcard list. The following examples may provide some help:</P
+><P
+>Example 1: allow all IPs in 150.203.*.*; except one</P
+><P
+><B
+CLASS="COMMAND"
+>hosts allow = 150.203. EXCEPT 150.203.6.66</B
+></P
+><P
+>Example 2: allow hosts that match the given network/netmask</P
+><P
+><B
+CLASS="COMMAND"
+>hosts allow = 150.203.15.0/255.255.255.0</B
+></P
+><P
+>Example 3: allow a couple of hosts</P
+><P
+><B
+CLASS="COMMAND"
+>hosts allow = lapland, arvidsjaur</B
+></P
+><P
+>Example 4: allow only hosts in NIS netgroup "foonet", but 
+		deny access from one particular host</P
+><P
+><B
+CLASS="COMMAND"
+>hosts allow = @foonet</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>hosts deny = pirate</B
+></P
+><P
+>Note that access still requires suitable user-level passwords.</P
+><P
+>See <A
+HREF="testparm.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>testparm(1)</B
+>
+		</A
+> for a way of testing your host access to see if it does 
+		what you expect.</P
+><P
+>Default: <EM
+>none (i.e., all hosts permitted access)
+		</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>allow hosts = 150.203.5. myhost.mynet.edu.au
+		</B
+></P
+></DD
+><DT
+><A
+NAME="HOSTSDENY"
+></A
+>hosts deny (S)</DT
+><DD
+><P
+>The opposite of <TT
+CLASS="PARAMETER"
+><I
+>hosts allow</I
+></TT
+> 
+		- hosts listed here are <EM
+>NOT</EM
+> permitted access to 
+		services unless the specific services have their own lists to override 
+		this one. Where the lists conflict, the <TT
+CLASS="PARAMETER"
+><I
+>allow</I
+></TT
+> 
+		list takes precedence.</P
+><P
+>Default: <EM
+>none (i.e., no hosts specifically excluded)
+		</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>hosts deny = 150.203.4. badhost.mynet.edu.au
+		</B
+></P
+></DD
+><DT
+><A
+NAME="HOSTSEQUIV"
+></A
+>hosts equiv (G)</DT
+><DD
+><P
+>If this global parameter is a non-null string, 
+		it specifies the name of a file to read for the names of hosts 
+		and users who will be allowed access without specifying a password.
+		</P
+><P
+>This is not be confused with <A
+HREF="#HOSTSALLOW"
+>		<TT
+CLASS="PARAMETER"
+><I
+>hosts allow</I
+></TT
+></A
+> which is about hosts 
+		access to services and is more useful for guest services. <TT
+CLASS="PARAMETER"
+><I
+>		hosts equiv</I
+></TT
+> may be useful for NT clients which will 
+		not supply passwords to Samba.</P
+><P
+><EM
+>NOTE :</EM
+> The use of <TT
+CLASS="PARAMETER"
+><I
+>hosts equiv
+		</I
+></TT
+> can be a major security hole. This is because you are 
+		trusting the PC to supply the correct username. It is very easy to 
+		get a PC to supply a false username. I recommend that the 
+		<TT
+CLASS="PARAMETER"
+><I
+>hosts equiv</I
+></TT
+> option be only used if you really 
+		know what you are doing, or perhaps on a home network where you trust 
+		your spouse and kids. And only if you <EM
+>really</EM
+> trust 
+		them :-).</P
+><P
+>Default: <EM
+>no host equivalences</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>hosts equiv = /etc/hosts.equiv</B
+></P
+></DD
+><DT
+><A
+NAME="INCLUDE"
+></A
+>include (G)</DT
+><DD
+><P
+>This allows you to include one config file 
+		inside another.  The file is included literally, as though typed 
+		in place.</P
+><P
+>It takes the standard substitutions, except <TT
+CLASS="PARAMETER"
+><I
+>%u
+		</I
+></TT
+>, <TT
+CLASS="PARAMETER"
+><I
+>%P</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>%S</I
+></TT
+>.
+		</P
+><P
+>Default: <EM
+>no file included</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>include = /usr/local/samba/lib/admin_smb.conf
+		</B
+></P
+></DD
+><DT
+><A
+NAME="INHERITACLS"
+></A
+>inherit acls (S)</DT
+><DD
+><P
+>This parameter can be used to ensure
+		that if default acls exist on parent directories,
+		they are always honored when creating a subdirectory.
+		The default behavior is to use the mode specified
+		when creating the directory.  Enabling this option
+		sets the mode to 0777, thus guaranteeing that 
+		default directory acls are propagated.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>inherit acls = no</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="INHERITPERMISSIONS"
+></A
+>inherit permissions (S)</DT
+><DD
+><P
+>The permissions on new files and directories 
+		are normally governed by <A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		create mask</I
+></TT
+></A
+>, <A
+HREF="#DIRECTORYMASK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+></A
+>, <A
+HREF="#FORCECREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+>
+		</A
+> and <A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+		directory mode</I
+></TT
+></A
+> but the boolean inherit 
+		permissions parameter overrides this.</P
+><P
+>New directories inherit the mode of the parent directory,
+		including bits such as setgid.</P
+><P
+>New files inherit their read/write bits from the parent 
+		directory.  Their execute bits continue to be determined by
+		<A
+HREF="#MAPARCHIVE"
+><TT
+CLASS="PARAMETER"
+><I
+>map archive</I
+></TT
+>
+		</A
+>, <A
+HREF="#MAPHIDDEN"
+><TT
+CLASS="PARAMETER"
+><I
+>map hidden</I
+></TT
+>
+		</A
+> and <A
+HREF="#MAPSYSTEM"
+><TT
+CLASS="PARAMETER"
+><I
+>map system</I
+></TT
+>
+		</A
+> as usual.</P
+><P
+>Note that the setuid bit is <EM
+>never</EM
+> set via 
+		inheritance (the code explicitly prohibits this).</P
+><P
+>This can be particularly useful on large systems with 
+		many users, perhaps several thousand, to allow a single [homes] 
+		share to be used flexibly by each user.</P
+><P
+>See also <A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask
+		</I
+></TT
+></A
+>, <A
+HREF="#DIRECTORYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>		directory mask</I
+></TT
+></A
+>, <A
+HREF="#FORCECREATEMODE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></A
+> and <A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+>
+		</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>inherit permissions = no</B
+></P
+></DD
+><DT
+><A
+NAME="INTERFACES"
+></A
+>interfaces (G)</DT
+><DD
+><P
+>This option allows you to override the default 
+		network interfaces list that Samba will use for browsing, name 
+		registration and other NBT traffic. By default Samba will query 
+		the kernel for the list of all active interfaces and use any 
+		interfaces except 127.0.0.1 that are broadcast capable.</P
+><P
+>The option takes a list of interface strings. Each string 
+		can be in any of the following forms:</P
+><P
+></P
+><UL
+><LI
+><P
+>a network interface name (such as eth0). 
+			This may include shell-like wildcards so eth* will match 
+			any interface starting with the substring "eth"</P
+></LI
+><LI
+><P
+>an IP address. In this case the netmask is 
+			determined from the list of interfaces obtained from the 
+			kernel</P
+></LI
+><LI
+><P
+>an IP/mask pair. </P
+></LI
+><LI
+><P
+>a broadcast/mask pair.</P
+></LI
+></UL
+><P
+>The "mask" parameters can either be a bit length (such 
+		as 24 for a C class network) or a full netmask in dotted 
+		decimal form.</P
+><P
+>The "IP" parameters above can either be a full dotted 
+		decimal IP address or a hostname which will be looked up via 
+		the OS's normal hostname resolution mechanisms.</P
+><P
+>For example, the following line:</P
+><P
+><B
+CLASS="COMMAND"
+>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
+		</B
+></P
+><P
+>would configure three network interfaces corresponding 
+		to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. 
+		The netmasks of the latter two interfaces would be set to 255.255.255.0.</P
+><P
+>See also <A
+HREF="#BINDINTERFACESONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>bind 
+		interfaces only</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>all active interfaces except 127.0.0.1 
+		that are broadcast capable</EM
+></P
+></DD
+><DT
+><A
+NAME="INVALIDUSERS"
+></A
+>invalid users (S)</DT
+><DD
+><P
+>This is a list of users that should not be allowed 
+		to login to this service. This is really a <EM
+>paranoid</EM
+> 
+		check to absolutely ensure an improper setting does not breach 
+		your security.</P
+><P
+>A name starting with a '@' is interpreted as an NIS 
+ 		netgroup first (if your system supports NIS), and then as a UNIX 
+		group if the name was not found in the NIS netgroup database.</P
+><P
+>A name starting with '+' is interpreted only 
+		by looking in the UNIX group database. A name starting with 
+		'&#38;' is interpreted only by looking in the NIS netgroup database 
+		(this requires NIS to be working on your system). The characters 
+		'+' and '&#38;' may be used at the start of the name in either order 
+		so the value <TT
+CLASS="PARAMETER"
+><I
+>+&#38;group</I
+></TT
+> means check the 
+		UNIX group database, followed by the NIS netgroup database, and 
+		the value <TT
+CLASS="PARAMETER"
+><I
+>&#38;+group</I
+></TT
+> means check the NIS
+		netgroup database, followed by the UNIX group database (the 
+		same as the '@' prefix).</P
+><P
+>The current servicename is substituted for <TT
+CLASS="PARAMETER"
+><I
+>%S</I
+></TT
+>. 
+		This is useful in the [homes] section.</P
+><P
+>See also <A
+HREF="#VALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>valid users
+		</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>no invalid users</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>invalid users = root fred admin @wheel
+		</B
+></P
+></DD
+><DT
+><A
+NAME="KEEPALIVE"
+></A
+>keepalive (G)</DT
+><DD
+><P
+>The value of the parameter (an integer) represents 
+		the number of seconds between <TT
+CLASS="PARAMETER"
+><I
+>keepalive</I
+></TT
+> 
+		packets. If this parameter is zero, no keepalive packets will be 
+		sent. Keepalive packets, if sent, allow the server to tell whether 
+		a client is still present and responding.</P
+><P
+>Keepalives should, in general, not be needed if the socket 
+		being used has the SO_KEEPALIVE attribute set on it (see <A
+HREF="#SOCKETOPTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>socket options</I
+></TT
+></A
+>). 
+		Basically you should only use this option if you strike difficulties.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>keepalive = 300</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>keepalive = 600</B
+></P
+></DD
+><DT
+><A
+NAME="KERNELOPLOCKS"
+></A
+>kernel oplocks (G)</DT
+><DD
+><P
+>For UNIXes that support kernel based <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+></A
+>
+		(currently only IRIX and the Linux 2.4 kernel), this parameter 
+		allows the use of them to be turned on or off.</P
+><P
+>Kernel oplocks support allows Samba <TT
+CLASS="PARAMETER"
+><I
+>oplocks
+		</I
+></TT
+> to be broken whenever a local UNIX process or NFS operation 
+		accesses a file that <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+>
+		</A
+> has oplocked. This allows complete data consistency between 
+		SMB/CIFS, NFS and local file access (and is a <EM
+>very</EM
+> 
+		cool feature :-).</P
+><P
+>This parameter defaults to <TT
+CLASS="CONSTANT"
+>on</TT
+>, but is translated
+		to a no-op on systems that no not have the necessary kernel support.
+		You should never need to touch this parameter.</P
+><P
+>See also the <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+>
+		</A
+> and <A
+HREF="#LEVEL2OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>level2 oplocks
+		</I
+></TT
+></A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>kernel oplocks = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LANMANAUTH"
+></A
+>lanman auth (G)</DT
+><DD
+><P
+>This parameter determines whether or not <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> will
+		attempt to authenticate users using the LANMAN password hash.
+		If disabled, only clients which support NT password hashes (e.g. Windows 
+		NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
+		network client) will be able to connect to the Samba host.</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>lanman auth = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LARGEREADWRITE"
+></A
+>large readwrite (G)</DT
+><DD
+><P
+>This parameter determines whether or not <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+>
+		supports the new 64k streaming read and write varient SMB requests introduced
+		with Windows 2000. Note that due to Windows 2000 client redirector bugs
+		this requires Samba to be running on a 64-bit capable operating system such
+		as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
+		Windows 2000 clients. Defaults to on. Windows NT 4.0 only supports
+		read version of this call, and ignores the write version.
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>large readwrite = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPADMINDN"
+></A
+>ldap admin dn (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		The <TT
+CLASS="PARAMETER"
+><I
+>ldap admin dn</I
+></TT
+> defines the Distinguished 
+		Name (DN) name used by Samba to contact the <A
+HREF="#LDAPSERVER"
+>ldap
+		server</A
+> when retreiving user account information. The <TT
+CLASS="PARAMETER"
+><I
+>ldap
+		admin dn</I
+></TT
+> is used in conjunction with the admin dn password
+		stored in the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> file.  See the
+		<A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+> man
+		page for more information on how to accmplish this.
+		</P
+><P
+>Default : <EM
+>none</EM
+></P
+></DD
+><DT
+><A
+NAME="LDAPFILTER"
+></A
+>ldap filter (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This parameter specifies the RFC 2254 compliant LDAP search filter.
+		The default is to match the login name with the <TT
+CLASS="CONSTANT"
+>uid</TT
+> 
+		attribute for all entries matching the <TT
+CLASS="CONSTANT"
+>sambaAccount</TT
+>		
+		objectclass.  Note that this filter should only return one entry.
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap filter = (&#38;(uid=%u)(objectclass=sambaAccount))</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPPORT"
+></A
+>ldap port (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This option is used to control the tcp port number used to contact
+		the <A
+HREF="#LDAPSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap server</I
+></TT
+></A
+>.
+		The default is to use the stand LDAPS port 636.
+		</P
+><P
+>See Also: <A
+HREF="#LDAPSSL"
+>ldap ssl</A
+>
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap port = 636 ; if ldap ssl = on</B
+></P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap port = 389 ; if ldap ssl = off</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPSERVER"
+></A
+>ldap server (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This parameter should contains the FQDN of the ldap directory 
+		server which should be queried to locate user account information.
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap server = localhost</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPSSL"
+></A
+>ldap ssl (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This option is used to define whether or not Samba should
+		use SSL when connecting to the <A
+HREF="#LDAPSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap
+		server</I
+></TT
+></A
+>.  This is <EM
+>NOT</EM
+> related to
+		Samba SSL support which is enabled by specifying the 
+		<B
+CLASS="COMMAND"
+>--with-ssl</B
+> option to the <TT
+CLASS="FILENAME"
+>configure</TT
+> 
+		script (see <A
+HREF="#SSL"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl</I
+></TT
+></A
+>).
+		</P
+><P
+>		The <TT
+CLASS="PARAMETER"
+><I
+>ldap ssl</I
+></TT
+> can be set to one of three values:
+		(a) <TT
+CLASS="CONSTANT"
+>on</TT
+> - Always use SSL when contacting the 
+		<TT
+CLASS="PARAMETER"
+><I
+>ldap	server</I
+></TT
+>, (b) <TT
+CLASS="CONSTANT"
+>off</TT
+> -
+		Never use SSL when querying the directory, or (c) <TT
+CLASS="CONSTANT"
+>start_tls</TT
+> 
+		- Use the LDAPv3 StartTLS extended operation 
+		(RFC2830) for communicating with the directory server.
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap ssl = on</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPSUFFIX"
+></A
+>ldap suffix (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>Default : <EM
+>none</EM
+></P
+></DD
+><DT
+><A
+NAME="LEVEL2OPLOCKS"
+></A
+>level2 oplocks (S)</DT
+><DD
+><P
+>This parameter controls whether Samba supports
+		level2 (read-only) oplocks on a share.</P
+><P
+>Level2, or read-only oplocks allow Windows NT clients 
+		that have an oplock on a file to downgrade from a read-write oplock 
+		to a read-only oplock once a second client opens the file (instead 
+		of releasing all oplocks on a second open, as in traditional, 
+		exclusive oplocks). This allows all openers of the file that 
+		support level2 oplocks to cache the file for read-ahead only (ie. 
+		they may not cache writes or lock requests) and increases performance 
+		for many accesses of files that are not commonly written (such as 
+		application .EXE files).</P
+><P
+>Once one of the clients which have a read-only oplock 
+		writes to the file all clients are notified (no reply is needed 
+		or waited for) and told to break their oplocks to "none" and 
+		delete any read-ahead caches.</P
+><P
+>It is recommended that this parameter be turned on 
+		to speed access to shared executables.</P
+><P
+>For more discussions on level2 oplocks see the CIFS spec.</P
+><P
+>Currently, if <A
+HREF="#KERNELOPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>kernel 
+		oplocks</I
+></TT
+></A
+> are supported then level2 oplocks are 
+		not granted (even if this parameter is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>). 
+		Note also, the <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+>
+		</A
+> parameter must be set to <TT
+CLASS="CONSTANT"
+>yes</TT
+> on this share in order for 
+		this parameter to have any effect.</P
+><P
+>See also the <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+>
+		</A
+> and <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>kernel oplocks</I
+></TT
+>
+		</A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>level2 oplocks = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LMANNOUNCE"
+></A
+>lm announce (G)</DT
+><DD
+><P
+>This parameter determines if <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>nmbd(8)</B
+></A
+> will produce Lanman announce 
+		broadcasts that are needed by OS/2 clients in order for them to see 
+		the Samba server in their browse list. This parameter can have three 
+		values, <TT
+CLASS="CONSTANT"
+>yes</TT
+>, <TT
+CLASS="CONSTANT"
+>no</TT
+>, or
+		<TT
+CLASS="CONSTANT"
+>auto</TT
+>. The default is <TT
+CLASS="CONSTANT"
+>auto</TT
+>.  
+		If set to <TT
+CLASS="CONSTANT"
+>no</TT
+> Samba will never produce these 
+		broadcasts. If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+> Samba will produce 
+		Lanman announce broadcasts at a frequency set by the parameter 
+		<TT
+CLASS="PARAMETER"
+><I
+>lm interval</I
+></TT
+>. If set to <TT
+CLASS="CONSTANT"
+>auto</TT
+> 
+		Samba will not send Lanman announce broadcasts by default but will 
+		listen for them. If it hears such a broadcast on the wire it will 
+		then start sending them at a frequency set by the parameter 
+		<TT
+CLASS="PARAMETER"
+><I
+>lm interval</I
+></TT
+>.</P
+><P
+>See also <A
+HREF="#LMINTERVAL"
+><TT
+CLASS="PARAMETER"
+><I
+>lm interval
+		</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>lm announce = auto</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>lm announce = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LMINTERVAL"
+></A
+>lm interval (G)</DT
+><DD
+><P
+>If Samba is set to produce Lanman announce 
+		broadcasts needed by OS/2 clients (see the <A
+HREF="#LMANNOUNCE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>lm announce</I
+></TT
+></A
+> parameter) then this 
+		parameter defines the frequency in seconds with which they will be 
+		made.  If this is set to zero then no Lanman announcements will be 
+		made despite the setting of the <TT
+CLASS="PARAMETER"
+><I
+>lm announce</I
+></TT
+> 
+		parameter.</P
+><P
+>See also <A
+HREF="#LMANNOUNCE"
+><TT
+CLASS="PARAMETER"
+><I
+>lm 
+		announce</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>lm interval = 60</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>lm interval = 120</B
+></P
+></DD
+><DT
+><A
+NAME="LOADPRINTERS"
+></A
+>load printers (G)</DT
+><DD
+><P
+>A boolean variable that controls whether all 
+		printers in the printcap will be loaded for browsing by default. 
+		See the <A
+HREF="#AEN79"
+>printers</A
+> section for 
+		more details.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>load printers = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LOCALMASTER"
+></A
+>local master (G)</DT
+><DD
+><P
+>This option allows <A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>		nmbd(8)</B
+></A
+> to try and become a local master browser 
+		on a subnet. If set to <TT
+CLASS="CONSTANT"
+>no</TT
+> then <B
+CLASS="COMMAND"
+>		nmbd</B
+> will not attempt to become a local master browser 
+		on a subnet and will also lose in all browsing elections. By
+		default this value is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>. Setting this value to <TT
+CLASS="CONSTANT"
+>yes</TT
+> doesn't
+		mean that Samba will <EM
+>become</EM
+> the local master 
+		browser on a subnet, just that <B
+CLASS="COMMAND"
+>nmbd</B
+> will <EM
+>		participate</EM
+> in elections for local master browser.</P
+><P
+>Setting this value to <TT
+CLASS="CONSTANT"
+>no</TT
+> will cause <B
+CLASS="COMMAND"
+>nmbd</B
+>
+		<EM
+>never</EM
+> to become a local master browser.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>local master = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LOCKDIR"
+></A
+>lock dir (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#LOCKDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>		lock directory</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="LOCKDIRECTORY"
+></A
+>lock directory (G)</DT
+><DD
+><P
+>This option specifies the directory where lock 
+		files will be placed.  The lock files are used to implement the 
+		<A
+HREF="#MAXCONNECTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>max connections</I
+></TT
+>
+		</A
+> option.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>lock directory = ${prefix}/var/locks</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>lock directory = /var/run/samba/locks</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="LOCKSPINCOUNT"
+></A
+>lock spin count (G)</DT
+><DD
+><P
+>This parameter controls the number of times
+		that smbd should attempt to gain a byte range lock on the 
+		behalf of a client request.  Experiments have shown that
+		Windows 2k servers do not reply with a failure if the lock
+		could not be immediately granted, but try a few more times
+		in case the lock could later be aquired.  This behavior
+		is used to support PC database formats such as MS Access
+		and FoxPro.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>lock spin count = 2</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="LOCKSPINTIME"
+></A
+>lock spin time (G)</DT
+><DD
+><P
+>The time in microseconds that smbd should 
+		pause before attempting to gain a failed lock.  See
+		<A
+HREF="#LOCKSPINCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>lock spin 
+		count</I
+></TT
+></A
+> for more details.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>lock spin time = 10</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="LOCKING"
+></A
+>locking (S)</DT
+><DD
+><P
+>This controls whether or not locking will be 
+		performed by the server in response to lock requests from the 
+		client.</P
+><P
+>If <B
+CLASS="COMMAND"
+>locking = no</B
+>, all lock and unlock 
+		requests will appear to succeed and all lock queries will report 
+		that the file in question is available for locking.</P
+><P
+>If <B
+CLASS="COMMAND"
+>locking = yes</B
+>, real locking will be performed 
+		by the server.</P
+><P
+>This option <EM
+>may</EM
+> be useful for read-only 
+		filesystems which <EM
+>may</EM
+> not need locking (such as 
+		CDROM drives), although setting this parameter of <TT
+CLASS="CONSTANT"
+>no</TT
+> 
+		is not really recommended even in this case.</P
+><P
+>Be careful about disabling locking either globally or in a 
+		specific service, as lack of locking may result in data corruption. 
+		You should never need to set this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>locking = yes</B
+></P
+></DD
+><DT
+><A
+NAME="LOGFILE"
+></A
+>log file (G)</DT
+><DD
+><P
+>This option allows you to override the name 
+		of the Samba log file (also known as the debug file).</P
+><P
+>This option takes the standard substitutions, allowing 
+		you to have separate log files for each user or machine.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>log file = /usr/local/samba/var/log.%m
+		</B
+></P
+></DD
+><DT
+><A
+NAME="LOGLEVEL"
+></A
+>log level (G)</DT
+><DD
+><P
+>The value of the parameter (an integer) allows 
+		the debug level (logging level) to be specified in the 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. This is to give greater 
+		flexibility in the configuration of the system.</P
+><P
+>The default will be the log level specified on 
+		the command line or level zero if none was specified.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>log level = 3</B
+></P
+></DD
+><DT
+><A
+NAME="LOGONDRIVE"
+></A
+>logon drive (G)</DT
+><DD
+><P
+>This parameter specifies the local path to 
+		which the home directory will be connected (see <A
+HREF="#LOGONHOME"
+><TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+></A
+>) 
+		and is only used by NT Workstations. </P
+><P
+>Note that this option is only useful if Samba is set up as a
+		logon server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>logon drive = z:</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>logon drive = h:</B
+></P
+></DD
+><DT
+><A
+NAME="LOGONHOME"
+></A
+>logon home (G)</DT
+><DD
+><P
+>This parameter specifies the home directory 
+		location when a Win95/98 or NT Workstation logs into a Samba PDC.  
+		It allows you to do </P
+><P
+><TT
+CLASS="PROMPT"
+>C:\&#62; </TT
+><TT
+CLASS="USERINPUT"
+><B
+>NET USE H: /HOME</B
+></TT
+>
+		</P
+><P
+>from a command prompt, for example.</P
+><P
+>This option takes the standard substitutions, allowing 
+		you to have separate logon scripts for each user or machine.</P
+><P
+>This parameter can be used with Win9X workstations to ensure 
+		that roaming profiles are stored in a subdirectory of the user's 
+		home directory.  This is done in the following way:</P
+><P
+><B
+CLASS="COMMAND"
+>logon home = \\%N\%U\profile</B
+></P
+><P
+>This tells Samba to return the above string, with 
+		substitutions made when a client requests the info, generally 
+		in a NetUserGetInfo request.  Win9X clients truncate the info to
+		\\server\share when a user does <B
+CLASS="COMMAND"
+>net use /home</B
+>
+		but use the whole string when dealing with profiles.</P
+><P
+>Note that in prior versions of Samba, the <A
+HREF="#LOGONPATH"
+>		<TT
+CLASS="PARAMETER"
+><I
+>logon path</I
+></TT
+></A
+> was returned rather than 
+		<TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+>.  This broke <B
+CLASS="COMMAND"
+>net use 
+		/home</B
+> but allowed profiles outside the home directory.  
+		The current implementation is correct, and can be used for 
+		profiles if you use the above trick.</P
+><P
+>This option is only useful if Samba is set up as a logon 
+		server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>logon home = "\\%N\%U"</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>logon home = "\\remote_smb_server\%U"</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="LOGONPATH"
+></A
+>logon path (G)</DT
+><DD
+><P
+>This parameter specifies the home directory 
+		where roaming profiles (NTuser.dat etc files for Windows NT) are 
+		stored.  Contrary to previous versions of these manual pages, it has 
+		nothing to do with Win 9X roaming profiles.  To find out how to 
+		handle roaming profiles for Win 9X system, see the <A
+HREF="#LOGONHOME"
+>		<TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+></A
+> parameter.</P
+><P
+>This option takes the standard substitutions, allowing you 
+		to have separate logon scripts for each user or machine.  It also 
+		specifies the directory from which the "Application Data", 
+		(<TT
+CLASS="FILENAME"
+>desktop</TT
+>, <TT
+CLASS="FILENAME"
+>start menu</TT
+>,
+		<TT
+CLASS="FILENAME"
+>network neighborhood</TT
+>, <TT
+CLASS="FILENAME"
+>programs</TT
+> 
+		and other folders, and their contents, are loaded and displayed on 
+		your Windows NT client.</P
+><P
+>The share and the path must be readable by the user for 
+		the preferences and directories to be loaded onto the Windows NT
+		client.  The share must be writeable when the user logs in for the first
+		time, in order that the Windows NT client can create the NTuser.dat
+		and other directories.</P
+><P
+>Thereafter, the directories and any of the contents can, 
+		if required, be made read-only.  It is not advisable that the 
+		NTuser.dat file be made read-only - rename it to NTuser.man to 
+		achieve the desired effect (a <EM
+>MAN</EM
+>datory 
+		profile). </P
+><P
+>Windows clients can sometimes maintain a connection to 
+		the [homes] share, even though there is no user logged in.  
+		Therefore, it is vital that the logon path does not include a 
+		reference to the homes share (i.e. setting this parameter to
+		\%N\%U\profile_path will cause problems).</P
+><P
+>This option takes the standard substitutions, allowing 
+		you to have separate logon scripts for each user or machine.</P
+><P
+>Note that this option is only useful if Samba is set up 
+		as a logon server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>logon path = \\%N\%U\profile</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>logon path = \\PROFILESERVER\PROFILE\%U</B
+></P
+></DD
+><DT
+><A
+NAME="LOGONSCRIPT"
+></A
+>logon script (G)</DT
+><DD
+><P
+>This parameter specifies the batch file (.bat) or 
+		NT command file (.cmd) to be downloaded and run on a machine when 
+		a user successfully logs in.  The file must contain the DOS 
+		style CR/LF line endings. Using a DOS-style editor to create the 
+		file is recommended.</P
+><P
+>The script must be a relative path to the [netlogon] 
+		service.  If the [netlogon] service specifies a <A
+HREF="#PATH"
+>		<TT
+CLASS="PARAMETER"
+><I
+>path</I
+></TT
+></A
+> of <TT
+CLASS="FILENAME"
+>/usr/local/samba/netlogon
+		</TT
+>, and <B
+CLASS="COMMAND"
+>logon script = STARTUP.BAT</B
+>, then 
+		the file that will be downloaded is:</P
+><P
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/netlogon/STARTUP.BAT</TT
+></P
+><P
+>The contents of the batch file are entirely your choice.  A 
+		suggested command would be to add <B
+CLASS="COMMAND"
+>NET TIME \\SERVER /SET 
+		/YES</B
+>, to force every machine to synchronize clocks with 
+		the same time server.  Another use would be to add <B
+CLASS="COMMAND"
+>NET USE 
+		U: \\SERVER\UTILS</B
+> for commonly used utilities, or <B
+CLASS="COMMAND"
+>		NET USE Q: \\SERVER\ISO9001_QA</B
+> for example.</P
+><P
+>Note that it is particularly important not to allow write 
+		access to the [netlogon] share, or to grant users write permission 
+		on the batch files in a secure environment, as this would allow 
+		the batch files to be arbitrarily modified and security to be 
+		breached.</P
+><P
+>This option takes the standard substitutions, allowing you 
+		to have separate logon scripts for each user or machine.</P
+><P
+>This option is only useful if Samba is set up as a logon 
+		server.</P
+><P
+>Default: <EM
+>no logon script defined</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>logon script = scripts\%U.bat</B
+></P
+></DD
+><DT
+><A
+NAME="LPPAUSECOMMAND"
+></A
+>lppause command (S)</DT
+><DD
+><P
+>This parameter specifies the command to be 
+		executed on the server host in order to stop printing or spooling 
+		a specific print job.</P
+><P
+>This command should be a program or script which takes 
+		a printer name and job number to pause the print job. One way 
+		of implementing this is by using job priorities, where jobs 
+		having a too low priority won't be sent to the printer.</P
+><P
+>If a <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is given then the printer name 
+		is put in its place. A <TT
+CLASS="PARAMETER"
+><I
+>%j</I
+></TT
+> is replaced with 
+		the job number (an integer).  On HPUX (see <TT
+CLASS="PARAMETER"
+><I
+>printing=hpux
+		</I
+></TT
+>), if the <TT
+CLASS="PARAMETER"
+><I
+>-p%p</I
+></TT
+> option is added 
+		to the lpq command, the job will show up with the correct status, i.e. 
+		if the job priority is lower than the set fence priority it will 
+		have the PAUSED status, whereas if  the priority is equal or higher it 
+		will have the SPOOLED or PRINTING status.</P
+><P
+>Note that it is good practice to include the absolute path 
+		in the lppause command as the PATH may not be available to the server.</P
+><P
+>See also the <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: Currently no default value is given to 
+		this string, unless the value of the <TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+> 
+		parameter is <TT
+CLASS="CONSTANT"
+>SYSV</TT
+>, in which case the default is :</P
+><P
+><B
+CLASS="COMMAND"
+>lp -i %p-%j -H hold</B
+></P
+><P
+>or if the value of the <TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+> parameter 
+		is <TT
+CLASS="CONSTANT"
+>SOFTQ</TT
+>, then the default is:</P
+><P
+><B
+CLASS="COMMAND"
+>qstat -s -j%j -h</B
+></P
+><P
+>Example for HPUX: <B
+CLASS="COMMAND"
+>lppause command = /usr/bin/lpalt 	
+		%p-%j -p0</B
+></P
+></DD
+><DT
+><A
+NAME="LPQCACHETIME"
+></A
+>lpq cache time (G)</DT
+><DD
+><P
+>This controls how long lpq info will be cached 
+		for to prevent the <B
+CLASS="COMMAND"
+>lpq</B
+> command being called too 
+		often. A separate cache is kept for each variation of the <B
+CLASS="COMMAND"
+>		lpq</B
+> command used by the system, so if you use different 
+		<B
+CLASS="COMMAND"
+>lpq</B
+> commands for different users then they won't
+		share cache information.</P
+><P
+>The cache files are stored in <TT
+CLASS="FILENAME"
+>/tmp/lpq.xxxx</TT
+> 
+		where xxxx is a hash of the <B
+CLASS="COMMAND"
+>lpq</B
+> command in use.</P
+><P
+>The default is 10 seconds, meaning that the cached results 
+		of a previous identical <B
+CLASS="COMMAND"
+>lpq</B
+> command will be used 
+		if the cached data is less than 10 seconds old. A large value may 
+		be advisable if your <B
+CLASS="COMMAND"
+>lpq</B
+> command is very slow.</P
+><P
+>A value of 0 will disable caching completely.</P
+><P
+>See also the <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>lpq cache time = 10</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>lpq cache time = 30</B
+></P
+></DD
+><DT
+><A
+NAME="LPQCOMMAND"
+></A
+>lpq command (S)</DT
+><DD
+><P
+>This parameter specifies the command to be 
+		executed on the server host in order to obtain <B
+CLASS="COMMAND"
+>lpq
+		</B
+>-style printer status information.</P
+><P
+>This command should be a program or script which 
+		takes a printer name as its only parameter and outputs printer 
+		status information.</P
+><P
+>Currently nine styles of printer status information 
+		are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. 
+		This covers most UNIX systems. You control which type is expected 
+		using the <TT
+CLASS="PARAMETER"
+><I
+>printing =</I
+></TT
+> option.</P
+><P
+>Some clients (notably Windows for Workgroups) may not 
+		correctly send the connection number for the printer they are 
+		requesting status information about. To get around this, the 
+		server reports on the first printer service connected to by the 
+		client. This only happens if the connection number sent is invalid.</P
+><P
+>If a <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is given then the printer name 
+		is put in its place. Otherwise it is placed at the end of the 
+		command.</P
+><P
+>Note that it is good practice to include the absolute path 
+		in the <TT
+CLASS="PARAMETER"
+><I
+>lpq command</I
+></TT
+> as the <TT
+CLASS="ENVAR"
+>$PATH
+		</TT
+> may not be available to the server.  When compiled with
+		the CUPS libraries, no <TT
+CLASS="PARAMETER"
+><I
+>lpq command</I
+></TT
+> is
+		needed because smbd will make a library call to obtain the 
+		print queue listing.</P
+><P
+>See also the <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <EM
+>depends on the setting of <TT
+CLASS="PARAMETER"
+><I
+>		printing</I
+></TT
+></EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>lpq command = /usr/bin/lpq -P%p</B
+></P
+></DD
+><DT
+><A
+NAME="LPRESUMECOMMAND"
+></A
+>lpresume command (S)</DT
+><DD
+><P
+>This parameter specifies the command to be 
+		executed on the server host in order to restart or continue 
+		printing or spooling a specific print job.</P
+><P
+>This command should be a program or script which takes 
+		a printer name and job number to resume the print job. See 
+		also the <A
+HREF="#LPPAUSECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>lppause command
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>If a <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is given then the printer name 
+		is put in its place. A <TT
+CLASS="PARAMETER"
+><I
+>%j</I
+></TT
+> is replaced with 
+		the job number (an integer).</P
+><P
+>Note that it is good practice to include the absolute path 
+		in the <TT
+CLASS="PARAMETER"
+><I
+>lpresume command</I
+></TT
+> as the PATH may not 
+		be available to the server.</P
+><P
+>See also the <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: Currently no default value is given 
+		to this string, unless the value of the <TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+> 
+		parameter is <TT
+CLASS="CONSTANT"
+>SYSV</TT
+>, in which case the default is :</P
+><P
+><B
+CLASS="COMMAND"
+>lp -i %p-%j -H resume</B
+></P
+><P
+>or if the value of the <TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+> parameter 
+		is <TT
+CLASS="CONSTANT"
+>SOFTQ</TT
+>, then the default is:</P
+><P
+><B
+CLASS="COMMAND"
+>qstat -s -j%j -r</B
+></P
+><P
+>Example for HPUX: <B
+CLASS="COMMAND"
+>lpresume command = /usr/bin/lpalt 
+		%p-%j -p2</B
+></P
+></DD
+><DT
+><A
+NAME="LPRMCOMMAND"
+></A
+>lprm command (S)</DT
+><DD
+><P
+>This parameter specifies the command to be 
+		executed on the server host in order to delete a print job.</P
+><P
+>This command should be a program or script which takes 
+		a printer name and job number, and deletes the print job.</P
+><P
+>If a <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is given then the printer name 
+		is put in its place. A <TT
+CLASS="PARAMETER"
+><I
+>%j</I
+></TT
+> is replaced with 
+		the job number (an integer).</P
+><P
+>Note that it is good practice to include the absolute 
+		path in the <TT
+CLASS="PARAMETER"
+><I
+>lprm command</I
+></TT
+> as the PATH may not be 
+		available to the server.</P
+><P
+>See also the <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <EM
+>depends on the setting of <TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></EM
+></P
+><P
+>Example 1: <B
+CLASS="COMMAND"
+>lprm command = /usr/bin/lprm -P%p %j
+		</B
+></P
+><P
+>Example 2: <B
+CLASS="COMMAND"
+>lprm command = /usr/bin/cancel %p-%j
+		</B
+></P
+></DD
+><DT
+><A
+NAME="MACHINEPASSWORDTIMEOUT"
+></A
+>machine password timeout (G)</DT
+><DD
+><P
+>If a Samba server is a member of a Windows 
+		NT Domain (see the <A
+HREF="#SECURITYEQUALSDOMAIN"
+>security = domain</A
+>) 
+		parameter) then periodically a running <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		smbd(8)</A
+> process will try and change the MACHINE ACCOUNT 
+		PASSWORD stored in the TDB called <TT
+CLASS="FILENAME"
+>private/secrets.tdb
+		</TT
+>.  This parameter specifies how often this password 
+		will be changed, in seconds. The default is one week (expressed in 
+		seconds), the same as a Windows NT Domain member server.</P
+><P
+>See also <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)
+		</B
+></A
+>, and the <A
+HREF="#SECURITYEQUALSDOMAIN"
+>		security = domain</A
+>) parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>machine password timeout = 604800</B
+></P
+></DD
+><DT
+><A
+NAME="MAGICOUTPUT"
+></A
+>magic output (S)</DT
+><DD
+><P
+>This parameter specifies the name of a file 
+		which will contain output created by a magic script (see the 
+		<A
+HREF="#MAGICSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>magic script</I
+></TT
+></A
+>
+		parameter below).</P
+><P
+>Warning: If two clients use the same <TT
+CLASS="PARAMETER"
+><I
+>magic script
+		</I
+></TT
+> in the same directory the output file content
+		is undefined.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>magic output = &#60;magic script name&#62;.out
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>magic output = myfile.txt</B
+></P
+></DD
+><DT
+><A
+NAME="MAGICSCRIPT"
+></A
+>magic script (S)</DT
+><DD
+><P
+>This parameter specifies the name of a file which, 
+		if opened, will be executed by the server when the file is closed. 
+		This allows a UNIX script to be sent to the Samba host and 
+		executed on behalf of the connected user.</P
+><P
+>Scripts executed in this way will be deleted upon 
+		completion assuming that the user has the appropriate level 
+		of privilege and the file permissions allow the deletion.</P
+><P
+>If the script generates output, output will be sent to 
+		the file specified by the <A
+HREF="#MAGICOUTPUT"
+><TT
+CLASS="PARAMETER"
+><I
+>		magic output</I
+></TT
+></A
+> parameter (see above).</P
+><P
+>Note that some shells are unable to interpret scripts 
+		containing CR/LF instead of CR as 
+		the end-of-line marker. Magic scripts must be executable 
+		<EM
+>as is</EM
+> on the host, which for some hosts and 
+		some shells will require filtering at the DOS end.</P
+><P
+>Magic scripts are <EM
+>EXPERIMENTAL</EM
+> and 
+		should <EM
+>NOT</EM
+> be relied upon.</P
+><P
+>Default: <EM
+>None. Magic scripts disabled.</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>magic script = user.csh</B
+></P
+></DD
+><DT
+><A
+NAME="MANGLECASE"
+></A
+>mangle case (S)</DT
+><DD
+><P
+>See the section on <A
+HREF="#AEN203"
+>		NAME MANGLING</A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangle case = no</B
+></P
+></DD
+><DT
+><A
+NAME="MANGLEDMAP"
+></A
+>mangled map (S)</DT
+><DD
+><P
+>This is for those who want to directly map UNIX 
+		file names which cannot be represented on Windows/DOS.  The mangling 
+		of names is not always what is needed.  In particular you may have 
+		documents with file extensions that differ between DOS and UNIX. 
+		For example, under UNIX it is common to use <TT
+CLASS="FILENAME"
+>.html</TT
+> 
+		for HTML files, whereas under Windows/DOS <TT
+CLASS="FILENAME"
+>.htm</TT
+> 
+		is more commonly used.</P
+><P
+>So to map <TT
+CLASS="FILENAME"
+>html</TT
+> to <TT
+CLASS="FILENAME"
+>htm</TT
+> 
+		you would use:</P
+><P
+><B
+CLASS="COMMAND"
+>mangled map = (*.html *.htm)</B
+></P
+><P
+>One very useful case is to remove the annoying <TT
+CLASS="FILENAME"
+>;1
+		</TT
+> off the ends of filenames on some CDROMs (only visible 
+		under some UNIXes). To do this use a map of (*;1 *;).</P
+><P
+>Default: <EM
+>no mangled map</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>mangled map = (*;1 *;)</B
+></P
+></DD
+><DT
+><A
+NAME="MANGLEDNAMES"
+></A
+>mangled names (S)</DT
+><DD
+><P
+>This controls whether non-DOS names under UNIX 
+		should be mapped to DOS-compatible names ("mangled") and made visible, 
+		or whether non-DOS names should simply be ignored.</P
+><P
+>See the section on <A
+HREF="#AEN203"
+>		NAME MANGLING</A
+> for details on how to control the mangling process.</P
+><P
+>If mangling algorithm "hash" is used then the mangling algorithm is as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>The first (up to) five alphanumeric characters 
+			before the rightmost dot of the filename are preserved, forced 
+			to upper case, and appear as the first (up to) five characters 
+			of the mangled name.</P
+></LI
+><LI
+><P
+>A tilde "~" is appended to the first part of the mangled
+			name, followed by a two-character unique sequence, based on the
+			original root name (i.e., the original filename minus its final
+			extension). The final extension is included in the hash calculation
+			only if it contains any upper case characters or is longer than three
+			characters.</P
+><P
+>Note that the character to use may be specified using 
+			the <A
+HREF="#MANGLINGCHAR"
+><TT
+CLASS="PARAMETER"
+><I
+>mangling char</I
+></TT
+>
+			</A
+> option, if you don't like '~'.</P
+></LI
+><LI
+><P
+>The first three alphanumeric characters of the final 
+			extension are preserved, forced to upper case and appear as the 
+			extension of the mangled name. The final extension is defined as that 
+			part of the original filename after the rightmost dot. If there are no 
+			dots in the filename, the mangled name will have no extension (except 
+			in the case of "hidden files" - see below).</P
+></LI
+><LI
+><P
+>Files whose UNIX name begins with a dot will be 
+			presented as DOS hidden files. The mangled name will be created as 
+			for other filenames, but with the leading dot removed and "___" as 
+			its extension regardless of actual original extension (that's three 
+			underscores).</P
+></LI
+></UL
+><P
+>The two-digit hash value consists of upper case 
+		alphanumeric characters.</P
+><P
+>This algorithm can cause name collisions only if files 
+		in a directory share the same first five alphanumeric characters. 
+		The probability of such a clash is 1/1300.</P
+><P
+>If mangling algorithm "hash2" is used then the mangling algorithm is as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>The first alphanumeric character 
+			before the rightmost dot of the filename is preserved, forced 
+			to upper case, and appears as the first character of the mangled name.
+			</P
+></LI
+><LI
+><P
+>A base63 hash of 5 characters is generated and the
+			first 4 characters of that hash are appended to the first character.
+			</P
+></LI
+><LI
+><P
+>A tilde "~" is appended to the first part of the mangled
+			name, followed by the final character of the base36 hash of the name.
+			</P
+><P
+>Note that the character to use may be specified using 
+			the <A
+HREF="#MANGLINGCHAR"
+><TT
+CLASS="PARAMETER"
+><I
+>mangling char</I
+></TT
+>
+			</A
+> option, if you don't like '~'.</P
+></LI
+><LI
+><P
+>The first three alphanumeric characters of the final 
+			extension are preserved, forced to upper case and appear as the 
+			extension of the mangled name. The final extension is defined as that 
+			part of the original filename after the rightmost dot. If there are no 
+			dots in the filename, the mangled name will have no extension (except 
+			in the case of "hidden files" - see below).</P
+></LI
+><LI
+><P
+>Files whose UNIX name begins with a dot will be 
+			presented as DOS hidden files. The mangled name will be created as 
+			for other filenames, but with the leading dot removed and "___" as 
+			its extension regardless of actual original extension (that's three 
+			underscores).</P
+></LI
+></UL
+><P
+>The name mangling (if enabled) allows a file to be 
+		copied between UNIX directories from Windows/DOS while retaining 
+		the long UNIX filename. UNIX files can be renamed to a new extension 
+		from Windows/DOS and will retain the same basename. Mangled names 
+		do not change between sessions.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangled names = yes</B
+></P
+></DD
+><DT
+><A
+NAME="MANGLEDSTACK"
+></A
+>mangled stack (G)</DT
+><DD
+><P
+>This parameter controls the number of mangled names 
+		that should be cached in the Samba server <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		smbd(8)</A
+>.</P
+><P
+>This stack is a list of recently mangled base names 
+		(extensions are only maintained if they are longer than 3 characters 
+		or contains upper case characters).</P
+><P
+>The larger this value, the more likely it is that mangled 
+		names can be successfully converted to correct long UNIX names. 
+		However, large stack sizes will slow most directory accesses. Smaller 
+		stacks save memory in the server (each stack element costs 256 bytes).
+		</P
+><P
+>It is not possible to absolutely guarantee correct long 
+		filenames, so be prepared for some surprises!</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangled stack = 50</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>mangled stack = 100</B
+></P
+></DD
+><DT
+><A
+NAME="MANGLINGCHAR"
+></A
+>mangling char (S)</DT
+><DD
+><P
+>This controls what character is used as 
+		the <EM
+>magic</EM
+> character in <A
+HREF="#AEN203"
+>name mangling</A
+>. The default is a '~'
+		but this may interfere with some software. Use this option to set 
+		it to whatever you prefer.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangling char = ~</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>mangling char = ^</B
+></P
+></DD
+><DT
+><A
+NAME="MANGLINGMETHOD"
+></A
+>mangling mathod(G)</DT
+><DD
+><P
+> controls the algorithm used for the generating
+                the mangled names. Can take two different values, "hash" and
+                "hash2". "hash" is  the default and is the algorithm that has been
+                used in Samba for many years. "hash2" is a newer and considered
+                a better algorithm (generates less collisions) in the names.
+                However, many Win32 applications store the mangled names and so
+		changing to the new algorithm must not be done
+                lightly as these applications may break unless reinstalled.
+                New installations of Samba may set the default to hash2.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangling method = hash</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>mangling method = hash2</B
+></P
+></DD
+><DT
+><A
+NAME="MAPARCHIVE"
+></A
+>map archive (S)</DT
+><DD
+><P
+>This controls whether the DOS archive attribute 
+		should be mapped to the UNIX owner execute bit.  The DOS archive bit 
+		is set when a file has been modified since its last backup.  One 
+		motivation for this option it to keep Samba/your PC from making 
+		any file it touches from becoming executable under UNIX.  This can 
+		be quite annoying for shared source code, documents, etc...</P
+><P
+>Note that this requires the <TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+>
+		parameter to be set such that owner execute bit is not masked out 
+		(i.e. it must include 100). See the parameter <A
+HREF="#CREATEMASK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></A
+> for details.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>map archive = yes</B
+></P
+></DD
+><DT
+><A
+NAME="MAPHIDDEN"
+></A
+>map hidden (S)</DT
+><DD
+><P
+>This controls whether DOS style hidden files 
+		should be mapped to the UNIX world execute bit.</P
+><P
+>Note that this requires the <TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+> 
+		to be set such that the world execute bit is not masked out (i.e. 
+		it must include 001). See the parameter <A
+HREF="#CREATEMASK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></A
+> for details.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>map hidden = no</B
+></P
+></DD
+><DT
+><A
+NAME="MAPSYSTEM"
+></A
+>map system (S)</DT
+><DD
+><P
+>This controls whether DOS style system files 
+		should be mapped to the UNIX group execute bit.</P
+><P
+>Note that this requires the <TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+> 
+		to be set such that the group execute bit is not masked out (i.e. 
+		it must include 010). See the parameter <A
+HREF="#CREATEMASK"
+>		<TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></A
+> for details.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>map system = no</B
+></P
+></DD
+><DT
+><A
+NAME="MAPTOGUEST"
+></A
+>map to guest (G)</DT
+><DD
+><P
+>This parameter is only useful in <A
+HREF="#SECURITY"
+>		security</A
+> modes other than <TT
+CLASS="PARAMETER"
+><I
+>security = share</I
+></TT
+> 
+		- i.e. <TT
+CLASS="CONSTANT"
+>user</TT
+>, <TT
+CLASS="CONSTANT"
+>server</TT
+>, 
+		and <TT
+CLASS="CONSTANT"
+>domain</TT
+>.</P
+><P
+>This parameter can take three different values, which tell
+		<A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> what to do with user 
+		login requests that don't match a valid UNIX user in some way.</P
+><P
+>The three settings are :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>Never</TT
+> - Means user login 
+			requests with an invalid password are rejected. This is the 
+			default.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>Bad User</TT
+> - Means user
+			logins with an invalid password are rejected, unless the username 
+			does not exist, in which case it is treated as a guest login and 
+			mapped into the <A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>			guest account</I
+></TT
+></A
+>.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>Bad Password</TT
+> - Means user logins 
+			with an invalid password are treated as a guest login and mapped 
+			into the <A
+HREF="#GUESTACCOUNT"
+>guest account</A
+>. Note that 
+			this can cause problems as it means that any user incorrectly typing 
+			their password will be silently logged on as "guest" - and 
+			will not know the reason they cannot access files they think
+			they should - there will have been no message given to them
+			that they got their password wrong. Helpdesk services will
+			<EM
+>hate</EM
+> you if you set the <TT
+CLASS="PARAMETER"
+><I
+>map to 
+			guest</I
+></TT
+> parameter this way :-).</P
+></LI
+></UL
+><P
+>Note that this parameter is needed to set up "Guest" 
+		share services when using <TT
+CLASS="PARAMETER"
+><I
+>security</I
+></TT
+> modes other than 
+		share. This is because in these modes the name of the resource being
+		requested is <EM
+>not</EM
+> sent to the server until after 
+		the server has successfully authenticated the client so the server 
+		cannot make authentication decisions at the correct time (connection 
+		to the share) for "Guest" shares.</P
+><P
+>For people familiar with the older Samba releases, this 
+		parameter maps to the old compile-time setting of the <TT
+CLASS="CONSTANT"
+>		GUEST_SESSSETUP</TT
+> value in local.h.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>map to guest = Never</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>map to guest = Bad User</B
+></P
+></DD
+><DT
+><A
+NAME="MAXCONNECTIONS"
+></A
+>max connections (S)</DT
+><DD
+><P
+>This option allows the number of simultaneous 
+		connections to a service to be limited. If <TT
+CLASS="PARAMETER"
+><I
+>max connections
+		</I
+></TT
+> is greater than 0 then connections will be refused if 
+		this number of connections to the service are already open. A value 
+		of zero mean an unlimited number of connections may be made.</P
+><P
+>Record lock files are used to implement this feature. The 
+		lock files will be stored in the directory specified by the <A
+HREF="#LOCKDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>lock directory</I
+></TT
+></A
+> 
+		option.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max connections = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max connections = 10</B
+></P
+></DD
+><DT
+><A
+NAME="MAXDISKSIZE"
+></A
+>max disk size (G)</DT
+><DD
+><P
+>This option allows you to put an upper limit 
+		on the apparent size of disks. If you set this option to 100 
+		then all shares will appear to be not larger than 100 MB in 
+		size.</P
+><P
+>Note that this option does not limit the amount of 
+		data you can put on the disk. In the above case you could still 
+		store much more than 100 MB on the disk, but if a client ever asks 
+		for the amount of free disk space or the total disk size then the 
+		result will be bounded by the amount specified in <TT
+CLASS="PARAMETER"
+><I
+>max 
+		disk size</I
+></TT
+>.</P
+><P
+>This option is primarily useful to work around bugs 
+		in some pieces of software that can't handle very large disks, 
+		particularly disks over 1GB in size.</P
+><P
+>A <TT
+CLASS="PARAMETER"
+><I
+>max disk size</I
+></TT
+> of 0 means no limit.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max disk size = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max disk size = 1000</B
+></P
+></DD
+><DT
+><A
+NAME="MAXLOGSIZE"
+></A
+>max log size (G)</DT
+><DD
+><P
+>This option (an integer in kilobytes) specifies 
+		the max size the log file should grow to. Samba periodically checks 
+		the size and if it is exceeded it will rename the file, adding 
+		a <TT
+CLASS="FILENAME"
+>.old</TT
+> extension.</P
+><P
+>A size of 0 means no limit.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max log size = 5000</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max log size = 1000</B
+></P
+></DD
+><DT
+><A
+NAME="MAXMUX"
+></A
+>max mux (G)</DT
+><DD
+><P
+>This option controls the maximum number of 
+		outstanding simultaneous SMB operations that Samba tells the client 
+		it will allow. You should never need to set this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max mux = 50</B
+></P
+></DD
+><DT
+><A
+NAME="MAXOPENFILES"
+></A
+>max open files (G)</DT
+><DD
+><P
+>This parameter limits the maximum number of 
+		open files that one <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> file 
+		serving process may have open for a client at any one time. The 
+		default for this parameter is set very high (10,000) as Samba uses 
+		only one bit per unopened file.</P
+><P
+>The limit of the number of open files is usually set 
+		by the UNIX per-process file descriptor limit rather than 
+		this parameter so you should never need to touch this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max open files = 10000</B
+></P
+></DD
+><DT
+><A
+NAME="MAXPRINTJOBS"
+></A
+>max print jobs (S)</DT
+><DD
+><P
+>This parameter limits the maximum number of 
+		jobs allowable in a Samba printer queue at any given moment.
+		If this number is exceeded, <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>		smbd(8)</B
+></A
+> will remote "Out of Space" to the client.
+		See all <A
+HREF="#TOTALPRINTJOBS"
+><TT
+CLASS="PARAMETER"
+><I
+>total
+		print jobs</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max print jobs = 1000</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max print jobs = 5000</B
+></P
+></DD
+><DT
+><A
+NAME="MAXPROTOCOL"
+></A
+>max protocol (G)</DT
+><DD
+><P
+>The value of the parameter (a string) is the highest 
+		protocol level that will be supported by the server.</P
+><P
+>Possible values are :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>CORE</TT
+>: Earliest version. No 
+			concept of user names.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>COREPLUS</TT
+>: Slight improvements on 
+			CORE for efficiency.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>LANMAN1</TT
+>: First <EM
+>			modern</EM
+> version of the protocol. Long filename
+			support.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>LANMAN2</TT
+>: Updates to Lanman1 protocol.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>NT1</TT
+>: Current up to date version of 
+			the protocol. Used by Windows NT. Known as CIFS.</P
+></LI
+></UL
+><P
+>Normally this option should not be set as the automatic 
+		negotiation phase in the SMB protocol takes care of choosing 
+		the appropriate protocol.</P
+><P
+>See also <A
+HREF="#MINPROTOCOL"
+><TT
+CLASS="PARAMETER"
+><I
+>min
+		protocol</I
+></TT
+></A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max protocol = NT1</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max protocol = LANMAN1</B
+></P
+></DD
+><DT
+><A
+NAME="MAXSMBDPROCESSES"
+></A
+>max smbd processes (G)</DT
+><DD
+><P
+>This parameter limits the maximum number of 
+		<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>
+		processes concurrently running on a system and is intended
+		as a stopgap to prevent degrading service to clients in the event
+		that the server has insufficient resources to handle more than this
+		number of connections.  Remember that under normal operating
+		conditions, each user will have an <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> associated with him or her
+		to handle connections to all shares from a given host.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max smbd processes = 0</B
+>   ## no limit</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max smbd processes = 1000</B
+></P
+></DD
+><DT
+><A
+NAME="MAXTTL"
+></A
+>max ttl (G)</DT
+><DD
+><P
+>This option tells <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+>
+		what the default 'time to live' of NetBIOS names should be (in seconds) 
+		when <B
+CLASS="COMMAND"
+>nmbd</B
+> is requesting a name using either a
+		broadcast packet or from a WINS server. You should never need to
+		change this parameter. The default is 3 days.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max ttl = 259200</B
+></P
+></DD
+><DT
+><A
+NAME="MAXWINSTTL"
+></A
+>max wins ttl (G)</DT
+><DD
+><P
+>This option tells <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)
+		</A
+> when acting as a WINS server (<A
+HREF="#WINSSUPPORT"
+>		<TT
+CLASS="PARAMETER"
+><I
+>wins support = yes</I
+></TT
+></A
+>) what the maximum
+		'time to live' of NetBIOS names that <B
+CLASS="COMMAND"
+>nmbd</B
+> 
+		will grant will be (in seconds). You should never need to change this
+		parameter.  The default is 6 days (518400 seconds).</P
+><P
+>See also the <A
+HREF="#MINWINSTTL"
+><TT
+CLASS="PARAMETER"
+><I
+>min 
+		wins ttl</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max wins ttl = 518400</B
+></P
+></DD
+><DT
+><A
+NAME="MAXXMIT"
+></A
+>max xmit (G)</DT
+><DD
+><P
+>This option controls the maximum packet size 
+		that will be negotiated by Samba. The default in Samba 2.2.6 is
+		now 16644 (changed from 65535 in earlier releases) which matches
+		Windows 2000. This allows better performance with Windows NT clients.
+		The maximum is 65535. In some cases you may find you get better performance 
+		with a smaller value. A value below 2048 is likely to cause problems.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>max xmit = 16644</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>max xmit = 8192</B
+></P
+></DD
+><DT
+><A
+NAME="MESSAGECOMMAND"
+></A
+>message command (G)</DT
+><DD
+><P
+>This specifies what command to run when the 
+		server receives a WinPopup style message.</P
+><P
+>This would normally be a command that would 
+		deliver the message somehow. How this is to be done is 
+		up to your imagination.</P
+><P
+>An example is:</P
+><P
+><B
+CLASS="COMMAND"
+>message command = csh -c 'xedit %s;rm %s' &#38;</B
+>
+		</P
+><P
+>This delivers the message using <B
+CLASS="COMMAND"
+>xedit</B
+>, then 
+		removes it afterwards. <EM
+>NOTE THAT IT IS VERY IMPORTANT 
+		THAT THIS COMMAND RETURN IMMEDIATELY</EM
+>. That's why I 
+		have the '&#38;' on the end. If it doesn't return immediately then 
+		your PCs may freeze when sending messages (they should recover 
+		after 30 seconds, hopefully).</P
+><P
+>All messages are delivered as the global guest user. 
+		The command takes the standard substitutions, although <TT
+CLASS="PARAMETER"
+><I
+>		%u</I
+></TT
+> won't work (<TT
+CLASS="PARAMETER"
+><I
+>%U</I
+></TT
+> may be better 
+		in this case).</P
+><P
+>Apart from the standard substitutions, some additional 
+		ones apply. In particular:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>%s</I
+></TT
+> = the filename containing 
+			the message.</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>%t</I
+></TT
+> = the destination that 
+			the message was sent to (probably the server name).</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>%f</I
+></TT
+> = who the message 
+			is from.</P
+></LI
+></UL
+><P
+>You could make this command send mail, or whatever else 
+		takes your fancy. Please let us know of any really interesting 
+		ideas you have.</P
+><P
+>Here's a way of sending the messages as mail to root:</P
+><P
+><B
+CLASS="COMMAND"
+>message command = /bin/mail -s 'message from %f on 
+		%m' root &#60; %s; rm %s</B
+></P
+><P
+>If you don't have a message command then the message 
+		won't be delivered and Samba will tell the sender there was 
+		an error. Unfortunately WfWg totally ignores the error code 
+		and carries on regardless, saying that the message was delivered.
+		</P
+><P
+>If you want to silently delete it then try:</P
+><P
+><B
+CLASS="COMMAND"
+>message command = rm %s</B
+></P
+><P
+>Default: <EM
+>no message command</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>message command = csh -c 'xedit %s;
+		rm %s' &#38;</B
+></P
+></DD
+><DT
+><A
+NAME="MINPASSWDLENGTH"
+></A
+>min passwd length (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#MINPASSWORDLENGTH"
+>		<TT
+CLASS="PARAMETER"
+><I
+>min password length</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="MINPASSWORDLENGTH"
+></A
+>min password length (G)</DT
+><DD
+><P
+>This option sets the minimum length in characters 
+		of a plaintext password that <B
+CLASS="COMMAND"
+>smbd</B
+> will accept when performing 
+		UNIX password changing.</P
+><P
+>See also <A
+HREF="#UNIXPASSWORDSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>unix 
+		password sync</I
+></TT
+></A
+>, <A
+HREF="#PASSWDPROGRAM"
+>		<TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+></A
+> and <A
+HREF="#PASSWDCHATDEBUG"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd chat debug</I
+></TT
+>
+		</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>min password length = 5</B
+></P
+></DD
+><DT
+><A
+NAME="MINPRINTSPACE"
+></A
+>min print space (S)</DT
+><DD
+><P
+>This sets the minimum amount of free disk 
+		space that must be available before a user will be able to spool 
+		a print job. It is specified in kilobytes. The default is 0, which 
+		means a user can always spool a print job.</P
+><P
+>See also the <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>min print space = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>min print space = 2000</B
+></P
+></DD
+><DT
+><A
+NAME="MINPROTOCOL"
+></A
+>min protocol (G)</DT
+><DD
+><P
+>The value of the parameter (a string) is the 
+		lowest SMB protocol dialect than Samba will support.  Please refer
+		to the <A
+HREF="#MAXPROTOCOL"
+><TT
+CLASS="PARAMETER"
+><I
+>max protocol</I
+></TT
+></A
+>
+		parameter for a list of valid protocol names and a brief description
+		of each.  You may also wish to refer to the C source code in
+		<TT
+CLASS="FILENAME"
+>source/smbd/negprot.c</TT
+> for a listing of known protocol
+		dialects supported by clients.</P
+><P
+>If you are viewing this parameter as a security measure, you should
+		also refer to the <A
+HREF="#LANMANAUTH"
+><TT
+CLASS="PARAMETER"
+><I
+>lanman 
+		auth</I
+></TT
+></A
+> parameter.  Otherwise, you should never need 
+		to change this parameter.</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>min protocol = CORE</B
+></P
+><P
+>Example : <B
+CLASS="COMMAND"
+>min protocol = NT1</B
+>  # disable DOS 
+		clients</P
+></DD
+><DT
+><A
+NAME="MINWINSTTL"
+></A
+>min wins ttl (G)</DT
+><DD
+><P
+>This option tells <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+>
+		when acting as a WINS server (<A
+HREF="#WINSSUPPORT"
+><TT
+CLASS="PARAMETER"
+><I
+>		wins support = yes</I
+></TT
+></A
+>) what the minimum 'time to live' 
+		of NetBIOS names that <B
+CLASS="COMMAND"
+>nmbd</B
+> will grant will be (in 
+		seconds). You should never need to change this parameter.  The default 
+		is 6 hours (21600 seconds).</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>min wins ttl = 21600</B
+></P
+></DD
+><DT
+><A
+NAME="MSDFSROOT"
+></A
+>msdfs root (S)</DT
+><DD
+><P
+>This boolean parameter is only available if 
+		Samba is configured  and  compiled with the <B
+CLASS="COMMAND"
+>		--with-msdfs</B
+> option.  If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, 
+		Samba treats the share as a Dfs root and  allows clients to browse 
+		the distributed file system tree rooted at the share directory. 
+		Dfs links are specified  in  the share directory by symbolic 
+		links of the form <TT
+CLASS="FILENAME"
+>msdfs:serverA\shareA,serverB\shareB
+		</TT
+> and so on.  For more information on setting up a Dfs tree 
+		on Samba,  refer to <A
+HREF="msdfs_setup.html"
+TARGET="_top"
+>msdfs_setup.html
+		</A
+>.</P
+><P
+>See also <A
+HREF="#HOSTMSDFS"
+><TT
+CLASS="PARAMETER"
+><I
+>host msdfs
+		</I
+></TT
+></A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>msdfs root = no</B
+></P
+></DD
+><DT
+><A
+NAME="NAMERESOLVEORDER"
+></A
+>name resolve order (G)</DT
+><DD
+><P
+>This option is used by the programs in the Samba 
+		suite to determine what naming services to use and in what order 
+		to resolve host names to IP addresses. The option takes a space 
+		separated string of name resolution options.</P
+><P
+>The options are :"lmhosts", "host", "wins" and "bcast". They 
+		cause names to be resolved as follows :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmhosts</TT
+> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <A
+HREF="lmhosts.5.html"
+TARGET="_top"
+>lmhosts(5)</A
+> for details) then
+			any name type matches for lookup.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>host</TT
+> : Do a standard host 
+			name to IP address resolution, using the system <TT
+CLASS="FILENAME"
+>/etc/hosts
+			</TT
+>, NIS, or DNS lookups. This method of name resolution 
+			is operating system depended for instance on IRIX or Solaris this 
+			may be controlled by the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> 
+			file.  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>wins</TT
+> : Query a name with 
+			the IP address listed in the <A
+HREF="#WINSSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>			wins server</I
+></TT
+></A
+> parameter.  If no WINS server has
+			been specified this method will be ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>bcast</TT
+> : Do a broadcast on 
+			each of the known local interfaces listed in the <A
+HREF="#INTERFACES"
+><TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+></A
+> 
+			parameter. This is the least reliable of the name resolution 
+			methods as it depends on the target host being on a locally 
+			connected subnet.</P
+></LI
+></UL
+><P
+>Default: <B
+CLASS="COMMAND"
+>name resolve order = lmhosts host wins bcast
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>name resolve order = lmhosts bcast host
+		</B
+></P
+><P
+>This will cause the local lmhosts file to be examined 
+		first, followed by a broadcast attempt, followed by a normal 
+		system hostname lookup.</P
+></DD
+><DT
+><A
+NAME="NETBIOSALIASES"
+></A
+>netbios aliases (G)</DT
+><DD
+><P
+>This is a list of NetBIOS names that <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> will advertise as additional 
+		names by which the Samba server is known. This allows one machine 
+		to appear in browse lists under multiple names. If a machine is 
+		acting as a browse server or logon server none 
+		of these names will be advertised as either browse server or logon 
+		servers, only the primary name of the machine will be advertised 
+		with these capabilities.</P
+><P
+>See also <A
+HREF="#NETBIOSNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>netbios 
+		name</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>empty string (no additional names)</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>netbios aliases = TEST TEST1 TEST2</B
+></P
+></DD
+><DT
+><A
+NAME="NETBIOSNAME"
+></A
+>netbios name (G)</DT
+><DD
+><P
+>This sets the NetBIOS name by which a Samba 
+		server is known. By default it is the same as the first component 
+		of the host's DNS name. If a machine is a browse server or
+		logon server this name (or the first component
+		of the hosts DNS name) will be the name that these services are
+		advertised under.</P
+><P
+>See also <A
+HREF="#NETBIOSALIASES"
+><TT
+CLASS="PARAMETER"
+><I
+>netbios 
+		aliases</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>machine DNS name</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>netbios name = MYNAME</B
+></P
+></DD
+><DT
+><A
+NAME="NETBIOSSCOPE"
+></A
+>netbios scope (G)</DT
+><DD
+><P
+>This sets the NetBIOS scope that Samba will 
+		operate under. This should not be set unless every machine 
+		on your LAN also sets this value.</P
+></DD
+><DT
+><A
+NAME="NISHOMEDIR"
+></A
+>nis homedir (G)</DT
+><DD
+><P
+>Get the home share server from a NIS map. For 
+		UNIX systems that use an automounter, the user's home directory 
+		will often be mounted on a workstation on demand from a remote 
+		server. </P
+><P
+>When the Samba logon server is not the actual home directory 
+		server, but is mounting the home directories via NFS then two 
+		network hops would be required to access the users home directory 
+		if the logon server told the client to use itself as the SMB server 
+	 	for home directories (one over SMB and one over NFS). This can 
+		be very slow.</P
+><P
+>This option allows Samba to return the home share as 
+		being on a different server to the logon server and as 
+		long as a Samba daemon is running on the home directory server, 
+		it will be mounted on the Samba client directly from the directory 
+		server. When Samba is returning the home share to the client, it 
+		will consult the NIS map specified in <A
+HREF="#HOMEDIRMAP"
+>		<TT
+CLASS="PARAMETER"
+><I
+>homedir map</I
+></TT
+></A
+> and return the server 
+		listed there.</P
+><P
+>Note that for this option to work there must be a working 
+		NIS system and the Samba server with this option must also 
+		be a logon server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>nis homedir = no</B
+></P
+></DD
+><DT
+><A
+NAME="NTACLSUPPORT"
+></A
+>nt acl support (S)</DT
+><DD
+><P
+>This boolean parameter controls whether 
+		<A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will attempt to map 
+		UNIX permissions into Windows NT access control lists.
+		This parameter was formally a global parameter in releases
+		prior to 2.2.2.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>nt acl support = yes</B
+></P
+></DD
+><DT
+><A
+NAME="NTPIPESUPPORT"
+></A
+>nt pipe support (G)</DT
+><DD
+><P
+>This boolean parameter controls whether 
+		<A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will allow Windows NT 
+		clients to connect to the NT SMB specific <TT
+CLASS="CONSTANT"
+>IPC$</TT
+> 
+		pipes. This is a developer debugging option and can be left
+		alone.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>nt pipe support = yes</B
+></P
+></DD
+><DT
+><A
+NAME="NTSMBSUPPORT"
+></A
+>nt smb support (G)</DT
+><DD
+><P
+>This boolean parameter controls whether <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will negotiate NT specific SMB
+		support with Windows NT/2k/XP clients. Although this is a developer
+		debugging option and should be left alone, benchmarking has discovered
+		that Windows NT clients give faster performance with this option
+		set to <TT
+CLASS="CONSTANT"
+>no</TT
+>. This is still being investigated.
+	 	If this option is set to <TT
+CLASS="CONSTANT"
+>no</TT
+> then Samba offers
+		exactly the same SMB calls that versions prior to Samba 2.0 offered.
+		This information may be of use if any users are having problems
+		with NT SMB support.</P
+><P
+>You should not need to ever disable this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>nt smb support = yes</B
+></P
+></DD
+><DT
+><A
+NAME="NTSTATUSSUPPORT"
+></A
+>nt status support (G)</DT
+><DD
+><P
+>This boolean parameter controls whether <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will negotiate NT specific status
+		support with Windows NT/2k/XP clients. This is a developer
+		debugging option and should be left alone.
+	 	If this option is set to <TT
+CLASS="CONSTANT"
+>no</TT
+> then Samba offers
+		exactly the same DOS error codes that versions prior to Samba 2.2.3
+		reported.</P
+><P
+>You should not need to ever disable this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>nt status support = yes</B
+></P
+></DD
+><DT
+><A
+NAME="NULLPASSWORDS"
+></A
+>null passwords (G)</DT
+><DD
+><P
+>Allow or disallow client access to accounts 
+		that have null passwords. </P
+><P
+>See also <A
+HREF="smbpasswd.5.html"
+TARGET="_top"
+>smbpasswd (5)</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>null passwords = no</B
+></P
+></DD
+><DT
+><A
+NAME="OBEYPAMRESTRICTIONS"
+></A
+>obey pam restrictions (G)</DT
+><DD
+><P
+>When Samba 2.2 is configured to enable PAM support
+		(i.e. --with-pam), this parameter will control whether or not Samba
+		should obey PAM's account and session management directives.  The 
+		default behavior is to use PAM for clear text authentication only
+		and to ignore any account or session management.  Note that Samba
+		always ignores PAM for authentication in the case of <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypt passwords = yes</I
+></TT
+>
+		</A
+>.  The reason is that PAM modules cannot support the challenge/response
+		authentication mechanism needed in the presence of SMB password encryption.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>obey pam restrictions = no</B
+></P
+></DD
+><DT
+><A
+NAME="ONLYUSER"
+></A
+>only user (S)</DT
+><DD
+><P
+>This is a boolean option that controls whether 
+		connections with usernames not in the <TT
+CLASS="PARAMETER"
+><I
+>user</I
+></TT
+> 
+		list will be allowed. By default this option is disabled so that a 
+		client can supply a username to be used by the server.  Enabling
+		this parameter will force the server to only use the login 
+		names from the <TT
+CLASS="PARAMETER"
+><I
+>user</I
+></TT
+> list and is only really
+		useful in <A
+HREF="#SECURITYEQUALSSHARE"
+>share level</A
+>
+		security.</P
+><P
+>Note that this also means Samba won't try to deduce 
+		usernames from the service name. This can be annoying for 
+		the [homes] section. To get around this you could use <B
+CLASS="COMMAND"
+>user =
+		%S</B
+> which means your <TT
+CLASS="PARAMETER"
+><I
+>user</I
+></TT
+> list
+		will be just the service name, which for home directories is the 
+		name of the user.</P
+><P
+>See also the <A
+HREF="#USER"
+><TT
+CLASS="PARAMETER"
+><I
+>user</I
+></TT
+>
+		</A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>only user = no</B
+></P
+></DD
+><DT
+><A
+NAME="ONLYGUEST"
+></A
+>only guest (S)</DT
+><DD
+><P
+>A synonym for <A
+HREF="#GUESTONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>		guest only</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="OPLOCKBREAKWAITTIME"
+></A
+>oplock break wait time (G)</DT
+><DD
+><P
+>This is a tuning parameter added due to bugs in 
+		both Windows 9x and WinNT. If Samba responds to a client too 
+		quickly when that client issues an SMB that can cause an oplock 
+		break request, then the network client can fail and not respond 
+		to the break request. This tuning parameter (which is set in milliseconds) 
+		is the amount of time Samba will wait before sending an oplock break 
+		request to such (broken) clients.</P
+><P
+><EM
+>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>oplock break wait time = 0</B
+></P
+></DD
+><DT
+><A
+NAME="OPLOCKCONTENTIONLIMIT"
+></A
+>oplock contention limit (S)</DT
+><DD
+><P
+>This is a <EM
+>very</EM
+> advanced 
+		<A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> tuning option to 
+		improve the efficiency of the granting of oplocks under multiple 
+		client contention for the same file.</P
+><P
+>In brief it specifies a number, which causes <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> not to 
+		grant an oplock even when requested if the approximate number of 
+		clients contending for an oplock on the same file goes over this 
+		limit. This causes <B
+CLASS="COMMAND"
+>smbd</B
+> to behave in a similar 
+		way to Windows NT.</P
+><P
+><EM
+>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>oplock contention limit = 2</B
+></P
+></DD
+><DT
+><A
+NAME="OPLOCKS"
+></A
+>oplocks (S)</DT
+><DD
+><P
+>This boolean option tells <B
+CLASS="COMMAND"
+>smbd</B
+> whether to 
+		issue oplocks (opportunistic locks) to file open requests on this 
+		share. The oplock code can dramatically (approx. 30% or more) improve 
+	 	the speed of access to files on Samba servers. It allows the clients 
+		to aggressively cache files locally and you may want to disable this 
+		option for unreliable network environments (it is turned on by 
+		default in Windows NT Servers).  For more information see the file 
+		<TT
+CLASS="FILENAME"
+>Speed.txt</TT
+> in the Samba <TT
+CLASS="FILENAME"
+>docs/</TT
+> 
+		directory.</P
+><P
+>Oplocks may be selectively turned off on certain files with a 
+		share. See the <A
+HREF="#VETOOPLOCKFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>		veto oplock files</I
+></TT
+></A
+> parameter. On some systems 
+		oplocks are recognized by the underlying operating system. This 
+		allows data synchronization between all access to oplocked files, 
+		whether it be via Samba or NFS or a local UNIX process. See the 
+		<TT
+CLASS="PARAMETER"
+><I
+>kernel oplocks</I
+></TT
+> parameter for details.</P
+><P
+>See also the <A
+HREF="#KERNELOPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>kernel 
+		oplocks</I
+></TT
+></A
+> and <A
+HREF="#LEVEL2OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>		level2 oplocks</I
+></TT
+></A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>oplocks = yes</B
+></P
+></DD
+><DT
+><A
+NAME="OSLEVEL"
+></A
+>os level (G)</DT
+><DD
+><P
+>This integer value controls what level Samba 
+		advertises itself as for browse elections. The value of this 
+		parameter determines whether <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> 
+		has a chance of becoming a local master browser for the <TT
+CLASS="PARAMETER"
+><I
+>		WORKGROUP</I
+></TT
+> in the local broadcast area.</P
+><P
+><EM
+>Note :</EM
+>By default, Samba will win 
+		a local master browsing election over all Microsoft operating 
+		systems except a Windows NT 4.0/2000 Domain Controller.  This 
+		means that a misconfigured Samba host can effectively isolate 
+		a subnet for browsing purposes.  See <TT
+CLASS="FILENAME"
+>BROWSING.txt
+		</TT
+> in the Samba <TT
+CLASS="FILENAME"
+>docs/</TT
+> directory 
+		for details.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>os level = 20</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>os level = 65 </B
+></P
+></DD
+><DT
+><A
+NAME="OS2DRIVERMAP"
+></A
+>os2 driver map (G)</DT
+><DD
+><P
+>The parameter is used to define the absolute
+		path to a file containing a mapping of Windows NT printer driver
+		names to OS/2 printer driver names.  The format is:</P
+><P
+>&#60;nt driver name&#62; = &#60;os2 driver 
+		name&#62;.&#60;device name&#62;</P
+><P
+>For example, a valid entry using the HP LaserJet 5
+		printer driver would appear as <B
+CLASS="COMMAND"
+>HP LaserJet 5L = LASERJET.HP 
+		LaserJet 5L</B
+>.</P
+><P
+>The need for the file is due to the printer driver namespace 
+		problem described in the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 
+		Printing HOWTO</A
+>.  For more details on OS/2 clients, please 
+		refer to the <A
+HREF="OS2-Client-HOWTO.html"
+TARGET="_top"
+>OS2-Client-HOWTO
+		</A
+> containing in the Samba documentation.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>os2 driver map = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="PAMPASSWORDCHANGE"
+></A
+>pam password change (G)</DT
+><DD
+><P
+>With the addition of better PAM support in Samba 2.2, 
+  		this parameter, it is possible to use PAM's password change control 
+  		flag for Samba.  If enabled, then PAM will be used for password
+ 		changes when requested by an SMB client instead of the program listed in 
+                <A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+></A
+>. 
+                It should be possible to enable this without changing your 
+                <A
+HREF="#PASSWDCHAT"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd chat</I
+></TT
+></A
+>
+                parameter for most setups.
+  		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>pam password change = no</B
+></P
+></DD
+><DT
+><A
+NAME="PANICACTION"
+></A
+>panic action (G)</DT
+><DD
+><P
+>This is a Samba developer option that allows a 
+		system command to be called when either <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		smbd(8)</A
+> or <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> 
+		crashes. This is usually used to draw attention to the fact that 
+		a problem occurred.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>panic action = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>panic action = "/bin/sleep 90000"</B
+></P
+></DD
+><DT
+><A
+NAME="PASSWDCHAT"
+></A
+>passwd chat (G)</DT
+><DD
+><P
+>This string controls the <EM
+>"chat"</EM
+> 
+		conversation that takes places between <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> and the local password changing
+		program to change the user's password. The string describes a 
+		sequence of response-receive pairs that <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		smbd(8)</A
+> uses to determine what to send to the 
+		<A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+>
+		</A
+> and what to expect back. If the expected output is not 
+		received then the password is not changed.</P
+><P
+>This chat sequence is often quite site specific, depending 
+		on what local methods are used for password control (such as NIS 
+		etc).</P
+><P
+>Note that this parameter only is only used if the <A
+HREF="#UNIXPASSWORDSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>unix 
+		password sync</I
+></TT
+></A
+> parameter is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>. This 
+		sequence is then called <EM
+>AS ROOT</EM
+> when the SMB password 
+		in the smbpasswd file is being changed, without access to the old 
+		password cleartext. This means that root must be able to reset the user's password
+ 		without knowing the text of the previous password. In the presence of NIS/YP, 
+		this means that the <A
+HREF="#PASSWDPROGRAM"
+>passwd program</A
+> must be 
+		executed on the NIS master.
+		</P
+><P
+>The string can contain the macro <TT
+CLASS="PARAMETER"
+><I
+>%n</I
+></TT
+> which is substituted 
+		for the new password.  The chat sequence can also contain the standard 
+		macros <TT
+CLASS="CONSTANT"
+>\n</TT
+>, <TT
+CLASS="CONSTANT"
+>\r</TT
+>, <TT
+CLASS="CONSTANT"
+>		\t</TT
+> and <TT
+CLASS="CONSTANT"
+>\s</TT
+> to give line-feed, 
+		carriage-return, tab and space.  The chat sequence string can also contain 
+		a '*' which matches any sequence of characters.
+		Double quotes can be used to collect strings with spaces 
+		in them into a single string.</P
+><P
+>If the send string in any part of the chat sequence 
+		is a full stop ".",  then no string is sent. Similarly, 
+		if the expect string is a full stop then no string is expected.</P
+><P
+>If the <A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam
+ 		password change</I
+></TT
+></A
+> parameter is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, the chat pairs
+                may be matched in any order, and success is determined by the PAM result, 
+                not any particular output. The \n macro is ignored for PAM conversions.
+  		</P
+><P
+>See also <A
+HREF="#UNIXPASSWORDSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>unix password 
+		sync</I
+></TT
+></A
+>, <A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>		passwd program</I
+></TT
+></A
+> ,<A
+HREF="#PASSWDCHATDEBUG"
+>		<TT
+CLASS="PARAMETER"
+><I
+>passwd chat debug</I
+></TT
+></A
+> and <A
+HREF="#PAMPASSWORDCHANGE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>passwd chat = *new*password* %n\n 
+		*new*password* %n\n *changed*</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>passwd chat = "*Enter OLD password*" %o\n 
+		"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password 
+		changed*"</B
+></P
+></DD
+><DT
+><A
+NAME="PASSWDCHATDEBUG"
+></A
+>passwd chat debug (G)</DT
+><DD
+><P
+>This boolean specifies if the passwd chat script 
+		parameter is run in <EM
+>debug</EM
+> mode. In this mode the 
+		strings passed to and received from the passwd chat are printed 
+		in the <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> log with a 
+		<A
+HREF="#DEBUGLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>debug level</I
+></TT
+></A
+> 
+		of 100. This is a dangerous option as it will allow plaintext passwords 
+		to be seen in the <B
+CLASS="COMMAND"
+>smbd</B
+> log. It is available to help 
+		Samba admins debug their <TT
+CLASS="PARAMETER"
+><I
+>passwd chat</I
+></TT
+> scripts 
+		when calling the <TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+> and should 
+ 		be turned off after this has been done. This option has no effect if the 
+                <A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+></A
+>
+                paramter is set. This parameter is off by default.</P
+><P
+>See also <A
+HREF="#PASSWDCHAT"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd chat</I
+></TT
+>
+ 		</A
+>, <A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+>
+                </A
+>, <A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+>
+  		</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>passwd chat debug = no</B
+></P
+></DD
+><DT
+><A
+NAME="PASSWDPROGRAM"
+></A
+>passwd program (G)</DT
+><DD
+><P
+>The name of a program that can be used to set 
+		UNIX user passwords.  Any occurrences of <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+> 
+		will be replaced with the user name. The user name is checked for 
+		existence before calling the password changing program.</P
+><P
+>Also note that many passwd programs insist in <EM
+>reasonable
+		</EM
+> passwords, such as a minimum length, or the inclusion 
+		of mixed case chars and digits. This can pose a problem as some clients 
+		(such as Windows for Workgroups) uppercase the password before sending 
+		it.</P
+><P
+><EM
+>Note</EM
+> that if the <TT
+CLASS="PARAMETER"
+><I
+>unix 
+		password sync</I
+></TT
+> parameter is set to <TT
+CLASS="CONSTANT"
+>yes
+		</TT
+> then this program is called <EM
+>AS ROOT</EM
+> 
+		before the SMB password in the <A
+HREF="smbpasswd.5.html"
+TARGET="_top"
+>smbpasswd(5)
+		</A
+> file is changed. If this UNIX password change fails, then 
+		<B
+CLASS="COMMAND"
+>smbd</B
+> will fail to change the SMB password also 
+		(this is by design).</P
+><P
+>If the <TT
+CLASS="PARAMETER"
+><I
+>unix password sync</I
+></TT
+> parameter 
+		is set this parameter <EM
+>MUST USE ABSOLUTE PATHS</EM
+> 
+		for <EM
+>ALL</EM
+> programs called, and must be examined 
+		for security implications. Note that by default <TT
+CLASS="PARAMETER"
+><I
+>unix 
+		password sync</I
+></TT
+> is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>.</P
+><P
+>See also <A
+HREF="#UNIXPASSWORDSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>unix 
+		password sync</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>passwd program = /bin/passwd</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>passwd program = /sbin/npasswd %u</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="PASSWORDLEVEL"
+></A
+>password level (G)</DT
+><DD
+><P
+>Some client/server combinations have difficulty 
+		with mixed-case passwords.  One offending client is Windows for 
+		Workgroups, which for some reason forces passwords to upper 
+		case when using the LANMAN1 protocol, but leaves them alone when 
+		using COREPLUS!  Another problem child is the Windows 95/98
+		family of operating systems.  These clients upper case clear
+		text passwords even when NT LM 0.12 selected by the protocol
+		negotiation request/response.</P
+><P
+>This parameter defines the maximum number of characters 
+		that may be upper case in passwords.</P
+><P
+>For example, say the password given was "FRED". If <TT
+CLASS="PARAMETER"
+><I
+>		password level</I
+></TT
+> is set to 1, the following combinations 
+		would be tried if "FRED" failed:</P
+><P
+>"Fred", "fred", "fRed", "frEd","freD"</P
+><P
+>If <TT
+CLASS="PARAMETER"
+><I
+>password level</I
+></TT
+> was set to 2, 
+		the following combinations would also be tried: </P
+><P
+>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</P
+><P
+>And so on.</P
+><P
+>The higher value this parameter is set to the more likely 
+		it is that a mixed case password will be matched against a single 
+		case password. However, you should be aware that use of this 
+		parameter reduces security and increases the time taken to 
+ 		process a new connection.</P
+><P
+>A value of zero will cause only two attempts to be 
+		made - the password as is and the password in all-lower case.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>password level = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>password level = 4</B
+></P
+></DD
+><DT
+><A
+NAME="PASSWORDSERVER"
+></A
+>password server (G)</DT
+><DD
+><P
+>By specifying the name of another SMB server (such 
+		as a WinNT box) with this option, and using <B
+CLASS="COMMAND"
+>security = domain
+		</B
+> or <B
+CLASS="COMMAND"
+>security = server</B
+> you can get Samba 
+		to do all its username/password validation via a remote server.</P
+><P
+>This option sets the name of the password server to use. 
+		It must be a NetBIOS name, so if the machine's NetBIOS name is 
+		different from its Internet name then you may have to add its NetBIOS 
+		name to the lmhosts  file which is stored in the same directory 
+		as the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file.</P
+><P
+>The name of the password server is looked up using the 
+		parameter <A
+HREF="#NAMERESOLVEORDER"
+><TT
+CLASS="PARAMETER"
+><I
+>name 
+		resolve order</I
+></TT
+></A
+> and so may resolved
+		by any method and order described in that parameter.</P
+><P
+>The password server much be a machine capable of using 
+		the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
+		user level security mode.</P
+><P
+><EM
+>NOTE:</EM
+> Using a password server 
+		means your UNIX box (running Samba) is only as secure as your 
+		password server. <EM
+>DO NOT CHOOSE A PASSWORD SERVER THAT 
+		YOU DON'T COMPLETELY TRUST</EM
+>.</P
+><P
+>Never point a Samba server at itself for password 
+		serving. This will cause a loop and could lock up your Samba 
+		server!</P
+><P
+>The name of the password server takes the standard 
+		substitutions, but probably the only useful one is <TT
+CLASS="PARAMETER"
+><I
+>%m
+		</I
+></TT
+>, which means the Samba server will use the incoming 
+	 	client as the password server. If you use this then you better 
+		trust your clients, and you had better restrict them with hosts allow!</P
+><P
+>If the <TT
+CLASS="PARAMETER"
+><I
+>security</I
+></TT
+> parameter is set to
+		<TT
+CLASS="CONSTANT"
+>domain</TT
+>, then the list of machines in this 
+		option must be a list of Primary or Backup Domain controllers for the
+		Domain or the character '*', as the Samba server is effectively
+		in that domain, and will use cryptographically authenticated RPC calls
+		to authenticate the user logging on. The advantage of using <B
+CLASS="COMMAND"
+>		security = domain</B
+> is that if you list several hosts in the 
+		<TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> option then <B
+CLASS="COMMAND"
+>smbd
+		</B
+> will try each in turn till it finds one that responds. This 
+		is useful in case your primary server goes down.</P
+><P
+>If the <TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> option is set 
+		to the character '*', then Samba will attempt to auto-locate the 
+		Primary or Backup Domain controllers to authenticate against by 
+		doing a query for the name <TT
+CLASS="CONSTANT"
+>WORKGROUP&#60;1C&#62;</TT
+> 
+		and then contacting each server returned in the list of IP 
+		addresses from the name resolution source. </P
+><P
+>If the <TT
+CLASS="PARAMETER"
+><I
+>security</I
+></TT
+> parameter is 
+		set to <TT
+CLASS="CONSTANT"
+>server</TT
+>, then there are different
+		restrictions that <B
+CLASS="COMMAND"
+>security = domain</B
+> doesn't 
+		suffer from:</P
+><P
+></P
+><UL
+><LI
+><P
+>You may list several password servers in 
+			the <TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> parameter, however if an 
+			<B
+CLASS="COMMAND"
+>smbd</B
+> makes a connection to a password server, 
+			and then the password server fails, no more users will be able 
+			to be authenticated from this <B
+CLASS="COMMAND"
+>smbd</B
+>.  This is a 
+			restriction of the SMB/CIFS protocol when in <B
+CLASS="COMMAND"
+>security = server
+			</B
+> mode and cannot be fixed in Samba.</P
+></LI
+><LI
+><P
+>If you are using a Windows NT server as your 
+			password server then you will have to ensure that your users 
+			are able to login from the Samba server, as when in <B
+CLASS="COMMAND"
+>			security = server</B
+>  mode the network logon will appear to 
+			come from there rather than from the users workstation.</P
+></LI
+></UL
+><P
+>See also the <A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>security
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>password server = &#60;empty string&#62;</B
+>
+		</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>password server = NT-PDC, NT-BDC1, NT-BDC2
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>password server = *</B
+></P
+></DD
+><DT
+><A
+NAME="PATH"
+></A
+>path (S)</DT
+><DD
+><P
+>This parameter specifies a directory to which 
+		the user of the service is to be given access. In the case of 
+		printable services, this is where print data will spool prior to 
+		being submitted to the host for printing.</P
+><P
+>For a printable service offering guest access, the service 
+		should be readonly and the path should be world-writeable and 
+		have the sticky bit set. This is not mandatory of course, but 
+		you probably won't get the results you expect if you do 
+		otherwise.</P
+><P
+>Any occurrences of <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+> in the path 
+		will be replaced with the UNIX username that the client is using 
+		on this connection. Any occurrences of <TT
+CLASS="PARAMETER"
+><I
+>%m</I
+></TT
+> 
+		will be replaced by the NetBIOS name of the machine they are 
+		connecting from. These replacements are very useful for setting 
+		up pseudo home directories for users.</P
+><P
+>Note that this path will be based on <A
+HREF="#ROOTDIR"
+>		<TT
+CLASS="PARAMETER"
+><I
+>root dir</I
+></TT
+></A
+> if one was specified.</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>path = /home/fred</B
+></P
+></DD
+><DT
+><A
+NAME="PIDDIRECTORY"
+></A
+>pid directory (G)</DT
+><DD
+><P
+>This option specifies the directory where pid 
+		files will be placed.  </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>pid directory = ${prefix}/var/locks</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>pid directory = /var/run/</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="POSIXLOCKING"
+></A
+>posix locking (S)</DT
+><DD
+><P
+>The <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>
+		daemon maintains an database of file locks obtained by SMB clients.
+		The default behavior is to map this internal database to POSIX
+		locks.  This means that file locks obtained by SMB clients are 
+		consistent with those seen by POSIX compliant applications accessing 
+		the files via a non-SMB method (e.g. NFS or local file access).  
+		You should never need to disable this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>posix locking = yes</B
+></P
+></DD
+><DT
+><A
+NAME="POSTEXEC"
+></A
+>postexec (S)</DT
+><DD
+><P
+>This option specifies a command to be run 
+		whenever the service is disconnected. It takes the usual 
+		substitutions. The command may be run as the root on some 
+		systems.</P
+><P
+>An interesting example may be to unmount server 
+		resources:</P
+><P
+><B
+CLASS="COMMAND"
+>postexec = /etc/umount /cdrom</B
+></P
+><P
+>See also <A
+HREF="#PREEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>preexec</I
+></TT
+>
+		</A
+>.</P
+><P
+>Default: <EM
+>none (no command executed)</EM
+>
+		</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>postexec = echo \"%u disconnected from %S 
+		from %m (%I)\" &#62;&#62; /tmp/log</B
+></P
+></DD
+><DT
+><A
+NAME="POSTSCRIPT"
+></A
+>postscript (S)</DT
+><DD
+><P
+>This parameter forces a printer to interpret 
+		the print files as PostScript. This is done by adding a <TT
+CLASS="CONSTANT"
+>%!
+		</TT
+> to the start of print output.</P
+><P
+>This is most useful when you have lots of PCs that persist 
+		in putting a control-D at the start of print jobs, which then 
+		confuses your printer.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>postscript = no</B
+></P
+></DD
+><DT
+><A
+NAME="PREEXEC"
+></A
+>preexec (S)</DT
+><DD
+><P
+>This option specifies a command to be run whenever 
+		the service is connected to. It takes the usual substitutions.</P
+><P
+>An interesting example is to send the users a welcome 
+		message every time they log in. Maybe a message of the day? Here 
+		is an example:</P
+><P
+><B
+CLASS="COMMAND"
+>preexec = csh -c 'echo \"Welcome to %S!\" |
+		 /usr/local/samba/bin/smbclient -M %m -I %I' &#38; </B
+></P
+><P
+>Of course, this could get annoying after a while :-)</P
+><P
+>See also <A
+HREF="#PREEXECCLOSE"
+><TT
+CLASS="PARAMETER"
+><I
+>preexec close
+		</I
+></TT
+></A
+> and <A
+HREF="#POSTEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>postexec
+		</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>none (no command executed)</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>preexec = echo \"%u connected to %S from %m
+		(%I)\" &#62;&#62; /tmp/log</B
+></P
+></DD
+><DT
+><A
+NAME="PREEXECCLOSE"
+></A
+>preexec close (S)</DT
+><DD
+><P
+>This boolean option controls whether a non-zero 
+		return code from <A
+HREF="#PREEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>preexec
+		</I
+></TT
+></A
+> should close the service being connected to.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>preexec close = no</B
+></P
+></DD
+><DT
+><A
+NAME="PREFERREDMASTER"
+></A
+>preferred master (G)</DT
+><DD
+><P
+>This boolean parameter controls if <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> is a preferred master browser 
+		for its workgroup.</P
+><P
+>If this is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, on startup, <B
+CLASS="COMMAND"
+>nmbd</B
+> 
+		will force an election, and it will have a slight advantage in 
+		winning the election.  It is recommended that this parameter is 
+		used in conjunction with <B
+CLASS="COMMAND"
+><A
+HREF="#DOMAINMASTER"
+><TT
+CLASS="PARAMETER"
+><I
+>		domain master</I
+></TT
+></A
+> = yes</B
+>, so that <B
+CLASS="COMMAND"
+>		nmbd</B
+> can guarantee becoming a domain master.</P
+><P
+>Use this option with caution, because if there are several 
+		hosts (whether Samba servers, Windows 95 or NT) that are preferred 
+		master browsers on the same subnet, they will each periodically 
+		and continuously attempt to become the local master browser.  
+		This will result in unnecessary broadcast traffic and reduced browsing
+		capabilities.</P
+><P
+>See also <A
+HREF="#OSLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>os level</I
+></TT
+>
+		</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>preferred master = auto</B
+></P
+></DD
+><DT
+><A
+NAME="PREFEREDMASTER"
+></A
+>prefered master (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#PREFERREDMASTER"
+><TT
+CLASS="PARAMETER"
+><I
+>		preferred master</I
+></TT
+></A
+> for people who cannot spell :-).</P
+></DD
+><DT
+><A
+NAME="PRELOAD"
+></A
+>preload</DT
+><DD
+><P
+>This is a list of services that you want to be 
+		automatically added to the browse lists. This is most useful 
+		for homes and printers services that would otherwise not be 
+		visible.</P
+><P
+>Note that if you just want all printers in your 
+		printcap file loaded then the <A
+HREF="#LOADPRINTERS"
+>		<TT
+CLASS="PARAMETER"
+><I
+>load printers</I
+></TT
+></A
+> option is easier.</P
+><P
+>Default: <EM
+>no preloaded services</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>preload = fred lp colorlp</B
+></P
+></DD
+><DT
+><A
+NAME="PRESERVECASE"
+></A
+>preserve case (S)</DT
+><DD
+><P
+> This controls if new filenames are created
+		with the case that the client passes, or if they are forced to 
+		be the <A
+HREF="#DEFAULTCASE"
+><TT
+CLASS="PARAMETER"
+><I
+>default case
+		</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>preserve case = yes</B
+></P
+><P
+>See the section on <A
+HREF="#AEN203"
+>NAME 
+		MANGLING</A
+> for a fuller discussion.</P
+></DD
+><DT
+><A
+NAME="PRINTCOMMAND"
+></A
+>print command (S)</DT
+><DD
+><P
+>After a print job has finished spooling to 
+		a service, this command will be used via a <B
+CLASS="COMMAND"
+>system()</B
+> 
+		call to process the spool file. Typically the command specified will 
+		submit the spool file to the host's printing subsystem, but there 
+ 		is no requirement that this be the case. The server will not remove 
+		the spool file, so whatever command you specify should remove the 
+		spool file when it has been processed, otherwise you will need to 
+		manually remove old spool files.</P
+><P
+>The print command is simply a text string. It will be used 
+		verbatim after macro substitutions have been made:</P
+><P
+>s, %p - the path to the spool
+		file name</P
+><P
+>%p - the appropriate printer 
+		name</P
+><P
+>%J - the job 
+		name as transmitted by the client.</P
+><P
+>%c - The number of printed pages
+		of the spooled job (if known).</P
+><P
+>%z - the size of the spooled
+		print job (in bytes)</P
+><P
+>The print command <EM
+>MUST</EM
+> contain at least 
+		one occurrence of <TT
+CLASS="PARAMETER"
+><I
+>%s</I
+></TT
+> or <TT
+CLASS="PARAMETER"
+><I
+>%f
+		</I
+></TT
+> - the <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is optional. At the time 
+		a job is submitted, if no printer name is supplied the <TT
+CLASS="PARAMETER"
+><I
+>%p
+		</I
+></TT
+> will be silently removed from the printer command.</P
+><P
+>If specified in the [global] section, the print command given 
+		will be used for any printable service that does not have its own 
+		print command specified.</P
+><P
+>If there is neither a specified print command for a 
+		printable service nor a global print command, spool files will 
+		be created but not processed and (most importantly) not removed.</P
+><P
+>Note that printing may fail on some UNIXes from the 
+		<TT
+CLASS="CONSTANT"
+>nobody</TT
+> account. If this happens then create 
+		an alternative guest account that can print and set the <A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+></A
+> 
+		in the [global] section.</P
+><P
+>You can form quite complex print commands by realizing 
+		that they are just passed to a shell. For example the following 
+		will log a print job, print the file, then remove it. Note that 
+		';' is the usual separator for command in shell scripts.</P
+><P
+><B
+CLASS="COMMAND"
+>print command = echo Printing %s &#62;&#62; 
+		/tmp/print.log; lpr -P %p %s; rm %s</B
+></P
+><P
+>You may have to vary this command considerably depending 
+		on how you normally print files on your system. The default for 
+		the parameter varies depending on the setting of the <A
+HREF="#PRINTING"
+>		<TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: For <B
+CLASS="COMMAND"
+>printing = BSD, AIX, QNX, LPRNG 
+		or PLP :</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>print command = lpr -r -P%p %s</B
+></P
+><P
+>For <B
+CLASS="COMMAND"
+>printing = SYSV or HPUX :</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>print command = lp -c -d%p %s; rm %s</B
+></P
+><P
+>For <B
+CLASS="COMMAND"
+>printing = SOFTQ :</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>print command = lp -d%p -s %s; rm %s</B
+></P
+><P
+>For printing = CUPS :   If SAMBA is compiled against
+		libcups, then <A
+HREF="#PRINTING"
+>printcap = cups</A
+> 
+		uses the CUPS API to
+		submit jobs, etc.  Otherwise it maps to the System V
+		commands with the -oraw option for printing, i.e. it
+		uses <B
+CLASS="COMMAND"
+>lp -c -d%p -oraw; rm %s</B
+>.   
+		With <B
+CLASS="COMMAND"
+>printing = cups</B
+>,
+		and if SAMBA is compiled against libcups, any manually 
+		set print command will be ignored.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>print command = /usr/local/samba/bin/myprintscript
+		%p %s</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTOK"
+></A
+>print ok (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#PRINTABLE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>printable</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="PRINTABLE"
+></A
+>printable (S)</DT
+><DD
+><P
+>If this parameter is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, then 
+		clients may open, write to and submit spool files on the directory 
+		specified for the service. </P
+><P
+>Note that a printable service will ALWAYS allow writing 
+		to the service path (user privileges permitting) via the spooling 
+		of print data. The <A
+HREF="#READONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>read only
+		</I
+></TT
+></A
+> parameter controls only non-printing access to 
+		the resource.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>printable = no</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTCAP"
+></A
+>printcap (G)</DT
+><DD
+><P
+>Synonym for 	<A
+HREF="#PRINTCAPNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>		printcap name</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="PRINTCAPNAME"
+></A
+>printcap name (G)</DT
+><DD
+><P
+>This parameter may be used to override the 
+		compiled-in default printcap name used by the server (usually <TT
+CLASS="FILENAME"
+>		/etc/printcap</TT
+>). See the discussion of the <A
+HREF="#AEN79"
+>[printers]</A
+> section above for reasons 
+		why you might want to do this.</P
+><P
+>To use the CUPS printing interface set <B
+CLASS="COMMAND"
+>printcap name = cups
+		</B
+>. This should be supplemented by an addtional setting 
+		<A
+HREF="#PRINTING"
+>printing = cups</A
+> in the [global] 
+		section.  <B
+CLASS="COMMAND"
+>printcap name = cups</B
+> will use the  
+		"dummy" printcap created by CUPS, as specified in your CUPS
+		configuration file.
+		</P
+><P
+>On System V systems that use <B
+CLASS="COMMAND"
+>lpstat</B
+> to 
+		list available printers you can use <B
+CLASS="COMMAND"
+>printcap name = lpstat
+		</B
+> to automatically obtain lists of available printers. This 
+		is the default for systems that define SYSV at configure time in 
+		Samba (this includes most System V based systems). If <TT
+CLASS="PARAMETER"
+><I
+>		printcap name</I
+></TT
+> is set to <B
+CLASS="COMMAND"
+>lpstat</B
+> on 
+		these systems then Samba will launch <B
+CLASS="COMMAND"
+>lpstat -v</B
+> and 
+		attempt to parse the output to obtain a printer list.</P
+><P
+>A minimal printcap file would look something like this:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		print1|My Printer 1
+		print2|My Printer 2
+		print3|My Printer 3
+		print4|My Printer 4
+		print5|My Printer 5
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>where the '|' separates aliases of a printer. The fact 
+		that the second alias has a space in it gives a hint to Samba 
+		that it's a comment.</P
+><P
+><EM
+>NOTE</EM
+>: Under AIX the default printcap 
+		name is <TT
+CLASS="FILENAME"
+>/etc/qconfig</TT
+>. Samba will assume the 
+		file is in AIX <TT
+CLASS="FILENAME"
+>qconfig</TT
+> format if the string
+		<TT
+CLASS="FILENAME"
+>qconfig</TT
+> appears in the printcap filename.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>printcap name = /etc/printcap</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>printcap name = /etc/myprintcap</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTERADMIN"
+></A
+>printer admin (S)</DT
+><DD
+><P
+>This is a list of users that can do anything to 
+		printers via the remote administration interfaces offered by MS-RPC 
+		(usually using a NT workstation). Note that the root user always 
+		has admin rights.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>printer admin = &#60;empty string&#62;</B
+>
+		</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>printer admin = admin, @staff</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTERDRIVER"
+></A
+>printer driver (S)</DT
+><DD
+><P
+><EM
+>Note :</EM
+>This is a deprecated 
+		parameter and will be removed in the next major release
+		following version 2.2.  Please see the instructions in
+		the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 2.2. Printing
+		HOWTO</A
+> for more information
+		on the new method of loading printer drivers onto a Samba server.
+		</P
+><P
+>This option allows you to control the string 
+		that clients receive when they ask the server for the printer driver 
+		associated with a printer. If you are using Windows95 or Windows NT 
+		then you can use this to automate the setup of printers on your 
+		system.</P
+><P
+>You need to set this parameter to the exact string (case 
+		sensitive) that describes the appropriate printer driver for your 
+		system. If you don't know the exact string to use then you should 
+		first try with no <A
+HREF="#PRINTERDRIVER"
+><TT
+CLASS="PARAMETER"
+><I
+>		printer driver</I
+></TT
+></A
+> option set and the client will 
+		give you a list of printer drivers. The appropriate strings are 
+		shown in a scroll box after you have chosen the printer manufacturer.</P
+><P
+>See also <A
+HREF="#PRINTERDRIVERFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>printer
+		driver file</I
+></TT
+></A
+>.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>printer driver = HP LaserJet 4L</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTERDRIVERFILE"
+></A
+>printer driver file (G)</DT
+><DD
+><P
+><EM
+>Note :</EM
+>This is a deprecated 
+		parameter and will be removed in the next major release
+		following version 2.2.  Please see the instructions in
+		the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 2.2. Printing
+		HOWTO</A
+> for more information
+		on the new method of loading printer drivers onto a Samba server.
+		</P
+><P
+>This parameter tells Samba where the printer driver 
+		definition file, used when serving drivers to Windows 95 clients, is 
+		to be found. If this is not set, the default is :</P
+><P
+><TT
+CLASS="FILENAME"
+><TT
+CLASS="REPLACEABLE"
+><I
+>SAMBA_INSTALL_DIRECTORY</I
+></TT
+>
+		/lib/printers.def</TT
+></P
+><P
+>This file is created from Windows 95 <TT
+CLASS="FILENAME"
+>msprint.inf
+		</TT
+> files found on the Windows 95 client system. For more 
+		details on setting up serving of printer drivers to Windows 95 
+		clients, see the outdated documentation file in the <TT
+CLASS="FILENAME"
+>docs/</TT
+> 
+		directory, <TT
+CLASS="FILENAME"
+>PRINTER_DRIVER.txt</TT
+>.</P
+><P
+>See also <A
+HREF="#PRINTERDRIVERLOCATION"
+><TT
+CLASS="PARAMETER"
+><I
+>		printer driver location</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>None (set in compile).</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>printer driver file = 
+		/usr/local/samba/printers/drivers.def</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTERDRIVERLOCATION"
+></A
+>printer driver location (S)</DT
+><DD
+><P
+><EM
+>Note :</EM
+>This is a deprecated 
+		parameter and will be removed in the next major release
+		following version 2.2.  Please see the instructions in
+		the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 2.2. Printing
+		HOWTO</A
+> for more information
+		on the new method of loading printer drivers onto a Samba server.
+		</P
+><P
+>This parameter tells clients of a particular printer 
+		share where to find the printer driver files for the automatic 
+		installation of drivers for Windows 95 machines. If Samba is set up 
+		to serve printer drivers to Windows 95 machines, this should be set to</P
+><P
+><B
+CLASS="COMMAND"
+>\\MACHINE\PRINTER$</B
+></P
+><P
+>Where MACHINE is the NetBIOS name of your Samba server, 
+		and PRINTER$ is a share you set up for serving printer driver 
+		files. For more details on setting this up see the outdated documentation 
+		file in the <TT
+CLASS="FILENAME"
+>docs/</TT
+> directory, <TT
+CLASS="FILENAME"
+>		PRINTER_DRIVER.txt</TT
+>.</P
+><P
+>See also <A
+HREF="#PRINTERDRIVERFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>		printer driver file</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>none</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>printer driver location = \\MACHINE\PRINTER$
+		</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTERNAME"
+></A
+>printer name (S)</DT
+><DD
+><P
+>This parameter specifies the name of the printer 
+		to which print jobs spooled through a printable service will be sent.</P
+><P
+>If specified in the [global] section, the printer
+		name given will be used for any printable service that does 
+		not have its own printer name specified.</P
+><P
+>Default: <EM
+>none (but may be <TT
+CLASS="CONSTANT"
+>lp</TT
+> 
+		on many systems)</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>printer name = laserwriter</B
+></P
+></DD
+><DT
+><A
+NAME="PRINTER"
+></A
+>printer (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#PRINTERNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>		printer name</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="PRINTING"
+></A
+>printing (S)</DT
+><DD
+><P
+>This parameters controls how printer status 
+		information is interpreted on your system. It also affects the 
+		default values for the <TT
+CLASS="PARAMETER"
+><I
+>print command</I
+></TT
+>, 
+		<TT
+CLASS="PARAMETER"
+><I
+>lpq command</I
+></TT
+>, <TT
+CLASS="PARAMETER"
+><I
+>lppause command
+		</I
+></TT
+>, <TT
+CLASS="PARAMETER"
+><I
+>lpresume command</I
+></TT
+>, and 
+		<TT
+CLASS="PARAMETER"
+><I
+>lprm command</I
+></TT
+> if specified in the 
+		[global] section.</P
+><P
+>Currently nine printing styles are supported. They are
+		<TT
+CLASS="CONSTANT"
+>BSD</TT
+>, <TT
+CLASS="CONSTANT"
+>AIX</TT
+>, 
+		<TT
+CLASS="CONSTANT"
+>LPRNG</TT
+>, <TT
+CLASS="CONSTANT"
+>PLP</TT
+>,
+		<TT
+CLASS="CONSTANT"
+>SYSV</TT
+>, <TT
+CLASS="CONSTANT"
+>HPUX</TT
+>,
+		<TT
+CLASS="CONSTANT"
+>QNX</TT
+>, <TT
+CLASS="CONSTANT"
+>SOFTQ</TT
+>,
+		and <TT
+CLASS="CONSTANT"
+>CUPS</TT
+>.</P
+><P
+>To see what the defaults are for the other print 
+		commands when using the various options use the <A
+HREF="testparm.1.html"
+TARGET="_top"
+>testparm(1)</A
+> program.</P
+><P
+>This option can be set on a per printer basis</P
+><P
+>See also the discussion in the <A
+HREF="#AEN79"
+>		[printers]</A
+> section.</P
+></DD
+><DT
+><A
+NAME="PROFILEACLS"
+></A
+>profile acls (S)</DT
+><DD
+><P
+>		This boolean parameter was added to fix the problems that people have been
+		having with storing user profiles on Samba shares from Windows 2000 or
+		Windows XP clients. New versions of Windows 2000 or Windows XP service
+		packs do security ACL checking on the owner and ability to write of the
+		profile directory stored on a local workstation when copied from a Samba
+		share. When not in domain mode with winbindd then the security info copied
+		onto the local workstation has no meaning to the logged in user (SID) on
+		that workstation so the profile storing fails. Adding this parameter
+		onto a share used for profile storage changes two things about the
+		returned Windows ACL. Firstly it changes the owner and group owner
+		of all reported files and directories to be BUILTIN\Administrators,
+		BUILTIN\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
+		it adds an ACE entry of "Full Control" to the SID BUILTIN\Users to
+		every returned ACL. This will allow any Windows 2000 or XP workstation
+		user to access the profile. Note that if you have multiple users logging
+		on to a workstation then in order to prevent them from being able to access
+		each others profiles you must remove the "Bypass traverse checking" advanced
+		user right. This will prevent access to other users profile directories as
+		the top level profile directory (named after the user) is created by the
+		workstation profile code and has an ACL restricting entry to the directory
+		tree to the owning user.</P
+><P
+>If you didn't understand the above text, you probably should not set
+		this parameter :-).</P
+><P
+>Default <B
+CLASS="COMMAND"
+>profile acls = no</B
+></P
+></DD
+><DT
+><A
+NAME="PROTOCOL"
+></A
+>protocol (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#MAXPROTOCOL"
+>		<TT
+CLASS="PARAMETER"
+><I
+>max protocol</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="PUBLIC"
+></A
+>public (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#GUESTOK"
+><TT
+CLASS="PARAMETER"
+><I
+>guest 
+		ok</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="QUEUEPAUSECOMMAND"
+></A
+>queuepause command (S)</DT
+><DD
+><P
+>This parameter specifies the command to be 
+		executed on the server host in order to pause the printer queue.</P
+><P
+>This command should be a program or script which takes 
+		a printer name as its only parameter and stops the printer queue, 
+		such that no longer jobs are submitted to the printer.</P
+><P
+>This command is not supported by Windows for Workgroups, 
+		but can be issued from the Printers window under Windows 95 
+		and NT.</P
+><P
+>If a <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is given then the printer name 
+		is put in its place. Otherwise it is placed at the end of the command.
+		</P
+><P
+>Note that it is good practice to include the absolute 
+		path in the command as the PATH may not be available to the 
+		server.</P
+><P
+>Default: <EM
+>depends on the setting of <TT
+CLASS="PARAMETER"
+><I
+>printing
+		</I
+></TT
+></EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>queuepause command = disable %p</B
+></P
+></DD
+><DT
+><A
+NAME="QUEUERESUMECOMMAND"
+></A
+>queueresume command (S)</DT
+><DD
+><P
+>This parameter specifies the command to be 
+		executed on the server host in order to resume the printer queue. It 
+ 		is the command to undo the behavior that is caused by the 
+		previous parameter (<A
+HREF="#QUEUEPAUSECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>		queuepause command</I
+></TT
+></A
+>).</P
+><P
+>This command should be a program or script which takes 
+		a printer name as its only parameter and resumes the printer queue, 
+		such that queued jobs are resubmitted to the printer.</P
+><P
+>This command is not supported by Windows for Workgroups, 
+		but can be issued from the Printers window under Windows 95 
+		and NT.</P
+><P
+>If a <TT
+CLASS="PARAMETER"
+><I
+>%p</I
+></TT
+> is given then the printer name 
+		is put in its place. Otherwise it is placed at the end of the 
+		command.</P
+><P
+>Note that it is good practice to include the absolute 
+		path in the command as the PATH may not be available to the 
+		server.</P
+><P
+>Default: <EM
+>depends on the setting of <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+></A
+></EM
+>
+		</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>queuepause command = enable %p
+		</B
+></P
+></DD
+><DT
+><A
+NAME="READBMPX"
+></A
+>read bmpx (G)</DT
+><DD
+><P
+>This boolean parameter controls whether <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will support the "Read 
+		Block Multiplex" SMB. This is now rarely used and defaults to 
+		<TT
+CLASS="CONSTANT"
+>no</TT
+>. You should never need to set this 
+		parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>read bmpx = no</B
+></P
+></DD
+><DT
+><A
+NAME="READLIST"
+></A
+>read list (S)</DT
+><DD
+><P
+>This is a list of users that are given read-only 
+		access to a service. If the connecting user is in this list then 
+		they will not be given write access, no matter what the <A
+HREF="#READONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>read only</I
+></TT
+></A
+>
+		option is set to. The list can include group names using the 
+		syntax described in the <A
+HREF="#INVALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>		invalid users</I
+></TT
+></A
+> parameter.</P
+><P
+>See also the <A
+HREF="#WRITELIST"
+><TT
+CLASS="PARAMETER"
+><I
+>		write list</I
+></TT
+></A
+> parameter and the <A
+HREF="#INVALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>invalid users</I
+></TT
+>
+		</A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>read list = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>read list = mary, @students</B
+></P
+></DD
+><DT
+><A
+NAME="READONLY"
+></A
+>read only (S)</DT
+><DD
+><P
+>An inverted synonym is <A
+HREF="#WRITEABLE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>writeable</I
+></TT
+></A
+>.</P
+><P
+>If this parameter is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, then users 
+		of a service may not create or modify files in the service's 
+		directory.</P
+><P
+>Note that a printable service (<B
+CLASS="COMMAND"
+>printable = yes</B
+>)
+		will <EM
+>ALWAYS</EM
+> allow writing to the directory 
+		(user privileges permitting), but only via spooling operations.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>read only = yes</B
+></P
+></DD
+><DT
+><A
+NAME="READRAW"
+></A
+>read raw (G)</DT
+><DD
+><P
+>This parameter controls whether or not the server 
+		will support the raw read SMB requests when transferring data 
+		to clients.</P
+><P
+>If enabled, raw reads allow reads of 65535 bytes in 
+		one packet. This typically provides a major performance benefit.
+		</P
+><P
+>However, some clients either negotiate the allowable 
+		block size incorrectly or are incapable of supporting larger block 
+		sizes, and for these clients you may need to disable raw reads.</P
+><P
+>In general this parameter should be viewed as a system tuning 
+		tool and left severely alone. See also <A
+HREF="#WRITERAW"
+>		<TT
+CLASS="PARAMETER"
+><I
+>write raw</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>read raw = yes</B
+></P
+></DD
+><DT
+><A
+NAME="READSIZE"
+></A
+>read size (G)</DT
+><DD
+><P
+>The option <TT
+CLASS="PARAMETER"
+><I
+>read size</I
+></TT
+> 
+		affects the overlap of disk reads/writes with network reads/writes. 
+		If the amount of data being transferred in several of the SMB 
+		commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger 
+		than this value then the server begins writing the data before it 
+		has received the whole packet from the network, or in the case of 
+		SMBreadbraw, it begins writing to the network before all the data 
+		has been read from disk.</P
+><P
+>This overlapping works best when the speeds of disk and 
+		network access are similar, having very little effect when the 
+		speed of one is much greater than the other.</P
+><P
+>The default value is 16384, but very little experimentation 
+		has been done yet to determine the optimal value, and it is likely 
+		that the best value will vary greatly between systems anyway. 
+		A value over 65536 is pointless and will cause you to allocate 
+		memory unnecessarily.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>read size = 16384</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>read size = 8192</B
+></P
+></DD
+><DT
+><A
+NAME="REMOTEANNOUNCE"
+></A
+>remote announce (G)</DT
+><DD
+><P
+>This option allows you to setup <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> to periodically announce itself 
+		to arbitrary IP addresses with an arbitrary workgroup name.</P
+><P
+>This is useful if you want your Samba server to appear 
+		in a remote workgroup for which the normal browse propagation 
+		rules don't work. The remote workgroup can be anywhere that you 
+		can send IP packets to.</P
+><P
+>For example:</P
+><P
+><B
+CLASS="COMMAND"
+>remote announce = 192.168.2.255/SERVERS 
+		192.168.4.255/STAFF</B
+></P
+><P
+>the above line would cause <B
+CLASS="COMMAND"
+>nmbd</B
+> to announce itself 
+		to the two given IP addresses using the given workgroup names. 
+		If you leave out the workgroup name then the one given in 
+		the <A
+HREF="#WORKGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+></A
+> 
+		parameter is used instead.</P
+><P
+>The IP addresses you choose would normally be the broadcast 
+		addresses of the remote networks, but can also be the IP addresses 
+		of known browse masters if your network config is that stable.</P
+><P
+>See the documentation file <TT
+CLASS="FILENAME"
+>BROWSING.txt</TT
+> 
+		in the <TT
+CLASS="FILENAME"
+>docs/</TT
+> directory.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>remote announce = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="REMOTEBROWSESYNC"
+></A
+>remote browse sync (G)</DT
+><DD
+><P
+>This option allows you to setup <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> to periodically request 
+		synchronization of browse lists with the master browser of a Samba 
+		server that is on a remote segment. This option will allow you to 
+		gain browse lists for multiple workgroups across routed networks. This 
+		is done in a manner that does not work with any non-Samba servers.</P
+><P
+>This is useful if you want your Samba server and all local 
+		clients to appear in a remote workgroup for which the normal browse 
+		propagation rules don't work. The remote workgroup can be anywhere 
+		that you can send IP packets to.</P
+><P
+>For example:</P
+><P
+><B
+CLASS="COMMAND"
+>remote browse sync = 192.168.2.255 192.168.4.255
+		</B
+></P
+><P
+>the above line would cause <B
+CLASS="COMMAND"
+>nmbd</B
+> to request 
+		the master browser on the specified subnets or addresses to 
+		synchronize their browse lists with the local server.</P
+><P
+>The IP addresses you choose would normally be the broadcast 
+		addresses of the remote networks, but can also be the IP addresses 
+		of known browse masters if your network config is that stable. If 
+		a machine IP address is given Samba makes NO attempt to validate 
+		that the remote machine is available, is listening, nor that it 
+		is in fact the browse master on its segment.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>remote browse sync = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="RESTRICTANONYMOUS"
+></A
+>restrict anonymous (G)</DT
+><DD
+><P
+>This is a boolean parameter.  If it is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, then 
+		anonymous access to the server will be restricted, namely in the 
+		case where the server is expecting the client to send a username, 
+		but it doesn't.  Setting it to <TT
+CLASS="CONSTANT"
+>yes</TT
+> will force these anonymous 
+ 		connections to be denied, and the client will be required to always 
+		supply a username and password when connecting. Use of this parameter 
+		is only recommended for homogeneous NT client environments.</P
+><P
+>This parameter makes the use of macro expansions that rely
+		on the username (%U, %G, etc) consistent.  NT 4.0 
+		likes to use anonymous connections when refreshing the share list, 
+		and this is a way to work around that.</P
+><P
+>When restrict anonymous is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, all anonymous connections 
+		are denied no matter what they are for.  This can effect the ability 
+		of a machine to access the Samba Primary Domain Controller to revalidate 
+		its machine account after someone else has logged on the client 
+		interactively.  The NT client will display a message saying that 
+		the machine's account in  the domain doesn't exist or the password is 
+		bad.  The best way to deal  with this is to reboot NT client machines 
+		between interactive logons,  using "Shutdown and Restart", rather 
+		than "Close all programs and logon as a different user".</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>restrict anonymous = no</B
+></P
+></DD
+><DT
+><A
+NAME="ROOT"
+></A
+>root (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#ROOTDIRECTORY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>root directory"</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="ROOTDIR"
+></A
+>root dir (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#ROOTDIRECTORY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>root directory"</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="ROOTDIRECTORY"
+></A
+>root directory (G)</DT
+><DD
+><P
+>The server will <B
+CLASS="COMMAND"
+>chroot()</B
+> (i.e. 
+		Change its root directory) to this directory on startup. This is 
+		not strictly necessary for secure operation. Even without it the 
+		server will deny access to files not in one of the service entries. 
+		It may also check for, and deny access to, soft links to other 
+		parts of the filesystem, or attempts to use ".." in file names 
+		to access other directories (depending on the setting of the <A
+HREF="#WIDELINKS"
+><TT
+CLASS="PARAMETER"
+><I
+>wide links</I
+></TT
+></A
+> 
+		parameter).</P
+><P
+>Adding a <TT
+CLASS="PARAMETER"
+><I
+>root directory</I
+></TT
+> entry other 
+		than "/" adds an extra level of security, but at a price. It 
+		absolutely ensures that no access is given to files not in the 
+		sub-tree specified in the <TT
+CLASS="PARAMETER"
+><I
+>root directory</I
+></TT
+> 
+		option, <EM
+>including</EM
+> some files needed for 
+		complete operation of the server. To maintain full operability 
+		of the server you will need to mirror some system files 
+		into the <TT
+CLASS="PARAMETER"
+><I
+>root directory</I
+></TT
+> tree. In particular 
+		you will need to mirror <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> (or a 
+		subset of it), and any binaries or configuration files needed for 
+		printing (if required). The set of files that must be mirrored is
+		operating system dependent.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>root directory = /</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>root directory = /homes/smb</B
+></P
+></DD
+><DT
+><A
+NAME="ROOTPOSTEXEC"
+></A
+>root postexec (S)</DT
+><DD
+><P
+>This is the same as the <TT
+CLASS="PARAMETER"
+><I
+>postexec</I
+></TT
+>
+		parameter except that the command is run as root. This 
+		is useful for unmounting filesystems 
+		(such as CDROMs) after a connection is closed.</P
+><P
+>See also <A
+HREF="#POSTEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>		postexec</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>root postexec = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="ROOTPREEXEC"
+></A
+>root preexec (S)</DT
+><DD
+><P
+>This is the same as the <TT
+CLASS="PARAMETER"
+><I
+>preexec</I
+></TT
+>
+		parameter except that the command is run as root. This 
+		is useful for mounting filesystems (such as CDROMs) when a 
+		connection is opened.</P
+><P
+>See also <A
+HREF="#PREEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>		preexec</I
+></TT
+></A
+> and <A
+HREF="#PREEXECCLOSE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>preexec close</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>root preexec = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="ROOTPREEXECCLOSE"
+></A
+>root preexec close (S)</DT
+><DD
+><P
+>This is the same as the <TT
+CLASS="PARAMETER"
+><I
+>preexec close
+		</I
+></TT
+> parameter except that the command is run as root.</P
+><P
+>See also <A
+HREF="#PREEXEC"
+><TT
+CLASS="PARAMETER"
+><I
+>		preexec</I
+></TT
+></A
+> and <A
+HREF="#PREEXECCLOSE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>preexec close</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>root preexec close = no</B
+></P
+></DD
+><DT
+><A
+NAME="SECURITY"
+></A
+>security (G)</DT
+><DD
+><P
+>This option affects how clients respond to 
+		Samba and is one of the most important settings in the <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> file.</P
+><P
+>The option sets the "security mode bit" in replies to 
+		protocol negotiations with <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)
+		</A
+> to turn share level security on or off. Clients decide 
+		based on this bit whether (and how) to transfer user and password 
+		information to the server.</P
+><P
+>The default is <B
+CLASS="COMMAND"
+>security = user</B
+>, as this is
+		the most common setting needed when talking to Windows 98 and 
+		Windows NT.</P
+><P
+>The alternatives are <B
+CLASS="COMMAND"
+>security = share</B
+>,
+		<B
+CLASS="COMMAND"
+>security = server</B
+> or <B
+CLASS="COMMAND"
+>security = domain
+		</B
+>.</P
+><P
+>In versions of Samba prior to 2.0.0, the default was 
+		<B
+CLASS="COMMAND"
+>security = share</B
+> mainly because that was
+		the only option at one stage.</P
+><P
+>There is a bug in WfWg that has relevance to this 
+		setting. When in user or server level security a WfWg client 
+		will totally ignore the password you type in the "connect 
+		drive" dialog box. This makes it very difficult (if not impossible) 
+		to connect to a Samba service as anyone except the user that 
+		you are logged into WfWg as.</P
+><P
+>If your PCs use usernames that are the same as their 
+		usernames on the UNIX machine then you will want to use 
+ 		<B
+CLASS="COMMAND"
+>security = user</B
+>. If you mostly use usernames 
+		that don't exist on the UNIX box then use <B
+CLASS="COMMAND"
+>security = 
+		share</B
+>.</P
+><P
+>You should also use <B
+CLASS="COMMAND"
+>security = share</B
+> if you 
+		want to mainly setup shares without a password (guest shares). This 
+		is commonly used for a shared printer server. It is more difficult 
+		to setup guest shares with <B
+CLASS="COMMAND"
+>security = user</B
+>, see 
+		the <A
+HREF="#MAPTOGUEST"
+><TT
+CLASS="PARAMETER"
+><I
+>map to guest</I
+></TT
+>
+		</A
+>parameter for details.</P
+><P
+>It is possible to use <B
+CLASS="COMMAND"
+>smbd</B
+> in a <EM
+>		hybrid mode</EM
+> where it is offers both user and share 
+		level security under different <A
+HREF="#NETBIOSALIASES"
+>		<TT
+CLASS="PARAMETER"
+><I
+>NetBIOS aliases</I
+></TT
+></A
+>. </P
+><P
+>The different settings will now be explained.</P
+><P
+><A
+NAME="SECURITYEQUALSSHARE"
+></A
+><EM
+>SECURITY = SHARE
+		</EM
+></P
+><P
+>When clients connect to a share level security server they 
+		need not log onto the server with a valid username and password before 
+		attempting to connect to a shared resource (although modern clients 
+		such as Windows 95/98 and Windows NT will send a logon request with 
+		a username but no password when talking to a <B
+CLASS="COMMAND"
+>security = share
+		</B
+> server). Instead, the clients send authentication information 
+		(passwords) on a per-share basis, at the time they attempt to connect 
+		to that share.</P
+><P
+>Note that <B
+CLASS="COMMAND"
+>smbd</B
+> <EM
+>ALWAYS</EM
+> 
+		uses a valid UNIX user to act on behalf of the client, even in
+		<B
+CLASS="COMMAND"
+>security = share</B
+> level security.</P
+><P
+>As clients are not required to send a username to the server
+		in share level security, <B
+CLASS="COMMAND"
+>smbd</B
+> uses several
+		techniques to determine the correct UNIX user to use on behalf
+		of the client.</P
+><P
+>A list of possible UNIX usernames to match with the given
+		client password is constructed using the following methods :</P
+><P
+></P
+><UL
+><LI
+><P
+>If the <A
+HREF="#GUESTONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>guest 
+			only</I
+></TT
+></A
+> parameter is set, then all the other 
+			stages are missed and only the <A
+HREF="#GUESTACCOUNT"
+>			<TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+></A
+> username is checked.
+			</P
+></LI
+><LI
+><P
+>Is a username is sent with the share connection 
+			request, then this username (after mapping - see <A
+HREF="#USERNAMEMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>username map</I
+></TT
+></A
+>), 
+			is added as a potential username.</P
+></LI
+><LI
+><P
+>If the client did a previous <EM
+>logon
+			</EM
+> request (the SessionSetup SMB call) then the 
+			username sent in this SMB will be added as a potential username.
+			</P
+></LI
+><LI
+><P
+>The name of the service the client requested is 
+			added as a potential username.</P
+></LI
+><LI
+><P
+>The NetBIOS name of the client is added to 
+			the list as a potential username.</P
+></LI
+><LI
+><P
+>Any users on the <A
+HREF="#USER"
+><TT
+CLASS="PARAMETER"
+><I
+>			user</I
+></TT
+></A
+> list are added as potential usernames.
+			</P
+></LI
+></UL
+><P
+>If the <TT
+CLASS="PARAMETER"
+><I
+>guest only</I
+></TT
+> parameter is 
+		not set, then this list is then tried with the supplied password. 
+		The first user for whom the password matches will be used as the 
+		UNIX user.</P
+><P
+>If the <TT
+CLASS="PARAMETER"
+><I
+>guest only</I
+></TT
+> parameter is 
+		set, or no username can be determined then if the share is marked 
+		as available to the <TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+>, then this 
+		guest user will be used, otherwise access is denied.</P
+><P
+>Note that it can be <EM
+>very</EM
+> confusing 
+		in share-level security as to which UNIX username will eventually
+		be used in granting access.</P
+><P
+>See also the section <A
+HREF="#AEN241"
+>		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
+>.</P
+><P
+><A
+NAME="SECURITYEQUALSUSER"
+></A
+><EM
+>SECURITY = USER
+		</EM
+></P
+><P
+>This is the default security setting in Samba 2.2. 
+		With user-level security a client must first "log-on" with a 
+		valid username and password (which can be mapped using the <A
+HREF="#USERNAMEMAP"
+><TT
+CLASS="PARAMETER"
+><I
+>username map</I
+></TT
+></A
+> 
+		parameter). Encrypted passwords (see the <A
+HREF="#ENCRYPTPASSWORDS"
+>		<TT
+CLASS="PARAMETER"
+><I
+>encrypted passwords</I
+></TT
+></A
+> parameter) can also
+		be used in this security mode. Parameters such as <A
+HREF="#USER"
+>		<TT
+CLASS="PARAMETER"
+><I
+>user</I
+></TT
+></A
+> and <A
+HREF="#GUESTONLY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>guest only</I
+></TT
+></A
+> if set	are then applied and 
+		may change the UNIX user to use on this connection, but only after 
+		the user has been successfully authenticated.</P
+><P
+><EM
+>Note</EM
+> that the name of the resource being 
+		requested is <EM
+>not</EM
+> sent to the server until after 
+		the server has successfully authenticated the client. This is why 
+		guest shares don't work in user level security without allowing 
+		the server to automatically map unknown users into the <A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+></A
+>. 
+		See the <A
+HREF="#MAPTOGUEST"
+><TT
+CLASS="PARAMETER"
+><I
+>map to guest</I
+></TT
+>
+		</A
+> parameter for details on doing this.</P
+><P
+>See also the section <A
+HREF="#AEN241"
+>		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
+>.</P
+><P
+><A
+NAME="SECURITYEQUALSSERVER"
+></A
+><EM
+>SECURITY = SERVER
+		</EM
+></P
+><P
+>In this mode Samba will try to validate the username/password 
+		by passing it to another SMB server, such as an NT box. If this 
+		fails it will revert to <B
+CLASS="COMMAND"
+>security = user</B
+>, but note 
+		that if encrypted passwords have been negotiated then Samba cannot 
+		revert back to checking the UNIX password file, it must have a valid 
+		<TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file to check users against. See the 
+		documentation file in the <TT
+CLASS="FILENAME"
+>docs/</TT
+> directory 
+		<TT
+CLASS="FILENAME"
+>ENCRYPTION.txt</TT
+> for details on how to set this 
+		up.</P
+><P
+><EM
+>Note</EM
+> that from the client's point of 
+		view <B
+CLASS="COMMAND"
+>security = server</B
+> is the same as <B
+CLASS="COMMAND"
+>		security = user</B
+>.  It only affects how the server deals 
+		with the authentication, it does not in any way affect what the 
+		client sees.</P
+><P
+><EM
+>Note</EM
+> that the name of the resource being 
+		requested is <EM
+>not</EM
+> sent to the server until after 
+		the server has successfully authenticated the client. This is why 
+		guest shares don't work in user level security without allowing 
+		the server to automatically map unknown users into the <A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+></A
+>. 
+		See the <A
+HREF="#MAPTOGUEST"
+><TT
+CLASS="PARAMETER"
+><I
+>map to guest</I
+></TT
+>
+		</A
+> parameter for details on doing this.</P
+><P
+>See also the section <A
+HREF="#AEN241"
+>		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
+>.</P
+><P
+>See also the <A
+HREF="#PASSWORDSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>password 
+		server</I
+></TT
+></A
+> parameter and the <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypted passwords</I
+></TT
+>
+		</A
+> parameter.</P
+><P
+><A
+NAME="SECURITYEQUALSDOMAIN"
+></A
+><EM
+>SECURITY = DOMAIN
+		</EM
+></P
+><P
+>This mode will only work correctly if <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+>smbpasswd(8)</A
+> has been used to add this 
+		machine into a Windows NT Domain. It expects the <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypted passwords</I
+></TT
+>
+		</A
+> parameter to be set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>. In this 
+		mode Samba will try to validate the username/password by passing
+		it to a Windows NT Primary or Backup Domain Controller, in exactly 
+		the same way that a Windows NT Server would do.</P
+><P
+><EM
+>Note</EM
+> that a valid UNIX user must still 
+		exist as well as the account on the Domain Controller to allow 
+		Samba to have a valid UNIX account to map file access to.</P
+><P
+><EM
+>Note</EM
+> that from the client's point 
+		of view <B
+CLASS="COMMAND"
+>security = domain</B
+> is the same as <B
+CLASS="COMMAND"
+>security = user
+		</B
+>. It only affects how the server deals with the authentication, 
+		it does not in any way affect what the client sees.</P
+><P
+><EM
+>Note</EM
+> that the name of the resource being 
+		requested is <EM
+>not</EM
+> sent to the server until after 
+		the server has successfully authenticated the client. This is why 
+		guest shares don't work in user level security without allowing 
+		the server to automatically map unknown users into the <A
+HREF="#GUESTACCOUNT"
+><TT
+CLASS="PARAMETER"
+><I
+>guest account</I
+></TT
+></A
+>. 
+		See the <A
+HREF="#MAPTOGUEST"
+><TT
+CLASS="PARAMETER"
+><I
+>map to guest</I
+></TT
+>
+		</A
+> parameter for details on doing this.</P
+><P
+><EM
+>BUG:</EM
+> There is currently a bug in the 
+		implementation of <B
+CLASS="COMMAND"
+>security = domain</B
+> with respect 
+		to multi-byte character set usernames. The communication with a 
+		Domain Controller must be done in UNICODE and Samba currently 
+		does not widen multi-byte user names to UNICODE correctly, thus 
+		a multi-byte username will not be recognized correctly at the 
+		Domain Controller. This issue will be addressed in a future release.</P
+><P
+>See also the section <A
+HREF="#AEN241"
+>		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
+>.</P
+><P
+>See also the <A
+HREF="#PASSWORDSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>password 
+		server</I
+></TT
+></A
+> parameter and the <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypted passwords</I
+></TT
+>
+		</A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>security = USER</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>security = DOMAIN</B
+></P
+></DD
+><DT
+><A
+NAME="SECURITYMASK"
+></A
+>security mask (S)</DT
+><DD
+><P
+>This parameter controls what UNIX permission 
+		bits can be modified when a Windows NT client is manipulating 
+		the UNIX permission on a file using the native NT security 
+		dialog box.</P
+><P
+>This parameter is applied as a mask (AND'ed with) to 
+		the changed permission bits, thus preventing any bits not in 
+		this mask from being modified. Essentially, zero bits in this 
+		mask may be treated as a set of bits the user is not allowed 
+		to change.</P
+><P
+>If not set explicitly this parameter is 0777, allowing
+		a user to modify all the user/group/world permissions on a file.
+		</P
+><P
+><EM
+>Note</EM
+> that users who can access the 
+		Samba server through other means can easily bypass this 
+		restriction, so it is primarily useful for standalone 
+		"appliance" systems.  Administrators of most normal systems will 
+		probably want to leave it set to <TT
+CLASS="CONSTANT"
+>0777</TT
+>.</P
+><P
+>See also the <A
+HREF="#FORCEDIRECTORYSECURITYMODE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>force directory security mode</I
+></TT
+></A
+>, 
+		<A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory 
+		security mask</I
+></TT
+></A
+>, <A
+HREF="#FORCESECURITYMODE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></A
+> parameters.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>security mask = 0777</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>security mask = 0770</B
+></P
+></DD
+><DT
+><A
+NAME="SERVERSTRING"
+></A
+>server string (G)</DT
+><DD
+><P
+>This controls what string will show up in the 
+		printer comment box in print manager and next to the IPC connection 
+		in <B
+CLASS="COMMAND"
+>net view</B
+>. It can be any string that you wish 
+		to show to your users.</P
+><P
+>It also sets what will appear in browse lists next 
+		to the machine name.</P
+><P
+>A <TT
+CLASS="PARAMETER"
+><I
+>%v</I
+></TT
+> will be replaced with the Samba 
+		version number.</P
+><P
+>A <TT
+CLASS="PARAMETER"
+><I
+>%h</I
+></TT
+> will be replaced with the 
+		hostname.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>server string = Samba %v</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>server string = University of GNUs Samba 
+		Server</B
+></P
+></DD
+><DT
+><A
+NAME="SETDIRECTORY"
+></A
+>set directory (S)</DT
+><DD
+><P
+>If <B
+CLASS="COMMAND"
+>set directory = no</B
+>, then 
+		users of the service may not use the setdir command to change 
+		directory.</P
+><P
+>The <B
+CLASS="COMMAND"
+>setdir</B
+> command is only implemented 
+		in the Digital Pathworks client. See the Pathworks documentation 
+		for details.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>set directory = no</B
+></P
+></DD
+><DT
+><A
+NAME="SHAREMODES"
+></A
+>share modes (S)</DT
+><DD
+><P
+>This enables or disables the honoring of 
+		the <TT
+CLASS="PARAMETER"
+><I
+>share modes</I
+></TT
+> during a file open. These 
+		modes are used by clients to gain exclusive read or write access 
+		to a file.</P
+><P
+>These open modes are not directly supported by UNIX, so
+		they are simulated using shared memory, or lock files if your 
+		UNIX doesn't support shared memory (almost all do).</P
+><P
+>The share modes that are enabled by this option are 
+		<TT
+CLASS="CONSTANT"
+>DENY_DOS</TT
+>, <TT
+CLASS="CONSTANT"
+>DENY_ALL</TT
+>,
+		<TT
+CLASS="CONSTANT"
+>DENY_READ</TT
+>, <TT
+CLASS="CONSTANT"
+>DENY_WRITE</TT
+>,
+		<TT
+CLASS="CONSTANT"
+>DENY_NONE</TT
+> and <TT
+CLASS="CONSTANT"
+>DENY_FCB</TT
+>.
+		</P
+><P
+>This option gives full share compatibility and enabled 
+		by default.</P
+><P
+>You should <EM
+>NEVER</EM
+> turn this parameter 
+		off as many Windows applications will break if you do so.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>share modes = yes</B
+></P
+></DD
+><DT
+><A
+NAME="SHORTPRESERVECASE"
+></A
+>short preserve case (S)</DT
+><DD
+><P
+>This boolean parameter controls if new files 
+		which conform to 8.3 syntax, that is all in upper case and of 
+		suitable length, are created upper case, or if they are forced 
+		to be the <A
+HREF="#DEFAULTCASE"
+><TT
+CLASS="PARAMETER"
+><I
+>default case
+		</I
+></TT
+></A
+>. This  option can be use with <A
+HREF="#PRESERVECASE"
+><B
+CLASS="COMMAND"
+>preserve case = yes</B
+>
+		</A
+> to permit long filenames to retain their case, while short 
+		names are lowered. </P
+><P
+>See the section on <A
+HREF="#AEN203"
+>		NAME MANGLING</A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>short preserve case = yes</B
+></P
+></DD
+><DT
+><A
+NAME="SHOWADDPRINTERWIZARD"
+></A
+>show add printer wizard (G)</DT
+><DD
+><P
+>With the introduction of MS-RPC based printing support
+		for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
+		appear on Samba hosts in the share listing.  Normally this folder will 
+		contain an icon for the MS Add Printer Wizard (APW).  However, it is 
+		possible to disable this feature regardless of the level of privilege 
+		of the connected user.</P
+><P
+>Under normal circumstances, the Windows NT/2000 client will 
+		open a handle on the printer server with OpenPrinterEx() asking for
+		Administrator privileges.  If the user does not have administrative
+		access on the print server (i.e is not root or a member of the 
+		<TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+> group), the OpenPrinterEx() 
+		call fails and the client makes another open call with a request for 
+		a lower privilege level.  This should succeed, however the APW 
+		icon will not be displayed.</P
+><P
+>Disabling the <TT
+CLASS="PARAMETER"
+><I
+>show add printer wizard</I
+></TT
+>
+		parameter will always cause the OpenPrinterEx() on the server
+		to fail.  Thus the APW icon will never be displayed. <EM
+>		Note :</EM
+>This does not prevent the same user from having 
+		administrative privilege on an individual printer.</P
+><P
+>See also <A
+HREF="#ADDPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>addprinter
+		command</I
+></TT
+></A
+>, <A
+HREF="#DELETEPRINTERCOMMAND"
+>		<TT
+CLASS="PARAMETER"
+><I
+>deleteprinter command</I
+></TT
+></A
+>, <A
+HREF="#PRINTERADMIN"
+><TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+></A
+></P
+><P
+>Default :<B
+CLASS="COMMAND"
+>show add printer wizard = yes</B
+></P
+></DD
+><DT
+><A
+NAME="SMBPASSWDFILE"
+></A
+>smb passwd file (G)</DT
+><DD
+><P
+>This option sets the path to the encrypted 
+ 		smbpasswd file.  By default the path to the smbpasswd file 
+		is compiled into Samba.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>smb passwd file = ${prefix}/private/smbpasswd
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>smb passwd file = /etc/samba/smbpasswd
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SOCKETADDRESS"
+></A
+>socket address (G)</DT
+><DD
+><P
+>This option allows you to control what 
+		address Samba will listen for connections on. This is used to 
+		support multiple virtual interfaces on the one server, each 
+		with a different configuration.</P
+><P
+>By default Samba will accept connections on any 
+		address.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>socket address = 192.168.2.20</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="SOCKETOPTIONS"
+></A
+>socket options (G)</DT
+><DD
+><P
+>This option allows you to set socket options 
+		to be used when talking with the client.</P
+><P
+>Socket options are controls on the networking layer 
+		of the operating systems which allow the connection to be 
+		tuned.</P
+><P
+>This option will typically be used to tune your Samba 
+		server for optimal performance for your local network. There is 
+		no way that Samba can know what the optimal parameters are for 
+		your net, so you must experiment and choose them yourself. We 
+		strongly suggest you read the appropriate documentation for your 
+		operating system first (perhaps <B
+CLASS="COMMAND"
+>man setsockopt</B
+> 
+		will help).</P
+><P
+>You may find that on some systems Samba will say 
+		"Unknown socket option" when you supply an option. This means you 
+		either incorrectly  typed it or you need to add an include file 
+		to includes.h for your OS.  If the latter is the case please 
+		send the patch to <A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>		samba@samba.org</A
+>.</P
+><P
+>Any of the supported socket options may be combined 
+		in any way you like, as long as your OS allows it.</P
+><P
+>This is the list of socket options currently settable 
+		using this option:</P
+><P
+></P
+><UL
+><LI
+><P
+>SO_KEEPALIVE</P
+></LI
+><LI
+><P
+>SO_REUSEADDR</P
+></LI
+><LI
+><P
+>SO_BROADCAST</P
+></LI
+><LI
+><P
+>TCP_NODELAY</P
+></LI
+><LI
+><P
+>IPTOS_LOWDELAY</P
+></LI
+><LI
+><P
+>IPTOS_THROUGHPUT</P
+></LI
+><LI
+><P
+>SO_SNDBUF *</P
+></LI
+><LI
+><P
+>SO_RCVBUF *</P
+></LI
+><LI
+><P
+>SO_SNDLOWAT *</P
+></LI
+><LI
+><P
+>SO_RCVLOWAT *</P
+></LI
+></UL
+><P
+>Those marked with a <EM
+>'*'</EM
+> take an integer 
+		argument. The others can optionally take a 1 or 0 argument to enable 
+		or disable the option, by default they will be enabled if you 
+		don't specify 1 or 0.</P
+><P
+>To specify an argument use the syntax SOME_OPTION = VALUE 
+		for example <B
+CLASS="COMMAND"
+>SO_SNDBUF = 8192</B
+>. Note that you must 
+		not have any spaces before or after the = sign.</P
+><P
+>If you are on a local network then a sensible option 
+		might be</P
+><P
+><B
+CLASS="COMMAND"
+>socket options = IPTOS_LOWDELAY</B
+></P
+><P
+>If you have a local network then you could try:</P
+><P
+><B
+CLASS="COMMAND"
+>socket options = IPTOS_LOWDELAY TCP_NODELAY</B
+></P
+><P
+>If you are on a wide area network then perhaps try 
+		setting IPTOS_THROUGHPUT. </P
+><P
+>Note that several of the options may cause your Samba 
+		server to fail completely. Use these options with caution!</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>socket options = TCP_NODELAY</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>socket options = IPTOS_LOWDELAY</B
+></P
+></DD
+><DT
+><A
+NAME="SOURCEENVIRONMENT"
+></A
+>source environment (G)</DT
+><DD
+><P
+>This parameter causes Samba to set environment 
+		variables as per the content of the file named.</P
+><P
+>If the value of this parameter starts with a "|" character 
+		then Samba will treat that value as a pipe command to open and 
+		will set the environment variables from the output of the pipe.</P
+><P
+>The contents of the file or the output of the pipe should 
+		be formatted as the output of the standard Unix <B
+CLASS="COMMAND"
+>env(1)
+		</B
+> command. This is of the form :</P
+><P
+>Example environment entry:</P
+><P
+><B
+CLASS="COMMAND"
+>SAMBA_NETBIOS_NAME = myhostname</B
+></P
+><P
+>Default: <EM
+>No default value</EM
+></P
+><P
+>Examples: <B
+CLASS="COMMAND"
+>source environment = |/etc/smb.conf.sh
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>source environment = 
+		/usr/local/smb_env_vars</B
+></P
+></DD
+><DT
+><A
+NAME="SSL"
+></A
+>ssl (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable enables or disables the entire SSL mode. If 
+		it is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>, the SSL-enabled Samba behaves 
+		exactly like the non-SSL Samba. If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, 
+		it depends on the variables <A
+HREF="#SSLHOSTS"
+><TT
+CLASS="PARAMETER"
+><I
+>		ssl hosts</I
+></TT
+></A
+> and <A
+HREF="#SSLHOSTSRESIGN"
+>		<TT
+CLASS="PARAMETER"
+><I
+>ssl hosts resign</I
+></TT
+></A
+> whether an SSL 
+		connection will be required.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl = no</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCACERTDIR"
+></A
+>ssl CA certDir (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable defines where to look up the Certification
+		Authorities. The given directory should contain one file for 
+		each CA that Samba will trust.  The file name must be the hash 
+		value over the "Distinguished Name" of the CA. How this directory 
+		is set up is explained later in this document. All files within the 
+		directory that don't fit into this naming scheme are ignored. You 
+		don't need this variable if you don't verify client certificates.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl CA certDir = /usr/local/ssl/certs
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCACERTFILE"
+></A
+>ssl CA certFile (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable is a second way to define the trusted CAs. 
+		The certificates of the trusted CAs are collected in one big 
+		file and this variable points to the file. You will probably 
+		only use one of the two ways to define your CAs. The first choice is 
+		preferable if you have many CAs or want to be flexible, the second 
+		is preferable if you only have one CA and want to keep things 
+		simple (you won't need to create the hashed file names). You 
+		don't need this variable if you don't verify client certificates.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCIPHERS"
+></A
+>ssl ciphers (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable defines the ciphers that should be offered 
+		during SSL negotiation. You should not set this variable unless 
+		you know what you are doing.</P
+></DD
+><DT
+><A
+NAME="SSLCLIENTCERT"
+></A
+>ssl client cert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>The certificate in this file is used by <A
+HREF="smbclient.1.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+> if it exists. It's needed 
+		if the server requires a client certificate.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl client cert = /usr/local/ssl/certs/smbclient.pem
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCLIENTKEY"
+></A
+>ssl client key (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This is the private key for <A
+HREF="smbclient.1.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>. It's only needed if the 
+		client should have a certificate. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl client key = /usr/local/ssl/private/smbclient.pem
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCOMPATIBILITY"
+></A
+>ssl compatibility (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable defines whether OpenSSL should be configured 
+		for bug compatibility with other SSL implementations. This is 
+		probably not desirable because currently no clients with SSL 
+		implementations other than OpenSSL exist.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl compatibility = no</B
+></P
+></DD
+><DT
+><A
+NAME="SSLEGDSOCKET"
+></A
+>ssl egd socket (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>		This option is used to define the location of the communiation socket of 
+		an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
+		can be used instead of or together with the <A
+HREF="#SSLENTROPYFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl entropy file</I
+></TT
+></A
+> 
+		directive. 255 bytes of entropy will be retrieved from the daemon.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+></DD
+><DT
+><A
+NAME="SSLENTROPYBYTES"
+></A
+>ssl entropy bytes (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>		This parameter is used to define the number of bytes which should 
+		be read from the <A
+HREF="#SSLENTROPYFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl entropy 
+		file</I
+></TT
+></A
+> If a -1 is specified, the entire file will
+		be read.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl entropy bytes = 255</B
+></P
+></DD
+><DT
+><A
+NAME="SSLENTROPYFILE"
+></A
+>ssl entropy file (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>		This parameter is used to specify a file from which processes will 
+		read "random bytes" on startup.  In order to seed the internal pseudo 
+		random number generator, entropy must be provided. On system with a 
+		<TT
+CLASS="FILENAME"
+>/dev/urandom</TT
+> device file, the processes
+		will retrieve its entropy from the kernel. On systems without kernel
+		entropy support, a file can be supplied that will be read on startup
+		and that will be used to seed the PRNG.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+></DD
+><DT
+><A
+NAME="SSLHOSTS"
+></A
+>ssl hosts (G)</DT
+><DD
+><P
+>See <A
+HREF="#SSLHOSTSRESIGN"
+><TT
+CLASS="PARAMETER"
+><I
+>		ssl hosts resign</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="SSLHOSTSRESIGN"
+></A
+>ssl hosts resign (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>These two variables define whether Samba will go 
+		into SSL mode or not. If none of them is defined, Samba will 
+		allow only SSL connections. If the <A
+HREF="#SSLHOSTS"
+>		<TT
+CLASS="PARAMETER"
+><I
+>ssl hosts</I
+></TT
+></A
+> variable lists
+		hosts (by IP-address, IP-address range, net group or name), 
+		only these hosts will be forced into SSL mode. If the <TT
+CLASS="PARAMETER"
+><I
+>		ssl hosts resign</I
+></TT
+> variable lists hosts, only these 
+		hosts will <EM
+>NOT</EM
+> be forced into SSL mode. The syntax for these two 
+		variables is the same as for the <A
+HREF="#HOSTSALLOW"
+><TT
+CLASS="PARAMETER"
+><I
+>		hosts allow</I
+></TT
+></A
+> and <A
+HREF="#HOSTSDENY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>hosts deny</I
+></TT
+></A
+> pair of variables, only 
+		that the subject of the decision is different: It's not the access 
+		right but whether SSL is used or not. </P
+><P
+>The example below requires SSL connections from all hosts
+		outside the local net (which is 192.168.*.*).</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl hosts = &#60;empty string&#62;</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>ssl hosts resign = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>ssl hosts resign = 192.168.</B
+></P
+></DD
+><DT
+><A
+NAME="SSLREQUIRECLIENTCERT"
+></A
+>ssl require clientcert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>If this variable is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, the 
+		server will not tolerate connections from clients that don't 
+		have a valid certificate. The directory/file given in <A
+HREF="#SSLCACERTDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl CA certDir</I
+></TT
+>
+		</A
+> and <A
+HREF="#SSLCACERTFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl CA certFile
+		</I
+></TT
+></A
+> will be used to look up the CAs that issued 
+		the client's certificate. If the certificate can't be verified 
+		positively, the connection will be terminated.  If this variable 
+		is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>, clients don't need certificates. 
+		Contrary to web applications you really <EM
+>should</EM
+> 
+		require client certificates. In the web environment the client's 
+		data is sensitive (credit card numbers) and the server must prove 
+		to be trustworthy. In a file server environment the server's data 
+		will be sensitive and the clients must prove to be trustworthy.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl require clientcert = no</B
+></P
+></DD
+><DT
+><A
+NAME="SSLREQUIRESERVERCERT"
+></A
+>ssl require servercert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>If this variable is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, the 
+		<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+>
+		</A
+> will request a certificate from the server. Same as 
+		<A
+HREF="#SSLREQUIRECLIENTCERT"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl require 
+		clientcert</I
+></TT
+></A
+> for the server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl require servercert = no</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="SSLSERVERCERT"
+></A
+>ssl server cert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This is the file containing the server's certificate. 
+		The server <EM
+>must</EM
+> have a certificate. The 
+		file may also contain the server's private key. See later for 
+		how certificates and private keys are created.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl server cert = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLSERVERKEY"
+></A
+>ssl server key (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This file contains the private key of the server. If 
+		this variable is not defined, the key is looked up in the 
+		certificate file (it may be appended to the certificate). 
+		The server <EM
+>must</EM
+> have a private key
+		and the certificate <EM
+>must</EM
+> 
+		match this private key.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl server key = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLVERSION"
+></A
+>ssl version (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This enumeration variable defines the versions of the 
+		SSL protocol that will be used. <TT
+CLASS="CONSTANT"
+>ssl2or3</TT
+> allows 
+		dynamic negotiation of SSL v2 or v3, <TT
+CLASS="CONSTANT"
+>ssl2</TT
+> results 
+		in SSL v2, <TT
+CLASS="CONSTANT"
+>ssl3</TT
+> results in SSL v3 and
+		<TT
+CLASS="CONSTANT"
+>tls1</TT
+> results in TLS v1. TLS (Transport Layer 
+		Security) is the new standard for SSL.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl version = "ssl2or3"</B
+></P
+></DD
+><DT
+><A
+NAME="STATCACHE"
+></A
+>stat cache (G)</DT
+><DD
+><P
+>This parameter determines if <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will use a cache in order to 
+		speed up case insensitive name mappings. You should never need 
+		to change this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>stat cache = yes</B
+></P
+></DD
+><DT
+><A
+NAME="STATCACHESIZE"
+></A
+>stat cache size (G)</DT
+><DD
+><P
+>This parameter determines the number of 
+		entries in the <TT
+CLASS="PARAMETER"
+><I
+>stat cache</I
+></TT
+>.  You should 
+		never need to change this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>stat cache size = 50</B
+></P
+></DD
+><DT
+><A
+NAME="STATUS"
+></A
+>status (G)</DT
+><DD
+><P
+>This enables or disables logging of connections 
+		to a status file that <A
+HREF="smbstatus.1.html"
+TARGET="_top"
+>smbstatus(1)</A
+>
+		can read.</P
+><P
+>With this disabled <B
+CLASS="COMMAND"
+>smbstatus</B
+> won't be able
+		to tell you what connections are active. You should never need to
+		change this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>status = yes</B
+></P
+></DD
+><DT
+><A
+NAME="STRICTALLOCATE"
+></A
+>strict allocate (S)</DT
+><DD
+><P
+>This is a boolean that controls the handling of 
+		disk space allocation in the server. When this is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+> 
+		the server will change from UNIX behaviour of not committing real
+		disk storage blocks when a file is extended to the Windows behaviour
+		of actually forcing the disk system to allocate real storage blocks
+		when a file is created or extended to be a given size. In UNIX
+		terminology this means that Samba will stop creating sparse files.
+		This can be slow on some systems.</P
+><P
+>When strict allocate is <TT
+CLASS="CONSTANT"
+>no</TT
+> the server does sparse
+		disk block allocation when a file is extended.</P
+><P
+>Setting this to <TT
+CLASS="CONSTANT"
+>yes</TT
+> can help Samba return
+		out of quota messages on systems that are restricting the disk quota
+		of users.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>strict allocate = no</B
+></P
+></DD
+><DT
+><A
+NAME="STRICTLOCKING"
+></A
+>strict locking (S)</DT
+><DD
+><P
+>This is a boolean that controls the handling of 
+		file locking in the server. When this is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+> 
+		the server will check every read and write access for file locks, and 
+		deny access if locks exist. This can be slow on some systems.</P
+><P
+>When strict locking is <TT
+CLASS="CONSTANT"
+>no</TT
+> the server does file 
+		lock checks only when the client explicitly asks for them.</P
+><P
+>Well-behaved clients always ask for lock checks when it 
+		is important, so in the vast majority of cases <B
+CLASS="COMMAND"
+>strict 
+		locking = no</B
+> is preferable.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>strict locking = no</B
+></P
+></DD
+><DT
+><A
+NAME="STRICTSYNC"
+></A
+>strict sync (S)</DT
+><DD
+><P
+>Many Windows applications (including the Windows 
+		98 explorer shell) seem to confuse flushing buffer contents to 
+		disk with doing a sync to disk. Under UNIX, a sync call forces 
+		the process to be suspended until the kernel has ensured that 
+		all outstanding data in kernel disk buffers has been safely stored 
+		onto stable storage. This is very slow and should only be done 
+		rarely. Setting this parameter to <TT
+CLASS="CONSTANT"
+>no</TT
+> (the 
+		default) means that <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> ignores the Windows applications requests for
+		a sync call. There is only a possibility of losing data if the
+		operating system itself that Samba is running on crashes, so there is
+		little danger in this default setting. In addition, this fixes many
+		performance problems that people have reported with the new Windows98
+		explorer shell file copies.</P
+><P
+>See also the <A
+HREF="#SYNCALWAYS"
+><TT
+CLASS="PARAMETER"
+><I
+>sync 
+		always&#62;</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>strict sync = no</B
+></P
+></DD
+><DT
+><A
+NAME="STRIPDOT"
+></A
+>strip dot (G)</DT
+><DD
+><P
+>This parameter is now unused in Samba (2.2.5 and above).
+		It used strip trailing dots off UNIX filenames but was not correctly implmented.
+		In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+		filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+		being returned to a client.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>strip dot = no</B
+></P
+></DD
+><DT
+><A
+NAME="SYNCALWAYS"
+></A
+>sync always (S)</DT
+><DD
+><P
+>This is a boolean parameter that controls 
+		whether writes will always be written to stable storage before 
+		the write call returns. If this is <TT
+CLASS="CONSTANT"
+>no</TT
+> then the server will be 
+		guided by the client's request in each write call (clients can 
+		set a bit indicating that a particular write should be synchronous). 
+		If this is <TT
+CLASS="CONSTANT"
+>yes</TT
+> then every write will be followed by a <B
+CLASS="COMMAND"
+>fsync()
+		</B
+> call to ensure the data is written to disk. Note that 
+		the <TT
+CLASS="PARAMETER"
+><I
+>strict sync</I
+></TT
+> parameter must be set to
+		<TT
+CLASS="CONSTANT"
+>yes</TT
+> in order for this parameter to have 
+		any affect.</P
+><P
+>See also the <A
+HREF="#STRICTSYNC"
+><TT
+CLASS="PARAMETER"
+><I
+>strict 
+		sync</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>sync always = no</B
+></P
+></DD
+><DT
+><A
+NAME="SYSLOG"
+></A
+>syslog (G)</DT
+><DD
+><P
+>This parameter maps how Samba debug messages 
+		are logged onto the system syslog logging levels. Samba debug 
+		level zero maps onto syslog <TT
+CLASS="CONSTANT"
+>LOG_ERR</TT
+>, debug 
+		level one maps onto <TT
+CLASS="CONSTANT"
+>LOG_WARNING</TT
+>, debug level 
+		two maps onto <TT
+CLASS="CONSTANT"
+>LOG_NOTICE</TT
+>, debug level three 
+		maps onto LOG_INFO. All higher levels are mapped to <TT
+CLASS="CONSTANT"
+>		LOG_DEBUG</TT
+>.</P
+><P
+>This parameter sets the threshold for sending messages 
+		to syslog.  Only messages with debug level less than this value 
+		will be sent to syslog.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>syslog = 1</B
+></P
+></DD
+><DT
+><A
+NAME="SYSLOGONLY"
+></A
+>syslog only (G)</DT
+><DD
+><P
+>If this parameter is set then Samba debug 
+		messages are logged into the system syslog only, and not to 
+		the debug log files.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>syslog only = no</B
+></P
+></DD
+><DT
+><A
+NAME="TEMPLATEHOMEDIR"
+></A
+>template homedir (G)</DT
+><DD
+><P
+>When filling out the user information for a Windows NT 
+		user, the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> daemon 
+		uses this parameter to fill in the home directory for that user.  
+		If the string <TT
+CLASS="PARAMETER"
+><I
+>%D</I
+></TT
+> is present it is substituted 
+		with the user's Windows NT domain name.  If the string <TT
+CLASS="PARAMETER"
+><I
+>%U
+		</I
+></TT
+> is present it is substituted with the user's Windows 
+		NT user name.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template homedir = /home/%D/%U</B
+></P
+></DD
+><DT
+><A
+NAME="TEMPLATESHELL"
+></A
+>template shell (G)</DT
+><DD
+><P
+>When filling out the user information for a Windows NT 
+		user, the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> daemon 
+		uses this parameter to fill in the login shell for that user.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template shell = /bin/false</B
+></P
+></DD
+><DT
+><A
+NAME="TIMEOFFSET"
+></A
+>time offset (G)</DT
+><DD
+><P
+>This parameter is a setting in minutes to add 
+		to the normal GMT to local time conversion. This is useful if 
+		you are serving a lot of PCs that have incorrect daylight 
+		saving time handling.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>time offset = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>time offset = 60</B
+></P
+></DD
+><DT
+><A
+NAME="TIMESERVER"
+></A
+>time server (G)</DT
+><DD
+><P
+>This parameter determines if <A
+HREF="nmbd.8.html"
+TARGET="_top"
+> 			
+		nmbd(8)</A
+> advertises itself as a time server to Windows 
+		clients.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>time server = no</B
+></P
+></DD
+><DT
+><A
+NAME="TIMESTAMPLOGS"
+></A
+>timestamp logs (G)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#DEBUGTIMESTAMP"
+><TT
+CLASS="PARAMETER"
+><I
+>		debug timestamp</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="TOTALPRINTJOBS"
+></A
+>total print jobs (G)</DT
+><DD
+><P
+>This parameter accepts an integer value which defines
+		a limit on the maximum number of print jobs that will be accepted 
+		system wide at any given time.  If a print job is submitted
+		by a client which will exceed this number, then <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> will return an 
+		error indicating that no space is available on the server.  The 
+		default value of 0 means that no such limit exists.  This parameter
+		can be used to prevent a server from exceeding its capacity and is
+		designed as a printing throttle.  See also 
+		<A
+HREF="#MAXPRINTJOBS"
+><TT
+CLASS="PARAMETER"
+><I
+>max print jobs</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>total print jobs = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>total print jobs = 5000</B
+></P
+></DD
+><DT
+><A
+NAME="UNIXEXTENSIONS"
+></A
+>unix extensions(G)</DT
+><DD
+><P
+>This boolean parameter controls whether Samba 
+		implments the CIFS UNIX extensions, as defined by HP. 
+		These extensions enable Samba to better serve UNIX CIFS clients
+		by supporting features such as symbolic links, hard links, etc...
+		These extensions require a similarly enabled client, and are of
+		no current use to Windows clients.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>unix extensions = no</B
+></P
+></DD
+><DT
+><A
+NAME="UNIXPASSWORDSYNC"
+></A
+>unix password sync (G)</DT
+><DD
+><P
+>This boolean parameter controls whether Samba 
+		attempts to synchronize the UNIX password with the SMB password 
+		when the encrypted SMB password in the smbpasswd file is changed. 
+		If this is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+> the program specified in the <TT
+CLASS="PARAMETER"
+><I
+>passwd
+		program</I
+></TT
+>parameter is called <EM
+>AS ROOT</EM
+> - 
+		to allow the new UNIX password to be set without access to the 
+		old UNIX password (as the SMB password change code has no 
+		access to the old password cleartext, only the new).</P
+><P
+>See also <A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd 
+		program</I
+></TT
+></A
+>, <A
+HREF="#PASSWDCHAT"
+><TT
+CLASS="PARAMETER"
+><I
+>		passwd chat</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>unix password sync = no</B
+></P
+></DD
+><DT
+><A
+NAME="UPDATEENCRYPTED"
+></A
+>update encrypted (G)</DT
+><DD
+><P
+>This boolean parameter allows a user logging 
+		on with a plaintext password to have their encrypted (hashed) 
+		password in the smbpasswd file to be updated automatically as 
+		they log on. This option allows a site to migrate from plaintext 
+		password authentication (users authenticate with plaintext 
+		password over the wire, and are checked against a UNIX account 
+		database) to encrypted password authentication (the SMB 
+		challenge/response authentication mechanism) without forcing
+		all users to re-enter their passwords via smbpasswd at the time the
+		change is made. This is a convenience option to allow the change over
+		to encrypted passwords to be made over a longer period. Once all users
+		have encrypted representations of their passwords in the smbpasswd
+		file this parameter should be set to <TT
+CLASS="CONSTANT"
+>no</TT
+>.</P
+><P
+>In order for this parameter to work correctly the <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypt passwords</I
+></TT
+>
+		</A
+> parameter must be set to <TT
+CLASS="CONSTANT"
+>no</TT
+> when
+		this parameter is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>.</P
+><P
+>Note that even when this parameter is set a user 
+		authenticating to <B
+CLASS="COMMAND"
+>smbd</B
+> must still enter a valid 
+		password in order to connect correctly, and to update their hashed 
+		(smbpasswd) passwords.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>update encrypted = no</B
+></P
+></DD
+><DT
+><A
+NAME="USECLIENTDRIVER"
+></A
+>use client driver (S)</DT
+><DD
+><P
+>This parameter applies only to Windows NT/2000
+		clients.  It has no affect on Windows 95/98/ME clients.  When 
+		serving a printer to Windows NT/2000 clients without first installing
+		a valid printer driver on the Samba host, the client will be required
+		to install a local printer driver.  From this point on, the client
+		will treat the print as a local printer and not a network printer 
+		connection.  This is much the same behavior that will occur
+		when <B
+CLASS="COMMAND"
+>disable spoolss = yes</B
+>.  </P
+><P
+>The differentiating 
+		factor is that under normal circumstances, the NT/2000 client will 
+		attempt to open the network printer using MS-RPC.  The problem is that
+		because the client considers the printer to be local, it will attempt
+		to issue the OpenPrinterEx() call requesting access rights associated 
+		with the logged on user. If the user possesses local administator rights
+		but not root privilegde on the Samba host (often the case), the OpenPrinterEx()
+		call will fail.  The result is that the client will now display an "Access
+		Denied; Unable to connect" message in the printer queue window (even though
+		jobs may successfully be printed).  </P
+><P
+>If this parameter is enabled for a printer, then any attempt
+		to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
+		to PRINTER_ACCESS_USE instead.  Thus allowing the OpenPrinterEx()
+		call to succeed.  <EM
+>This parameter MUST not be able enabled
+		on a print share which has valid print driver installed on the Samba 
+		server.</EM
+></P
+><P
+>See also <A
+HREF="#DISABLESPOOLSS"
+>disable spoolss</A
+>
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>use client driver = no</B
+></P
+></DD
+><DT
+><A
+NAME="USEMMAP"
+></A
+>use mmap (G)</DT
+><DD
+><P
+>This global parameter determines if the tdb internals of Samba can
+		depend on mmap working correctly on the running system. Samba requires a coherent
+		mmap/read-write system memory cache. Currently only HPUX does not have such a
+		coherent cache, and so this parameter is set to <TT
+CLASS="CONSTANT"
+>no</TT
+> by
+		default on HPUX. On all other systems this parameter should be left alone. This
+		parameter is provided to help the Samba developers track down problems with
+		the tdb internal code.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>use mmap = yes</B
+></P
+></DD
+><DT
+><A
+NAME="USERHOSTS"
+></A
+>use rhosts (G)</DT
+><DD
+><P
+>If this global parameter is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, it specifies 
+		that the UNIX user's <TT
+CLASS="FILENAME"
+>.rhosts</TT
+> file in their home directory 
+		will be read to find the names of hosts and users who will be allowed 
+		access without specifying a password.</P
+><P
+><EM
+>NOTE:</EM
+> The use of <TT
+CLASS="PARAMETER"
+><I
+>use rhosts
+		</I
+></TT
+> can be a major security hole. This is because you are 
+		trusting the PC to supply the correct username. It is very easy to 
+		get a PC to supply a false username. I recommend that the <TT
+CLASS="PARAMETER"
+><I
+>		use rhosts</I
+></TT
+> option be only used if you really know what 
+		you are doing.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>use rhosts = no</B
+></P
+></DD
+><DT
+><A
+NAME="USER"
+></A
+>user (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#USERNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>		username</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="USERS"
+></A
+>users (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#USERNAME"
+><TT
+CLASS="PARAMETER"
+><I
+>		username</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="USERNAME"
+></A
+>username (S)</DT
+><DD
+><P
+>Multiple users may be specified in a comma-delimited 
+		list, in which case the supplied password will be tested against 
+		each username in turn (left to right).</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>username</I
+></TT
+> line is needed only when 
+		the PC is unable to supply its own username. This is the case 
+		for the COREPLUS protocol or where your users have different WfWg 
+		usernames to UNIX usernames. In both these cases you may also be 
+		better using the \\server\share%user syntax instead.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>username</I
+></TT
+> line is not a great 
+		solution in many cases as it means Samba will try to validate 
+		the supplied password against each of the usernames in the 
+		<TT
+CLASS="PARAMETER"
+><I
+>username</I
+></TT
+> line in turn. This is slow and 
+		a bad idea for lots of users in case of duplicate passwords. 
+		You may get timeouts or security breaches using this parameter 
+		unwisely.</P
+><P
+>Samba relies on the underlying UNIX security. This 
+		parameter does not restrict who can login, it just offers hints 
+		to the Samba server as to what usernames might correspond to the 
+		supplied password. Users can login as whoever they please and 
+		they will be able to do no more damage than if they started a 
+		telnet session. The daemon runs as the user that they log in as, 
+		so they cannot do anything that user cannot do.</P
+><P
+>To restrict a service to a particular set of users you 
+		can use the <A
+HREF="#VALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>valid users
+		</I
+></TT
+></A
+> parameter.</P
+><P
+>If any of the usernames begin with a '@' then the name
+		will be looked up first in the NIS netgroups list (if Samba 
+		is compiled with netgroup support), followed by a lookup in 
+		the UNIX groups database and will expand to a list of all users 
+		in the group of that name.</P
+><P
+>If any of the usernames begin with a '+' then the name 
+		will be looked up only in the UNIX groups database and will 
+		expand to a list of all users in the group of that name.</P
+><P
+>If any of the usernames begin with a '&#38;'then the name 
+		will be looked up only in the NIS netgroups database (if Samba 
+		is compiled with netgroup support) and will expand to a list 
+		of all users in the netgroup group of that name.</P
+><P
+>Note that searching though a groups database can take 
+		quite some time, and some clients may time out during the 
+		search.</P
+><P
+>See the section <A
+HREF="#AEN241"
+>NOTE ABOUT 
+		USERNAME/PASSWORD VALIDATION</A
+> for more information on how 
+		this parameter determines access to the services.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>The guest account if a guest service, 
+		else &#60;empty string&#62;.</B
+></P
+><P
+>Examples:<B
+CLASS="COMMAND"
+>username = fred, mary, jack, jane, 
+		@users, @pcgroup</B
+></P
+></DD
+><DT
+><A
+NAME="USERNAMELEVEL"
+></A
+>username level (G)</DT
+><DD
+><P
+>This option helps Samba to try and 'guess' at 
+		the real UNIX username, as many DOS clients send an all-uppercase 
+		username. By default Samba tries all lowercase, followed by the 
+		username with the first letter capitalized, and fails if the 
+		username is not found on the UNIX machine.</P
+><P
+>If this parameter is set to non-zero the behavior changes. 
+		This parameter is a number that specifies the number of uppercase
+		combinations to try while trying to determine the UNIX user name. The
+		higher the number the more combinations will be tried, but the slower
+		the discovery of usernames will be. Use this parameter when you have
+		strange usernames on your UNIX machine, such as <TT
+CLASS="CONSTANT"
+>AstrangeUser
+		</TT
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>username level = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>username level = 5</B
+></P
+></DD
+><DT
+><A
+NAME="USERNAMEMAP"
+></A
+>username map (G)</DT
+><DD
+><P
+>This option allows you to specify a file containing 
+		a mapping of usernames from the clients to the server. This can be 
+		used for several purposes. The most common is to map usernames 
+		that users use on DOS or Windows machines to those that the UNIX 
+		box uses. The other is to map multiple users to a single username 
+		so that they can more easily share files.</P
+><P
+>The map file is parsed line by line. Each line should 
+		contain a single UNIX username on the left then a '=' followed 
+		by a list of usernames on the right. The list of usernames on the 
+		right may contain names of the form @group in which case they 
+		will match any UNIX username in that group. The special client 
+		name '*' is a wildcard and matches any name. Each line of the 
+		map file may be up to 1023 characters long.</P
+><P
+>The file is processed on each line by taking the 
+		supplied username and comparing it with each username on the right 
+		hand side of the '=' signs. If the supplied name matches any of 
+		the names on the right hand side then it is replaced with the name 
+		on the left. Processing then continues with the next line.</P
+><P
+>If any line begins with a '#' or a ';' then it is 
+		ignored</P
+><P
+>If any line begins with an '!' then the processing 
+		will stop after that line if a mapping was done by the line. 
+		Otherwise mapping continues with every line being processed. 
+		Using '!' is most useful when you have a wildcard mapping line 
+		later in the file.</P
+><P
+>For example to map from the name <TT
+CLASS="CONSTANT"
+>admin</TT
+> 
+		or <TT
+CLASS="CONSTANT"
+>administrator</TT
+> to the UNIX name <TT
+CLASS="CONSTANT"
+>		root</TT
+> you would use:</P
+><P
+><B
+CLASS="COMMAND"
+>root = admin administrator</B
+></P
+><P
+>Or to map anyone in the UNIX group <TT
+CLASS="CONSTANT"
+>system</TT
+> 
+		to the UNIX name <TT
+CLASS="CONSTANT"
+>sys</TT
+> you would use:</P
+><P
+><B
+CLASS="COMMAND"
+>sys = @system</B
+></P
+><P
+>You can have as many mappings as you like in a username 
+		map file.</P
+><P
+>If your system supports the NIS NETGROUP option then 
+		the netgroup database is checked before the <TT
+CLASS="FILENAME"
+>/etc/group
+		</TT
+> database for matching groups.</P
+><P
+>You can map Windows usernames that have spaces in them
+		 by using double quotes around the name. For example:</P
+><P
+><B
+CLASS="COMMAND"
+>tridge = "Andrew Tridgell"</B
+></P
+><P
+>would map the windows username "Andrew Tridgell" to the 
+		unix username "tridge".</P
+><P
+>The following example would map mary and fred to the 
+		unix user sys, and map the rest to guest. Note the use of the 
+		'!' to tell Samba to stop processing if it gets a match on 
+		that line.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		!sys = mary fred
+		guest = *
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Note that the remapping is applied to all occurrences 
+		of usernames. Thus if you connect to \\server\fred and <TT
+CLASS="CONSTANT"
+>		fred</TT
+> is remapped to <TT
+CLASS="CONSTANT"
+>mary</TT
+> then you 
+		will actually be connecting to \\server\mary and will need to 
+		supply a password suitable for <TT
+CLASS="CONSTANT"
+>mary</TT
+> not 
+		<TT
+CLASS="CONSTANT"
+>fred</TT
+>. The only exception to this is the 
+		username passed to the <A
+HREF="#PASSWORDSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>		password server</I
+></TT
+></A
+> (if you have one). The password 
+		server will receive whatever username the client supplies without 
+		modification.</P
+><P
+>Also note that no reverse mapping is done. The main effect 
+		this has is with printing. Users who have been mapped may have 
+		trouble deleting print jobs as PrintManager under WfWg will think 
+		they don't own the print job.</P
+><P
+>Default: <EM
+>no username map</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>username map = /usr/local/samba/lib/users.map
+		</B
+></P
+></DD
+><DT
+><A
+NAME="USESENDFILE"
+></A
+>use sendfile (S)</DT
+><DD
+><P
+>If this parameter is <TT
+CLASS="CONSTANT"
+>yes</TT
+>, and Samba
+		was built with the --with-sendfile-support option, and the underlying operating
+		system supports sendfile system call, then some SMB read calls (mainly ReadAndX
+		and ReadRaw) will use the more efficient sendfile system call for files that
+		are exclusively oplocked. This may make more efficient use of the system CPU's
+		and cause Samba to be faster. This is off by default as it's effects are unknown
+		as yet.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>use sendfile = no</B
+></P
+></DD
+><DT
+><A
+NAME="UTMP"
+></A
+>utmp (G)</DT
+><DD
+><P
+>This boolean parameter is only available if 
+		Samba has been configured and compiled  with the option <B
+CLASS="COMMAND"
+>		--with-utmp</B
+>. If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+> then Samba will attempt
+		to add utmp or utmpx records (depending on the UNIX system) whenever a
+		connection is made to a Samba server. Sites may use this to record the
+		user connecting to a Samba share.</P
+><P
+>See also the <A
+HREF="#UTMPDIRECTORY"
+><TT
+CLASS="PARAMETER"
+><I
+>		utmp directory</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>utmp = no</B
+></P
+></DD
+><DT
+><A
+NAME="UTMPDIRECTORY"
+></A
+>utmp directory(G)</DT
+><DD
+><P
+>This parameter is only available if Samba has 
+		been configured and compiled with the option <B
+CLASS="COMMAND"
+>		--with-utmp</B
+>. It specifies a directory pathname that is
+		used to store the utmp or utmpx files (depending on the UNIX system) that
+		record user connections to a Samba server. See also the <A
+HREF="#UTMP"
+>		<TT
+CLASS="PARAMETER"
+><I
+>utmp</I
+></TT
+></A
+> parameter. By default this is 
+		not set, meaning the system will use whatever utmp file the 
+		native system is set to use (usually 
+		<TT
+CLASS="FILENAME"
+>/var/run/utmp</TT
+> on Linux).</P
+><P
+>Default: <EM
+>no utmp directory</EM
+></P
+></DD
+><DT
+><A
+NAME="VALIDCHARS"
+></A
+>valid chars (G)</DT
+><DD
+><P
+>The option allows you to specify additional 
+		characters that should be considered valid by the server in 
+		filenames. This is particularly useful for national character 
+		sets, such as adding u-umlaut or a-ring.</P
+><P
+>The option takes a list of characters in either integer 
+		or character form with spaces between them. If you give two 
+		characters with a colon between them then it will be taken as 
+		an lowercase:uppercase pair.</P
+><P
+>If you have an editor capable of entering the characters 
+		into the config file then it is probably easiest to use this 
+		method. Otherwise you can specify the characters in octal, 
+		decimal or hexadecimal form using the usual C notation.</P
+><P
+>For example to add the single character 'Z' to the charset 
+		(which is a pointless thing to do as it's already there) you could 
+		do one of the following</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		valid chars = Z
+		valid chars = z:Z
+		valid chars = 0132:0172
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The last two examples above actually add two characters, 
+		and alter the uppercase and lowercase mappings appropriately.</P
+><P
+>Note that you <EM
+>MUST</EM
+> specify this parameter 
+		after the <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> parameter if you 
+		have both set. If <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> is set after 
+		the <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> parameter the <TT
+CLASS="PARAMETER"
+><I
+>valid 
+		chars</I
+></TT
+> settings will be overwritten.</P
+><P
+>See also the <A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
+><I
+>client 
+		code page</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <EM
+>Samba defaults to using a reasonable set 
+		of valid characters for English systems</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>valid chars = 0345:0305 0366:0326 0344:0304
+		</B
+></P
+><P
+>The above example allows filenames to have the Swedish 
+		characters in them.</P
+><P
+><EM
+>NOTE:</EM
+> It is actually quite difficult to 
+		correctly produce a <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> line for 
+		a particular system. To automate the process <A
+HREF="mailto:tino@augsburg.net"
+TARGET="_top"
+>tino@augsburg.net</A
+> has written 
+		a package called <B
+CLASS="COMMAND"
+>validchars</B
+> which will automatically 
+		produce a complete <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> line for
+		a given client system. Look in the <TT
+CLASS="FILENAME"
+>examples/validchars/
+		</TT
+> subdirectory of your Samba source code distribution 
+		for this package.</P
+></DD
+><DT
+><A
+NAME="VALIDUSERS"
+></A
+>valid users (S)</DT
+><DD
+><P
+>This is a list of users that should be allowed 
+		to login to this service. Names starting with '@', '+' and  '&#38;'
+		are interpreted using the same rules as described in the 
+		<TT
+CLASS="PARAMETER"
+><I
+>invalid users</I
+></TT
+> parameter.</P
+><P
+>If this is empty (the default) then any user can login. 
+		If a username is in both this list and the <TT
+CLASS="PARAMETER"
+><I
+>invalid 
+		users</I
+></TT
+> list then access is denied for that user.</P
+><P
+>The current servicename is substituted for <TT
+CLASS="PARAMETER"
+><I
+>%S
+		</I
+></TT
+>. This is useful in the [homes] section.</P
+><P
+>See also <A
+HREF="#INVALIDUSERS"
+><TT
+CLASS="PARAMETER"
+><I
+>invalid users
+		</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>No valid users list (anyone can login)
+		</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>valid users = greg, @pcusers</B
+></P
+></DD
+><DT
+><A
+NAME="VETOFILES"
+></A
+>veto files(S)</DT
+><DD
+><P
+>This is a list of files and directories that 
+		are neither visible nor accessible.  Each entry in the list must 
+		be separated by a '/', which allows spaces to be included 
+		in the entry. '*' and '?' can be used to specify multiple files 
+		or directories as in DOS wildcards.</P
+><P
+>Each entry must be a unix path, not a DOS path and 
+		must <EM
+>not</EM
+> include the  unix directory 
+		separator '/'.</P
+><P
+>Note that the <TT
+CLASS="PARAMETER"
+><I
+>case sensitive</I
+></TT
+> option 
+		is applicable in vetoing files.</P
+><P
+>One feature of the veto files parameter that it
+		is important to be aware of is Samba's behaviour when
+		trying to delete a directory. If a directory that is
+		to be deleted contains nothing but veto files this
+		deletion will <EM
+>fail</EM
+> unless you also set
+		the <TT
+CLASS="PARAMETER"
+><I
+>delete veto files</I
+></TT
+> parameter to
+		<TT
+CLASS="PARAMETER"
+><I
+>yes</I
+></TT
+>.</P
+><P
+>Setting this parameter will affect the performance 
+		of Samba, as it will be forced to check all files and directories 
+		for a match as they are scanned.</P
+><P
+>See also <A
+HREF="#HIDEFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>hide files
+		</I
+></TT
+></A
+> and <A
+HREF="#CASESENSITIVE"
+><TT
+CLASS="PARAMETER"
+><I
+>		case sensitive</I
+></TT
+></A
+>.</P
+><P
+>Default: <EM
+>No files or directories are vetoed.
+		</EM
+></P
+><P
+>Examples:<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>; Veto any files containing the word Security, 
+; any ending in .tmp, and any directory containing the
+; word root.
+veto files = /*Security*/*.tmp/*root*/
+
+; Veto the Apple specific files that a NetAtalk server
+; creates.
+veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/</PRE
+></TD
+></TR
+></TABLE
+></P
+></DD
+><DT
+><A
+NAME="VETOOPLOCKFILES"
+></A
+>veto oplock files (S)</DT
+><DD
+><P
+>This parameter is only valid when the <A
+HREF="#OPLOCKS"
+><TT
+CLASS="PARAMETER"
+><I
+>oplocks</I
+></TT
+></A
+>
+		parameter is turned on for a share. It allows the Samba administrator
+		to selectively turn off the granting of oplocks on selected files that
+		match a wildcarded list, similar to the wildcarded list used in the
+		<A
+HREF="#VETOFILES"
+><TT
+CLASS="PARAMETER"
+><I
+>veto files</I
+></TT
+></A
+> 
+		parameter.</P
+><P
+>Default: <EM
+>No files are vetoed for oplock 
+		grants</EM
+></P
+><P
+>You might want to do this on files that you know will 
+		be heavily contended for by clients. A good example of this 
+		is in the NetBench SMB benchmark program, which causes heavy 
+		client contention for files ending in <TT
+CLASS="FILENAME"
+>.SEM</TT
+>. 
+		To cause Samba not to grant oplocks on these files you would use 
+		the line (either in the [global] section or in the section for 
+		the particular NetBench share :</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>veto oplock files = /*.SEM/
+		</B
+></P
+></DD
+><DT
+><A
+NAME="VFSOBJECT"
+></A
+>vfs object (S)</DT
+><DD
+><P
+>This parameter specifies a shared object file that 
+		is used for Samba VFS I/O operations.  By default, normal 
+		disk I/O operations are used but these can be overloaded 
+		with a VFS object.  The Samba VFS layer is new to Samba 2.2 and 
+		must be enabled at compile time with --with-vfs.</P
+><P
+>Default : <EM
+>no value</EM
+></P
+></DD
+><DT
+><A
+NAME="VFSOPTIONS"
+></A
+>vfs options (S)</DT
+><DD
+><P
+>This parameter allows parameters to be passed 
+		to the vfs layer at initialization time.  The Samba VFS layer 
+		is new to Samba 2.2 and must be enabled at compile time 
+		with --with-vfs.  See also <A
+HREF="#VFSOBJECT"
+><TT
+CLASS="PARAMETER"
+><I
+>		vfs object</I
+></TT
+></A
+>.</P
+><P
+>Default : <EM
+>no value</EM
+></P
+></DD
+><DT
+><A
+NAME="VOLUME"
+></A
+>volume (S)</DT
+><DD
+><P
+> This allows you to override the volume label 
+		returned for a share. Useful for CDROMs with installation programs 
+		that insist on a particular volume label.</P
+><P
+>Default: <EM
+>the name of the share</EM
+></P
+></DD
+><DT
+><A
+NAME="WIDELINKS"
+></A
+>wide links (S)</DT
+><DD
+><P
+>This parameter controls whether or not links 
+		in the UNIX file system may be followed by the server. Links 
+		that point to areas within the directory tree exported by the 
+		server are always allowed; this parameter controls access only 
+		to areas that are outside the directory tree being exported.</P
+><P
+>Note that setting this parameter can have a negative 
+		effect on your server performance due to the extra system calls 
+		that Samba has to  do in order to perform the link checks.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>wide links = yes</B
+></P
+></DD
+><DT
+><A
+NAME="WINBINDCACHETIME"
+></A
+>winbind cache time (G)</DT
+><DD
+><P
+>This parameter specifies the number of seconds the
+		<A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> daemon will cache 
+		user and group information before querying a Windows NT server 
+		again.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind cache type = 15</B
+></P
+></DD
+><DT
+><A
+NAME="WINBINDENUMUSERS"
+></A
+>winbind enum users (G)</DT
+><DD
+><P
+>On large installations using
+		<A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> it may be
+		necessary to suppress the enumeration of users through the
+		<B
+CLASS="COMMAND"
+> setpwent()</B
+>,
+		<B
+CLASS="COMMAND"
+>getpwent()</B
+> and
+		<B
+CLASS="COMMAND"
+>endpwent()</B
+> group of system calls.  If
+		the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum users</I
+></TT
+> parameter is
+		<TT
+CLASS="CONSTANT"
+>no</TT
+>, calls to the <B
+CLASS="COMMAND"
+>getpwent</B
+> system call
+		will not return any data. </P
+><P
+><EM
+>Warning:</EM
+> Turning off user
+		enumeration may cause some programs to behave oddly.  For
+		example, the finger program relies on having access to the
+		full user list when searching for matching
+		usernames. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum users = yes </B
+></P
+></DD
+><DT
+><A
+NAME="WINBINDENUMGROUPS"
+></A
+>winbind enum groups (G)</DT
+><DD
+><P
+>On large installations using
+		<A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> it may be
+		necessary to suppress the enumeration of groups through the
+		<B
+CLASS="COMMAND"
+> setgrent()</B
+>,
+		<B
+CLASS="COMMAND"
+>getgrent()</B
+> and
+		<B
+CLASS="COMMAND"
+>endgrent()</B
+> group of system calls.  If
+		the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum groups</I
+></TT
+> parameter is
+		<TT
+CLASS="CONSTANT"
+>no</TT
+>, calls to the <B
+CLASS="COMMAND"
+>getgrent()</B
+> system
+		call will not return any data. </P
+><P
+><EM
+>Warning:</EM
+> Turning off group
+		enumeration may cause some programs to behave oddly.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum groups = yes </B
+>
+		</P
+></DD
+><DT
+><A
+NAME="WINBINDGID"
+></A
+>winbind gid (G)</DT
+><DD
+><P
+>The winbind gid parameter specifies the range of group 
+		ids that are allocated by the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>		winbindd(8)</A
+> daemon.  This range of group ids should have no 
+		existing local or NIS groups within it as strange conflicts can 
+		occur otherwise.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind gid = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind gid = 10000-20000</B
+></P
+></DD
+><DT
+><A
+NAME="WINBINDSEPARATOR"
+></A
+>winbind separator (G)</DT
+><DD
+><P
+>This parameter allows an admin to define the character 
+		used when listing a username of the form of <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN
+		</I
+></TT
+>\<TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+>.  This parameter 
+		is only applicable when using the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+>
+		and <TT
+CLASS="FILENAME"
+>nss_winbind.so</TT
+> modules for UNIX services.
+		</P
+><P
+>Please note that setting this parameter to + causes problems
+		with group membership at least on glibc systems, as the character +
+		is used as a special character for NIS in /etc/group.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind separator = '\'</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind separator = +</B
+></P
+></DD
+><DT
+><A
+NAME="WINBINDUID"
+></A
+>winbind uid (G)</DT
+><DD
+><P
+>The winbind gid parameter specifies the range of group 
+		ids that are allocated by the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>		winbindd(8)</A
+> daemon.  This range of ids should have no 
+		existing local or NIS users within it as strange conflicts can 
+		occur otherwise.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind uid = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind uid = 10000-20000</B
+></P
+></DD
+><DT
+>winbind use default domain, <A
+NAME="WINBINDUSEDEFAULTDOMAIN"
+></A
+>winbind use default domain</DT
+><DD
+><P
+>This parameter specifies whether the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>		winbindd(8)</A
+>
+		daemon should operate on users without domain component in their username.  
+                Users without a domain component are treated as is part of the winbindd server's 
+                own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
+                function in a way much closer to the way they would in a native unix system.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind use default domain = &#60;no&#62; 
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind use default domain = yes</B
+></P
+></DD
+><DT
+><A
+NAME="WINSHOOK"
+></A
+>wins hook (G)</DT
+><DD
+><P
+>When Samba is running as a WINS server this 
+		allows you to call an external program for all changes to the 
+		WINS database. The primary use for this option is to allow the 
+		dynamic update of external name resolution databases such as 
+		dynamic DNS.</P
+><P
+>The wins hook parameter specifies the name of a script 
+		or executable that will be called as follows:</P
+><P
+><B
+CLASS="COMMAND"
+>wins_hook operation name nametype ttl IP_list
+		</B
+></P
+><P
+></P
+><UL
+><LI
+><P
+>The first argument is the operation and is one 
+			of "add", "delete", or "refresh". In most cases the operation can 
+			be ignored as the rest of the parameters provide sufficient 
+			information. Note that "refresh" may sometimes be called when the 
+			name has not previously been added, in that case it should be treated 
+			as an add.</P
+></LI
+><LI
+><P
+>The second argument is the NetBIOS name. If the 
+			name is not a legal name then the wins hook is not called. 
+			Legal names contain only  letters, digits, hyphens, underscores 
+			and periods.</P
+></LI
+><LI
+><P
+>The third argument is the NetBIOS name 
+			type as a 2 digit hexadecimal number. </P
+></LI
+><LI
+><P
+>The fourth argument is the TTL (time to live) 
+			for the name in seconds.</P
+></LI
+><LI
+><P
+>The fifth and subsequent arguments are the IP 
+			addresses currently registered for that name. If this list is 
+			empty then the name should be deleted.</P
+></LI
+></UL
+><P
+>An example script that calls the BIND dynamic DNS update 
+		program <B
+CLASS="COMMAND"
+>nsupdate</B
+> is provided in the examples 
+		directory of the Samba source code. </P
+></DD
+><DT
+><A
+NAME="WINSPROXY"
+></A
+>wins proxy (G)</DT
+><DD
+><P
+>This is a boolean that controls if <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+> will respond to broadcast name 
+		queries on behalf of  other hosts. You may need to set this 
+		to <TT
+CLASS="CONSTANT"
+>yes</TT
+> for some older clients.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>wins proxy = no</B
+></P
+></DD
+><DT
+><A
+NAME="WINSSERVER"
+></A
+>wins server (G)</DT
+><DD
+><P
+>This specifies the IP address (or DNS name: IP 
+		address for preference) of the WINS server that <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>		nmbd(8)</A
+> should register with. If you have a WINS server on 
+		your network then you should set this to the WINS server's IP.</P
+><P
+>You should point this at your WINS server if you have a
+		multi-subnetted network.</P
+><P
+><EM
+>NOTE</EM
+>. You need to set up Samba to point 
+		to a WINS server if you have multiple subnets and wish cross-subnet 
+		browsing to work correctly.</P
+><P
+>See the documentation file <TT
+CLASS="FILENAME"
+>BROWSING.txt</TT
+> 
+		in the docs/ directory of your Samba source distribution.</P
+><P
+>Default: <EM
+>not enabled</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>wins server = 192.9.200.1</B
+></P
+></DD
+><DT
+><A
+NAME="WINSSUPPORT"
+></A
+>wins support (G)</DT
+><DD
+><P
+>This boolean controls if the <A
+HREF="nmbd.8.html"
+TARGET="_top"
+> 		
+		nmbd(8)</A
+> process in Samba will act as a WINS server. You should 
+		not set this to <TT
+CLASS="CONSTANT"
+>yes</TT
+> unless you have a multi-subnetted network and 
+		you wish a particular <B
+CLASS="COMMAND"
+>nmbd</B
+> to be your WINS server. 
+		Note that you should <EM
+>NEVER</EM
+> set this to <TT
+CLASS="CONSTANT"
+>yes</TT
+>
+		on more than one machine in your network.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>wins support = no</B
+></P
+></DD
+><DT
+><A
+NAME="WORKGROUP"
+></A
+>workgroup (G)</DT
+><DD
+><P
+>This controls what workgroup your server will 
+		appear to be in when queried by clients. Note that this parameter 
+		also controls the Domain name used with the <A
+HREF="#SECURITYEQUALSDOMAIN"
+><B
+CLASS="COMMAND"
+>security = domain</B
+></A
+>
+		setting.</P
+><P
+>Default: <EM
+>set at compile time to WORKGROUP</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>workgroup = MYGROUP</B
+></P
+></DD
+><DT
+><A
+NAME="WRITABLE"
+></A
+>writable (S)</DT
+><DD
+><P
+>Synonym for <A
+HREF="#WRITEABLE"
+><TT
+CLASS="PARAMETER"
+><I
+>		writeable</I
+></TT
+></A
+> for people who can't spell :-).</P
+></DD
+><DT
+><A
+NAME="WRITECACHESIZE"
+></A
+>write cache size (S)</DT
+><DD
+><P
+>If this integer parameter is set to non-zero value,
+		Samba will create an in-memory cache for each oplocked file 
+		(it does <EM
+>not</EM
+> do this for 
+		non-oplocked files). All writes that the client does not request 
+		to be flushed directly to disk will be stored in this cache if possible. 
+		The cache is flushed onto disk when a write comes in whose offset 
+		would not fit into the cache or when the file is closed by the client. 
+		Reads for the file are also served from this cache if the data is stored 
+		within it.</P
+><P
+>This cache allows Samba to batch client writes into a more 
+		efficient write size for RAID disks (i.e. writes may be tuned to 
+		be the RAID stripe size) and can improve performance on systems 
+		where the disk subsystem is a bottleneck but there is free 
+		memory for userspace programs.</P
+><P
+>The integer parameter specifies the size of this cache 
+		(per oplocked file) in bytes.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>write cache size = 0</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>write cache size = 262144</B
+></P
+><P
+>for a 256k cache size per file.</P
+></DD
+><DT
+><A
+NAME="WRITELIST"
+></A
+>write list (S)</DT
+><DD
+><P
+>This is a list of users that are given read-write 
+		access to a service. If the connecting user is in this list then 
+		they will be given write access, no matter what the <A
+HREF="#READONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>read only</I
+></TT
+></A
+>
+		option is set to. The list can include group names using the 
+		@group syntax.</P
+><P
+>Note that if a user is in both the read list and the 
+		write list then they will be given write access.</P
+><P
+>See also the <A
+HREF="#READLIST"
+><TT
+CLASS="PARAMETER"
+><I
+>read list
+		</I
+></TT
+></A
+> option.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>write list = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>write list = admin, root, @staff
+		</B
+></P
+></DD
+><DT
+><A
+NAME="WRITEOK"
+></A
+>write ok (S)</DT
+><DD
+><P
+>Inverted synonym for <A
+HREF="#READONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>		read only</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="WRITERAW"
+></A
+>write raw (G)</DT
+><DD
+><P
+>This parameter controls whether or not the server 
+		will support raw write SMB's when transferring data from clients. 
+		You should never need to change this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>write raw = yes</B
+></P
+></DD
+><DT
+><A
+NAME="WRITEABLE"
+></A
+>writeable (S)</DT
+><DD
+><P
+>Inverted synonym for <A
+HREF="#READONLY"
+><TT
+CLASS="PARAMETER"
+><I
+>		read only</I
+></TT
+></A
+>.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN6251"
+></A
+><H2
+>WARNINGS</H2
+><P
+>Although the configuration file permits service names 
+	to contain spaces, your client software may not. Spaces will 
+	be ignored in comparisons anyway, so it shouldn't be a 
+	problem - but be aware of the possibility.</P
+><P
+>On a similar note, many clients - especially DOS clients - 
+	limit service names to eight characters. <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)
+	</A
+> has no such limitation, but attempts to connect from such 
+	clients will fail if they truncate the service names.  For this reason 
+	you should probably keep your service names down to eight characters 
+	in length.</P
+><P
+>Use of the [homes] and [printers] special sections make life 
+	for an administrator easy, but the various combinations of default 
+	attributes can be tricky. Take extreme care when designing these 
+	sections. In particular, ensure that the permissions on spool 
+	directories are correct.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN6257"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN6260"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>,
+	<A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>,
+	<A
+HREF="swat.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>swat(8)</B
+></A
+>,
+	<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd(8)</B
+></A
+>, 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>, 
+	<A
+HREF="nmblookup.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmblookup(1)</B
+></A
+>,
+	<A
+HREF="testparm.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>testparm(1)</B
+></A
+>, 
+	<A
+HREF="testprns.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>testprns(1)</B
+></A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN6280"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html
new file mode 100755
index 00000000000..637720fa6ba
--- /dev/null
+++ b/docs/htmldocs/smbcacls.1.html
@@ -0,0 +1,387 @@
+<HTML
+><HEAD
+><TITLE
+>smbcacls</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBCACLS"
+>smbcacls</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbcacls&nbsp;--&nbsp;Set or get ACLs on an NT file or directory names</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbcacls</B
+>  {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN22"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+>The <B
+CLASS="COMMAND"
+>smbcacls</B
+> program manipulates NT Access Control Lists 
+	(ACLs) on SMB file shares. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN28"
+></A
+><H2
+>OPTIONS</H2
+><P
+>The following options are available to the <B
+CLASS="COMMAND"
+>smbcacls</B
+> program.  
+	The format of ACLs is described in the section ACL FORMAT </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-A acls</DT
+><DD
+><P
+>Add the ACLs specified to the ACL list.  Existing 
+		access control entries are unchanged. </P
+></DD
+><DT
+>-M acls</DT
+><DD
+><P
+>Modify the mask value (permissions) for the ACLs 
+		specified on the command line.  An error will be printed for each 
+		ACL specified that was not already present in the ACL list
+		</P
+></DD
+><DT
+>-D acls</DT
+><DD
+><P
+>Delete any ACLs specified on the command line.  
+		An error will be printed for each ACL specified that was not 
+		already present in the ACL list. </P
+></DD
+><DT
+>-S acls</DT
+><DD
+><P
+>This command sets the ACLs on the file with 
+		only the ones specified on the command line.  All other ACLs are 
+		erased.  Note that the ACL specified must contain at least a revision, 
+		type, owner and group for the call to succeed. </P
+></DD
+><DT
+>-U username</DT
+><DD
+><P
+>Specifies a username used to connect to the 
+		specified service.  The username may be of the form "username" in 
+		which case the user is prompted to enter in a password and the 
+		workgroup specified in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file is 
+		used, or "username%password"  or "DOMAIN\username%password" and the 
+		password and workgroup names are used as provided. </P
+></DD
+><DT
+>-C name</DT
+><DD
+><P
+>The owner of a file or directory can be changed 
+		to the name given using the <TT
+CLASS="PARAMETER"
+><I
+>-C</I
+></TT
+> option.  
+		The name can be a sid in the form S-1-x-y-z or a name resolved 
+		against the server specified in the first argument. </P
+><P
+>This command is a shortcut for -M OWNER:name. 
+		</P
+></DD
+><DT
+>-G name</DT
+><DD
+><P
+>The group owner of a file or directory can 
+		be changed to the name given using the <TT
+CLASS="PARAMETER"
+><I
+>-G</I
+></TT
+> 
+		option.  The name can be a sid in the form S-1-x-y-z or a name 
+		resolved against the server specified n the first argument.
+		</P
+><P
+>This command is a shortcut for -M GROUP:name.</P
+></DD
+><DT
+>-n</DT
+><DD
+><P
+>This option displays all ACL information in numeric 
+		format.  The default is to convert SIDs to names and ACE types 
+		and masks to a readable string format.  </P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Print usage information on the <B
+CLASS="COMMAND"
+>smbcacls
+		</B
+> program.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN75"
+></A
+><H2
+>ACL FORMAT</H2
+><P
+>The format of an ACL is one or more ACL entries separated by 
+	either commas or newlines.  An ACL entry is one of the following: </P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+> 
+REVISION:&#60;revision number&#62;
+OWNER:&#60;sid or name&#62;
+GROUP:&#60;sid or name&#62;
+ACL:&#60;sid or name&#62;:&#60;type&#62;/&#60;flags&#62;/&#60;mask&#62;
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The revision of the ACL specifies the internal Windows 
+	NT ACL revision for the security descriptor.  
+	If not specified it defaults to 1.  Using values other than 1 may 
+	cause strange behaviour. </P
+><P
+>The owner and group specify the owner and group sids for the 
+	object.  If a SID in the format CWS-1-x-y-z is specified this is used, 
+	otherwise the name specified is resolved using the server on which 
+	the file or directory resides. </P
+><P
+>ACLs specify permissions granted to the SID.  This SID again 
+		can be specified in CWS-1-x-y-z format or as a name in which case 
+		it is resolved against the server on which the file or directory 
+		resides.  The type, flags and mask values determine the type of 
+		access granted to the SID. </P
+><P
+>The type can be either 0 or 1 corresponding to ALLOWED or 
+		DENIED access to the SID.  The flags values are generally
+		zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
+		common flags are: </P
+><P
+></P
+><UL
+><LI
+><P
+>#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</P
+></LI
+><LI
+><P
+>#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</P
+></LI
+><LI
+><P
+>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
+			</P
+></LI
+><LI
+><P
+>#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</P
+></LI
+></UL
+><P
+>At present flags can only be specified as decimal or 
+	hexadecimal values.</P
+><P
+>The mask is a value which expresses the access right 
+	granted to the SID. It can be given as a decimal or hexadecimal value, 
+	or by using one of the following text strings which map to the NT 
+	file permissions of the same name. </P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>R</EM
+> - Allow read access </P
+></LI
+><LI
+><P
+><EM
+>W</EM
+> - Allow write access</P
+></LI
+><LI
+><P
+><EM
+>X</EM
+> - Execute permission on the object</P
+></LI
+><LI
+><P
+><EM
+>D</EM
+> - Delete the object</P
+></LI
+><LI
+><P
+><EM
+>P</EM
+> - Change permissions</P
+></LI
+><LI
+><P
+><EM
+>O</EM
+> - Take ownership</P
+></LI
+></UL
+><P
+>The following combined permissions can be specified:</P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>READ</EM
+> -  Equivalent to 'RX'
+		permissions</P
+></LI
+><LI
+><P
+><EM
+>CHANGE</EM
+> - Equivalent to 'RXWD' permissions
+		</P
+></LI
+><LI
+><P
+><EM
+>FULL</EM
+> - Equivalent to 'RWXDPO' 
+		permissions</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN125"
+></A
+><H2
+>EXIT STATUS</H2
+><P
+>The <B
+CLASS="COMMAND"
+>smbcacls</B
+> program sets the exit status 
+	depending on the success or otherwise of the operations performed.  
+	The exit status may be one of the following values. </P
+><P
+>If the operation succeeded, smbcacls returns and exit 
+	status of 0.  If <B
+CLASS="COMMAND"
+>smbcacls</B
+> couldn't connect to the specified server, 
+	or there was an error getting or setting the ACLs, an exit status 
+	of 1 is returned.  If there was an error parsing any command line 
+	arguments, an exit status of 2 is returned. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN131"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN134"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+><B
+CLASS="COMMAND"
+>smbcacls</B
+> was written by Andrew Tridgell 
+	and Tim Potter.</P
+><P
+>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html
new file mode 100755
index 00000000000..4c770f9eb21
--- /dev/null
+++ b/docs/htmldocs/smbclient.1.html
@@ -0,0 +1,1613 @@
+<HTML
+><HEAD
+><TITLE
+>smbclient</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBCLIENT"
+>smbclient</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbclient&nbsp;--&nbsp;ftp-like client to access SMB/CIFS resources 
+	on servers</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbclient</B
+>  {servicename} [password] [-b &#60;buffer size&#62;] [-d debuglevel] [-D Directory] [-U username] [-W workgroup] [-M &#60;netbios name&#62;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &#60;netbios name&#62;] [-I destinationIP] [-E &#60;terminal code&#62;] [-c &#60;command string&#62;] [-i scope] [-O &#60;socket options&#62;] [-p port] [-R &#60;name resolve order&#62;] [-s &#60;smb config file&#62;] [-T&#60;c|x&#62;IXFqgbNan]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN33"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbclient</B
+> is a client that can 
+	'talk' to an SMB/CIFS server. It offers an interface
+	similar to that of the ftp program (see <B
+CLASS="COMMAND"
+>ftp(1)</B
+>).  
+	Operations include things like getting files from the server 
+	to the local machine, putting files from the local machine to 
+	the server, retrieving directory information from the server 
+	and so on. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN40"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>servicename</DT
+><DD
+><P
+>servicename is the name of the service 
+		you want to use on the server. A service name takes the form
+		<TT
+CLASS="FILENAME"
+>//server/service</TT
+> where <TT
+CLASS="PARAMETER"
+><I
+>server
+		</I
+></TT
+> is the NetBIOS name of the SMB/CIFS server 
+		offering the desired service and <TT
+CLASS="PARAMETER"
+><I
+>service</I
+></TT
+> 
+		is the name of the service offered.  Thus to connect to 
+		the service "printer" on the SMB/CIFS server "smbserver",
+		you would use the servicename <TT
+CLASS="FILENAME"
+>//smbserver/printer
+		</TT
+></P
+><P
+>Note that the server name required is NOT necessarily 
+		the IP (DNS) host name of the server !  The name required is 
+		a NetBIOS server name, which may or may not be the
+		same as the IP hostname of the machine running the server.
+		</P
+><P
+>The server name is looked up according to either 
+		the <TT
+CLASS="PARAMETER"
+><I
+>-R</I
+></TT
+> parameter to <B
+CLASS="COMMAND"
+>smbclient</B
+> or 
+		using the name resolve order parameter in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file, 
+		allowing an administrator to change the order and methods 
+		by which server names are looked up. </P
+></DD
+><DT
+>password</DT
+><DD
+><P
+>The password required to access the specified 
+		service on the specified server. If this parameter is 
+		supplied, the <TT
+CLASS="PARAMETER"
+><I
+>-N</I
+></TT
+> option (suppress 
+		password prompt) is assumed. </P
+><P
+>There is no default password. If no password is supplied 
+		on the command line (either by using this parameter or adding 
+		a password to the <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> option (see 
+		below)) and the <TT
+CLASS="PARAMETER"
+><I
+>-N</I
+></TT
+> option is not 
+		specified, the client will prompt for a password, even if 
+		the desired service does not require one. (If no password is 
+		required, simply press ENTER to provide a null password.)
+		</P
+><P
+>Note: Some servers (including OS/2 and Windows for 
+		Workgroups) insist on an uppercase password. Lowercase 
+		or mixed case passwords may be rejected by these servers. 		
+		</P
+><P
+>Be cautious about including passwords in scripts.
+		</P
+></DD
+><DT
+>-s smb.conf</DT
+><DD
+><P
+>Specifies the location of the all important 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. </P
+></DD
+><DT
+>-O socket options</DT
+><DD
+><P
+>TCP socket options to set on the client 
+		socket. See the socket options parameter in the <TT
+CLASS="FILENAME"
+>		smb.conf (5)</TT
+> manpage for the list of valid 
+		options. </P
+></DD
+><DT
+>-R &#60;name resolve order&#62;</DT
+><DD
+><P
+>This option is used by the programs in the Samba 
+		suite to determine what naming services and in what order to resolve 
+		host names to IP addresses. The option takes a space-separated 
+		string of different name resolution options.</P
+><P
+>The options are :"lmhosts", "host", "wins" and "bcast". They 
+		cause names to be resolved as follows :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmhosts</TT
+> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <A
+HREF="lmhosts.5.html"
+TARGET="_top"
+>lmhosts(5)</A
+> for details) then
+			any name type matches for lookup.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>host</TT
+> : Do a standard host 
+			name to IP address resolution, using the system <TT
+CLASS="FILENAME"
+>/etc/hosts
+			</TT
+>, NIS, or DNS lookups. This method of name resolution 
+			is operating system dependent, for instance on IRIX or Solaris this 
+			may be controlled by the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> 
+			file).  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>wins</TT
+> : Query a name with 
+			the IP address listed in the <TT
+CLASS="PARAMETER"
+><I
+>wins server</I
+></TT
+>
+			parameter.  If no WINS server has
+			been specified this method will be ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>bcast</TT
+> : Do a broadcast on 
+			each of the known local interfaces listed in the 
+			<TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+>
+			parameter. This is the least reliable of the name resolution 
+			methods as it depends on the target host being on a locally 
+			connected subnet.</P
+></LI
+></UL
+><P
+>If this parameter is not set then the name resolve order 
+		defined in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file parameter  
+		(name resolve order) will be used. </P
+><P
+>The default order is lmhosts, host, wins, bcast and without 
+		this parameter or any entry in the <TT
+CLASS="PARAMETER"
+><I
+>name resolve order
+		</I
+></TT
+> parameter of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file the name resolution
+		methods will be attempted in this order. </P
+></DD
+><DT
+>-M NetBIOS name</DT
+><DD
+><P
+>This options allows you to send messages, using 
+		the "WinPopup" protocol, to another computer. Once a connection is 
+		established you then type your message, pressing ^D (control-D) to 
+		end. </P
+><P
+>If the receiving computer is running WinPopup the user will 
+		receive the message and probably a beep. If they are not running 
+		WinPopup the message will be lost, and no error message will 
+		occur. </P
+><P
+>The message is also automatically truncated if the message 
+		is over 1600 bytes, as this is the limit of the protocol. 
+		</P
+><P
+>One useful trick is to cat the message through
+		<B
+CLASS="COMMAND"
+>smbclient</B
+>. For example: <B
+CLASS="COMMAND"
+>		cat mymessage.txt | smbclient -M FRED </B
+> will 
+		send the message in the file <TT
+CLASS="FILENAME"
+>mymessage.txt</TT
+> 
+		to the machine FRED. </P
+><P
+>You may also find the <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> and 
+		<TT
+CLASS="PARAMETER"
+><I
+>-I</I
+></TT
+> options useful, as they allow you to 
+		control the FROM and TO parts of the message. </P
+><P
+>See the message command parameter in the <TT
+CLASS="FILENAME"
+>		smb.conf(5)</TT
+> for a description of how to handle incoming 
+		WinPopup messages in Samba. </P
+><P
+><EM
+>Note</EM
+>: Copy WinPopup into the startup group 
+		on your WfWg PCs if you want them to always be able to receive 
+		messages. </P
+></DD
+><DT
+>-i scope</DT
+><DD
+><P
+>This specifies a NetBIOS scope that smbclient will 
+		use to communicate with when generating NetBIOS names. For details 
+		on the use of NetBIOS scopes, see <TT
+CLASS="FILENAME"
+>rfc1001.txt</TT
+> 
+		and <TT
+CLASS="FILENAME"
+>rfc1002.txt</TT
+>.
+		NetBIOS scopes are <EM
+>very</EM
+> rarely used, only set 
+		this parameter if you are the system administrator in charge of all 
+		the NetBIOS systems you communicate with. </P
+></DD
+><DT
+>-N</DT
+><DD
+><P
+>If specified, this parameter suppresses the normal 
+		password prompt from the client to the user. This is useful when 
+		accessing a service that does not require a password. </P
+><P
+>Unless a password is specified on the command line or 
+		this parameter is specified, the client will request a 
+		password.</P
+></DD
+><DT
+>-n NetBIOS name</DT
+><DD
+><P
+>By default, the client will use the local 
+		machine's hostname (in uppercase) as its NetBIOS name. This parameter 
+		allows you to override the host name and use whatever NetBIOS 
+		name you wish. </P
+></DD
+><DT
+>-d debuglevel</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is an integer from 0 to 10, or 
+		the letter 'A'. </P
+><P
+>The default value if this parameter is not specified 
+		is zero. </P
+><P
+>The higher this value, the more detail will be logged to 
+		the log files about the activities of the 
+		client. At level 0, only critical errors and serious warnings will 
+		be logged. Level 1 is a reasonable level for day to day running - 
+		it generates a small amount of information about operations 
+		carried out. </P
+><P
+>Levels above 1 will generate considerable amounts of log 
+		data, and should only be used when investigating a problem.
+		Levels above 3 are designed for use only by developers and 
+		generate HUGE amounts of log data, most of which is extremely 
+		cryptic. If <TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is set to the letter 'A', then <EM
+>all
+		</EM
+>  debug messages will be printed. This setting
+		is for developers only (and people who <EM
+>really</EM
+> want 
+		to know how the code works internally). </P
+><P
+>Note that specifying this parameter here will override
+		the log level parameter in the <TT
+CLASS="FILENAME"
+>smb.conf (5)</TT
+> 
+		file. </P
+></DD
+><DT
+>-p port</DT
+><DD
+><P
+>This number is the TCP port number that will be used 
+		when making connections to the server. The standard (well-known)
+		TCP port number for an SMB/CIFS server is 139, which is the 
+		default. </P
+></DD
+><DT
+>-l logfilename</DT
+><DD
+><P
+>If specified, <TT
+CLASS="REPLACEABLE"
+><I
+>logfilename</I
+></TT
+> specifies a base filename 
+		into which operational data from the running client will be 
+		logged. </P
+><P
+>The default base name is specified at compile time.</P
+><P
+>The base name is used to generate actual log file names.
+		For example, if the name specified was "log", the debug file 
+		would be <TT
+CLASS="FILENAME"
+>log.client</TT
+>.</P
+><P
+>The log file generated is never removed by the client. 		
+		</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Print the usage message for the client. </P
+></DD
+><DT
+>-I IP-address</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>IP address</I
+></TT
+> is the address of the server to connect to. 
+		It should be specified in standard "a.b.c.d" notation. </P
+><P
+>Normally the client would attempt to locate a named 
+		SMB/CIFS server by looking it up via the NetBIOS name resolution 
+		mechanism described above in the <TT
+CLASS="PARAMETER"
+><I
+>name resolve order</I
+></TT
+> 
+		parameter above. Using this parameter will force the client
+		to assume that the server is on the machine with the specified IP 
+		address and the NetBIOS name component of the resource being 
+		connected to will be ignored. </P
+><P
+>There is no default for this parameter. If not supplied, 
+		it will be determined automatically by the client as described 
+		above. </P
+></DD
+><DT
+>-E</DT
+><DD
+><P
+>This parameter causes the client to write messages 
+		to the standard error stream (stderr) rather than to the standard 
+		output stream. </P
+><P
+>By default, the client writes messages to standard output 
+		- typically the user's tty. </P
+></DD
+><DT
+>-U username[%pass]</DT
+><DD
+><P
+>Sets the SMB username or username and password. 
+		If %pass is not specified, The user will be prompted. The client 
+		will first check the <TT
+CLASS="ENVAR"
+>USER</TT
+> environment variable, then the 
+		<TT
+CLASS="ENVAR"
+>LOGNAME</TT
+> variable and if either exists, the 
+		string is uppercased. Anything in these variables following a '%' 
+		sign will be treated as the password. If these environment 
+		variables are not found, the username <TT
+CLASS="CONSTANT"
+>GUEST</TT
+> 
+		is used. </P
+><P
+>If the password is not included in these environment
+		variables (using the %pass syntax), <B
+CLASS="COMMAND"
+>smbclient</B
+> will look for 
+		a <TT
+CLASS="ENVAR"
+>PASSWD</TT
+> environment variable from which 
+		to read the password. </P
+><P
+>A third option is to use a credentials file which 
+		contains the plaintext of the domain name, username and password.  This 
+		option is mainly provided for scripts where the admin doesn't 
+		wish to pass the credentials on the command line or via environment 
+		variables. If this method is used, make certain that the permissions 
+		on the file restrict access from unwanted users.  See the 
+		<TT
+CLASS="PARAMETER"
+><I
+>-A</I
+></TT
+> for more details. </P
+><P
+>Be cautious about including passwords in scripts or in 
+		the <TT
+CLASS="ENVAR"
+>PASSWD</TT
+> environment variable. Also, on 
+		many systems the command line of a running process may be seen 
+		via the <B
+CLASS="COMMAND"
+>ps</B
+> command to be safe always allow 
+		<B
+CLASS="COMMAND"
+>smbclient</B
+> to prompt for a password and type 
+		it in directly. </P
+></DD
+><DT
+>-A filename</DT
+><DD
+><P
+>This option allows 
+		you to specify a file from which to read the username, domain name, and 
+		password used in the connection.  The format of the file is 
+		</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>username = &#60;value&#62; 
+password = &#60;value&#62;
+domain = &#60;value&#62;
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>If the domain parameter is missing the current workgroup name
+		is used instead. Make certain that the permissions on the file restrict 
+		access from unwanted users. </P
+></DD
+><DT
+>-L</DT
+><DD
+><P
+>This option allows you to look at what services 
+		are available on a server. You use it as <B
+CLASS="COMMAND"
+>smbclient -L 
+		host</B
+> and a list should appear.  The <TT
+CLASS="PARAMETER"
+><I
+>-I
+		</I
+></TT
+> option may be useful if your NetBIOS names don't 
+		match your TCP/IP DNS host names or if you are trying to reach a 
+		host on another network. </P
+></DD
+><DT
+>-t terminal code</DT
+><DD
+><P
+>This option tells <B
+CLASS="COMMAND"
+>smbclient</B
+> how to interpret 
+		filenames coming from the remote server. Usually Asian language 
+		multibyte UNIX implementations use different character sets than 
+		SMB/CIFS servers (<EM
+>EUC</EM
+> instead of <EM
+>		SJIS</EM
+> for example). Setting this parameter will let 
+		<B
+CLASS="COMMAND"
+>smbclient</B
+> convert between the UNIX filenames and 
+		the SMB filenames correctly. This option has not been seriously tested 
+		and may have some problems. </P
+><P
+>The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8,
+		CWjunet, CWhex, CWcap. This is not a complete list, check the Samba 
+		source code for the complete list. </P
+></DD
+><DT
+>-b buffersize</DT
+><DD
+><P
+>This option changes the transmit/send buffer 
+		size when getting or putting a file from/to the server. The default 
+		is 65520 bytes. Setting this value smaller (to 1200 bytes) has been 
+		observed to speed up file transfers to and from a Win9x server. 
+		</P
+></DD
+><DT
+>-W WORKGROUP</DT
+><DD
+><P
+>Override the default workgroup (domain) specified
+		in the workgroup parameter of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+		file for this connection. This may be needed to connect to some
+		servers. </P
+></DD
+><DT
+>-T tar options</DT
+><DD
+><P
+>smbclient may be used to create <B
+CLASS="COMMAND"
+>tar(1)
+		</B
+> compatible backups of all the files on an SMB/CIFS
+		share. The secondary tar flags that can be given to this option 
+		are : </P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+> - Create a tar file on UNIX. 
+			Must be followed by the name of a tar file, tape device
+			or "-" for standard output. If using standard output you must 
+			turn the log level to its lowest value -d0 to avoid corrupting 
+			your tar file. This flag is mutually exclusive with the 
+			<TT
+CLASS="PARAMETER"
+><I
+>x</I
+></TT
+> flag. </P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>x</I
+></TT
+> - Extract (restore) a local 
+			tar file back to a share. Unless the -D option is given, the tar 
+			files will be restored from the top level of the share. Must be 
+			followed by the name of the tar file, device or "-" for standard 
+			input. Mutually exclusive with the <TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+> flag. 
+			Restored files have their creation times (mtime) set to the
+			date saved in the tar file. Directories currently do not get 
+			their creation dates restored properly. </P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>I</I
+></TT
+> - Include files and directories. 
+			Is the default behavior when filenames are specified above. Causes 
+			tar files to be included in an extract or create (and therefore 
+			everything else to be excluded). See example below.  Filename globbing 
+			works  in one of two ways.  See r below. </P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>X</I
+></TT
+> - Exclude files and directories. 
+			Causes tar files to be excluded from an extract or create. See 
+			example below.  Filename globbing works in one of two ways now. 
+			See <TT
+CLASS="PARAMETER"
+><I
+>r</I
+></TT
+> below. </P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>b</I
+></TT
+> - Blocksize. Must be followed 
+			by a valid (greater than zero) blocksize.  Causes tar file to be 
+			written out in blocksize*TBLOCK (usually 512 byte) blocks. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>g</I
+></TT
+> - Incremental. Only back up 
+			files that have the archive bit set. Useful only with the 
+			<TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+> flag. </P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>q</I
+></TT
+> - Quiet. Keeps tar from printing 
+			diagnostics as it works.  This is the same as tarmode quiet. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>r</I
+></TT
+> - Regular expression include
+			or exclude.  Uses regular  expression matching for 
+			excluding or excluding files if  compiled with HAVE_REGEX_H. 
+			However this mode can be very slow. If  not compiled with 
+			HAVE_REGEX_H, does a limited wildcard match on '*' and  '?'. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>N</I
+></TT
+> - Newer than. Must be followed 
+			by the name of a file whose date is compared against files found 
+			on the share during a create. Only files newer than the file 
+			specified are backed up to the tar file. Useful only with the 
+			<TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+> flag. </P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>a</I
+></TT
+> - Set archive bit. Causes the 
+			archive bit to be reset when a file is backed up. Useful with the 
+			<TT
+CLASS="PARAMETER"
+><I
+>g</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>c</I
+></TT
+> flags. 
+			</P
+></LI
+></UL
+><P
+><EM
+>Tar Long File Names</EM
+></P
+><P
+><B
+CLASS="COMMAND"
+>smbclient</B
+>'s tar option now supports long 
+		file names both on backup and restore. However, the full path 
+		name of the file must be less than 1024 bytes.  Also, when
+		a tar archive is created, <B
+CLASS="COMMAND"
+>smbclient</B
+>'s tar option places all 
+		files in the archive with relative names, not absolute names. 
+		</P
+><P
+><EM
+>Tar Filenames</EM
+></P
+><P
+>All file names can be given as DOS path names (with '\' 
+		as the component separator) or as UNIX path names (with '/' as 
+		the component separator). </P
+><P
+><EM
+>Examples</EM
+></P
+><P
+>Restore from tar file <TT
+CLASS="FILENAME"
+>backup.tar</TT
+> into myshare on mypc 
+		(no password on share). </P
+><P
+><B
+CLASS="COMMAND"
+>smbclient //mypc/yshare "" -N -Tx backup.tar
+		</B
+></P
+><P
+>Restore everything except <TT
+CLASS="FILENAME"
+>users/docs</TT
+>
+		</P
+><P
+><B
+CLASS="COMMAND"
+>smbclient //mypc/myshare "" -N -TXx backup.tar 
+		users/docs</B
+></P
+><P
+>Create a tar file of the files beneath <TT
+CLASS="FILENAME"
+>		users/docs</TT
+>. </P
+><P
+><B
+CLASS="COMMAND"
+>smbclient //mypc/myshare "" -N -Tc
+		backup.tar users/docs </B
+></P
+><P
+>Create the same tar file as above, but now use 
+		a DOS path name. </P
+><P
+><B
+CLASS="COMMAND"
+>smbclient //mypc/myshare "" -N -tc backup.tar 
+		users\edocs </B
+></P
+><P
+>Create a tar file of all the files and directories in 
+		the share. </P
+><P
+><B
+CLASS="COMMAND"
+>smbclient //mypc/myshare "" -N -Tc backup.tar *
+		</B
+></P
+></DD
+><DT
+>-D initial directory</DT
+><DD
+><P
+>Change to initial directory before starting. Probably 
+		only of any use with the tar -T option. </P
+></DD
+><DT
+>-c command string</DT
+><DD
+><P
+>command string is a semicolon-separated list of 
+		commands to be executed instead of prompting from stdin. <TT
+CLASS="PARAMETER"
+><I
+>		-N</I
+></TT
+> is implied by <TT
+CLASS="PARAMETER"
+><I
+>-c</I
+></TT
+>.</P
+><P
+>This is particularly useful in scripts and for printing stdin 
+		to the server, e.g. <B
+CLASS="COMMAND"
+>-c 'print -'</B
+>. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN310"
+></A
+><H2
+>OPERATIONS</H2
+><P
+>Once the client is running, the user is presented with 
+	a prompt : </P
+><P
+><TT
+CLASS="PROMPT"
+>smb:\&#62; </TT
+></P
+><P
+>The backslash ("\") indicates the current working directory 
+	on the server, and will change if the current working directory 
+	is changed. </P
+><P
+>The prompt indicates that the client is ready and waiting to 
+	carry out a user command. Each command is a single word, optionally 
+	followed by parameters specific to that command. Command and parameters 
+	are space-delimited unless these notes specifically
+	state otherwise. All commands are case-insensitive.  Parameters to 
+	commands may or may not be case sensitive, depending on the command. 
+	</P
+><P
+>You can specify file names which have spaces in them by quoting 
+	the name with double quotes, for example "a long file name". </P
+><P
+>Parameters shown in square brackets (e.g., "[parameter]") are 
+	optional.  If not given, the command will use suitable defaults. Parameters 
+	shown in angle brackets (e.g., "&#60;parameter&#62;") are required.
+	</P
+><P
+>Note that all commands operating on the server are actually 
+	performed by issuing a request to the server. Thus the behavior may 
+	vary from server to server, depending on how the server was implemented. 
+	</P
+><P
+>The commands available are given here in alphabetical order. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>? [command]</DT
+><DD
+><P
+>If <TT
+CLASS="REPLACEABLE"
+><I
+>command</I
+></TT
+> is specified, the ? command will display 
+		a brief informative message about the specified command.  If no 
+		command is specified, a list of available commands will
+		be displayed. </P
+></DD
+><DT
+>! [shell command]</DT
+><DD
+><P
+>If <TT
+CLASS="REPLACEABLE"
+><I
+>shell command</I
+></TT
+> is specified, the !  
+		command will execute a shell locally and run the specified shell 
+		command. If no command is specified, a local shell will be run. 
+		</P
+></DD
+><DT
+>altname file</DT
+><DD
+><P
+>The client will request that the server return
+		the "alternate" name (the 8.3 name) for a file or directory.
+		</P
+></DD
+><DT
+>cancel jobid0 [jobid1] ... [jobidN]</DT
+><DD
+><P
+>The client will request that the server cancel
+		the printjobs identified by the given numeric print job ids.
+		</P
+></DD
+><DT
+>chmod file mode in octal</DT
+><DD
+><P
+>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		change the UNIX permissions to the given octal mode, in standard UNIX format.
+		</P
+></DD
+><DT
+>chown file uid gid</DT
+><DD
+><P
+>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		change the UNIX user and group ownership to the given decimal values. Note there is
+		currently no way to remotely look up the UNIX uid and gid values for a given name.
+		This may be addressed in future versions of the CIFS UNIX extensions.
+		</P
+></DD
+><DT
+>cd [directory name]</DT
+><DD
+><P
+>If "directory name" is specified, the current 
+		working directory on the server will be changed to the directory 
+		specified. This operation will fail if for any reason the specified 
+		directory is inaccessible. </P
+><P
+>If no directory name is specified, the current working 
+		directory on the server will be reported. </P
+></DD
+><DT
+>del &#60;mask&#62;</DT
+><DD
+><P
+>The client will request that the server attempt 
+		to delete all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> from the current working 
+		directory on the server. </P
+></DD
+><DT
+>dir &#60;mask&#62;</DT
+><DD
+><P
+>A list of the files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> in the current 
+		working directory on the server will be retrieved from the server 
+		and displayed. </P
+></DD
+><DT
+>exit</DT
+><DD
+><P
+>Terminate the connection with the server and exit 
+		from the program. </P
+></DD
+><DT
+>get &#60;remote file name&#62; [local file name]</DT
+><DD
+><P
+>Copy the file called <TT
+CLASS="FILENAME"
+>remote file name</TT
+> from 
+		the server to the machine running the client. If specified, name 
+		the local copy <TT
+CLASS="FILENAME"
+>local file name</TT
+>.  Note that all transfers in 
+		<B
+CLASS="COMMAND"
+>smbclient</B
+> are binary. See also the 
+		lowercase command. </P
+></DD
+><DT
+>help [command]</DT
+><DD
+><P
+>See the ? command above. </P
+></DD
+><DT
+>lcd [directory name]</DT
+><DD
+><P
+>If <TT
+CLASS="REPLACEABLE"
+><I
+>directory name</I
+></TT
+> is specified, the current 
+		working directory on the local machine will be changed to 
+		the directory specified. This operation will fail if for any 
+		reason the specified directory is inaccessible. </P
+><P
+>If no directory name is specified, the name of the 
+		current working directory on the local machine will be reported. 
+		</P
+></DD
+><DT
+>link source destination</DT
+><DD
+><P
+>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		create a hard link between the source and destination files. The source file
+		must not exist.
+		</P
+></DD
+><DT
+>lowercase</DT
+><DD
+><P
+>Toggle lowercasing of filenames for the get and 
+		mget commands. </P
+><P
+>When lowercasing is toggled ON, local filenames are converted 
+		to lowercase when using the get and mget commands. This is
+		often useful when copying (say) MSDOS files from a server, because 
+		lowercase filenames are the norm on UNIX systems. </P
+></DD
+><DT
+>ls &#60;mask&#62;</DT
+><DD
+><P
+>See the dir command above. </P
+></DD
+><DT
+>mask &#60;mask&#62;</DT
+><DD
+><P
+>This command allows the user to set up a mask 
+		which will be used during recursive operation of the mget and 
+		mput commands. </P
+><P
+>The masks specified to the mget and mput commands act as 
+		filters for directories rather than files when recursion is 
+		toggled ON. </P
+><P
+>The mask specified with the mask command is necessary 
+		to filter files within those directories. For example, if the
+		mask specified in an mget command is "source*" and the mask 
+		specified with the mask command is "*.c" and recursion is 
+		toggled ON, the mget command will retrieve all files matching 
+		"*.c" in all directories below and including all directories 
+		matching "source*" in the current working directory. </P
+><P
+>Note that the value for mask defaults to blank (equivalent 
+		to "*") and remains so until the mask command is used to change it. 
+		It retains the most recently specified value indefinitely. To 
+		avoid unexpected results it would be wise to change the value of 
+		mask back to "*" after using the mget or mput commands. </P
+></DD
+><DT
+>md &#60;directory name&#62;</DT
+><DD
+><P
+>See the mkdir command. </P
+></DD
+><DT
+>mget &#60;mask&#62;</DT
+><DD
+><P
+>Copy all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> from the server to 
+		the machine running the client. </P
+><P
+>Note that <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> is interpreted differently during recursive 
+		operation and non-recursive operation - refer to the recurse and 
+		mask commands for more information. Note that all transfers in 
+		<B
+CLASS="COMMAND"
+>smbclient</B
+> are binary. See also the lowercase command. </P
+></DD
+><DT
+>mkdir &#60;directory name&#62;</DT
+><DD
+><P
+>Create a new directory on the server (user access 
+		privileges permitting) with the specified name. </P
+></DD
+><DT
+>mput &#60;mask&#62;</DT
+><DD
+><P
+>Copy all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> in the current working 
+		directory on the local machine to the current working directory on 
+		the server. </P
+><P
+>Note that <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> is interpreted differently during recursive 
+		operation and non-recursive operation - refer to the recurse and mask 
+		commands for more information. Note that all transfers in <B
+CLASS="COMMAND"
+>smbclient</B
+> 
+		are binary. </P
+></DD
+><DT
+>print &#60;file name&#62;</DT
+><DD
+><P
+>Print the specified file from the local machine 
+		through a printable service on the server. </P
+><P
+>See also the printmode command.</P
+></DD
+><DT
+>printmode &#60;graphics or text&#62;</DT
+><DD
+><P
+>Set the print mode to suit either binary data 
+		(such as graphical information) or text. Subsequent print
+		commands will use the currently set print mode. </P
+></DD
+><DT
+>prompt</DT
+><DD
+><P
+>Toggle prompting for filenames during operation 
+		of the mget and mput commands. </P
+><P
+>When toggled ON, the user will be prompted to confirm 
+		the transfer of each file during these commands. When toggled 
+		OFF, all specified files will be transferred without prompting. 
+		</P
+></DD
+><DT
+>put &#60;local file name&#62; [remote file name]</DT
+><DD
+><P
+>Copy the file called <TT
+CLASS="FILENAME"
+>local file name</TT
+> from the 
+		machine running the client to the server. If specified,
+		name the remote copy <TT
+CLASS="FILENAME"
+>remote file name</TT
+>. Note that all transfers 
+		in <B
+CLASS="COMMAND"
+>smbclient</B
+> are binary. See also the lowercase command. 
+		</P
+></DD
+><DT
+>queue</DT
+><DD
+><P
+>Displays the print queue, showing the job id, 
+		name, size and current status. </P
+></DD
+><DT
+>quit</DT
+><DD
+><P
+>See the exit command. </P
+></DD
+><DT
+>rd &#60;directory name&#62;</DT
+><DD
+><P
+>See the rmdir command. </P
+></DD
+><DT
+>recurse</DT
+><DD
+><P
+>Toggle directory recursion for the commands mget 
+		and mput. </P
+><P
+>When toggled ON, these commands will process all directories 
+		in the source directory (i.e., the directory they are copying
+		from ) and will recurse into any that match the mask specified 
+		to the command. Only files that match the mask specified using 
+		the mask command will be retrieved. See also the mask command. 
+		</P
+><P
+>When recursion is toggled OFF, only files from the current 
+		working directory on the source machine that match the mask specified 
+		to the mget or mput commands will be copied, and any mask specified 
+		using the mask command will be ignored. </P
+></DD
+><DT
+>rm &#60;mask&#62;</DT
+><DD
+><P
+>Remove all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> from the current 
+		working directory on the server. </P
+></DD
+><DT
+>rmdir &#60;directory name&#62;</DT
+><DD
+><P
+>Remove the specified directory (user access 
+		privileges permitting) from the server. </P
+></DD
+><DT
+>setmode &#60;filename&#62; &#60;perm=[+|\-]rsha&#62;</DT
+><DD
+><P
+>A version of the DOS attrib command to set 
+		file permissions. For example: </P
+><P
+><B
+CLASS="COMMAND"
+>setmode myfile +r </B
+></P
+><P
+>would make myfile read only. </P
+></DD
+><DT
+>symlink source destination</DT
+><DD
+><P
+>This command depends on the server supporting the CIFS
+		UNIX extensions and will fail if the server does not. The client requests that the server
+		create a symbolic hard link between the source and destination files. The source file
+		must not exist. Note that the server will not create a link to any path that lies 
+		outside the currently connected share. This is enforced by the Samba server.
+		</P
+></DD
+><DT
+>tar &#60;c|x&#62;[IXbgNa]</DT
+><DD
+><P
+>Performs a tar operation - see the <TT
+CLASS="PARAMETER"
+><I
+>-T
+		</I
+></TT
+> command line option above. Behavior may be affected 
+		by the tarmode command (see below). Using g (incremental) and N 
+		(newer) will affect tarmode settings. Note that using the "-" option 
+		with tar x may not work - use the command line option instead. 
+		</P
+></DD
+><DT
+>blocksize &#60;blocksize&#62;</DT
+><DD
+><P
+>Blocksize. Must be followed by a valid (greater 
+		than zero) blocksize. Causes tar file to be written out in 
+		<TT
+CLASS="REPLACEABLE"
+><I
+>blocksize</I
+></TT
+>*TBLOCK (usually 512 byte) blocks. </P
+></DD
+><DT
+>tarmode &#60;full|inc|reset|noreset&#62;</DT
+><DD
+><P
+>Changes tar's behavior with regard to archive 
+		bits. In full mode, tar will back up everything regardless of the 
+		archive bit setting (this is the default mode). In incremental mode, 
+		tar will only back up files with the archive bit set. In reset mode, 
+		tar will reset the archive bit on all files it backs up (implies 
+		read/write share). </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN501"
+></A
+><H2
+>NOTES</H2
+><P
+>Some servers are fussy about the case of supplied usernames, 
+	passwords, share names (AKA service names) and machine names. 
+	If you fail to connect try giving all parameters in uppercase. 
+	</P
+><P
+>It is often necessary to use the -n option when connecting 
+	to some types of servers. For example OS/2 LanManager insists 
+	on a valid NetBIOS name being used, so you need to supply a valid 
+	name that would be known to the server.</P
+><P
+>smbclient supports long file names where the server 
+	supports the LANMAN2 protocol or above. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN506"
+></A
+><H2
+>ENVIRONMENT VARIABLES</H2
+><P
+>The variable <TT
+CLASS="ENVAR"
+>USER</TT
+> may contain the 
+	username of the person  using the client. This information is 
+	used only if the protocol  level is high enough to support 
+	session-level passwords.</P
+><P
+>The variable <TT
+CLASS="ENVAR"
+>PASSWD</TT
+> may contain 
+	the password of the person using the client.  This information is 
+	used only if the protocol level is high enough to support 
+	session-level passwords. </P
+><P
+>The variable <TT
+CLASS="ENVAR"
+>LIBSMB_PROG</TT
+> may contain 
+	the path, executed with system(), which the client should connect 
+        to instead of connecting to a server.  This functionality is primarily
+        intended as a development aid, and works best when using a LMHOSTS 
+        file</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN514"
+></A
+><H2
+>INSTALLATION</H2
+><P
+>The location of the client program is a matter for 
+	individual system administrators. The following are thus
+	suggestions only. </P
+><P
+>It is recommended that the smbclient software be installed
+	in the <TT
+CLASS="FILENAME"
+>/usr/local/samba/bin/</TT
+> or <TT
+CLASS="FILENAME"
+>	/usr/samba/bin/</TT
+> directory, this directory readable 
+	by all, writeable only by root. The client program itself should 
+	be executable by all. The client should <EM
+>NOT</EM
+> be 
+	setuid or setgid! </P
+><P
+>The client log files should be put in a directory readable 
+	and writeable only by the user. </P
+><P
+>To test the client, you will need to know the name of a 
+	running SMB/CIFS server. It is possible to run <B
+CLASS="COMMAND"
+>smbd(8)
+	</B
+> as an ordinary user - running that server as a daemon 
+	on a user-accessible port (typically any port number over 1024)
+	would provide a suitable test server. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN524"
+></A
+><H2
+>DIAGNOSTICS</H2
+><P
+>Most diagnostics issued by the client are logged in a 
+	specified log file. The log file name is specified at compile time, 
+	but may be overridden on the command line. </P
+><P
+>The number and nature of diagnostics available depends 
+	on the debug level used by the client. If you have problems, 
+	set the debug level to 3 and peruse the log files. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN528"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN531"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html
new file mode 100755
index 00000000000..8e0f326125f
--- /dev/null
+++ b/docs/htmldocs/smbcontrol.1.html
@@ -0,0 +1,349 @@
+<HTML
+><HEAD
+><TITLE
+>smbcontrol</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBCONTROL"
+>smbcontrol</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbcontrol&nbsp;--&nbsp;send messages to smbd, nmbd or winbindd processes</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbcontrol</B
+>  [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] {-i}</P
+><P
+><B
+CLASS="COMMAND"
+>smbcontrol</B
+>  [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] {destination} {message-type} [parameter]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN21"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbcontrol</B
+> is a very small program, which 
+	sends messages to an <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+>, 
+	an <A
+HREF="nmbd.8.html"
+TARGET="_top"
+>nmbd(8)</A
+>
+	or a <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> 
+	daemon running on the system.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN30"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-d &#60;debuglevel&#62;</DT
+><DD
+><P
+>debuglevel is an integer from 0 to 10.</P
+></DD
+><DT
+>-s &#60;smb.conf&#62;</DT
+><DD
+><P
+>This parameter specifies the pathname to
+		the Samba configuration file, <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>		smb.conf(5)</A
+>.  This file controls all aspects of
+		the Samba setup on the machine.</P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Run interactively. Individual commands 
+		of the form destination message-type parameters can be entered 
+		on STDIN. An empty command line or a "q" will quit the 
+		program.</P
+></DD
+><DT
+>destination</DT
+><DD
+><P
+>One of <TT
+CLASS="PARAMETER"
+><I
+>nmbd</I
+></TT
+>
+		<TT
+CLASS="PARAMETER"
+><I
+>smbd</I
+></TT
+> or a process ID.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>smbd</I
+></TT
+> destination causes the 
+		message to "broadcast" to all smbd daemons.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>nmbd</I
+></TT
+> destination causes the 
+		message to be sent to the nmbd daemon specified in the 
+		<TT
+CLASS="FILENAME"
+>nmbd.pid</TT
+> file.</P
+><P
+>If a single process ID is given, the message is sent 
+		to only that process.</P
+></DD
+><DT
+>message-type</DT
+><DD
+><P
+>One of: <TT
+CLASS="CONSTANT"
+>close-share</TT
+>,
+		<TT
+CLASS="CONSTANT"
+>debug</TT
+>, 
+		<TT
+CLASS="CONSTANT"
+>force-election</TT
+>, <TT
+CLASS="CONSTANT"
+>ping
+		</TT
+>, <TT
+CLASS="CONSTANT"
+>profile</TT
+>, <TT
+CLASS="CONSTANT"
+>		debuglevel</TT
+>, <TT
+CLASS="CONSTANT"
+>profilelevel</TT
+>, 
+		or <TT
+CLASS="CONSTANT"
+>printer-notify</TT
+>.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>close-share</TT
+> message-type sends a 
+		message to smbd which will then close the client connections to
+		the named share. Note that this doesn't affect client connections
+		to any other shares. This message-type takes an argument of the
+		share name for which client connections will be closed, or the
+		"*" character which will close all currently open shares.
+		This may be useful if you made changes to the access controls on the share.
+		This message can only be sent to <TT
+CLASS="CONSTANT"
+>smbd</TT
+>.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>debug</TT
+> message-type allows 
+		the debug level to be set to the value specified by the 
+		parameter. This can be sent to any of the destinations.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>force-election</TT
+> message-type can only be 
+		sent to the <TT
+CLASS="CONSTANT"
+>nmbd</TT
+> destination. This message 
+		causes the <B
+CLASS="COMMAND"
+>nmbd</B
+> daemon to force a new browse
+		master election.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>ping</TT
+> message-type sends the 
+		number of "ping" messages specified by the parameter and waits 
+		for the same number of  reply "pong" messages. This can be sent to 
+		any of the destinations.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>profile</TT
+> message-type sends a 
+		message to an smbd to change the profile settings based on the 
+		parameter. The parameter can be "on" to turn on profile stats 
+		collection, "off" to turn off profile stats collection, "count"
+		to enable only collection of count stats (time stats are 
+		disabled), and "flush" to zero the current profile stats. This can 
+		be sent to any smbd or nmbd destinations.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>debuglevel</TT
+> message-type sends 
+		a "request debug level" message. The current debug level setting 
+		is returned by a  "debuglevel" message. This can be 
+		sent to any of the destinations.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>profilelevel</TT
+> message-type sends 
+		a "request profile level" message.  The current profile level 
+		setting is returned by a  "profilelevel" message. This can be sent 
+		to any smbd or nmbd destinations.</P
+><P
+>The <TT
+CLASS="CONSTANT"
+>printer-notify</TT
+> message-type sends a 
+		message to smbd which in turn sends a printer notify message to 
+		any Windows NT clients connected to  a printer.  This message-type 
+		takes an argument of the printer name to  send notify messages to.   
+		This message can only be sent to <TT
+CLASS="CONSTANT"
+>smbd</TT
+>.</P
+></DD
+><DT
+>parameters</DT
+><DD
+><P
+>any parameters required for the message-type</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN94"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN97"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd(8)</B
+></A
+>, 
+	and <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN104"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html
new file mode 100755
index 00000000000..e1ea92b986a
--- /dev/null
+++ b/docs/htmldocs/smbd.8.html
@@ -0,0 +1,761 @@
+<HTML
+><HEAD
+><TITLE
+>smbd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBD"
+>smbd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbd&nbsp;--&nbsp;server to provide SMB/CIFS services to clients</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbd</B
+>  [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN23"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This program is part of the Samba suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbd</B
+> is the server daemon that 
+	provides filesharing and printing services to Windows clients. 
+	The server provides filespace and printer services to
+	clients using the SMB (or CIFS) protocol. This is compatible 
+	with the LanManager protocol, and can service LanManager 
+	clients.  These include MSCLIENT 3.0 for DOS, Windows for 
+	Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, 
+	OS/2, DAVE for Macintosh, and smbfs for Linux.</P
+><P
+>An extensive description of the services that the 
+	server can provide is given in the man page for the 
+	configuration file controlling the attributes of those 
+	services (see <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)
+	</TT
+></A
+>.  This man page will not describe the 
+	services, but will concentrate on the administrative aspects 
+	of running the server.</P
+><P
+>Please note that there are significant security 
+	implications to running this server, and the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> 
+	manpage should be regarded as mandatory reading before
+	proceeding with installation.</P
+><P
+>A session is created whenever a client requests one. 
+	Each client gets a copy of the server for each session. This 
+	copy then services all connections made by the client during 
+	that session. When all connections from its client are closed, 
+	the copy of the server for that client terminates.</P
+><P
+>The configuration file, and any files that it includes, 
+	are automatically reloaded every minute, if they change.  You 
+	can force a reload by sending a SIGHUP to the server.  Reloading 
+	the configuration file will not affect connections to any service 
+	that is already established.  Either the user will have to 
+	disconnect from the service, or <B
+CLASS="COMMAND"
+>smbd</B
+> killed and restarted.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN37"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-D</DT
+><DD
+><P
+>If specified, this parameter causes 
+		the server to operate as a daemon. That is, it detaches 
+		itself and runs in the background, fielding requests 
+		on the appropriate port. Operating the server as a
+		daemon is the recommended way of running <B
+CLASS="COMMAND"
+>smbd</B
+> for 
+		servers that provide more than casual use file and 
+		print services.  This switch is assumed if <B
+CLASS="COMMAND"
+>smbd
+		</B
+> is executed on the command line of a shell.
+		</P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>If this parameter is specified, each new 
+		connection will append log messages to the log file.  
+		This is the default.</P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>If this parameter is specified it causes the
+		server to run "interactively", not as a daemon, even if the
+		server is executed on the command line of a shell. Setting this
+		parameter negates the implicit deamon mode when run from the
+		command line.
+		</P
+></DD
+><DT
+>-o</DT
+><DD
+><P
+>If this parameter is specified, the 
+		log files will be overwritten when opened.  By default, 
+		<B
+CLASS="COMMAND"
+>smbd</B
+> will append entries to the log 
+		files.</P
+></DD
+><DT
+>-P</DT
+><DD
+><P
+>Passive option. Causes <B
+CLASS="COMMAND"
+>smbd</B
+> not to 
+		send any network traffic out. Used for debugging by 
+		the developers only.</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Prints the help information (usage) 
+		for <B
+CLASS="COMMAND"
+>smbd</B
+>.</P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+>Prints the version number for 
+		<B
+CLASS="COMMAND"
+>smbd</B
+>.</P
+></DD
+><DT
+>-d &#60;debug level&#62;</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is an integer 
+		from 0 to 10.  The default value if this parameter is 
+		not specified is zero.</P
+><P
+>The higher this value, the more detail will be 
+		logged to the log files about the activities of the 
+		server. At level 0, only critical errors and serious 
+		warnings will be logged. Level 1 is a reasonable level for
+		day to day running - it generates a small amount of
+		information about operations carried out.</P
+><P
+>Levels above 1 will generate considerable 
+		amounts of log data, and should only be used when 
+		investigating a problem. Levels above 3 are designed for 
+		use only by developers and generate HUGE amounts of log
+		data, most of which is extremely cryptic.</P
+><P
+>Note that specifying this parameter here will 
+		override the <A
+HREF="smb.conf.5.html#loglevel"
+TARGET="_top"
+>log
+		level</A
+> parameter in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>		<TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> file.</P
+></DD
+><DT
+>-l &#60;log directory&#62;</DT
+><DD
+><P
+>If specified,
+		<TT
+CLASS="REPLACEABLE"
+><I
+>log directory</I
+></TT
+> 
+		specifies a log directory into which the "log.smbd" log
+		file will be created for informational and debug 
+		messages from the running server. The log 
+		file generated is never removed by the server although 
+		its size may be controlled by the <A
+HREF="smb.conf.5.html#maxlogsize"
+TARGET="_top"
+>max log size</A
+>
+		option in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>		smb.conf(5)</TT
+></A
+> file. <EM
+>Beware:</EM
+>
+		If the directory specified does not exist, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		will log to the default debug log location defined at compile time.
+		</P
+><P
+>The default log directory is specified at
+		compile time.</P
+></DD
+><DT
+>-O &#60;socket options&#62;</DT
+><DD
+><P
+>See the <A
+HREF="smb.conf.5.html#socketoptions"
+TARGET="_top"
+>socket options</A
+> 
+		parameter in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)
+		</TT
+></A
+> file for details.</P
+></DD
+><DT
+>-p &#60;port number&#62;</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>port number</I
+></TT
+> is a positive integer
+		value.  The default value if this parameter is not 
+		specified is 139.</P
+><P
+>This number is the port number that will be 
+		used when making connections to the server from client 
+		software. The standard (well-known) port number for the 
+		SMB over TCP is 139, hence the default. If you wish to
+		run the server as an ordinary user rather than
+		as root, most systems will require you to use a port 
+		number greater than 1024 - ask your system administrator 
+		for help if you are in this situation.</P
+><P
+>In order for the server to be useful by most 
+		clients, should you configure it on a port other 
+		than 139, you will require port redirection services 
+		on port 139, details of which are outlined in rfc1002.txt 
+		section 4.3.5.</P
+><P
+>This parameter is not normally specified except 
+		in the above situation.</P
+></DD
+><DT
+>-s &#60;configuration file&#62;</DT
+><DD
+><P
+>The file specified contains the 
+		configuration details required by the server.  The 
+		information in this file includes server-specific
+		information such as what printcap file to use, as well 
+		as descriptions of all the services that the server is 
+		to provide. See <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>		smb.conf(5)</TT
+></A
+> for more information.
+		The default configuration file name is determined at
+		compile time.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN117"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+></DT
+><DD
+><P
+>If the server is to be run by the
+		<B
+CLASS="COMMAND"
+>inetd</B
+> meta-daemon, this file 
+		must contain suitable startup information for the 
+		meta-daemon. See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+		document for details.
+		</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/rc</TT
+></DT
+><DD
+><P
+>or whatever initialization script your
+		system uses).</P
+><P
+>If running the server as a daemon at startup,
+		this file will need to contain an appropriate startup
+		sequence for the server. See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+		document for details.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/services</TT
+></DT
+><DD
+><P
+>If running the server via the
+		meta-daemon <B
+CLASS="COMMAND"
+>inetd</B
+>, this file
+		must contain a mapping of service name (e.g., netbios-ssn)
+		to service port (e.g., 139) and protocol type (e.g., tcp).
+		See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+		document for details.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/smb.conf</TT
+></DT
+><DD
+><P
+>This is the default location of the
+		<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+>
+		server configuration file. Other common places that systems
+		install this file are <TT
+CLASS="FILENAME"
+>/usr/samba/lib/smb.conf</TT
+>
+		and <TT
+CLASS="FILENAME"
+>/etc/smb.conf</TT
+>.</P
+><P
+>This file describes all the services the server
+		is to make available to clients. See <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>		<TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+>  for more information.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN153"
+></A
+><H2
+>LIMITATIONS</H2
+><P
+>On some systems <B
+CLASS="COMMAND"
+>smbd</B
+> cannot change uid back
+	to root after a setuid() call.  Such systems are called
+	trapdoor uid systems. If you have such a system,
+	you will be unable to connect from a client (such as a PC) as
+	two different users at once. Attempts to connect the
+	second user will result in access denied or 
+	similar.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN157"
+></A
+><H2
+>ENVIRONMENT VARIABLES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="ENVAR"
+>PRINTER</TT
+></DT
+><DD
+><P
+>If no printer name is specified to 
+		printable services, most systems will use the value of 
+		this variable (or <TT
+CLASS="CONSTANT"
+>lp</TT
+> if this variable is 
+		not defined) as the name of the printer to use. This 
+		is not specific to the server, however.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN166"
+></A
+><H2
+>PAM INTERACTION</H2
+><P
+>Samba uses PAM for authentication (when presented with a plaintext
+	password), for account checking (is this account disabled?) and for
+	session management.  The degree too which samba supports PAM is restricted
+	by the limitations of the SMB protocol and the
+	<A
+HREF="smb.conf.5.html#OBEYPAMRESRICTIONS"
+TARGET="_top"
+>obey pam restricions</A
+>
+	smb.conf paramater.  When this is set, the following restrictions apply:
+	</P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>Account Validation</EM
+>:  All acccesses to a 
+	samba server are checked 
+	against PAM to see if the account is vaild, not disabled and is permitted to 
+	login at this time.  This also applies to encrypted logins.
+	</P
+></LI
+><LI
+><P
+><EM
+>Session Management</EM
+>:  When not using share 
+	level secuirty, users must pass PAM's session checks before access
+	is granted.  Note however, that this is bypassed in share level secuirty.  
+	Note also that some older pam configuration files may need a line 
+	added for session support. 
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN177"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN180"
+></A
+><H2
+>TROUBLESHOOTING</H2
+><P
+>        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </P
+><P
+>Most diagnostics issued by the server are logged
+	in a specified log file. The log file name is specified
+	at compile time, but may be overridden on the command line.</P
+><P
+>The number and nature of diagnostics available depends
+	on the debug level used by the server. If you have problems, set
+	the debug level to 3 and peruse the log files.</P
+><P
+>Most messages are reasonably self-explanatory. Unfortunately,
+	at the time this man page was created, there are too many diagnostics
+	available in the source code to warrant describing each and every
+	diagnostic. At this stage your best bet is still to grep the
+	source code and inspect the conditions that gave rise to the
+	diagnostics you are seeing.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN186"
+></A
+><H2
+>SIGNALS</H2
+><P
+>Sending the <B
+CLASS="COMMAND"
+>smbd</B
+> a SIGHUP will cause it to
+	reload its <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> configuration
+	file within a short period of time.</P
+><P
+>To shut down a user's <B
+CLASS="COMMAND"
+>smbd</B
+> process it is recommended
+	that <B
+CLASS="COMMAND"
+>SIGKILL (-9)</B
+> <EM
+>NOT</EM
+>
+	be used, except as a last resort, as this may leave the shared
+	memory area in an inconsistent state. The safe way to terminate
+	an <B
+CLASS="COMMAND"
+>smbd</B
+> is to send it a SIGTERM (-15) signal and wait for
+	it to die on its own.</P
+><P
+>The debug log level of <B
+CLASS="COMMAND"
+>smbd</B
+> may be raised
+	or lowered using <A
+HREF="smbcontrol.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbcontrol(1)
+	</B
+></A
+> program (SIGUSR[1|2] signals are no longer used in
+	Samba 2.2). This is to allow transient problems to be diagnosed,
+	whilst still running at a normally low log level.</P
+><P
+>Note that as the signal handlers send a debug write, 
+	they are not re-entrant in <B
+CLASS="COMMAND"
+>smbd</B
+>. This you should wait until 
+	<B
+CLASS="COMMAND"
+>smbd</B
+> is in a state of waiting for an incoming SMB before 
+	issuing them. It is possible to make the signal handlers safe 
+	by un-blocking the signals before the select call and re-blocking 
+	them after, however this would affect performance.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN203"
+></A
+><H2
+>SEE ALSO</H2
+><P
+>hosts_access(5), <B
+CLASS="COMMAND"
+>inetd(8)</B
+>, 
+	<A
+HREF="nmbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>nmbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+	</A
+>, <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)
+	</B
+></A
+>, <A
+HREF="testparm.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>	testparm(1)</B
+></A
+>, <A
+HREF="testprns.1.html"
+TARGET="_top"
+>	<B
+CLASS="COMMAND"
+>testprns(1)</B
+></A
+>, and the Internet RFC's
+	<TT
+CLASS="FILENAME"
+>rfc1001.txt</TT
+>, <TT
+CLASS="FILENAME"
+>rfc1002.txt</TT
+>. 
+	In addition the CIFS (formerly SMB) specification is available 
+	as a link from the Web page <A
+HREF="http://samba.org/cifs/"
+TARGET="_top"
+> 
+	http://samba.org/cifs/</A
+>.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN220"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbmnt.8.html b/docs/htmldocs/smbmnt.8.html
new file mode 100755
index 00000000000..a7d10b6e191
--- /dev/null
+++ b/docs/htmldocs/smbmnt.8.html
@@ -0,0 +1,178 @@
+<HTML
+><HEAD
+><TITLE
+>smbmnt</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBMNT"
+>smbmnt</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbmnt&nbsp;--&nbsp;helper utility for mounting SMB filesystems</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbmnt</B
+>  {mount-point} [-s &#60;share&#62;] [-r] [-u &#60;uid&#62;] [-g &#60;gid&#62;] [-f &#60;mask&#62;] [-d &#60;mask&#62;] [-o &#60;options&#62;]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN19"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+><B
+CLASS="COMMAND"
+>smbmnt</B
+> is a helper application used 
+	by the smbmount program to do the actual mounting of SMB shares. 
+	<B
+CLASS="COMMAND"
+>smbmnt</B
+> can be installed setuid root if you want
+	normal users to be able to mount their SMB shares.</P
+><P
+>A setuid smbmnt will only allow mounts on directories owned
+	by the user, and that the user has write permission on.</P
+><P
+>The <B
+CLASS="COMMAND"
+>smbmnt</B
+> program is normally invoked 
+	by <A
+HREF="smbmount.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbmount(8)</B
+>
+	</A
+>. It should not be invoked directly by users. </P
+><P
+>smbmount searches the normal PATH for smbmnt. You must ensure
+	that the smbmnt version in your path matches the smbmount used.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN30"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-r</DT
+><DD
+><P
+>mount the filesystem read-only 
+		</P
+></DD
+><DT
+>-u uid</DT
+><DD
+><P
+>specify the uid that the files will 
+		be owned by </P
+></DD
+><DT
+>-g gid</DT
+><DD
+><P
+>specify the gid that the files will be 
+		owned by </P
+></DD
+><DT
+>-f mask</DT
+><DD
+><P
+>specify the octal file mask applied
+		</P
+></DD
+><DT
+>-d mask</DT
+><DD
+><P
+>specify the octal directory mask 
+		applied  </P
+></DD
+><DT
+>-o options</DT
+><DD
+><P
+>		list of options that are passed as-is to smbfs, if this
+		command is run on a 2.4 or higher Linux kernel.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN57"
+></A
+><H2
+>AUTHOR</H2
+><P
+>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+	and others.</P
+><P
+>The current maintainer of smbfs and the userspace
+	tools <B
+CLASS="COMMAND"
+>smbmount</B
+>, <B
+CLASS="COMMAND"
+>smbumount</B
+>,
+	and <B
+CLASS="COMMAND"
+>smbmnt</B
+> is <A
+HREF="mailto:urban@teststation.com"
+TARGET="_top"
+>Urban Widmark</A
+>.
+	The <A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>SAMBA Mailing list</A
+>
+	is the preferred place to ask questions regarding these programs.
+	</P
+><P
+>The conversion of this manpage for Samba 2.2 was performed 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbmount.8.html b/docs/htmldocs/smbmount.8.html
new file mode 100755
index 00000000000..9d620f1397f
--- /dev/null
+++ b/docs/htmldocs/smbmount.8.html
@@ -0,0 +1,468 @@
+<HTML
+><HEAD
+><TITLE
+>smbmount</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBMOUNT"
+>smbmount</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbmount&nbsp;--&nbsp;mount an smbfs filesystem</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbmount</B
+>  {service} {mount-point} [-o options]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN14"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+><B
+CLASS="COMMAND"
+>smbmount</B
+> mounts a Linux SMB filesystem. It 
+	is usually invoked as <B
+CLASS="COMMAND"
+>mount.smbfs</B
+> by
+	the <B
+CLASS="COMMAND"
+>mount(8)</B
+> command when using the 
+	"-t smbfs" option. This command only works in Linux, and the kernel must
+	support the smbfs filesystem. </P
+><P
+>Options to <B
+CLASS="COMMAND"
+>smbmount</B
+> are specified as a comma-separated
+	list of key=value pairs. It is possible to send options other
+	than those listed here, assuming that smbfs supports them. If
+	you get mount failures, check your kernel log for errors on
+	unknown options.</P
+><P
+><B
+CLASS="COMMAND"
+>smbmount</B
+> is a daemon. After mounting it keeps running until
+	the mounted smbfs is umounted. It will log things that happen
+	when in daemon mode using the "machine name" smbmount, so
+	typically this output will end up in <TT
+CLASS="FILENAME"
+>log.smbmount</TT
+>. The
+	<B
+CLASS="COMMAND"
+>smbmount</B
+> process may also be called mount.smbfs.</P
+><P
+><EM
+>NOTE:</EM
+> <B
+CLASS="COMMAND"
+>smbmount</B
+> 
+	calls <B
+CLASS="COMMAND"
+>smbmnt(8)</B
+> to do the actual mount. You 
+	must make sure that <B
+CLASS="COMMAND"
+>smbmnt</B
+> is in the path so 
+	that it can be found. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN31"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>username=&#60;arg&#62;</DT
+><DD
+><P
+>specifies the username to connect as. If
+		this is not given, then the environment variable <TT
+CLASS="ENVAR"
+>		USER</TT
+> is used. This option can also take the
+		form "user%password" or "user/workgroup" or
+		"user/workgroup%password" to allow the password and workgroup
+		to be specified as part of the username.</P
+></DD
+><DT
+>password=&#60;arg&#62;</DT
+><DD
+><P
+>specifies the SMB password. If this
+		option is not given then the environment variable
+		<TT
+CLASS="ENVAR"
+>PASSWD</TT
+> is used. If it can find
+		no password <B
+CLASS="COMMAND"
+>smbmount</B
+> will prompt
+		for a passeword, unless the guest option is
+		given. </P
+><P
+>		Note that password which contain the arguement delimiter
+		character (i.e. a comma ',') will failed to be parsed correctly
+		on the command line.  However, the same password defined
+		in the PASSWD environment variable or a credentials file (see
+		below) will be read correctly.
+		</P
+></DD
+><DT
+>credentials=&#60;filename&#62;</DT
+><DD
+><P
+>specifies a file that contains a username
+		and/or password. The format of the file is:</P
+><P
+>		<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		username = &#60;value&#62;
+		password = &#60;value&#62;
+		</PRE
+></TD
+></TR
+></TABLE
+>
+		</P
+><P
+>This is preferred over having passwords in plaintext in a
+		shared file, such as <TT
+CLASS="FILENAME"
+>/etc/fstab</TT
+>. Be sure to protect any
+		credentials file properly.
+		</P
+></DD
+><DT
+>netbiosname=&#60;arg&#62;</DT
+><DD
+><P
+>sets the source NetBIOS name. It defaults 
+		to the local hostname. </P
+></DD
+><DT
+>uid=&#60;arg&#62;</DT
+><DD
+><P
+>sets the uid that will own all files on
+		the mounted filesystem.
+		It may be specified as either a username or a numeric uid.
+		</P
+></DD
+><DT
+>gid=&#60;arg&#62;</DT
+><DD
+><P
+>sets the gid that will own all files on
+		the mounted filesystem.
+		It may be specified as either a groupname or a numeric 
+		gid. </P
+></DD
+><DT
+>port=&#60;arg&#62;</DT
+><DD
+><P
+>sets the remote SMB port number. The default 
+		is 139. </P
+></DD
+><DT
+>fmask=&#60;arg&#62;</DT
+><DD
+><P
+>sets the file mask. This determines the 
+		permissions that remote files have in the local filesystem. 
+		The default is based on the current umask. </P
+></DD
+><DT
+>dmask=&#60;arg&#62;</DT
+><DD
+><P
+>sets the directory mask. This determines the 
+		permissions that remote directories have in the local filesystem. 
+		The default is based on the current umask. </P
+></DD
+><DT
+>debug=&#60;arg&#62;</DT
+><DD
+><P
+>sets the debug level. This is useful for 
+		tracking down SMB connection problems. A suggested value to
+		start with is 4. If set too high there will be a lot of
+		output, possibly hiding the useful output.</P
+></DD
+><DT
+>ip=&#60;arg&#62;</DT
+><DD
+><P
+>sets the destination host or IP address.
+		</P
+></DD
+><DT
+>workgroup=&#60;arg&#62;</DT
+><DD
+><P
+>sets the workgroup on the destination </P
+></DD
+><DT
+>sockopt=&#60;arg&#62;</DT
+><DD
+><P
+>sets the TCP socket options. See the <A
+HREF="smb.conf.5.html#SOCKETOPTIONS"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf
+		</TT
+></A
+> <TT
+CLASS="PARAMETER"
+><I
+>socket options</I
+></TT
+> option.
+		</P
+></DD
+><DT
+>scope=&#60;arg&#62;</DT
+><DD
+><P
+>sets the NetBIOS scope </P
+></DD
+><DT
+>guest</DT
+><DD
+><P
+>don't prompt for a password </P
+></DD
+><DT
+>ro</DT
+><DD
+><P
+>mount read-only </P
+></DD
+><DT
+>rw</DT
+><DD
+><P
+>mount read-write </P
+></DD
+><DT
+>iocharset=&#60;arg&#62;</DT
+><DD
+><P
+>		sets the charset used by the Linux side for codepage
+		to charset translations (NLS). Argument should be the
+		name of a charset, like iso8859-1. (Note: only kernel
+		2.4.0 or later)
+		</P
+></DD
+><DT
+>codepage=&#60;arg&#62;</DT
+><DD
+><P
+>		sets the codepage the server uses. See the iocharset
+		option. Example value cp850. (Note: only kernel 2.4.0
+		or later)
+		</P
+></DD
+><DT
+>ttl=&#60;arg&#62;</DT
+><DD
+><P
+>		how long a directory listing is cached in milliseconds
+		(also affects visibility of file size and date
+		changes). A higher value means that changes on the
+		server take longer to be noticed but it can give
+		better performance on large directories, especially
+		over long distances. Default is 1000ms but something
+		like 10000ms (10 seconds) is probably more reasonable
+		in many cases.
+		(Note: only kernel 2.4.2 or later)
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN125"
+></A
+><H2
+>ENVIRONMENT VARIABLES</H2
+><P
+>The variable <TT
+CLASS="ENVAR"
+>USER</TT
+> may contain the username of the
+	person using the client.  This information is used only if the
+	protocol level is high enough to support session-level
+	passwords. The variable can be used to set both username and
+	password by using the format username%password.</P
+><P
+>The variable <TT
+CLASS="ENVAR"
+>PASSWD</TT
+> may contain the password of the
+	person using the client.  This information is used only if the
+	protocol level is high enough to support session-level
+	passwords.</P
+><P
+>The variable <TT
+CLASS="ENVAR"
+>PASSWD_FILE</TT
+> may contain the pathname
+	of a file to read the password from. A single line of input is
+	read and used as the password.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN133"
+></A
+><H2
+>BUGS</H2
+><P
+>Passwords and other options containing , can not be handled.
+	For passwords an alternative way of passing them is in a credentials
+	file or in the PASSWD environment.</P
+><P
+>The credentials file does not handle usernames or passwords with
+	leading space.</P
+><P
+>One smbfs bug is important enough to mention here, even if it
+	is a bit misplaced:</P
+><P
+></P
+><UL
+><LI
+><P
+>Mounts sometimes stop working. This is usually
+	caused by smbmount terminating. Since smbfs needs smbmount to
+	reconnect when the server disconnects, the mount will eventually go
+	dead. An umount/mount normally fixes this. At least 2 ways to
+	trigger this bug are known.</P
+></LI
+></UL
+><P
+>Note that the typical response to a bug report is suggestion
+	to try the latest version first. So please try doing that first,
+	and always include which versions you use of relevant software
+	when reporting bugs (minimum: samba, kernel, distribution)</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN142"
+></A
+><H2
+>SEE ALSO</H2
+><P
+>Documentation/filesystems/smbfs.txt in the linux kernel
+	source tree may contain additional options and information.</P
+><P
+>FreeBSD also has a smbfs, but it is not related to smbmount</P
+><P
+>For Solaris, HP-UX and others you may want to look at
+	<A
+HREF="smbsh.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbsh(1)</B
+></A
+> or at other
+	solutions, such as sharity or perhaps replacing the SMB server with
+	a NFS server.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN149"
+></A
+><H2
+>AUTHOR</H2
+><P
+>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+	and others.</P
+><P
+>The current maintainer of smbfs and the userspace
+	tools <B
+CLASS="COMMAND"
+>smbmount</B
+>, <B
+CLASS="COMMAND"
+>smbumount</B
+>,
+	and <B
+CLASS="COMMAND"
+>smbmnt</B
+> is <A
+HREF="mailto:urban@teststation.com"
+TARGET="_top"
+>Urban Widmark</A
+>.
+	The <A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>SAMBA Mailing list</A
+>
+	is the preferred place to ask questions regarding these programs.
+	</P
+><P
+>The conversion of this manpage for Samba 2.2 was performed 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html
new file mode 100755
index 00000000000..229350542e6
--- /dev/null
+++ b/docs/htmldocs/smbpasswd.5.html
@@ -0,0 +1,316 @@
+<HTML
+><HEAD
+><TITLE
+>smbpasswd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBPASSWD"
+>smbpasswd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbpasswd&nbsp;--&nbsp;The Samba encrypted password file</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><TT
+CLASS="FILENAME"
+>smbpasswd</TT
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN11"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+>smbpasswd is the Samba encrypted password file. It contains 
+	the username, Unix user id and the SMB hashed passwords of the 
+	user, as well as account flag information and the time the 
+	password was last changed. This file format has been evolving with 
+	Samba and has had several different formats in the past. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN16"
+></A
+><H2
+>FILE FORMAT</H2
+><P
+>The format of the smbpasswd file used by Samba 2.2 
+	is very similar to the familiar Unix <TT
+CLASS="FILENAME"
+>passwd(5)</TT
+> 
+	file. It is an ASCII file containing one line for each user. Each field 
+	within each line is separated from the next by a colon. Any entry 
+	beginning with '#' is ignored. The smbpasswd file contains the 
+	following information for each user: </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>name</DT
+><DD
+><P
+> This is the user name. It must be a name that 
+		already exists in the standard UNIX passwd file. </P
+></DD
+><DT
+>uid</DT
+><DD
+><P
+>This is the UNIX uid. It must match the uid
+		field for the same user entry in the standard UNIX passwd file. 
+		If this does not match then Samba will refuse to recognize 
+		this smbpasswd file entry as being valid for a user. 
+		</P
+></DD
+><DT
+>Lanman Password Hash</DT
+><DD
+><P
+>This is the LANMAN hash of the user's password, 
+		encoded as 32 hex digits.  The LANMAN hash is created by DES 
+		encrypting a well known string with the user's password as the 
+		DES key. This is the same password used by Windows 95/98 machines. 
+		Note that this password hash is regarded as weak as it is
+		vulnerable to dictionary attacks and if two users choose the 
+		same password this entry will be identical (i.e. the password 
+		is not "salted" as the UNIX password is). If the user has a 
+		null password this field will contain the characters "NO PASSWORD" 
+		as the start of the hex string. If the hex string is equal to 
+		32 'X' characters then the user's account is marked as 
+		<TT
+CLASS="CONSTANT"
+>disabled</TT
+> and the user will not be able to 
+		log onto the Samba server. </P
+><P
+><EM
+>WARNING !!</EM
+> Note that, due to 
+		the challenge-response nature of the SMB/CIFS authentication
+		protocol, anyone with a knowledge of this password hash will 
+		be able to impersonate the user on the network. For this
+		reason these hashes are known as <EM
+>plain text 
+		equivalents</EM
+> and must <EM
+>NOT</EM
+> be made 
+		available to anyone but the root user. To protect these passwords 
+		the smbpasswd file is placed in a directory with read and 
+		traverse access only to the root user and the smbpasswd file 
+		itself must be set to be read/write only by root, with no
+		other access. </P
+></DD
+><DT
+>NT Password Hash</DT
+><DD
+><P
+>This is the Windows NT hash of the user's 
+		password, encoded as 32 hex digits.  The Windows NT hash is 
+		created by taking the user's password as represented in 
+		16-bit, little-endian UNICODE and then applying the MD4 
+		(internet rfc1321) hashing algorithm to it. </P
+><P
+>This password hash is considered more secure than
+		the LANMAN Password Hash as it preserves the case of the 
+		password and uses a much higher quality hashing algorithm. 
+		However, it is still the case that if two users choose the same 
+		password this entry will be identical (i.e. the password is 
+		not "salted" as the UNIX password is). </P
+><P
+><EM
+>WARNING !!</EM
+>. Note that, due to 
+		the challenge-response nature of the SMB/CIFS authentication
+		protocol, anyone with a knowledge of this password hash will 
+		be able to impersonate the user on the network. For this
+		reason these hashes are known as <EM
+>plain text 
+		equivalents</EM
+> and must <EM
+>NOT</EM
+> be made 
+		available to anyone but the root user. To protect these passwords 
+		the smbpasswd file is placed in a directory with read and 
+		traverse access only to the root user and the smbpasswd file 
+		itself must be set to be read/write only by root, with no
+		other access. </P
+></DD
+><DT
+>Account Flags</DT
+><DD
+><P
+>This section contains flags that describe 
+		the attributes of the users account. In the Samba 2.2 release 
+		this field is bracketed by '[' and ']' characters and is always 
+		13 characters in length (including the '[' and ']' characters).
+		The contents of this field may be any of the characters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>U</EM
+> - This means 
+			this is a "User" account, i.e. an ordinary user. Only User 
+			and Workstation Trust accounts are currently supported 
+			in the smbpasswd file. </P
+></LI
+><LI
+><P
+><EM
+>N</EM
+> - This means the
+			account has no password (the passwords in the fields LANMAN 
+			Password Hash and NT Password Hash are ignored). Note that this 
+			will only allow users to log on with no password if the <TT
+CLASS="PARAMETER"
+><I
+>			null passwords</I
+></TT
+> parameter is set in the <A
+HREF="smb.conf.5.html#NULLPASSWORDS"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)
+			</TT
+></A
+> config file. </P
+></LI
+><LI
+><P
+><EM
+>D</EM
+> - This means the account 
+			is disabled and no SMB/CIFS logins  will be	allowed for 
+			this user. </P
+></LI
+><LI
+><P
+><EM
+>W</EM
+> - This means this account 
+			is a "Workstation Trust" account. This kind of account is used 
+			in the Samba PDC code stream to allow Windows NT Workstations 
+			and Servers to join a Domain hosted by a Samba PDC. </P
+></LI
+></UL
+><P
+>Other flags may be added as the code is extended in future.
+		The rest of this field space is filled in with spaces. </P
+></DD
+><DT
+>Last Change Time</DT
+><DD
+><P
+>This field consists of the time the account was 
+		last modified. It consists of the characters 'LCT-' (standing for 
+		"Last Change Time") followed by a numeric encoding of the UNIX time 
+		in seconds since the epoch (1970) that the last change was made. 
+		</P
+></DD
+></DL
+></DIV
+><P
+>All other colon separated fields are ignored at this time.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN73"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN76"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>, 
+	<A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>, and
+	the Internet RFC1321 for details on the MD4 algorithm.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN82"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html
new file mode 100755
index 00000000000..0fb0b86b289
--- /dev/null
+++ b/docs/htmldocs/smbpasswd.8.html
@@ -0,0 +1,831 @@
+<HTML
+><HEAD
+><TITLE
+>smbpasswd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBPASSWD"
+>smbpasswd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbpasswd&nbsp;--&nbsp;change a user's SMB password</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+>When run by root:</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+>  [options] [username] [password]</P
+><P
+>otherwise:</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+>  [options] [password]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN20"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+>The smbpasswd program has several different 
+	functions, depending on whether it is run by the <EM
+>root</EM
+> 
+	user or not. When run as a normal user it allows the user to change 
+	the password used for their SMB sessions on any machines that store 
+	SMB passwords. </P
+><P
+>By default (when run with no arguments) it will attempt to 
+	change the current user's SMB password on the local machine. This is 
+	similar to the way the <B
+CLASS="COMMAND"
+>passwd(1)</B
+> program works. 
+	<B
+CLASS="COMMAND"
+>smbpasswd</B
+> differs from how the passwd program works 
+	however in that it is not <EM
+>setuid root</EM
+> but works in 
+	a client-server mode and communicates with a locally running
+	<B
+CLASS="COMMAND"
+>smbd(8)</B
+>. As a consequence in order for this to 
+	succeed the smbd daemon must be running on the local machine. On a 
+	UNIX machine the encrypted SMB passwords are usually stored in 
+	the <TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+> file. </P
+><P
+>When run by an ordinary user with no options. smbpasswd 
+	will prompt them for their old SMB password and then ask them 
+	for their new password twice, to ensure that the new password
+	was typed correctly. No passwords will be echoed on the screen 
+	whilst being typed. If you have a blank SMB password (specified by 
+	the string "NO PASSWORD" in the smbpasswd file) then just press 
+	the &#60;Enter&#62; key when asked for your old password. </P
+><P
+>smbpasswd can also be used by a normal user to change their
+	SMB password on remote machines, such as Windows NT Primary Domain 
+	Controllers.   See the (-r) and -U options below. </P
+><P
+>When run by root, smbpasswd allows new users to be added 
+	and deleted in the smbpasswd file, as well as allows changes to 
+	the attributes of the user in this file to be made. When run by root, 
+	<B
+CLASS="COMMAND"
+>smbpasswd</B
+> accesses the local smbpasswd file 
+	directly, thus enabling changes to be made even if smbd is not 
+	running. </P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> can also be used to retrieve 
+	the SIDs related to previous incarnations of this server on the
+	same machine, as well as set the SID of this domain. This is needed
+	in those cases when the admin changes the NetBIOS or DNS name of 
+	the server without realizing that doing so will change the SID of
+	the server as well. See the -W and -X options below. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN38"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-L</DT
+><DD
+><P
+>Run the smbpasswd command in local mode. This 
+		allows a non-root user to specify the root-only options. This 
+		is used mostly in test environments where a non-root user needs
+		to make changes to the local <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file.
+		The <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file must have read/write 
+		permissions for the user running the command.</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>This option prints the help string for 
+		<B
+CLASS="COMMAND"
+>smbpasswd</B
+>. </P
+></DD
+><DT
+>-c smb.conf file</DT
+><DD
+><P
+>This option specifies that the configuration
+		file specified should be used instead of the default value
+		specified at compile time. </P
+></DD
+><DT
+>-D debuglevel</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is an integer 
+		from 0 to 10.  The default value if this parameter is not specified 
+		is zero. </P
+><P
+>The higher this value, the more detail will be logged to the 
+		log files about the activities of smbpasswd. At level 0, only 
+		critical errors and serious warnings will be logged. </P
+><P
+>Levels above 1 will generate considerable amounts of log 
+		data, and should only be used when investigating a problem. Levels 
+		above 3 are designed for use only by developers and generate
+		HUGE amounts of log data, most of which is extremely cryptic. 
+		</P
+></DD
+><DT
+>-r remote machine name</DT
+><DD
+><P
+>This option allows a user to specify what machine 
+		they wish to change their password on. Without this parameter 
+		smbpasswd defaults to the local host. The <TT
+CLASS="REPLACEABLE"
+><I
+>remote 
+		machine name</I
+></TT
+> is the NetBIOS name of the SMB/CIFS 
+		server to contact to attempt the password change. This name is 
+		resolved into an IP address using the standard name resolution 
+		mechanism in all programs of the Samba suite. See the <TT
+CLASS="PARAMETER"
+><I
+>-R 
+		name resolve order</I
+></TT
+> parameter for details on changing 
+		this resolving mechanism. </P
+><P
+>The username whose password is changed is that of the 
+		current UNIX logged on user. See the <TT
+CLASS="PARAMETER"
+><I
+>-U username</I
+></TT
+>
+		parameter for details on changing the password for a different 
+		username. </P
+><P
+>Note that if changing a Windows NT Domain password the 
+		remote machine specified must be the Primary Domain Controller for 
+		the domain (Backup Domain Controllers only have a read-only
+		copy of the user account database and will not allow the password 
+		change).</P
+><P
+><EM
+>Note</EM
+> that Windows 95/98 do not have 
+		a real password database so it is not possible to change passwords 
+		specifying a Win95/98  machine as remote machine target. </P
+></DD
+><DT
+>-s</DT
+><DD
+><P
+>This option causes smbpasswd to be silent (i.e. 
+		not issue prompts) and to read its old and new passwords from 
+		standard  input, rather than from <TT
+CLASS="FILENAME"
+>/dev/tty</TT
+> 
+		(like the <B
+CLASS="COMMAND"
+>passwd(1)</B
+> program does). This option 
+		is to aid people writing scripts to drive smbpasswd</P
+></DD
+><DT
+>-S</DT
+><DD
+><P
+>This option causes <B
+CLASS="COMMAND"
+>smbpasswd</B
+>
+		to query a domain controller of the domain specified 
+		by the <A
+HREF="smb.conf.5.html#WORKGROUP"
+TARGET="_top"
+>workgroup</A
+>
+		parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and store the
+		domain SID in the <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+> file
+		as its own machine SID.  This is only useful when configuring
+		a Samba PDC and Samba BDC, or when migrating from a Windows PDC
+		to a Samba PDC.  </P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+> options can be used
+		as well to indicate a specific domain controller which should
+		be contacted.  In this case, the domain SID obtained is the 
+		one for the domain to which the remote machine belongs.
+		</P
+></DD
+><DT
+>-t</DT
+><DD
+><P
+>This option is used to force smbpasswd to 
+		change the current password assigned to the machine trust account
+		when operating in domain security mode.  This is really meant to 
+		be used on systems that only run <A
+HREF="winbindd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>winbindd</B
+></A
+>.
+		Under server installations, <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd</B
+></A
+>
+		handle the password updates automatically.</P
+></DD
+><DT
+>-T</DT
+><DD
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>-T</I
+></TT
+> option may be used to
+		force samba to use a previously created trust account by allowing
+		the trust account hash to be set in the secrets database only. 
+		This way, an application can change the trust account password
+		and call "smbpasswd -T" so that Samba can continue to work.</P
+></DD
+><DT
+>-U username[%pass]</DT
+><DD
+><P
+>This option may only be used in conjunction 
+		with the <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+> option. When changing
+		a password on a remote machine it allows the user to specify 
+		the user name on that machine whose password will be changed. It 
+		is present to allow users who have different user names on 
+		different systems to change these passwords. The optional
+		%pass may be used to specify to old password.</P
+><P
+>In particular, this parameter specifies the username
+                used to create the machine account when invoked with -j</P
+></DD
+><DT
+>-W S-1-5-21-x-y-z</DT
+><DD
+><P
+>This option forces the SID S-1-5-21-x-y-z to
+		be the server and domain SID for the current Samba server. It
+		does this by updating the appropriate keys in the secrets
+		file. </P
+></DD
+><DT
+>-X server|domain</DT
+><DD
+><P
+>This option allows the admin to retrieve the 
+		SID associated with a former servername or domain name that
+		this Samba server might have used. It does this by retrieving
+		the appropriate entry from the secrets file.</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>NOTE:</B
+></DT
+><DD
+><P
+><B
+CLASS="COMMAND"
+>The following options are available only when the smbpasswd command is
+run as root or in local mode.</B
+></P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>This option specifies that the username 
+		following should be added to the local smbpasswd file, with the 
+		new password typed. This 
+		option is ignored if the username specified already exists in 
+		the smbpasswd file and it is treated like a regular change 
+		password command. Note that the user to be added must already exist 
+		in the system password file (usually <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>)
+		else the request to add the user will fail. </P
+></DD
+><DT
+>-d</DT
+><DD
+><P
+>This option specifies that the username following 
+		should be <TT
+CLASS="CONSTANT"
+>disabled</TT
+> in the local smbpasswd 
+		file. This is done by writing a <TT
+CLASS="CONSTANT"
+>'D'</TT
+> flag 
+		into the account control space in the smbpasswd file. Once this 
+		is done all attempts to authenticate via SMB using this username 
+		will fail. </P
+><P
+>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
+		format) there is no space in the user's password entry to write
+		this information and so the user is disabled by writing 'X' characters 
+		into the password space in the smbpasswd file. See <B
+CLASS="COMMAND"
+>smbpasswd(5)
+		</B
+> for details on the 'old' and new password file formats.
+		</P
+></DD
+><DT
+>-e</DT
+><DD
+><P
+>This option specifies that the username following 
+		should be <TT
+CLASS="CONSTANT"
+>enabled</TT
+> in the local smbpasswd file, 
+		if the account was previously disabled. If the account was not 
+		disabled this option has no effect. Once the account is enabled then 
+		the user will be able to authenticate via SMB once again. </P
+><P
+>If the smbpasswd file is in the 'old' format, then <B
+CLASS="COMMAND"
+>		smbpasswd</B
+> will prompt for a new password for this user, 
+		otherwise the account will be enabled by removing the <TT
+CLASS="CONSTANT"
+>'D'
+		</TT
+> flag from account control space in the <TT
+CLASS="FILENAME"
+>		smbpasswd</TT
+> file. See <B
+CLASS="COMMAND"
+>smbpasswd (5)</B
+> for 
+		details on the 'old' and new password file formats. </P
+></DD
+><DT
+>-m</DT
+><DD
+><P
+>This option tells smbpasswd that the account 
+		being changed is a MACHINE account. Currently this is used 
+		when Samba is being used as an NT Primary Domain Controller.</P
+></DD
+><DT
+>-n</DT
+><DD
+><P
+>This option specifies that the username following 
+		should have their password set to null (i.e. a blank password) in 
+		the local smbpasswd file. This is done by writing the string "NO 
+		PASSWORD" as the first part of the first password stored in the 
+		smbpasswd file. </P
+><P
+>Note that to allow users to logon to a Samba server once 
+		the password has been set to "NO PASSWORD" in the smbpasswd
+		file the administrator must set the following parameter in the [global]
+		section of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file : </P
+><P
+><B
+CLASS="COMMAND"
+>null passwords = yes</B
+></P
+></DD
+><DT
+>-w password</DT
+><DD
+><P
+>This parameter is only available is Samba
+		has been configured to use the experimental
+		<B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option. The <TT
+CLASS="PARAMETER"
+><I
+>-w</I
+></TT
+> 
+		switch is used to specify the password to be used with the 
+		<A
+HREF="smb.conf.5.html#LDAPADMINDN"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap admin 
+		dn</I
+></TT
+></A
+>.  Note that the password is stored in
+		the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> and is keyed off 
+		of the admin's DN.  This means that if the value of <TT
+CLASS="PARAMETER"
+><I
+>ldap
+		admin dn</I
+></TT
+> ever changes, the password will need to be 
+		manually updated as well.
+		</P
+></DD
+><DT
+>-x</DT
+><DD
+><P
+>This option specifies that the username 
+		following should be deleted from the local smbpasswd file.
+		</P
+></DD
+><DT
+>-j DOMAIN</DT
+><DD
+><P
+>This option is used to add a Samba server 
+		into a Windows NT Domain, as a Domain member capable of authenticating 
+		user accounts to any Domain Controller in the same way as a Windows 
+		NT Server. See the <B
+CLASS="COMMAND"
+>security = domain</B
+> option in 
+		the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> man page. </P
+><P
+>This command can work both with and without the -U parameter. </P
+><P
+>When invoked with -U, that username (and optional password) are
+                used to contact the PDC (which must be specified with -r) to both
+                create a machine account, and to set a password on it.</P
+><P
+>Alternately, if -U is omitted, Samba will contact its PDC
+                and attempt to change the password on a pre-existing account. </P
+><P
+>In order to be used in this way, the Administrator for 
+		the Windows NT Domain must have used the program "Server Manager 
+		for Domains" to add the primary NetBIOS name of  the Samba server 
+		as a member of the Domain. </P
+><P
+>After this has been done, to join the Domain invoke <B
+CLASS="COMMAND"
+>		smbpasswd</B
+> with this parameter. smbpasswd will then 
+		look up the Primary Domain Controller for the Domain (found in 
+		the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file in the parameter 
+		<TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> and change the machine account 
+		password used to create the secure Domain communication.  </P
+><P
+>Either way, this password is then stored by smbpasswd in a TDB, 
+                writeable only by root, called <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+> </P
+><P
+>Once this operation has been performed the <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> file may be updated to set the <B
+CLASS="COMMAND"
+>		security = domain</B
+> option and all future logins
+		to the Samba server will be authenticated to the Windows NT 
+		PDC. </P
+><P
+>Note that even though the authentication is being 
+		done to the PDC all users accessing the Samba server must still 
+		have a valid UNIX account on that machine.  
+                The <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> daemon can be used
+                to create UNIX accounts for NT users.</P
+></DD
+><DT
+>-R name resolve order</DT
+><DD
+><P
+>This option allows the user of smbpasswd to determine 
+		what name resolution services to use when looking up the NetBIOS
+		name of the host being connected to. </P
+><P
+>The options are :"lmhosts", "host", "wins" and "bcast". They cause 
+		names to be resolved as follows : </P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmhosts</TT
+> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <A
+HREF="lmhosts.5.html"
+TARGET="_top"
+>lmhosts(5)</A
+> for details) then
+			any name type matches for lookup.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>host</TT
+> : Do a standard host 
+			name to IP address resolution, using the system <TT
+CLASS="FILENAME"
+>/etc/hosts
+			</TT
+>, NIS, or DNS lookups. This method of name resolution 
+			is operating system dependent. For instance, on IRIX or Solaris this 
+			may be controlled by the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> 
+			file).  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>wins</TT
+> : Query a name with 
+			the IP address listed in the <TT
+CLASS="PARAMETER"
+><I
+>wins server</I
+></TT
+> 
+			parameter.  If no WINS server has been specified this method 
+			will be ignored.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>bcast</TT
+> : Do a broadcast on 
+			each of the known local interfaces listed in the
+			<TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+> parameter. This is the least 
+			reliable of the name resolution methods as it depends on the 
+			target host being on a locally connected subnet.</P
+></LI
+></UL
+><P
+>The default order is <B
+CLASS="COMMAND"
+>lmhosts, host, wins, bcast</B
+> 
+		and without this parameter or any entry in the 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file the name resolution methods will 
+		be attempted in this order. </P
+></DD
+><DT
+>username</DT
+><DD
+><P
+>This specifies the username for all of the 
+		<EM
+>root only</EM
+> options to operate on. Only root 
+		can specify this parameter as only root has the permission needed 
+		to modify attributes directly in the local smbpasswd file. 
+		</P
+></DD
+><DT
+>password</DT
+><DD
+><P
+>This specifies the new password. If this parameter
+		is specified you will not be prompted for the new password.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN228"
+></A
+><H2
+>NOTES</H2
+><P
+>Since <B
+CLASS="COMMAND"
+>smbpasswd</B
+> works in client-server 
+	mode communicating  with a local smbd for a non-root user then 
+	the smbd daemon must be running for this to work. A common problem 
+	is to add a restriction to the hosts that may access the <B
+CLASS="COMMAND"
+>	smbd</B
+> running on the local machine by specifying a 
+	<TT
+CLASS="PARAMETER"
+><I
+>allow hosts</I
+></TT
+> or <TT
+CLASS="PARAMETER"
+><I
+>deny hosts</I
+></TT
+> 
+	entry in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file and neglecting to 
+	allow "localhost" access to the smbd. </P
+><P
+>In addition, the smbpasswd command is only useful if Samba
+	has been set up to use encrypted passwords. See the file 
+	<TT
+CLASS="FILENAME"
+>ENCRYPTION.txt</TT
+> in the docs directory for details 
+	on how to do this. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN238"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN241"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbpasswd.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+></A
+>, 
+	<A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN247"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbsh.1.html b/docs/htmldocs/smbsh.1.html
new file mode 100755
index 00000000000..ba2cc7b4928
--- /dev/null
+++ b/docs/htmldocs/smbsh.1.html
@@ -0,0 +1,468 @@
+<HTML
+><HEAD
+><TITLE
+>smbsh</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBSH"
+>smbsh</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbsh&nbsp;--&nbsp;Allows access to Windows NT filesystem 
+	using UNIX commands</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbsh</B
+>  [-W workgroup] [-U username] [-P prefix] [-R &#60;name resolve order&#62;] [-d &#60;debug level&#62;] [-l logfile] [-L libdir]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN18"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbsh</B
+> allows you to access an NT filesystem 
+	using UNIX commands such as <B
+CLASS="COMMAND"
+>ls</B
+>, <B
+CLASS="COMMAND"
+>	egrep</B
+>, and <B
+CLASS="COMMAND"
+>rcp</B
+>. You must use a 
+	shell that is dynamically linked in order for <B
+CLASS="COMMAND"
+>smbsh</B
+> 
+	to work correctly.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN28"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-W WORKGROUP</DT
+><DD
+><P
+>Override the default workgroup specified in the 
+		workgroup parameter of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file 
+		for this session. This may be needed to connect to some 
+		servers. </P
+></DD
+><DT
+>-U username[%pass]</DT
+><DD
+><P
+>Sets the SMB username or username and password.
+		If this option is not specified, the user will be prompted for 
+		both the username and the password.  If %pass is not specified, 
+		the user will be prompted for the password.
+		</P
+></DD
+><DT
+>-P prefix</DT
+><DD
+><P
+>This option allows
+		the user to set the directory prefix for SMB access. The 
+		default value if this option is not specified is 
+		<EM
+>smb</EM
+>.
+		</P
+></DD
+><DT
+>-R &#60;name resolve order&#62;</DT
+><DD
+><P
+>This option is used to determine what naming 
+		services and in what order to resolve 
+		host names to IP addresses. The option takes a space-separated 
+		string of different name resolution options.</P
+><P
+>The options are :"lmhosts", "host", "wins" and "bcast". 
+		They cause names to be resolved as follows :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmhosts</TT
+> : 
+			Lookup an IP address in the Samba lmhosts file. If the 
+			line in lmhosts has no name type attached to the 
+			NetBIOS name 
+			(see the <A
+HREF="lmhosts.5.html"
+TARGET="_top"
+>lmhosts(5)</A
+>
+			for details) then any name type matches for lookup.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>host</TT
+> : 
+			Do a standard host name to IP address resolution, using
+			the system <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+>, NIS, or DNS
+			lookups. This method of name resolution is operating 
+			system dependent, for instance on IRIX or Solaris this 
+			may be controlled by the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf
+			</TT
+> file).  Note that this method is only used 
+			if the NetBIOS name type being queried is the 0x20 
+			(server) name type, otherwise it is ignored.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>wins</TT
+> : 
+			Query a name with the IP address listed in the 
+			<TT
+CLASS="PARAMETER"
+><I
+>wins server</I
+></TT
+> parameter.  If no 
+			WINS server has been specified this method will be 
+			ignored.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>bcast</TT
+> : 
+			Do a broadcast on each of the known local interfaces 
+			listed in the <TT
+CLASS="PARAMETER"
+><I
+>interfaces</I
+></TT
+>
+			parameter. This is the least reliable of the name 
+			resolution methods as it depends on the target host 
+			being on a locally connected subnet.
+			</P
+></LI
+></UL
+><P
+>If this parameter is not set then the name resolve order 
+		defined in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file parameter  
+		(name resolve order) will be used. </P
+><P
+>The default order is lmhosts, host, wins, bcast. Without 
+		this parameter or any entry in the <TT
+CLASS="PARAMETER"
+><I
+>name resolve order
+		</I
+></TT
+> parameter of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> 
+		file, the name resolution methods will be attempted in this 
+		order. </P
+></DD
+><DT
+>-d &#60;debug level&#62;</DT
+><DD
+><P
+>debug level is an integer from 0 to 10.</P
+><P
+>The default value if this parameter is not specified
+		is zero.</P
+><P
+>The higher this value, the more detail will be logged
+		about the activities of <B
+CLASS="COMMAND"
+>nmblookup</B
+>. At level
+		0, only critical errors and serious warnings will be logged.
+		</P
+></DD
+><DT
+>-l logfilename</DT
+><DD
+><P
+>If specified causes all debug messages to be
+		written to the file specified by <TT
+CLASS="REPLACEABLE"
+><I
+>logfilename
+		</I
+></TT
+>. If not specified then all messages will be 
+		written to<TT
+CLASS="REPLACEABLE"
+><I
+>stderr</I
+></TT
+>.
+		</P
+></DD
+><DT
+>-L libdir</DT
+><DD
+><P
+>This parameter specifies the location of the 
+		shared libraries used by <B
+CLASS="COMMAND"
+>smbsh</B
+>. The default
+		value is specified at compile time.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN91"
+></A
+><H2
+>EXAMPLES</H2
+><P
+>To use the <B
+CLASS="COMMAND"
+>smbsh</B
+> command, execute <B
+CLASS="COMMAND"
+>	smbsh</B
+> from the prompt and enter the username and password 
+	that authenticates you to the machine running the Windows NT 
+	operating system.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	<TT
+CLASS="PROMPT"
+>system% </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbsh</B
+></TT
+>
+	<TT
+CLASS="PROMPT"
+>Username: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>user</B
+></TT
+>
+	<TT
+CLASS="PROMPT"
+>Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>XXXXXXX</B
+></TT
+>
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Any dynamically linked command you execute from 
+	this shell will access the <TT
+CLASS="FILENAME"
+>/smb</TT
+> directory 
+	using the smb protocol. For example, the command <B
+CLASS="COMMAND"
+>ls /smb
+	</B
+> will show a list of workgroups. The command 
+	<B
+CLASS="COMMAND"
+>ls /smb/MYGROUP </B
+> will show all the machines in 
+	the  workgroup MYGROUP. The command 
+	<B
+CLASS="COMMAND"
+>ls /smb/MYGROUP/&#60;machine-name&#62;</B
+> will show the share 
+	names for that machine. You could then, for example, use the <B
+CLASS="COMMAND"
+>	cd</B
+> command to change directories, <B
+CLASS="COMMAND"
+>vi</B
+> to 
+	edit files, and <B
+CLASS="COMMAND"
+>rcp</B
+>  to copy files.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN112"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN115"
+></A
+><H2
+>BUGS</H2
+><P
+><B
+CLASS="COMMAND"
+>smbsh</B
+> works by intercepting the standard 
+	libc calls with the dynamically loaded versions in <TT
+CLASS="FILENAME"
+>	smbwrapper.o</TT
+>. Not all calls have been "wrapped", so 
+	some programs may not function correctly under <B
+CLASS="COMMAND"
+>smbsh
+	</B
+>.</P
+><P
+>Programs which are not dynamically linked cannot make 
+	use of <B
+CLASS="COMMAND"
+>smbsh</B
+>'s functionality. Most versions 
+	of UNIX have a <B
+CLASS="COMMAND"
+>file</B
+> command that will 
+	describe how a program was linked.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN124"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN130"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbspool.8.html b/docs/htmldocs/smbspool.8.html
new file mode 100755
index 00000000000..254abe9a9de
--- /dev/null
+++ b/docs/htmldocs/smbspool.8.html
@@ -0,0 +1,222 @@
+<HTML
+><HEAD
+><TITLE
+>smbspool</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBSPOOL"
+>smbspool</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbspool&nbsp;--&nbsp;send print file to an SMB printer</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbspool</B
+>  [job] [user] [title] [copies] [options] [filename]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN17"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+>smbspool is a very small print spooling program that 
+	sends a print file to an SMB printer. The command-line arguments 
+	are position-dependent for compatibility with the Common UNIX 
+	Printing System, but you can use smbspool with any printing system 
+	or from a program or script.</P
+><P
+><EM
+>DEVICE URI</EM
+></P
+><P
+>smbspool specifies the destination using a Uniform Resource 
+	Identifier ("URI") with a method of "smb". This string can take 
+	a number of forms:</P
+><P
+></P
+><UL
+><LI
+><P
+>smb://server/printer</P
+></LI
+><LI
+><P
+>smb://workgroup/server/printer</P
+></LI
+><LI
+><P
+>smb://username:password@server/printer</P
+></LI
+><LI
+><P
+>smb://username:password@workgroup/server/printer
+		</P
+></LI
+></UL
+><P
+>smbspool tries to get the URI from argv[0]. If argv[0] 
+	contains the name of the program then it looks in the <TT
+CLASS="ENVAR"
+>	DEVICE_URI</TT
+> environment variable.</P
+><P
+>Programs using the <B
+CLASS="COMMAND"
+>exec(2)</B
+> functions can 
+	pass the URI in argv[0], while shell scripts must set the 
+	<TT
+CLASS="ENVAR"
+>DEVICE_URI</TT
+> environment variable prior to
+	running smbspool.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN39"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><UL
+><LI
+><P
+>The job argument (argv[1]) contains the 
+		job ID number and is presently not used by smbspool.
+		</P
+></LI
+><LI
+><P
+>The user argument (argv[2]) contains the 
+		print user's name and is presently not used by smbspool.
+		</P
+></LI
+><LI
+><P
+>The title argument (argv[3]) contains the 
+		job title string and is passed as the remote file name 
+		when sending the print job.</P
+></LI
+><LI
+><P
+>The copies argument (argv[4]) contains 
+		the number of copies to be printed of the named file. If 
+		no filename is provided than this argument is not used by 
+		smbspool.</P
+></LI
+><LI
+><P
+>The options argument (argv[5]) contains 
+		the print options in a single string and is presently 
+		not used by smbspool.</P
+></LI
+><LI
+><P
+>The filename argument (argv[6]) contains the 
+		name of the file to print. If this argument is not specified 
+		then the print file is read from the standard input.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN54"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN57"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	and <A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN63"
+></A
+><H2
+>AUTHOR</H2
+><P
+><B
+CLASS="COMMAND"
+>smbspool</B
+> was written by Michael Sweet 
+	at Easy Software Products.</P
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html
new file mode 100755
index 00000000000..1d3dc9f952a
--- /dev/null
+++ b/docs/htmldocs/smbstatus.1.html
@@ -0,0 +1,209 @@
+<HTML
+><HEAD
+><TITLE
+>smbstatus</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBSTATUS"
+>smbstatus</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbstatus&nbsp;--&nbsp;report on current Samba connections</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbstatus</B
+>  [-P] [-b] [-d] [-L] [-p] [-S] [-s &#60;configuration file&#62;] [-u &#60;username&#62;]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN19"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbstatus</B
+> is a very simple program to 
+	list the current Samba connections.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN25"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-P</DT
+><DD
+><P
+>If samba has been compiled with the 
+		profiling option, print only the contents of the profiling 
+		shared memory area.</P
+></DD
+><DT
+>-b</DT
+><DD
+><P
+>gives brief output.</P
+></DD
+><DT
+>-d</DT
+><DD
+><P
+>gives verbose output.</P
+></DD
+><DT
+>-L</DT
+><DD
+><P
+>causes smbstatus to only list locks.</P
+></DD
+><DT
+>-p</DT
+><DD
+><P
+>print a list of <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> processes and exit. 
+		Useful for scripting.</P
+></DD
+><DT
+>-S</DT
+><DD
+><P
+>causes smbstatus to only list shares.</P
+></DD
+><DT
+>-s &#60;configuration file&#62;</DT
+><DD
+><P
+>The default configuration file name is
+		determined at compile time. The file specified contains the
+		configuration details required by the server. See <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+		</A
+> for more information.</P
+></DD
+><DT
+>-u &#60;username&#62;</DT
+><DD
+><P
+>selects information relevant to 
+		<TT
+CLASS="PARAMETER"
+><I
+>username</I
+></TT
+> only.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN65"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN68"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+> and
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN74"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html
new file mode 100755
index 00000000000..47c41a015a9
--- /dev/null
+++ b/docs/htmldocs/smbtar.1.html
@@ -0,0 +1,351 @@
+<HTML
+><HEAD
+><TITLE
+>smbtar</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBTAR"
+>smbtar</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbtar&nbsp;--&nbsp;shell script for backing up SMB/CIFS shares 
+	directly to UNIX tape drives</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbtar</B
+>  {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN26"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbtar</B
+> is a very small shell script on top 
+	of <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+> 
+	which dumps SMB shares directly to tape. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN34"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s server</DT
+><DD
+><P
+>The SMB/CIFS server that the share resides 
+		upon.</P
+></DD
+><DT
+>-x service</DT
+><DD
+><P
+>The share name on the server to connect to. 
+		The default is "backup".</P
+></DD
+><DT
+>-X</DT
+><DD
+><P
+>Exclude mode. Exclude filenames... from tar 
+		create or restore. </P
+></DD
+><DT
+>-d directory</DT
+><DD
+><P
+>Change to initial <TT
+CLASS="PARAMETER"
+><I
+>directory
+		</I
+></TT
+> before restoring / backing up files. </P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+>Verbose mode.</P
+></DD
+><DT
+>-p password</DT
+><DD
+><P
+>The password to use to access a share. 
+		Default: none </P
+></DD
+><DT
+>-u user</DT
+><DD
+><P
+>The user id to connect as. Default: 
+		UNIX login name. </P
+></DD
+><DT
+>-t tape</DT
+><DD
+><P
+>Tape device. May be regular file or tape 
+		device. Default: <TT
+CLASS="PARAMETER"
+><I
+>$TAPE</I
+></TT
+> environmental 
+		variable; if not set, a file called <TT
+CLASS="FILENAME"
+>tar.out
+		</TT
+>. </P
+></DD
+><DT
+>-b blocksize</DT
+><DD
+><P
+>Blocking factor. Defaults to 20. See
+		<B
+CLASS="COMMAND"
+>tar(1)</B
+> for a fuller explanation. </P
+></DD
+><DT
+>-N filename</DT
+><DD
+><P
+>Backup only files newer than filename. Could 
+		be used (for example) on a log file to implement incremental
+		backups. </P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Incremental mode; tar files are only backed 
+		up if they have the archive bit set. The archive bit is reset 
+		after each file is read. </P
+></DD
+><DT
+>-r</DT
+><DD
+><P
+>Restore. Files are restored to the share 
+		from the tar file. </P
+></DD
+><DT
+>-l log level</DT
+><DD
+><P
+>Log (debug) level. Corresponds to the 
+		<TT
+CLASS="PARAMETER"
+><I
+>-d</I
+></TT
+> flag of <B
+CLASS="COMMAND"
+>smbclient(1)
+		</B
+>. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN95"
+></A
+><H2
+>ENVIRONMENT VARIABLES</H2
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>$TAPE</I
+></TT
+> variable specifies the 
+	default tape device to write to. May be overridden
+	with the -t option. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN99"
+></A
+><H2
+>BUGS</H2
+><P
+>The <B
+CLASS="COMMAND"
+>smbtar</B
+> script has different 
+	options from ordinary tar and tar called from smbclient. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN103"
+></A
+><H2
+>CAVEATS</H2
+><P
+>Sites that are more careful about security may not like 
+	the way the script handles PC passwords. Backup and restore work 
+	on entire shares, should work on file lists. smbtar works best
+	with GNU tar and may not work well with other versions. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN106"
+></A
+><H2
+>DIAGNOSTICS</H2
+><P
+>See the <EM
+>DIAGNOSTICS</EM
+> section for the 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+> 
+	</A
+> command.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN112"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN115"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>,
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN123"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+><A
+HREF="mailto:poultenr@logica.co.uk"
+TARGET="_top"
+>Ricky Poulten</A
+>  
+	wrote the tar extension and this man page. The <B
+CLASS="COMMAND"
+>smbtar</B
+> 
+	script was heavily rewritten and improved by <A
+HREF="mailto:Martin.Kraemer@mch.sni.de"
+TARGET="_top"
+>Martin Kraemer</A
+>. Many 
+	thanks to everyone who suggested extensions, improvements, bug 
+	fixes, etc. The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter.</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbumount.8.html b/docs/htmldocs/smbumount.8.html
new file mode 100755
index 00000000000..68929fd5f91
--- /dev/null
+++ b/docs/htmldocs/smbumount.8.html
@@ -0,0 +1,140 @@
+<HTML
+><HEAD
+><TITLE
+>smbumount</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBUMOUNT"
+>smbumount</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbumount&nbsp;--&nbsp;smbfs umount for normal users</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbumount</B
+>  {mount-point}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN12"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>With this program, normal users can unmount smb-filesystems, 
+	provided that it is suid root.  <B
+CLASS="COMMAND"
+>smbumount</B
+> has 
+	been written to give normal Linux users more control over their 
+	resources. It is safe to install this program suid root, because only 
+	the user who has mounted a filesystem is allowed to unmount it again.  
+	For root it is not necessary to use smbumount. The normal umount 
+	program works perfectly well, but it would certainly be problematic 
+	to make umount setuid root.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN16"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>mount-point</DT
+><DD
+><P
+>The directory to unmount.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN23"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbmount.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbmount(8)</B
+>
+	</A
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN28"
+></A
+><H2
+>AUTHOR</H2
+><P
+>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+	and others.</P
+><P
+>The current maintainer of smbfs and the userspace
+	tools <B
+CLASS="COMMAND"
+>smbmount</B
+>, <B
+CLASS="COMMAND"
+>smbumount</B
+>,
+	and <B
+CLASS="COMMAND"
+>smbmnt</B
+> is <A
+HREF="mailto:urban@teststation.com"
+TARGET="_top"
+>Urban Widmark</A
+>.
+	The <A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>SAMBA Mailing list</A
+>
+	is the preferred place to ask questions regarding these programs.
+	</P
+><P
+>The conversion of this manpage for Samba 2.2 was performed 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
new file mode 100755
index 00000000000..374a1423463
--- /dev/null
+++ b/docs/htmldocs/swat.8.html
@@ -0,0 +1,511 @@
+<HTML
+><HEAD
+><TITLE
+>swat</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SWAT"
+>swat</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>swat&nbsp;--&nbsp;Samba Web Administration Tool</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+>  [-s &#60;smb config file&#62;] [-a]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN13"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> allows a Samba administrator to 
+	configure the complex <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>	smb.conf(5)</TT
+></A
+> file via a Web browser. In addition, 
+	a <B
+CLASS="COMMAND"
+>swat</B
+> configuration page has help links 
+	to all the configurable options in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file allowing an 
+	administrator to easily look up the effects of any change. </P
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> is run from <B
+CLASS="COMMAND"
+>inetd</B
+> </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN26"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s smb configuration file</DT
+><DD
+><P
+>The default configuration file path is 
+		determined at compile time.  The file specified contains 
+		the configuration details required by the <B
+CLASS="COMMAND"
+>smbd
+		</B
+> server. This is the file that <B
+CLASS="COMMAND"
+>swat</B
+> will modify. 
+		The information in this file includes server-specific 
+		information such as what printcap file to use, as well as 
+		descriptions of all the services that the server is to provide.
+		See <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for more information. 
+		</P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>This option disables authentication and puts 
+		<B
+CLASS="COMMAND"
+>swat</B
+> in demo mode. In that mode anyone will be able to modify 
+		the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. </P
+><P
+><EM
+>Do NOT enable this option on a production 
+		server. </EM
+></P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN44"
+></A
+><H2
+>INSTALLATION</H2
+><P
+>After you compile SWAT you need to run <B
+CLASS="COMMAND"
+>make install
+	</B
+> to install the <B
+CLASS="COMMAND"
+>swat</B
+> binary
+	and the various help files and images. A default install would put 
+	these in: </P
+><P
+></P
+><UL
+><LI
+><P
+>/usr/local/samba/bin/swat</P
+></LI
+><LI
+><P
+>/usr/local/samba/swat/images/*</P
+></LI
+><LI
+><P
+>/usr/local/samba/swat/help/*</P
+></LI
+></UL
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN56"
+></A
+><H3
+>Inetd Installation</H3
+><P
+>You need to edit your <TT
+CLASS="FILENAME"
+>/etc/inetd.conf
+		</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>
+		to enable SWAT to be launched via <B
+CLASS="COMMAND"
+>inetd</B
+>.</P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> you need to 
+		add a line like this: </P
+><P
+><B
+CLASS="COMMAND"
+>swat            901/tcp</B
+></P
+><P
+>Note for NIS/YP users - you may need to rebuild the 
+		NIS service maps rather than alter your local <TT
+CLASS="FILENAME"
+>		/etc/services</TT
+> file. </P
+><P
+>the choice of port number isn't really important 
+		except that it should be less than 1024 and not currently 
+		used (using a number above 1024 presents an obscure security 
+		hole depending on the implementation details of your 
+		<B
+CLASS="COMMAND"
+>inetd</B
+> daemon). </P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> you should 
+		add a line like this: </P
+><P
+><B
+CLASS="COMMAND"
+>swat    stream  tcp     nowait.400  root
+		/usr/local/samba/bin/swat swat</B
+></P
+><P
+>One you have edited <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> 
+		and <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> you need to send a 
+		HUP signal to inetd. To do this use <B
+CLASS="COMMAND"
+>kill -1 PID
+		</B
+> where PID is the process ID of the inetd daemon. </P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN78"
+></A
+><H3
+>Xinetd Installation</H3
+><P
+>Newer Linux systems ship with a more secure implementation
+		of the inetd meta-daemon.  The <B
+CLASS="COMMAND"
+>xinetd</B
+> daemon
+		can read configuration inf9ormation from a single file (i.e.
+		<TT
+CLASS="FILENAME"
+>/etc/xinetd.conf</TT
+>) or from a collection
+		of service control files in the <TT
+CLASS="FILENAME"
+>xinetd.d/</TT
+> directory.
+		These directions assume the latter configuration.
+		</P
+><P
+>		The following file should be created as <TT
+CLASS="FILENAME"
+>/etc/xientd.d/swat</TT
+>.
+		It is then be neccessary cause the meta-daemon to reload its configuration files.
+		Refer to the xinetd man page for details on how to accomplish this.
+		</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## /etc/xinetd.d/swat
+service swat
+{
+        port    = 901
+        socket_type     = stream
+        wait    = no
+        only_from = localhost
+        user    = root
+        server  = /usr/local/samba/bin/swat
+        log_on_failure  += USERID
+        disable =  No
+}</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN88"
+></A
+><H3
+>Launching</H3
+><P
+>To launch SWAT just run your favorite web browser and 
+		point it at "http://localhost:901/".</P
+><P
+>Note that you can attach to SWAT from any IP connected 
+		machine but connecting from a remote machine leaves your 
+		connection open to password sniffing as passwords will be sent 
+		in the clear over the wire. </P
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN92"
+></A
+><H2
+>TROUBLESHOOTING</H2
+><P
+>	One of the common causes of difficulty when installing Samba and SWAT
+	is the existsnece of some type of firewall or port filtering software 
+	on the Samba server.  Make sure that the appropriate ports
+	outlined in this man page are available on the server and are not currently 
+	being blocked by some type of security software such as iptables or 
+	"port sentry".  For more troubleshooting information, refer to the additional 
+	documentation included in the Samba distribution.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN95"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+></DT
+><DD
+><P
+>This file must contain suitable startup 
+		information for the meta-daemon.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/xinetd.d/swat</TT
+></DT
+><DD
+><P
+>This file must contain suitable startup 
+		information for the <B
+CLASS="COMMAND"
+>xinetd</B
+> meta-daemon.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/services</TT
+></DT
+><DD
+><P
+>This file must contain a mapping of service name 
+		(e.g., swat) to service port (e.g., 901) and protocol type 
+		(e.g., tcp).  </P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/smb.conf</TT
+></DT
+><DD
+><P
+>This is the default location of the <TT
+CLASS="FILENAME"
+>smb.conf(5)
+		</TT
+> server configuration file that swat edits. Other 
+		common places that systems install this file are <TT
+CLASS="FILENAME"
+>		/usr/samba/lib/smb.conf</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/smb.conf
+		</TT
+>.  This file describes all the services the server 
+		is to make available to clients. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN122"
+></A
+><H2
+>WARNINGS</H2
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> will rewrite your <TT
+CLASS="FILENAME"
+>smb.conf
+	</TT
+> file. It will rearrange the entries and delete all 
+	comments, <TT
+CLASS="PARAMETER"
+><I
+>include=</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>copy="
+	</I
+></TT
+> options. If you have a carefully crafted <TT
+CLASS="FILENAME"
+>	smb.conf</TT
+> then back it up or don't use swat! </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN130"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN133"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><B
+CLASS="COMMAND"
+>inetd(5)</B
+>,
+	<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>, <B
+CLASS="COMMAND"
+>xinetd(8)</B
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN141"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html
new file mode 100755
index 00000000000..3ed7e6d8238
--- /dev/null
+++ b/docs/htmldocs/testparm.1.html
@@ -0,0 +1,304 @@
+<HTML
+><HEAD
+><TITLE
+>testparm</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="TESTPARM"
+>testparm</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>testparm&nbsp;--&nbsp;check an smb.conf configuration file for 
+	internal correctness</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>testparm</B
+>  [-s] [-h] [-x] [-L &#60;servername&#62;] {config filename} [hostname  hostIP]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN17"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>testparm</B
+> is a very simple test program 
+	to check an <B
+CLASS="COMMAND"
+>smbd</B
+> configuration file for 
+	internal correctness. If this program reports no problems, you 
+	can use the configuration file with confidence that <B
+CLASS="COMMAND"
+>smbd
+	</B
+> will successfully load the configuration file.</P
+><P
+>Note that this is <EM
+>NOT</EM
+> a guarantee that 
+	the services specified in the configuration file will be 
+	available or will operate as expected. </P
+><P
+>If the optional host name and host IP address are 
+	specified on the command line, this test program will run through 
+	the service entries reporting whether the specified host
+	has access to each service. </P
+><P
+>If <B
+CLASS="COMMAND"
+>testparm</B
+> finds an error in the <TT
+CLASS="FILENAME"
+>	smb.conf</TT
+> file it returns an exit code of 1 to the calling 
+	program, else it returns an exit code of 0. This allows shell scripts 
+	to test the output from <B
+CLASS="COMMAND"
+>testparm</B
+>.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN32"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s</DT
+><DD
+><P
+>Without this option, <B
+CLASS="COMMAND"
+>testparm</B
+> 
+		will prompt for a carriage return after printing the service 
+		names and before dumping the service definitions.</P
+></DD
+><DT
+>-h</DT
+><DD
+><P
+>Print usage message </P
+></DD
+><DT
+>-x</DT
+><DD
+><P
+>Print only parameters that have non-default values</P
+></DD
+><DT
+>-L servername</DT
+><DD
+><P
+>Sets the value of the %L macro to <TT
+CLASS="REPLACEABLE"
+><I
+>servername</I
+></TT
+>.
+		This is useful for testing include files specified with the 
+		%L macro. </P
+></DD
+><DT
+>configfilename</DT
+><DD
+><P
+>This is the name of the configuration file 
+		to check. If this parameter is not present then the 
+		default <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file will be checked. 	
+		</P
+></DD
+><DT
+>hostname</DT
+><DD
+><P
+>If this parameter and the following are 
+		specified, then <B
+CLASS="COMMAND"
+>testparm</B
+> will examine the <TT
+CLASS="PARAMETER"
+><I
+>hosts
+		allow</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>hosts deny</I
+></TT
+> 
+		parameters in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file to 
+		determine if the hostname with this IP address would be
+		allowed access to the <B
+CLASS="COMMAND"
+>smbd</B
+> server.  If 
+		this parameter is supplied, the hostIP parameter must also
+		be supplied.</P
+></DD
+><DT
+>hostIP</DT
+><DD
+><P
+>This is the IP address of the host specified 
+		in the previous parameter.  This address must be supplied 
+		if the hostname parameter is supplied. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN71"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>smb.conf</TT
+></DT
+><DD
+><P
+>This is usually the name of the configuration 
+		file used by <B
+CLASS="COMMAND"
+>smbd</B
+>. 
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN80"
+></A
+><H2
+>DIAGNOSTICS</H2
+><P
+>The program will issue a message saying whether the 
+	configuration file loaded OK or not. This message may be preceded by 
+	errors and warnings if the file did not load. If the file was 
+	loaded OK, the program then dumps all known service details 
+	to stdout. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN83"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN86"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+>, 
+	<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN93"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/testprns.1.html b/docs/htmldocs/testprns.1.html
new file mode 100755
index 00000000000..4929415da02
--- /dev/null
+++ b/docs/htmldocs/testprns.1.html
@@ -0,0 +1,252 @@
+<HTML
+><HEAD
+><TITLE
+>testprns</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="TESTPRNS"
+>testprns</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>testprns&nbsp;--&nbsp;check printer name for validity with smbd</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>testprns</B
+>  {printername} [printcapname]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN13"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>testprns</B
+> is a very simple test program 
+	to determine whether a given printer name is valid for use in 
+	a service to be provided by <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>	smbd(8)</B
+></A
+>. </P
+><P
+>"Valid" in this context means "can be found in the 
+	printcap specified". This program is very stupid - so stupid in 
+	fact that it would be wisest to always specify the printcap file 
+	to use. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN22"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>printername</DT
+><DD
+><P
+>The printer name to validate.</P
+><P
+>Printer names are taken from the first field in each 
+		record in the printcap file, single printer names and sets 
+		of aliases separated by vertical bars ("|") are recognized. 
+		Note that no validation or checking of the printcap syntax is 
+		done beyond that required to extract the printer name. It may
+		be that the print spooling system is more forgiving or less 
+		forgiving than <B
+CLASS="COMMAND"
+>testprns</B
+>. However, if 
+		<B
+CLASS="COMMAND"
+>testprns</B
+> finds the printer then 
+		<B
+CLASS="COMMAND"
+>smbd</B
+> should do so as well. </P
+></DD
+><DT
+>printcapname</DT
+><DD
+><P
+>This is the name of the printcap file within
+		which to search for the given printer name. </P
+><P
+>If no printcap name is specified <B
+CLASS="COMMAND"
+>testprns
+		</B
+> will attempt to scan the printcap file name 
+		specified at compile time. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN39"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/printcap</TT
+></DT
+><DD
+><P
+>This is usually the default printcap 
+		file to scan. See <TT
+CLASS="FILENAME"
+>printcap (5)</TT
+>. 
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN48"
+></A
+><H2
+>DIAGNOSTICS</H2
+><P
+>If a printer is found to be valid, the message 
+	"Printer name &#60;printername&#62; is valid" will be 
+	displayed. </P
+><P
+>If a printer is found to be invalid, the message
+	"Printer name &#60;printername&#62; is not valid" will be 
+	displayed. </P
+><P
+>All messages that would normally be logged during
+	operation of the Samba daemons are logged by this program to the 
+	file <TT
+CLASS="FILENAME"
+>test.log</TT
+> in the current directory. The
+	program runs at debuglevel 3, so quite extensive logging 
+	information is written. The log should be checked carefully 
+	for errors and warnings. </P
+><P
+>Other messages are self-explanatory. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN55"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN58"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><TT
+CLASS="FILENAME"
+>printcap(5)</TT
+>, 
+	<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN66"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/using_samba/appa_01.html b/docs/htmldocs/using_samba/appa_01.html
new file mode 100755
index 00000000000..30080dffbf6
--- /dev/null
+++ b/docs/htmldocs/using_samba/appa_01.html
@@ -0,0 +1,153 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix A] Configuring Samba with SSL</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:41:36Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_03.html" TITLE="9.3 Extra Resources">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 9.3 Extra Resources" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Appendix A</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_02.html" TITLE="A.2 Requirements">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.2 Requirements" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="appendix">
+<A CLASS="title" NAME="appa-73322">
+A. Configuring Samba with SSL</a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#appa-pgfId-986440" TITLE="A.1 About Certificates">
+About Certificates</a><br>
+<A CLASS="sect1" HREF="appa_02.html" TITLE="A.2 Requirements">
+Requirements</a><br>
+<A CLASS="sect1" HREF="appa_03.html" TITLE="A.3 Installing SSLeay">
+Installing SSLeay</a><br>
+<A CLASS="sect1" HREF="appa_04.html" TITLE="A.4 Setting Up SSL Proxy">
+Setting Up SSL Proxy</a><br>
+<A CLASS="sect1" HREF="appa_05.html" TITLE="A.5 SSL Configuration Options">
+SSL Configuration Options</a></p><P>
+</p></div><P CLASS="para">This appendix describes how to set up Samba to use secure connections between the Samba server and its clients. The protocol used here is Netscape's Secure Sockets Layer (SSL). For this example, we will establish a secure connection between a Samba server and a Windows NT workstation. </p><P CLASS="para">
+Before we begin, we will assume that you are familiar with the fundamentals of public-key cryptography and X.509 certificates. If not, we highly recommend Bruce Schneier's <I CLASS="filename">
+Applied Cryptography, 2nd Edition</i> (Wiley) as the premiere source for learning the many secret faces of cryptography.</p><P CLASS="para">
+If you would like more information on Samba and SSL, be sure to look at the document <I CLASS="filename">
+SSLeay.txt</i> in the <I CLASS="filename">
+docs/textdocs</i> directory of the Samba distribution, which is the basis for this appendix.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appa-pgfId-986440">
+A.1 About Certificates</a></h2><P CLASS="para">
+Here are a few quick questions and answers from the <I CLASS="filename">
+SSLeay.txt</i> file in the Samba documentation, regarding the benefits of SSL and certificates. This text was written by Christian Starkjohann for the Samba projects. </p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-990471">
+A.1.1 What is a Certificate?</a></h3><P CLASS="para">
+A certifcate is issued by an issuer, usually a <EM CLASS="emphasis">
+Certification Authority</em> (CA), who confirms something by issuing the certificate. The subject of this confirmation depends on the CA's policy. CAs for secure web servers (used for shopping malls, etc.) usually attest only that the given public key belongs the given domain name. Company-wide CAs might attest that you are an employee of the company, that you have permissions to use a server, and so on. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-990473">
+A.1.2 What is an X.509 certificate, technically?</a></h3><P CLASS="para">
+Technically, the certificate is a block of data signed by the certificate issuer (the CA). The relevant fields are:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990475">
+</a>Unique identifier (name) of the certificate issuer</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990476">
+</a>Time range during which the certificate is valid</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990477">
+</a>Unique identifier (name) of the certified object</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990478">
+</a>Public key of the certified object</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990479">
+</a>The issuer's signature over all the above</p></li></ul><P CLASS="para">
+If this certificate is to be verified, the verifier must have a table of the names and public keys of trusted CAs. For simplicity, these tables should list certificates issued by the respective CAs for themselves (self-signed certificates).</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-990481">
+A.1.3 What are the implications of this certificate structure?</a></h3><P CLASS="para">
+Four implications follow:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990485">
+</a>Because the certificate contains the subjects's public key, the certificate and the private key together are all that is needed to encrypt and decrypt.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990489">
+</a>To verify certificates, you need the certificates of all CAs you trust. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990490">
+</a>The simplest form of a dummy-certificate is one that is signed by the subject.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-990491">
+</a>A CA is needed. The client can't simply issue local certificates for servers it trusts because the server determines which certificate it presents. </p></li></ul></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_03.html" TITLE="9.3 Extra Resources">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 9.3 Extra Resources" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_02.html" TITLE="A.2 Requirements">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.2 Requirements" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+9.3 Extra Resources</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+A.2 Requirements</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appa_02.html b/docs/htmldocs/using_samba/appa_02.html
new file mode 100755
index 00000000000..e69b2fd9128
--- /dev/null
+++ b/docs/htmldocs/using_samba/appa_02.html
@@ -0,0 +1,100 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix A] A.2 Requirements</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:41:37Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_01.html" TITLE="A.1 About Certificates">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.1 About Certificates" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="appendix" REL="up" HREF="appa_01.html" TITLE="A. Configuring Samba with SSL">
+Appendix A<br>
+Configuring Samba with SSL</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_03.html" TITLE="A.3 Installing SSLeay">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.3 Installing SSLeay" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appa-pgfId-990469">
+A.2 Requirements</a></h2><P CLASS="para">To set up SSL connections, you will need to download two programs in addition to Samba:</p><DL CLASS="variablelist">
+<DT CLASS="term">SSLeay</dt><DD CLASS="listitem">
+<P CLASS="para">
+Eric Young's implementation of the Secure Socket's Layer (SSL) protocol as a series of Unix programming libraries</p></dd><DT CLASS="term">SSL Proxy</dt><DD CLASS="listitem">
+<P CLASS="para">
+A freeware SSL application from Objective Development, which can be used to proxy a secure link on Unix or Windows NT platforms</p></dd></dl><P CLASS="para">
+These two products assist with the server and client side of the encrypted SSL connection. The SSLeay libraries are compiled and installed directly on the Unix system. SSL Proxy, on the other hand, can be downloaded and compiled (or downloaded in binary format) and located on the client side. If you intend to have a Windows NT client or a Samba client on the other end of the SSL connection, you will not require a special setup.</p><P CLASS="para">
+SSL Proxy, however, does not work on Windows 95/98 machines. Therefore, if you want to have a secure connection between a Samba server and Windows 95/98 client, you will need to place either a Unix server or a Windows NT machine on the same subnet with the Windows 9<EM CLASS="emphasis">
+x</em> clients and route all network connections through the SSL-Proxy-enabled machine. See <A CLASS="xref" HREF="appa_02.html#appa-89929">
+Figure A.1</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="appa-89929">
+Figure A.1: Two possible ways of proxying Windows 95/98 clients</a></h4><IMG CLASS="graphic" SRC="figs/sam.aa01.gif" ALT="Figure A.1"><P CLASS="para">
+For the purposes of this chapter, we will create a simple SSL connection between the Samba server and a Windows NT client. This configuration can be used to set up more complex networks at the administrator's discretion.</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_01.html" TITLE="A.1 About Certificates">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.1 About Certificates" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_03.html" TITLE="A.3 Installing SSLeay">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.3 Installing SSLeay" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+A.1 About Certificates</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+A.3 Installing SSLeay</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appa_03.html b/docs/htmldocs/using_samba/appa_03.html
new file mode 100755
index 00000000000..f8cdb139315
--- /dev/null
+++ b/docs/htmldocs/using_samba/appa_03.html
@@ -0,0 +1,325 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix A] A.3 Installing SSLeay</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:41:37Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_02.html" TITLE="A.2 Requirements">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.2 Requirements" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="appendix" REL="up" HREF="appa_01.html" TITLE="A. Configuring Samba with SSL">
+Appendix A<br>
+Configuring Samba with SSL</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_04.html" TITLE="A.4 Setting Up SSL Proxy">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.4 Setting Up SSL Proxy" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appa-pgfId-985777">
+A.3 Installing SSLeay</a></h2><P CLASS="para">
+Samba uses the SSLeay package, written by Eric Young, to provide Secure Sockets Layer support on the server side. Because of U.S. export law, however, the SSLeay package cannot be shipped with Samba distributions that are based in the United States. For that reason, the Samba creators decided to leave it as a separate package entirely. You can download the SSLeay distribution from any of the following sites:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-985779">
+</a><A CLASS="systemitem.url" HREF="ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/">
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/</a></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-985781">
+</a><A CLASS="systemitem.url" HREF="ftp://ftp.uni-mainz.de/pub/internet/security/ssl">
+ftp://ftp.uni-mainz.de/pub/internet/security/ssl</a></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-985782">
+</a><A CLASS="systemitem.url" HREF="ftp://ftp.cert.dfn.de/pub/tools/crypt/sslapps">
+ftp://ftp.cert.dfn.de/pub/tools/crypt/sslapps</a></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-985783">
+</a><A CLASS="systemitem.url" HREF="ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au">
+ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au</a></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-985784">
+</a><A CLASS="systemitem.url" HREF="ftp://ftp.sunet.se/ftp/pub/security/tools/crypt/ssleay">
+ftp://ftp.sunet.se/ftp/pub/security/tools/crypt/ssleay</a></p></li></ul><P CLASS="para">
+The latest version as of this printing is 0.9.0b. Download it to the same server as the Samba distribution, then uncompress and untar it. You should be left with a directory entitled <I CLASS="filename">
+SSLeay-0.9.0b</i>. After changing to that directory, you will need to configure and build the SSL encryption package in the same way that you did with Samba.</p><P CLASS="para">
+SSLeay uses a Perl-based <I CLASS="filename">
+configure</i> script. This script modifies the Makefile that constructs the utilities and libraries of the SSLeay package. However, the default script is hardcoded to find Perl at <I CLASS="filename">
+/usr/local/bin/perl</i>. You may need to change the <I CLASS="filename">
+configure</i> script to point to the location of the Perl executable file on your Unix system. For example, you can type the following to locate the Perl executable:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>which perl</b></code>
+/usr/bin/perl</pre><P CLASS="para">
+Then modify the first line of the <I CLASS="filename">
+configure</i> script to force it to use the correct Perl executable. For example, on our Red Hat Linux system:</p><PRE CLASS="programlisting">
+#!/usr/bin/perl
+#
+# see PROBLEMS for instructions on what sort of things to do
+# when tracking a bug -tjh
+...</pre><P CLASS="para">
+After that, you need to run the <I CLASS="filename">
+configure</i> script by specifying a target platform for the distribution. This target platform can be any of the following:</p><PRE CLASS="programlisting">
+BC-16              BC-32              FreeBSD            NetBSD-m86
+NetBSD-sparc       NetBSD-x86         SINIX-N            VC-MSDOS
+VC-NT              VC-W31-16          VC-W31-32          VC-WIN16
+VC-WIN32           aix-cc             aix-gcc            alpha-cc
+alpha-gcc          alpha400-cc        cc                 cray-t90-cc
+debug              debug-irix-cc      debug-linux-elf    dgux-R3-gcc
+dgux-R4-gcc        dgux-R4-x86-gcc    dist               gcc
+hpux-cc            hpux-gcc           hpux-kr-cc         irix-cc
+irix-gcc           linux-aout         linux-elf          ncr-scde
+nextstep           purify             sco5-cc            solaris-sparc-cc
+solaris-sparc-gcc  solaris-sparc-sc4  solaris-usparc-sc4 solaris-x86-gcc
+sunos-cc           sunos-gcc          unixware-2.0       unixware</pre><P CLASS="para">
+For our system, we would enter the following:</p><PRE CLASS="programlisting">
+# <CODE CLASS="userinput"><B>./Configure linux-elf</b></code>
+CC            =gcc
+CFLAG         =-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer 
+EX_LIBS       =
+BN_MULW       =asm/bn86-elf.o
+DES_ENC       =asm/dx86-elf.o asm/yx86-elf.o
+BF_ENC        =asm/bx86-elf.o
+CAST_ENC      =asm/cx86-elf.o
+RC4_ENC       =asm/rx86-elf.o
+RC5_ENC       =asm/r586-elf.o
+MD5_OBJ_ASM   =asm/mx86-elf.o
+SHA1_OBJ_ASM  =asm/sx86-elf.o
+RMD160_OBJ_ASM=asm/rm86-elf.o
+THIRTY_TWO_BIT mode
+DES_PTR used
+DES_RISC1 used
+DES_UNROLL used
+BN_LLONG mode
+RC4_INDEX mode		</pre><P CLASS="para">
+After the package has been configured, you can build it by typing <CODE CLASS="literal">
+make</code>. If the build did not successfully complete, consult the documentation that comes with the distribution or the FAQ at <a href="http://www.cryptsoft.com/ssleay/"><I CLASS="filename">http://www.cryptsoft.com/ssleay/</i></a> for more information on what may have happened. If the build did complete, type <CODE CLASS="literal">
+make</code> <CODE CLASS="literal">
+install</code> to install the libraries on the system. Note that the makefile installs the package in <I CLASS="filename">
+/usr/local/ssl</i> by default. If you decide to install it in another directory, remember the directory when configuring Samba to use SSL.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-985829">
+A.3.1 Configuring SSLeay for Your System</a></h3><P CLASS="para">
+The first thing you need to do is to set the <CODE CLASS="literal">
+PATH</code> environment variable on your system to include the <I CLASS="filename">
+/bin</i> directory of the SSL distribution. This can be done with the following statement:</p><PRE CLASS="programlisting">
+PATH=$PATH:/usr/local/ssl/bin</pre><P CLASS="para">
+That's the easy part. Following that, you will need to create a random series of characters that will be used to prime SSLeay's random number generator. The random number generator will be used to create key pairs for both the clients and the server. You can create this random series by filling a text file of a long series of random characters. For example, you can use your favorite editor to create a text file with random characters, or use this command and enter arbitrary characters at the standard input:</p><PRE CLASS="programlisting">
+cat &gt;/tmp/private.txt</pre><P CLASS="para">
+The Samba documentation recommends that you type characters for longer than a minute before interrupting the input stream by hitting Control-D. Try not to type only the characters that are under your fingers on the keyboard; throw in some symbols and numbers as well. Once you've completed the random file, you can prime the random number generator with the following command:</p><PRE CLASS="programlisting">
+# ssleay genrsa -rand /tmp/private.txt &gt;/dev/null
+2451 semi-random bytes loaded
+Generating RSA private key, 512 bit long modulus
+..+++++
+.................................+++++
+e is 65537 (0x10001)</pre><P CLASS="para">
+You can safely ignore the output of this command. After it has completed, remove the series of characters used to create the key because this could be used to recreate any private keys that were generated from this random number generator:</p><PRE CLASS="programlisting">
+rm -f /tmp/private.txt</pre><P CLASS="para">
+The result of this command is the hidden file .<EM CLASS="emphasis">
+rnd</em>, which is stored in your home directory. SSLeay will use this file when creating key pairs in the future.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-985843">
+A.3.2 Configuring Samba to use SSL</a></h3><P CLASS="para">At this point, you can compile Samba to use SSL. Recall that in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>, we said you have to first run the configure script, which initializes the makefile, before you compile Samba. In order to use SSL with Samba, you will need to reconfigure the makefile:</p><PRE CLASS="programlisting">
+./configure --with-ssl</pre><P CLASS="para">
+After that, you can compile Samba with the following commands:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>make clean</b></code>
+# <CODE CLASS="userinput"><B>make all</b></code></pre><P CLASS="para">
+If you encounter an error that says the <I CLASS="filename">
+smbd</i> executable is missing the file <I CLASS="filename">
+ssl.h</i>, you probably didn't install SSLeay in the default directory. Use the configure option <CODE CLASS="literal">
+--with-sslinc</code> to point to the base directory of the SSL distribution&nbsp;- in this case, the directory that contains <EM CLASS="emphasis">
+include/ssl.h</em>.</p><P CLASS="para">
+On the other hand, if you have a clean compile, you're ready to move on to the next step: creating certificates.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-62097">
+A.3.3 Becoming a Certificate Authority</a></h3><P CLASS="para">
+<I CLASS="firstterm">
+</i>The SSL protocol requires the use of X.509 certificates in the protocol handshake to ensure that either one or both parties involved in the communication are indeed who they say they are. Certificates in real life, such as those use for SSL connections on public web sites, can cost in the arena of $300 a year. This is because the certificate must have a digital signature placed on it by a <I CLASS="firstterm">
+certificate authority</i>. A certificate authority is an entity that vouches for the authenticity of a digital certificate by signing it with its own private key. This way, anyone who wishes to check the authenticity of the certificate can simply use the certificate authority's public key to check the signature.</p><P CLASS="para">
+You are allowed to use a public certificate authority with SSLeay. However, you don't have to. Instead, SSLeay will allow you to declare yourself a trusted certificate authority&nbsp;- specifying which clients you choose to trust and which clients you do not. In order to do this, you will need to perform several tasks with the SSLeay distribution.</p><P CLASS="para">
+The first thing you need to do is specify a secure location where the certificates of the clients and potentially the server will be stored. We have chosen <I CLASS="filename">
+/etc/certificates</i> as our default. Execute the following commands as <CODE CLASS="literal">
+root</code>: </p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>cd /etc</b></code>
+# <CODE CLASS="userinput"><B>mkdir certificates</b></code>
+# <CODE CLASS="userinput"><B>chmod 700 certificates</b></code></pre><P CLASS="para">
+Note that we shut out all access to users other than <CODE CLASS="literal">
+root</code> for this directory. This is very important.</p><P CLASS="para">
+Next, you need to set up the SSLeay scripts and configuration files to use the certificates stored in this directory. In order to do this, first modify the <I CLASS="filename">
+CA.sh</i> script located at <EM CLASS="emphasis">
+/usr/local/ssl/bin/CA.sh</em> to specify the location of the directory you just created. Find the line that contains the following entry:</p><PRE CLASS="programlisting">
+CATOP=./demoCA</pre><P CLASS="para">
+Then change it to:</p><PRE CLASS="programlisting">
+CATOP=/etc/certificates</pre><P CLASS="para">
+Next, you need to modify the <EM CLASS="emphasis">
+/usr/local/ssl/lib/ssleay.cnf</em> file to specify the same directory. Find the entry:</p><PRE CLASS="programlisting">
+[ CA_default ]
+dir     = ./demoCA             # Where everything is kept</pre><P CLASS="para">
+Then change it to:</p><PRE CLASS="programlisting">
+[ CA_default ]
+dir     =  /etc/certificates   # Where everything is kept</pre><P CLASS="para">
+Next, run the certificate authority setup script, <I CLASS="filename">
+CA.sh</i>, in order to create the certificates. Be sure to do this as the same user that you used to prime the random number generator above:</p><PRE CLASS="programlisting">
+/usr/local/ssl/bin/CA.sh -newca
+mkdir: cannot make directory '/etc/certificates': File exists
+CA certificate filename (or enter to create)</pre><P CLASS="para">
+Press the Enter key to create a certificate for the CA. You should then see:</p><PRE CLASS="programlisting">
+Making CA certificate ...
+Using configuration from /usr/local/ssl/lib/ssleay.cnf
+Generating a 1024 bit RSA private key
+.............................+++++
+.....................+++++
+writing new private key to /etc/certificates/private/cakey.pem
+Enter PEM pass phrase:</pre><P CLASS="para">
+Enter a new pass phrase for your certificate. You will need to enter it twice correctly before SSLeay will accept it:</p><PRE CLASS="programlisting">
+Enter PEM pass phrase:
+Verifying password - Enter PEM pass phrase:</pre><P CLASS="para">
+Be sure to remember this pass phrase. You will need it to sign the client certificates in the future. Once SSLeay has accepted the pass phrase, it will continue on with a series of questions for each of the fields in the X509 certificate:</p><PRE CLASS="programlisting">
+You are about to be asked to enter information that will be
+incorporated into your certificate request.
+What you are about to enter is what is called a Distinguished
+Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.</pre><P CLASS="para">
+Fill out the remainder of the fields with information about your organization. For example, our certificate looks like this:</p><PRE CLASS="programlisting">
+Country Name (2 letter code) [AU]:<CODE CLASS="userinput">
+<B>
+US</b></code>
+State or Province Name (full name) [Some-State]:<CODE CLASS="userinput">
+<B>
+California</b></code>
+Locality Name (eg, city) []:<CODE CLASS="userinput">
+<B>
+Sebastopol</b></code>
+Organization Name (eg, company) []:<CODE CLASS="userinput">
+<B>
+O'Reilly</b></code>
+Organizational Unit Name (eg, section) []:<CODE CLASS="userinput">
+<B>
+Books</b></code>
+Common Name (eg, YOUR name) []:<CODE CLASS="userinput">
+<B>
+John Doe</b></code>
+Email Address []:<CODE CLASS="userinput">
+<B>
+doe@ora.com</b></code></pre><P CLASS="para">
+After that, SSLeay will be configured as a certificate authority and can be used to sign certificates for client machines that will be connecting to the Samba server.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986381">
+A.3.4 Creating Certificates for Clients</a></h3><P CLASS="para">
+It's simple to create a certificate for a client machine. First, you need to generate a public/private key pair for each entity, create a certificate request file, and then use <EM CLASS="emphasis">
+SSLeay</em> to sign the file as a trusted authority.</p><P CLASS="para">
+For our example client <CODE CLASS="literal">
+phoenix</code>, this boils down to three SSLeay commands. The first generates a key pair for the client and places it in the file <I CLASS="filename">
+phoenix.key</i>. The private key will be encrypted, in this case using triple DES. Enter a pass phrase when requested below&nbsp;- you'll need it for the next step:</p><PRE CLASS="programlisting">
+# ssleay genrsa -des3 1024 &gt;phoenix.key
+1112 semi-random bytes loaded
+Generating RSA private key, 1024 bit long modulus
+........................................+++++
+.............+++++
+e is 65537 (0x10001)
+Enter PEM pass phrase:
+Verifying password - Enter PEM pass phrase:</pre><P CLASS="para">
+After that command has completed, type in the following command:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>ssleay req -new -key phoenix.key -out phoenix-csr</b></code>
+Enter PEM pass phrase:</pre><P CLASS="para">
+Enter the pass phrase for the client certificate you just created (not the certificate authority). At this point, you will need to answer the questionnaire again, this time for the client machine. In addition, you must type in a challenge password and an optional company name&nbsp;- those do not matter here. When the command completes, you will have a certificate request in the file <EM CLASS="emphasis">
+phoenix-csr.</em></p><P CLASS="para">
+Then, you must sign the certificate request as the trusted certificate authority. Type in the following command:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>ssleay ca -days 1000 -inflies phoenix-csr &gt;phoenix.pem</b></code></pre><P CLASS="para">
+This command will prompt you to enter the PEM pass phrase of the <EM CLASS="emphasis">
+certificate authority</em>. Be sure that you do not enter the PEM pass phrase of the client certificate that you just created. After entering the correct pass phrase, you should see the following:</p><PRE CLASS="programlisting">
+Check that the request matches the signature
+Signature ok
+The Subjects Distinguished Name is as follows:
+...</pre><P CLASS="para">
+This will be followed by the information that you just entered for the client certificate. If there is an error in the fields, the program will notify you. On the other hand, if everything is fine, SSLeay will confirm that it should sign the certificate and commit it to the database. This adds a record of the certificate to the <I CLASS="filename">
+/etc/certificates/newcerts</i> directory.</p><P CLASS="para">
+The operative files at the end of this exercise are the <EM CLASS="emphasis">
+phoenix.key</em> and <EM CLASS="emphasis">
+phoenix.pem </em>files, which reside in the current directory. These files will be passed off to the client with whom the SSL-enabled Samba server will interact, and will be used by SSL Proxy.<I CLASS="firstterm">
+</i></p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986754">A.3.5 Configuring the Samba Server</a></h3><P CLASS="para">
+The next step is to modify the Samba configuration file to include the following setup options. These options assume that you created the certificates directory for the certificate authority at <I CLASS="filename">
+/etc/certificates </i>:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl server cert = /etc/certificates/cacert.pem
+	ssl server key = /etc/certificates/private/cakey.pem
+	ssl CA certDir = /etc/certificates</pre><P CLASS="para">
+At this point, you will need to kill the Samba daemons and restart them manually:</p><PRE CLASS="programlisting">
+# <CODE CLASS="userinput"><B>nmbd -D</b></code>
+# <CODE CLASS="userinput"><B>smbd -D</b></code>
+Enter PEM pass phrase:</pre><P CLASS="para">
+You will need to enter the PEM pass phrase of the certificate authority to start up the Samba daemons. Note that this may present a problem in terms of starting the program using ordinary means. However, you can get around this using advanced scripting languages, such as Expect or Python.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986870">
+A.3.6 Testing with smbclient</a></h3><P CLASS="para">
+A good way to test whether Samba is working properly is to use the<EM CLASS="emphasis">
+ smbclient</em> program. On the Samba server, enter the following command, substituting the appropriate share and user for a connection:</p><PRE CLASS="programlisting">
+# <CODE CLASS="userinput"><B>smbclient //hydra/data -U tom</b></code></pre><P CLASS="para">
+You should see several debugging statements followed by a line indicating the negotiated cipher, such as:</p><PRE CLASS="programlisting">
+SSL: negotiated cipher: DES-CBC3-SHA</pre><P CLASS="para">
+After that, you can enter your password and connect to the share normally. If this works, you can be sure that Samba is correctly supporting SSL connections. Now, on to the client setup.  </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_02.html" TITLE="A.2 Requirements">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.2 Requirements" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_04.html" TITLE="A.4 Setting Up SSL Proxy">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.4 Setting Up SSL Proxy" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+A.2 Requirements</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+A.4 Setting Up SSL Proxy</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appa_04.html b/docs/htmldocs/using_samba/appa_04.html
new file mode 100755
index 00000000000..d4f99e29511
--- /dev/null
+++ b/docs/htmldocs/using_samba/appa_04.html
@@ -0,0 +1,135 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix A] A.4 Setting Up SSL Proxy</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:41:41Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_03.html" TITLE="A.3 Installing SSLeay">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.3 Installing SSLeay" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="appendix" REL="up" HREF="appa_01.html" TITLE="A. Configuring Samba with SSL">
+Appendix A<br>
+Configuring Samba with SSL</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_05.html" TITLE="A.5 SSL Configuration Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.5 SSL Configuration Options" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appa-pgfId-986788">
+A.4 Setting Up SSL Proxy</a></h2><P CLASS="para">
+The SSL Proxy program is available as a standalone binary or as source code. You can download it from <A CLASS="systemitem.url" HREF="http://obdev.at/Products/sslproxy.html">
+http://obdev.at/Products/sslproxy.html</a>.</p><P CLASS="para">
+Once it is downloaded, you can configure and compile it like Samba. We will configure it on a Windows NT system. However, setting it up for a Unix system involves a nearly identical series of steps. Be sure that you are the superuser (administrator) for the next series of steps.</p><P CLASS="para">
+If you downloaded the binary for Windows NT, you should have the following files in a directory:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-986793">
+</a><I CLASS="filename">
+cygwinb19.dll</i></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-986794">
+</a><I CLASS="filename">
+README.TXT</i></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-986795">
+</a><I CLASS="filename">
+sslproxy.exe</i></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appa-pgfId-986796">
+</a><I CLASS="filename">
+dummyCert.pem</i></p></li></ul><P CLASS="para">
+The only one that you will be interested in is the SSL Proxy executable. Copy over the <EM CLASS="emphasis">
+phoenix.pem</em> and <EM CLASS="emphasis">
+phoenix.key</em> files that you generated earlier for the client to the same directory as the SSL proxy executable. Make sure that the directory is secure from the prying eyes of other users.</p><P CLASS="para">
+The next step is to ensure that the Windows NT machine can resolve the NetBIOS name of the Samba server. This means that you should either have a WINS server up and running (the Samba server can perform this task with the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+support</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option) or have it listed in the appropriate <EM CLASS="emphasis">
+hosts</em> file of the system. See <a href="ch07_01.html"><b>Chapter 7, <CITE CLASS="chapter">Printing and Name Resolution</cite></b></a>, for more information on WINS server.[<A CLASS="footnote" HREF="#appa-pgfId-986801">1</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="appa-pgfId-986801">[1]</a> If you are running SSL Proxy on a Unix server, you should ensure that the DNS name of the Samba server can be resolved.</p></div></blockquote><P CLASS="para">
+Finally, start up SSL Proxy with the following command. Here, we assume that <CODE CLASS="literal">
+hydra</code> is the name of the Samba server:</p><PRE CLASS="programlisting">
+# <CODE CLASS="userinput"><B>C:\SSLProxy&gt;sslproxy -l 139 -R hydra -r 139 -n -c phoenix.pem -k phoenix.key</b></code></pre><P CLASS="para">
+This tells SSL Proxy to listen for connections to port 139 and relay those requests to port 139 on the NetBIOS machine <CODE CLASS="literal">
+hydra</code>. It also instructs SSL Proxy to use the <I CLASS="filename">
+phoenix.pem</i> and <I CLASS="filename">
+phoenix.key</i> files to generate the certificate and keys necessary to initiate the SSL connection. SSL Proxy responds with:</p><PRE CLASS="programlisting">
+Enter PEM pass phrase:</pre><P CLASS="para">
+Enter the PEM pass phrase of the client keypair that you generated, <EM CLASS="emphasis">
+not</em> the certificate authority. You should then see the following output:</p><PRE CLASS="programlisting">
+SSL: No verify locations, trying default
+proxy ready, listening for connections</pre><P CLASS="para">
+That should take care of the client. You can place this command in a startup sequence on either Unix or Windows NT if you want this functionality available at all times. Be sure to set any clients you have connecting to the NT server (including the NT server itself) to point to this server instead of the Samba server.</p><P CLASS="para">
+After you've completed setting this up, try to connect using clients that proxy through the NT server. You should find that it works almost transparently.</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_03.html" TITLE="A.3 Installing SSLeay">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.3 Installing SSLeay" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_05.html" TITLE="A.5 SSL Configuration Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A.5 SSL Configuration Options" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+A.3 Installing SSLeay</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+A.5 SSL Configuration Options</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appa_05.html b/docs/htmldocs/using_samba/appa_05.html
new file mode 100755
index 00000000000..2048040ec97
--- /dev/null
+++ b/docs/htmldocs/using_samba/appa_05.html
@@ -0,0 +1,460 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix A] A.5 SSL Configuration Options</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:41:44Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_04.html" TITLE="A.4 Setting Up SSL Proxy">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.4 Setting Up SSL Proxy" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="appendix" REL="up" HREF="appa_01.html" TITLE="A. Configuring Samba with SSL">
+Appendix A<br>
+Configuring Samba with SSL</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appb_01.html" TITLE="B. Samba Performance Tuning">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: B. Samba Performance Tuning" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appa-pgfId-985845">
+A.5 SSL Configuration Options</a></h2><P CLASS="para">
+<A CLASS="xref" HREF="appa_05.html#appa-61150">Table A.1</a> summarizes the configuration options introduced in the previous section for using SSL. Note that all of these options are global in scope; in other words, they must appear in the <CODE CLASS="literal">
+[global]</code> section of the configuration file. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appa-61150">
+Table A.1: SSL Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates whether SSL mode is enabled with Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl hosts</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of addresses)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of hosts that must always connect using SSL.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl hosts resign</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of addresses)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of hosts that never connect using SS.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl CA certDir</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the directory where the certificates are stored.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl CA certFile</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a file that contains all of the certificates for Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl server cert</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the location of the server's certificate.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl server key</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the location of the server's private key.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl client cert</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the location of the client's certificate.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl client key</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the location of the client's private key.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl require clientcert</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates whether Samba should require each client to have a certificate.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl require servercert</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates whether the server itself should have a certificate.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl ciphers</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+String </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the cipher suite to use during protocol negotiation.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl version</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl2or3</code>, <CODE CLASS="literal">
+ssl3</code>, or <CODE CLASS="literal">
+tls1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the version of SSL to use.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl2or3</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ssl compatibility</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates whether compatibility with other implementations of SSL should be activated.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986013">
+A.5.1 ssl</a></h3><P CLASS="para">
+This global option configures Samba to use SSL for communication between itself and clients. The default value of this option is <CODE CLASS="literal">
+no</code>. You can reset it as follows:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes</pre><P CLASS="para">
+Note that in order to use this option, you must have a proxy for Windows 95/98 clients, such as in the model presented earlier in this chapter.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986018">
+A.5.2 ssl hosts</a></h3><P CLASS="para">
+This option specifies the hosts that will be forced into using SSL. The syntax for specifying hosts and addresses is the same as the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> configuration options. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.</pre><P CLASS="para">
+This example specifies that all hosts that fall into the 192.168.220 subnet must use SSL connections with the client. This type of structure is useful if you know that various connections will be made by a subnet that lies across an untrusted network, such as the Internet. If neither this option nor the <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+resign</code> option has been specified, and <CODE CLASS="literal">
+ssl</code> is set to <CODE CLASS="literal">
+yes</code>, Samba will allow only SSL connections from all clients.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986024">
+A.5.3 ssl hosts resign</a></h3><P CLASS="para">
+This option specifies the hosts that will <EM CLASS="emphasis">
+not</em> be forced into SSL mode. The syntax for specifying hosts and addresses is the same as the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> configuration options. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts resign = 160.2.310. 160.2.320.</pre><P CLASS="para">
+This example specifies that all hosts that fall into the 160.2.310 or 160.2.320 subnets will not use SSL connections with the client. If neither this option nor the <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+hosts</code> option has been specified, and <CODE CLASS="literal">
+ssl</code> is set to <CODE CLASS="literal">
+yes</code>, Samba will allow only SSL connections from all clients.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986030">
+A.5.4 ssl CA certDir</a></h3><P CLASS="para">
+This option specifies the directory containing the certificate authority's certificates that Samba will use to authenticate clients. There must be one file in this directory for each certificate authority, named as specified earlier in this chapter. Any other files in this directory are ignored. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certDir = /usr/local/samba/cert</pre><P CLASS="para">
+There is no default for this option. You can alternatively use the option <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+CA</code> <CODE CLASS="literal">
+certFile</code> if you wish to place all the certificate authority information in the same file.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986037">
+A.5.5 ssl CA certFile</a></h3><P CLASS="para">
+This option specifies a file that contains the certificate authority's certificates that Samba will use to authenticate clients. This option differs from <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+CA</code> <CODE CLASS="literal">
+certDir</code> in that there is only one file used for all the certificate authorities. An example of its usage follows:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile</pre><P CLASS="para">
+There is no default for this option. You can also use the option <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+CA</code> <CODE CLASS="literal">
+certDir</code> if you wish to have a separate file for each certificate authority that Samba trusts.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986044">
+A.5.6 ssl server cert</a></h3><P CLASS="para">
+This option specifies the location of the server's certificate. This option is mandatory; the server must have a certificate in order to use SSL. For example: </p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl server cert = /usr/local/samba/private/server.pem</pre><P CLASS="para">
+There is no default for this option. Note that the certificate may contain the private key for the server.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986052">
+A.5.7 ssl server key</a></h3><P CLASS="para">
+This option specifies the location of the server's private key. You should ensure that the location of the file cannot be accessed by anyone other than <CODE CLASS="literal">
+root</code>. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl server key = /usr/local/samba/private/samba.pem</pre><P CLASS="para">
+There is no default for this option. Note that the private key may be contained in the certificate for the server. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986060">
+A.5.8 ssl client cert</a></h3><P CLASS="para">
+This option specifies the location of the client's certificate. The certificate may be requested by the Samba server with the <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+require</code> <CODE CLASS="literal">
+clientcert</code> option; the certificate is also used by <I CLASS="filename">
+smbclient</i>. For example: </p><PRE CLASS="programlisting">
+[global]
+    ssl = yes
+    ssl hosts = 192.168.220.
+    ssl CA certFile = /usr/local/samba/cert/certFile
+    ssl server cert = /usr/local/ssl/private/server.pem
+    ssl client cert= /usr/local/ssl/private/clientcert.pem</pre><P CLASS="para">
+There is no default for this option. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986069">
+A.5.9 ssl client key</a></h3><P CLASS="para">
+This option specifies the location of the client's private key. You should ensure that the location of the file cannot be accessed by anyone other than <CODE CLASS="literal">
+root</code>. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certDir = /usr/local/samba/cert/
+	ssl server key = /usr/local/ssl/private/samba.pem
+	ssl client key = /usr/local/ssl/private/clients.pem</pre><P CLASS="para">
+There is no default for this option. This option is only needed if the client has a certificate. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986078">
+A.5.10 ssl require clientcert</a></h3><P CLASS="para">
+This option specifies whether the client is required to have a certificate. The certificates listed with either the <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+CA</code> <CODE CLASS="literal">
+certDir</code> or the <CODE CLASS="literal">
+ssl</code> <CODE CLASS="literal">
+CA</code> <CODE CLASS="literal">
+certFile</code> will be searched to confirm that the client has a valid certificate and is authorized to connect to the Samba server. The value of this option is a simple boolean. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl require clientcert = yes</pre><P CLASS="para">
+We recommend that you require certificates from all clients that could be connecting to the Samba server. The default value for this option is <CODE CLASS="literal">
+no</code>.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-990571">
+A.5.11 ssl require servercert</a></h3><P CLASS="para">
+This option specifies whether the server is required to have a certificate. Again, this will be used by the <I CLASS="filename">
+smbclient</i> program. The value of this option is a simple boolean. For example:</p><PRE CLASS="programlisting">
+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl require clientcert = yes
+	ssl require servercert = yes</pre><P CLASS="para">
+Although we recommend that you require certificates from all clients that could be connecting to the Samba server, a server certificate is not required. It is, however,  recommended. The default value for this option is <CODE CLASS="literal">
+no</code>.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986095">
+A.5.12 ssl ciphers</a></h3><P CLASS="para">
+This option sets the ciphers on which SSL will decide during the negotiation phase of the SSL connection. Samba can use any of the following ciphers:</p><PRE CLASS="programlisting">
+DEFAULT
+DES-CFB-M1
+NULL-MD5
+RC4-MD5
+EXP-RC4-MD5
+RC2-CBC-MD5
+EXP-RC2-CBC-MD5
+IDEA-CBC-MD5
+DES-CBC-MD5
+DES-CBC-SHA
+DES-CBC3-MD5
+DES-CBC3-SHA
+RC4-64-MD5
+NULL</pre><P CLASS="para">
+It is best not to set this option unless you are familiar with the SSL protocol and want to mandate a specific cipher suite.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-986097">
+A.5.13 ssl version</a></h3><P CLASS="para">
+This global option specifies the version of SSL that Samba will use when handling encrypted connections. The default value is <CODE CLASS="literal">
+ssl2or3</code>, which specifies that either version 2 or 3 of the SSL protocol can be used, depending on which version is negotiated in the handshake between the server and the client. However, if you want Samba to use only a specific version of the protocol, you can specify the following:</p><PRE CLASS="programlisting">
+[global]
+	ssl version = ssl3</pre><P CLASS="para">
+Again, it is best not to set this option unless you are familiar with the SSL protocol and want to mandate a specific version.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appa-pgfId-990580">
+A.5.14 ssl compatibility</a></h3><P CLASS="para">
+This global option specifies whether Samba should be configured to use other versions of SSL. However, because no other versions exist at this writing, the issue is  moot and the variable should always be left at the default.</p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_04.html" TITLE="A.4 Setting Up SSL Proxy">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.4 Setting Up SSL Proxy" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appb_01.html" TITLE="B. Samba Performance Tuning">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: B. Samba Performance Tuning" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">A.4 Setting Up SSL Proxy</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+B. Samba Performance Tuning</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appb_01.html b/docs/htmldocs/using_samba/appb_01.html
new file mode 100755
index 00000000000..4e1ec529af7
--- /dev/null
+++ b/docs/htmldocs/using_samba/appb_01.html
@@ -0,0 +1,162 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix B] Samba Performance Tuning</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:42:02Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_05.html" TITLE="A.5 SSL Configuration Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.5 SSL Configuration Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Appendix B</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_02.html" TITLE="B.2 Samba Tuning">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: B.2 Samba Tuning" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="appendix">
+<A CLASS="title" NAME="appb-66714">
+B. Samba Performance Tuning</a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#appb-47134" TITLE="B.1 A Simple Benchmark">
+A Simple Benchmark</a><br>
+<A CLASS="sect1" HREF="appb_02.html" TITLE="B.2 Samba Tuning">
+Samba Tuning</a><br>
+<A CLASS="sect1" HREF="appb_03.html" TITLE="B.3 Sizing Samba Servers">
+Sizing Samba Servers</a></p><P>
+</p></div><P CLASS="para">This appendix discusses various ways of performance tuning and system sizing with Samba. <I CLASS="firstterm">
+Performance tuning</i> is the art of finding bottlenecks and adjusting to eliminate them. <EM CLASS="emphasis">
+Sizing</em> is the practice of eliminating bottlenecks by spending money to avoid having them in the first place. Normally, you won't have to worry about either with Samba. On a completely untuned server, Samba will happily support a small community of users. However, on a properly tuned server, Samba will support at least twice as many users. This chapter is devoted to outlining various performance-tuning and sizing techniques that you can use if you want to stretch your Samba server to the limit.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appb-47134">
+B.1 A Simple Benchmark</a></h2><P CLASS="para">How do you know if you're getting reasonable performance? A simple benchmark is to compare Samba with FTP. <A CLASS="xref" HREF="appb_01.html#appb-73167">
+Table B.1</a> shows the throughput, in kilobytes per second, of a pair of servers: a medium-size Sun SPARC Ultra and a small Linux Pentium server. Numbers are reported in kilobytes per second (KB/s).  </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-73167">
+Table B.1: Sample Benchmark Benchmarks </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Command</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+FTP</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Untuned Samba</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Tuned Samba</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sparc get</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1014.5</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+645.3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+866.7</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sparc put</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+379.8 </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+386.1</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+329.5</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Pentium get</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+973.27</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+N/A</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+725</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Pentium put</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1014.5</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+N/A</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1100</p></td></tr></tbody></table><P CLASS="para">
+If you run the same tests on your server, you probably won't see the same numbers. However, you <EM CLASS="emphasis">
+should </em>see similar ratios of Samba to FTP, probably in the range of 68 to 80 percent. It's not a good idea to base <EM CLASS="emphasis">
+all</em> of Samba's throughput against FTP. The golden rule to remember is this: if Samba is much slower than FTP, it's time to tune it.</p><P CLASS="para">
+You might think that an equivalent test would be to compare Samba to NFS. In reality, however, it's much less useful to compare their speeds. Depending entirely on whose version of NFS you have and how well it's tuned, Samba can be slower or faster than NFS. We usually find that Samba is faster, but watch out; NFS uses a different algorithm from Samba, so tuning options that are optimal for NFS may be detrimental for Samba. If you run Samba on a well-tuned NFS server, Samba may perform rather badly.</p><P CLASS="para">
+A more popular benchmark is Ziff-Davis' <EM CLASS="emphasis">
+NetBench, </em>a simulation of many users on client machines running word processors and accessing data on the SMB server. It's not a prefect measure (each NetBench client does about ten times the work of a normal user on our site), but it is a fair comparison of similar servers. In tests performed by Jeremy Allison in November 1998, Samba 2.0 on a SGI multiprocessor outperformed NT Server 4.0 (Patch Level 2) on an equivalent high-end Compaq. This was confirmed and strengthened by a Sm@rt Reseller test of NT and Linux on identical hardware in February 1999.  </p><P CLASS="para">
+In April 1999, the Mindcraft test lab released a report about a test showing that Samba on a four-processor Linux machine was significantly slower than native file serving on the same machine running Windows NT. While the original report was slammed by the Open Source community because it was commissioned by Microsoft and tuned the systems to favor Windows NT, a subsequent test was fairer and generally admitted to reveal some areas where Linux needed to improve its performance, especially on multiprocessors. Little was said about Samba itself. Samba is known to scale well on multiprocessors, and exceeds 440MB/s on a four-processor SGI O200, beating Mindcraft's 310MB/s.</p><P CLASS="para">
+Relative performance will probably change as NT and PC hardware get faster, of course, but Samba is improving as well. For example, Samba 1.9.18 was faster only with more than 35 clients. Samba 2.0, however, is faster regardless of the number of clients. In short, Samba is very competitive with the best networking software in the industry, and is only getting better. </p><P CLASS="para">
+As we went to press, Andrew Tridgell released the alpha-test version suite of benchmarking programs for Samba and SMB networks. Expect even more work on performance from the Samba team in the future.</p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appa_05.html" TITLE="A.5 SSL Configuration Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: A.5 SSL Configuration Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_02.html" TITLE="B.2 Samba Tuning">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: B.2 Samba Tuning" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+A.5 SSL Configuration Options</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+B.2 Samba Tuning</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appb_02.html b/docs/htmldocs/using_samba/appb_02.html
new file mode 100755
index 00000000000..4d2ce9ae3aa
--- /dev/null
+++ b/docs/htmldocs/using_samba/appb_02.html
@@ -0,0 +1,342 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix B] B.2 Samba Tuning</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:42:03Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_01.html" TITLE="B.1 A Simple Benchmark">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: B.1 A Simple Benchmark" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="appendix" REL="up" HREF="appb_01.html" TITLE="B. Samba Performance Tuning">
+Appendix B<br>
+Samba Performance Tuning</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_03.html" TITLE="B.3 Sizing Samba Servers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: B.3 Sizing Samba Servers" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appb-50295">
+B.2 Samba Tuning</a></h2><P CLASS="para">That being said, let's discuss how you can take an already fast networking package and make it even faster.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948325">
+B.2.1 Benchmarking</a></h3><P CLASS="para">Benchmarking is an arcane and somewhat black art, but the level of expertise needed for simple performance tuning is fairly low. Since the Samba server's goal in life is to transfer files, we will examine only throughput, not response time to particular events, under the benchmarking microscope. After all, it's relatively easy to measure file transfer speed, and Samba doesn't suffer too badly from response-time problems that would require more sophisticated techniques. </p><P CLASS="para">
+Our basic strategy for this work will be:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-948328">
+</a>Find a reasonably-sized file to copy and a program that reports on copy speeds, such as <I CLASS="filename">
+smbclient</i>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-948329">
+</a>Find a quiet (or typical) time to do the test.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-948330">
+</a>Pre-run each test a few times to preload buffers.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-948331">
+</a>Run tests several times and watch for unusual results.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-948332">
+</a>Record each run in detail.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-948333">
+</a>Compare the average of the valid runs to expected values.</p></li></ul><P CLASS="para">
+After establishing a baseline using this method, we can adjust a single parameter and do the measurements all over again. An empty table for your tests is provided at the end of this chapter.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948336">
+B.2.2 Things to Tweak</a></h3><P CLASS="para">
+There are literally thousands of Samba setting combinations that you can use in search of that perfect server. Those of us with lives outside of system administration, however, can narrow down the number of options to those listed in this section, which are the most likely to affect overall throughput. They are presented  roughly in order of impact.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948339">
+B.2.2.1 Log level</a></h4><P CLASS="para">This is an obvious one. Increasing the logging level (<CODE CLASS="literal">log</code> <CODE CLASS="literal">
+level</code> or <CODE CLASS="literal">
+debug</code> <CODE CLASS="literal">
+level</code> configuration options) is a good way to debug a problem, unless you happen to be searching for a performance problem! As mentioned in <a href="ch04_01.html"><b>Chapter 4, <CITE CLASS="chapter">Disk Shares</cite></b></a>, Samba produces a ton of debugging messages at level 3 and above, and writing them to disk or syslog is a slow operation. In our <I CLASS="filename">
+smbclient/ftp</i> tests, raising the log level from 0 to 3 cut the untuned <CODE CLASS="literal">
+get</code> <CODE CLASS="literal">
+speed</code> from 645.3 to 622.2KB/s, or roughly 5 percent. Higher log levels were even worse.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948342">
+B.2.2.2 Socket options</a></h4><P CLASS="para">
+The next thing to look at are the <CODE CLASS="literal">
+socket</code> <CODE CLASS="literal">
+options</code> configuration options. These are really host system tuning options, but they're set on a per-connection basis, and can be reset by Samba on the sockets it employs by adding <CODE CLASS="literal">
+socket</code> <CODE CLASS="literal">
+options</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+option</code> to the <CODE CLASS="literal">
+[global]</code> section of your <I CLASS="filename">
+smb.conf </i>file. Not all of these options are supported by all vendors; check your vendor's manual pages on <I CLASS="function">
+setsockopt </i>(1) or <I CLASS="function">
+socket </i>(5) for details.</p><P CLASS="para">
+The main options are:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+<CODE CLASS="literal">
+TCP_NODELAY</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Have the server send as many packets as necessary to keep delay low. This is used on telnet connections to give good response time, and is used&nbsp;- somewhat counter-intuitively&nbsp;- to get good speed even when doing small requests or when acknowledgments are delayed (as seems to occur with Microsoft TCP/IP). This is worth a 30-50 percent speedup by itself. Incidentally, in Samba 2.0.4, <CODE CLASS="literal">
+socket</code> <CODE CLASS="literal">
+options</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+TCP_NODELAY</code> became the default value for that option.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+IPTOS_LOWDELAY</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+This is another option that trades off throughput for lower delay, but which affects routers and other systems, not the server. All the IPTOS options are new; they're not supported by all operating systems and routers. If they are supported, set <CODE CLASS="literal">
+IPTOS_LOWDELAY</code> whenever you set <CODE CLASS="literal">
+TCP_NODELAY</code>.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+SO_SNDBUF</code> <CODE CLASS="literal">
+and</code> <CODE CLASS="literal">
+SO_RCVBUF</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+The send and receive buffers can often be the reset to a value higher than that of the operating system. This yields a marginal increase of speed (until it reaches a point of diminishing returns).  </p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+SO_KEEPALIVE</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+This initiates a periodic (four-hour) check to see if the client has disappeared. Expired connections are addressed somewhat better with Samba's <CODE CLASS="literal">
+keepalive</code> and <CODE CLASS="literal">
+dead</code> <CODE CLASS="literal">
+time</code> options. All three eventually arrange to close dead connections, returning unused memory and process-table entries to the operating system.</p></dd></dl><P CLASS="para">
+There are several other socket options you might look at, (e.g., <CODE CLASS="literal">
+SO_SNDLOWAT</code>), but they vary in availability from vendor to vendor. You probably want to look at <CITE CLASS="citetitle">
+TCP/IP Illustrated</cite> if you're interested in exploring more of these options for performance tuning with Samba.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948370">
+B.2.2.3 read raw and write raw</a></h4><P CLASS="para">These are important performance configuration options; they enable Samba to use large reads and writes to the network, of up to 64KB in a single SMB request. They also require the largest SMB packet structures, <CODE CLASS="literal">
+SMBreadraw</code> and <CODE CLASS="literal">
+SMBwriteraw</code>, from which the options take their names. Note that this is not the same as a Unix <EM CLASS="emphasis">
+raw read</em>. This Unix term usually refers to reading disks without using the files system, quite a different sense from the one described here for Samba.</p><P CLASS="para">
+In the past, some client programs failed if you tried to use <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+raw</code>. As far as we know, no client suffers from this problem any more. Read and write raw default to <CODE CLASS="literal">
+yes</code>, and should be left on unless you find you have one of the buggy clients.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948374">
+B.2.2.4 Opportunistic locking</a></h4><P CLASS="para">Opportunistic locks, or <EM CLASS="emphasis">
+oplocks</em>, allow clients to cache files locally, improving performance on the order of 30 percent. This option is now enabled by default. For read-only files, the <CODE CLASS="literal">
+fake</code> <CODE CLASS="literal">
+oplocks</code> provides the same functionality without actually doing any caching. If you have files that cannot be cached, <EM CLASS="emphasis">
+oplocks</em> can be turned off.</p><P CLASS="para">
+Database files should never be cached, nor should any files that are updated both on the server and the client and whose changes must be immediately visible. For these files, the <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+oplock</code> <CODE CLASS="literal">
+files</code> option allows you to specify a list of individual files or a pattern containing wildcards to avoid caching. <EM CLASS="emphasis">
+oplocks</em> can be turned off on a share-by-share basis if you have large groups of files you don't want cached on clients. See <a href="ch05_01.html"><b>Chapter 5, <CITE CLASS="chapter">Browsing and Advanced Disk Shares</cite></b></a>, for more information on opportunistic locks.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948378">
+B.2.2.5 IP packet size (MTU)</a></h4><P CLASS="para">Networks generally set a limit to the size of an individual transmission or packet This is called the Maximum Segment Size, or if the packet header size is included, the Maximum Transport Unit (MTU). This MTU is not set by Samba, but Samba needs to use a <CODE CLASS="literal">
+max</code> <CODE CLASS="literal">
+xmit</code> (write size) bigger than the MTU, or throughput will be reduced. This is discussed in further detail in the following note. The MTU is normally preset to 1500 bytes on an Ethernet and 4098 bytes on FDDI. In general, having it too low cuts throughput, and having it too high causes a sudden performance dropoff due to fragmentation and retransmissions.</p><P CLASS="para">
+If you are communicating over a router, some systems will assume the router is a serial link (e.g., a T1) and set the MTU to more or less 536 bytes. Windows 95 makes this mistake, which causes nearby clients to perform well, but clients on the other side of the router to be noticeably slower. If the client makes the opposite error and uses a large MTU on a link which demands a small one, the packets will be broken up into fragments. This slows transfers slightly, and any networking errors will cause multiple fragments to be retransmitted, which slows Samba significantly. Fortunately, you can modify the Windows MTU size to prevent either error. To understand this in more detail, see "The Windows 95 Networking Frequently Asked Questions (FAQ)" at <A CLASS="systemitem.url" HREF="http://www.stanford.edu/~llurch/win95netbugs/faq.html">
+http://www.stanford.edu/~llurch/win95netbugs/faq.html</a>, which explains how to override the Windows MTU and Window Size.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-19919">
+<a name="b226"></a>
+B.2.2.6 The TCP receive window</a></h4><P CLASS="para">TCP/IP works by breaking down data into small packets that can be transmitted from one machine to another. When each packet is transmitted, it contains a checksum that allows the receiver to check the packet data for potential errors in transmission. Theoretically, when a packet is received and verified, an acknowledgment packet should be sent back to the sender that essentially says, "Everything arrived intact: please continue."</p><P CLASS="para">
+In order to keep things moving, however, TCP accepts a range (window) of packets that allows a sender to keep transmitting without having to wait for an acknowledgment of every single packet. (It can then bundle a group of acknowledgments and transmit them back to the sender at the same time.) In other words, this receive window is the number of bytes that the sender can transmit before it has to stop and wait for a receiver's acknowledgment. Like the MTU, it is automatically set based on the type of connection. Having the window too small causes a lot of unnecessary waiting for acknowledgment messages. Various operating systems set moderate buffer sizes on a per-socket basis to keep one program from hogging all the memory.</p><P CLASS="para">
+The buffer sizes are assigned in bytes, such as <CODE CLASS="literal">
+SO_SNDBUF=8192</code> in the <CODE CLASS="literal">
+socket</code> <CODE CLASS="literal">
+options</code> line. Thus, an example <CODE CLASS="literal">
+socket</code> <CODE CLASS="literal">
+options</code> configuration option is: </p><PRE CLASS="programlisting">
+<CODE CLASS="literal">socket</code> <CODE CLASS="literal">options</code> <CODE CLASS="literal">=</code> <CODE CLASS="literal">SO_SNDBUF=8192</code> </pre><P CLASS="para">
+Normally, one tries to set these socket options higher than the default: 4098 in SunOS 4.1.3 and SVR4, and 8192-16384 in AIX, Solaris, and BSD. 16384 has been suggested as a good starting point: in a non-Samba test mentioned in Stevens' book, it yielded a 40 percent improvement. You'll need to experiment, because performance will fall off again if you set the sizes too high. This is illustrated in <A CLASS="xref" HREF="appb_02.html#appb-34738">
+Figure B.1</a>, a test done on a particular Linux system.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="appb-34738">
+Figure B.1: SO_SNDBUF size and performance</a></h4><IMG CLASS="graphic" SRC="figs/sam.ab01.gif" ALT="Figure B.1"><P CLASS="para">
+Setting the socket options <CODE CLASS="literal">
+O_SNDBUF</code> and <CODE CLASS="literal">
+SO_RCVBUF</code> to less than the default is inadvisable. Setting them higher improves performance, up to a network-specific limit. However, once you exceed that limit, performance will abruptly level off.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-960372">
+B.2.2.7 max xmit</a></h4><P CLASS="para">In Samba, the option that is directly related with the MTU and window size is <CODE CLASS="literal">
+max</code> <CODE CLASS="literal">
+xmit</code>. This option sets the largest block of data Samba will try to write at any one time. It's sometimes known as the <I CLASS="firstterm">
+write size</i>, although that is not the name of the Samba configuration option.</p><P CLASS="para">
+Because the percentage of each block required for overhead falls as the blocks get larger, max xmit is conventionally set as large as possible. It defaults to the protocol's upper limit, which is 64 kilobytes. The smallest value that doesn't cause significant slowdowns is 2048. If it is set low enough, it will limit the largest packet size that Samba will be able to negotiate. This can be used to simulate a small MTU if you need to test an unreliable network connection. However, such a test should not be used in production for reducing the effective MTU.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948396">
+B.2.2.8 read size</a></h4><P CLASS="para">If <CODE CLASS="literal">
+max</code> <CODE CLASS="literal">
+xmit</code> is commonly called the write size, you'd expect <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+size</code> to be the maximum amount of data that Samba would want to read from the client via the network. Actually, it's not. In fact, it's an option to trigger <I CLASS="firstterm">
+write ahead</i>. This means that if Samba gets behind reading from the disk and writing to the network (or vice versa) by the specified amount, it will start overlapping network writes with disk reads (or vice versa).</p><P CLASS="para">
+The read size doesn't have a big performance effect on Unix, unless you set its value quite small. At that point, it causes a detectable slowdown. For this reason, it defaults to 2048 and can't be set lower than 1024.</p></div><DIV CLASS="sect3">
+
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-950907"> 
+B.2.2.9 read prediction </a></h4>
+
+<P CLASS="para">Besides being counterintuitive, this option is also
+obsolete. It enables Samba to read ahead on files opened read only by the
+clients. The option is disabled in Samba 2.0 (and late 1.9) because it
+interferes with opportunistic locking.</p>
+
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-950907-add1"> 
+B.2.2.10 write cache size </a></h4>
+
+<P CLASS="para">
+This parameter was introduced in Samba 2.0.7 to allow tuning the
+write-size of RAID disks, as well as allowing general caching of
+writes on machines with lots of memory but slow disks.</p>
+
+<p> It specifies in bytes the size of a per-file write cache that
+Samba will create for an oplocked file. This can improve performance
+significantly by causing writes to be done in large 
+chunk sizes. </p>
+
+<p> Up to 10 write caches can be active simultaneously per smbd, each of
+the specified size, allocated to the first 10 oplocked files. As with 
+other filesystem caches, crashing before the data is written can corrupt
+files. </P>
+
+<p> Setting <CODE CLASS="literal"> sync always </CODE> will override the 
+write caching, and setting <CODE CLASS="literal">strict sync</CODE> will
+allow Windows clients to override it.  Alas, Windows Explorer defaults
+to setting the sync bit, so setting <CODE CLASS="literal">strict sync</CODE>
+can be a big performance hit.</p>
+
+<p> As it's new, we haven't many reports on the performance increase, and
+merely suspect it will be considerable.</p>
+</div></div><DIV CLASS="sect2">
+
+
+
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948407">
+B.2.3 Other Samba Options</a></h3><P CLASS="para">The following Samba options will affect performance if they're set incorrectly, much like the debug level. They're mentioned here so you will know what to look out for:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+<CODE CLASS="literal">hide files</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Providing a pattern to identify files hidden by the Windows client <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code> will result in any file matching the pattern being passed to the client with the DOS hidden attribute set. It requires a pattern match per file when listing directories, and slows the server noticeably.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+lpq cache time</code></dt><DD CLASS="listitem">
+<P CLASS="para">If your <CODE CLASS="literal">
+lpq</code> (printer queue contents) command takes a long time to complete, you should increase <CODE CLASS="literal">
+lpq</code> <CODE CLASS="literal">
+cache</code> <CODE CLASS="literal">
+time</code> to a value higher than the actual time required for <CODE CLASS="literal">
+lpq</code> to execute, so as to keep Samba from starting a new query when one's already running. The default is 10 seconds, which is reasonable.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+strict locking</code></dt><DD CLASS="listitem">
+<P CLASS="para">Setting the <CODE CLASS="literal">
+strict</code> <CODE CLASS="literal">
+locking</code> option causes Samba to check for locks on every access, not just when asked to by the client. The option is primarily a bug-avoidance feature, and can prevent ill-behaved DOS and Windows applications from corrupting shared files. However, it is slow and should typically be avoided.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+strict sync</code></dt><DD CLASS="listitem">
+<P CLASS="para">Setting <CODE CLASS="literal">
+strict</code> <CODE CLASS="literal">
+sync</code> will cause Samba to write each packet to disk and wait for the write to complete whenever the client sets the sync bit in a packet. Windows 98 Explorer sets the bit in all packets transmitted, so if you turn this on, anyone with Windows 98 will think Samba servers are horribly slow.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+sync always</code></dt><DD CLASS="listitem">
+<P CLASS="para">Setting <CODE CLASS="literal">
+sync</code> <CODE CLASS="literal">
+always</code> causes Samba to flush every write to disk. This is good if your server crashes constantly, but the performance costs are immense. SMB servers normally use oplocks and automatic reconnection to avoid the ill effects of crashes, so setting this option is not normally necessary.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">wide links</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Turning off <CODE CLASS="literal">
+wide</code> <CODE CLASS="literal">
+links</code> prevents Samba from following symbolic links in one file share to files that are not in the share. It is turned on by default, since following links in Unix is not a security problem. Turning it off requires extra processing on every file open. If you do turn off wide links, be sure to turn on <CODE CLASS="literal">
+getwd</code> <CODE CLASS="literal">
+cache</code> to cache some of the required data.</p><P CLASS="para">
+There is also a <CODE CLASS="literal">
+follow</code> <CODE CLASS="literal">
+symlinks</code> option that can be turned off to prevent following any symbolic links at all. However, this option does not pose a performance problem.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">getwd cache</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+This option caches the path to the current directory, avoiding long tree-walks to discover it. It's a nice performance improvement on a printer server or if you've turned off <CODE CLASS="literal">
+wide</code> <CODE CLASS="literal">
+links</code>.</p></dd></dl></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948430">
+B.2.4 Our Recommendations </a></h3><P CLASS="para">Here's an <I CLASS="filename">
+smb.conf</i> file that incorporates the recommended performance enhancements so far. Comments have been added on the right side.</p><PRE CLASS="programlisting">
+[global] 
+	log level = 1                      # Default is 0 
+	socket options = TCP_NODELAY IPTOS_LOWDELAY 
+	read raw = yes                     # Default 
+	write raw = yes                    # Default 
+	oplocks = yes                      # Default 
+	max xmit = 65535                   # Default 
+	dead time = 15                     # Default is 0
+	getwd cache = yes
+	lpq cache = 30
+[okplace] 
+	veto oplock files = this/that/theotherfile
+[badplace] 
+	oplocks = no</pre></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_01.html" TITLE="B.1 A Simple Benchmark">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: B.1 A Simple Benchmark" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_03.html" TITLE="B.3 Sizing Samba Servers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: B.3 Sizing Samba Servers" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+B.1 A Simple Benchmark</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+B.3 Sizing Samba Servers</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appb_03.html b/docs/htmldocs/using_samba/appb_03.html
new file mode 100755
index 00000000000..115be4daa37
--- /dev/null
+++ b/docs/htmldocs/using_samba/appb_03.html
@@ -0,0 +1,876 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix B] B.3 Sizing Samba Servers</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:42:12Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_02.html" TITLE="B.2 Samba Tuning">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: B.2 Samba Tuning" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="appendix" REL="up" HREF="appb_01.html" TITLE="B. Samba Performance Tuning">
+Appendix B<br>
+Samba Performance Tuning</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appc_01.html" TITLE="C. Samba Configuration Option Quick Reference">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: C. Samba Configuration Option Quick Reference" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="appb-22511">
+B.3 Sizing Samba Servers</a></h2><P CLASS="para">Sizing is a way to prevent bottlenecks before they occur. The preferred way to do this is to know how many requests per second or how many kilobytes per second the clients will need, and ensure that all the components of the server provide at least that many.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948449">
+B.3.1 The Bottlenecks</a></h3><P CLASS="para">The three primary bottlenecks you should worry about are CPU, disk I/O, and the network. For most machines, CPUs are rarely a bottleneck. A single Sun SPARC 10 CPU can start (and complete) between 700 and 800 I/O operations a second, giving approximately 5,600 to 6,400KB/s of throughput when the data averages around 8KBs (a common buffer size). A single Intel Pentium 133 can do less only because of somewhat slower cache and bus interfaces, not due to lack of CPU power. Purpose-designed Pentium servers, like some Compaq servers, will be able to start 700 operations per CPUs, on up to four CPUs.</p><P CLASS="para">
+Too little memory, on the other hand, can easily be a bottleneck; each Samba process will use between 600 and 800KB on Intel Linux, and more on RISC CPUs. Having less will cause an increase in virtual memory paging and therefore a performance hit. On Solaris, where it has been measured, <EM CLASS="emphasis">
+smbd</em> will use 2.6 MB for program and shared libraries, plus 768KB for each connected client. <EM CLASS="emphasis">
+nmbd</em> occupies 2.1 MB, plus 496KB extra for its (single) auxiliary process.</p><P CLASS="para">
+Hard disks will always bottleneck at a specific number of I/O operations per second: for example, each 7200 RPM SCSI disk is capable of performing 70 operations per second, for a throughput of 560KB/s; a 4800 RPM disk will perform fewer than 50, for a throughput of 360KB/s. A single IDE disk will do still fewer. If the disks are independent, or striped together in a RAID 1 configuration, they will each peak out at 400 to 560KB/s and will scale linearly as you add more. Note that this is true only of RAID 1. RAID levels other than 1 (striping) add extra overhead. </p><P CLASS="para">
+Ethernets (and other networks) are obvious bottleneck: a 10 Mb/s (mega<EM CLASS="emphasis">
+bits</em>/second) Ethernet will handle around 1100KB/s (kilo<EM CLASS="emphasis">
+bytes</em>/s) using 1500-byte packets A 100 Mb/s Fast Ethernet will bottleneck below 65,000KB/s with the same packet size. FDDI, at 155 Mb/s will top out at approximately 6,250KB/s, but gives good service at even 100 percent load and transmits much larger packets (4KB).</p><P CLASS="para">
+ATM should be much better, but as of the writing of this book it was too new to live up to its potential; it seems to deliver around 7,125 Mb/s using 9KB packets. </p><P CLASS="para">
+Of course, there can be other bottlenecks: more than one IDE disk per controller is not good, as are more than three 3600 SCSI-I disks per slow/narrow controller, or more than three 7200 SCSI-II disks per SCSI-II fast/wide controller. RAID 5 is also slow, as it requires twice as many writes as independent disks or RAID 1.</p><P CLASS="para">
+After the second set of Ethernets and the second disk controller, start worrying about bus bandwidth, especially if you are using ISA/EISA buses.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948459">
+B.3.2 Reducing Bottlenecks </a></h3><P CLASS="para">From the information above we can work out a model that will tell us the maximum capability of a given machine. The data is mostly taken from Brian Wong's <CITE CLASS="citetitle">
+Configuration and Capacity Planning for Solaris Servers</cite>,<CITE CLASS="citetitle">
+[<A CLASS="footnote" HREF="#appb-pgfId-951214">1</a>]</cite> so there is a slight Sun bias to our examples.</p><P CLASS="para">
+A word of warning: this is not a complete model. Don't assume that this model will predict every bottleneck or even be within 10 percent in its estimates. A model to predict performance instead of one to warn you of bottlenecks would be much more complex and would contain rules like "not more than three disks per SCSI chain". (A good book on real models is Raj Jain's <CITE CLASS="citetitle">
+The Art of Computer Systems Performance Analysis</cite>.[<A CLASS="footnote" HREF="#appb-pgfId-951230">2</a>]) With that warning, we present the system in <A CLASS="xref" HREF="appb_03.html#appb-98866">
+Figure B.2</a>. </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="appb-pgfId-951230">[2]</a> See Jain. Raj, <EM CLASS="emphasis">
+The Art of Computer Systems Performance Analysis</em>, New York, NY (John Wiley and Sons), 1991, ISBN 0-47-150336-3.</p></div></blockquote><H4 CLASS="figure">
+<A CLASS="title" NAME="appb-98866">
+Figure B.2: Data flow through a Samba server, with possible bottlenecks</a></h4><IMG CLASS="graphic" SRC="figs/sam.ab02.gif" ALT="Figure B.2"><P CLASS="para">
+The flow of data should be obvious. For example, on a read, data flows from the disk, across the bus, through or past the CPU, and to the network interface card (NIC). It is then broken up into packets and sent across the network. Our strategy here is to follow the data through the system and see what bottlenecks will choke it off. Believe it or not, it's rather easy to make a set of tables that list the maximum performance of common disks, CPUs, and network cards on a system. So that's exactly what we're going to do.</p><P CLASS="para">
+Let's take a concrete example: a Linux Pentium 133 MHz machine with a single 7200 RPM data disk, a PCI bus, and a 10-Mb/s Ethernet card. This is a perfectly reasonable server. We start with <A CLASS="xref" HREF="appb_03.html#appb-78077">
+Table B.2</a>, which describes the hard drive&nbsp;- the first potential bottleneck in the system. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-78077">
+Table B.2: Disk Throughput </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Disk RPM</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+I/O Operations/second</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+KB/second</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+7200</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+70</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+560</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4800</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+60</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+480</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3600</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+40</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+320</p></td></tr></tbody></table><P CLASS="para">
+Disk throughput is the number of kilobytes of data that a disk can transfer per second. It is computed from the number of 8KB I/O operations per second a disk can perform, which in turn is strongly influenced by disk RPM and bit density. In effect, the question is: how much data can pass below the drive heads in one second? With a single 7200 RPM disk, the example server will give us 70 I/O operations per second at roughly 560KB/s.</p><P CLASS="para">
+The second possible bottleneck is the CPU. The data doesn't actually flow through the CPU on any modern machines, so we have to compute throughput somewhat indirectly.</p><P CLASS="para">
+The CPU has to issue I/O requests and handle the interrupts coming back, then transfer the data across the bus to the network card. From much past experimentation, we know that the overhead that dominates the processing is consistently in the filesystem code, so we can ignore the other software being run. We compute the throughput by just multiplying the (measured) number of file I/O operations per second that a CPU can process by the same 8K average request size. This gives us the results shown in <A CLASS="xref" HREF="appb_03.html#appb-42029">
+Table B.3</a>.    </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-42029">
+Table B.3: CPU Throughput </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+CPU</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+I/O Operations/second</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+KB/second</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Intel Pentium 133</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+700</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+5,600</p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Dual Pentium 133</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1,200</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+9,600</p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sun SPARC II</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+660</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+5,280</p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sun SPARC 10</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+750</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+6,000</p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sun Ultra 200</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2,650</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+21,200</p>
+</td></tr></tbody></table><P CLASS="para">
+Now we put the disk and the CPU together: in the Linux example, we have a single 7200 RPM disk, which can give us 560KB/s, and a CPU capable of starting 700 I/O operations, which could give us 5600KB/s. So far, as you would expect, our bottleneck is clearly going to be the hard disk.</p><P CLASS="para">
+The last potential bottleneck is the network. If the network speed is below 100 Mb/s, the bottleneck will be the network speed. After that, the design of the network card is more likely to slow us down. <A CLASS="xref" HREF="appb_03.html#appb-67604">
+Table B.4</a> shows us the average throughput of many types of data networks. Although network speed is conventionally measured in bits per second, <A CLASS="xref" HREF="appb_03.html#appb-67604">
+Table B.4</a> lists bytes per second to make comparison with the disk and CPU (<A CLASS="xref" HREF="appb_03.html#appb-78077">Table B.2</a> and <A CLASS="xref" HREF="appb_03.html#appb-42029">
+Table B.3</a>) easier.</p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-67604">
+Table B.4: Network Throughput </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Type</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+KB/second</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ ISDN </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 16 </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ T1 </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 197 </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ Ethernet 10m </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 1,113 </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ Token ring </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 1,500 </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ FDDI </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 6,250 </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ Ethernet 100m </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 6,500[<A CLASS="footnote" HREF="#appb-pgfId-960131">3</a>]</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ ATM 155 </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ 7,125a </p></td></tr></tbody></table><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="appb-pgfId-960131">[3]</a> These will increase. For example, Crays, Sun Ultras, and DEC/Compaq Alphas already have bettered these figures.</p></div></blockquote><P CLASS="para">
+In the running example, we have a bottleneck at 560KB/s due to the disk. <A CLASS="xref" HREF="appb_03.html#appb-67604">
+Table B.4</a> shows us that a standard 10 megabit per second Ethernet (1,113KB/s) is far faster than the disk. Therefore, the hard disk is still the limiting factor. (This scenario, by the way, is very common.) Just by looking at the tables, we can predict that small servers won't have CPU problems, and that large ones with multiple CPUs will support striping and multiple Ethernets long before they start running out of CPU power. This, in fact, is exactly what happens.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948657">
+B.3.3 Practical Examples</a></h3><P CLASS="para">
+An example from <EM CLASS="emphasis">
+Configuration and Capacity Planning for Solaris Servers</em> (Wong) shows that a dual-processor SPARCstation 20/712 with four Ethernets and six 2.1 GB disks will spend all its time waiting for the disks to return some data. If it was loaded with disks (Brian Wong suggests as many as 34 of them), it would still be held below 1,200KB/s by the Ethernet cards. To get the performance the machine is capable of, we would need to configure multiple Ethernets, 100 Mbps Fast Ethernet, or 155 Mbps FDDI. </p><P CLASS="para">
+The progression you'd work through to get that conclusion looks something like <A CLASS="xref" HREF="appb_03.html#appb-26613">
+Table B.5</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-26613">
+Table B.5: Tuning a Medium-Sized Server </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Machine</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Disk Throughput</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+CPU Throughput</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Throughput</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Actual Throughput</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Dual SPARC 10, 1 disk </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+560</em></p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+6000 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1,113 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+560 </p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Add 5 more disks </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3,360 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+6000</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+1,113 </em></p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1,113 </p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Add 3 more Ethernets </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+3,360 </em></p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+16000</p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4,452 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3,360 </p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Change to using a 20-disk array </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+11,200 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+6000 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+4,452</em> </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4,452 </p>
+</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Use dual 100 Mbps ether </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+11,200 </em></p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+6000 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+13,000 </p>
+</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+11,200</p>
+</td></tr></tbody></table><P CLASS="para">
+Initially, the bottleneck is the disk with only 560 MB/s of throughput available. Our solution is to add five more disks. This gives us more throughput on the disks than on the Ethernet, so then the Ethernet becomes the problem. Consequently, as we continue to expand, we go back and forth several times between these two. As you add disks, CPUs, and network cards, the bottleneck moves. Essentially, the strategy is to add more equipment to try to avoid each bottleneck until you reach your target performance, or (unfortunately) you either can't add any more or run out of money.</p><P CLASS="para">
+Our experience bears out this kind of calculation; a large SPARC 10 file server that one author maintained was quite capable of saturating an Ethernet plus about a third of an FDDI ring when using two processors. It did nearly as well with a single processor, albeit with a fast operating system and judicious over-optimization.</p><P CLASS="para">
+The same process applies to other brands of purpose-designed servers. We found the same rules applied to DECstation 2100s as to the newest Alphas or Compaqs, old MIPS 3350s and new SGI O2s. In general, a machine offering multi-CPU server configurations will have enough bus bandwidth and CPU power to reliably bottleneck on hard disk I/O when doing file service. As one would hope, considering the cost!</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-pgfId-948730">
+B.3.4 How Many Clients can Samba Handle?</a></h3><P CLASS="para">
+Well, that depends entirely on how much data each user consumes. A small server with three SCSI-1 disks, which can serve about 960KB/s of data, will support between 36 and 80 clients in an ordinary office environment where they are typically loading, and saving equal-sized spreadsheets or word processing documents (36 clients  �  2.3 transfers/second  �  12k file 1 MB/s).</p><P CLASS="para">
+On the same server in a development environment with programmers running a fairly heavy edit-compile-test cycle, one can easily see requests for 1 MB/s, limiting the server to 25 or fewer clients. To take this a bit further, an imaging system whose clients each require 10 MB/s will perform poorly no matter how big a server is if they're all on a 10 MB/s Ethernet. And so on. </p><P CLASS="para">
+If you don't know how much data an average user consumes, you can size your Samba servers by patterning them after existing NFS, Netware, or LAN Manager servers. You should be especially careful that the new servers have as many disks and disk controllers as the ones you've copied. This technique is appropriately called "punt and hope."</p><P CLASS="para">
+If you know how many clients an existing server can support, you're in <EM CLASS="emphasis">
+much</em> better shape. You can analyze the server to see what its maximum capacity is and use that to estimate how much data they must be demanding. For example, if serving home directories to 30 PCs from a PC server with two IDE disks is just too slow, and 25 clients is about right, then you can safely assume you're bottlenecked on Ethernet I/O (approximately 375KB) rather than disk I/O (up to 640KB). If so, you can then conclude that the clients are demanding 15 (that is, 375/25)KB/s on average.</p><P CLASS="para">
+Supporting a new lab of 75 clients will mean you'll need 1,125KB/s, spread over multiple (preferably three) Ethernets, and a server with at least three 7200 RPM disks and a CPU capable of keeping up. These requirements can be met by a Pentium 133 or above with the bus architecture to drive them all at full speed (e.g., PCI).</p><P CLASS="para">
+A custom-built PC server or a multiprocessor-capable workstation like a Sun Sparc, a DEC/Compaq Alpha, an SGI, or the like, would scale up easier, as would a machine with fast Ethernet, plus a switching hub to drive the client machines on individual 10 MB/s Ethernets.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="appb-pgfId-948739">
+B.3.4.1 How to guess</a></h4><P CLASS="para">
+If you have no idea at all what you need, the best thing is to try to guess based on someone else's experience. Each individual client machine can average from less than 1 I/O per second (normal PC or Mac used for sales/accounting) to as much as 4 (fast workstation using large applications). A fast workstation running a compiler can happily average 3-4 MB/s in data transfer requests, and an imaging system can demand even more. </p><P CLASS="para">
+Our recommendation? Spy on someone with a similar configuration and try to estimate their bandwidth requirements from their bottlenecks and the volume of the screams from their users. We also recommend Brian Wong's <CITE CLASS="citetitle">
+Configuration and Capacity Planning for Solaris Servers</cite>. While he uses Sun Solaris foremost in his examples, his bottlenecks are disks and network cards, which are common among all the major vendors. His tables for FTP servers also come very close to what we calculated for Samba servers, and make a good starting point.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="appb-90359">B.3.5 Measurement Forms</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="appb_03.html#appb-82208">Table B.6</a> and <A CLASS="xref" HREF="appb_03.html#appb-34846">
+Table B.7</a> are empty tables that you can use for copying and recording data. The bottleneck calculation in the previous example can be done in a spreadsheet, or manually with Table B-8. If Samba is as good as or better than FTP, and if there aren't any individual test runs that are much different from the average, you have a well-configured system. If loopback isn't much faster than anything else, you have a problem with your TCP/IP software. If both FTP and Samba are slow, you probably have a problem with your networking: a faulty Ethernet card will produce this, as will accidentally setting an Ethernet card to half-duplex when it's not connected to a half-duplex hub. Remember that CPU and disk speeds are commonly measured in bytes, network speeds in bits. </p><P CLASS="para">
+We've included columns for both bytes and bits in the tables. In the last column, we compare results to 10 Mb/s because that's the speed of a traditional Ethernet.      <EM CLASS="emphasis">
+ </em></p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-82208">
+Table B.6: Ethernet Interface to Same Host: FTP </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Run No</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Size in Bytes</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Time (sec) </p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Bytes/sec</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Bits/sec</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+% of 10 Mb/s</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+5</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Average:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Deviation:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr></tbody></table><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-34846">
+Table B.7: Ethernet Interface to Same Host: FTP </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Run No</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Size in Bytes</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Time, sec </p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Bytes/sec</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Bits/sec</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+% of 10 Mb/s</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+5</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Average:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Deviation:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr></tbody></table><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-51003">
+Table B.8: Bottleneck Calculation Table</a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+CPU</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+CPUThroughput</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Number of Disks</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Disk Throughput</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Number of Networks</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Throughput</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Total Throughput</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr></tbody></table><P CLASS="para">
+In <A CLASS="xref" HREF="appb_03.html#appb-51003">
+Table B.8</a>:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-960325">
+</a>CPU throughput = (KB/second from Figure 6-5)  �  (number of CPUs)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-960301">
+</a>Disk throughput = (KB/second from Figure 6-4)  �  (number of disks)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-960305">
+</a>Network throughput = (KB/second from Figure 6-6)  �  (number of networks)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="appb-pgfId-960306">
+</a>Total throughput = min (Disk, CPU, and Network throughput)</p></li></ul><P CLASS="para">
+A typical test, in this case for an FTP <CODE CLASS="literal">
+get</code>, would be entered as in Table B-9: <EM CLASS="emphasis">
+ </em>  </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appb-37370">
+Table B.9: Ethernet Interface to Same Host: FTP </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Run No</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Size in Bytes</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Time, sec </p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Bytes/sec</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Bits/sec</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+% of 10 Mb/s</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1812898</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2.3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+761580</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2.3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+767820</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2.4</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+747420</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2.3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+760020</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+5</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2.3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+772700</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Average:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2.32</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+777310</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+6218480</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+62</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Deviation:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+0.04</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr></tbody></table><P CLASS="para">
+The Sparc example we used earlier would look like Table B-10. <EM CLASS="emphasis">
+ </em>   </p><P CLASS="para">
+</p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_02.html" TITLE="B.2 Samba Tuning">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: B.2 Samba Tuning" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appc_01.html" TITLE="C. Samba Configuration Option Quick Reference">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: C. Samba Configuration Option Quick Reference" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+B.2 Samba Tuning</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+C. Samba Configuration Option Quick Reference</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appc_01.html b/docs/htmldocs/using_samba/appc_01.html
new file mode 100755
index 00000000000..cd9d1ede353
--- /dev/null
+++ b/docs/htmldocs/using_samba/appc_01.html
@@ -0,0 +1,3497 @@
+<HTML>
+<HEAD>
+<TITLE>[Appendix C] Samba Configuration Option Quick Reference</title>
+</head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_03.html" TITLE="B.3 Sizing Samba Servers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: B.3 Sizing Samba Servers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Appendix C</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appd_01.html" TITLE="D. Downloading Samba with CVS">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: D. Downloading Samba with CVS" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="appendix">
+<A CLASS="title" NAME="appc-23653">
+C. Samba Configuration Option Quick Reference</a></h1><P CLASS="para">The following pages list each of the Samba configuration options. If an option is applicable only to the global section, "[global]" will appear before its name. Any lists mentioned are space separated, except where noted. A glossary of terms follows the options.</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>admin users = user list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: user list</p>
+
+<P CLASS="para">
+List of users who will be granted root permissions on the share by Samba.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>allow hosts = host list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: any</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+hosts allow</code>. List of machines that may connect to a share.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>alternate permissions = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Obsolete. Has no effect in Samba 2. Files will be shown as read-only if the owner can't write them. In Samba 1.9 and earlier, setting this option would set the DOS filesystem read-only attribute on any file the user couldn't read. This in turn required the <CODE CLASS="literal">
+delete readonly</code> option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] announce as = system type</i></b>
+<P CLASS="refpurpose">Default: NT</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: NT, Win95, WfW</p>
+
+<P CLASS="para">
+Have Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] announce version = number.number</i></b>
+<P CLASS="refpurpose">Default: 4.2</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: any</p>
+
+<P CLASS="para">
+Instructs Samba to announce itself as an older version SMB server. Discouraged.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] auto services = share list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: any shares</p>
+
+<P CLASS="para">
+List of shares that will always appear in browse lists. A synonym is <CODE CLASS="literal">
+preload</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>available = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to NO, denies access to a share. Doesn't affect browsing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] bind interfaces only = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, shares and browsing will be provided only on interfaces in an interfaces list (see <CODE CLASS="literal">
+interfaces</code>). New in Samba 1.9.18. If you set this option to YES, be sure to add 127.0.0.1 to the interfaces list to allow <EM CLASS="emphasis">
+smbpasswd</em> to connect to the local machine to change passwords. This is a convienence option; it does not improve security.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>browsable = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allows a share to be announced in browse lists.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>blocking locks = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, honors byte range lock requests with time limits for queuing the request and retrying it until the time period expires. New in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] browse list = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Turns on/off <CODE CLASS="literal">
+browse</code> <CODE CLASS="literal">
+list</code> from this server. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] case sensitive = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, uses exactly the case the client supplied when trying to resolve a filename. If NO, matches either upper- or lowercase name. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] case sig names = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+case sensitive</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] change notify timeout = number</i></b>
+<P CLASS="refpurpose">Default: 60</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: positive number</p>
+
+<P CLASS="para">
+Sets the number of seconds between checks when a client asks for notification of changes in a directory. Introduced in Samba 2.0 to limit the performance cost of the checks. Avoid lowering.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>character set = name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R</p>
+
+<P CLASS="para">
+If set, translates from DOS code pages to the Western European (ISO8859-1), Eastern European (ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian (KOI8-R) character set. The <CODE CLASS="literal">
+client code page</code> must be set to 850.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>client code page = name</i></b>
+<P CLASS="refpurpose">Default: 437 (US MS-DOS)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: See <a href="ch08_03.html#ch08-20815"><b>Table 8.4</b></a></p>
+
+<P CLASS="para">
+Sets the DOS code page explicitly, overriding any previous <CODE CLASS="literal">
+valid chars</code> settings. Examples of values are 850 for European, 437 is the US standard, and 932 for Japanese Shift-JIS. Introduced in Samba 1.9.19.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>coding system = code</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh, j8@b, j8@j, j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb, jubj, junet, jubh, ju@b, ju@j, ju@h</p>
+
+<P CLASS="para">
+Sets the coding system used, notably for Kanji. This is employed for filenames and should  correspond to the code page in use. The <CODE CLASS="literal">
+client code page</code> option must be set to 932 (Japanese Shift-JIS). Introduced in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>comment = text</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: a text string or NULL</p>
+
+<P CLASS="para">
+Sets the comment that appears beside a share in a NET VIEW or the details list of a Microsoft directory window. See also the <CODE CLASS="literal">
+server string</code> configuration option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] config file = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Selects an additional Samba configuration file to read instead of the current one. Used to relocate the configuration file, or used with %-variables to select custom configuration files for some users or machines. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>copy = section name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: existing section's name</p>
+
+<P CLASS="para">
+Copies the configuration of a previously seen share into the share where it appears. Used with %-variables to select custom configurations for machines, architectures and users. The copied section must be earlier in the configuration file. Copied options are of lesser priority than those explicitly listed in the section.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>create mask = octal value</i></b>
+<P CLASS="refpurpose">Default: 0744</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal permission bits, 0-0777</p>
+
+<P CLASS="para">
+Also called <CODE CLASS="literal">
+create mode</code>. Sets the maximum allowable permissions for new files (e.g., 0755). See also <CODE CLASS="literal">
+directory mask</code>. To require certain permissions to be set, see <CODE CLASS="literal">
+force create mask/force directory mask</code>. This option stopped affecting directories in Samba 1.9.17, and the default value changed in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>create mode = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0744</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal permission bits, 0-0777</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+create mask</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] deadtime = minutes</i></b>
+<P CLASS="refpurpose">Default: 0 </p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: minutes</p>
+
+<P CLASS="para">
+The time in minutes before an unused connection will be terminated. Zero means forever. Used to keep clients from tying up server resources forever. If used, clients will have to auto-reconnect after minutes of inactivity. See also <CODE CLASS="literal">
+keepalive</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] debug level = number</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Sets the logging level used. Values of 3 or more slow Samba noticeably. A synonym is <CODE CLASS="literal">
+log level</code>. Recommended value: 1.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] debug timestamp = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Timestamps all log messages. Can be turned off when it's not useful (e.g., in debugging). New in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] default = name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: share name</p>
+
+<P CLASS="para">
+Also called <CODE CLASS="literal">
+default service</code>. The name of a service (share) to provide if someone requests a service they don't have permission to use or which doesn't exist. As of Samba 1.9.14, the path will be set from the name the client specified, with any "_" characters changed to "/" characters, allowing access to any directory on the Samba server. Use is strongly discouraged.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>default case = case</i></b>
+<P CLASS="refpurpose">Default: LOWER</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: LOWER, UPPER</p>
+
+<P CLASS="para">
+Sets the case in which to store new filenames. LOWER indicates mixed case, UPPER indicates uppercase letters.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] default service = share name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: share name</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+default</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>delete readonly = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: NO, YES</p>
+
+<P CLASS="para">
+Allow delete requests to remove read-only files. This is not allowed in DOS/Windows, but is normal in Unix, which has separate directory permissions. Used with programs like RCS, or with the older <CODE CLASS="literal">
+alternate permissions</code> option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>delete veto files = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: NO, YES</p>
+
+<P CLASS="para">
+Allow delete requests for a directory containing files or subdirectories the user can't see due to the <CODE CLASS="literal">
+veto files</code> option. If set to NO, the directory will not be deleted and will still contain invisible files.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>deny hosts = host list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: host list</p>
+
+<P CLASS="para">
+A synonym is <CODE CLASS="literal">
+hosts deny</code>. Specifies a list of machines from which to refuse connections or shares.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] dfree command = command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: shell command</p>
+
+<P CLASS="para">
+A command to run on the server to return disk free space. Not needed unless the OS command does not work properly.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>directory = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+path</code>. A directory provided by a file share, or used by a printer share. Set automatically in the <CODE CLASS="literal">
+[homes]</code> share to user's home directory, otherwise defaults to<I CLASS="filename">
+ /tmp</i>. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>directory mask = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0755</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal value from 0 to 0777</p>
+
+<P CLASS="para">
+Also called <CODE CLASS="literal">
+directory mode</code>. Sets the maximum allowable permissions for newly created directories. To require certain permissions be set, see the <CODE CLASS="literal">
+force create mask</code> and <CODE CLASS="literal">
+force directory mask</code> options.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>directory mode = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0755</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal value from 0 to 0777</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+directory mask</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] dns proxy = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, and if <CODE CLASS="literal">
+wins server = YES</code>, look up hostnames in DNS if they are not found using WINS.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] domain logons = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allow Windows 95/98 or NT clients to log on to an NT-like domain.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] domain master = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Become a domain master browser list collector if possible for the entire workgroup/domain. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>dont descend = comma-list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: comma-separated list of paths</p>
+
+<P CLASS="para">
+Does not allow a change directory or search in the directories specified. This is a browsing convenience option; it doesn't provide any extra security.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>dos filetimes = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allow non-owners to change file times if they can write to the file. See also <CODE CLASS="literal">
+dos filetime resolution</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>dos filetime resolution = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Set file times on Unix to match DOS standards (round to next even second). Recommended if using Visual C++ or a PC <EM CLASS="emphasis">
+make</em> program to avoid remaking the programs unnecesarily. Use with the <CODE CLASS="literal">
+dos filetimes</code> option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] encrypt passwords = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Uses Windows NT-style password encryption. Requires an <I CLASS="filename">
+smbpasswd</i> on the Samba server.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>exec = command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: shell command</p>
+
+<P CLASS="para">
+Synonym of <CODE CLASS="literal">
+preexec</code>, a command to run as the user just before connecting to the share.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>fake directory create times = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Bug fix for users of Microsoft <EM CLASS="emphasis">
+nmake</em>. If set, Samba will set directory create times such that <EM CLASS="emphasis">
+nmake</em> won't remake all files every time.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>fake oplocks = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Return YES whenever a client asks if it can lock a file and cache it locally, but does not enforce lock on the server. Use only for read-only disks, as Samba now supports real <CODE CLASS="literal">
+oplocks</code> and has per-file overrides. See also <CODE CLASS="literal">
+oplocks</code> and <CODE CLASS="literal">
+veto oplock files</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>follow symlinks = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, Samba will follow symlinks in a file share or shares. See the <CODE CLASS="literal">
+wide links</code> option if you want to restrict symlinks to just the current share.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>force create mask = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal value from 0 to 0777</p>
+
+<P CLASS="para">
+Provides bits that will be <CODE CLASS="literal">
+OR</code>ed into the permissions of newly created files. Used with the <CODE CLASS="literal">
+create mode</code> configuration option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>force create mode = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal value from 0 to 0777</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+force create mask</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>force directory mask = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal value from 0 to 0777</p>
+
+<P CLASS="para">
+Provides bits that will be <CODE CLASS="literal">
+OR</code>ed into the permissions of newly created directories, forcing those bits to be set. Used with <CODE CLASS="literal">
+directory mode</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>force directory mode = octal permission bits</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: octal value from 0 to 0777</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+directory</code> <CODE CLASS="literal">
+mask</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>force group = unix group</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: group</p>
+
+<P CLASS="para">
+Sets the effective group name assigned to all users accessing a share. Used to override user's normal groups.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>force user = name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: username</p>
+
+<P CLASS="para">
+Sets the effective username assigned to all users accessing a share. Discouraged.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>fstype = string</i></b>
+<P CLASS="refpurpose">Default: NTFS</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: NTFS, FAT, Samba</p>
+
+<P CLASS="para">
+Sets the filesystem type reported to the client. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] getwd cache = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Cache current directory for performance. Recommended with the <CODE CLASS="literal">
+wide links</code> option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>group = group</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: unix group</p>
+
+<P CLASS="para">
+An obsolete form of <CODE CLASS="literal">
+force group</code>. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>guest account = user</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: username</p>
+
+<P CLASS="para">
+Sets the name of the unprivileged Unix account to use for tasks like printing and for accessing shares marked with <CODE CLASS="literal">
+guest ok</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>guest ok = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, passwords are not needed for this share. Synonym of <CODE CLASS="literal">
+public</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>guest only = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Forces user of a share to do so as the guest account. Requires <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> or <CODE CLASS="literal">
+public</code> to be <CODE CLASS="literal">
+yes</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>hide dot files = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Treats files beginning with a dot in a share as if they had the DOS/Windows hidden attribute set.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>hide files = slash-separated list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of patterns, separated by <CODE CLASS="literal">
+/</code> characters</p>
+
+<P CLASS="para">
+List of file or directory names to set the DOS hidden attribute on. Names may contain <CODE CLASS="literal">
+?</code> or <CODE CLASS="literal">
+*</code> pattern-characters and <CODE CLASS="literal">
+%</code>-variables. See also <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+dot</code> <CODE CLASS="literal">
+files</code> and <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+files</code>. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] homedir map = NIS map name</i></b>
+<P CLASS="refpurpose">Default: auto.home</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: NIS map name</p>
+
+<P CLASS="para">
+Used with <CODE CLASS="literal">
+nis homedir</code> to locate user's Unix home directory from Sun NIS (not NIS+).</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>hosts allow = host list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of hostnames</p>
+
+<P CLASS="para">
+Synonym of <CODE CLASS="literal">
+allow hosts</code>, a list of machines that can access a share or shares. If NULL (the default) any machine can access the share unless there is a <CODE CLASS="literal">
+hosts deny</code> option. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>hosts deny = host list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of hostnames</p>
+
+<P CLASS="para">
+Synonym of <CODE CLASS="literal">
+deny hosts</code>, a list of machines that cannot connect to a share or shares. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] hosts equiv = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Path to a file of trusted machines from which password-less logins are allowed. Strongly discouraged, because Windows/NT users can always override the user name, the only security in this scheme.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>include = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Include the named file in <I CLASS="filename">
+smb.conf</i> at the line where it appears. This option does not understand the variables <CODE CLASS="literal">
+%u</code> (user), <CODE CLASS="literal">
+%P</code> (current share's root directory), or <CODE CLASS="literal">
+%S</code> (current share name), because they are not set at the time the file is read.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<!-- added for 2.0.7,. davecb -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>inherit permissions = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set, subdirectories will be created with the same permissions
+as the directory they are in.  This overrides
+<CODE CLASS="literal">create mask, directory mask, force create mode
+</CODE> and <CODE CLASS="literal"> force directory mode</CODE>, but
+not <CODE CLASS="literal">map archive, map hidden </CODE> and <CODE CLASS="literal">
+map system</CODE>. Will never set the <CODE CLASS="literal">setuid
+</CODE> bit. New in 2.0.7, this is a means of ensuring Unix permissions
+can be propagated to subdirectories, especially in [homes].<p>
+
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+<!-- end of 2.0.7 -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] interfaces = interface list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: IP addresses separated by spaces</p>
+
+<P CLASS="para">
+Sets the interfaces to which Samba will respond. The default is the machine's primary interface only. Recommended on multihomed machines or to override erroneous addresses and netmasks.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>invalid users = user list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of users</p>
+
+<P CLASS="para">
+List of users that will not be permitted access to a share or shares. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] keepalive = number</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number of seconds</p>
+
+<P CLASS="para">
+Number of seconds between checks for a crashed client. The default of 0 causes no checks to be performed. Recommended if you want checks more often than every four hours. 3600 (10 minutes) is reasonable. See also <CODE CLASS="literal">
+socket options</code> for another approach.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] kernel oplocks = boolean</i></b>
+<P CLASS="refpurpose">Default: automatic</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Break oplock when a Unix process accesses an <EM CLASS="emphasis">
+oplocked</em> file, preventing corruption. Set to YES on operating systems supporting this, otherwise set to NO. New in Samba 2.0; supported on SGI, and hopefully soon on Linux and BSD. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] ldap filter = various</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: various</p>
+
+<P CLASS="para">
+Options beginning with <CODE CLASS="literal">
+ldap</code> are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] ldap port = various</i></b>
+<P CLASS="refpurpose">Default: various</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: various</p>
+
+<P CLASS="para">
+Options beginning with <CODE CLASS="literal">
+ldap</code> are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] ldap root = various</i></b>
+<P CLASS="refpurpose">Default: various</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: various</p>
+
+<P CLASS="para">
+Options beginning with <CODE CLASS="literal">
+ldap</code> are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] ldap server = various</i></b>
+<P CLASS="refpurpose">Default: various</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: various</p>
+
+<P CLASS="para">
+Options beginning with <CODE CLASS="literal">
+ldap</code> are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] ldap suffix = various</i></b>
+<P CLASS="refpurpose">Default: various</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: various</p>
+
+<P CLASS="para">
+Options beginning with <CODE CLASS="literal">
+ldap</code> are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] load printers = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Load all printer names from the system printer capabilities into browse list. Uses configuration options from the <CODE CLASS="literal">
+[printers]</code> section.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] local master = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Stands for election as the local master browser. See also <CODE CLASS="literal">
+domain master</code> and <CODE CLASS="literal">
+os level</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] lm announce = value</i></b>
+<P CLASS="refpurpose">Default: AUTO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: AUTO, YES, NO</p>
+
+<P CLASS="para">
+Produce OS/2 SMB broadcasts at an interval specified by the <CODE CLASS="literal">
+lm interval</code> option. YES/NO turns them on/off unconditionally. AUTO causes the Samba server to wait for a LAN Manager announcement from another client before sending one out. Required for OS/2 client browsing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] lm interval = seconds</i></b>
+<P CLASS="refpurpose">Default: 60</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Sets the time period, in seconds, between OS/2 SMB broadcast announcements.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] lock directory = pathname</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+/usr/local/samba/var/locks</em></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Set a directory to keep lock files in. The directory must be writable by Samba, readable by everyone.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>locking = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Perform file locking. If set to NO, Samba will accept lock requests but will not actually lock resources. Recommended only for read-only file systems.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] log file = pathname</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Set name and location of the log file. Allows all %-variables.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] log level = number</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+A synonym of <CODE CLASS="literal">
+debug level</code>. Sets the logging level used. Values of 3 or more slow the system noticeably.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] logon drive = drive</i></b>
+<P CLASS="refpurpose">Default: None</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: DOS drive name</p>
+
+<P CLASS="para">
+Sets the drive on Windows NT (only) of the <CODE CLASS="literal">
+logon path</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] logon home = path</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+\\</em><CODE CLASS="replaceable"><I>%</i></code></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Sets the home directory of a Windows 95/98 or NT Workstation user. Allows <CODE CLASS="literal">
+NET</code> <CODE CLASS="literal">
+USE</code> <CODE CLASS="literal">
+H:/HOME</code> from the command prompt.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] logon path = pathname</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+\\</em><CODE CLASS="replaceable"><I>N</i></code><EM CLASS="emphasis">\</em><CODE CLASS="replaceable"><I>%U</i></code><EM CLASS="emphasis">\profile</em></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Windows pathname</p>
+
+<P CLASS="para">
+Sets path to Windows profile directory. This contains <EM CLASS="emphasis">
+USER.MAN</em> and/or <EM CLASS="emphasis">
+USER.DAT</em> profile files and the Windows 95 Desktop, Start Menu, Network Neighborhood, and programs folders. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] logon script = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Sets pathname relative to <CODE CLASS="literal">
+[netlogin]</code> share of a DOS/NT script to run on the client at login time. Allows all %-variables.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>lppause command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualfied Unix shell command</p>
+
+<P CLASS="para">
+Sets the command to pause a print job. Honors the <CODE CLASS="literal">
+%p</code> (printer name) and <CODE CLASS="literal">
+%j</code> (job number) variables. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>lpresume command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets the command to resume a paused print job. Honors the <CODE CLASS="literal">
+%p</code> (printer name) and <CODE CLASS="literal">
+%j</code> (job number) variables. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] lpq cache time = seconds</i></b>
+<P CLASS="refpurpose">Default: 10</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number of seconds</p>
+
+<P CLASS="para">
+Sets how long to keep print queue (<CODE CLASS="literal">lpq</code>) status is cached, in seconds.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>lpq command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualfied Unix shell command</p>
+
+<P CLASS="para">
+Sets the command used to get printer status. Usually initialized to a default value by the <CODE CLASS="literal">
+printing</code> option. Honors the <CODE CLASS="literal">
+%p</code> (printer name) variable.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>lprm command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets the command to delete a print job. Usually initialized to a default value by the <CODE CLASS="literal">
+printing</code> option. Honors the <CODE CLASS="literal">
+%p</code> (printer name) and <CODE CLASS="literal">
+%j</code> (job number) variables.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>machine password timeout = seconds</i></b>
+<P CLASS="refpurpose">Default: 604,800</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number of seconds</p>
+
+<P CLASS="para">
+Sets the period between (NT domain) machine password changes. Default is 1 week, or 604,800 seconds.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>magic output = pathname</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+script.out</em></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Sets the output file for the discouraged <CODE CLASS="literal">
+magic scripts</code> option. Default is the script name, followed by the extension <EM CLASS="emphasis">
+.out</em>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>magic script = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Sets a filename for execution via a shell whenever the file is closed from the client, to allow clients to run commands on the server. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>mangle case = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: allowable values: YES, NO</p>
+
+<P CLASS="para">
+Mangle a name if it is in mixed case.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>mangled map = map list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of to-from pairs</p>
+
+<P CLASS="para">
+Set up a table of names to remap (e.g., <EM CLASS="emphasis">
+.html</em> to <EM CLASS="emphasis">
+.htm</em>). </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>mangled names = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Sets Samba to abbreviate names that are too long or have unsupported characters to the DOS 8.3 style. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>mangling char = character</i></b>
+<P CLASS="refpurpose">Default: ~</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: character</p>
+
+<P CLASS="para">
+Sets the unique mangling character used in all mangled names.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] mangled stack = number</i></b>
+<P CLASS="refpurpose">Default: 50</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Sets the size of a cache of recently-mangled filenames.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>map aliasname = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Points to a file of Unix group/NT group pairs, one per line. This is used to map NT aliases to Unix group names. See also the configuration options <CODE CLASS="literal">
+username</code> <CODE CLASS="literal">
+map</code> and <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+groupname</code>. Introduced in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>map archive = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, Samba sets the executable-by-user (0100) bit on Unix files if the DOS archive attribute is set. Recommended: if used, the <CODE CLASS="literal">
+create mask</code> must contain the 0100 bit.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>map hidden = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, sets executable-by-other (0001) bit on Unix files if the DOS hidden attribute is set. If used, the <CODE CLASS="literal">
+create mask</code> option must contain the  0001 bit.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>map groupname = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Points to a file of Unix group/NT group, one per line. This is used to map NT group names to Unix group names. See also the configuration options <CODE CLASS="literal">
+username</code> <CODE CLASS="literal">
+map</code> and <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+aliasname</code>. Introduced in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>map system = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, Samba sets the executable-by-group (0010) bit on Unix files if the DOS system attribute is set. If used, the <CODE CLASS="literal">
+create mask</code> must contain the  0010 bit.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>max connections = number</i></b>
+<P CLASS="refpurpose">Default: 0 (infinity)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Set maximum number of connections allowed to a share from each individual client machine.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max disk size = number</i></b>
+<P CLASS="refpurpose">Default: 0 (unchanged)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: size in MB</p>
+
+<P CLASS="para">
+Sets maximum disk size/free-space size (in megabytes) to return to client. Some clients or applications can't understand large maximum disk sizes.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max log size = number</i></b>
+<P CLASS="refpurpose">Default: 5000</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: size in KB</p>
+
+<P CLASS="para">
+Sets the size (in kilobytes) at which Samba will start a new log file. The current log file will be renamed with an <EM CLASS="emphasis">
+.old</em> extension, replacing any previous file with that name. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max mux = number</i></b>
+<P CLASS="refpurpose">Default: 50</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Sets the number of simultaneous operations that Samba clients may make. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max packet = number</i></b>
+<P CLASS="refpurpose">Default: N/A</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+packet size</code>. Obsolete as of Samba 1.7. Use <CODE CLASS="literal">
+max xmit</code> instead.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max open files = number</i></b>
+<P CLASS="refpurpose">Default: 10,000</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Limits the number of files a Samba process will try to keep open at one time. Samba allows you to set this to less than the Unix maximum. This option is a workaround for a separate problem. Avoid changing. This option was introduced in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max ttl = seconds</i></b>
+<P CLASS="refpurpose">Default: 14400 (4 hrs)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: time in seconds</p>
+
+<P CLASS="para">
+Sets the time to keep NetBIOS names in <EM CLASS="emphasis">
+nmbd</em> cache while trying to perform a lookup on it. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max wins ttl = seconds</i></b>
+<P CLASS="refpurpose">Default: 259200 (3 days)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: time in seconds</p>
+
+<P CLASS="para">
+Limits time-to-live of a NetBIOS name in <EM CLASS="emphasis">
+nmbd</em> WINS cache, in seconds. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] max xmit = bytes</i></b>
+<P CLASS="refpurpose">Default: 65535</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: size in bytes</p>
+
+<P CLASS="para">
+Sets maximum packet size that will be negotiated by Samba. Tuning parameter for slow links and older client bugs. Values less than 2048 are discouraged.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] message command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: shell command</p>
+
+<P CLASS="para">
+Sets the command on the server to run when a WinPopup message arrives from a client. The command must end in "<CODE CLASS="literal">&amp;</code>" to allow immediate return. Honors all %-variables except <CODE CLASS="literal">
+%u</code> (user), and supports the extra variables <CODE CLASS="literal">
+%s</code> (filename the message is in), <CODE CLASS="literal">
+%t</code> (destination machine), and <CODE CLASS="literal">
+%f</code> (from).</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>min print space = kilobytes</i></b>
+<P CLASS="refpurpose">Default: 0 (unlimited)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: space in KB</p>
+
+<P CLASS="para">
+Sets minimum spool space required before accepting a print request.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<!-- 2.0.7, davecb -->
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>min password length  = characters</i></b>
+<P CLASS="refpurpose">Default: 5</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: decimal number of characters</p>
+
+<P CLASS="para">
+Sets the shortest password Samba will pass to the Unix passwd command.
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+<!-- sne 2.0.7 -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] min wins ttl = seconds</i></b>
+<P CLASS="refpurpose">Default: 21600 (6 hrs)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: time in seconds</p>
+
+<P CLASS="para">
+Sets minimum time-to-live of a NetBIOS name in <EM CLASS="emphasis">
+nmbd</em> WINS cache, in seconds. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>name resolve order = list</i></b>
+<P CLASS="refpurpose">Default: lmhosts wins hosts bcast</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of lmhosts, wins, hosts and bcast</p>
+
+<P CLASS="para">
+Sets order of lookup when trying to get IP address from names. The <CODE CLASS="literal">
+hosts</code> parameter carrries out a regular name look up using the server's normal sources: <EM CLASS="emphasis">
+/etc/hosts</em>, DNS, NIS, or a combination of them. Introduced in Samba 1.9.18p4.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] netbios aliases = list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of netbios names</p>
+
+<P CLASS="para">
+Adds additional NetBIOS names by which a Samba server will advertise itself.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>netbios name = hostname</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: host name</p>
+
+<P CLASS="para">
+Sets the NetBIOS name by which a Samba server is known, or primary name if NetBIOS aliases exist. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<!-- 2.0.7, davecb -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>netbios scope = string</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: string</p>
+
+<P CLASS="para">
+Sets the NetBIOS scope string. Samba will not communicate with a machine
+with a different scope. This was an early predecessor of workgroups: avoid
+setting it. Added in 2.0.7. <!-- why was it added, anyway? -->
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+<!-- end 2.0.7 -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] networkstation user login = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to NO, clients will not do a full login when <CODE CLASS="literal">
+security = server</code>. Avoid changing. Turning it off is a temporary workaround (introduced in Samba 1.9.18p3) for NT trusted domains bug. Automatic correction was introduced in Samba 1.9.18p10; the parameter may eventually be removed.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] nis homedir = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, the <CODE CLASS="literal">
+homedir map</code> will be used to look up the user's home-directory server name and return it to the client. The client will contact that machine to connect to the share. This avoids mounting from a machine that doesn't actually have the disk. The machine with the home directories must be an SMB server.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] nt pipe support = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allows turning off NT-specific pipe calls. This is a developer/benchmarking option and may be removed in the future. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] nt smb support = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, allow NT-specific SMBs to be used. This is a developer/benchmarking option and may be removed in the future. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] null passwords = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, allows access to accounts that have null passwords. Strongly discouraged.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>ole locking compatibility = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, locking ranges will be mapped to avoid Unix locks crashing when Windows uses locks above 32KB. You should avoid changing this option. Introduced in Samba 1.9.18p10. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>only guest = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+A synonym for <CODE CLASS="literal">
+guest only</code>. Forces user of a share to login as the guest account. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>only user = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Requires that users of the share be on a <CODE CLASS="literal">
+username =</code> list. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>oplocks = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, support local caching of <EM CLASS="emphasis">
+opportunistic</em> locked files on client. This option is recommended because it improves performance by about 30%. See also <CODE CLASS="literal">
+fake</code> <CODE CLASS="literal">
+oplocks</code> and <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+oplock</code> <CODE CLASS="literal">
+files</code>. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] os level = number</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Sets the candidacy of the server when electing a browse master. Used with the <CODE CLASS="literal">
+domain</code> <CODE CLASS="literal">
+master</code> or <CODE CLASS="literal">
+local</code> <CODE CLASS="literal">
+master</code> options. You can set a higher value than a competing operating system if you want Samba to win. Windows for Workgroups and Windows 95 use 1, Windows NT client uses 17, and Windows NT Server uses 33.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] packet size = bytes</i></b>
+<P CLASS="refpurpose">Default: 65535</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number in bytes</p>
+
+<P CLASS="para">
+Obsolete. Discouraged synonym of <CODE CLASS="literal">
+max packet</code>. See <CODE CLASS="literal">
+max xmit</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] passwd chat debug = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Logs an entire password chat, including passwords passed, with a log level of 100. For debugging only. Introduced in Samba 1.9.18p5.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] passwd chat = command sequence</i></b>
+<P CLASS="refpurpose">Default: compiled-in value</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix server commands</p>
+
+<P CLASS="para">
+Sets the command used to change passwords on the server. Supports the variables <CODE CLASS="literal">
+%o</code> (old password) and <CODE CLASS="literal">
+%n</code> (new password) and allows <CODE CLASS="literal">
+\r</code> <CODE CLASS="literal">
+\n</code> <CODE CLASS="literal">
+\t</code> and <CODE CLASS="literal">
+\s</code> (space) escapes in the sequence.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] passwd program = program</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix server program</p>
+
+<P CLASS="para">
+Sets the command used to change user's password. Will be run as <CODE CLASS="literal">
+root</code>. Supports <CODE CLASS="literal">
+%u</code> (user).</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] password level = number</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Specifies the number of uppercase letter permutations used to match passwords. Workaround for clients that change passwords to a single case before sending them to the Samba server. Causes repeated login attempts with passwords in different cases, which can trigger account lockouts. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] password server = netbios names</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of NetBIOS names</p>
+
+<P CLASS="para">
+A list of SMB servers that will validate passwords for you. Used with an NT password server (PDC or BDC) and the <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+server</code> or <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+domain</code> configuration options. Caution: an NT password server must allow logins from the Samba server.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>panic action = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualfied Unix shell command</p>
+
+<P CLASS="para">
+Sets the command to run when Samba panics. For Samba developers and testers, <CODE CLASS="literal">
+/usr/bin/X11/xterm -display :0 -e gdb /samba/bin/smbd %d</code> is a possible value.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>path = pathname</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Sets the path to the directory provided by a file share or used by a printer share. Set automatically in <CODE CLASS="literal">
+[homes]</code> share to user's home directory, otherwise defaults to<I CLASS="filename">
+ /tmp</i>. Honors the <CODE CLASS="literal">
+%u</code> (user) and <CODE CLASS="literal">
+%m</code> (machine) variables.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>postexec = /absolute_  path/command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets a command to run as the user after disconnecting from the share. See also the options <CODE CLASS="literal">
+preexec</code>, <CODE CLASS="literal">
+root preexec</code>, and <CODE CLASS="literal">
+root postexec</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>postscript = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Flags a printer as PostScript to avoid a Windows bug by inserting <CODE CLASS="literal">
+%!</code> as the first line. Works only if printer actually is PostScript compatible.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>preexec = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets a command to run as the user before connecting to the share. See also the options <CODE CLASS="literal">
+postexec</code>, <CODE CLASS="literal">
+root preexec</code>, and <CODE CLASS="literal">
+root postexec</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] preferred master = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, Samba is preferred to become the master browser. Causes Samba to call a browsing election when it comes online.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>preload = share list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of services</p>
+
+<P CLASS="para">
+Synonym of <CODE CLASS="literal">
+auto</code> <CODE CLASS="literal">
+services</code>. Specifies a list of shares that will always appear in browse lists.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>preserve case = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, this option leaves filenames in the case sent by client. If no, it forces filenames to the case specified by the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> option. See also <CODE CLASS="literal">
+short preserve case</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>print command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets the command used to send a spooled file to the printer. Usually initialized to a default value by the <CODE CLASS="literal">
+printing</code> option. This option honors the <CODE CLASS="literal">
+%p</code> (printer name), <CODE CLASS="literal">
+%s</code> (spool file) and <CODE CLASS="literal">
+%f</code> (spool file as a relative path) variables. Note that the command in the value of the option must include file deletion of the spool file.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>print ok = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Synonym of <CODE CLASS="literal">
+printable</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>printable = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Sets a share to be a print share. Required for all printers.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] printcap name = pathname</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+/etc/printcap</em></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Sets the path to the printer capabilities file used by the <CODE CLASS="literal">
+[printers]</code> share. The default value changes to <I CLASS="filename">
+/etc/qconfig</i> under AIX and <I CLASS="filename">
+lpstat</i> on System V.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>printer = name</i></b>
+<P CLASS="refpurpose">Default: <CODE CLASS="literal">
+lp</code></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: printer name</p>
+
+<P CLASS="para">
+Sets the name of the Unix printer.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>printer driver = printer driver name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: exact printer driver string used by Windows</p>
+
+<P CLASS="para">
+Sets the string to pass to Windows when asked what driver to use to prepare files for a printer share. Note that the value is case sensitive.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] printer driver file = path</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+samba-lib/printers.def</em></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Sets the location of a<EM CLASS="emphasis">
+ msprint.def</em> file, usable by Windows 95/98.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>printer driver location = path</i></b>
+<P CLASS="refpurpose">Default: <EM CLASS="emphasis">
+\\</em><CODE CLASS="replaceable"><I>server</i></code><EM CLASS="emphasis">\PRINTER$</em></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Windows network path</p>
+
+<P CLASS="para">
+Sets the location of the driver for a particular printer. The value is a pathname for a share that stores the printer driver files.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>printer name = name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: name</p>
+
+<P CLASS="para">
+Synonym of <CODE CLASS="literal">
+printer</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>printing = style</i></b>
+<P CLASS="refpurpose">Default: bsd</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: bsd, sysv, hpux, aix, qnx, plp, lprng</p>
+
+<P CLASS="para">
+Sets printing style to one of the above, instead of the compiled-in value. This sets initial values of at least the <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code>, <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code>, <CODE CLASS="literal">
+lpq</code> <CODE CLASS="literal">
+command</code>, and <CODE CLASS="literal">
+lprm</code> <CODE CLASS="literal">
+command</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] protocol = protocol</i></b>
+<P CLASS="refpurpose">Default: NT1</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: NT1, LANMAN2, LANMAN1, COREPLUS, CORE</p>
+
+<P CLASS="para">
+Sets SMB protocol version to one of the allowable values. Resetting is highly discouraged. Only for backwards compatibility with older-client bugs.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>public = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, passwords are not needed for this share. A synonym is <CODE CLASS="literal">
+guest ok</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>queuepause command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: valid Unix command</p>
+
+<P CLASS="para">
+Sets the command used to pause a print queue. Usually initialized to a default value by the <CODE CLASS="literal">
+printing</code> option. Introduced in Samba 1.9.18p10.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>queueresume command = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: varies</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: valid Unix command</p>
+
+<P CLASS="para">
+Sets the command used to resume a print queue. Usually initialized to a default value by the <CODE CLASS="literal">
+printing</code> option. Introduced in Samba 1.9.18p10.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>read bmpx = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Obsolete. Do not change.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>read list = comma-separated list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: comma-separated list of users</p>
+
+<P CLASS="para">
+Specifies a list of users given read-only access to a writeable share. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>read only = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Sets a share to read-only. Antonym of <CODE CLASS="literal">
+writable</code> and <CODE CLASS="literal">
+write ok</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] read prediction = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Reads ahead data for read-only files. Obsolete; removed in Samba 2.0.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] read raw = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allows fast streaming reads over TCP using 64K buffers. Recommended.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] read size = bytes</i></b>
+<P CLASS="refpurpose">Default: 2048</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: size in bytes</p>
+
+<P CLASS="para">
+Sets a buffering option for servers with mismatched disk and network speeds. Requires experimentation. Avoid changing. Should not exceed 65536.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] remote announce = remote list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of remote addresses</p>
+
+<P CLASS="para">
+Adds workgroups to the list on which the Samba server will announce itself. Specified as IP address/workgroup (for instance, 192.168.220.215/SIMPLE) with multiple groups separated by spaces. Allows directed broadcasts. The server will appear on those workgroup's browse lists. Does not require WINS.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] remote browse sync = address list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: IP-address list</p>
+
+<P CLASS="para">
+Enables Samba-only browse list synchronization with other Samba local master browsers. Addresses can be specific addresses or directed broadcasts (i.e., ###.###.###.255). The latter will cause Samba to hunt down the local master.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>revalidate = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, requires users to re-enter passwords even after a successful initial logon to a share with a password.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] root = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+root directory</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] root dir = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+root directory</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] root directory = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Specifies a directory to <CODE CLASS="literal">
+chroot()</code> to before starting daemons. Prevents any access below that directory tree. See also the <CODE CLASS="literal">
+wide links</code> configuration option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>root postexec = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets a command to run as root after disconnecting from the share. See also <CODE CLASS="literal">
+preexec</code>, <CODE CLASS="literal">
+postexec</code>, and <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+preexec</code> configuration options. Runs after the user's <CODE CLASS="literal">
+postexec</code> command. Use with caution.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>root preexec = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: fully-qualified Unix shell command</p>
+
+<P CLASS="para">
+Sets a command to run as root before connecting to the share. See also <CODE CLASS="literal">
+preexec</code>, <CODE CLASS="literal">
+postexec</code>, and <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+postexec</code> configuration options. Runs before the user's <CODE CLASS="literal">
+preexec</code> command. Use with caution.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] security = value</i></b>
+<P CLASS="refpurpose">Default: share in Samba 1.0, user in 2.0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: share, user, server, domain</p>
+
+<P CLASS="para">
+Sets password-security policy. If <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+share</code>, services have a shared password, available to everyone. If <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+user</code>, users have (Unix) accounts and passwords. If <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+server</code>, users have accounts and passwords and a separate machine authenticates them for Samba. If <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+domain</code>, full NT-domain authentication is done. See also the <CODE CLASS="literal">
+password server</code> and <CODE CLASS="literal">
+encrypted passwords</code> configuration options. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] server string = text</i></b>
+<P CLASS="refpurpose">Default: Samba <CODE CLASS="literal">
+%v</code> in 2.0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: string</p>
+
+<P CLASS="para">
+Sets the name that appears beside a server in browse lists. Honors the <CODE CLASS="literal">
+%v</code> (Samba version number) and <CODE CLASS="literal">
+%h</code> (hostname) variables.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>set directory = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allows DEC Pathworks client to use the <EM CLASS="emphasis">
+set dir</em> command.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] shared file entries = number</i></b>
+<P CLASS="refpurpose">Default: 113</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Obsolete; do not use.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>shared mem size = bytes</i></b>
+<P CLASS="refpurpose">Default: 102400</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: size in bytes</p>
+
+<P CLASS="para">
+If compiled with FAST_SHARE_MODES (mmap), sets the shared memory size in bytes. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] smb passwd file = path</i></b>
+<P CLASS="refpurpose">Default: <I CLASS="filename">
+/usr/local/samba/private/smbpasswd</i></p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: Unix pathname</p>
+
+<P CLASS="para">
+Overrides compiled-in path to password file if <CODE CLASS="literal">
+encrypted passwords</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code>. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] smbrun = /absolute_ path/command</i></b>
+<P CLASS="refpurpose">Default: compiled-in value</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: smbrun command</p>
+
+<P CLASS="para">
+Overrides compiled-in path to <I CLASS="filename">
+smbrun</i> binary. Avoid changing.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>share modes = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, this option supports Windows-style whole-file (deny mode) locks.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>short preserve case = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, leaves mangled 8.3-style filenames in the case sent by client. If no, it forces the case to that specified by the <CODE CLASS="literal">
+default case</code> option. See also <CODE CLASS="literal">
+preserve case</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] socket address = IP address</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: IP address</p>
+
+<P CLASS="para">
+Sets address on which to listen for connections. Default is to listen to all addresses. Used to support multiple virtual interfaces on one server. Highly discouraged. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] socket options = socket option list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list</p>
+
+<P CLASS="para">
+Sets OS-specific socket options. <CODE CLASS="literal">
+SO_KEEPALIVE</code> has TCP check clients every 4 hours to see if they are still accessible. <CODE CLASS="literal">
+TCP_NODELAY</code> sends even tiny packets to keep delay low. Recommended wherever the operating system supports them. See <a href="appb_01.html"><b>Appendix B, <CITE CLASS="appendix">Samba Performance Tuning</cite></b></a>, for more information.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<!-- 2.0.7, davecb -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] source environment = string</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+This pathname parameter causes Samba to read a list of environment
+variables from a named file on startup. This can be useful in setting
+up Samba in a clustered environment. This is new in 2.0.7.</p>
+
+<p> The file must be owned by root and not be world writable,
+and if the filename begins with a "|" (pipe) character, it must point to
+a command which is neither world writable nor resides
+in a world writable directory.</p>
+
+<p> The data should be in the form of lines such as
+<CODE CLASS="literal">SAMBA_NETBIOS_NAME=myhostname</CODE>.
+This variable will then be available in the smb.conf files as $%SAMBA_NETBIOS_NAME.</p>
+
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+<!-- end of 2.0.7 -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] status = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, logs connections to a file (or shared memory) accessible to <I CLASS="filename">
+smbstatus</i>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>strict sync = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, Samba will synchronize to disk whenever the client sets the sync bit in a packet. If set to NO, Samba flushes data to disk whenever buffers fill. Defaults to NO because Windows 98 Explorer sets the bit (incorrectly) in all packets. Introduced in Samba 1.9.18p10.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>strict locking = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, Samba checks locks on every access, not just on demand and at open time. Not recommended.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] strip dot = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Removes trailing dots from filenames. Use <CODE CLASS="literal">
+mangled map</code> instead.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] syslog = number</i></b>
+<P CLASS="refpurpose">Default: 1</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Sets number of Samba log messages to send to <I CLASS="filename">
+syslog</i>. Higher is more verbose. The <I CLASS="filename">
+syslog.conf</i> file must have suitable logging enabled.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] syslog only = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, log only to <EM CLASS="emphasis">
+syslog, </em>not standard Samba log files.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>sync always = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, Samba calls<EM CLASS="emphasis">
+ fsync</em>(3) after every write. Avoid except for debugging crashing servers.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] time offset = minutes</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: minutes</p>
+
+<P CLASS="para">
+Sets number of minutes to add to system time zone calculation. Provided to fix a client daylight-savings bug; not recommended.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] time server = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If YES, <EM CLASS="emphasis">
+nmbd</em> will provide time service to its clients.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>unix password sync = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set, will attempt to change the user's Unix password whenever the user changes his or her SMB password. Used to ease synchronization of Unix and Microsoft password databases. Added in Samba 1.9.18p4. See also <CODE CLASS="literal">
+passwd chat</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>unix realname = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set, will provide the GCOS field of <I CLASS="filename">
+/etc/passwd</i> to the client as the user's full name.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>update encrypted = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Updates the Microsoft-format password file when a user logs in with unencrypted passwords. Provided to ease conversion to encryped passwords for Windows 95/98 and NT. Added in Samba 1.9.18p5.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>user = comma-separated list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: comma-separated list of user names</p>
+
+<P CLASS="para">
+Synonym for <CODE CLASS="literal">
+username</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>username = comma-separated list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: comma-separated list of user names</p>
+
+<P CLASS="para">
+Sets a list of users to try to log in as for a share or shares with share-level security. Synonyms are <CODE CLASS="literal">
+user</code> and <CODE CLASS="literal">
+users</code>. Discouraged. Use <CODE CLASS="literal">
+NET USE \\</code><CODE CLASS="replaceable"><I>server</i></code><CODE CLASS="literal">\</code><CODE CLASS="replaceable"><I>share </i></code><CODE CLASS="literal">%</code><CODE CLASS="replaceable"><I>user</i></code> from the client instead.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>username level = number</i></b>
+<P CLASS="refpurpose">Default: 0</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: number</p>
+
+<P CLASS="para">
+Number of uppercase letter permutations allowed to match Unix usernames. Workaround for Windows feature (single-case usernames). Use is discouraged.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] username map = pathname</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+Names a file of Unix-to-Windows name pairs; used to map different spellings of account names and those Windows usernames longer than eight characters.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<!-- 2.0.7 -->
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] utmp = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+This is available if Samba has been configured with the option
+<CODE CLASS="literal"> --with-utmp</CODE>.
+If set, Samba will add utmp/utmpx records whenever a
+connection is made to a Samba server. New in 2.0.7, sites may use this 
+to record the user connecting to a Samba share.
+</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] utmp directory = string</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: pathname</p>
+
+<P CLASS="para">
+This is available if Samba has been configured with the option 
+<CODE CLASS="literal">--with-utmp</CODE>. If it and <CODE CLASS="literal">
+utmp </CODE> are set, Samba will look in the specified directory
+insteqad of the default system directory for utmp/utmpx files.
+New in 2.0.7, also called <CODE CLASS="literal"> utmp dir</CODE>.
+</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+<!-- end of 2.0.7 ->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>valid chars = list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of numeric values</p>
+
+<P CLASS="para">
+Semi-obsolete. Adds national characters to a character set map. Overridden by <CODE CLASS="literal">
+client code page</code>. </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>valid users = user list</i></b>
+<P CLASS="refpurpose">Default: NULL (everyone)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: list of users</p>
+
+<P CLASS="para">
+List of users that can log in to a share.  </p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>veto files = slash-list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: slash-separated list of filenames</p>
+
+<P CLASS="para">
+List of files not to allow the client to see when listing a directory's contents. See also <CODE CLASS="literal">
+delete veto files</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>veto oplock files = slash-list</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: slash-separated list of filenames</p>
+
+<P CLASS="para">
+List of files not to oplock (and cache on clients). See also <CODE CLASS="literal">
+oplocks</code> and <CODE CLASS="literal">
+fake oplocks</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>volume = share name</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: string</p>
+
+<P CLASS="para">
+Sets the volume label of a disk share, notably a CD-ROM.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>wide links = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, Samba will follow symlinks out of the current disk share(s). See also the <CODE CLASS="literal">
+root dir</code> and <CODE CLASS="literal">
+follow symlinks</code> options.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] wins proxy = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, <EM CLASS="emphasis">
+nmbd</em> will proxy resolution requests to WINS servers on behalf of old clients, which use broadcasts. WINS server is typically on another subnet.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] wins server = host</i></b>
+<P CLASS="refpurpose">Default: NULL</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: hostname</p>
+
+<P CLASS="para">
+Sets the DNS name or IP address of the WINS server.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] wins support = boolean</i></b>
+<P CLASS="refpurpose">Default: NO</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+If set to YES, Samba activates WINS service. The <CODE CLASS="literal">
+wins server</code> option must not be set if <CODE CLASS="literal">
+wins support = yes</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] workgroup = name</i></b>
+<P CLASS="refpurpose">Default: compiled-in</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: workgroup name</p>
+
+<P CLASS="para">
+Sets the workgroup to which things will be served. Overrides compiled-in value. Choosing a name other than <CODE CLASS="literal">
+WORKGROUP</code> is strongly recommended.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>writable = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Antonym for <CODE CLASS="literal">
+read only</code>; synonym of <CODE CLASS="literal">
+write ok</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>write list = comma-separated list</i></b>
+<P CLASS="refpurpose">Default: NULL (everyone)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: comma-separated list of users</p>
+
+<P CLASS="para">
+List of users that are given read-write access to a read-only share. See also <CODE CLASS="literal">
+read list</code>.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<!-- 2.0.7 addendum, davecb -->
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>write cache size = decimal number</i></b>
+<P CLASS="refpurpose">Default: 0 (Disabled)</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: decimal number of bytes</p>
+
+<P CLASS="para">
+Sets the size of a write buffer that Samba uses to pre-accumulate
+write into, so as to write with a particular size that's optimal for
+a given filesystem. Typically this is used with RAID drives, which
+have a preferred write size, systems with large memory and slow disks, etc.</p>
+
+<p> As of Samba 2.0.7, this applies to the first 10 oplocked files,
+which are also found in shares where this option is set.
+</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+<!-- end of 2.0.7 addendum -->
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>write ok = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Synonym of the <CODE CLASS="literal">
+writable</code> configuration option.</p>
+</div>
+</blockquote>
+</div>
+<p>&nbsp;</p>
+
+<DIV CLASS="refentry">
+<DIV CLASS="refnamediv"><b><i>[global] write raw = boolean</i></b>
+<P CLASS="refpurpose">Default: YES</p></div><BLOCKQUOTE>
+<DIV CLASS="refsynopsisdiv">
+<P CLASS="para">Allowable values: YES, NO</p>
+
+<P CLASS="para">
+Allows fast streaming writes over TCP, using 64KB buffers. Recommended.</p>
+</div>
+</blockquote>
+
+<DIV CLASS="refsect1"><h2>Glossary of Configuration Values</h2>
+<DL CLASS="variablelist">
+<DT CLASS="term">Address list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of IP addresses in ###.###.###.### format.</p></dd><DT CLASS="term">
+Comma-separated list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A list of items separated by commas.</p></dd><DT CLASS="term">
+Command</dt><DD CLASS="listitem">
+<P CLASS="para">
+A Unix command, with full path and parameters.</p></dd><DT CLASS="term">
+Host list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of hosts. Allows IP addresses, address masks, domain names, ALL, and EXCEPT</p></dd><DT CLASS="term">
+Interface list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of interfaces, in either address/netmask or address/n-bits format. For example, 192.168.2.10/24 or 192.168.2.10/255.255.255.0</p></dd><DT CLASS="term">
+Map list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of file-remapping strings such as <CODE CLASS="literal">
+(*.html</code> <CODE CLASS="literal">
+*.htm)</code>.</p></dd><DT CLASS="term">
+Remote list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of subnet-broadcast-address/workgroup pairs. For example, 192.168.2.255/SERVERS 192.168.4.255/STAFF.</p></dd><DT CLASS="term">
+Service (share) list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of share names, without the enclosing square brackets.</p></dd><DT CLASS="term">
+Slash-list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A list of filenames, separated by "/" characters to allow embedded spaces. For example, <CODE CLASS="literal">
+/.*/fred</code> <CODE CLASS="literal">
+flintstone/*.frk/</code>.</p></dd><DT CLASS="term">
+Text</dt><DD CLASS="listitem">
+<P CLASS="para">
+One line of text. </p></dd><DT CLASS="term">
+User list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A space-separated list of usernames. In Samba 1.9, <CODE CLASS="literal">
+@group-name</code> will include everyone in Unix group <CODE CLASS="literal">
+group-name</code>. In Samba 2.0, <CODE CLASS="literal">
+@group-name</code> includes whomever is in the NIS netgroup <CODE CLASS="literal">
+group_name</code> if one exists, otherwise whomever is in the Unix group <CODE CLASS="literal">
+group_name</code>. In addition, +<CODE CLASS="literal">
+group_name</code> is a Unix group, &amp;<CODE CLASS="literal">
+group_name</code> is an NIS netgroup, and &amp;+ and +&amp; cause an ordered search of both Unix and NIS groups.</p></dd></dl></div>
+<DIV CLASS="refsect1">
+<h2>Configuration File Variables</h2>
+<P CLASS="para">
+<A CLASS="xref" HREF="appc_01.html#appc-88529">
+Table C.1</a> lists of Samba configuration file variables. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="appc-88529">
+Table C.1: Variables in Alphabetic Order </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Name</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Meaning</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%a</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's architecture (one of Samba, WfWg, WinNT, Win95, or UNKNOWN)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%d</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current server process's processID </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%f</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Print-spool file as a relative path (printing only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%f</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+User from which a message was sent (messages only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%G</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primary group name of <CODE CLASS="literal">
+%U</code> (requested username) </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%g</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primary group name of <CODE CLASS="literal">
+%u</code> (actual username)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%H</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Home directory of <CODE CLASS="literal">
+%u</code> (actual username)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%h</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba server's (Internet) hostname</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%I</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's IP address </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%j</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Print job number (printing only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%L</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba server's NetBIOS name (virtual servers have multiple names)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%M</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's (Internet) hostname </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%m</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's NetBIOS name </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%n</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+New password (password change only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%N</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Name of the NIS home directory server (without NIS, same as <CODE CLASS="literal">
+%L</code>)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%o</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Old password (password change only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%P</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current share's root directory (actual)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%p</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current share's root directory (in an NIS homedir map)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%p</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Print filename (printing only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%R</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Protocol level in use (one of CORE, COREPLUS, LANMAN1, LANMAN2, or NT1)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%S</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current share's name </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%s</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Filename the message is in (messages only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%s</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Print-spool file name (printing only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%T</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current date and time </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%t</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Destination machine (messages only)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%u</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current share's username </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%U</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Requested username for current share </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%v</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba version</p></td></tr></tbody></table></div></blockquote></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appb_03.html" TITLE="B.3 Sizing Samba Servers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: B.3 Sizing Samba Servers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appd_01.html" TITLE="D. Summary of Samba Daemons and Commands">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: D. Summary of Samba Daemons and Commands" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+B.3 Sizing Samba Servers</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+D. Summary of Samba Daemons and Commands</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appd_01.html b/docs/htmldocs/using_samba/appd_01.html
new file mode 100755
index 00000000000..5e3bd16aa46
--- /dev/null
+++ b/docs/htmldocs/using_samba/appd_01.html
@@ -0,0 +1,1907 @@
+<HTML>
+<HEAD>
+<TITLE>Appendix D</title>
+</head>
+
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="appc_01.html" TITLE="C. Samba Configuration Option Quick Reference">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: C. Samba Configuration Option Quick Reference" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Appendix D</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appe_01.html" TITLE="E. Downloading Samba with CVS">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: E. Downloading Samba with CVS" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+
+<blockquote>
+<div class="samplechapter">
+<h1>Appendix D<br>
+Summary of Samba Daemons and Commands</h1>
+
+<p>
+This appendix is a reference listing of command-line options and other information to help you use the executables that come with Samba distribution.
+
+<DIV>
+<H2 CLASS="FM-HeadA">Samba Distribution Programs</h2>
+<P CLASS="Body">The following sections provide information about the command-line parameters for Samba programs.</p>
+<DIV>
+<H3 CLASS="HeadB">smbd</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">smbd</em>
+ program provides Samba's file and printer services, using one TCP/IP stream and one daemon per client. It is controlled from the default configuration file, <EM CLASS="Replaceable">samba_dir</em><EM CLASS="Emphasis">/lib/smb.conf</em>, and can be overridden by command-line options.</p>
+<P CLASS="Body">The configuration file is automatically re-evaluated every minute. If it has changed, most new options are immediately effective. You can force Samba to immediately reload the configuration file if you send a SIGHUP to <EM CLASS="Emphasis">smbd</em>
+. Reloading the configuration file, however, will not affect any clients that are already connected. To escape this &quot;grandfather&quot; configuration, a client would need to disconnect and reconnect, or the server itself would have to be restarted, forcing all clients to reconnect.</p>
+<DIV>
+<H4 CLASS="HeadC">Other signals</h4>
+<P CLASS="Body">To shut down a <EM CLASS="Emphasis">smbd</em>
+ process, send it the termination signal SIGTERM (-15) which allows it to die gracefully instead of a SIGKILL (-9). To increment the debug logging level of <EM CLASS="Emphasis">smbd</em>
+ at runtime, send the program a SIGUSR1 signal. To decrement it at runtime, send the program a SIGUSR2 signal. </p>
+</div>
+<DIV>
+<H4 CLASS="HeadC">Command-line options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-D</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">The <EM CLASS="Emphasis">smbd</em>
+ program is run as a daemon. This is the recommended way to use <EM CLASS="Emphasis">smbd</em> (it is also the default action). In addition, <EM CLASS="Emphasis">smbd</em> can also be run from <EM CLASS="Emphasis">inetd</em>.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">debuglevel</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (sometimes called logging) level. The level can range from 0 all the way to 10. Specifying the value on the command line overrides the value specified in the <EM CLASS="Filename">smb.conf</em>
+ file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow <EM CLASS="Emphasis">smbd</em>
+ considerably.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-h</em>
+ </h4>
+<UL>
+<LI CLASS="ListVariable">Prints command-line usage information for the <EM CLASS="Filename">smbd</em>
+ program.</li>
+</ul>
+<DIV>
+<H4 CLASS="HeadC">Testing/debugging options</h4>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-a</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">If this is specified, each new connection to the Samba server will append all logging messages to the log file. This option is the opposite of <EM CLASS="Literal">-o</em>, and is the default.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-i</em>
+ <EM CLASS="Replaceable">scope</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">&nbsp;</li>
+<LI CLASS="ListVariable">This sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backwards compatibility.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-l</em>
+ <EM CLASS="Replaceable">log_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Send the log messages to somewhere other than the location compiled in or specified in the <EM CLASS="Filename">smb.conf</em> file. The default is often <EM CLASS="Filename">/usr/local/samba/var/log.smb</em>, <EM CLASS="Filename">/usr/samba/var/log.smb,</em> or <EM CLASS="Filename">/var/log/log.smb</em>. The first two are strongly discouraged on Linux, where <EM CLASS="Filename">/usr</em>
+ may be a read-only filesystem. </li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-O</em>
+ <EM CLASS="Replaceable">socket_options</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This sets the TCP/IP socket options, using the same parameters as the <EM CLASS="Literal">socket</em>
+ <EM CLASS="Literal">options</em>
+ configuration option. It is often used for performance tuning and testing.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-o</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option is the opposite of <EM CLASS="Literal">-a</em>. It causes log files to be overwritten when opened. Using this option saves hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-P</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option forces <EM CLASS="Filename">smbd</em>
+ not to send any network data out. This option is typically used only by Samba developers.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-P</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option forces <EM CLASS="Filename">smbd</em>
+ not to send any network data out. This option is typically used only by Samba developers.  </li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-p</em>
+ <EM CLASS="Replaceable">port_number</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This sets the TCP/IP port number that the server will accept requests from. Currently, all Microsoft clients send only to the default port: 139.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">configuration_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the location of the Samba configuration file. Although the file defaults to <EM CLASS="Filename">/usr/local/samba/lib/smb.conf</em>, you can override it here on the command line, typically for debugging.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">nmbd</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">nmbd</em>
+ program is Samba's NetBIOS name and browsing daemon. It replies to broadcast NetBIOS over TCP/IP (NBT) name-service requests from SMB clients and optionally to Microsoft's Windows Internet Name Service (WINS) requests. Both of these are versions of the name-to-address lookup required by SMB clients. The broadcast version uses UDP/IP broadcast on the local subnet only, while WINS uses TCP/IP, which may be routed. If running as a WINS server, <EM CLASS="Emphasis">nmbd</em>
+ keeps a current name and address database in the file <EM CLASS="Filename">wins.dat</em> in the <EM CLASS="Literal">samba_dir</em><EM CLASS="Filename">/var/locks</em> directory.</p>
+<P CLASS="Body">An active <EM CLASS="Emphasis">nmbd</em>
+ program can also respond to browsing protocol requests used by the Windows Network Neighborhood. Browsing is a combined advertising, service announcement, and active directory protocol. This protocol provides a dynamic directory of servers and the disks and printers that the servers are providing. As with WINS, this was initially done by making UDP/IP broadcasts on the local subnet. Now, with the concept of a local master browser, it is done by making TCP/IP connections to a server. If <EM CLASS="Emphasis">nmbd</em>
+ is acting as a local master browser, it stores the browsing database in the file <EM CLASS="Filename">browse.dat</em> in the <EM CLASS="Literal">samba_dir</em><EM CLASS="Filename">/var/locks</em> directory.</p>
+<DIV>
+<H4 CLASS="HeadC">Signals</h4>
+<P CLASS="Body">Like <EM CLASS="Emphasis">smbd</em>, the <EM CLASS="Emphasis">nmbd</em> program responds to several Unix signals. Sending <EM CLASS="Emphasis">nmbd</em>
+ a SIGHUP signal will cause it to dump the names it knows about to the file <EM CLASS="Filename">namelist.debug</em>
+ in the <EM CLASS="Literal">samba_dir</em>
+/<EM CLASS="Emphasis">locks</em>
+ directory and its browsing database to the <EM CLASS="Filename">browse.dat </em>
+file in the same directory. To shut down a <EM CLASS="Emphasis">nmbd</em>
+ process send it a SIGTERM (-15) signal instead of a SIGKILL (-9) to allow it to die gracefully. You can increment the debug logging level of <EM CLASS="Emphasis">nmbd</em>
+ by sending it a SIGUSR1 signal; you can decrement it by sending a SIGUSR2 signal.</p>
+</div>
+<DIV>
+<H4 CLASS="HeadC">Command-line options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-D</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Instructs the <EM CLASS="Filename">nmbd</em>
+ program to run as a daemon. This is the recommended way to use <EM CLASS="Filename">nmbd</em>. In addition, <EM CLASS="Filename">nmbd</em> can also be run from <EM CLASS="FirstTerm">inetd</em>.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">debuglevel</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (sometimes called logging) level. The level can range from 0, all the way to 10. Specifying the value on the command line overrides the value specified in the <EM CLASS="Filename">smb.conf</em>
+ file. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging, and slow <EM CLASS="Emphasis">nmbd</em>
+ considerably.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-h</em>
+ </h4>
+<UL>
+<LI CLASS="ListVariable">Prints command-line usage information for the <EM CLASS="Filename">nmbd</em> program (also <EM CLASS="Literal">-?</em>).</li>
+</ul>
+<DIV>
+<H4 CLASS="HeadC">Testing/debugging options</h4>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-a</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">If this is specified, each new connection to the Samba server will append all logging messages to the log file. This option is the opposite of <EM CLASS="Literal">-o</em>, and is the default.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-H</em>
+ <EM CLASS="Replaceable">hosts_  file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option loads a standard <EM CLASS="Emphasis">hosts</em>
+ file for name resolution. </li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-i</em>
+ <EM CLASS="Replaceable">scope</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-l</em>
+ <EM CLASS="Replaceable">log_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sends the log messages to somewhere other than the location compiled-in or specified in the <EM CLASS="Filename">smb.conf</em> file. The default is often <EM CLASS="Filename">/usr/local/samba/var/log.nmb</em>, <EM CLASS="Filename">/usr/samba/var/log.nmb,</em> or <EM CLASS="Filename">/var/log/log.nmb</em>. The first two are strongly discouraged on Linux, where <EM CLASS="Filename">/usr</em>
+ may be a read-only filesystem. </li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-n</em>
+ <EM CLASS="Replaceable">NetBIOS_name</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option allows you to override the NetBIOS name by which the daemon will advertise itself. Specifying the option on the command line overrides the <EM CLASS="Literal">netbios</em>
+ <EM CLASS="Literal">name</em>
+ option in the Samba configuration file.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-O</em>
+ <EM CLASS="Replaceable">socket_options</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This sets the TCP/IP socket options, using the same parameters as the <EM CLASS="Literal">socket</em>
+ <EM CLASS="Literal">options</em>
+ configuration option. It is often used for performance tuning and testing.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-o</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option is the opposite of <EM CLASS="Literal">-a</em>
+. It causes log files to be overwritten when opened. Using this option saves hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-p</em>
+ <EM CLASS="Replaceable">port_number</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This sets the UDP/IP port number from which the server will accept requests. Currently, all Microsoft clients send only to the default port: 137.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">configuration_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the location of the Samba configuration file. Although the file defaults to <EM CLASS="Filename">/usr/local/samba/lib/smb.conf</em>, you can override it here on the command line, typically for debugging.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-v</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option prints the current version of Samba.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">Samba Startup File </h3>
+<P CLASS="Body">Samba is normally started by running it from your Unix system's <EM CLASS="Filename">rc</em>
+ files at boot time. For systems with a System V-like set of <EM CLASS="Filename">/etc/rcN.d</em>
+ directories, this can be done by placing a suitably named script in the <EM CLASS="Filename">/rc</em>
+ directory. Usually, the script  starting Samba is called <EM CLASS="Emphasis">S91samba</em>
+, while the script stopping or &quot;killing&quot; Samba is called <EM CLASS="Emphasis">K91samba. </em>
+On Linux, the usual subdirectory for the scripts is <EM CLASS="Filename">/etc/rc2.d.</em>
+ On Solaris, the directory is <EM CLASS="Filename">/etc/rc3.d</em>
+. For machines with <EM CLASS="Filename">/etc/rc.local</em>
+ files, you would normally add the following lines to that file:</p>
+<P CLASS="Code">/usr/local/samba/bin/smbd -D</p>
+<P CLASS="Code">/usr/local/samba/bin/nmbd -D </p>
+<P CLASS="Body">The following example script supports two extra commands, <EM CLASS="Literal">status</em>
+ and <EM CLASS="Literal">restart</em>, in addition to the normal <EM CLASS="Literal">start</em>
+ and <EM CLASS="Literal">stop</em>
+ for System V machines:</p>
+
+<pre>
+#!/bin/sh
+#
+# /etc/rc2.d./S91Samba  --manage the SMB server in a System V manner
+#
+OPTS=&quot;-D&quot;
+#DEBUG=-d3
+PS=&quot;ps  ax&quot;
+SAMBA_DIR=/usr/local/samba
+case &quot;$1&quot; in
+'start')
+	echo &quot;samba &quot;
+	$SAMBA_DIR/bin/smbd $OPTS $DEBUG
+	$SAMBA_DIR/bin/nmbd $OPTS $DEBUG
+	;;
+'stop')
+	echo &quot;Stopping samba&quot;
+	$PS | awk '/usr.local.samba.bin/ { print $1}' |&#92;
+	xargs kill
+	;;
+'status')
+	x=`$PS | grep -v grep | grep '$SAMBA_DIR/bin'`
+	if [ ! &quot;$x&quot; ]; then
+		echo &quot;No samba processes running&quot;
+	else
+		echo &quot;  PID TT STAT  TIME COMMAND&quot;
+		echo &quot;$x&quot;
+	fi
+	;;
+'restart')
+	/etc/rc2.d/S91samba stop
+	/etc/rc2.d/S91samba start
+	/etc/rc2.d/S91samba status
+	;;
+*)
+	echo &quot;$0: Usage error -- you must say $0 start, stop, status or restart.&quot;
+	;;
+esac
+exit
+</pre>
+<P CLASS="Body">You'll need to set the actual paths and <EM CLASS="Literal">ps</em>
+ options to suit the machine you're using. In addition, you might want to add additional commands to tell Samba to reload its <EM CLASS="Filename">smb.conf</em>
+ file or dump its <EM CLASS="Emphasis">nmbd</em>
+ tables, depending on your actual needs. </p>
+</div>
+<DIV>
+<H3 CLASS="HeadB">smbsh</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">smbsh</em>
+ program lets you use a remote Windows share on your Samba server as if the share was a regular Unix directory. When it's run, it provides an extra directory tree under <EM CLASS="Filename">/smb</em>. Subdirectories of <EM CLASS="Filename">/smb</em>
+ are servers, and subdirectories of the servers are their individual disk and printer shares. Commands run by <EM CLASS="Emphasis">smbsh</em>
+ treat the <EM CLASS="Filename">/smb</em>
+ filesystem as if it were local to Unix. This means that you don't need <EM CLASS="Emphasis">smbmount</em>
+ in your kernel to mount Windows filesystems the way you mount with NFS filesystems. However, you do need to configure Samba with the <EM CLASS="Literal">--with-smbwrappers</em>
+ option to enable <EM CLASS="Filename">smbsh</em>.</p>
+<DIV>
+<H4 CLASS="HeadC">Options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ debuglevel</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (sometimes called logging) level. The level can range from 0, the default, all the way to 10. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging, and slow <EM CLASS="Emphasis">smbsh</em>
+ considerably.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-l</em>
+ <EM CLASS="Replaceable">logfile</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the name of the logfile to use.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-P</em>
+ <EM CLASS="Replaceable">prefix</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the root directory to mount the SMB filesystem. The default is <EM CLASS="Filename">/smb</em>.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-R</em>
+ <EM CLASS="Replaceable">resolve order</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the resolve order of the name servers. This option is similar to the <EM CLASS="Literal">resolve order</em>
+ configuration option, and can take any of the four parameters, <EM CLASS="Literal">lmhosts</em>, <EM CLASS="Literal">host</em>, <EM CLASS="Literal">wins</em>, and <EM CLASS="Literal">bcast</em>, in any order.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-U</em>
+ <EM CLASS="Replaceable">user</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Supports <EM CLASS="Replaceable">user%password.</em>
+</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-W</em>
+ <EM CLASS="Replaceable">workgroup</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the NetBIOS workgroup to which the client will connect.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">smbclient</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">smbclient</em>
+ program is the maid-of-all-work of the Samba suite. Initially intended as a testing tool, it has become a full command-line Unix client, with an FTP-like interactive client. Some of its options are still used for testing and tuning, and it makes a simple tool for ensuring that Samba is running on a server.</p>
+<P CLASS="Body">It's convenient to look at <EM CLASS="Emphasis">smbclient</em>
+ as a suite of programs:</p>
+<UL>
+<LI CLASS="ListBullet">FTP-like interactive file transfer program</li>
+<LI CLASS="ListBullet">Interactive printing program</li>
+<LI CLASS="ListBullet">Interactive tar program </li>
+<LI CLASS="ListBullet">Command-line message program</li>
+<LI CLASS="ListBullet">Command-line <EM CLASS="Emphasis">tar</em>
+ program (but see <EM CLASS="Emphasis">smbtar</em>
+ later)</li>
+<LI CLASS="ListBullet">&quot;What services do you have&quot; query program</li>
+<LI CLASS="ListBullet">Command-line debugging program</li>
+</ul>
+<DIV>
+<H4 CLASS="HeadC">General command-line options</h4>
+<P CLASS="Body">The program has the usual set of <EM CLASS="Emphasis">smbd</em>
+-like options, which apply to all the interactive and command-line use. The syntax is:</p>
+<P CLASS="Code">smbclient //<EM CLASS="Replaceable">server_name</em>
+/<EM CLASS="Replaceable">share_name</em>
+ [<EM CLASS="Replaceable">password</em>
+] [-<EM CLASS="Replaceable">options</em>
+]</p>
+<P CLASS="Body">Here is an explanation of each of the command-line options:</p>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">debug_level</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (logging) level, from 0 to 10, with <EM CLASS="Literal">A</em>
+ for all. Overrides the value in <EM CLASS="Filename">smb.conf</em>. Debug level 0 logs only the most important messages; level 1 is normal; debug level 3 and above are for debugging, and slow <EM CLASS="Emphasis">smbclient</em>
+ considerably.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-h</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Prints the command-line help information (usage) for smbclient.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-n</em>
+ <EM CLASS="Replaceable">NetBIOS_name</em>
+</h4>
+<P CLASS="ListSimple">Allows you to override the NetBIOS name by which the program will advertise itself. </p>
+<DIV>
+<H4 CLASS="HeadC">Smbclient operations</h4>
+<P CLASS="Body">Running <EM CLASS="Literal">smbclient</em><EM CLASS="Literal">//</em><EM CLASS="Replaceable">server_name</em><EM CLASS="Literal">/</em><EM CLASS="Replaceable">share</em>
+ will cause it to prompt you for a username and password. If the login is successful, it will connect to the share and give you a prompt much like an FTP prompt (the backslash in the prompt will be replaced by the current directory within the share as you move around the filesystem):</p>
+<P CLASS="Code">smb:&#92;&gt;</p>
+<P CLASS="Body">From this command line, you can use several FTP-like commands, as listed below. Arguments in square brackets are optional. </p>
+<TABLE>
+<CAPTION>
+<H4 CLASS="TableLabel"><A NAME="89417"></a>&nbsp;</h4>
+<H4 CLASS="TableTitle">smbclient Commands </h4>
+</caption>
+<TR>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Command</p>
+</th>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Description</p>
+</th>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">?</em>
+ <EM CLASS="Replaceable">command</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Provides list of commands or help on specified command.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">help</em>
+ [<EM CLASS="Replaceable">command</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Provides list of commands or help on specified command.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">!</em>
+ [<EM CLASS="Replaceable">command</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">If a command is specified, it will be run in a local shell. If not, you will be placed into a local shell on the client.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">dir</em>
+ [<EM CLASS="Replaceable">filename</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Displays any files matching <EM CLASS="Replaceable">filename</em>
+ in the current directory on the server, or all files if <EM CLASS="Replaceable">filename</em>
+ is omitted.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">ls</em>
+ [<EM CLASS="Replaceable">filename</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Displays any files matching <EM CLASS="Replaceable">filename</em>
+ in the current directory on the server, or all files if <EM CLASS="Replaceable">filename</em>
+ is omitted.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">cd</em>
+ [<EM CLASS="Replaceable">directory</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">If <EM CLASS="Replaceable">directory</em>
+ is specified, changes to the specified directory on the remote server. If not, reports the current directory on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">lcd</em>
+ [<EM CLASS="Replaceable">directory</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">If <EM CLASS="Replaceable">directory</em>
+ is specified, the current directory on the local machine will be changed. If not, the name of the current directory on the local machine will be reported.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">get</em>
+ <EM CLASS="Emphasis">remotefile </em>
+[<EM CLASS="Replaceable">localfile</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Copies the file <EM CLASS="Replaceable">remotefile</em> to the local machine. If a <EM CLASS="Replaceable">localfile</em>
+ is specified, uses that name to copy the file to. Treats the file as binary; does <EM CLASS="Emphasis">not</em>
+ do LF to CR/LF conversions.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">put</em>
+ <EM CLASS="Emphasis">localfile </em>
+[<EM CLASS="Replaceable">remotefile</em>]</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Copies <EM CLASS="Replaceable">localfile</em>
+ to the remote machine. If a <EM CLASS="Replaceable">remotefile</em>
+ is specified, uses that as the name to copy to on the remote server. Treats the file as binary; does <EM CLASS="Emphasis">not</em>
+ do LF to CR/LF conversions.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">mget</em>
+ <EM CLASS="Replaceable">pattern</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Gets all files matching <EM CLASS="Replaceable">pattern</em>
+ from the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">mput</em>
+<EM CLASS="Replaceable"> pattern</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Places all local files matching <EM CLASS="Replaceable">pattern</em>
+ on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">prompt</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Toggles interactive prompting on and off for <EM CLASS="Literal">mget</em> and <EM CLASS="Literal">mput</em>.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">lowercase ON </em>
+ <br>
+
+(or<EM CLASS="Literal"> OFF</em>)</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">If lowercase is on, <EM CLASS="Emphasis">smbclient</em>
+ will convert filenames to lowercase during an <EM CLASS="Literal">mget</em>
+ or <EM CLASS="Literal">get</em>
+ (but not a <EM CLASS="Literal">mput</em> or <EM CLASS="Literal">put</em>).</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">del</em>
+ <EM CLASS="Replaceable">filename</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Delete a file on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">md</em>
+ <EM CLASS="Replaceable">directory</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Create a directory on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">mkdir</em>
+ <EM CLASS="Replaceable">directory</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Create a directory on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">rd</em>
+ <EM CLASS="Replaceable">directory</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Remove the specified directory on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">rmdir</em>
+ <EM CLASS="Replaceable">directory</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Remove the specified directory on the remote machine.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">setmode</em>
+ <EM CLASS="Replaceable">filename</em>
+ <EM CLASS="Literal">[+|-]rsha</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Set DOS filesystem attribute bits, using Unix-like modes. <EM CLASS="Literal">r</em>
+ is read-only, <EM CLASS="Literal">s</em>
+ is system, <EM CLASS="Literal">h</em>
+ is hidden, and <EM CLASS="Literal">a</em>
+ is archive.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">exit</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Exits <EM CLASS="Emphasis">smbclient</em>.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">quit</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Exits <EM CLASS="Emphasis">smbclient</em>.</p>
+</td>
+</tr>
+</table>
+<P CLASS="Body">There are also mask and recursive commands for large copies; see the <EM CLASS="Filename">smbclient</em>
+ manual page for details on how to use these. With the exception of mask, recursive, and the lack of an ASCII transfer mode, <EM CLASS="Emphasis">smbclient</em>
+ works exactly the same as FTP. Note that because it does binary transfers, Windows files copied to Unix will have lines ending in carriage-return and linefeed (<EM CLASS="Literal">&#92;r&#92;n</em>), not Unix's linefeed (<EM CLASS="Literal">&#92;n</em>).</p>
+</div>
+<DIV>
+<H4 CLASS="HeadC">Printing commands</h4>
+<P CLASS="Body">The <EM CLASS="Emphasis">smbclient</em>
+ program can also be used for access to a printer by connecting to a print share. Once connected, the commands shown below can be used to print. </p>
+<TABLE>
+<CAPTION>
+<H4 CLASS="TableLabel"><A NAME="39300"></a>&nbsp;</h4>
+<H4 CLASS="TableTitle">smbclient Printing Commands </h4>
+</caption>
+<TR>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Command</p>
+</th>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Description</p>
+</th>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">print</em>
+<EM CLASS="Replaceable"> filename</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Prints the file by copying it from the local machine to the remote one and then submitting it as a print job there.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">printmode</em>
+ <EM CLASS="Replaceable">text </em>
+|<EM CLASS="Replaceable"> graphics</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Instructs the server that the following files will be plain text (ASCII) or the binary graphics format that the printer requires. It's up to the user to ensure that the file is indeed the right kind.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">queue</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Displays the queue for the print share you're connected to, showing job ID, name, size, and status.</p>
+</td>
+</tr>
+</table>
+</div>
+</div>
+<DIV>
+<H4 CLASS="SidebarBody">Finally, to print from the <EM CLASS="Emphasis">smbclient</em>, use the <EM CLASS="Literal">-c</em>
+ option:</h4>
+<P CLASS="Code">cat <EM CLASS="Replaceable">printfile</em>
+ | smbclient //<EM CLASS="Replaceable">server</em>
+/<EM CLASS="Replaceable">printer_name</em>
+  -c &quot;print -&quot;</p>
+<DIV>
+<H4 CLASS="HeadC">Tar commands</h4>
+<P CLASS="Body"><EM CLASS="Emphasis">smbclient</em>
+ can tar up files from a file share. This is normally done from the command line using the <EM CLASS="Emphasis">smbtar</em>
+ command, but the commands shown below are also available interactively. </p>
+<TABLE>
+<CAPTION>
+<H4 CLASS="TableLabel"><A NAME="54517"></a>&nbsp;</h4>
+<H4 CLASS="TableTitle">smbclient Tar Commands </h4>
+</caption>
+<TR>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Command</p>
+</th>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Description</p>
+</th>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">tar c|x[IXbgNa]</em>
+ <EM CLASS="Replaceable">operands</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Performs a creation or extraction <EM CLASS="Emphasis">tar</em> similar to the command-line program. </p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">blocksize</em>
+ <EM CLASS="Replaceable">size</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Sets the block size to be used by <EM CLASS="Emphasis">tar</em>, in 512-byte blocks.</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">tarmode full|inc|reset|<br>
+
+noreset</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Makes <EM CLASS="Emphasis">tar</em>
+ pay attention to DOS archive bit for all following commands. In <EM CLASS="Literal">full</em>
+ mode (the default), <EM CLASS="Emphasis">tar</em>
+ will back up everything. In <EM CLASS="Literal">inc</em>
+ (incremental) mode, <EM CLASS="Emphasis">tar</em>
+ will back up only those files with the archive bit set. In <EM CLASS="Literal">reset</em>
+ mode, <EM CLASS="Emphasis">tar</em>
+ will reset the archive bit on all files it backs up (this requires the share to be writable), and in <EM CLASS="Literal">noreset</em>
+ mode the archive bit will not be reset even after the file has been backed up.</p>
+</td>
+</tr>
+</table>
+</div>
+<DIV>
+<H4 CLASS="HeadC">Command-line message program options</h4>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-M</em>
+ <EM CLASS="Replaceable">NetBIOS_machine_name</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option allows you to send immediate messages using the WinPopup protocol to another computer. Once a connection is established, you can type your message, pressing control-D to end. If WinPopup is not running on the receiving machine, the program returns an error.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-U</em>
+ <EM CLASS="Replaceable">user</em>
+ </h4>
+<UL>
+<LI CLASS="ListVariable">This<EM CLASS="Replaceable"> </em>
+option allows you to indirectly control the FROM part of the message. </li>
+</ul>
+<DIV>
+<H4 CLASS="HeadC">Command-line tar program options</h4>
+<P CLASS="Body">The <EM CLASS="Literal">-T</em>
+ (tar), <EM CLASS="Literal">-D</em>
+ (starting directory), and <EM CLASS="Literal">-c</em>
+ (command) options are used together to tar up files interactively. This is better done with <EM CLASS="Filename">smbtar</em>, which will be discussed shortly. We don't recommend using <EM CLASS="Emphasis">smbclient</em>
+ directly as a <EM CLASS="Emphasis">tar</em>
+ program. </p>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-D</em>
+ <EM CLASS="Replaceable">initial_directory</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Changes to initial directory before starting.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-c</em>
+ <EM CLASS="Replaceable">command_string</em>
+ </h4>
+<UL>
+<LI CLASS="ListVariable">Passes a command string to the <EM CLASS="Emphasis">smbclient</em>
+ command interpreter, which treats it as a semicolon-separated list of commands to be executed. This is handy to say things such as <EM CLASS="Literal">tarmode</em> <EM CLASS="Literal">inc</em>, for example, which forces <EM CLASS="Literal">smbclient</em>
+ <EM CLASS="Literal">-T</em>
+ to back up only files with the archive bit set.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-T</em>
+ <EM CLASS="Replaceable">command filename</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Runs the <EM CLASS="Emphasis">tar</em>
+ driver, which is <EM CLASS="Emphasis">gtar</em>
+ compatible. The two main commands are: <EM CLASS="Literal">c</em>
+ (create) and <EM CLASS="Literal">x</em>
+ (extract), which may be followed by any of:</li>
+</ul>
+<DIV>
+<H4 CLASS="FM-ListVariableTermRunin"><EM CLASS="Literal">a</em>
+</h4>
+<P CLASS="FM-ListVariable">Resets archive bits once files are saved.</p>
+</div>
+<DIV>
+<H5 CLASS="FM-ListVariableTerm"><EM CLASS="Literal">b</em>
+ <EM CLASS="Replaceable">size</em>
+</h5>
+<P CLASS="FM-ListVariable">Sets blocksize in 512-byte units.</p>
+<DIV>
+<H4 CLASS="FM-ListVariableTermRunin"><EM CLASS="Literal">g</em>
+</h4>
+<P CLASS="FM-ListVariable">Backs up only files with the archive bit set.</p>
+</div>
+</div>
+<DIV>
+<H5 CLASS="FM-ListVariableTerm"><EM CLASS="Literal">I</em>
+ <EM CLASS="Replaceable">file</em>
+</h5>
+<P CLASS="FM-ListVariable">Includes files and directories (this is the default). Does not do pattern-matching.</p>
+</div>
+<DIV>
+<H5 CLASS="FM-ListVariableTerm"><EM CLASS="Literal">N</em>
+ <EM CLASS="Replaceable">filename</em>
+</h5>
+<P CLASS="FM-ListVariable">Backs up only those files newer than <EM CLASS="Replaceable">filename.</em>
+</p>
+<DIV>
+<H4 CLASS="FM-ListVariableTermRunin"><EM CLASS="Literal">q</em>
+</h4>
+<P CLASS="FM-ListVariable">Does not produce diagnostics.</p>
+</div>
+</div>
+<DIV>
+<H5 CLASS="FM-ListVariableTerm"><EM CLASS="Literal">X</em>
+ <EM CLASS="Replaceable">file</em>
+</h5>
+<P CLASS="FM-ListVariable">Excludes files.</p>
+<DIV>
+<H4 CLASS="HeadC">Command-line query program</h4>
+<P CLASS="Body">If <EM CLASS="Filename">smbclient</em>
+ is run as:</p>
+<P CLASS="Code">smbclient -L <EM CLASS="Replaceable">server_name</em>
+</p>
+<P CLASS="Body">it will list the shares and other services that machine provides. This is handy if you don't have <EM CLASS="Filename">smbwrappers</em>. It can also be helpful as a testing program in its own right.</p>
+</div>
+<DIV>
+<H4 CLASS="HeadC">Command-line debugging /diagnostic program options</h4>
+<P CLASS="Body">Any of the various modes of operation of <EM CLASS="Emphasis">smbclient</em>
+ can be used with the debugging and testing command-line options:</p>
+</div>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-B</em>
+ <EM CLASS="Replaceable">IP_addr</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the broadcast address.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">debug_level</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (sometimes called logging) level. The level can range from 0 all the way to 10. In addition, you can specify <EM CLASS="Literal">A</em>
+ for all debugging options. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging and slow operations considerably.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-E</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sends all messages to stderr instead of stdout.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-I</em>
+ <EM CLASS="Replaceable">IP_address</em>
+ </h4>
+<UL>
+<LI CLASS="ListVariable">Sets the IP address of the server to which it connects.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-i</em>
+ <EM CLASS="Replaceable">scope</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-l</em>
+ <EM CLASS="Replaceable">log_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sends the log messages to the specified file. </li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-N</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Suppresses the password prompt. Unless a password is specified on the command line or this parameter is specified, the client will prompt for a password.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-n</em>
+ <EM CLASS="Replaceable">NetBIOS_name</em>
+</h4>
+<P CLASS="ListSimple">This option allows you to override the NetBIOS name by which the daemon will advertise itself. </p>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-O</em>
+ <EM CLASS="Replaceable">socket_options</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the TCP/IP socket options using the same parameters as the <EM CLASS="Literal">socket</em>
+ <EM CLASS="Literal">options</em>
+ configuration option. It is often used for performance tuning and testing.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-p</em>
+ <EM CLASS="Replaceable">port_number</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the port number from which the client will accept requests.  </li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-R</em>
+ <EM CLASS="Replaceable">resolve_order</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the resolve order of the name servers. This option is similar to the <EM CLASS="Literal">resolve</em>
+ <EM CLASS="Literal">order</em>
+ configuration option, and can take any of the four parameters, <EM CLASS="Literal">lmhosts</em>, <EM CLASS="Literal">host</em>, <EM CLASS="Literal">wins</em>, and <EM CLASS="Literal">bcast</em>, in any order.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">configuration_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the location of the Samba configuration file. Used for debugging.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-t</em>
+ <EM CLASS="Replaceable">terminal_code</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the terminal code for Asian languages.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-U</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the username and optionally password (e.g., <EM CLASS="Literal">-U</em>
+ <EM CLASS="Literal">fred%secret</em>).</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-W</em>
+ <EM CLASS="Replaceable">workgroup</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the workgroup that you want the client to connect as.</li>
+</ul>
+<P CLASS="Body">If you want to test a particular name service, run <EM CLASS="Emphasis">smbclient</em>
+ with <EM CLASS="Literal">-R</em>
+ and just the name of the service. This will force <EM CLASS="Emphasis">smbclient</em>
+ to use only the service you gave.<EM CLASS="Emphasis"></em>
+</p>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">smbstatus</h3>
+<P CLASS="Body">The <EM CLASS="Filename">smbstatus</em>
+ program lists the current connections on a Samba server. There are three separate sections. The first section lists various shares that are in use by specific users. The second section lists the locked files that Samba currently has on all of its shares. Finally, the third section lists the amount of memory usage for each of the shares. For example:</p>
+<pre>
+# <EM CLASS="LineEmphasis">smbstatus</em>
+
+Samba version 2.0.3
+Service      uid      gid      pid     machine
+----------------------------------------------
+network      davecb   davecb   7470   phoenix  (192.168.220.101) Sun May 16 
+network      davecb   davecb   7589   chimaera (192.168.220.102) Sun May 16 
+&nbsp;
+Locked files:
+Pid    DenyMode   R/W        Oplock           Name
+--------------------------------------------------
+7589   DENY_NONE  RDONLY   EXCLUSIVE+BATCH  /home/samba/quicken/inet/common/system/help.bmp   Sun May 16 21:23:40 1999
+7470   DENY_WRITE RDONLY   NONE             /home/samba/word/office/findfast.exe              Sun May 16 20:51:08 1999
+7589   DENY_WRITE RDONLY   EXCLUSIVE+BATCH  /home/samba/quicken/lfbmp70n.dll                  Sun May 16 21:23:39 1999
+7589   DENY_WRITE RDWR     EXCLUSIVE+BATCH  /home/samba/quicken/inet/qdata/runtime.dat        Sun May 16 21:23:41 1999
+7470   DENY_WRITE RDONLY   EXCLUSIVE+BATCH  /home/samba/word/office/osa.exe                   Sun May 16 20:51:09 1999
+7589   DENY_WRITE RDONLY   NONE             /home/samba/quicken/qversion.dll                  Sun May 16 21:20:33 1999
+7470   DENY_WRITE RDONLY   NONE             /home/samba/quicken/qversion.dll                  Sun May 16 20:51:11 1999
+&nbsp;
+Share mode memory usage (bytes):
+   1043432(99%) free + 4312(0%) used + 832(0%) overhead = 1048576(100%) total
+</pre>
+<DIV>
+<H4 CLASS="HeadC">Options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-b</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Forces <EM CLASS="Filename">smbstatus</em>
+ to produce brief output. This includes the version of Samba and auditing information about the users that have logged into the server.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-d</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Gives verbose output, including each of the three reporting sections listed in the previous example. This is the default.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-L</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Forces <EM CLASS="Filename">smbstatus</em>
+ to print only the current file locks it has. This corresponds to the second section in a verbose output. </li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-p</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Prints a list of <EM CLASS="Filename">smbd</em>
+ process IDs only. This is often used for scripts.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-S</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Prints only a list of shares and their connections. This corresponds to the first section in a verbose output.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">configuration_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the Samba configuration file to use when processing this command.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-u</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Limits the <EM CLASS="Filename">smbstatus</em>
+ report to the activity of a single user.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">smbtar</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">smbtar</em>
+ program is a shell script on top of <EM CLASS="Emphasis">smbclient</em>
+ that gives the program more intelligible options when doing tar operations. Functionally, it is equivalent to the Unix <EM CLASS="Emphasis">tar</em>
+ program.</p>
+<DIV>
+<H4 CLASS="HeadC">Options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-a</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Resets the archive bit mode</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-b</em>
+ <EM CLASS="Replaceable">blocksize</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Blocking size. Defaults to 20.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">directory</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Changes to initial directory before restoring or backing up files.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-i</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Incremental mode; tar files are backed up only if they have the DOS archive bit set. The archive bit is reset after each file is read.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-l</em>
+ <EM CLASS="Replaceable">log_level</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable"> Sets the logging level.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-N</em>
+ <EM CLASS="Replaceable">filename</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Backs up only the files newer than the last modification date of <EM CLASS="Replaceable">filename</em>. For incremental backups.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-p</em>
+ <EM CLASS="Replaceable">password</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the password to use to access a share.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-r</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Restores files to the share from the tar file.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">server</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the SMB/CIFS server in which the share resides.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-t</em>
+ <EM CLASS="Replaceable">tape</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Tape device or file. Default is the value of the environment variable <EM CLASS="Literal">$TAPE</em>, or <EM CLASS="Emphasis">tar.out</em>
+ if <EM CLASS="Literal">$TAPE</em>
+ isn't set.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-u</em>
+ <EM CLASS="Replaceable">user</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the user to connect to the share as. You can specify the password as well, in the format <EM CLASS="Replaceable">username</em><EM CLASS="Literal">%</em><EM CLASS="Replaceable">password</em>.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-v</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the use of verbose mode.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-X</em>
+ <EM CLASS="Replaceable">file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Tells <EM CLASS="FirstTerm">smbtar</em>
+ to exclude the specified file from the <EM CLASS="Emphasis">tar</em>
+ create or restore.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-x</em>
+ <EM CLASS="Replaceable">share</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">States the share name on the server to connect to. The default is <EM CLASS="Literal">backup</em>, which is a common share name to perform backups with.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="SidebarBody">For example, a trivial backup command to archive the data for user <EM CLASS="Literal">sue</em>
+ is:</h4>
+<P CLASS="Code"># <EM CLASS="LineEmphasis">smbtar -s pc_name -x sue -u sue -p secret -t sue.tar </em>
+</p>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">nmblookup</h3>
+<P CLASS="Body">The <EM CLASS="Filename">nmblookup</em>
+ program is a client program that exercises the NetBIOS-over-UDP/IP name service for resolving NBT machine names into IP addresses. The command works by broadcasting its queries on the local subnet until a machine with that name responds. You can think of it as a Windows <EM CLASS="Emphasis">nslookup(1) </em>
+or <EM CLASS="EmailSite">dig(1). </em>
+This is useful for looking up both normal NetBIOS names, and the odd ones like        <EM CLASS="Literal">__MSBROWSE__</em>
+ that the Windows name services use to provide directory-like services. If you wish to query for a particular type of NetBIOS name, add the NetBIOS <EM CLASS="Literal">&lt;type&gt;</em>
+ to the end of the name.</p>
+<P CLASS="Body">The command line is:</p>
+<P CLASS="Code">nmblookup [-options] <EM CLASS="Replaceable">name</em>
+</p>
+<P CLASS="Body">The options supported are:</p>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-A</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Interprets <EM CLASS="Replaceable">name</em>
+ as an IP address and do a node-status query on this address.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-B</em>
+ <EM CLASS="Replaceable">broadcast _address</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">debuglevel</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (sometimes called logging) level. The level can range from 0 all the way to 10. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging and slow the program considerably.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-h</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Prints command-line usage information for the program.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-i</em>
+ <EM CLASS="Replaceable">scope</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-M</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Searches for a local master browser. This is done with a broadcast searching for a machine that will respond to the special name <EM CLASS="Literal">__MSBROWSE__</em>, and then asking that machine for information, instead of broadcasting the query itself.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-R</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the recursion desired bit in the packet. This will cause the machine that responds to try to do a WINS lookup and return the address and any other information the WINS server has saved.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-r</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Use the root port of 137 for Windows 95 machines.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-S</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Once the name query has returned an IP address, does a node status query as well. This returns all the resource types that the machine knows about, with their numeric attributes. For example:</li>
+</ul>
+<pre>
+% <EM CLASS="LineEmphasis">nmblookup -d 4 -S elsbeth</em>
+received 6 names
+      ELSBETH                &lt;00&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt;
+      ELSBETH                &lt;03&gt; -         B &lt;ACTIVE&gt;
+      ELSBETH                &lt;1d&gt; -         B &lt;ACTIVE&gt;
+      ELSBETH                &lt;1e&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt;
+      ELSBETH                &lt;20&gt; -         B &lt;ACTIVE&gt;
+      ..__MSBROWSE__..       &lt;01&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt;
+</pre>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">configuration_file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies the location of the Samba configuration file. Although the file defaults to <EM CLASS="Filename">/usr/local/samba/lib/smb.conf</em>, you can override it here on the command-line, normally for debugging.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-T</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option can be used to translate IP addresses into resolved names. </li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-U</em>
+ <EM CLASS="Replaceable">unicast_address</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Performs a unicast query to the specified address. Used with <EM CLASS="Literal">-R</em>
+ to query WINS servers.</li>
+</ul>
+<P CLASS="Body">Note that there is no workgroup option for <EM CLASS="Emphasis">nmblookup</em>; you can get around this by putting <EM CLASS="Literal">workgroup</em>
+ <EM CLASS="Literal">=</em>
+ <EM CLASS="Replaceable">workgroup_name </em>
+in a file and passing it to <EM CLASS="Emphasis">nmblookup</em>
+ with the <EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">smb.conf_file</em>
+ option. </p>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">smbpasswd</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">smbpasswd</em>
+ password has two distinct sets of functions. When run by users, it changes their encrypted passwords. When run by <EM CLASS="Literal">root</em>, it updates the encrypted password file. When run by an ordinary user with no options, it connects to the primary domain controller and changes his or her Windows password.</p>
+<P CLASS="Body">The program will fail if <EM CLASS="Emphasis">smbd</em>
+ is not operating, if the <EM CLASS="Literal">hosts</em>
+ <EM CLASS="Literal">allow</em>
+ or <EM CLASS="Literal">hosts</em>
+ <EM CLASS="Literal">deny</em>
+ configuration options will not permit connections from localhost (IP address 127.0.0.1), or the <EM CLASS="Literal">encrypted</em>
+ <EM CLASS="Literal">passwords</em>
+ <EM CLASS="Literal">=</em>
+ <EM CLASS="Literal">no</em>
+ option is set.</p>
+<DIV>
+<H4 CLASS="HeadC">Regular user options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-D</em>
+ <EM CLASS="Replaceable">debug_level</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the debug (also called logging) level. The level can range from 0 to 10. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging and slow the program considerably.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-h</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Prints command-line usage information for the program.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-r</em>
+ <EM CLASS="Replaceable">remote_machine_name</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Specifies on which machine the password should change. The remote machine must be a primary domain controller (PDC).</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-R</em>
+ <EM CLASS="Replaceable">resolve_order</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets the resolve order of the name servers. This option is similar to the <EM CLASS="Literal">resolve</em>
+ <EM CLASS="Literal">order</em>
+ configuration option, and can take any of the four parameters, <EM CLASS="Literal">lmhosts</em>, <EM CLASS="Literal">host</em>, <EM CLASS="Literal">wins</em>, and <EM CLASS="Literal">bcast</em>,<EM CLASS="Literal"> </em> in any order.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-U</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Used only with <EM CLASS="Literal">-r</em>, to modify a username that is spelled differently on the remote machine.</li>
+</ul>
+<DIV>
+<H4 CLASS="HeadC">Root-only options</h4>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-a</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Adds a user to the encrypted password file.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-d</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Disables a user in the encrypted password file.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-e</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Enables a disabled user in the encrypted password file.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-m</em>
+ <EM CLASS="Replaceable">machine_name</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Changes a machine account's password. The machine accounts are used to authenticate machines when they connect to a primary or backup domain controller.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-j</em>
+ <EM CLASS="Replaceable">domain_name</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Adds a Samba server to a Windows NT Domain.</li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-n</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Sets no password for the user.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">username</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Causes <EM CLASS="Emphasis">smbpasswd</em>
+ to be silent and to read its old and new passwords from standard input, rather than from <EM CLASS="Filename">/dev/tty</em>. This is useful for writing scripts.</li>
+</ul>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">testparm</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">testparm</em>
+ program checks an <EM CLASS="Filename">smb.conf</em>
+ file for obvious errors and self-consistency. Its command line is:</p>
+<P CLASS="Code">testparm [options] <EM CLASS="Replaceable">configfile_name [hostname IP_addr]</em>
+</p>
+<P CLASS="Body">If the configuration file is not specified, the file at <EM CLASS="Replaceable">samba_dir</em>
+<EM CLASS="Filename">/lib/smb.conf</em>
+ is checked by default. If you specify a hostname and an IP address, an extra check will be made to ensure that the specified machine would be allowed to connect to Samba. If a hostname is specified, an IP address should be present as well.</p>
+<DIV>
+<H4 CLASS="HeadC">Options</h4>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-h</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Prints command-line information for the program.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-L</em>
+ server_name</h4>
+<UL>
+<LI CLASS="ListVariable">Resets the <EM CLASS="Literal">%L</em>
+ configuration variable to the specified server name. </li>
+</ul>
+<DIV>
+<H4 CLASS="ListVariableTermRunin"><EM CLASS="Literal">-s</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">This option prevents the <EM CLASS="Emphasis">testparm</em>
+ program from prompting the user to press the Enter key before printing a list of the configuration options for the server.</li>
+</ul>
+</div>
+</div>
+</div>
+<DIV>
+<H3 CLASS="HeadB">testprns</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">testprns</em>
+ program checks a specified printer name against the system printer capabilities (<EM CLASS="Filename">printcap</em>) file. Its command line is:</p>
+<P CLASS="Code">testprns <EM CLASS="Replaceable">printername</em>
+ [<EM CLASS="Replaceable">printcapname</em>]</p>
+<P CLASS="Body">If the <EM CLASS="Literal">printcapname</em>
+ isn't specified, Samba attempts to use one located in the <EM CLASS="Filename">smb.conf</em>
+ file. If one isn't specified there, Samba will try <EM CLASS="Filename">/etc/printcap</em>. If that fails, the program will generate an error.</p>
+</div>
+<DIV>
+<H3 CLASS="HeadB">rpcclient</h3>
+<P CLASS="Body">This is a new client that exercises the RPC (remote procedure call) interfaces of an SMB server. Like <EM CLASS="Emphasis">smbclient</em>, <EM CLASS="Emphasis">rpcclient</em>
+ started its life as a test program for the Samba developers and will likely stay that way for a while. Its command line is:</p>
+<P CLASS="Code">rpcclient //<EM CLASS="Replaceable">server</em>/<EM CLASS="Replaceable">share</em>
+</p>
+<P CLASS="Body">The command-line options are the same as the Samba 2.0 <EM CLASS="Emphasis">smbclient</em>, and the operations you can try are listed below. </p>
+<TABLE>
+<CAPTION>
+<H4 CLASS="TableLabel"><A NAME="65243"></a>&nbsp;</h4>
+<H4 CLASS="TableTitle">rpcclient commands </h4>
+</caption>
+<TR>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Command</p>
+</th>
+<TH ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellHeading">Description</p>
+</th>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regenum keyname</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Enumeration (keys, values)</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regdeletekey keyname </em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Key Delete</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regcreatekey keyname [keyvalue]</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Key Create</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regquerykey keyname</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Key Query</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regdeleteval valname</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Value Delete</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regcreateval valname valtype value</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Key Create</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">reggetsec keyname</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Registry Key Security</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">regtestsec keyname</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Test Registry Key Security</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">ntlogin [username] [password]</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">NT Domain Login Test</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">wksinfo</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Workstation Query Info</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">srvinfo</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Server Query Info</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">srvsessions</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">List Sessions on a Server</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">srvshares</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">List shares on a server</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">srvconnections</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">List connections on a server </p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">srvfiles</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">List files on a server</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">lsaquery</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Query Info Policy (domain member or server)</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">lookupsids</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">Resolve names from SIDs</p>
+</td>
+</tr>
+<TR>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody"><EM CLASS="Literal">ntpass</em>
+</p>
+</td>
+<TD ROWSPAN="1" COLSPAN="1">
+<P CLASS="CellBody">NT SAM Password Change</p>
+</td>
+</tr>
+</table>
+</div>
+<DIV>
+<H3 CLASS="HeadB">tcpdump</h3>
+<P CLASS="Body">The <EM CLASS="Emphasis">tcpdump</em>
+ utility, a classic system administration tool, dumps all the packet headers it sees on an interface that match an expression. The version included in the Samba distribution is enhanced to understand the SMB protocol. The <EM CLASS="Emphasis">expression</em>
+ is a logical expression with &quot;and,&quot; &quot;or,&quot; and &quot;not,&quot; although sometimes it's very simple. For example, <EM CLASS="Literal">host</em>
+ <EM CLASS="Literal">escrime</em>
+ would select every packet going to or from <EM CLASS="Literal">escrime</em>. The expression is normally one or more of:</p>
+<UL>
+<LI CLASS="ListBullet"><EM CLASS="Literal">host</em>
+ <EM CLASS="Replaceable">name</em>
+</li>
+<LI CLASS="ListBullet"><EM CLASS="Literal">net network_number</em>
+</li>
+<LI CLASS="ListBullet"><EM CLASS="Literal">port</em>
+ <EM CLASS="Replaceable">number</em>
+</li>
+<LI CLASS="ListBullet"><EM CLASS="Literal">src</em>
+ <EM CLASS="Replaceable">name </em>
+</li>
+<LI CLASS="ListBullet"><EM CLASS="Literal">dst</em>
+ <EM CLASS="Replaceable">name</em>
+ </li>
+</ul>
+<P CLASS="Body">The most common options are <EM CLASS="Literal">src</em>
+ (source), <EM CLASS="Literal">dst</em>
+ (destination), and <EM CLASS="Literal">port</em>. For example, in the book we used the command: </p>
+<P CLASS="Code">tcpdump port not telnet</p>
+<P CLASS="Body">This dumps all the packets except telnet; we were logged-in via telnet and  wanted to see only the SMB packets. </p>
+<P CLASS="Body">Another <EM CLASS="Emphasis">tcpdump</em>
+ example is selecting traffic between server and either <EM CLASS="Literal">sue</em>
+ or <EM CLASS="Literal">joe</em>:</p>
+<P CLASS="Code">tcpdump host server and &#92;(sue or joe &#92;)</p>
+<P CLASS="Body">We recommend using the <EM CLASS="Literal">-s</em>
+ <EM CLASS="Literal">1500</em>
+ option so that you capture all of the SMB messages sent, instead of just the header information. </p>
+<DIV>
+<H4 CLASS="HeadC">Options</h4>
+<P CLASS="Body">There are many options, and many other kinds of expressions that can be used with <EM CLASS="Emphasis">tcpdump</em>. See the manual page for details on the advanced options. The most common options are as follows: </p>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-c</em>
+ <EM CLASS="Replaceable">count</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Forces the program to exit after receiving the specified number of packets.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-F</em>
+ <EM CLASS="Replaceable">file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Reads the expression from the specified file and ignores expressions on the command line.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-i</em>
+ <EM CLASS="Replaceable">interface</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Forces the program to listen on the specified interface.</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-r</em>
+ <EM CLASS="Replaceable">file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Reads packets from the specified file (captured with <EM CLASS="Literal">-w</em>).</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-s</em>
+ <EM CLASS="Replaceable">length</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Saves the specified number of bytes of data from each packet (rather than 68 bytes).</li>
+</ul>
+</div>
+<DIV>
+<H4 CLASS="ListVariableTerm"><EM CLASS="Literal">-w</em>
+ <EM CLASS="Replaceable">file</em>
+</h4>
+<UL>
+<LI CLASS="ListVariable">Writes the packets to the specified file.</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+</blockquote>
+
+
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appc_01.html" TITLE="">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: Appendix C." BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appe_01.html" TITLE="">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: Appendix E." BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+C. Samba Configuration Option Quick Reference</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+E. Downloading Samba with CVS</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+
+</html>
diff --git a/docs/htmldocs/using_samba/appe_01.html b/docs/htmldocs/using_samba/appe_01.html
new file mode 100755
index 00000000000..199fade6967
--- /dev/null
+++ b/docs/htmldocs/using_samba/appe_01.html
@@ -0,0 +1,96 @@
+<HTML>
+<HEAD>
+<TITLE>[Appendix E] Downloading Samba with CVS</title>
+</head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appd_01.html" TITLE="">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: Appendix D." BORDER="0"></a></td>
+<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Appendix E</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appf_01.html" TITLE="">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: Appendix F." BORDER="0"></a></td></tr>
+</table>
+&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="appendix"><A CLASS="title" NAME="appe-58937">Appendix E. Downloading Samba with CVS</a></h1>
+<P CLASS="para">This appendix contains information on how to download the latest source version of Samba using the Concurrent Versions System (CVS). CVS is a freely available configuration management tool available from Cyclic Software and is distributed under the GNU General Public License. You can download the latest copy from <A CLASS="systemitem.url" HREF="http://www.cyclic.com/">
+http://www.cyclic.com/</a>.</p><P CLASS="para">CVS works on top of the GNU Revision Control System (RCS). Many Unix systems come preinstalled with RCS. However, if you want to download the latest version of RCS, you can find it at <A CLASS="systemitem.url" HREF="http://ftp.gnu.org/gnu/rcs/">http://ftp.gnu.org/gnu/rcs/</a>.</p><P CLASS="para">
+One of the nicest things about CVS is its ability to handle remote logins. This means that people across the globe on the Internet can download and update various source files for any project that uses a CVS repository. Such is the case with Samba. Once you have RCS and CVS installed on your system, you must first log in to the Samba source server with the following command:</p><PRE CLASS="programlisting">
+cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login</pre><P CLASS="para">
+This tells CVS to connect to the CVS server at <I CLASS="filename">
+cvs.samba.org</i>. Once you are connected, you can download the latest source tree with the following command:</p><PRE CLASS="programlisting">
+cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba</pre><P CLASS="para">
+This will download the entire Samba distribution (file by file) into a directory entitled <I CLASS="filename">
+/samba</i>, which it will create on your hard drive. This directory will have the same structure as the Samba source distribution described in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>. It includes source and header files, documentation, and sample configuration files to help get you started. After that is completed, you can follow the instructions in <a href="ch02_01.html"><b>Chapter 2</b></a> to configure and compile Samba on your server.</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appd_01.html" TITLE="">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: Appendix D." BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appf_01.html" TITLE="">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: Appendix F." BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+Appendix D: Summary of Samba Daemons and Commands</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+F. Sample Configuration File</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/appf_01.html b/docs/htmldocs/using_samba/appf_01.html
new file mode 100755
index 00000000000..9b709472256
--- /dev/null
+++ b/docs/htmldocs/using_samba/appf_01.html
@@ -0,0 +1,315 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Appendix F] Sample Configuration File
+</title>
+<META NAME="DC.title" CONTENT="">
+<META NAME="DC.creator" CONTENT="">
+<META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc.">
+<META NAME="DC.date" CONTENT="1999-11-08T16:28:53Z">
+<META NAME="DC.type" CONTENT="Text.Monograph">
+<META NAME="DC.format" CONTENT="text/html" SCHEME="MIME">
+<META NAME="DC.source" CONTENT="" SCHEME="ISBN">
+<META NAME="DC.language" CONTENT="en-US">
+<META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0">
+</head>
+
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<A HREF="index.html">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</a>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appd_01.html" TITLE="D. Downloading Samba with CVS">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: D. Downloading Samba with CVS" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Appendix F</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+&nbsp;</td></tr></table>&nbsp;
+
+<hr noshade size=1></center>
+
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="appendix">
+<A CLASS="title" NAME="appf-10509">
+F. Sample Configuration File</a></h1><P CLASS="para">This appendix gives an example of a production <I CLASS="filename">
+smb.conf</i> file and looks at how many of the options are used in practice. The following is a slightly disguised version of one we used at a corporation with five Linux servers, five Windows for Workgroups clients and three NT Workstation clients:</p><PRE CLASS="programlisting">
+# smb.conf -- File Server System for: 1 Example.COM  BSC &amp; Management Office 
+[globals]
+	workgroup = 1EG_BSC
+	interfaces = 10.10.1.14/24 </pre><P CLASS="para">
+We provide this service on only one of the machine's interfaces. The <CODE CLASS="literal">
+interfaces</code> option sets its address and netmask, where <CODE CLASS="literal">
+/24</code> is the same as using the netmask 255.255.255.0:</p><PRE CLASS="programlisting">
+	comment = Samba ver. %v
+	preexec = csh -c `echo /usr/samba/bin/smbclient \
+                     -M %m -I %I` &amp;</pre><P CLASS="para">
+We use the <KBD CLASS="command">
+preexec</kbd> command to log information about all connections by machine name (<CODE CLASS="literal">%m</code>) and IP address (<CODE CLASS="literal">%I)</code>:</p><PRE CLASS="programlisting">
+	# smbstatus will output various info on current status
+	status = yes
+	browseable = yes
+	printing = bsd
+
+	# the username that will be used for access to services
+	# specified with 'guest = ok'
+	guest account = samba </pre><P CLASS="para">
+The default guest account was <CODE CLASS="literal">
+nobody</code>, uid -1, which produced log messages on one of our machines saying "your server is being unfriendly," so we created a specific Samba guest account for browsing and printing:</p><PRE CLASS="programlisting">
+	# superuser account - admin privilages to shares, with no
+	# restrictions
+	# WARNING - use this with care: files can be modified,
+	# regardless of file permissions
+	admin users = root
+
+	# who is NOT allowed to connect to ANY service
+	invalid users = @wheel, mail, deamon, adt</pre><P CLASS="para">
+Daemons can't use Samba, only people. The <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> option closes a security hole; it prevents intruders from breaking in by pretending to be a daemon process.</p><PRE CLASS="programlisting">
+	# hosts that are ALLOWED or DENIED from connecting to ANY service
+	hosts allow = 10.10.1.
+	hosts deny = 10.10.1.6
+	
+	# where the lock files will be located
+	lock directory = /var/lock/samba/locks
+		
+	# debug log files 
+	# %m = separate log for each NetBIOS name (each machine)
+	log file = /var/log/samba/log.%m
+
+	# We send priority 0, 1 and 2 messages to the system logs
+	syslog = 2
+		
+	# If a WinPopup message is sent to the server,
+	# redirect it to a user via e-mail
+	
+	message command = /bin/mail -s 'message from #% on %m' \
+						 pkelly &lt; %s; rm %s
+
+# ---------------------------------------------------
+# [globals] Performance Tuning
+# ---------------------------------------------------
+	
+	# caching algorithm to reduce time doing getwd() calls.  
+	getwd cache = yes
+
+	socket options = TCP_NODELAY
+
+	# tell the server whether the client is present and
+	# responding in seconds
+	keep alive = 60
+
+	# num minutes of inactivity before a connection is
+	# considered dead
+	dead time = 30 
+
+	read prediction = yes
+	share modes = yes
+	max xmit = 17384 
+	read size = 512</pre><P CLASS="para">
+The <CODE CLASS="literal">
+share</code> <CODE CLASS="literal">
+modes</code>, <CODE CLASS="literal">
+max</code>, <CODE CLASS="literal">
+xinit</code>, and <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+size</code> options are machine-specific (see <a href="appb_01.html"><b>Appendix B, <CITE CLASS="appendix">Samba Performance Tuning</cite></b></a>): </p><PRE CLASS="programlisting">
+	# locking is done by the server
+	locking = yes
+
+	# control whether dos style attributes should be mapped
+	# to unix execute bits
+	map hidden = yes
+	map archive = yes
+	map system = yes</pre><P CLASS="para">
+The three <CODE CLASS="literal">
+map</code> options will work only on shares with a create mode that includes the execute bits (0111). Our <CODE CLASS="literal">
+homes</code> and <CODE CLASS="literal">
+printers</code> shares won't honor them, but the [<CODE CLASS="literal">www]</code> share will:</p><PRE CLASS="programlisting">
+# ---------------------------------------------------------
+# [globals] Security and Domain Logon Services
+# ---------------------------------------------------------	
+# connections are made with UID and GID, not as shares
+	security = user
+
+# boolean variable that controls whether passwords
+# will be encrypted
+	encrypt passwords = yes
+	passwd chat = &quot;*New password:*&quot; %n\r &quot;*New password (again):*&quot; %n\r \ &quot;*Password changed*&quot;
+	passwd program = /usr/bin/passwd %u
+	
+# Always become the local master browser
+	domain master = yes
+	preferred master = yes
+	os level = 34
+	
+# For domain logons to work correctly. Samba acts as a
+# primary domain controller.
+	domain logons = yes
+	
+# Logon script to run for user off the server each time
+# username (%U) logs in.  Set the time, connect to shares,
+# virus checks, etc.
+	logon script = scripts\%U.bat
+
+[netlogon]
+	comment = &quot;Domain Logon Services&quot;
+	path = /u/netlogon
+	writable = yes
+	create mode = 444
+	guest ok = no
+	volume = &quot;Network&quot;</pre><P CLASS="para">
+This share, discussed in <a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains</cite></b></a>, is required for Samba to work smoothly in a Windows NT domain:</p><PRE CLASS="programlisting">
+# -----------------------------------------------------------
+# [homes] User Home Directories
+# -----------------------------------------------------------
+[homes]
+	comment = &quot;Home Directory for : %u &quot;
+	path = /u/users/%u</pre><P CLASS="para">
+The password file of the Samba server specifies each person's home directory as   <EM CLASS="emphasis">
+/home/</em><CODE CLASS="replaceable"><I>machine_name</i></code><EM CLASS="emphasis">/</em><CODE CLASS="replaceable"><I>person</i></code>, which NFS converts to point to the actual physicl location under <EM CLASS="emphasis">
+/u/users</em>. The <CODE CLASS="literal">
+path</code> option in the <CODE CLASS="literal">
+[homes]</code> share tells Samba the actual (non-NFS) location:</p><PRE CLASS="programlisting">
+	guest ok = no
+	read only = no
+	create mode = 644
+	writable = yes
+	browseable = no 
+
+# -----------------------------------------------------------
+# [printers] System Printers
+# -----------------------------------------------------------
+[printers]
+	comment = &quot;Printers&quot;
+	path = /var/spool/lpd/samba
+	printcap name = /etc/printcap
+	printable = yes
+	public = no 
+	writable = no
+
+	lpq command = /usr/bin/lpq -P%p
+	lprm command = /usr/bin/lprm -P%p %j
+	lppause command = /usr/sbin/lpc stop %p
+	lpresume command = /usr/sbin/lpc start %p
+
+	create mode = 0700
+
+	browseable = no 
+	load printers = yes  
+
+# -----------------------------------------------------------
+# Specific Descriptions: [programs] [data] [retail]
+# -----------------------------------------------------------
+[programs]
+	comment = &quot;Shared Programs %T&quot;
+	volume = &quot;programs&quot;</pre><P CLASS="para">
+Shared Programs shows up in the Network Neighborhood, and <CODE CLASS="literal">
+programs</code> is the volume name you specify when an installation program wants to know the label of the CD-ROM from which it thinks it's loading:</p><PRE CLASS="programlisting">
+	path = /u/programs
+	public = yes
+	writeable = yes
+	printable = no
+	create mode = 664
+[cdrom]
+	comment = &quot;Unix CDROM&quot;
+	path = /u/cdrom
+	public = no 
+	writeable = no 
+	printable = no
+	volume = &quot;cdrom&quot;
+
+[data]
+	comment =  &quot;Data Directories %T&quot;
+	path = /u/data
+	public = no
+	create mode = 770
+	writeable = yes
+	volume = &quot;data&quot;
+
+[nt4]
+	comment =  &quot;NT4 Server&quot;
+	path = /u/systems/nt4
+	public = yes 
+	create mode = 770
+	writeable = yes
+	volume = &quot;nt4_server&quot;
+
+[www]
+	comment =  &quot;WWW System&quot;
+	path = /usr/www/http
+	public = yes 
+	create mode = 775
+	writeable = yes
+	volume = &quot;www_system&quot;</pre><P CLASS="para">
+The <CODE CLASS="literal">
+[www]</code> share is the directory used on the Unix server to serve web pages. Samba makes the directory available to local PC users so the art department can update web pages.</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appd_01.html" TITLE="D. Downloading Samba with CVS">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: D. Downloading Samba with CVS" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">&nbsp;</td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+D. Downloading Samba with CVS</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+&nbsp;</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_01.html b/docs/htmldocs/using_samba/ch01_01.html
new file mode 100755
index 00000000000..0651fa823c3
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_01.html
@@ -0,0 +1,167 @@
+<HTML>
+<HEAD>
+<TITLE>[Chapter 1] 1.1 Learning Samba</title>
+</head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+</td>
+<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+</td>
+<TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_02.html" TITLE="1.2 What Can Samba Do For Me?">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.2 What Can Samba Do For Me?" BORDER="0"></a>
+</td>
+</tr>
+</table>&nbsp;
+<hr noshade size=1>
+</center>
+</div>
+<blockquote>
+<div>
+<H1 CLASS="sect1">1. Learning the Samba</h1>
+<p>If you are a typical system administrator, then you know what it means to be <i>swamped</i> with work. Your daily routine is filled with endless hardware incompatibility issues, system outages, data backup problems, and a steady stream of angry users. So adding another program to the mix of tools that you have to maintain may sound a bit perplexing. However, if you're determined to reduce the complexity of your work environment, as well as the workload of keeping it running smoothly, Samba may be the tool you've been waiting for.</p>
+
+<p>A case in point: one of the authors of this book used to look after 70 Unix developers sharing 5 Unix servers. His neighbor administered 20 Windows 3.1 users and 5 OS/2 and Windows NT servers. To put it mildly, the Windows 3.1 administrator was swamped. When he finally left - and the domain controller melted - Samba was brought to the rescue. Our author quickly replaced the Windows NT and   OS/2 servers with Samba running on a Unix server, and eventually bought PCs for most of the company developers. However, he did the latter without hiring a new PC administrator; the administrator now manages one centralized Unix application instead of fifty distributed PCs. </p>
+
+<p>If you know you're facing a problem with your network and you're sure there is a better way, we encourage you to start reading this book. Or, if you've heard about Samba and you want to see what it can do for you, this is also the place to start. We'll get you started on the path to understanding Samba and its potential. Before long, you can provide Unix services to all your Windows machines - all without spending tons of extra time or money. Sound enticing? Great, then let's get started.</p>
+
+<a name="s1"></a>
+<h2 id="ch01-28119">1.1 What is Samba?</h2>
+
+<p>Samba is a suite of Unix applications that speak the SMB (Server Message Block) protocol. Many operating systems, including Windows and OS/2, use SMB to perform client-server networking. By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. Thus, a Samba-enabled Unix machine can masquerade as a server on your Microsoft network and offer the following services:</p>
+
+<ul>
+<li id="ch01-pgfId-940463">
+
+<p>Share one or more filesystems</p>
+
+</li>
+<li id="ch01-pgfId-940464">
+
+<p>Share printers installed on both the server and its clients</p>
+
+</li>
+<li id="ch01-pgfId-940465">
+
+<p>Assist clients with Network Neighborhood browsing</p>
+
+</li>
+<li id="ch01-pgfId-940489">
+
+<p>Authenticate clients logging onto a Windows domain</p>
+
+</li>
+<li id="ch01-pgfId-940472">
+
+<p>Provide or assist with WINS name server resolution</p>
+
+</li>
+</ul>
+
+<p>Samba is the brainchild of Andrew Tridgell, who currently heads the Samba development team from his home of Canberra, Australia. The project was born in 1991 when Andrew created a fileserver program for his local network that supported an odd DEC protocol from Digital Pathworks. Although he didn't know it at the time, that protocol later turned out to be SMB. A few years later, he expanded upon his custom-made SMB server and began distributing it as a product on the Internet under the name SMB Server. However, Andrew couldn't keep that name - it already belonged to another company's product - so he tried the following Unix renaming approach:</p>
+
+<pre>
+grep -i 's.*m.*b' /usr/dict/words </pre>
+
+<p>And the response was:</p>
+
+<Pre>
+salmonberry samba sawtimber scramble</pre>
+
+<p>Thus, the name "Samba" was born.<footnote id="ch01-pgfId-946532">
+
+<p>Which is a good thing, because our marketing people highly doubt you would have picked up a book called "Using Salmonberry"!</p>
+
+</footnote></p>
+
+<p>Today, the Samba suite revolves around a pair of Unix daemons that provide shared resources - or <i>shares</i> - to SMB clients on the network. (Shares are sometimes called s<i>ervices</i> as well.) These daemons are:</p>
+
+<dl>
+<dt>smbd</dt>
+<dd>
+
+<p id="ch01-pgfId-949804">A daemon that allows file and printer sharing on an SMB network and provides authentication and authorization for SMB clients.</p>
+
+</dd>
+
+<dt>nmbd</dt>
+<dd>
+
+<p id="ch01-pgfId-949805">A daemon that looks after the Windows Internet Name Service (WINS), and assists with browsing.</p>
+
+</dd>
+</dl>
+
+<p>Samba is currently maintained and extended by a group of volunteers under the active supervision of Andrew Tridgell. Like the Linux operating system, Samba is considered <i>Open Source software </i>(OSS) by its authors, and is distributed under the GNU General Public License (GPL). Since its inception, development of Samba has been sponsored in part by the Australian National University, where Andrew Tridgell earned his Ph.D.<a href = "#footnote"> [1]</a>
+ In addition, some development has been sponsored by independent vendors such as Whistle and SGI. It is a true testament to Samba that both commercial and non-commercial entities are prepared to spend money to support an Open Source effort.</p>
+<blockquote><a name="footnote">
+<p>[1] At the time of this printing, Andrew had completed his Ph.D. work and had joined San Francisco-based LinuxCare.</p>
+</blockquote>
+<p>Microsoft has also contributed materially by putting forward its definition of SMB and the Internet-savvy Common Internet File System (CIFS), as a public Request for Comments (RFC), a standards document. The CIFS protocol is Microsoft's renaming of future versions of the SMB protocol that will be used in Windows products - the two terms can be used interchangeably in this book. Hence, you will often see the protocol written as "SMB/CIFS."</p> </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+
+</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_02.html" TITLE="1.2 What Can Samba Do For Me?">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.2 What Can Samba Do For Me?" BORDER="0"></a></td></tr><TR>
+
+<TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.1 Learning Samba</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_02.html b/docs/htmldocs/using_samba/ch01_02.html
new file mode 100755
index 00000000000..9ccb2dfeee2
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_02.html
@@ -0,0 +1,212 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.2 What Can Samba Do For Me?</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:50Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_01.html" TITLE="1.1 What is Samba?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.1 What is Samba?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_03.html" TITLE="1.3 Getting Familiar with a SMB/CIFS Network">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.3 Getting Familiar with a SMB/CIFS Network" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-pgfId-937232">
+1.2 What Can Samba Do For Me?</a></h2><P CLASS="para">
+As explained earlier, Samba can help Windows and Unix machines coexist in the same network. However, there are some specific reasons why you might want to set up a Samba server on your network:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-941390">
+</a>You don't want to pay for&nbsp;- or can't afford&nbsp;- a full-fledged Windows NT server, yet you still need the functionality that one provides.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-941391">
+</a>You want to provide a common area for data or user directories in order to transition from a Windows server to a Unix one, or vice versa.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-941394">
+</a>You want to be able to share printers across both Windows and Unix workstations.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-941973">
+</a>You want to be able to access NT files from a Unix server.</p></li></ul><P CLASS="para">
+Let's take a quick tour of Samba in action. Assume that we have the following basic network configuration: a Samba-enabled Unix machine, to which we will assign the name <CODE CLASS="literal">
+hydra</code>, and a pair of Windows clients, to which we will assign the names <CODE CLASS="literal">
+phoenix</code> and <CODE CLASS="literal">
+chimaera</code>, all connected via a local area network (LAN). Let's also assume that <CODE CLASS="literal">
+hydra</code> also has a local inkjet printer connected to it, <CODE CLASS="literal">
+lp</code>, and a disk share named <CODE CLASS="literal">
+network</code>&nbsp;- both of which it can offer to the other two machines. A graphic of this network is shown in <A CLASS="xref" HREF="ch01_02.html#ch01-45964">
+Figure 1.1</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-45964">
+Figure 1.1: A simple network setup with a Samba server</a></h4><IMG CLASS="graphic" SRC="figs/sam.0101.gif" ALT="Figure 1.1"><P CLASS="para">
+In this network, each of the computers listed share the same <I CLASS="firstterm">
+workgroup</i>. A workgroup is simply a group nametag that identifies an arbitrary collection of computers and their resources on an SMB network. There can be several workgroups on the network at any time, but for our basic network example, we'll have only one: the SIMPLE workgroup.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937316">
+1.2.1 Sharing a Disk Service</a></h3><P CLASS="para">If everything is properly configured, we should be able to see the Samba server, <CODE CLASS="literal">
+hydra</code>, through the Network Neighborhood of the <CODE CLASS="literal">
+phoenix</code> Windows desktop. In fact, <A CLASS="xref" HREF="ch01_02.html#ch01-60493">
+Figure 1.2</a> shows the Network Neighborhood of the <CODE CLASS="literal">
+phoenix</code> computer, including <CODE CLASS="literal">
+hydra</code> and each of the computers that reside in the SIMPLE workgroup. Note the Entire Network icon at the top of the list. As we just mentioned, there can be more than one workgroup on an SMB network at any given time. If a user clicks on the Entire Network icon, he or she will see a list of all the workgroups that currently exist on the network.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-60493">
+Figure 1.2: The Network Neighborhood directory</a></h4><IMG CLASS="graphic" SRC="figs/sam.0102.gif" ALT="Figure 1.2"><P CLASS="para">
+We can take a closer look at the <CODE CLASS="literal">
+hydra</code> server by double-clicking on its icon. This contacts <CODE CLASS="literal">
+hydra</code> itself and requests a list of its <I CLASS="firstterm">
+shares</i>&nbsp;- the file and printer resources&nbsp;- that the machine provides. In this case, there is a printer entitled <CODE CLASS="literal">
+lp</code> and a disk share entitled <CODE CLASS="literal">
+network</code> on the server, as shown in <A CLASS="xref" HREF="ch01_02.html#ch01-76011">
+Figure 1.3</a>. Note that the Windows display shows hostnames in mixed case (Hydra). Case is irrelevant in hostnames, so you may see hydra, Hydra, and HYDRA in various displays or command output, but they all refer to a single system. Thanks to Samba, Windows 98 sees the Unix server as a valid SMB server, and can access the <CODE CLASS="literal">
+network</code> folder as if it were just another system folder. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-76011">
+Figure 1.3: Shares available on the hydra sever as viewed from phoenix</a></h4><IMG CLASS="graphic" SRC="figs/sam.0103.gif" ALT="Figure 1.3"><P CLASS="para">
+One popular feature of Windows 95/98/NT is that you can map a letter-drive to a known network directory using the Map Network Drive option in the Windows Explorer.[<A CLASS="footnote" HREF="#ch01-pgfId-941061">3</a>] Once you do so, your applications can access the folder across the network with a standard drive letter. Hence, you can store data on it, install and run programs from it, and even password-protect it against unwanted visitors. See <A CLASS="xref" HREF="ch01_02.html#ch01-55465">
+Figure 1.4</a> for an example of mapping a letter-drive to a network directory.  </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch01-pgfId-941061">[3]</a> You can also right-click on the shared resource in the Network Neighborhood, and then select the Map Network Drive menu item.</p></div></blockquote><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-55465">
+Figure 1.4: Mapping a network drive to a Windows letter-drive</a></h4><IMG CLASS="graphic" SRC="figs/sam.0104.gif" ALT="Figure 1.4"><P CLASS="para">
+Take a look at the Path: entry in the dialog box of <A CLASS="xref" HREF="ch01_02.html#ch01-55465">
+Figure 1.4</a>. An equivalent way to represent a directory on a network machine is by using two backslashes, followed by the name of the networked machine, another backslash, and the networked directory of the machine, as shown below:</p>
+
+<PRE><I>\\network-machine\directory</i></pre>
+
+<P CLASS="para">
+This is known as the <I CLASS="firstterm">
+UNC</i> (Universal Naming Convention) in the Windows world. For example, the dialog box in <A CLASS="xref" HREF="ch01_02.html#ch01-55465">
+Figure 1.4</a> represents the network directory on the <CODE CLASS="literal">
+hydra</code> server as:</p>
+
+<PRE CLASS="programlisting">\\HYDRA\<CODE CLASS="replaceable"><I>network</i></code></pre><P CLASS="para">
+
+If this looks somewhat familiar to you, you're probably thinking of <I CLASS="firstterm">
+uniform resource locators</i> (URLs), which are addresses that web browsers such as Netscape Navigator and Internet Explorer use to resolve machines across the Internet. Be sure not to confuse the two: web browsers typically use forward slashes instead of back slashes, and they precede the initial slashes with the data transfer protocol (i.e., ftp, http) and a colon (:). In reality, URLs and UNCs are two completely separate things.</p><P CLASS="para">
+Once the network drive is set up, Windows and its programs will behave as if the networked directory was a fixed disk. If you have any applications that support multiuser functionality on a network, you can install those programs on the network drive.[<A CLASS="footnote" HREF="#ch01-pgfId-952017">4</a>] <A CLASS="xref" HREF="ch01_02.html#ch01-32686">
+Figure 1.5</a> shows the resulting network drive as it would appear with other storage devices in the Windows 98 client. Note the pipeline attachment in the icon for the G: drive; this indicates that it is a network drive instead of a fixed drive.  </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch01-pgfId-952017">[4]</a> Be warned that many end-user license agreements forbid installing a program on a network such that multiple clients can access it. Check the legal agreements that accompany the product to be absolutely sure.</p></div></blockquote><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-32686">
+Figure 1.5: The Network directory mapped to the client letter-drive G</a></h4><IMG CLASS="graphic" SRC="figs/sam.0105.gif" ALT="Figure 1.5"><P CLASS="para">
+From our Windows NT Workstation machine, <CODE CLASS="literal">
+chimaera</code>, Samba looks almost identical to Windows 98. <A CLASS="xref" HREF="ch01_02.html#ch01-29255">
+Figure 1.6</a> shows the same view of the <CODE CLASS="literal">
+hydra</code> server from the Windows NT 4.0 Network Neighborhood. Setting up the network drive using the Map Network Drive option in Windows NT Workstation 4.0 would have identical results as well.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-29255">
+Figure 1.6: Shares available on hydra (viewed from chimaera) </a></h4><IMG CLASS="graphic" SRC="figs/sam.0106.gif" ALT="Figure 1.6"></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-942088">
+1.2.2 Sharing a Printer</a></h3><P CLASS="para">You probably noticed that the printer <CODE CLASS="literal">
+lp</code> appeared under the available shares for <CODE CLASS="literal">
+hydra</code> in <A CLASS="xref" HREF="ch01_02.html#ch01-76011">
+Figure 1.3</a>. This indicates that the Unix server has a printer that can be shared by the various SMB clients in the workgroup. Data sent to the printer from any of the clients will be spooled on the Unix server and printed in the order it is received.</p><P CLASS="para">Setting up a Samba-enabled printer on the Windows side is even easier than setting up a disk share. By double-clicking on the printer and identifying the manufacturer and model, you can install a driver for this printer on the Windows client. Windows can then properly format any information sent to the network printer and access it as if it were a local printer (we show you how to do this later in the chapter). <A CLASS="xref" HREF="ch01_02.html#ch01-46265">
+Figure 1.7</a> shows the resulting network printer in the Printers window of Windows 98. Again, note the pipeline attachment below the printer, which identifies it as being on a network.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-46265">
+Figure 1.7: A network printer available on hydra (viewed from chimaera)</a></h4><IMG CLASS="graphic" SRC="figs/sam.0107.gif" ALT="Figure 1.7"><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-937586">
+1.2.2.1 Seeing things from the Unix side</a></h4><P CLASS="para">
+As mentioned earlier, Samba appears in Unix as a set of daemon programs. You can view them with the Unix <CODE CLASS="literal">
+ps</code> and <CODE CLASS="literal">
+netstat</code> commands, you can read any messages they generate through custom debug files or the Unix <CODE CLASS="literal">
+syslog</code> (depending on how Samba is set up), and you can configure it from a single Samba properties file: <i>smb.conf</i>. In addition, if you want to get an idea of what each of the daemons are doing, Samba has a program called
+<i>smbstatus</i> that will lay it all on the line. Here is how it works:</p>
+
+<PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">#</code> smbstatus</b>
+</pre><PRE CLASS="programlisting">
+Samba version 2.0.4
+Service      uid      gid      pid     machine
+----------------------------------------------
+network      davecb   davecb   7470   phoenix  (192.168.220.101) Sun May 16 
+network      davecb   davecb   7589   chimaera (192.168.220.102) Sun May 16 
+
+Locked files:
+Pid    DenyMode   R/W        Oplock          Name
+--------------------------------------------------
+7589   DENY_NONE  RDONLY     EXCLUSIVE+BATCH /home/samba/quicken/inet/common/system/help.bmp  Sun May 16 21:23:40 1999
+7470   DENY_WRITE RDONLY     NONE            /home/samba/word/office/findfast.exe             Sun May 16 20:51:08 1999
+7589   DENY_WRITE RDONLY     EXCLUSIVE+BATCH /home/samba/quicken/lfbmp70n.dll                 Sun May 16 21:23:39 1999
+7589   DENY_WRITE RDWR       EXCLUSIVE+BATCH /home/samba/quicken/inet/qdata/runtime.dat       Sun May 16 21:23:41 1999
+7470   DENY_WRITE RDONLY     EXCLUSIVE+BATCH /home/samba/word/office/osa.exe                  Sun May 16 20:51:09 1999
+7589   DENY_WRITE RDONLY     NONE            /home/samba/quicken/qversion.dll                 Sun May 16 21:20:33 1999
+7470   DENY_WRITE RDONLY     NONE            /home/samba/quicken/qversion.dll                 Sun May 16 20:51:11 1999
+
+Share mode memory usage (bytes):
+   1043432(99%) free + 4312(0%) used + 832(0%) overhead = 1048576(100%) total</pre><P CLASS="para">
+The Samba status from this output provides three sets of data, each divided into separate sections. The first section tells which systems have connected to the Samba server, identifying each client by its machine name (<CODE CLASS="literal">phoenix</code> and <CODE CLASS="literal">chimaera</code>) and IP address. The second section reports the name and status of the files that are currently in use on a share on the server, including the read/write status and any locks on the files. Finally, Samba reports the amount of memory it has currently allocated to the shares that it administers, including the amount actively used by the shares plus additional overhead. (Note that this is not the same as the total amount of memory that the <EM CLASS="emphasis">
+smbd</em> or <EM CLASS="emphasis">
+nmbd</em> processes are using.)</p><P CLASS="para">
+Don't worry if you don't understand these statistics; they will become easier to understand as you move through the book. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_01.html" TITLE="1.1 What is Samba?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.1 What is Samba?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_03.html" TITLE="1.3 Getting Familiar with a SMB/CIFS Network">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.3 Getting Familiar with a SMB/CIFS Network" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.1 What is Samba?</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.3 Getting Familiar with a SMB/CIFS Network</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_03.html b/docs/htmldocs/using_samba/ch01_03.html
new file mode 100755
index 00000000000..67a86775301
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_03.html
@@ -0,0 +1,444 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.3 Getting Familiar with a SMB/CIFS Network</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:52Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_02.html" TITLE="1.2 What Can Samba Do For Me?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.2 What Can Samba Do For Me?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_04.html" TITLE="1.4 Microsoft Implementations">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.4 Microsoft Implementations" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-88536">
+1.3 Getting Familiar with a SMB/CIFS Network</a></h2><P CLASS="para">Now that you have had a brief tour of Samba, let's take some time to get familiar with Samba's adopted environment: an SMB/CIFS network. Networking with SMB is significantly different from working with a Unix TCP/IP network, because there are several new concepts to learn and a lot of information to cover. First, we will discuss the basic concepts behind an SMB network, followed by some Microsoft implementations of it, and finally we will show you where a Samba server can and cannot fit into the picture.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-941409">
+1.3.1 Understanding NetBIOS</a></h3><P CLASS="para">
+To begin, let's step back in time. In 1984, IBM authored a simple application programming interface (API) for networking its computers called the <I CLASS="firstterm">
+Network Basic Input/Output System </i>(NetBIOS). The NetBIOS API provided a rudimentary design for an application to connect and share data with other computers.</p><P CLASS="para">
+It's helpful to think of the NetBIOS API as networking extensions to the standard BIOS API calls. With BIOS, each low-level call is confined to the hardware of the local machine and doesn't need any help traveling to its destination. NetBIOS, however, originally had to exchange instructions with computers across IBM PC or Token Ring networks. It therefore required a low-level transport protocol to carry its requests from one computer to the next.</p><P CLASS="para">
+In late 1985, IBM released one such protocol, which it merged with the NetBIOS API to become the <I CLASS="firstterm">
+NetBIOS Extended User Interface</i> (<EM CLASS="emphasis">NetBEUI</em>). NetBEUI was designed for small local area networks (LANs), and it let each machine claim a name (up to 15 characters) that wasn't already in use on the network. By a "small LAN," we mean fewer than 255 nodes on the network&nbsp;- which was considered a practical restriction in 1985!</p><P CLASS="para">
+The NetBEUI protocol was very popular with networking applications, including those running under Windows for Workgroups. Later, implementations of NetBIOS over Novell's IPX networking protocols also emerged, which competed with NetBEUI. However, the networking protocols of choice for the burgeoning Internet community were TCP/IP and UDP/IP, and implementing the NetBIOS APIs over those protocols soon became a necessity.</p><P CLASS="para">
+Recall that TCP/IP uses numbers to represent computer addresses, such as 192.168.220.100, while NetBIOS uses only names. This was a major issue when trying to mesh the two protocols together. In 1987, the Internet Engineering Task Force (IETF) published a series of standardization documents, titled RFC 1001 and 1002, that outlined how NetBIOS would work over a TCP/UDP network. This set of documents still governs each of the implementations that exist today, including those provided by Microsoft with their Windows operating systems as well as the Samba suite.</p><P CLASS="para">
+Since then, the standard this document governs has become known as <I CLASS="firstterm">
+NetBIOS over TCP/IP</i>, or NBT for short. The NBT standard (RFC 1001/1002) currently outlines a trio of services on a network:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-946789">
+</a>A name service</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-946790">
+</a>Two communication services: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-952037">
+</a>Datagrams </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-952038">
+</a>Sessions</p></li></ul></li></ul><P CLASS="para">
+The name service solves the name-to-address problem mentioned earlier; it allows each computer to declare a specific name on the network that can be translated to a machine-readable IP address, much like today's DNS on the Internet. The datagram and session services are both secondary communication protocols used to transmit data back and forth from NetBIOS machines across the network.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-945521">
+1.3.2 Getting a Name</a></h3><P CLASS="para">For a human being, getting a name is easy. However, for a machine on a NetBIOS network, it can be a little more complicated. Let's look at a few of the issues.</p><P CLASS="para">
+In the NetBIOS world, when each machine comes online, it wants to claim a name for itself; this is called <I CLASS="firstterm">
+name registration</i>. However, no two machines in the same workgroup should be able to claim the same name; this would cause endless confusion for any machine that wanted to communicate with either machine. There are two different approaches to ensuring that this doesn't happen:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-945120">
+</a>Use a <I CLASS="firstterm">
+NetBIOS Name Server</i> (NBNS) to keep track of which hosts have registered a NetBIOS name. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-945121">
+</a>Allow each machine on the network to defend its name in the event that another machine attempts to use it.</p></li></ul><P CLASS="para">
+<A CLASS="xref" HREF="ch01_03.html#ch01-86658">
+Figure 1.8</a> illustrates a (failed) name registration, with and without a NetBIOS Name Server. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-86658">
+Figure 1.8: NBNS versus non-NBNS name registration</a></h4><IMG CLASS="graphic" SRC="figs/sam.0108.gif" ALT="Figure 1.8"><P CLASS="para">
+In addition, there must be a way to resolve a NetBIOS name to a specific IP address as mentioned earlier; this is known as <I CLASS="firstterm">
+name resolution</i>. There are two different approaches with NBT here as well:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-945526">
+</a>Have each machine report back its IP address when it "hears" a broadcast request for its NetBIOS name.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-945527">
+</a>Use the NBNS to help resolve NetBIOS names to IP addresses. </p></li></ul><P CLASS="para">
+<A CLASS="xref" HREF="ch01_03.html#ch01-72484">
+Figure 1.9</a> illustrates the two types of name resolution. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-72484">
+Figure 1.9: NBNS versus non-NBNS name resolution</a></h4><IMG CLASS="graphic" SRC="figs/sam.0109.gif" ALT="Figure 1.9"><P CLASS="para">
+As you might expect, having an NBNS on your network can help out tremendously. To see exactly why, let's look at the non-NBNS method.</p><P CLASS="para">
+Here, when a client machine boots, it will broadcast a message declaring that it wishes to register a specified NetBIOS name as its own. If nobody objects to the use of the name after multiple registration attempts, it keeps the name. On the other hand, if another machine on the local subnet is currently using the requested name, it will send a message back to the requesting client that the name is already taken. This is known as <I CLASS="firstterm">
+defending</i> the hostname. This type of system comes in handy when one client has unexpectedly dropped off the network&nbsp;- another can take its name unchallenged&nbsp;- but it does incur an inordinate amount of traffic on the network for something as simple as name registration.</p><P CLASS="para">
+With an NBNS, the same thing occurs, except that the communication is confined to the requesting machine and the NBNS server. No broadcasting occurs when the machine wishes to register the name; the registration message is simply sent directly from the client to NBNS server and the NBNS server replies whether or not the name is already taken. This is known as <I CLASS="firstterm">
+point-to-point communication</i>, and is often beneficial on networks with more than one subnet. This is because routers are often preconfigured to block incoming packets that are broadcast to all machines in the subnet.</p><P CLASS="para">
+The same principles apply to name resolution. Without an NBNS, NetBIOS name resolution would also be done with a broadcast mechanism. All request packets would be sent to each computer in the network, with the hope that one machine that might be affected will respond directly back to the machine that asked. At this point, it's clear that using an NBNS server and point-to-point communication for this purpose is far less taxing on the network than flooding the network with broadcasts for every name resolution request. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-945664">
+1.3.3 Node Types</a></h3><P CLASS="para">How can you tell what strategy each client on your network will use when performing name registration and resolution? Each machine on an NBT network earns one of the following designations, depending on how it handles name registration and resolution: b-node, p-node, m-node, and h-node. The behaviors of each type of node are summarized in <A CLASS="xref" HREF="ch01_03.html#ch01-91681">
+Table 1.1</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch01-91681">
+Table 1.1: NetBIOS Node Types </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Role</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Value</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+b-node</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Uses broadcast registration and resolution only.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+p-node</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Uses point-to-point registration and resolution only.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+m-node</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Uses broadcast for registration. If successful, it notifies the NBNS server of the result. Uses broadcast for resolution; uses NBNS server if broadcast is unsuccessful.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+h-node (hybrid)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Uses NBNS server for registration and resolution; uses broadcast if the NBNS server is unresponsive or inoperative.</p></td></tr></tbody></table><P CLASS="para">
+In the case of Windows clients, you will usually find them listed as <I CLASS="firstterm">
+h-nodes</i> or <I CLASS="firstterm">
+hybrid nodes</i>. Incidentally, h-nodes were invented later by Microsoft, as a more  fault-tolerant route, and do not appear in RFC 1001/1002.</p><P CLASS="para">
+You can find out the node type of any Windows machine by typing the command <CODE CLASS="literal">
+ipconfig</code> <CODE CLASS="literal">
+/all</code> and searching for the line that says <CODE CLASS="literal">
+Node Type</code>.</p>
+
+<PRE CLASS="programlisting"><B CLASS="emphasis.bold">C:\&gt; ipconfig /all</b>
+</pre><PRE CLASS="programlisting">
+Windows 98 IP Configuration
+...
+  Node Type .  .  .  .  .  .  .  .  .  .  : Hybrid
+...</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-945128">
+1.3.4 What's in a Name?</a></h3><P CLASS="para">
+The names NetBIOS uses are quite different from the DNS hostnames you might be familiar with. First, NetBIOS names exist in a flat namespace. In other words, there are no qualifiers such as <i>ora.com</i> or <i>samba.org</i> to section off hostnames; there is only a single unique name to represent each computer. Second, NetBIOS names are allowed to be only 15 characters, may not begin with an asterisk (*), and can consist only of standard alphanumeric characters (a-z, A-Z, 0-9) and the following:</p><PRE CLASS="programlisting">
+! @ # $ % ^ &amp; ( ) - ' { } . ~ </pre><P CLASS="para">
+Although you are allowed to use a period (.) in a NetBIOS name, we recommend against it because those names are not guaranteed to work in future versions of NetBIOS over TCP/IP.</p><P CLASS="para">
+It's not a coincidence that all valid DNS names are also valid NetBIOS names. In fact, the DNS name for a Samba server is often reused as its NetBIOS name. For example, if you had a machine <CODE CLASS="literal">
+phoenix.ora.com</code>, its NetBIOS name would likely be PHOENIX (followed by 8 blanks).</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-946016">
+1.3.4.1 Resource names and types</a></h4><P CLASS="para">
+With NetBIOS, a machine not only advertises its presence, but also tells others what types of services it offers. For example, <CODE CLASS="literal">
+phoenix</code> can indicate that it's not just a workstation, but is also a file server and can receive WinPopup messages. This is done by adding a 16th byte to the end of the machine (resource) name, called the <I CLASS="firstterm">resource type</i>, and registering the name more than once. See <A CLASS="xref" HREF="ch01_03.html#ch01-74707">
+Figure 1.10</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-74707">
+Figure 1.10: The structure of NetBIOS names</a></h4><IMG CLASS="graphic" SRC="figs/sam.0110.gif" ALT="Figure 1.10"><P CLASS="para">
+The one-byte resource type indicates a unique service the named machine provides. In this book, you will often see the resource type shown in angled brackets (&lt;&gt;) after the NetBIOS name, such as:</p><PRE CLASS="programlisting">PHOENIX&lt;00&gt;</pre><P CLASS="para">
+You can see which names are registered for a particular NBT machine using the Windows command-line NBTSTAT utility. Because these services are unique (i.e., there cannot be more than one registered), you will see them listed as type UNIQUE in the output. For example, the following partial output describes the <CODE CLASS="literal">
+hydra</code> server:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold">D:\&gt; NBTSTAT -a hydra</b><B CLASS="emphasis.bold"></b></pre><PRE CLASS="programlisting">
+       NetBIOS Remote Machine Name Table
+   Name               Type         Status
+---------------------------------------------
+HYDRA          &lt;00&gt;  UNIQUE      Registered
+HYDRA          &lt;03&gt;  UNIQUE      Registered
+HYDRA          &lt;20&gt;  UNIQUE      Registered
+...</pre><P CLASS="para">
+This says the server has registered the NetBIOS name <CODE CLASS="literal">
+hydra</code> as a machine (workstation) name, a recipient of WinPopup messages, and a file server. Some possible attributes a name can have are listed in <A CLASS="xref" HREF="ch01_03.html#ch01-11471">
+Table 1.2</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch01-11471">
+Table 1.2: NetBIOS Unique Resource Types </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Named Resource</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Hexidecimal Byte Value</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Standard Workstation Service</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+00</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Messenger Service (WinPopup)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+03</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+RAS Server Service</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+06</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Domain Master Browser Service (associated with primary domain controller)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1B</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Master Browser name</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1D</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+NetDDE Service</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1F</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Fileserver (including printer server)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+20</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+RAS Client Service</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+21</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Monitor Agent</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+BE</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Monitor Utility</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+BF</p></td></tr></tbody></table><P CLASS="para">
+Note that because DNS names don't have resource types, the designers intentionally made hexidecimal value 20 (an ASCII space) default to the type for a file server.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-946074">
+1.3.4.2 Group names and types</a></h4><P CLASS="para">SMB also uses the concept of groups, with which machines can register themselves. Earlier, we mentioned that the machines in our example belonged to a <I CLASS="firstterm">
+workgroup</i>, which is a partition of machines on the same network. For example, a business might very easily have an ACCOUNTING and a SALES workgroup, each with different servers and printers. In the Windows world, a workgroup and an SMB group are the same thing.</p><P CLASS="para">
+Continuing our NBTSTAT example, the <CODE CLASS="literal">
+hydra</code> Samba server is also a member of the SIMPLE workgroup (the GROUP attribute hex 00), and will stand for election as a browse master (GROUP attribute 1E). Here is the remainder of the NBTSTAT utility output:</p><PRE CLASS="programlisting">
+       NetBIOS Remote Machine Name Table, continued
+   Name               Type         Status
+---------------------------------------------
+SIMPLE           &lt;00&gt;  GROUP       Registered
+SIMPLE           &lt;1E&gt;  GROUP       Registered
+..__MSBROWSE__.  &lt;01&gt;  GROUP       Registered</pre><P CLASS="para">
+The possible group attributes a machine can have are illustrated in <A CLASS="xref" HREF="ch01_03.html#ch01-52395">
+Table 1.3</a>. More information is available in <i>Windows NT in a Nutshell</i> by Eric Pearce, also published by O'Reilly.  </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch01-52395">
+Table 1.3: NetBIOS Group Resource Types </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Named Resource	</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Hexidecimal Byte Value</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Standard Workstation group</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+00</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Logon Server </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1C</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Master Browser name </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1D</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Normal Group name (used in browser elections)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1E</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Internet Group name (administrative)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+20</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+&lt;01&gt;&lt;02&gt;__MSBROWSE__&lt;02&gt;</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+01</p></td></tr></tbody></table><P CLASS="para">
+The final entry, <CODE CLASS="literal">
+__MSBROWSE__</code>, is used to announce a group to other master browsers. The nonprinting characters in the name show up as dots in a NBTSTAT printout. Don't worry if you don't understand all of the resource or group types. Some of them you will not need with Samba, and others you will pick up as you move through the rest of the chapter. The important thing to remember here is the logistics of the naming mechanism. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-946130">
+1.3.5 Datagrams and Sessions</a></h3><P CLASS="para">
+<I CLASS="firstterm">
+</i>At this point, let's digress to introduce another responsibility of NBT: to provide connection services between two NetBIOS machines. There are actually two services offered by NetBIOS over TCP/IP: the <I CLASS="firstterm">
+session service</i> and the <I CLASS="firstterm">
+datagram service</i>. Understanding how these two services work is not essential to using Samba, but it does give you an idea of how NBT works and how to troubleshoot Samba when it doesn't work.</p><P CLASS="para">
+The datagram service has no stable connection between one machine and another. Packets of data are simply sent or broadcast from one machine to another, without regard for the order that they arrive at the destination, or even if they arrive at all. The use of datagrams is not as network intensive as sessions, although they can bog down a network if used unwisely (remember broadcast name resolution earlier?) Datagrams, therefore, are used for quickly sending simple blocks of data to one or more machines. The datagram service communicates using the simple primitives shown in <A CLASS="xref" HREF="ch01_03.html#ch01-pgfId-946185">
+Table 1.4</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch01-pgfId-946185">
+Table 1.4: Datagram Primitives </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primitive</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Description</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Send Datagram</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Send datagram packet to machine or groups of machines.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Send Broadcast Datagram</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Broadcast datagram to any machine waiting with a Receive Broadcast Datagram.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Receive Datagram</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Receive a datagram from a machine.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Receive Broadcast Datagram</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Wait for a broadcast datagram.</p></td></tr></tbody></table><P CLASS="para">
+The session service is more complex. Sessions are a communication method that, in theory, offers the ability to detect problematic or inoperable connections between two NetBIOS applications. It helps to think of an NBT session in terms of a telephone call.[<A CLASS="footnote" HREF="#ch01-pgfId-946249">5</a>] A full-duplex connection is opened between a caller machine and a called machine, and it must remain open throughout the duration of their conversation. Each side knows who the caller and the called machine is, and can communicate with the simple primitives shown in <A CLASS="xref" HREF="ch01_03.html#ch01-pgfId-946256">
+Table 1.5</a>. </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch01-pgfId-946249">[5]</a> As you can see in RFC 1001, the telephone analogy was strongly evident in the creation of the NBT service.</p></div></blockquote><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch01-pgfId-946256">
+Table 1.5: Session Primitives </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primitive</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Description</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Call</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Initiate a session with a machine listening under a specified name.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Listen</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Wait for a call from a known caller or any caller.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Hang-up</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Exit a call.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Send</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Send data to the other machine.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Receive</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Receive data from the other machine.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Session Status</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Get information on requested sessions.</p></td></tr></tbody></table><P CLASS="para">
+Sessions are the backbone of resource sharing on an NBT network. They are typically used for establishing stable connections from client machines to disk or printer shares on a server. The client "calls" the server and starts trading information such as which files it wishes to open, which data it wishes to exchange, etc. These calls can last a long time&nbsp;- hours, even days&nbsp;- and all of this occurs within the context of a single connection. If there is an error, the session software (TCP) will retransmit until the data is received properly, unlike the "punt-and-pray" approach of the datagram service (UDP).</p><P CLASS="para">
+In truth, while sessions are supposed to be able to handle problematic communications, they often don't. As you've probably already discovered when using Windows networks, this is a serious detriment to using NBT sessions. If the connection is interrupted for some reason, session information that is open between the two computers can easily become invalidated. If that happens, the only way to regain the session information is for the same two computers to call each other again and start over.</p><P CLASS="para">
+If you want more information on each of these services, we recommend you look at RFC 1001. However, there are two important things to remember here:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-946210">
+</a>Sessions always occur between <EM CLASS="emphasis">
+two</em> NetBIOS machines&nbsp;- no more and no less. If a session service is interrupted, the client is supposed to store sufficient state information for it to re-establish the connection. However, in practice, this is rarely the case.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-946211">
+</a>Datagrams can be broadcast to multiple machines, but they are unreliable. In other words, there is no way for the source to know that the datagrams it sent have indeed arrived at their<I CLASS="firstterm">
+</i> destinations. </p></li></ul></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_02.html" TITLE="1.2 What Can Samba Do For Me?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.2 What Can Samba Do For Me?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_04.html" TITLE="1.4 Microsoft Implementations">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.4 Microsoft Implementations" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.2 What Can Samba Do For Me?</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.4 Microsoft Implementations</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_04.html b/docs/htmldocs/using_samba/ch01_04.html
new file mode 100755
index 00000000000..15a1943e6eb
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_04.html
@@ -0,0 +1,277 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.4 Microsoft Implementations</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:54Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_03.html" TITLE="1.3 Getting Familiar with a SMB/CIFS Network">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.3 Getting Familiar with a SMB/CIFS Network" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_05.html" TITLE="1.5 An Overview of the Samba Distribution">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.5 An Overview of the Samba Distribution" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-43359">
+1.4 Microsoft Implementations</a></h2><P CLASS="para">With that amount of background, we can now talk about some of Microsoft's implementations of the preceding concepts in the CIFS/SMB networking world. And, as you might expect, there are some complex extensions to introduce as well.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-946918">
+1.4.1 Windows Domains</a></h3><P CLASS="para">Recall that a workgroup is a collection of SMB computers that all reside on a subnet and subscribe to the same SMB group. A <I CLASS="firstterm">
+Windows domain</i> goes a step further. It is a workgroup of SMB machines that has one addition: a server acting as a <I CLASS="firstterm">
+domain controller</i>. You must have a domain controller in order to have a Windows domain.[<A CLASS="footnote" HREF="#ch01-pgfId-947021">6</a>] Otherwise, it is only a workgroup. See <A CLASS="xref" HREF="ch01_04.html#ch01-96972">
+Figure 1.11</a>.   </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch01-pgfId-947021">[6]</a> Windows domains are called "Windows NT domains" by Microsoft because they assume that Windows NT machines will take the role of the domain controller. However, because Samba can perform this function as well, we'll simply call them "Windows domains" to avoid confusion.</p></div></blockquote><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-96972">
+Figure 1.11: A simple Windows domain</a></h4><IMG CLASS="graphic" SRC="figs/sam.0111.gif" ALT="Figure 1.11"><P CLASS="para">There are currently two separate protocols used by a domain controller (logon server): one for communicating with Windows 95/98 machines and one for communicating with Windows NT machines. While Samba currently implements the domain controller protocol for Windows 95/98 (which allows it to act as a domain controller for Windows 9<EM CLASS="emphasis">
+x</em> machines), it still does not fully support the protocol for Windows NT computers. However, the Samba team promises that support for the Windows NT domain controller protocol is forthcoming in Samba 2.1.</p><P CLASS="para">
+Why all the difficulty? The protocol that Windows domain controllers use to communicate with their clients and other domain controllers is proprietary and has not been released by Microsoft. This has forced the Samba development team to reverse-engineer the domain controller protocol to see which codes perform specific tasks.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-946969">
+1.4.1.1 Domain controllers</a></h4><P CLASS="para">
+The domain controller is the nerve center of a Windows domain, much like an NIS server is the nerve center of the Unix network information service. Domain controllers have a variety of responsibilities. One responsibility that you need to be concerned with is <I CLASS="firstterm">
+authentication</i>. Authentication is the process of granting or denying a user access to a shared resource on another network machine, typically through the use of a password.</p><P CLASS="para">
+Each domain controller uses a <I CLASS="firstterm">
+security account manager</i> (SAM) to maintain a list of username-password combinations. The domain controller then forms a central repository of passwords that are tied to usernames (one password per user), which is more efficient than each client machine maintaining hundreds of passwords for every network resource available.</p><P CLASS="para">
+On a Windows domain, when a non-authenticated client requests access to a server's shares, the server will turn around and ask the domain controller whether that user is authenticated. If it is, the server will establish a session connection with the access rights it has for that service and user. If not, the connection is denied. Once a user is authenticated by the domain controller, a special authenticated token will be returned to the client so that the user will not need to relogin to other resources on that domain. At this point, the user is considered "logged in" to the domain itself. See <A CLASS="xref" HREF="ch01_04.html#ch01-49344">
+Figure 1.12</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-49344">
+Figure 1.12: Using a domain controller for authentication</a></h4><IMG CLASS="graphic" SRC="figs/sam.0112.gif" ALT="Figure 1.12"></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-939079">
+1.4.1.2 Primary and backup domain controllers</a></h4><P CLASS="para">Redundancy is a key idea behind a Windows domain. The domain controller that is currently active on a domain is called the <I CLASS="firstterm">
+primary domain controller</i> (PDC). There can be one or more <I CLASS="firstterm">
+backup domain controllers</i> (BDCs) in the domain as well, which will take over in the event that the primary domain controller fails or becomes inaccessible. BDCs frequently synchronize their SAM data with the primary domain controller so that, if the need arises, any one of them can perform DC services transparently without impacting its clients. Note that BDCs, however, have only read-only copies of the SAM; they can update their data only by synchronizing with a PDC. A server in a Windows domain can use the SAM of any primary or backup domain controller to authenticate a user who attempts to access its resources and logon to the domain.</p><P CLASS="para">
+Note that in many aspects, the behaviors of a Windows workgroup and a Windows domain overlap. This is not accidental since the concept of Windows domains did not evolve until Windows NT 3.5 was introduced, and Windows domains were forced to remain backwards compatible with the workgroups present in Windows for Workgroups 3.1. The key thing to remember here is that a Windows domain is simply a Windows workgroup with one or more domain controllers added.</p><P CLASS="para">
+Samba can function as a primary domain controller for Windows 95/98 machines without any problems. However, Samba 2.0 can act as a primary domain controller only for authentication purposes; it currently cannot assume any other PDC responsibilities. (By the time you read this, Samba 2.1 may be available so you can use Samba as a PDC for NT clients.) Also, because of the closed protocol used by Microsoft to synchronize SAM data, Samba currently cannot serve as a backup domain controller. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-951817">
+1.4.2 Browsing</a></h3><P CLASS="para">Browsing is a high-level answer to the user question: "What machines are out there on the Windows network?" Note that there is no connection with a World Wide Web browser, apart from the general idea of "discovering what's there." And, like the Web, what's out there can change without warning.</p><P CLASS="para">
+Before browsing, users had to know the name of the specific computer they wanted to connect to on the network, and then manually enter a UNC such as the following into an application or file manager to access resources:</p><PRE CLASS="programlisting">
+\\HYDRA\network\</pre><P CLASS="para">
+With browsing, however, you can examine the contents of a machine using a standard point-and-click GUI&nbsp;- in this case, the Network Neighborhood window in a Windows client.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-950089">
+1.4.2.1 Levels of browsing</a></h4><P CLASS="para">
+As we hinted at the beginning of the chapter, there are actually two types of browsing that you will encounter in an SMB/CIFS network:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-944661">
+</a>Browsing a list of machines (with shared resources)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-944662">
+</a>Browsing the shared resources of a specific machine</p></li></ul><P CLASS="para">Let's look at the first one. On each Windows workgroup (or domain) subnet, one computer has the responsibility of maintaining a list of the machines that are currently accessible through the network. This computer is called the <I CLASS="firstterm">
+local master browser</i>, and the list that it maintains is called the <I CLASS="firstterm">
+browse list</i>. Machines on a subnet use the browse list in order to cut down on the amount of network traffic generated while browsing. Instead of each computer dynamically polling to determine a list of the currently available machines, the computer can simply query the local master browser to obtain a complete, up-to-date list.</p><P CLASS="para">To browse the actual resources on a machine, a user must connect to the specific machine; this information cannot be obtained from the browse list. Browsing the list of resources on a machine can be done by clicking on the machine's icon when it is presented in the Network Neighborhood in Windows 95/98 or NT. As you saw at the opening of the chapter, the machine will respond with a list of shared resources that can be accessed if that user is successfully authenticated.</p><P CLASS="para">
+Each of the servers on a Windows workgroup is required to announce its presence to the local master browser after it has registered a NetBIOS name, and (theoretically) announce that it is leaving the workgroup when it is shut down. It is the local master browser's responsibility to record what the servers have announced. Note that the local master browser is not necessarily the same machine as a NetBIOS name server (NBNS), which we discussed earlier. </p><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> The Windows Network Neighborhood can behave oddly: until you select a particular machine to browse, the Network Neighborhood window may contain data that is not up-to-date. That means that the Network Neighborhood window can be showing machines that have crashed, or can be missing machines that haven't been noticed yet. Put succinctly, once you've selected a server and connected to it, you can be a lot more confident that the shares and printers really exist on the network.</p></blockquote><P CLASS="para">
+Unlike the roles you've seen earlier, almost any Windows machine (NT Server, NT Workstation, 98, 95, or Windows 3.1 for Workgroups) can act as a local master browser. As with the domain controller, the local master browser can have one or more <I CLASS="firstterm">
+backup browsers</i> on the local subnet that will take over in the event that the local master browser fails or becomes inaccessible. To ensure fluid operation, the local backup browsers will frequently synchronize their browse list with the local master browser. Let's update our Windows domain diagram to include both a local master and local backup browser. The result is shown in <A CLASS="xref" HREF="ch01_04.html#ch01-77521">
+Figure 1.13</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-77521">
+Figure 1.13: A Windows domain with a local master and local backup browser</a></h4><IMG CLASS="graphic" SRC="figs/sam.0113.gif" ALT="Figure 1.13"><P CLASS="para">
+Here is how to calculate the minimum number of backup browsers that will be allocated on a workgroup:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-944330">
+</a>If there are between 1 and 32 Windows NT workstations on the network, or between 1 and 16 Windows 95/98 machines on the network, the local master browser allocates one backup browser in addition to the local master browser.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-950113">
+</a>If the number of Windows NT workstations falls between 33 and 64, or the number of Windows 95/98 workstations falls between 17 and 32, the local master browser allocates two backup browsers.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-944332">
+</a>For each group of 32 NT workstations or 16 Windows 95/98 machines beyond this, the local master browser allocates another backup browser.</p></li></ul><P CLASS="para">
+There is currently no upper limit on the number of backup browsers that can be allocated by the local master browser. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch01-pgfId-946408">
+1.4.2.2 Browsing elections</a></h4><P CLASS="para">
+Browsing is a critical aspect of any Windows workgroup. However, not everything runs perfectly on any network. For example, let's say that the Windows NT Server on the desk of a small company's CEO is the local master browser&nbsp;- that is, until he switches it off while plugging in his massage chair. At this point the Windows NT Workstation in the spare parts department might agree to take over the job. However, that computer is currently running a large, poorly written program that has brought its processor to its knees. The moral: browsing has to be very tolerant of servers coming and going. Because nearly every Windows machine can serve as a browser, there has to be a way of deciding at any time who will take on the job. This decision-making process is called an <I CLASS="firstterm">
+election</i>.</p><P CLASS="para">
+An election algorithm is built into nearly all Windows operating systems such that they can each agree who is going to be a local master browser and who will be local backup browsers. An election can be forced at any time. For example, let's assume that the CEO has finished his massage and reboots his server. As the server comes online, it will announce its presence and an election will take place to see if the PC in the spare parts department should still be the master browser. </p><P CLASS="para">
+When an election is performed, each machine broadcasts via datagrams information about itself. This information includes the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-939575">
+</a>The version of the election protocol used</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-939577">
+</a>The operating system on the machine</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-939576">
+</a>The amount of time the client has been on the network</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-939578">
+</a>The hostname of the client</p></li></ul><P CLASS="para">
+These values determine which operating system has seniority and will fulfill the role of the local master browser. (<a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains</cite></b></a>, describes the election process in more detail.) The architecture developed to achieve this is not elegant and has built-in security problems. While a browsing domain can be integrated with domain security, the election algorithm does not take into consideration which computers become browsers. Thus it is possible for any machine running a browser service to register itself as participating in the browsing election, and (after winning) being able to change the browse list. Nevertheless, browsing is a key feature of Windows networking and backwards compatibility requirements will ensure that it is in use for years to come. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-939834">
+1.4.3 Can a Windows Workgroup Span Multiple Subnets?</a></h3><P CLASS="para">Yes, but most people who have done it have had their share of headaches. Spanning multiple subnets was not part of the initial design of Windows NT 3.5 or Windows for Workgroups. As a result, a Windows domain that spans two or more subnets is, in reality, the "gluing" together of two or more workgroups that share an identical name. The good news is that you can still use a primary domain controller to control authentication across each of the subnets. The bad news is that things are not as simple with browsing.</p><P CLASS="para">
+As mentioned previously, each subnet must have its own local master browser. When a Windows domain spans multiple subnets, a system administrator will have to assign one of the machines as the <I CLASS="firstterm">
+domain master browser</i>. The domain master browser will keep a browse list for the entire Windows domain. This browse list is created by periodically synchronizing the browse lists of each of the local master browsers with the browse list of the domain master browser. After the synchronization, the local master browser and the domain master browser should contain identical entries. See <A CLASS="xref" HREF="ch01_04.html#ch01-52572">
+Figure 1.14</a> for an illustration.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch01-52572">
+Figure 1.14: A workgroup that spans more than one subnet</a></h4><IMG CLASS="graphic" SRC="figs/sam.0114.gif" ALT="Figure 1.14"><P CLASS="para">
+Sound good? Well, it's not quite nirvana for the following reasons:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-947419">
+</a>If it exists, a primary domain controller always plays the role of the domain master browser. By Microsoft design, the two always share the NetBIOS resource type &lt;1B&gt;, and (unfortunately) cannot be separated.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-947420">
+</a>Windows 95/98 machines cannot become <EM CLASS="emphasis">
+or</em> <EM CLASS="emphasis">
+even contact</em> a domain master browser. The Samba group feels that this is a marketing decision from Microsoft that forces customers to have at least one Windows NT workstation (or Samba server) on each subnet of a multi-subnet workgroup.</p></li></ul><P CLASS="para">
+Each subnet's local master browser continues to maintain the browse list for its subnet, for which it becomes authoritative. So if a computer wants to see a list of servers within its own subnet, the local master browser of that subnet will be queried. If a computer wants to see a list of servers outside the subnet, it can still go only as far as the local master browser. This works because, at appointed intervals, the authoritative browse list of a subnet's local master browser is synchronized with the domain master browser, which is synchronized with the local master browser of the other subnets in the domain. This is called <I CLASS="firstterm">
+browse list propagation</i>.</p><P CLASS="para">
+Samba can act as a domain master browser on a Windows domain if required. In addition, it can also act as a local master browser for a Windows subnet, synchronizing its browse list with the domain master browser.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-938926">
+1.4.4 The Windows Internet Name Service (WINS)</a></h3><P CLASS="para">
+The Windows Internet Name Service (WINS) is Microsoft's implementation of a NetBIOS name server (NBNS). As such, WINS inherits much of NetBIOS's characteristics. First, WINS is flat; you can only have machines named <CODE CLASS="literal">
+fred</code> or workgroups like CANADA or USA. In addition, WINS is dynamic: when a client first comes online, it is required to report its hostname, its address, and its workgroup to the local WINS server. This WINS server will retain the information so long as the client periodically refreshes its WINS registration, which indicates that it's still connected to the network. Note that WINS servers are not domain or workgroup specific; they can appear anywhere and serve anyone.</p><P CLASS="para">
+Multiple WINS servers can be set to synchronize with each other after a specified amount of time. This allows entries for machines that come online and offline on the network to propagate from one WINS server to another. While in theory this seems efficient, it can quickly become cumbersome if there are several WINS servers covering a network. Because WINS services can cross multiple subnets (you'll either hardcode the address of a WINS server in each of your clients or obtain it via DHCP), it is often more efficient to have each Windows client, no matter how many Windows domains there are, point themselves to the same WINS server. That way, there will only be one authoritative WINS server with the correct information, instead of several WINS servers continually struggling to synchronize themselves with the most recent changes.</p><P CLASS="para">
+The currently active WINS server is known as the <I CLASS="firstterm">
+primary WINS server</i>. You can also install a secondary WINS server, which will take over in the event that the primary WINS server fails or becomes inaccessible. Note that there is no election to determine which machine becomes a primary or backup WINS server&nbsp;- the choice of WINS servers is static and must be predetermined by the system administrator. Both the primary and any backup WINS servers will synchronize their address databases on a periodic basis.</p><P CLASS="para">
+In the Windows family of operating systems, only an NT Workstation or an NT server can serve as a <I CLASS="firstterm">
+</i>WINS server. Samba can also function as a primary WINS server, but not a secondary WINS server.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-12452">
+1.4.5 What Can Samba Do?</a></h3><P CLASS="para">Whew! Bet you never thought Microsoft networks would be that complex, did you? Now, let's wrap up by showing where Samba can help out. <A CLASS="xref" HREF="ch01_04.html#ch01-pgfId-939957">
+Table 1.6</a> summarizes which roles Samba can and cannot play in a Windows NT Domain or Windows workgroup. As you can see, because many of the NT domain protocols are proprietary and have not been documented by Microsoft, Samba cannot properly synchronize its data with a Microsoft server and cannot act as a backup in most roles. However, with version 2.0.<EM CLASS="emphasis">
+x</em>, Samba does have limited support for the primary domain controller's authentication protocols and is gaining more functionality every day. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch01-pgfId-939957">
+Table 1.6: Samba Roles (as of 2.0.4b) </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Role</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Can Perform?</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+File Server</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Printer Server</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primary Domain Controller</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes (Samba 2.1 or higher recommended)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Backup Domain Controller</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+No</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 95/98 Authentication</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Local Master Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Local Backup Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+No</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Domain Master Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primary WINS Server</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Yes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Secondary WINS Server</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+No </p></td></tr></tbody></table></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_03.html" TITLE="1.3 Getting Familiar with a SMB/CIFS Network">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.3 Getting Familiar with a SMB/CIFS Network" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_05.html" TITLE="1.5 An Overview of the Samba Distribution">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.5 An Overview of the Samba Distribution" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.3 Getting Familiar with a SMB/CIFS Network</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.5 An Overview of the Samba Distribution</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_05.html b/docs/htmldocs/using_samba/ch01_05.html
new file mode 100755
index 00000000000..0989ddfb91b
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_05.html
@@ -0,0 +1,130 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.5 An Overview of the Samba Distribution</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:30:00Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_04.html" TITLE="1.4 Microsoft Implementations">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.4 Microsoft Implementations" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_06.html" TITLE="1.6 How Can I Get Samba?">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.6 How Can I Get Samba?" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-32691">
+1.5 An Overview of the Samba Distribution</a></h2><P CLASS="para">
+As mentioned earlier, Samba actually contains several programs that serve different but related purposes. Let's introduce each of them briefly, and show how they work together. The majority of the programs that come with the Samba distribution center on its two daemons. Let's take a refined look at the responsibilities of each daemon:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+<EM CLASS="emphasis">
+smbd</em></dt><DD CLASS="listitem">
+<P CLASS="para">
+The <EM CLASS="emphasis">
+smbd</em> daemon is responsible for managing the shared resources between the Samba server machine and its clients. It provides file, print, and browser services to <SPAN CLASS="acronym">
+SMB</span> clients across one or more networks. <EM CLASS="emphasis">
+smdb</em> handles all notifications between the Samba server and the network clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the <SPAN CLASS="acronym">
+SMB</span> protocol.</p></dd><DT CLASS="term">
+<EM CLASS="emphasis">
+nmbd</em></dt><DD CLASS="listitem">
+<P CLASS="para">
+The <EM CLASS="emphasis">
+nmbd</em> daemon is a simple nameserver that mimics the WINS and NetBIOS name server functionality, as you might expect to encounter with the LAN Manager package. This daemon listens for nameserver requests and provides the appropriate information when called upon. It also provides browse lists for the Network Neighborhood and participates in browsing elections.</p></dd></dl><P CLASS="para">
+The Samba distribution also comes with a small set of Unix command-line tools:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+<i>smbclient</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+An FTP-like Unix client that can be used to connect to Samba shares</p></dd><DT CLASS="term">
+<i>smbtar</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+A program for backing up data in shares, similar to the Unix <I CLASS="filename">
+tar</i> command</p></dd><DT CLASS="term">
+<i>nmblookup</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+A program that provides NetBIOS over TCP/IP name lookups</p></dd><DT CLASS="term">
+<i>smbpasswd</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+A program that allows an administrator to change the encrypted passwords used by Samba</p></dd><DT CLASS="term">
+<i>smbstatus</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+A program for reporting the current network connections to the shares on a Samba server</p></dd><DT CLASS="term">
+<i>testparm</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+A simple program to validate the Samba configuration file</p></dd><DT CLASS="term">
+<i>testprns</i></dt><DD CLASS="listitem">
+<P CLASS="para">
+A program that tests whether various printers are recognized by the <I CLASS="filename">
+smbd</i> daemon</p></dd></dl><P CLASS="para">
+Each significant release of Samba goes through a significant exposure test before it's announced. In addition, it is quickly updated afterward if problems or unwanted side-effects are found. The latest stable distribution as of this writing is Samba 2.0.5, the long-awaited production version of Samba 2.0. This book focuses on the functionality supported in Samba 2.0, as opposed to the older 1.9.<EM CLASS="emphasis">
+x</em> versions of Samba, which are now obsolete.</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_04.html" TITLE="1.4 Microsoft Implementations">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.4 Microsoft Implementations" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_06.html" TITLE="1.6 How Can I Get Samba?">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.6 How Can I Get Samba?" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.4 Microsoft Implementations</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.6 How Can I Get Samba?</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_06.html b/docs/htmldocs/using_samba/ch01_06.html
new file mode 100755
index 00000000000..f3b46b2313b
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_06.html
@@ -0,0 +1,90 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.6 How Can I Get Samba?</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:30:01Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_05.html" TITLE="1.5 An Overview of the Samba Distribution">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.5 An Overview of the Samba Distribution" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_07.html" TITLE="1.7 What's New in Samba 2.0?">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.7 What's New in Samba 2.0?" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-pgfId-946850">
+1.6 How Can I Get Samba?</a></h2><P CLASS="para">Samba is available in both binary and source format from a set of mirror sites across the Internet. The primary home site for Samba is located at <A CLASS="systemitem.url" HREF="http://www.samba.org/">http://www.samba.org/</a>.</p><P CLASS="para">
+However, if you don't want to wait for packets to arrive all the way from Australia, mirror sites for Samba can be found at any of several locations on the Internet. A list of mirrors is given at the primary Samba home page.</p><P CLASS="para">
+In addition, a CD-ROM distribution is available in the back of this book. We strongly encourage you to start with the CD-ROM if this is your first time using Samba. We've included source and binaries up to Samba 2.0.5 with this book. In addition, several of the testing tools that we refer to through the book are conveniently packaged on the CD-ROM.</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_05.html" TITLE="1.5 An Overview of the Samba Distribution">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.5 An Overview of the Samba Distribution" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_07.html" TITLE="1.7 What's New in Samba 2.0?">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.7 What's New in Samba 2.0?" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.5 An Overview of the Samba Distribution</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.7 What's New in Samba 2.0?</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_07.html b/docs/htmldocs/using_samba/ch01_07.html
new file mode 100755
index 00000000000..a5fd482b03b
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_07.html
@@ -0,0 +1,138 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.7 What's New in Samba 2.0?</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:30:01Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_06.html" TITLE="1.6 How Can I Get Samba?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.6 How Can I Get Samba?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_08.html" TITLE="1.8 And That's Not All...">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.8 And That's Not All..." BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-40528">
+1.7 What's New in Samba 2.0?</a></h2><P CLASS="para">Samba 2.0 was an eagerly-awaited package. The big additions to Samba 2.0 are more concrete support for NT Domains and the new Samba Web Administration Tool (SWAT), a browser-based utility for configuring Samba. However, there are dozens of other improvements that were introduced in the summer and fall of 1998. </p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937019">
+1.7.1 NT Domains</a></h3><P CLASS="para">
+Samba's support for NT Domains (starting with version 2.0.<EM CLASS="emphasis">
+x</em>) produced a big improvement: it allows SMB servers to use its authentication mechanisms, which is essential for future NT compatibility, and to support <I CLASS="firstterm">
+NT domain logons</i>. Domain logons allow a user to log in to a Windows NT domain and use all the computers in the domain without logging into them individually. Previous to version 2.0.0, Samba supported Windows 95/98 logon services, but not NT domain logons. Although domain logons support is not complete is Samba 2.0, it is partially implemented.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937021">
+1.7.2 Ease of Administration</a></h3><P CLASS="para">SWAT, the Samba Web Administration Tool, makes it easy to set up a server and change its configuration, without giving up the simple text-based configuration file. SWAT provides a graphical interface to the resources that Samba shares with its clients. In addition, SWAT saves considerable experimentation and memory work in setting up or changing configurations across the network. You can even create an initial setup with SWAT and then modify the file later by hand, or vice versa. Samba will not complain.</p><P CLASS="para">
+On the compilation side, GNU <I CLASS="filename">
+autoconf</i> is now used to make the task of initial compilation and setup easier so you can get to SWAT quicker.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937024">
+1.7.3 Performance</a></h3><P CLASS="para">
+There are major performance and scalability increases in Samba: the code has been reorganized and <EM CLASS="emphasis">
+nmbd</em> (the Samba name service daemon) heavily rewritten:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-937026">
+</a>Name/browsing service now supports approximately 35,000 simultaneous clients.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-937027">
+</a>File and print services support 500 concurrent users from a single medium-sized server without noticeable performance degradation.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-937028">
+</a>Linux/Samba on identical hardware now consistently performs better than NT Server. And best of all, Samba is improving.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch01-pgfId-937029">
+</a>Improved "opportunistic" locking allows client machines to cache entire files locally, greatly improving speed without running the risk of accidentally overwriting the cached files.</p></li></ul></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937030">
+1.7.4 More Features</a></h3><P CLASS="para">
+There are several additional features in Samba 2.0. You can now have multiple Samba aliases on the same machine, each pretending to be a different server, a feature similar to virtual hosts in modern web servers. This allows a host to serve multiple departments and groups, or provide disk shares with normal username/password security while also providing printers to everyone without any security. Printing has been changed to make it easier for Unix System V owners: Samba can now find the available printers automatically, just as it does with Berkeley-style printing. In addition, Samba now has the capability to use multiple code pages, so it can be used with non-European languages, and to use the Secure Sockets Layer protocol (SSL) to encrypt all the data it sends across the Internet, instead of just passwords.[<A CLASS="footnote" HREF="#ch01-pgfId-938280">7</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch01-pgfId-938280">[7]</a> If you reside in the United States, there are some federal rules and regulations dealing with strong cryptography. We'll talk about his later when we set up Samba and SSL in <a href="appa_01.html"><b>Appendix A, <CITE CLASS="appendix">
+Configuring Samba with SSL</cite></b></a>.</p></div></blockquote></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937035">
+1.7.5 Compatibility Improvements</a></h3><P CLASS="para">
+At the same time as it's becoming more capable, Samba is also becoming more compatible with Windows NT. Samba has always supported Microsoft-style password encryption. It now provides tools and options for changing over to Microsoft encryption, and for keeping the Unix and Microsoft password files synchronized while doing so. Finally, a Samba master browser can be instructed to hunt down and synchronize itself with other SMB servers on different LANs, allowing SMB to work seamlessly across multiple networks. Samba uses a different method of accomplishing this from the Microsoft method, which is undocumented.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch01-pgfId-937039">
+1.7.6 Smbwrapper</a></h3><P CLASS="para">
+Finally, there is an entirely new version of the Unix client called <I CLASS="firstterm">
+smbwrapper</i>. Instead of a kernel module that allows Linux to act as a Samba client, there is now a command-line entry to load the library that provides a complete SMB filesystem on some brands of Unix. Once loaded, the command <CODE CLASS="literal">
+ls</code> <CODE CLASS="literal">
+/smb</code> will list all the machines in your workgroup, and <CODE CLASS="literal">
+cd</code> <CODE CLASS="literal">/smb/</code><CODE CLASS="replaceable"><I>server_name</i></code><CODE CLASS="literal">/</code><CODE CLASS="replaceable"><I>share_name</i></code> will take you to a particular share (shared directory), similar to the Network File System (NFS). As of this writing, <EM CLASS="emphasis">
+smbwrapper</em> currently runs on Linux, Solaris, SunOS 4, IRIX, and OSF/1, and is expected to run on several more operating systems in the near future.</p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_06.html" TITLE="1.6 How Can I Get Samba?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.6 How Can I Get Samba?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_08.html" TITLE="1.8 And That's Not All...">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 1.8 And That's Not All..." BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.6 How Can I Get Samba?</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+1.8 And That's Not All...</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch01_08.html b/docs/htmldocs/using_samba/ch01_08.html
new file mode 100755
index 00000000000..0ea2d0331ce
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch01_08.html
@@ -0,0 +1,89 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 1] 1.8 And That's Not All...</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:30:04Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_07.html" TITLE="1.7 What's New in Samba 2.0?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.7 What's New in Samba 2.0?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch01_01.html" TITLE="1. Learning the Samba">
+Chapter 1<br>
+Learning the Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2. Installing Samba on a Unix System" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch01-99818">
+1.8 And That's Not All...</a></h2><P CLASS="para">
+Samba is a wonderful tool with potential for even the smallest SMB/CIFS network. This chapter presented you with a thorough introduction to what Samba is, and more importantly, how it fits into a Windows network. The next series of chapters will help you set up Samba on both the Unix server side, where its two daemons reside, as well as configure the Windows 95, 98, and NT clients to work with Samba. Before long, the aches and pains of your heterogeneous network may seem like a thing of the past. Welcome to the wonderful world of Samba!</p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_07.html" TITLE="1.7 What's New in Samba 2.0?">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.7 What's New in Samba 2.0?" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2. Installing Samba on a Unix System" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.7 What's New in Samba 2.0?</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+2. Installing Samba on a Unix System</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch02_01.html b/docs/htmldocs/using_samba/ch02_01.html
new file mode 100755
index 00000000000..a90a52d8abe
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02_01.html
@@ -0,0 +1,197 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 2] Installing Samba on a Unix System</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:03Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_08.html" TITLE="1.8 And That's Not All...">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.8 And That's Not All..." BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 2</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_02.html" TITLE="2.2 Configuring Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.2 Configuring Samba" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch02-46174">
+2. Installing Samba on a Unix System</a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch02-85028" TITLE="2.1 Downloading the Samba Distribution">
+Downloading the Samba Distribution</a><br>
+<A CLASS="sect1" HREF="ch02_02.html" TITLE="2.2 Configuring Samba">
+Configuring Samba</a><br>
+<A CLASS="sect1" HREF="ch02_03.html" TITLE="2.3 Compiling and Installing Samba">
+Compiling and Installing Samba</a><br>
+<A CLASS="sect1" HREF="ch02_04.html" TITLE="2.4 A Basic Samba Configuration File">
+A Basic Samba Configuration File</a><br>
+<A CLASS="sect1" HREF="ch02_05.html" TITLE="2.5 Starting the Samba Daemons">
+Starting the Samba Daemons</a><br>
+<A CLASS="sect1" HREF="ch02_06.html" TITLE="2.6 Testing the Samba Daemons">
+Testing the Samba Daemons</a></p><P>
+</p></div><P CLASS="para">Now that you know what Samba can do for you and your users, it's time to get your own network set up. Let's start with the installation of Samba itself on a Unix system. When dancing the samba, one learns by taking small steps. It's just the same when installing Samba; we need to teach it step by step. This chapter will help you to start off on the right foot. </p><P CLASS="para">
+For illustrative purposes, we will be installing the 2.0.4 version of the Samba server on a Linux[<A CLASS="footnote" HREF="#ch02-pgfId-939741">1</a>] system running version 2.0.31 of the kernel. However, the installation steps are the same for all of the platforms that Samba supports. A typical installation will take about an hour to complete, including downloading the source files and compiling them, setting up the configuration files, and testing the server. </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch02-pgfId-939741">[1]</a> If you haven't heard of Linux yet, then you're in for a treat. Linux is a freely distributed Unix-like operating system that runs on the Intel x86, Motorola PowerPC, and Sun Sparc platforms. The operating system is relatively easy to configure, extremely robust, and is gaining in popularity. You can get more information on the Linux operating system at <a href="http://www.linux.org/"><EM CLASS="emphasis">http://www.linux.org/</a></em>.</p></div></blockquote><P CLASS="para">Here is an overview of the steps:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938543">
+</a>Download the source or binary files.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938544">
+</a>Read the installation documentation.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938545">
+</a>Configure a makefile.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938546">
+</a>Compile the server code.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938547">
+</a>Install the server files.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938548">
+</a>Create a Samba configuration file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938549">
+</a>Test the configuration file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938550">
+</a>Start the Samba daemons.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938551">
+</a>Test the Samba daemons.</p></li></ol><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch02-85028">
+2.1 Downloading the Samba Distribution</a></h2><P CLASS="para">If you want to get started quickly, the CD-ROM packaged with this book contains both the sources and binaries of Samba that were available as this book went to print. The CD is a mirror image of the files and directories on the Samba download server: <EM CLASS="emphasis">
+ftp.samba.org</em>.</p><P CLASS="para">
+On the other hand, if you want to download the latest version, the primary web site for the Samba software is <A CLASS="systemitem.url" HREF="http://www.samba.org">http://www.samba.org</a>. Once connected to this page, you'll see links to several Samba mirror sites across the world, both for the standard Samba web pages and sites devoted exclusively to downloading Samba. For the best performance, choose a site that is closest to your own geographic location.</p><P CLASS="para">
+The standard Samba web sites have Samba documentation and tutorials, mailing list archives, and the latest Samba news, as well as source and binary distributions of Samba. The download sites (sometimes called <EM CLASS="emphasis">
+FTP sites</em>) have only the source and binary distributions. Unless you specifically want an older version of the Samba server or are going to install a binary distribution, download the latest source distribution from the closest mirror site. This distribution is always named:</p><PRE CLASS="programlisting">samba-latest.tar.gz</pre><P CLASS="para">
+If you choose to use the version of Samba that is located on the CD-ROM packaged with this book, you should find the latest Samba distribution in the base directory.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-938556">
+2.1.1 Binary or Source?</a></h3><P CLASS="para">Precompiled packages are also available for a large number of Unix platforms. These packages contain binaries for each of the Samba executables as well as the standard Samba documentation. Note that while installing a binary distribution can save you a fair amount of trouble and time, there are a couple of issues that you should keep in mind when deciding whether to use the binary or compile the source yourself:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938558">
+</a>The binary packages can lag behind the latest version of the software by one or two (maybe more) minor releases, especially after a series of small changes and for less popular platforms. Compare the release notes for the source and binary packages to make sure that there aren't any new features that you need on your platform. This is especially true of the sources and binaries on the CD-ROM: at the time this book went to print, they were from the latest production release of Samba. However, development is ongoing, so the beta-test versions on the Internet will be newer.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938560">
+</a>If you use a precompiled binary, you will need to ensure that you have the correct libraries required by the executables. On some platforms the executables are statically linked so this isn't an issue, but on modern Unix operating systems (e.g., Linux, SGI Irix, Solaris, HP-UX, etc.), libraries are often dynamically linked. This means that the binary looks for the right version of each library on your system, so you may have to install a new version of a library. The <I CLASS="filename">
+README</i> file or <I CLASS="filename">
+makefile</i> that accompanies the binary distribution should list any special requirements.[<A CLASS="footnote" HREF="#ch02-pgfId-943622">2</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch02-pgfId-943622">[2]</a> This is especially true with programs that use <EM CLASS="emphasis">
+glibc-2.1</em> (which comes standard with Red Hat Linux 6). This library caused quite a consternation in the development community when it was released because it was incompatable with previous versions of <EM CLASS="emphasis">g</em><I CLASS="filename">libc</i>.</p></div></blockquote><P CLASS="para">Many machines with shared libraries come with a nifty tool called <EM CLASS="emphasis">ldd</em>. This tool will tell you which libraries a specific binary requires and which libraries on the system satisfy that requirement. For example, checking the <EM CLASS="emphasis">
+smbd</em> program on our test machine gave us:</p></li></ul><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">$</code> ldd smbd</b>
+</pre><PRE CLASS="programlisting">
+libreadline.so.3 =&gt; /usr/lib/libreadline.so.3
+libdl.so.2 =&gt; /lib/libdl.so.2
+libcrypt.so.1 =&gt; /lib/libcrypt.so.1
+libc.so.6 =&gt; /lib/libc.so.6
+libtermcap.so.2 =&gt; /lib/libtermcap.so.2
+/lib/ld-linux.so.2 =&gt; /lib/ld-linux.so.2</pre><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+If there are any incompatibilities between Samba and specific libraries on your machine, the distribution-specific documentation should highlight those.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938567">
+</a>Keep in mind that each binary distribution carries preset values about the target platform, such as default directories and configuration option values. Again, check the documentation and the makefile included in the source directory to see which directives and variables were used when the binary was compiled. In some cases, these will not be appropriate for your situation. </p><P CLASS="para">
+A few configuration items can be reset with command-line options at runtime instead of at compile time. For example, if your binary tries to place any log, lock, or status files in the "wrong" place (for example, in <I CLASS="filename">
+/usr/local</i>), you can override this without recompiling. </p></li></ul><P CLASS="para">
+One point worth mentioning is that the Samba source requires an ANSI C compiler. If you are on a platform with a non-ANSI compiler, such as the <EM CLASS="emphasis">
+cc</em> compiler on SunOS version 4, you'll have to install an ANSI-compliant compiler such as <EM CLASS="emphasis">
+gcc </em>before you do anything else.[<A CLASS="footnote" HREF="#ch02-pgfId-939049">3</a>] If installing a compiler isn't something you want to wrestle with, you can start off with a binary package. However, for the most flexibility and compatibility on your system, we always recommend compiling from the latest source.</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch02-pgfId-939049">[3]</a> <EM CLASS="emphasis">
+gcc</em> binaries are available for almost every modern machine. See <A CLASS="systemitem.url" HREF="http://www.gnu.org/">
+http://www.gnu.org/</a> for a list of sites with <EM CLASS="emphasis">
+gcc</em> and other GNU software.</p></div></blockquote></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-938574">
+2.1.2 Read the Documentation</a></h3><P CLASS="para">This sounds like an obvious thing to say, but there have probably been times where you have uncompressed a package, blindly typed <CODE CLASS="literal">
+configure</code>, <CODE CLASS="literal">
+make</code>, and <CODE CLASS="literal">
+make</code> <CODE CLASS="literal">
+install</code>, and walked away to get another cup of coffee. We'll be the first to admit that we do that, many more times than we should. It's a bad idea&nbsp;- especially when planning a network with Samba.</p><P CLASS="para">
+Samba 2.0 automatically configures itself prior to compilation. This reduces the likelihood of a machine-specific problem, but there may be an option mentioned in the <I CLASS="filename">
+README</i> file that you end up wishing for after Samba's been installed. With both source and binary packages you'll find a large number of documents in the <I CLASS="filename">
+docs</i> directory, in a variety of formats. The most important files to look at in the distribution are:</p><PRE CLASS="programlisting">
+WHATSNEW.txt
+docs/textdocs/UNIX_INSTALL.txt</pre><P CLASS="para">
+These files tell you what features you can expect in your Samba distribution, and will highlight common installation problems that you're likely to face. Be sure to look over both of them before you start the compilation process. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch01_08.html" TITLE="1.8 And That's Not All...">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 1.8 And That's Not All..." BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_02.html" TITLE="2.2 Configuring Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.2 Configuring Samba" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+1.8 And That's Not All...</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+2.2 Configuring Samba</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch02_02.html b/docs/htmldocs/using_samba/ch02_02.html
new file mode 100755
index 00000000000..3556314b438
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02_02.html
@@ -0,0 +1,338 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 2] 2.2 Configuring Samba</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:05Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_01.html" TITLE="2.1 Downloading the Samba Distribution">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.1 Downloading the Samba Distribution" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+Chapter 2<br>
+Installing Samba on a Unix System</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_03.html" TITLE="2.3 Compiling and Installing Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.3 Compiling and Installing Samba" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch02-28558">
+2.2 Configuring Samba</a></h2><P CLASS="para">The source distribution of Samba 2.0 and above doesn't initially have a makefile. Instead, one is generated through a GNU <I CLASS="filename">
+configure</i> script, which is located in the <I CLASS="filename">
+samba-2.0.x /source/</i> directory. The <I CLASS="firstterm">
+configure</i> script, which must be run as root, takes care of the machine-specific issues of building Samba. However, you still may want to decide on some global options. Global options can be set by passing options on the command-line:</p><PRE CLASS="programlisting">
+# ./configure --with-ssl</pre><P CLASS="para">
+For example, this will configure the Samba makefile with support for the Secure Sockets Layer (SSL) encryption protocol. If you would like a complete list of options, type the following:</p><PRE CLASS="programlisting">
+# ./configure --help</pre><P CLASS="para">Each of these options enable or disable various features. You typically enable a feature by specifying the <CODE CLASS="literal">
+--with-</code><CODE CLASS="replaceable">
+<I>
+feature</i></code> option, which will cause the feature to be compiled and installed. Likewise, if you specify a <CODE CLASS="literal">
+--without-</code><CODE CLASS="replaceable">
+<I>
+feature</i></code> option, the feature will be disabled. As of Samba 2.0.5, each of the following features is disabled by default:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+<CODE CLASS="literal">
+--with-smbwrapper</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include SMB wrapper support, which allows executables on the Unix side to access SMB/CIFS filesystems as if they were regular Unix filesystems. We recommend using this option. However, at this time this book went to press, there were several incompatibilities between the <I CLASS="filename">
+smbwrapper</i> package and the GNU <I CLASS="filename">
+libc</i> version 2.1, and it would not compile on Red Hat 6.0. Look for more information on these incompatibilities on the Samba home page.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-afs</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support of the Andrew Filesystem from Carnegie Mellon University. If you're going to serve AFS files via Samba, we recommend compiling Samba once first without enabling this feature to ensure that everything runs smoothly. Once that version is working smoothly, recompile Samba with this feature enabled and compare any errors you might receive against the previous setup.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-dfs</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for DFS, a later version of AFS, used by OSF/1 (Digital Unix). Note that this is <EM CLASS="emphasis">
+not</em> the same as Microsoft DFS, which is an entirely different filesystem. Again, we recommend compiling Samba once first without this feature to ensure that everything runs smoothly, then recompile with this feature to compare any errors against the previous setup.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-krb4</code>=<CODE CLASS="replaceable"><I>base-directory</i></code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for Kerberos version 4.0, explicitly specifying the base directory of the distribution. Kerberos is a network security protocol from MIT that uses private key cryptography to provide strong security between nodes. Incidentally, Microsoft has announced that Kerberos 5.0 will be the standard authentication mechanism for Microsoft Windows 2000 (NT 5.0). However, the Kerberos 5.0 authentication mechanisms are quite different from the Kerberos 4.0 security mechanisms. If you have Kerberos version 4 on your system, the Samba team recommends that you upgrade and use the <CODE CLASS="literal">
+--with-krb5</code> option (see the next item). You can find more information on Kerberos at <a href="http://web.mit.edu/kerberos/www"><EM CLASS="emphasis">http://web.mit.edu/kerberos/www</a></em>.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-krb5</code>=<CODE CLASS="replaceable"><I>base-directory</i></code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for Kerberos version 5.0, explicitly specifying the base directory of the distribution. Microsoft has announced that Kerberos 5.0 will be the standard authentication mechanism for Microsoft Windows 2000 (NT 5.0). However, there is no guarantee that Microsoft will not extend Kerberos for their own needs in the future. Currently, Samba's Kerberos support only uses a plaintext password interface and not an encrypted one. You can find more information on Kerberos at its home page: <a href="http://web.mit.edu/kerberos/www"><EM CLASS="emphasis">http://web.mit.edu/kerberos/www</a></em>.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-automount</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for automounter, a feature often used on sites that offer NFS. </p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-smbmount</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include <EM CLASS="emphasis">
+smbmount</em> support, which is for Linux only. This feature wasn't being maintained at the time the book was written, so the Samba team made it an optional feature and provided <EM CLASS="emphasis">
+smbwrapper</em> instead. The <EM CLASS="emphasis">
+smbwrapper</em> feature works on more Unix platforms than <EM CLASS="emphasis">
+smbmount</em>, so you'll usually want to use <CODE CLASS="literal">
+--with-smbwrapper</code> instead of this option.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-pam</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for pluggable authentication modules (PAM), an authentication feature common in the Linux operating system.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-ldap</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for the Lightweight Directory Access Protocol (LDAP). A future version of LDAP will be used in the Windows 2000 (NT 5.0) operating system; this Samba support is experimental. LDAP is a flexible client-server directory protocol that can carry information such as certificates and group memberships.[<A CLASS="footnote" HREF="#ch02-pgfId-943655">4</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch02-pgfId-943655">[4]</a> By <EM CLASS="emphasis">
+directory</em>, we don't mean a directory in a file system, but instead an indexed directory (such as a phone directory). Information is stored and can be easily retrieved in a public LDAP system.</p></div></blockquote></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-nis</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for getting password-file information from NIS (network yellow pages).</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-nisplus</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for obtaining password-file information from NIS+, the successor to NIS.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-ssl</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include experimental support for the Secure Sockets Layer (SSL), which is used to provide encrypted connections from client to server. <a href="appa_01.html"><b>Appendix A, <CITE CLASS="appendix">Configuring Samba with SSL</cite></b></a>, describes setting up Samba with SSL support.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-nisplus-home</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for locating which server contains a particular user's home directory and telling the client to connect to it. Requires <CODE CLASS="literal">
+--with-nis</code> and, usually, <CODE CLASS="literal">
+--with-automounter</code>. </p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-mmap</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include experimental memory mapping code. This is not required for fast locking, which already uses mmap or System V shared memory.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-syslog</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include support for using the SYSLOG utility for logging information generated from the Samba server. There are a couple of Samba configuration options that you can use to enable SYSLOG support; <a href="ch04_01.html"><b>Chapter 4, <CITE CLASS="chapter">Disk Shares </cite></b></a>, discusses these options.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-netatalk</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include experimental support for interoperating with the (Macintosh) Netatalk file server.</p></dd><DT CLASS="term">
+<CODE CLASS="literal">
+--with-quotas</code></dt><DD CLASS="listitem">
+<P CLASS="para">
+Include disk-quota support.</p></dd></dl><P CLASS="para">
+Because each of these options is disabled by default, none of these features are essential to Samba. However, you may want to come back and build a modified version of Samba if you discover that you need one at a later time.</p><P CLASS="para">
+In addition, <A CLASS="xref" HREF="ch02_02.html#ch02-85125">
+Table 2.1</a> shows some other parameters that you can give the <I CLASS="filename">
+configure</i> script if you wish to store parts of the Samba distribution in different places, perhaps to make use of multiple disks or partitions. Note that the defaults sometimes refer to a prefix specified earlier in the table.  </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch02-85125">
+Table 2.1: Additional Configure Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Meaning</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--prefix</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install architecture-independent files at the base directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<I CLASS="filename">
+/usr/local/samba</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--eprefix</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install architecture-dependent files at the base directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<I CLASS="filename">
+/usr/local/samba</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--bindir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install user executables in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+eprefix</i></code><I CLASS="filename">/bin</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--sbindir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install administrator executables in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+eprefix</i></code><I CLASS="filename">/bin</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--libexecdir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install program executables in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+eprefix</i></code><I CLASS="filename">/libexec</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--datadir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install read-only architecture independent data in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+prefix</i></code><I CLASS="filename">/share</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--libdir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install program libraries in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+eprefix</i></code><I CLASS="filename">/lib</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--includedir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install package include files in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+prefix</i></code><I CLASS="filename">/include</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--infodir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install additional information files in the directory specified.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+prefix</i></code><I CLASS="filename">/info</i></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+--mandir</code>=<CODE CLASS="replaceable"><I>directory</i></code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Install manual pages in the directory specified. </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="replaceable">
+<I>
+prefix</i></code><I CLASS="filename">/man</i></p></td></tr></tbody></table><P CLASS="para">
+Again, before running the <I CLASS="filename">
+configure</i> script, it is important that you are the root user on the system. Otherwise, you may get a warning such as:</p><PRE CLASS="programlisting">
+configure: warning: running as non-root will disable some tests</pre><P CLASS="para">
+You don't want any test to be disabled when the Samba makefile is being created; this leaves the potential for errors down the road when compiling or running Samba on your system.</p><P CLASS="para">
+Here is a sample execution of the <I CLASS="filename">
+configure</i> script, which creates a Samba 2.0.4 makefile for the Linux platform. Note that you must run the configure script in the <EM CLASS="emphasis">
+source</em> directory, and that several lines from the middle of the excerpt have been omitted:</p><PRE CLASS="programlisting">
+# cd samba-2.0.4b/source/
+# ./configure | tee mylog
+
+loading cache ./config.cache
+checking for gcc... (cached) gcc
+checking whether the C compiler (gcc -O) works... yes
+checking whether the C compiler (gcc -O) is a cross-compiler... no
+checking whether we are using GNU C... (cached) yes
+checking whether gcc accepts -g... (cached) yes
+checking for a BSD compatible install... (cached) /usr/bin/install -c
+
+<EM CLASS="emphasis">...(content omitted)...</em>
+
+checking configure summary
+configure OK
+creating ./config.status
+creating include/stamp-h
+creating Makefile
+creating include/config.h</pre><P CLASS="para">
+In general, any message from <I CLASS="filename">
+configure</i> that doesn't begin with the words <CODE CLASS="literal">
+checking</code> or <CODE CLASS="literal">
+creating</code> is an error; it often helps to redirect the output of the configure script to a file so you can quickly search for errors, as we did with the <CODE CLASS="literal">
+tee</code> command above. If there was an error during configuration, more detailed information about it can be found in the <I CLASS="filename">
+config.log</i> file, which is written to the local directory by the <I CLASS="filename">
+configure</i> script.</p><P CLASS="para">
+If the configuration works, you'll see a <CODE CLASS="literal">
+checking</code> <CODE CLASS="literal">
+configure</code> <CODE CLASS="literal">
+summary</code> message followed by a <CODE CLASS="literal">
+configure</code> <CODE CLASS="literal">
+OK</code> message and four or five file creation messages. So far, so good.... Next step: compiling. </p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_01.html" TITLE="2.1 Downloading the Samba Distribution">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.1 Downloading the Samba Distribution" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_03.html" TITLE="2.3 Compiling and Installing Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.3 Compiling and Installing Samba" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+2.1 Downloading the Samba Distribution</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+2.3 Compiling and Installing Samba</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch02_03.html b/docs/htmldocs/using_samba/ch02_03.html
new file mode 100755
index 00000000000..c4313736d8b
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02_03.html
@@ -0,0 +1,235 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 2] 2.3 Compiling and Installing Samba</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:09Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_02.html" TITLE="2.2 Configuring Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.2 Configuring Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+Chapter 2<br>
+Installing Samba on a Unix System</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_04.html" TITLE="2.4 A Basic Samba Configuration File">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.4 A Basic Samba Configuration File" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch02-13217">
+2.3 Compiling and Installing Samba</a></h2><P CLASS="para">At this point you should be ready to build the Samba executables. Compiling is also easy: in the <I CLASS="filename">
+source</i> directory, type <CODE CLASS="literal">
+make</code> on the command line. The <I CLASS="filename">
+make</i> utility will produce a stream of explanatory and success messages, beginning with:</p><PRE CLASS="programlisting">
+Using FLAGS = -O -Iinclude ...</pre><P CLASS="para">
+This build includes compiles for both <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em>, and ends in a linking command for <I CLASS="filename">
+bin/make_ printerdef</i>. For example, here is a sample make of Samba version 2.0.4 on a Linux server:</p><PRE CLASS="programlisting"><CODE CLASS="literal"># </code>make
+Using FLAGS =  -O -Iinclude -I./include -I./ubiqx -I./smbwrapper  -DSMBLOGFILE=&quot;/usr/local/samba/var/log.smb&quot; -DNMBLOGFILE=&quot;/usr/local/samba/var/log.nmb&quot; -DCONFIGFILE=&quot;/usr/local/samba/lib/smb.conf&quot; -DLMHOSTSFILE=&quot;/usr/local/samba/lib/lmhosts&quot;   -DSWATDIR=&quot;/usr/local/samba/swat&quot; -DSBINDIR=&quot;/usr/local/samba/bin&quot; -DLOCKDIR=&quot;/usr/local/samba/var/locks&quot; -DSMBRUN=&quot;/usr/local/samba/bin/smbrun&quot; -DCODEPAGEDIR=&quot;/usr/local/samba/lib/codepages&quot; -DDRIVERFILE=&quot;/usr/local/samba/lib/printers.def&quot; -DBINDIR=&quot;/usr/local/samba/bin&quot; -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=&quot;/bin/passwd&quot; -DSMB_PASSWD_FILE=&quot;/usr/local/samba/private/smbpasswd&quot;
+Using FLAGS32 =  -O -Iinclude -I./include -I./ubiqx -I./smbwrapper  -DSMBLOGFILE=&quot;/usr/local/samba/var/log.smb&quot; -DNMBLOGFILE=&quot;/usr/local/samba/var/log.nmb&quot; -DCONFIGFILE=&quot;/usr/local/samba/lib/smb.conf&quot; -DLMHOSTSFILE=&quot;/usr/local/samba/lib/lmhosts&quot;   -DSWATDIR=&quot;/usr/local/samba/swat&quot; -DSBINDIR=&quot;/usr/local/samba/bin&quot; -DLOCKDIR=&quot;/usr/local/samba/var/locks&quot; -DSMBRUN=&quot;/usr/local/samba/bin/smbrun&quot; -DCODEPAGEDIR=&quot;/usr/local/samba/lib/codepages&quot; -DDRIVERFILE=&quot;/usr/local/samba/lib/printers.def&quot; -DBINDIR=&quot;/usr/local/samba/bin&quot; -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=&quot;/bin/passwd&quot; -DSMB_PASSWD_FILE=&quot;/usr/local/samba/private/smbpasswd&quot;
+Using LIBS = -lreadline -ldl  -lcrypt -lpam
+Compiling smbd/server.c
+Compiling smbd/files.c
+Compiling smbd/chgpasswd.c
+
+<EM CLASS="emphasis">...(content omitted)...</em>
+
+Compiling rpcclient/cmd_samr.c
+Compiling rpcclient/cmd_reg.c
+Compiling rpcclient/cmd_srvsvc.c
+Compiling rpcclient/cmd_netlogon.c
+Linking bin/rpcclient
+Compiling utils/smbpasswd.c
+Linking bin/smbpasswd
+Compiling utils/make_smbcodepage.c
+Linking bin/make_smbcodepage
+Compiling utils/nmblookup.c
+Linking bin/nmblookup
+Compiling utils/make_printerdef.c
+Linking bin/make_printerdef</pre><P CLASS="para">
+If you encounter problems when compiling, check the Samba documentation to see if it is easily fixable. Another possibility is to search or post to the Samba mailing lists, which are given at the end of <a href="ch09_03.html">Chapter 9</a>, and on the Samba home page. Most compilation issues are system specific and almost always easy to overcome.</p><P CLASS="para">
+Now that the files have been compiled, you can install them into the directories you identified with the command:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>make install</b></code></pre><P CLASS="para">
+If you happen to be upgrading, your old Samba files will be saved with the extension <EM CLASS="emphasis">
+ .old</em>, and you can go back to that previous version with the command <CODE CLASS="literal">
+make</code> <CODE CLASS="literal">
+revert</code>. After doing a <CODE CLASS="literal">
+make</code> <CODE CLASS="literal">
+install</code>, you should copy the <EM CLASS="emphasis">
+.old  </em>files (if they exist) to a new location or name. Otherwise, the next time you install Samba, the original <EM CLASS="emphasis">
+.old</em>  will be overwritten without warning and you could lose your earlier version. If you configured Samba to use the default locations for files, the new files will be installed in the directories listed in <A CLASS="xref" HREF="ch02_03.html#ch02-pgfId-939627">
+Table 2.2</a>. Remember that you need to  perform the installation from an account that has write privileges on these target directories; this is typically the root account. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch02-pgfId-939627">
+Table 2.2: Samba Installation Directories </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Directory</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Description</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Main tree</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba/bin</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Binaries</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba/lib</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+smb.conf</em>, <EM CLASS="emphasis">
+lmhosts</em>, configuration files, etc.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba/man</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba documentation</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba/private</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba encrypted password file</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba/swat</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+SWAT files</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+/usr/local/samba/var</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba log files, lock files, browse list info, shared memory files, process ID files</p></td></tr></tbody></table><P CLASS="para">
+Throughout the remainder of the book, we occasionally refer to the location of the main tree as <CODE CLASS="replaceable">
+<I>
+samba_dir</i></code>. In most configurations, this is the base directory of the installed Samba package: <I CLASS="filename">
+/usr/local/samba</i>.</p><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> Watch out if you've made <I CLASS="filename">
+/usr</i> a read-only partition. You will want to put the logs, locks, and password files somewhere else.</p></blockquote><P CLASS="para">
+Here is the installation that we performed on our machine. You can see that we used <I CLASS="filename">
+/usr/local/samba</i> as the base directory for the distribution (e.g., <CODE CLASS="replaceable">
+<I>
+samba_dir</i></code>):</p><PRE CLASS="programlisting">
+# <CODE CLASS="userinput"><B>make install</b></code>
+Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper  -DSMBLOGFILE=&quot;/usr/local/samba/var/log.smb&quot; -DNMBLOGFILE=&quot;/usr/local/samba/var/log.nmb&quot; -DCONFIGFILE=&quot;/usr/local/samba/lib/smb.conf&quot; -
+
+<I CLASS="lineannotation">...(content omitted)...</i>
+
+The binaries are installed. You may restore the old binaries
+(if there were any) using the command &quot;make revert&quot;. You may
+uninstall the binaries using the command &quot;make uninstallbin&quot;
+or &quot;make uninstall&quot; to uninstall binaries, man pages and shell
+scripts.
+
+<I CLASS="lineannotation">...(content omitted)...</i>
+
+============================================================
+The SWAT files have been installed. Remember to read the 
+README for information on enabling and using SWAT.
+============================================================</pre><P CLASS="para">
+If the last message is about SWAT, you've successfully installed all the files. Congratulations! You now have Samba on your system!</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-943188">
+2.3.1 Final Installation Steps</a></h3><P CLASS="para">There are a couple of final steps to perform. Specifically, add the Samba Web Administration Tool (SWAT) to the <I CLASS="filename">
+/etc/services</i> and <I CLASS="filename">
+/etc/inetd.conf</i> configuration files. SWAT runs as a daemon under <EM CLASS="emphasis">
+inetd</em> and provides a forms-based editor in your web browser for creating and modifying SMB configuration files.</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-943198">
+</a>To add SWAT, add the following line to the end of the <I CLASS="filename">
+/etc/services</i> file:</p></li></ol><PRE CLASS="programlisting">
+swat   901/tcp</pre><OL CLASS="orderedlist" START="2">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-938792">
+</a>Add these lines to <I CLASS="filename">
+/etc/inetd.conf.</i> (Check your <I CLASS="filename">
+inetd.conf</i> manual page to see the exact format of the<I CLASS="filename">
+ inetd.conf</i> file if it differs from the following example.) Don't forget to change the path to the SWAT binary if you installed it in a different location from the default <I CLASS="filename">
+/usr/local/samba</i>.</p></li></ol><PRE CLASS="programlisting">
+swat   stream  tcp  nowait.400  root  /usr/local/samba/bin/swat  swat</pre><P CLASS="para">
+And that's pretty much it for the installation. Before you can start up Samba, however, you need to create a configuration file for it. </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_02.html" TITLE="2.2 Configuring Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.2 Configuring Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_04.html" TITLE="2.4 A Basic Samba Configuration File">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.4 A Basic Samba Configuration File" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+2.2 Configuring Samba</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+2.4 A Basic Samba Configuration File</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch02_04.html b/docs/htmldocs/using_samba/ch02_04.html
new file mode 100755
index 00000000000..608a1e2c40b
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02_04.html
@@ -0,0 +1,186 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 2] 2.4 A Basic Samba Configuration File</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:10Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_03.html" TITLE="2.3 Compiling and Installing Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.3 Compiling and Installing Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+Chapter 2<br>
+Installing Samba on a Unix System</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_05.html" TITLE="2.5 Starting the Samba Daemons">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.5 Starting the Samba Daemons" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch02-13464">
+2.4 A Basic Samba Configuration File</a></h2><P CLASS="para">
+The key to configuring Samba is its lone configuration file: <I CLASS="filename">
+smb.conf</i>. This configuration file can be very simple or extremely complex, and the rest of this book is devoted to helping you get deeply personal with this file. For now, however, we'll show you how to set up a single file service, which will allow you to fire up the Samba daemons and see that everything is running as it should be. In later chapters, you will see how to configure Samba for more complicated and interesting tasks. </p><P CLASS="para">
+The installation process does not automatically create an <I CLASS="filename">
+smb.conf</i> configuration file, although several example files are included in the Samba distribution. To test the server software, though, we'll use the following file. It should be named <I CLASS="filename">
+smb.conf</i> and placed in the <EM CLASS="emphasis">
+/usr/local/samba/lib</em> directory.[<A CLASS="footnote" HREF="#ch02-pgfId-943223">5</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch02-pgfId-943223">[5]</a> If you did not compile Samba, but instead downloaded a binary, check with the documentation for the package to find out where it expects the <I CLASS="filename">
+smb.conf</i> file. If Samba came preinstalled with your Unix system, there is probably already an <I CLASS="filename">
+smb.conf</i> file somewhere on your system.</p></div></blockquote><PRE CLASS="programlisting">
+[global]
+	workgroup = SIMPLE 
+[test] 
+	comment = For testing only, please
+	path = /export/samba/test
+	read only = no
+	guest ok = yes</pre><P CLASS="para">
+This brief configuration file tells the Samba server to offer the directory <I CLASS="filename">
+/export/samba/test</i> on the server as an SMB/CIFS share called <CODE CLASS="literal">test</code>. The server also becomes part of the named workgroup SIMPLE, which each of the clients must also be a part of. (Use your own workgroup here if you already know what it is.) We'll use the <CODE CLASS="literal">
+[test]</code> share in the next chapter to set up the Windows clients. For now, you can complete the setup by performing the following commands as root on your Unix server:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>mkdir /export/samba/test</b></code>
+# <CODE CLASS="userinput"><B>chmod 777 /export/samba/test</b></code></pre><P CLASS="para">
+We should point out that in terms of system security, this is the worst setup possible. For the moment, however, we only wish to test Samba, so we'll leave security out of the picture. In addition, there are some encrypted password issues that we will encounter with Windows clients later on, so this setup will afford us the least amount of headaches.</p><P CLASS="para">
+If you are using Windows 98 or Windows NT Service Pack 3 or above, you must add the following entry to the <CODE CLASS="literal">
+[global]</code> section of the Samba configuration file: <CODE CLASS="literal">
+encrypt passwords = yes</code>. In addition, you must use the <I CLASS="filename">
+smbpassword</i> program (typically located in    <I CLASS="filename">
+/usr/local/samba/bin/</i>) to reenter the username/password combinations of those users on the Unix server who should be able to access shares into Samba's encrypted client database. For example, if you wanted to allow Unix user <CODE CLASS="literal">
+steve</code> to access shares from an SMB client, you could type: <CODE CLASS="literal">
+smbpassword -a steve</code>. The first time a user is added, the program will output an error saying that the encrypted password database does not exist. Don't worry, it will then create the database for you. Make sure that the username/password combinations that you add to the encrypted database match the usernames and passwords that you intend to use on the Windows client side.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-942383">
+2.4.1 Using SWAT</a></h3><P CLASS="para">With Samba 2.0, creating a configuration file is even easier than writing a configuration file by hand. You can use your browser to connect to <a href="http://localhost:901"><EM CLASS="emphasis">http://localhost:901</em></a>, and log on as the root account, as shown in <A CLASS="xref" HREF="ch02_04.html#ch02-60915">
+Figure 2.1</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch02-60915">
+Figure 2.1: SWAT login</a></h4><IMG CLASS="graphic" SRC="figs/sam.0201.gif" ALT="Figure 2.1"><P CLASS="para">
+After logging in, press the GLOBALS button at the top of the screen. You should see the Global Variables page shown in <A CLASS="xref" HREF="ch02_04.html#ch02-49138">
+Figure 2.2</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch02-49138">
+Figure 2.2: SWAT Global Variables page</a></h4><IMG CLASS="graphic" SRC="figs/sam.0202.gif" ALT="Figure 2.2"><P CLASS="para">
+In this example, set the workgroup field to SIMPLE and the security field to USER. The only other option you need to change from the menu is one determining which system on the LAN resolves NetBIOS addresses; this system is called the <EM CLASS="emphasis">
+WINS server</em>. At the very bottom of the page, set the wins support field to Yes, unless you already have a WINS server on your network. If you do, put the WINS server's IP address in the wins server field instead. Then return to the top and press the Commit Changes button to write the changes out to the <EM CLASS="emphasis">
+smb.conf</em> file.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch02-29175">
+Figure 2.3: SWAT Share Creation screen</a></h4><IMG CLASS="graphic" SRC="figs/sam.0203.gif" ALT="Figure 2.3"><P CLASS="para">
+Next, press the Shares icon. You should see a page similar to <A CLASS="xref" HREF="ch02_04.html#ch02-29175">
+Figure 2.3</a>. Choose Test in the field beside the Choose Share button. You will see the Share Parameters screen, as shown in <A CLASS="xref" HREF="ch02_04.html#ch02-37186">
+Figure 2.4</a>. We added a comment to remind us that this is a test share in the <I CLASS="filename">
+smb.conf</i> file. SWAT has copies of all that information here.</p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch02-37186">
+Figure 2.4: SWAT Share Parameters screen</a></h4><IMG CLASS="graphic" SRC="figs/sam.0204.gif" ALT="Figure 2.4"><P CLASS="para">
+If you press the View button, SWAT shows you the following <I CLASS="filename">
+smb.conf</i> file:</p><PRE CLASS="programlisting">
+# Samba config file created using SWAT
+# from localhost (127.0.0.1)
+# Date: 1998/11/27 15:42:40
+
+# Global parameters
+        workgroup = SIMPLE
+[test]
+        comment = For testing only, please
+        path = /export/samba/test
+        read only = no
+        guest ok = yes</pre><P CLASS="para">
+Once this configuration file is completed, you can skip the next step because the output of SWAT is guaranteed to be syntactically correct. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-938862">
+2.4.2 Testing the Configuration File</a></h3><P CLASS="para">If you didn't use SWAT to create your configuration file, you should probably test it to ensure that it is syntactically correct. It may seem silly to run a test program against an eight-line configuration file, but it's good practice for the real ones that we'll be writing later on.</p><P CLASS="para">
+The test parser, <I CLASS="filename">
+testparm</i>, examines an <I CLASS="filename">
+smb.conf</i> file for syntax errors and reports any it finds along with a list of the services enabled on your machine. An example follows; you'll notice that in our haste to get the server running we mistyped <CODE CLASS="literal">
+workgroup</code> as <CODE CLASS="literal">
+workgrp</code> (the output is often lengthy, so we recommend capturing the last parts with the <CODE CLASS="literal">
+tee</code> command):</p><PRE CLASS="programlisting">
+Load smb config files from smb.conf
+Unknown parameter encountered: &quot;workgrp&quot;
+Ignoring unknown parameter &quot;workgrp&quot;
+Processing section &quot;[test]&quot;
+Loaded services file OK.
+Press enter to see a dump of your service definitions
+# Global parameters
+[global]
+        workgroup = WORKGROUP
+        netbios name = 
+        netbios aliases = 
+        server string = Samba 2.0.5a
+        interfaces = 
+        bind interfaces only = No
+
+<I CLASS="lineannotation">...(content omitted)...</i>
+
+[test]
+        comment = For testing only, please               
+	path = /export/samba/test
+        read only = No
+        guest ok = Yes</pre><P CLASS="para">
+The interesting parts are at the top and bottom. The top of the output will flag any syntax errors that you may have made, and the bottom lists the services that the server thinks it should offer. A word of advice: make sure that you and the server have the same expectations. </p><P CLASS="para">
+If everything looks good, then you are ready to fire up the server daemons! </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_03.html" TITLE="2.3 Compiling and Installing Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.3 Compiling and Installing Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_05.html" TITLE="2.5 Starting the Samba Daemons">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.5 Starting the Samba Daemons" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+2.3 Compiling and Installing Samba</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+2.5 Starting the Samba Daemons</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch02_05.html b/docs/htmldocs/using_samba/ch02_05.html
new file mode 100755
index 00000000000..95d506e5e96
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02_05.html
@@ -0,0 +1,195 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 2] 2.5 Starting the Samba Daemons</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:11Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_04.html" TITLE="2.4 A Basic Samba Configuration File">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.4 A Basic Samba Configuration File" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+Chapter 2<br>
+Installing Samba on a Unix System</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_06.html" TITLE="2.6 Testing the Samba Daemons">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.6 Testing the Samba Daemons" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch02-29069">
+2.5 Starting the Samba Daemons</a></h2><P CLASS="para">
+There are two Samba processes, <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em>, that need to be running for Samba to work correctly. There are three ways to start:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-943268">
+</a>By hand</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-943266">
+</a>As stand-alone daemons</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch02-pgfId-947794">
+</a>From <EM CLASS="emphasis">
+inetd</em></p></li></ul><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-938883">
+2.5.1 Starting the Daemons by Hand</a></h3><P CLASS="para">
+If you're in a hurry, you can start the Samba daemons by hand. As root, simply enter the following commands:</p><PRE CLASS="programlisting">
+#<CODE CLASS="userinput"> <B>/usr/local/samba/bin/smbd -D</b></code>
+#<CODE CLASS="userinput"> <B>/usr/local/samba/bin/nmbd -D</b></code></pre><P CLASS="para">
+At this point, Samba will be running on your system and will be ready to accept connections.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-943275">
+2.5.2 Stand-alone Daemons</a></h3><P CLASS="para">
+To run the Samba processes as stand-alone daemons, you need to add the commands listed in the previous section to your standard Unix startup scripts. This varies depending on whether you have a BSD-style Unix system or a System V Unix.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch02-pgfId-947593">
+2.5.2.1 BSD Unix</a></h4><P CLASS="para">
+WIth a BSD-style Unix, you need to append the following code to the <I CLASS="filename">
+rc.local </i>file, which is typically found in the <I CLASS="filename">
+/etc</i> or <I CLASS="filename">
+/etc/rc.d</i> directories:</p><PRE CLASS="programlisting">
+if [ -x /usr/local/samba/bin/smbd]; then
+	echo &quot;Starting smbd...&quot;
+	/usr/local/samba/bin/smbd -D
+	echo &quot;Starting nmbd...&quot;
+	/usr/local/samba/bin/nmbd -D
+fi</pre><P CLASS="para">
+This code is very simple; it checks to see if the <I CLASS="filename">
+smbd</i> file has execute permissions on it, and if it does, it starts up each of the Samba daemons on system boot.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch02-pgfId-943333">
+2.5.2.2 System V Unix</a></h4><P CLASS="para">
+With System V, things can get a little more complex. System V typically uses scripts to start and stop daemons on the system. Hence, you need to instruct Samba how to operate when it starts and when it stops. You can modify the contents of the <I CLASS="filename">
+/etc/rc.local</i> directory and add something similar to the following program entitled <I CLASS="filename">
+smb</i>:</p><PRE CLASS="programlisting">
+#!/bin/sh
+
+# Contains the &quot;killproc&quot; function on Red Hat Linux
+./etc/rc.d/init.d/functions
+
+PATH=&quot;/usr/local/samba/bin:$PATH&quot;
+
+case $1 in 
+	'start')
+		echo &quot;Starting smbd...&quot;
+		smbd -D
+		echo &quot;Starting nmbd...&quot;
+		nmbd -D
+		;;
+	'stop')
+		echo &quot;Stopping smbd and nmbd...&quot;
+		killproc smbd
+		killproc nmbd
+		rm -f /usr/local/samba/var/locks/smbd.pid
+		rm -f /usr/local/samba/var/locks/nmbd.pid
+		;;
+	*)
+		echo &quot;usage: smb {start|stop}&quot;
+		;;
+esac</pre><P CLASS="para">
+With this script, you can start and stop the SMB service with the following commands:</p><PRE CLASS="programlisting">
+# /etc/rc.local/smb start
+Starting smbd...
+Starting nmbd...
+# /etc/rc.local/smb stop
+Stopping smbd and nmbd...</pre></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch02-pgfId-943302">
+2.5.3 Starting From Inetd</a></h3><P CLASS="para">
+The <EM CLASS="emphasis">
+inetd</em> daemon is a Unix system's Internet "super daemon." It listens on TCP ports defined in <I CLASS="filename">
+/etc/services</i> and executes the appropriate program for each port, which is defined in <I CLASS="filename">
+/etc/inetd.conf</i>. The advantage of this scheme is that you can have a large number of daemons ready to answer queries, but they don't all have to be running. Instead, the <EM CLASS="emphasis">
+inetd</em> daemon listens in places of all the others. The penalty is a small overhead cost of creating a new daemon process, and the fact that you need to edit two files rather than one to set things up. This is handy if you have only one or two users or your machine has too many daemons already. It's also easier to perform an upgrade without disturbing an existing connection.</p><P CLASS="para">
+If you wish to start from <I CLASS="filename">
+inetd</i>, first open <I CLASS="filename">
+/etc/services</i> in your text editor. If you don't already have them defined, add the following two lines:</p><PRE CLASS="programlisting">
+netbios-ssn     139/tcp
+netbios-ns      137/udp</pre><P CLASS="para">
+Next, edit <I CLASS="filename">
+/etc/inetd.conf</i>. Look for the following two lines and add them if they don't exist. If you already have <CODE CLASS="literal">
+smbd</code> and <CODE CLASS="literal">
+nmbd</code> lines in the file, edit them to point at the new <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em> you've installed. Your brand of Unix may use a slightly different syntax in this file; use the existing entries and the <I CLASS="filename">
+inetd.conf </i><KBD CLASS="command"></kbd>manual page <KBD CLASS="command"></kbd>as a guide:</p><PRE CLASS="programlisting">
+netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+netbios-ns  dgram  udp wait   root /usr/local/samba/bin/nmbd nmbd</pre><P CLASS="para">
+Finally, kill any <EM CLASS="emphasis">
+smbd</em> or <EM CLASS="emphasis">
+nmbd</em> processes and send the <EM CLASS="emphasis">
+inetd</em> process a hangup (HUP) signal. (The <EM CLASS="emphasis">
+inetd</em> daemon rereads its configuration file on a HUP signal.) To do this, use the <CODE CLASS="literal">
+ps</code> command to find its process ID, then signal it with the following command:</p><PRE CLASS="programlisting">
+# <CODE CLASS="userinput"><B>kill -HUP process_id</b></code></pre><P CLASS="para">
+After that, Samba should be up and running. </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_04.html" TITLE="2.4 A Basic Samba Configuration File">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.4 A Basic Samba Configuration File" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_06.html" TITLE="2.6 Testing the Samba Daemons">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 2.6 Testing the Samba Daemons" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+2.4 A Basic Samba Configuration File</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+2.6 Testing the Samba Daemons</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch02_06.html b/docs/htmldocs/using_samba/ch02_06.html
new file mode 100755
index 00000000000..46adba5d3b6
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch02_06.html
@@ -0,0 +1,108 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 2] 2.6 Testing the Samba Daemons</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:29:12Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_05.html" TITLE="2.5 Starting the Samba Daemons">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.5 Starting the Samba Daemons" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch02_01.html" TITLE="2. Installing Samba on a Unix System">
+Chapter 2<br>
+Installing Samba on a Unix System</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch03_01.html" TITLE="3. Configuring Windows Clients">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 3. Configuring Windows Clients" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch02-67898">
+2.6 Testing the Samba Daemons</a></h2><P CLASS="para">It's hard to believe, but we're nearly done with the Samba server setup. All that's left to do is to make sure that everything is working as we think it should. A convenient way to do this is to use the <I CLASS="filename"> smbclient</i> program to examine what the server is offering to the network. If everything is set up properly, you should be able to do the following:</p><PRE CLASS="programlisting">
+<CODE CLASS="userinput"><B># smbclient -U% -L localhost</b></code>
+
+Added interface ip=192.168.220.100 bcast=192.168.220.255 nmask=255.255.255.0
+Domain=[SIMPLE] OS=[Unix] Server=[Samba 2.0.5a]
+
+        Sharename      Type      Comment
+        ---------      ----      -------
+        test           Disk      For testing only, please
+        IPC$           IPC       IPC Service (Samba 2.0.5a)
+
+        Server               	    Comment
+        ---------            	    -------
+        HYDRA                	    Samba 2.0.5a
+
+        Workgroup            	    Master
+        ---------            	    -------
+        SIMPLE               	    HYDRA</pre><P CLASS="para">
+If there is a problem, don't panic! Try to start the daemons manually, and check the system output or the debug files at <I CLASS="filename">
+/usr/local/samba/var/log.smb</i> to see if you can determine what happened. If you think it may be a more serious problem, skip to <a href="ch07_01.html"><b>Chapter 7, <CITE CLASS="chapter"> Printing and Name Resolution</cite></b></a>, for help on troubleshooting the Samba daemons. </p><P CLASS="para">
+If it worked, congratulations! You now have successfully set up the Samba server with a disk share. It's a simple one, but we can use it to set up and test the Windows 95 and NT clients in the next chapter. Then we will start making it more interesting by adding services such as home directories, printers, and security, and seeing how to integrate the server into a larger Windows domain. </p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_05.html" TITLE="2.5 Starting the Samba Daemons">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.5 Starting the Samba Daemons" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch03_01.html" TITLE="3. Configuring Windows Clients">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 3. Configuring Windows Clients" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+2.5 Starting the Samba Daemons</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+3. Configuring Windows Clients</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch03_01.html b/docs/htmldocs/using_samba/ch03_01.html
new file mode 100755
index 00000000000..915befad0f4
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch03_01.html
@@ -0,0 +1,277 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 3] Configuring Windows Clients</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:31:14Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_06.html" TITLE="2.6 Testing the Samba Daemons">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.6 Testing the Samba Daemons" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 3</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_02.html" TITLE="3.2 Setting Up Windows NT 4.0 Computers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 3.2 Setting Up Windows NT 4.0 Computers" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch03-91548">
+3. Configuring Windows Clients</a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch03-55770" TITLE="3.1 Setting Up Windows 95/98 Computers">
+Setting Up Windows 95/98 Computers</a><br>
+<A CLASS="sect1" HREF="ch03_02.html" TITLE="3.2 Setting Up Windows NT 4.0 Computers">
+Setting Up Windows NT 4.0 Computers</a><br>
+<A CLASS="sect1" HREF="ch03_03.html" TITLE="3.3 An Introduction to SMB/CIFS">
+An Introduction to SMB/CIFS</a></p><P>
+</p></div><P CLASS="para">You'll be glad to know that configuring Windows to use your new Samba server is quite simple. SMB is Microsoft's native language for resource sharing on a local area network, so much of the installation and setup on the Windows client side has been taken care of already. The primary issues that we will cover in this chapter involve communication and coordination between Windows and Unix, two completely different operating systems.</p><P CLASS="para">
+Samba uses TCP/IP to talk to its clients on the network. If you aren't already using TCP/IP on your Windows computers, this chapter will show you how to install it. Then you'll need to configure your Windows machines to operate on a TCP/IP network. Once these two requirements have been taken care of, we can show how to access a shared disk on the Samba server.</p><P CLASS="para">
+This chapter is divided into three sections. The first section covers setting up Windows 95/98 computers while the second covers Windows NT 4.0 machines. The final section provides some prerequisite information on how SMB connections are made from Windows clients and servers, which is useful as we move into the later chapters of the book.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch03-55770">
+3.1 Setting Up Windows 95/98 Computers</a></h2><P CLASS="para">Unfortunately, Windows 95/98 wasn't designed for a PC to have more than one user; that concept is more inherent to a Unix operating system or Windows NT. However, Windows 95/98 does have <EM CLASS="emphasis">
+limited</em> support for multiple users: if you tell it, the operating system will keep a separate profile (desktop layout) and password file for each user. This is a far cry from true multiuser security. In other words, Windows 95/98 won't try to keep one user from destroying the work of another on the local hard drive like Unix, but profiles are a place to start.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-941931">
+3.1.1 Accounts and Passwords</a></h3><P CLASS="para">The first thing we need to do is to tell Windows to keep user profiles separate, and to collect usernames and passwords to authenticate anyone trying to access a Samba share. We do so via the Password settings in the Control Panel. If you are not familiar with the Windows Control Panel, you can access it by choosing the Settings menu item from the pop-up menu of the Start button in the lower-left corner of the screen. Alternatively, you'll find it as a folder under the icon in the upper-left corner that represents your computer and is typically labeled My Computer.</p><P CLASS="para">
+After selecting the Passwords icon in the Control Panel, click on the User Profiles tab on the far right. You should see the dialog box shown in <A CLASS="xref" HREF="ch03_01.html#ch03-84319">
+Figure 3.1</a>. Then click the lower of the two radio buttons that starts "Users can customize their preferences...." This causes Windows to store a separate profile for each user, and saves the username and password you provide, which it will use later when it connects to an SMB/CIFS server. Finally, check <EM CLASS="emphasis">
+both</em> the options under the User Profile Settings border, as shown in the figure.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-84319">
+Figure 3.1: The Passwords Properties panel</a></h4><IMG CLASS="graphic" SRC="figs/sam.0301.gif" ALT="Figure 3.1"><P CLASS="para">
+The next step is to select the Change Passwords tab on the left side of the dialog box. In order for Samba to allow you access to its shares, the username and password you give to Windows must match the account and password on the Samba server. If you don't have this tab in your dialog box, don't worry; it's probably because you haven't given yourself a Windows username and password yet. Simply click the OK button at the bottom and respond Yes when Windows asks to reboot. Then, skip down to the section entitled <A CLASS="xref" HREF="ch03_01.html#ch03-57581">
+Section 3.1.1.2, Logging in for the first time</a>.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-941948">
+3.1.1.1 Changing the Windows password</a></h4><P CLASS="para">After selecting the Change Passwords tab, the dialog box in <A CLASS="xref" HREF="ch03_01.html#ch03-26778">
+Figure 3.2</a> will appear.</p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-26778">
+Figure 3.2: The Change Passwords tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0302.gif" ALT="Figure 3.2"><P CLASS="para">
+Select the Change Windows Password button. The Change Windows Password dialog box should appear, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-97002">
+Figure 3.3</a>. From here, you can change your password to match the password of the account on the Samba server through which you intend to log in.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-97002">
+Figure 3.3: The Change Windows Password dialog box</a></h4><IMG CLASS="graphic" SRC="figs/sam.0303.gif" ALT="Figure 3.3"></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-57581">
+3.1.1.2 Logging in for the first time</a></h4><P CLASS="para">If you didn't have a Change Passwords tab in the Passwords Properties window, then after Windows has finished rebooting, it will ask you to log in with a username and a password. Give yourself the same username and password that you have on the Samba server. After confirming your new username and password, or if you already have one, Windows should ask you if you want to have a profile, using the dialog shown in <A CLASS="xref" HREF="ch03_01.html#ch03-48947">
+Figure 3.4</a>.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-48947">
+Figure 3.4: Windows Networking profiles</a></h4><IMG CLASS="graphic" SRC="figs/sam.0304.gif" ALT="Figure 3.4"><P CLASS="para">
+Answer Yes, upon which Windows will create a separate profile and password file for you and save a copy of your password in the file. Now when you connect to Samba, Windows will send its password, which will be used to authenticate you for each share. We won't worry about profiles for the moment; we'll cover them in <a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains</cite></b></a>. We should point out, however, that there is a small security risk: someone can steal the password file and decrypt the passwords because it's weakly encrypted. Unfortunately, there isn't a solution to this with Windows 95/98. In Windows 2000 (NT 5.0), the password encryption should be replaced with a much better algorithm.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-36280">
+3.1.2 Setting Up the Network</a></h3><P CLASS="para">The next thing we need to do is make sure we have the TCP/IP networking protocol set up correctly. To do this, double-click on the Network icon in the Control Panel. You should see the network configuration dialog box, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-15320">
+Figure 3.5</a>.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-15320">
+Figure 3.5: The Windows 95/98 Network panel</a></h4><IMG CLASS="graphic" SRC="figs/sam.0305.gif" ALT="Figure 3.5"><P CLASS="para">
+Microsoft networking works by binding specific protocols, such as IPX or TCP/IP, to a specific hardware device, such as an Ethernet card or a dialup connection. By routing a protocol through a hardware device, the machine can act as a client or server for a particular type of network. For Samba, we are interested in binding the TCP/IP protocol through a networking device, making the machine a client for Microsoft networks. Thus, when the dialog box appears, you should see at least the Client for Microsoft Networks component installed on the machine, and hopefully a networking device (preferably an Ethernet card) bound to the TCP/IP protocol. If there is only one networking hardware device, you'll see the TCP/IP protocol listed below that device. If it appears similar to <A CLASS="xref" HREF="ch03_01.html#ch03-15320">
+Figure 3.5</a>, the protocol is bound to the device.</p><P CLASS="para">
+You may also see "File and printer sharing for Microsoft Networks," which is useful. In addition, you might see NetBEUI or Novell Networking, which are standard with Windows installations but undesirable when TCP/IP is running. Remove NetBEUI if you possibly can&nbsp;- it's unnecessary and makes debugging Windows browsing difficult. If you don't have any Novell servers on your network, you can remove Novell (IPX/SPX) as well.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942014">
+3.1.2.1 Adding TCP/IP</a></h4><P CLASS="para">If you don't see TCP/IP listed at all, you'll need to install the protocol. If you already have TCP/IP, skip this section, and continue with the section <A CLASS="xref" HREF="ch03_01.html#ch03-48802">
+Section 3.1.3, Setting Your Name and Workgroup</a>, later in this chapter.</p><P CLASS="para">
+Installing TCP/IP isn't difficult since Microsoft distributes its own version of TCP/IP for free on their installation CD-ROM. You can add the protocol by clicking on the Add button below the component window. Indicate that you wish to add a specific protocol by selecting Protocol and clicking Add... on the following dialog box, which should look similar to <A CLASS="xref" HREF="ch03_01.html#ch03-24245">
+Figure 3.6</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-24245">
+Figure 3.6: Selecting a protocol to install</a></h4><IMG CLASS="graphic" SRC="figs/sam.0306.gif" ALT="Figure 3.6"><P CLASS="para">
+After that, select the protocol TCP/IP from manufacturer Microsoft, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-50801">
+Figure 3.7</a>, then click OK. After doing so, you will be returned to the network dialog. Click OK there to close the dialog box, upon which Windows will install the necessary components from disk and reboot the machine.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-50801">
+Figure 3.7: Selecting a protocol to install</a></h4><IMG CLASS="graphic" SRC="figs/sam.0307.gif" ALT="Figure 3.7"></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942047">
+3.1.2.2 Configuring TCP/IP</a></h4><P CLASS="para">If you have more than one networking device (for example, both an Ethernet card and a dialup networking modem), each appropriate hardware device should be "linked" to the TCP/IP protocol with an arrow, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-61576">
+Figure 3.8</a>. Select the TCP/IP protocol linked to the networking device that will be accessing the Samba network. When it is highlighted, click the Properties button. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-61576">
+Figure 3.8: Selecting the correct TCP/IP protocol</a></h4><IMG CLASS="graphic" SRC="figs/sam.0308.gif" ALT="Figure 3.8"><P CLASS="para">
+After doing so, the TCP/IP Properties panel for that device is displayed, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-73526">
+Figure 3.9</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-73526">
+Figure 3.9: STCP/IP Properties panel</a></h4><IMG CLASS="graphic" SRC="figs/sam.0309.gif" ALT="Figure 3.9"><P CLASS="para">
+There are seven tabs near the top of this panel, and you will need to configure four of them: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942078">
+</a>IP address</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942079">
+</a>DNS configuration</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942080">
+</a>WINS configuration</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942081">
+</a>Bindings</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-948031">
+3.1.2.3 IP Address tab </a></h4><P CLASS="para">
+The IP Address tab is shown in <A CLASS="xref" HREF="ch03_01.html#ch03-73526">
+Figure 3.9</a>. Press the "Specify an IP address" radio button and enter the client's address and subnet mask in the space provided. You or your network manager should have selected an address for the machine. The values should place the computer on the same subnet as the Samba server. For example, if the server's address is 192.168.236.86, and its network mask 255.255.255.0, you might use address 192.168.236.10 (if it is available) for the Windows 98 computer, along with the same netmask as the server. If you already use DHCP on your network to provide IP addresses to Windows machines, select the "Obtain an IP address automatically" button.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942087">
+3.1.2.4 DNS Configuration tab</a></h4><P CLASS="para">Domain Name Service (DNS) is responsible for translating Internet computer names such as <EM CLASS="emphasis">
+hobbes.example.com</em> into machine-readable IP addresses such as 192.168.236.10. There are two ways to accomplish this on a Windows 98 machine: you can specify a server to do the translation for you or you can keep a local list of name/address pairs to refer to. </p><P CLASS="para">
+Networks that are connected to the Internet typically use a server, since the hosts files required would otherwise be huge. For an unconnected LAN, the list of possible hosts is small and well-known and might be kept on a Unix machine in the <EM CLASS="emphasis">
+/etc/hosts</em> file. If you are in doubt as to whether a DNS server is being used, or what its address might be, look at the file <EM CLASS="emphasis">
+/etc/resolv.conf</em> on your Unix servers. Any machine using DNS will have this file, which looks like:</p><PRE CLASS="programlisting">
+#resolv.conf
+domain example.com
+nameserver 127.0.0.1
+nameserver 192.168.236.20</pre><P CLASS="para">
+In the example shown, the second <CODE CLASS="literal">
+nameserver</code> line in the list contains the IP address of another machine on the local network: 192.168.236.20. It's a good candidate for a DNS server.[<A CLASS="footnote" HREF="#ch03-pgfId-942097">1</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch03-pgfId-942097">[1]</a> We can disqualify the other address because every Unix machine has a localhost address of 127.0.0.1 whether it is connected to a network or not. This address is required for some system tools to operate correctly.</p></div></blockquote><P CLASS="para">
+You must type the correct IP address of one or more DNS servers (note that you <EM CLASS="emphasis">
+cannot</em> use its Internet name, such as <EM CLASS="emphasis">
+dns.oreilly.com</em>) into the appropriate field in <A CLASS="xref" HREF="ch03_01.html#ch03-86883">
+Figure 3.10</a>. Be sure not to use 127.0.0.1&nbsp;- that will never be the correct DNS server address!</p><P CLASS="para">
+Try to select addresses on your own network. Any name servers listed in <EM CLASS="emphasis">
+/etc/resolv.conf</em> should work, but you'll get better performance by using a server nearby. (If you don't find <EM CLASS="emphasis">
+/etc/resolv.conf</em> files on your Unix machines, just disable DNS until you can find the address of at least one DNS server.) Let's assume you only have one DNS server, and its address is 192.168.236.20. Click the Enable DNS radio button, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-86883">
+Figure 3.10</a>, and add the server's address to the top DNS Server Search Order field. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-86883">
+Figure 3.10: The DNS Configuration tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0310.gif" ALT="Figure 3.10"><P CLASS="para">
+Also, provide the name of the Windows 95/98 machine and the Internet domain you're in. You can safely ignore the Domain Suffix Search Order field for anything related to Samba.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942117">
+3.1.2.5 WINS Configuration tab</a></h4><P CLASS="para">WINS is the Windows Internet Name Service, its version of a NetBIOS name server. If you've enabled WINS on Samba, you must tell Windows the Samba server's address. If you are using WINS servers that are entirely Windows NT, enter each of them here as well. The dialog box shown after selecting the WINS Configuration tab is shown in <A CLASS="xref" HREF="ch03_01.html#ch03-95608">
+Figure 3.11</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-95608">
+Figure 3.11: The WINS Configuration tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0311.gif" ALT="Figure 3.11"><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> Do <EM CLASS="emphasis">
+not</em> mix a Samba WINS server and a Windows NT server as a primary/backup combination in the WINS dialog. Because the two cannot replicate their databases, this will cause name resolution to perform incorrectly.</p></blockquote><P CLASS="para">
+From here, select Enable WINS Resolution and enter the WINS server's address in the space provided, then press Add. Do not enter anything in the Scope ID field.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942134">
+3.1.2.6 Hosts files</a></h4><P CLASS="para">If you do not have either DNS or WINS, and you don't wish to use broadcast resolution, you'll need to provide a table of IP addresses and hostnames, in the standard Unix <I CLASS="filename">
+/etc/hosts</i> format. On a Windows machine, this goes in \WINDOWS\HOSTS under whichever drive you installed Windows on (typically C:\). A sample host file follows:</p><PRE CLASS="programlisting">
+# 127.0.0.1        localhost
+192.168.236.1      escrime.example.com 	escrime
+192.168.236.2      riposte.example.com 	riposte
+192.168.236.3      wizzin.example.com 	wizzin
+192.168.236.4      touche.example.com 	touche
+192.168.236.10     hobbes.example.com 	hobbes</pre><P CLASS="para">
+You can copy this file directly from any of your Unix machines' <EM CLASS="emphasis">
+/etc/hosts</em>; the format is identical. However, <EM CLASS="emphasis">
+you should only use hosts files in Windows as a last resort for name resolution</em>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942143">
+3.1.2.7 Check the bindings</a></h4><P CLASS="para">
+The final tab to look at is Bindings, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-42906">
+Figure 3.12</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-42906">
+Figure 3.12: The Bindings tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0312.gif" ALT="Figure 3.12"><P CLASS="para">
+You should have a check beside Client for Microsoft Networks, indicating that it's using TCP/IP. If you have "File and printer sharing for Microsoft Networks" in the dialog, it should also be checked, as shown in the figure. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-48802">
+3.1.3 Setting Your Name and Workgroup </a></h3><P CLASS="para">Finally, press the OK button in the TCP/IP configuration panel, and you'll be taken back to the Network Configuration screen. Then select the Identification tab, which will take you to the dialog box shown in <A CLASS="xref" HREF="ch03_01.html#ch03-42408">
+Figure 3.13</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-42408">
+Figure 3.13: The Identification tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0313.gif" ALT="Figure 3.13"><P CLASS="para">
+Here, for the second time, set your machine's name. This time, instead of your DNS hostname and domain, you're setting your NetBIOS name. However, it is best to make this the <EM CLASS="emphasis">
+same</em> as your hostname. Try not to make a spelling mistake: it can be very confusing to configure a machine if TCP thinks it's <CODE CLASS="literal">
+fred</code> and SMB thinks its <CODE CLASS="literal">
+ferd</code> !</p><P CLASS="para">
+You also set your workgroup name here. In our case, it's SIMPLE, but if you used a different one in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>, when creating the Samba configuration file, use that here as well. Try to avoid calling it WORKGROUP or you'll be in the same workgroup as every unconfigured (or ill-configured) machine in the world. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-13238">
+3.1.4 Accessing the Samba Server</a></h3><P CLASS="para">Click on the OK button to complete the configuration; you will need to reboot in order for your changes to take effect. </p><P CLASS="para">
+Now for the big moment. Your Samba server is running, and you have set up your Windows 95/98 client to communicate with it. After rebooting, log in and double-click the Network Neighborhood icon on the desktop. You should see your Samba server listed as a member of the workgroup, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-88553">
+Figure 3.14</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-88553">
+Figure 3.14: Windows Network Neighborhood</a></h4><IMG CLASS="graphic" SRC="figs/sam.0314.gif" ALT="Figure 3.14"><P CLASS="para">
+Double-clicking the server name will show the resources that the server is offering to the network, as shown in <A CLASS="xref" HREF="ch03_01.html#ch03-17463">
+Figure 3.15</a> (in this case a printer and the <EM CLASS="emphasis">
+test </em>directory).    </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-17463">
+Figure 3.15: Shares on Server</a></h4><IMG CLASS="graphic" SRC="figs/sam.0315.gif" ALT="Figure 3.15"><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> If you are presented with a dialog requesting the password for a user <CODE CLASS="literal">
+IPC$</code>, then Samba did not accept the password that was sent from the client. In this case, the username and the password that were created on the client side <EM CLASS="emphasis">
+must</em> match the username/password combination on the Samba server. If you are using Windows 98 or Windows NT Service Pack 3 or above, this is probably because the client is sending encrypted passwords instead of plaintext passwords. You can remedy this situation by performing two steps on the Samba server. First, add the following entry to the <CODE CLASS="literal">
+[global]</code> section of your Samba configuration file: <CODE CLASS="literal">
+encrypt password=yes</code>. Second, find the <I CLASS="filename">
+smbpasswd</i> program on the samba server (it is located in <I CLASS="filename">
+/usr/local/samba/bin</i> by default) and use it to add an entry to Samba's encrypted password database. For example, to add user <CODE CLASS="literal">
+steve</code> to Samba's encrypted password database, type <CODE CLASS="replaceable">
+<I>
+smbpasswd  -a steve</i></code>. The first time you enter this password, the program will output an error message indicating that the password database does not exist; it will then create the database, which is typically stored in <I CLASS="filename">
+/usr/local/samba/private/smbpasswd</i>.</p></blockquote><P CLASS="para">
+If you don't see the server listed, start Windows Explorer (not Internet Explorer!) and select Map Network Drive from the Tools menu. This will give you a dialog box into which you can type the name of your server and the share <CODE CLASS="literal">
+test </code>in the Windows UNC format: <I CLASS="filename">\\</i><CODE CLASS="replaceable"><I>server</i></code><I CLASS="filename">\test</i>, like we did in the first chapter. This should attempt to contact the Samba server and its temporary share. If things still aren't right, go to <a href="ch09_01.html"><b>Chapter 9, <CITE CLASS="chapter">Troubleshooting Samba</cite></b></a>, for troubleshooting assistance. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch02_06.html" TITLE="2.6 Testing the Samba Daemons">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 2.6 Testing the Samba Daemons" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_02.html" TITLE="3.2 Setting Up Windows NT 4.0 Computers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 3.2 Setting Up Windows NT 4.0 Computers" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+2.6 Testing the Samba Daemons</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+3.2 Setting Up Windows NT 4.0 Computers</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch03_02.html b/docs/htmldocs/using_samba/ch03_02.html
new file mode 100755
index 00000000000..fd87daac726
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch03_02.html
@@ -0,0 +1,260 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 3] 3.2 Setting Up Windows NT 4.0 Computers</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:31:26Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_01.html" TITLE="3.1 Setting Up Windows 95/98 Computers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 3.1 Setting Up Windows 95/98 Computers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch03_01.html" TITLE="3. Configuring Windows Clients">
+Chapter 3<br>
+Configuring Windows Clients</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_03.html" TITLE="3.3 An Introduction to SMB/CIFS">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 3.3 An Introduction to SMB/CIFS" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch03-23093">
+3.2 Setting Up Windows NT 4.0 Computers</a></h2><P CLASS="para">Configuring Windows NT is a little different than configuring Windows 95/98. In order to use Samba with Windows NT, you will need both the Workstation service and the TCP/IP protocol. Both come standard with NT, but we'll work through installing and configuring them because they may not be configured correctly.</p><P CLASS="para">
+There are six basic steps:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942212">
+</a>Assign the machine a name.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942213">
+</a>Install the Workstation service.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942214">
+</a>Install the TCP/IP protocol.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942215">
+</a>Set the machine's name and IP address.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-948102">
+</a>Configure the DNS and WINS name services.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-948103">
+</a>Bind the protocol and service together.</p></li></ol><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-948104">
+3.2.1 Basic Configuration</a></h3><P CLASS="para">This section presents an outline of the steps to follow for getting Windows NT to cooperate with Samba. If you need more details on Windows NT network administration, refer to Craig Hunt and Robert Bruce Thompsom's <CITE CLASS="citetitle">
+Windows NT TCP/IP Network Administration </cite>(O'Reilly), an excellent guide. You should perform these steps as the "Administrator" user.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942220">
+3.2.1.1 Name the machine</a></h4><P CLASS="para">The first thing you need to do is to give the machine a NetBIOS name. From the Control Panel, double click on the Network icon. This will take you to the Network dialog box for the machine. The first tab in this dialog box should be the Identification tab, as illustrated in <A CLASS="xref" HREF="ch03_02.html#ch03-82592">
+Figure 3.16</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-82592">
+Figure 3.16: Network panel Identification tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0316.gif" ALT="Figure 3.16"><P CLASS="para">
+Here, you need to identify your machine with a name (we use the name Artish here) and change the default workgroup to the one you specified in the <EM CLASS="emphasis">
+smb.conf</em> file of your Samba server. In this case, the workgroup name is SIMPLE. However, you cannot edit either name here (as you could in Windows 95/98), but instead must use the Change button below the two text fields. Pressing this button raises an Identification Changes dialog box, where you can reset the workgroup and the machine name, as shown in <A CLASS="xref" HREF="ch03_02.html#ch03-67735">
+Figure 3.17</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-67735">
+Figure 3.17: Changing the identification</a></h4><IMG CLASS="graphic" SRC="figs/sam.0317.gif" ALT="Figure 3.17"><P CLASS="para">A word of warning: you will have to set the machine name again later while configuring TCP/IP, so be sure that the two names match. The name you set here is the NetBIOS name. You're allowed to make it different from the TCP/IP hostname, but doing so is usually not a good thing. Don't worry that Windows NT forces the computer name and the workgroup to be all capital letters; it's smart enough to figure out what you mean when it connects to the network.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942248">
+3.2.1.2 Installing the TCP/IP protocol</a></h4><P CLASS="para">Next, select the Protocols tab in the Network dialog box, and look to see if you have the TCP/IP protocol installed, as shown in <A CLASS="xref" HREF="ch03_02.html#ch03-66055">
+Figure 3.18</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-66055">
+Figure 3.18: The Protocols tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0318.gif" ALT="Figure 3.18"><P CLASS="para">
+If the protocol is not installed, you need to add it. Press the Add button, which will display the Select Network Protocol dialog box shown in <A CLASS="xref" HREF="ch03_02.html#ch03-22321">
+Figure 3.19</a>. Unlike Windows 95/98, you should immediately see the TCP/IP protocol as one of the last protocols listed. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-22321">
+Figure 3.19: Select Network Protocol dialog box</a></h4><IMG CLASS="graphic" SRC="figs/sam.0319.gif" ALT="Figure 3.19"><P CLASS="para">
+Select TCP/IP<EM CLASS="emphasis">
+ </em>as the protocol and confirm it. If possible, install only the TCP/IP protocol. You usually do not want NetBEUI installed because this causes the machine to look for services under two different protocols, only one of which is likely in use.[<A CLASS="footnote" HREF="#ch03-pgfId-943371">2</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch03-pgfId-943371">[2]</a> A common occurrence: after looking at the unused protocol for a while, the machine will time out and try the good one. This fruitless searching gives you terrible performance and mysterious delays.</p></div></blockquote></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942278">
+3.2.1.3 Installing the Workstation service</a></h4><P CLASS="para">After installing TCP/IP, press the Services tab in the Network panel and check that you have a Workstation service, as shown at the end of the list in <A CLASS="xref" HREF="ch03_02.html#ch03-97222">
+Figure 3.20</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-97222">
+Figure 3.20: Network Services panel dialog box</a></h4><IMG CLASS="graphic" SRC="figs/sam.0320.gif" ALT="Figure 3.20"><P CLASS="para">
+This service is actually the Microsoft Networking Client, which allows the machine to access SMB services. The Workstation service is mandatory. The service is installed by default on both Windows NT Workstation 4.0 and Server 4.0. If it's not there, you can install it much like TCP/IP. In this case you need to press the Add button and then select Workstation Service, as shown in <A CLASS="xref" HREF="ch03_02.html#ch03-40000">
+Figure 3.21</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-40000">
+Figure 3.21: Select Network Service dialog box </a></h4><IMG CLASS="graphic" SRC="figs/sam.0321.gif" ALT="Figure 3.21"></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-85837">
+3.2.2 Configuring TCP/IP</a></h3><P CLASS="para">After you've installed the Workstation service, return to the Protocols tab and select the TCP/IP Protocol entry in the window. Then click the Properties button below the window. The Microsoft TCP/IP Protocol panel will be displayed. There are five tabs on the Windows NT panel, and (like Windows 95/98) you will need to work on three of them: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942313">
+</a>IP address</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942314">
+</a>DNS</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942315">
+</a>WINS address</p></li></ul><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942317">
+3.2.2.1 IP Address tab</a></h4><P CLASS="para">The IP Address tab is shown in <A CLASS="xref" HREF="ch03_02.html#ch03-97098">
+Figure 3.22</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-97098">
+Figure 3.22: Microsoft TCP/IP Properties for Windows NT</a></h4><IMG CLASS="graphic" SRC="figs/sam.0322.gif" ALT="Figure 3.22"><P CLASS="para">Select the "Specify an IP address" radio button and enter the computer's address and subnet mask in the space provided for the proper adapter (Ethernet card). You or your network manager should have selected an address for the client on the same subnet (LAN) as the Samba server. For example, if the server's address is 192.168.236.86 and its network mask 255.255.255.0, you might use the address 192.168.236.10, if it is available, for the NT workstation, along with the same netmask. If you use DHCP on your network, select the "Obtain an IP Address from a DHCP server" button.</p><P CLASS="para">
+If you don't have an IP address to use, and you are on a network by yourself, steal ours, as the 192.168.<EM CLASS="emphasis">
+x.x</em> subnet is specifically reserved by the Internic for LANs. If you're not by yourself, see your system administrator for some available addresses on your network.</p><P CLASS="para">
+The gateway field refers to a machine typically known as a <EM CLASS="emphasis">
+router</em>. If you have routers connecting multiple networks, you should put in the IP address of the one on your subnet.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942339">
+3.2.2.2 DNS tab</a></h4><P CLASS="para">Next we go to the tab for DNS, as shown in <A CLASS="xref" HREF="ch03_02.html#ch03-61878">
+Figure 3.23</a>. This brings up the DNS panel. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-61878">
+Figure 3.23: The DNS panel</a></h4><IMG CLASS="graphic" SRC="figs/sam.0323.gif" ALT="Figure 3.23"><P CLASS="para">
+The Domain Name System (DNS) is responsible for translating human-readable computer names such as <EM CLASS="emphasis">
+atrish.example.com</em> into IP addresses such as 192.168.236.10. There are two ways to accomplish this on a NT machine. First, you can specify a DNS server to do the translation for you, or you can keep a local list of name/address pairs for your workstation to refer to.</p><P CLASS="para">
+For a LAN that's not on the Internet, the list of possible hosts is typically small and well known, and may be kept in a file locally. Networks that are connected to the Internet typically use DNS service since it isn't possible to guess ahead of time what addresses you might be accessing out on the net. If you are in doubt as to whether a DNS server is being used, or what its address might be, look at the file <EM CLASS="emphasis">
+/etc/resolv.conf</em> on your Samba server: any machine using DNS will have this file. It looks like the following:</p><PRE CLASS="programlisting">
+#resolv.conf 
+domain example.com 
+nameserver 127.0.0.1 
+nameserver 192.168.236.20</pre><P CLASS="para">
+In this example, the first nameserver in the list is 127.0.0.1, which indicates that the Samba server is also a DNS server for this LAN.[<A CLASS="footnote" HREF="#ch03-pgfId-946587">3</a>] In that case, you would use its network IP address (not 127.0.0.1, its localhost address) when filling in the DNS Configuration dialog box. Otherwise, use the other addresses you find in the lines beginning with <CODE CLASS="literal">
+nameserver</code>. Try to select ones on your own network. Any name servers listed in <EM CLASS="emphasis">
+/etc/resolv.conf</em> should work, but you'll get better performance by using a server nearby.</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch03-pgfId-946587">[3]</a> The address 127.0.0.1 is known as the <EM CLASS="emphasis">
+localhost</em> address, and always refers to itself. For example, if you type <CODE CLASS="literal">
+ping 127.0.0.1</code> on a Unix server, you should always get a response, as you're pinging the host itself.</p></div></blockquote><P CLASS="para">
+Finally, enter the machine name once more, making sure that it's the same one listed in the Identification tab of the Network dialog box (before the NetBIOS name). Also, enter the DNS domain on which this machine resides. For example, if your workstation has a domain name such as <EM CLASS="emphasis">
+example.com</em>, enter it here. You can safely ignore the other options.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942365">
+3.2.2.3 WINS Address tab</a></h4><P CLASS="para">If you are not using a DNS server, you still need a way of translating NetBIOS names to addresses and back again. We recommend that you configure both DNS and WINS; NT has a preference for WINS and WINS can use DNS as a fallback if  it cannot resolve any machine address. The WINS Address tab is shown in <A CLASS="xref" HREF="ch03_02.html#ch03-20855">
+Figure 3.24</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-20855">
+Figure 3.24: The WINS Address tab</a></h4><IMG CLASS="graphic" SRC="figs/sam.0324.gif" ALT="Figure 3.24"><P CLASS="para">
+If you have a WINS server, enter its address in the space marked Primary WINS Server. If your Samba server is providing WINS service (in other words, you have the line <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+service</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> in the <EM CLASS="emphasis">
+smb.conf</em> file of your Samba server), provide the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.</p><P CLASS="para">
+You probably noticed that there is a field here for the adaptor; this field must specify the Ethernet adaptor that you're running TCP/IP on so that WINS will provide name service on the correct network. If you have both a LAN and a dialup adaptor, make sure you have the LAN's adaptor here.</p><P CLASS="para">
+Finally, select the "Enable DNS for Windows Resolution" checkbox, so WINS will try DNS as a fallback if it can't find a name. You can safely ignore the other options.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942383">
+3.2.2.4 Hosts files</a></h4><P CLASS="para">If you don't have either DNS or WINS, and you don't wish to use broadcast name resolution, you'll need to provide a table of IP addresses and hosts names, in standard Unix <I CLASS="filename">
+/etc/hosts</i> format. We recommend against this because maintenance of this file on any dynamic network is troublesome, but we will explain it just the same. The Windows host file should appear in the <EM CLASS="emphasis">
+\WINDOWS\HOSTS</em> directory of whatever local drive Windows is installed on. A sample follows:</p><PRE CLASS="programlisting">
+127.0.0.1        localhost
+192.168.236.1    escrime    escrime.example.com 
+192.168.236.2    riposte    riposte.example.com 
+192.168.236.3    wizzin     wizzin.example.com 
+192.168.236.4    touche     touche.example.com 
+192.168.236.5    gurgi      gurgi.example.com 
+192.168.236.6    jessiac    jessiac.example.com 
+192.168.236.7    skyline    skyline.example.com </pre><P CLASS="para">
+If you wish, you can copy the contents directly from the Samba server's<I CLASS="filename">
+ /etc/hosts</i>. The format is identical. This file will then serve the same purpose as the hosts file on the Unix server. Again, <EM CLASS="emphasis">
+hosts</em> files on Windows should only be used as a last resort.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942394">
+3.2.2.5 Bindings</a></h4><P CLASS="para">
+The term <I CLASS="firstterm">
+bindings</i> is a way of saying "connected together at configuration time." It means that the TCP/IP protocol will channel through the Ethernet card (instead of, say, a dialup connection), and is actually connected properly. If you return to the Network dialog box and set the Show field to "all services" and click on all the + buttons in the tree, you should see a display similar to <A CLASS="xref" HREF="ch03_02.html#ch03-83060">
+Figure 3.25</a>.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-83060">
+Figure 3.25: Service bindings</a></h4><IMG CLASS="graphic" SRC="figs/sam.0325.gif" ALT="Figure 3.25"><P CLASS="para">
+This means that the Workstation, Server, and NetBIOS interface services are connected to the WINS client. This is the correct binding for Microsoft TCP/IP. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942410">
+3.2.3 Connecting to the Samba Server</a></h3><P CLASS="para">You can safely leave the default values for the remainder of the tabs in the Network dialog box. Click on the OK button to complete the configuration. Once the proper files are loaded (if any), you will need to reboot in order for your changes to take effect.</p><P CLASS="para">
+Now for the big moment. Your Samba server is running and you have set up your NT client to communicate with it. After the machine reboots, login and double-click the Network Neighborhood icon on the desktop, and you should see your Samba server listed as a member of the workgroup, as shown in <A CLASS="xref" HREF="ch03_02.html#ch03-50785">
+Figure 3.26</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-50785">
+Figure 3.26: Windows NT Network Neighborhood</a></h4><IMG CLASS="graphic" SRC="figs/sam.0326.gif" ALT="Figure 3.26"><P CLASS="para">Double-clicking the server name will show the resources that the server is offering to the network, as shown in <A CLASS="xref" HREF="ch03_02.html#ch03-89532">
+Figure 3.27</a>. In this case, the test and the default printer are offered to the Window NT workstation. For more information, see the warning under the "Accessing the Samba Server" section, earlier in this chapter.    </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-89532">
+Figure 3.27: Server's shares</a></h4><IMG CLASS="graphic" SRC="figs/sam.0327.gif" ALT="Figure 3.27"><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> If you are presented with a dialog requesting the password for a user <CODE CLASS="literal">
+IPC$</code>, then Samba did not accept the password that was sent from the client. In this case, the username and the password that were created on the client side <EM CLASS="emphasis">
+must</em> match the username/password combination on the Samba server. If you are using Windows 98 or Windows NT Service Pack 3 or above, this is probably because the client is sending encrypted passwords instead of plaintext passwords. You can remedy this situation by performing two steps on the Samba server. First, add the following entry to the <CODE CLASS="literal">
+[global]</code> section of your Samba configuration file: <CODE CLASS="literal">
+encrypt password=yes</code>. Second, find the <I CLASS="filename">
+smbpasswd</i> program on the samba server (it is located in <I CLASS="filename">
+/usr/local/samba/bin</i> by default) and use it to add an entry to Samba's encrypted password database. For example, to add user <CODE CLASS="literal">
+steve</code> to Samba's encrypted password database, type <CODE CLASS="replaceable">
+<I>
+smbpasswd  -a steve</i></code>. The first time you enter this password, the program will output an error message indicating that the password database does not exist; it will then create the database, which is typically stored in <I CLASS="filename">
+/usr/local/samba/private/smbpasswd</i>.</p></blockquote><P CLASS="para">
+If you don't see the server listed, don't panic. Start the Windows NT Explorer (not Internet Explorer!) and select Map Network Drive from the Tools menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter <I CLASS="filename">
+\\</i><CODE CLASS="replaceable"><I>server</i></code><I CLASS="filename">\temp</i> if your server happened to be named "server." If things still aren't right, go directly to the section "The Fault Tree" in <a href="ch09_01.html"><b>Chapter 9</b></a>, to see if you can troubleshoot what is wrong with the network.</p><P CLASS="para">
+If it works, congratulations! Try writing to the server and sending data to the network printer. You will be pleasantly surprised how seamlessly everything works! Now that you've finished setting up the Samba server and its clients, we can starting talking about how Samba works and how to configure it to your liking.   </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_01.html" TITLE="3.1 Setting Up Windows 95/98 Computers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 3.1 Setting Up Windows 95/98 Computers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_03.html" TITLE="3.3 An Introduction to SMB/CIFS">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 3.3 An Introduction to SMB/CIFS" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+3.1 Setting Up Windows 95/98 Computers</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+3.3 An Introduction to SMB/CIFS</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch03_03.html b/docs/htmldocs/using_samba/ch03_03.html
new file mode 100755
index 00000000000..d3efd007aa6
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch03_03.html
@@ -0,0 +1,579 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 3] 3.3 An Introduction to SMB/CIFS</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:31:30Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_02.html" TITLE="3.2 Setting Up Windows NT 4.0 Computers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 3.2 Setting Up Windows NT 4.0 Computers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch03_01.html" TITLE="3. Configuring Windows Clients">
+Chapter 3<br>
+Configuring Windows Clients</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4. Disk Shares " BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch03-64069">
+3.3 An Introduction to SMB/CIFS</a></h2><P CLASS="para">We'll wrap up this chapter with a short tutorial on SMB/CIFS. SMB/CIFS is the protocol that Windows 95/98 and NT machines use to communicate with the Samba server and each other. At a high level, the SMB protocol suite is relatively simple. It includes commands for all of the file and print operations that you might do on a local disk or printer, such as:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942445">
+</a> Opening and closing a file</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942446">
+</a> Creating and deleting files and directories</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942447">
+</a> Reading and writing a file</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942853">
+</a> Searching for files</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942448">
+</a> Queueing and dequeueing files to a print spool</p></li></ul><P CLASS="para">
+Each of these operations can be encoded into an SMB message and transmitted to and from a server. The original name SMB comes from their data format: these are versions of the standard DOS system-call data structures, or <I CLASS="firstterm">
+Server Message Blocks</i>, redesigned for transmitting to another machine across a network.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942451">
+3.3.1 SMB Format</a></h3><P CLASS="para">Richard Sharpe of the Samba team defines SMB as a "request-response" protocol.[<A CLASS="footnote" HREF="#ch03-pgfId-942928">4</a>] In effect, this means that a client sends an SMB request to a server, and the server sends an SMB response back to the client. Rarely does a server send a message that is not in response to a client.</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch03-pgfId-942928">[4]</a> See <I CLASS="filename">
+<a href="http://anu.samba.org/cifs/docs/what-is-smb.html">http://anu.samba.org/cifs/docs/what-is-smb.html</i></a> for Richard's excellent summary of SMB.</p></div></blockquote><P CLASS="para">
+An SMB message is not as complex as you might think. Let's take a closer look at the internal structure of such a message. It can be broken down into two parts: the <I CLASS="firstterm">
+header</i>, which is a fixed size, and the <I CLASS="firstterm">
+command string</i>, whose size can vary dramatically based on the contents of the message.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942453">
+3.3.1.1 SMB header format</a></h4><P CLASS="para">
+<A CLASS="xref" HREF="ch03_03.html#ch03-31015">
+Table 3.1</a> shows the format of an SMB header. SMB commands are not required to use all the fields in the SMB header. For example, when a client first attempts to connect to a server, it does not yet have a tree identifier (TID) value&nbsp;- one is assigned after it successfully connects&nbsp;- so a null TID (0xFFFF) is placed in its header field. Other fields may be padded with zeros when not used. </p><P CLASS="para">
+The fields of the SMB header are listed in <A CLASS="xref" HREF="ch03_03.html#ch03-31015">
+Table 3.1</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch03-31015">
+Table 3.1: SMB Header Fields  </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Field</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Size (bytes)</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Description</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0xFF 'SMB'</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Protocol identifier</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+COM</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Command code, from 0x00 to 0xFF</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+RCLS</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Error class</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+REH</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Reserved</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ERR</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Error code</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+REB</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Reserved</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+RES</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+14</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Reserved</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+TID</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Tree identifier; a unique ID for a resource in use by client</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+PID</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Caller process ID</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+UID</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+User identifier</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+MID</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Multiplex identifier; used to route requests inside a process</p></td></tr></tbody></table></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942527">
+3.3.1.2 SMB command format</a></h4><P CLASS="para">
+<I CLASS="firstterm">
+</i>Immediately after the header is a variable number of bytes that constitute an SMB command or reply. Each command, such as Open File (COM field identifier: <CODE CLASS="literal">SMBopen</code>) or Get Print Queue (<CODE CLASS="literal">SMBsplretq</code>), has its own set of parameters and data. Like the SMB header fields, not all of the command fields need to be filled, depending on the specific command. For example, the Get Server Attributes (<CODE CLASS="literal">SMBdskattr</code>) command sets the WCT and BCC fields to zero. The fields of the command segment are shown in <A CLASS="xref" HREF="ch03_03.html#ch03-38178">
+Table 3.2</a>.   </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch03-38178">
+Table 3.2: SMB Command Contents </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Field</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Size in Bytes</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Description</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+WCT</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<I CLASS="firstterm">
+</i>Word count</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+VWV</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameter words (size given by WCT)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+BCC</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameter byte count</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DATA</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Data (size given by BCC)</p></td></tr></tbody></table><P CLASS="para">
+Don't worry if you don't understand each of these fields; they are not necessary for using Samba at an administrator level. However, they do come in handy when debugging system messages. We will show you some of the more common SMB messages that clients and servers send using a modified version of <I CLASS="filename">
+tcpdump</i> later in this section. (If you would like an SMB sniffer with a graphical interface, try "ethereal," which uses the GTK libraries; see the Samba homepage for more information on this tool.)</p><P CLASS="para">
+If you would like more information on each of the commands for the SMB protocol, see the SMB/CIFS documentation at <a href="ftp://ftp.microsoft.com/developr/drg/CIFS/"><I CLASS="filename">ftp://ftp.microsoft.com/developr/drg/CIFS/</i></a>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942573">
+3.3.1.3 SMB variations</a></h4><P CLASS="para">
+The SMB protocol has been extended with new commands several times since its inception. Each new version is backwards compatible with the previous versions. This makes it quite possible for a LAN to have various clients and servers running different versions of the SMB protocol at once.</p><P CLASS="para">
+<A CLASS="xref" HREF="ch03_03.html#ch03-67366">
+Table 3.3</a> outlines the major versions of the SMB protocol. Within each "dialect" of SMB are many sub-versions that include commands supporting particular releases of major operating systems. The ID string is used by clients and servers to determine what level of the protocol they will speak to each other. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch03-67366">
+Table 3.3: SMB Protocol Dialects </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Protocol Name</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+ID String</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Used By</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Core</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+PC NETWORK PROGRAM 1.0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Core Plus </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+MICROSOFT NETWORKS 1.03 </code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+LAN Manager 1.0 </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LANMAN1.0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+LAN Manager 2.0 </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LM1.2X002</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+LAN Manager 2.1 </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LANMAN2.1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+NT LAN Manager 1.0</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+NT LM 0.12</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT 4.0</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba's NT LM 0.12</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+Samba</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Common Internet File System</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+CIFS 1.0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 2000</p></td></tr></tbody></table><P CLASS="para">
+Samba implements the <CODE CLASS="literal">
+NT</code> <CODE CLASS="literal">
+LM</code> <CODE CLASS="literal">
+0.12</code> specification for NT LAN Manager 1.0. It is backwards compatible with all of the other SMB variants. The CIFS specification is, in reality, LAN Manager 0.12 with a few specific additions.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942627">
+3.3.2 SMB Clients and Servers</a></h3><P CLASS="para">
+As mentioned earlier, SMB is a client/server protocol. In the purest sense, this means that a client sends a request to a server, which acts on the request and returns a reply. However, the client/server roles can often be reversed, sometimes within the context of a single SMB session. For example, consider the two Windows 95/98 computers in <A CLASS="xref" HREF="ch03_03.html#ch03-69480">
+Figure 3.28</a>. The computer named WIZZIN shares a printer to the network, and the computer named ESCRIME shares a disk directory. WIZZIN is in the client role when accessing ESCRIME's network drive, and in the server role when printing a job for ESCRIME. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch03-69480">
+Figure 3.28: Two computers that both have resources to share</a></h4><IMG CLASS="graphic" SRC="figs/sam.0328.gif" ALT="Figure 3.28"><P CLASS="para">
+This brings out an important point in Samba terminology:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-server-defined-in-Samba-terminology">
+</a>A <I CLASS="firstterm">
+server</i> is a machine with a resource to share.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-client-defined-in-Samba-terminology">
+</a>A <I CLASS="firstterm">
+client</i> is a machine that wishes to use that resource.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-943256">
+</a>A server can be a client (of another computer's resource) at any given time.</p></li></ul><P CLASS="para">
+Note that there are no implications as to the amount of resources that make up a server, or whether it has a large disk space or fast processor. A server could be an old 486 with a printer attached to it, or it could be an UltraSparc station with a 10 gigabyte disk service.</p><P CLASS="para">
+Microsoft Windows products have both the SMB client and server built in to the operating system. Wndows NT 4.0 uses a newer SMB protocol than Windows for Workgroups, and it offers an enhanced form of network security which will be discussed in <a href="ch06_01.html"><b>Chapter 6</b></a>. In addition, there are a large number of commercial SMB server products available from companies such as Sun, Compaq, SCO, Hewlett-Packard, Syntax, and IBM. Unfortunately, on the client side there are far fewer offerings, limited mainly to Digital Equipment's Pathworks product, and of course, Samba.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942638">
+3.3.3 A Simple SMB Connection</a></h3><P CLASS="para">Before we close this chapter, let's take a look at a simple SMB connection. This is some pretty technical data&nbsp;- which isn't really necessary to administer Samba&nbsp;- so you can skip over it if you like. We present this information largely as a way to help you get familiar with how the SMB protocol negotiates connections with other computers on the network. </p><P CLASS="para">
+There are four steps that the client and server must complete in order to establish a connection to a resource:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942687">
+</a> Establish a virtual connection.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942688">
+</a> Negotiate the protocol variant to speak.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942689">
+</a> Set session parameters.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942690">
+</a> Make a tree connection to a resource.</p></li></ol><P CLASS="para">
+We will examine each of these steps through the eyes of a useful tool that we mentioned earlier: the modified <I CLASS="filename">
+tcpdump</i> that is available from the Samba web site.</p><P CLASS="para">
+You can download this program at <I CLASS="filename">
+samba.org</i> in the <I CLASS="filename">
+samba/ftp/tcpdump-smb</i> directory; the latest version as of this writing is 3.4-5. Use this program as you would use the standard <I CLASS="filename">
+tcpdump</i> application, but add the <CODE CLASS="literal">
+-s 1500</code> switch to ensure that you get the whole packet and not just the first few bytes.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch03-pgfId-942691">
+3.3.3.1 Establishing a virtual connection</a></h4><P CLASS="para">When a user first makes a request to access a network disk or send a print job to a remote printer, NetBIOS takes care of making a connection at the session layer. The result is a bidirectional virtual channel between the client and server. In reality, there are only two messages that the client and server need to establish this connection. This is shown in the following example session request and response, as captured by <I CLASS="filename">
+tcpdump</i> :</p><PRE CLASS="programlisting">
+&gt;&gt;&gt; NBT Packet
+NBT Session Request
+Flags=0x81000044
+Destination=ESCRIME      NameType=0x20 (Server)
+Source=WIZZIN            NameType=0x00 (Workstation)
+
+&gt;&gt;&gt; NBT Packet
+NBT Session Granted
+Flags=0x82000000</pre></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942713">
+3.3.4 Negotiating the Protocol Variant</a></h3><P CLASS="para">At this point, there is an open channel between the client and server. Next, the client sends a message to the server to negotiate an SMB protocol. As mentioned earlier, the client sets its tree identifier (TID) field to zero, since it does not yet know what TID to use. A <EM CLASS="emphasis">
+tree identifier</em> is a number that represents a connection to a share on a server.</p><P CLASS="para">
+The command in the message is <CODE CLASS="literal">
+SMBnegprot</code>, a request to negotiate a protocol variant that will be used for the entire session. Note that the client sends to the server a list of all of the variants that it can speak, not vice versa.</p><P CLASS="para">
+The server responds to the <CODE CLASS="literal">
+SMBnegprot</code> request with an index into the list of variants that the client offered, starting with index 0, or with the value 0xFF if none of the protocol variants are acceptable. Continuing this example, the server responds with the value 5, which indicates that the <CODE CLASS="literal">
+NT</code> <CODE CLASS="literal">
+LM</code> <CODE CLASS="literal">
+0.12</code> dialect will be used for the remainder of the session:</p><PRE CLASS="programlisting">
+&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=154
+
+SMB PACKET: SMBnegprot (REQUEST)
+SMB Command   =  0x72
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x0
+Flags2        =  0x0
+Tree ID       =  0
+Proc ID       =  5371
+UID           =  0
+MID           =  385
+Word Count    =  0
+Dialect=PC NETWORK PROGRAM 1.0
+Dialect=MICROSOFT NETWORKS 3.0
+Dialect=DOS LM1.2X002
+Dialect=DOS LANMAN2.1
+Dialect=Windows for Workgroups 3.1a
+Dialect=NT LM 0.12
+
+&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=69
+
+SMB PACKET: SMBnegprot (REPLY)
+SMB Command   =  0x72
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x0
+Flags2        =  0x1
+Tree ID       =  0
+Proc ID       =  5371
+UID           =  0
+MID           =  385
+Word Count    =  02
+[000] 05 00</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942762">
+3.3.5 Set Session and Login Parameters</a></h3><P CLASS="para">The next step is to transmit session and login parameters for the session. This includes the account name and password (if there is one), the workgroup name, the maximum size of data that can be transferred, and the number of pending requests that may be in the queue at any one time.</p><P CLASS="para">
+In the following example, the Session Setup command presented allows for an additional SMB command to be piggybacked onto it. The letter X at the end of the command name indicates this, and the hexadecimal code of the second command is given in the <CODE CLASS="literal">
+Com2</code> field. In this case the command is <CODE CLASS="literal">
+0x75</code>, which is the Tree Connect and X command. The <CODE CLASS="literal">
+SMBtconX</code> message looks for the name of the resource in the <KBD CLASS="command">
+smb_buf</kbd> buffer. (This is the last field listed in the following request.) In this example, <KBD CLASS="command">
+smb_buf</kbd> contains the string <CODE CLASS="literal">
+\\ESCRIME\PUBLIC</code>, which is the full pathname to a shared directory on node ESCRIME. Using the "and X" commands like this speeds up each transaction, since the server doesn't have to wait on the client to make a second request.</p><P CLASS="para">
+Note that the TID is still zero. The server will provide a TID to the client once the session has been established and a connection has been made to the requested resource. In addition, note that the password is sent in the open. We can change this later using encrypted passwords:</p><PRE CLASS="programlisting">
+&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=139
+
+SMB PACKET: SMBsesssetupX (REQUEST)
+SMB Command   =  0x73
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x10
+Flags2        =  0x0
+Tree ID       =  0
+Proc ID       =  5371
+UID           =  1
+MID           =  385
+Word Count    =  13
+Com2=0x75
+Res1=0x0
+Off2=106
+MaxBuffer=2920
+MaxMpx=2
+VcNumber=0
+SessionKey=0x1FF2
+CaseInsensitivePasswordLength=1
+CaseSensitivePasswordLength=1
+Res=0x0
+Capabilities=0x1
+Pass1&amp;Pass2&amp;Account&amp;Domain&amp;OS&amp;LanMan=  
+  KRISTIN PARKSTR Windows 4.0 Windows 4.0
+PassLen=2
+Passwd&amp;Path&amp;Device=
+smb_bcc=22
+smb_buf[]=\\ESCRIME\PUBLIC</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch03-pgfId-942801">
+3.3.6 Making Connection to a Resource</a></h3><P CLASS="para">For the final step, the server returns a TID to the client, indicating that the user has been authorized access and that the resource is ready to be used. It also sets the <KBD CLASS="command">
+ServiceType</kbd> field to "A" to indicate that this is a file service. Available service types are:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942803">
+</a> "A" for a disk or file</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942804">
+</a> "LPT1" for a spooled output</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942805">
+</a> "COMM" for a direct-connect printer or modem</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch03-pgfId-942806">
+</a> "IPC" for a named pipe</p></li></ul><P CLASS="para">
+The output is:</p><PRE CLASS="programlisting">
+&gt;&gt;&gt; NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=78
+
+SMB PACKET: SMBsesssetupX (REPLY)
+SMB Command   =  0x73
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x80
+Flags2        =  0x1
+Tree ID       =  121
+Proc ID       =  5371
+UID           =  1
+MID           =  385
+Word Count    =  3
+Com2=0x75
+Off2=68
+Action=0x1
+[000] Unix Samba 1.9.1
+[010] PARKSTR
+
+SMB PACKET: SMBtconX (REPLY) (CHAINED)
+smbvwv[]=
+Com2=0xFF
+Off2=78
+smbbuf[]=
+ServiceType=A:</pre><P CLASS="para">
+Now that a TID has been assigned, the client may issue any sort of command that it would use on a local disk drive. It can open files, read and write to them, delete them, create new files, search for filenames, and so on. </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_02.html" TITLE="3.2 Setting Up Windows NT 4.0 Computers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 3.2 Setting Up Windows NT 4.0 Computers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4. Disk Shares " BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+3.2 Setting Up Windows NT 4.0 Computers</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4. Disk Shares </td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_01.html b/docs/htmldocs/using_samba/ch04_01.html
new file mode 100755
index 00000000000..1cc3494d290
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_01.html
@@ -0,0 +1,415 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] Disk Shares </title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:31:52Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_03.html" TITLE="3.3 An Introduction to SMB/CIFS">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 3.3 An Introduction to SMB/CIFS" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 4</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_02.html" TITLE="4.2 Special Sections">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.2 Special Sections" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch04-21486">
+4. Disk Shares </a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch04-76968" TITLE="4.1 Learning the Samba Configuration File">
+Learning the Samba Configuration File</a><br>
+<A CLASS="sect1" HREF="ch04_02.html" TITLE="4.2 Special Sections">
+Special Sections</a><br>
+<A CLASS="sect1" HREF="ch04_03.html" TITLE="4.3 Configuration File Options">
+Configuration File Options</a><br>
+<A CLASS="sect1" HREF="ch04_04.html" TITLE="4.4 Server Configuration">
+Server Configuration</a><br>
+<A CLASS="sect1" HREF="ch04_05.html" TITLE="4.5 Disk Share Configuration">
+Disk Share Configuration</a><br>
+<A CLASS="sect1" HREF="ch04_06.html" TITLE="4.6 Networking Options with Samba">
+Networking Options with Samba</a><br>
+<A CLASS="sect1" HREF="ch04_07.html" TITLE="4.7 Virtual Servers">
+Virtual Servers</a><br>
+<A CLASS="sect1" HREF="ch04_08.html" TITLE="4.8 Logging Configuration Options">
+Logging Configuration Options</a></p><P>
+</p></div><P CLASS="para">In the previous three chapters, we showed you how to install Samba on a Unix server and set up Windows clients to use a simple disk share. This chapter will show you how Samba can assume more productive roles on your network.</p><P CLASS="para">
+Samba's daemons, <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em>, are controlled through a single ASCII file, <I CLASS="filename">
+smb.conf</i>, that can contain over 200 unique options. These options define how Samba reacts to the network around it, including everything from simple permissions to encrypted connections and NT domains. The next five chapters are designed to help you get familiar with this file and its options. Some of these options you will use and change frequently; others you may never use&nbsp;- it all depends on how much functionality you want Samba to offer its clients.</p><P CLASS="para">
+This chapter introduces the structure of the Samba configuration file and shows you how to use these options to create and modify disk shares. Subsequent chapters will discuss browsing, how to configure users, security, domains, and printers, and a host of other myriad topics that you can implement with Samba on your network.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch04-76968">
+4.1 Learning the Samba Configuration File</a></h2><P CLASS="para">
+<I CLASS="filename">
+</i>Here is an <I CLASS="filename">
+</i>example of a Samba configuration file. If you have worked with a Windows .INI file, the structure of the <I CLASS="filename">
+smb.conf </i> file should look very familiar: </p><PRE CLASS="programlisting">
+[global] 
+	log level = 1 
+	max log size = 1000
+	socket options = TCP_NODELAY IPTOS_LOWDELAY 
+	guest ok = no
+[homes] 
+	browseable = no
+	map archive = yes
+[printers] 
+	path = /usr/tmp
+	guest ok = yes
+	printable = yes
+	min print space = 2000
+[test]
+	browseable = yes
+	read only = yes
+	guest ok = yes
+	path = /export/samba/test</pre><P CLASS="para">
+Although you may not understand the contents yet, this is a good configuration file to grab if you're in a hurry. (If you're not, we'll create a new one from scratch shortly.) In a nutshell, this configuration file sets up basic debug logging in a default log file not to exceed 1MB, optimizes TCP/IP socket connections between the Samba server and any SMB clients, and allows Samba to create a disk share for each user that has a standard Unix account on the server. In addition, each of the printers registered on the server will be publicly available, as will a single read-only share that maps to the <I CLASS="filename">
+/export/samba/test</i> directory. The last part of this file is similar to the disk share you used to test Samba in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-52415">
+4.1.1 Configuration File Structure</a></h3><P CLASS="para">
+<I CLASS="filename">
+</i>Let's take another look at this configuration file, this time from a higher level:</p><PRE CLASS="programlisting">
+[global] 
+	...
+[homes] 
+	...
+[printers] 
+	...
+[test] 
+	...</pre><P CLASS="para">
+The names inside the square brackets delineate unique sections of the <I CLASS="filename">
+smb.conf</i> file; each section names the <I CLASS="firstterm">
+share</i> (or service) that the section refers to. For example, the <CODE CLASS="literal">
+[test]</code> and <CODE CLASS="literal">
+[homes]</code> sections are each unique disk shares; they contain options that map to specific directories on the Samba server. The <CODE CLASS="literal">
+[printers]</code> share contains options that map to various printers on the server. All the sections defined in the <I CLASS="filename">
+smb.conf</i> file, with the exception of the <CODE CLASS="literal">
+[global]</code> section, will be available as a disk or printer share to clients connecting to the Samba server.</p><P CLASS="para">
+The remaining lines are individual configuration options unique to that share. These options will continue until a new bracketed section is encountered, or until the end of the file is reached. Each configuration option follows a simple format:</p><PRE CLASS="programlisting"><CODE CLASS="replaceable"><I>option</i></code> = <CODE CLASS="replaceable"><I>value</i></code></pre><P CLASS="para">
+Options in the <I CLASS="filename">
+smb.conf</i> file are set by assigning a value to them. We should warn you up front that some of the option names in Samba are poorly chosen. For example, <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+only</code> is self-explanatory, and is typical of many recent Samba options. <CODE CLASS="literal">
+public</code> is an older option, and is vague; it now has a less-confusing synonym <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> (may be accessed by guests). We describe some of the more common historical names in this chapter in sections that highlight each major task. In addition, <a href="appc_01.html"><b>Appendix C, <CITE CLASS="appendix">Samba Configuration Option Quick Reference</cite></b></a>, contains an alphabetical index of all the configuration options and their meanings.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-955562">
+4.1.1.1 Whitespaces, quotes, and commas</a></h4><P CLASS="para">
+An important item to remember about configuration options is that all whitespaces in the <CODE CLASS="replaceable">
+<I>
+value</i></code> are significant. For example, consider the following option:</p><PRE CLASS="programlisting">
+volume = The Big Bad Hard Drive Number 3543</pre><P CLASS="para">
+Samba strips away the spaces between the final <CODE CLASS="literal">
+e</code> in <CODE CLASS="literal">
+volume</code> and the first <CODE CLASS="literal">
+T</code> in <CODE CLASS="literal">
+The</code>. These whitespaces are insignificant. The rest of the whitespaces are significant and will be recognized and preserved by Samba when reading in the file. Space is not significant in option names (such as <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code>), but we recommend you follow convention and keep spaces between the words of options.</p><P CLASS="para">
+If you feel safer including quotation marks at the beginning and ending of a configuration option's value, you may do so. Samba will ignore these quotation marks when it encounters them. Never use quotation marks around an option itself; Samba will treat this as an error.</p><P CLASS="para">
+Finally, you can use whitespaces to separate a series of values in a list, or you can use commas. These two options are equivalent:</p><PRE CLASS="programlisting">
+netbios aliases = sales, accounting, payroll
+netbios aliases = sales accounting payroll</pre><P CLASS="para">
+In some values, however, you must use one form of separation&nbsp;- spaces in some cases, commas in others.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-960466">
+4.1.1.2 Capitalization</a></h4><P CLASS="para">Capitalization is not important in the Samba configuration file except in locations where it would confuse the underlying operating system. For example, let's assume that you included the following option in a share that pointed to <I CLASS="filename">
+/export/samba/simple </i>:</p><PRE CLASS="programlisting">
+PATH = /EXPORT/SAMBA/SIMPLE</pre><P CLASS="para">
+Samba would have no problem with the <CODE CLASS="literal">
+path</code> configuration option appearing entirely in capital letters. However, when it tries to connect to the given directory, it would be unsuccessful because the Unix filesystem in the underlying operating system <EM CLASS="emphasis">
+is</em> case sensitive. Consequently, the path listed would not be found and clients would be unable to connect to the share.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-960474">
+4.1.1.3 Line continuation</a></h4><P CLASS="para">
+You can continue a line in the Samba configuration file using the backslash, as follows:</p><PRE CLASS="programlisting">
+comment = The first share that has the primary copies \
+          of the new Teamworks software product.</pre><P CLASS="para">
+Because of the backslash, these two lines will be treated as one line by Samba. The second line begins at the first non-whitespace character that Samba encounters; in this case, the <CODE CLASS="literal">
+o</code> in <CODE CLASS="literal">
+of</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-955588">
+4.1.1.4 Comments</a></h4><P CLASS="para">
+You can insert comments in the <I CLASS="filename">
+smb.conf</i> configuration file by preceding a line with either a hash mark (#) or a semicolon (;). Both characters are equivalent. For example, the first three lines in the following example would be considered comments:</p><PRE CLASS="programlisting">
+#  This is the printers section. We have given a minimum print 
+;  space of 2000 to prevent some errors that we've seen when
+;  the spooler runs out of space.
+
+[printers] 
+	public = yes
+	min print space = 2000</pre><P CLASS="para">
+Samba will ignore all comment lines in its configuration file; there are no limitations to what can be placed on a comment line after the initial hash mark or semicolon. Note that the line continuation character (<CODE CLASS="literal">\</code>) will <EM CLASS="emphasis">
+not</em> be honored on a commented line. Like the rest of the line, it is ignored.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-955563">
+4.1.1.5 Changes at runtime</a></h4><P CLASS="para">You can modify the <I CLASS="filename">
+smb.conf</i> configuration file and any of its options at any time while the Samba daemons are running. By default, Samba checks the configuration file every 60 seconds for changes. If it finds any, the changes are immediately put into effect. If you don't wish to wait that long, you can force a reload by either sending a SIGHUP signal to the <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em> processes, or simply restarting the daemons.</p><P CLASS="para">
+For example, if the <EM CLASS="emphasis">
+smbd</em> process was 893, you could force it to reread the configuration file with the following command:</p><PRE CLASS="programlisting">
+<B CLASS="emphasis.bold"><CODE CLASS="literal">#</code> kill -SIGHUP 893</b></pre><P CLASS="para">
+Not all changes will be immediately recognized by clients. For example, changes to a share that is currently in use will not be registered until the client disconnects and reconnects to that share. In addition, server-specific parameters such as the workgroup or NetBIOS name of the server will not register immediately either. This keeps active clients from being suddenly disconnected or encountering unexpected access problems while a session is open.<I CLASS="filename">
+</i> </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-87365">
+4.1.2 Variables</a></h3><P CLASS="para">
+<I CLASS="filename">
+</i>Samba includes a complete set of variables for determining characteristics of the Samba server and the clients to which it connects. Each of these variables begins with a percent sign, followed by a single uppercase or lowercase letter, and can be used only on the right side of a configuration option (e.g., after the equal sign):</p><PRE CLASS="programlisting">
+[pub]
+    path = /home/ftp/pub/%a </pre><P CLASS="para">
+The <CODE CLASS="literal">
+%a</code> stands for the client machine's architecture (e.g., <CODE CLASS="literal">
+WinNT</code> for Windows NT, <CODE CLASS="literal">
+Win95</code> for Windows 95 or 98, or <CODE CLASS="literal">
+WfWg</code> for Windows for Workgroups). Because of this, Samba will assign a unique path for the <CODE CLASS="literal">
+[pub]</code> share to client machines running Windows NT, a different path for client machines running Windows 95, and another path for Windows for Workgroups. In other words, the paths that each client would see as its share differ according to the client's architecture, as follows:</p><PRE CLASS="programlisting">
+/home/ftp/pub/WinNT
+/home/ftp/pub/Win95
+/home/ftp/pub/WfWg</pre><P CLASS="para">
+Using variables in this manner comes in handy if you wish to have different users run custom configurations based on their own unique characteristics or conditions. Samba has 19 variables, as shown in <A CLASS="xref" HREF="ch04_01.html#ch04-10883">
+Table 4.1</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-10883">
+Table 4.1: Samba Variables </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">Client variables</b></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%a</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<I CLASS="filename">
+</i>Client's architecture (e.g., Samba, WfWg, WinNT, Win95, or UNKNOWN)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%I</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's IP address (e.g., 192.168.220.100)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">%m</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's NetBIOS name</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%M</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Client's DNS name</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">User variables</b></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%g</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primary group of <CODE CLASS="literal">
+%u</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%G</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Primary group of <CODE CLASS="literal">
+%U</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%H</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Home directory of <CODE CLASS="literal">
+%u</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%u</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current Unix username</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%U</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Requested client username (not always used by Samba)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">
+Share variables</b></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%p</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Automounter's path to the share's root directory, if different from <CODE CLASS="literal">
+%P</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%P</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current share's root directory</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%S</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current share's name</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">
+Server variables</b></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%d</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Current server process ID</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%h</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba server's DNS hostname</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%L</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba server's NetBIOS name</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%N</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Home directory server, from the automount map</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%v</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba version</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">
+Miscellaneous variables</b></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%R</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The SMB protocol level that was negotiated</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%T</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The current date and time</p></td></tr></tbody></table><P CLASS="para">Here's another example of using variables: let's say that there are five clients on your network, but one client, <CODE CLASS="literal">
+fred</code>, requires a slightly different <CODE CLASS="literal">
+[homes]</code> configuration loaded when it connects to the Samba server. With Samba, it's simple to attack such a problem: </p><PRE CLASS="programlisting">
+[homes] 
+	...
+	include = /usr/local/samba/lib/smb.conf.%m
+	...</pre><P CLASS="para">
+The <CODE CLASS="literal">
+include</code> option here causes a separate configuration file for each particular NetBIOS machine (<CODE CLASS="literal">%m</code>) to be read in addition to the current file. If the hostname of the client machine is <CODE CLASS="literal">
+fred</code>, and if a <I CLASS="filename">
+smb.conf.fred</i> file exists in the <CODE CLASS="replaceable">
+<I>
+samba_dir</i></code><I CLASS="filename">
+/lib/</i> directory (or whatever directory you've specified for your configuration files), Samba will insert that configuration file into the default one. If any configuration options are restated in <I CLASS="filename">
+smb.conf.fred</i>, those values will override any options previously encountered in that share. Note that we say "previously." If any options are restated in the main configuration file after the <CODE CLASS="literal">
+include</code> option, Samba will honor those restated values for the share in which they are defined.</p><P CLASS="para">
+Here's the important part: if there is no such file, Samba will not generate an error. In fact, it won't do anything at all. This allows you to create only one extra configuration file for <CODE CLASS="literal">
+fred</code> when using this strategy, instead of one for each NetBIOS machine that is on the network.</p><P CLASS="para">
+Machine-specific configuration files can be used both to customize particular clients and to make debugging Samba easier. Consider the latter; if we have one client with a problem, we can use this approach to give it a private log file with a more verbose logging level. This allows us to see what Samba is doing without slowing down all the other clients or overflowing the disk with useless logs. Remember, with large networks you may not always have the option to restart the Samba server to perform debugging!</p><P CLASS="para">
+You can use each of the variables in <A CLASS="xref" HREF="ch04_01.html#ch04-10883">
+Table 4.1</a> to give custom values to a variety of Samba options. We will highlight several of these options as we move through the next few chapters.<I CLASS="filename">
+</i> </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch03_03.html" TITLE="3.3 An Introduction to SMB/CIFS">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 3.3 An Introduction to SMB/CIFS" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_02.html" TITLE="4.2 Special Sections">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.2 Special Sections" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+3.3 An Introduction to SMB/CIFS</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.2 Special Sections</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_02.html b/docs/htmldocs/using_samba/ch04_02.html
new file mode 100755
index 00000000000..d0b554e941a
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_02.html
@@ -0,0 +1,211 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.2 Special Sections</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:00Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_01.html" TITLE="4.1 Learning the Samba Configuration File">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.1 Learning the Samba Configuration File" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_03.html" TITLE="4.3 Configuration File Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.3 Configuration File Options" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-81402">
+4.2 Special Sections</a></h2><P CLASS="para">
+<I CLASS="filename">
+</i>Now that we've gotten our feet wet with variables, there are a few special sections of the Samba configuration file that we should talk about. Again, don't worry if you do not understand each and every configuration options listed below; we'll go over each of them over the course of the upcoming chapters.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-943263">
+4.2.1 The [ globals] Section</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+[globals]</code> section appears in virtually every Samba configuration file, even though it is not mandatory to define one. Any option set in this section of the file will apply to all the other shares, as if the contents of the section were copied into the share itself. There is one catch: other sections can list the same option in their section with a new value; this has the effect of overriding the value specified in the <CODE CLASS="literal">
+[globals]</code> section. </p><P CLASS="para">
+To illustrate this, let's again look at the opening example of the chapter:</p><PRE CLASS="programlisting">
+[global] 
+	log level = 1 
+	max log size = 1000
+	socket options = TCP_NODELAY IPTOS_LOWDELAY 
+	guest ok = no
+[homes] 
+	browseable = no
+	map archive = yes
+[printers] 
+	path = /usr/tmp
+	guest ok = yes
+	printable = yes
+	min print space = 2000
+[test] 
+	browseable = yes
+	read only = yes
+	guest ok = yes
+	path = /export/samba/test</pre><P CLASS="para">
+In the previous example, if we were going to connect a client to the <CODE CLASS="literal">
+[test]</code> share, Samba would first read in the <CODE CLASS="literal">
+[globals]</code> section. At that point, it would set the option <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+no</code> as the global default for each share it encounters throughout the configuration file. This includes the <CODE CLASS="literal">
+[homes]</code> and <CODE CLASS="literal">
+[printers]</code> shares. When it reads in the <CODE CLASS="literal">
+[test]</code> share, however, it would then find the configuration option <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code>, and override the default from the <CODE CLASS="literal">
+[globals]</code> section with the value <CODE CLASS="literal">
+yes</code> in the context of the <CODE CLASS="literal">
+[pub]</code> share.</p><P CLASS="para">
+Any option that appears outside of a section (before the first marked section) is also assumed to be a global option.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-942795">
+4.2.2 The [homes] Section</a></h3><P CLASS="para">
+If a client attempts to connect to a share that doesn't appear in the <I CLASS="filename">
+smb.conf</i> file, Samba will search for a <CODE CLASS="literal">
+[homes]</code> share in the configuration file. If one exists, the unidentified share name is assumed to be a Unix username, which is queried in the password database of the Samba server. If that username appears, Samba assumes the client is a Unix user trying to connect to his or her home directory on the server.</p><P CLASS="para">
+For example, assume a client machine is connecting to the Samba server <CODE CLASS="literal">
+hydra</code> for the first time, and tries to connect to a share named [<CODE CLASS="literal">alice]</code>. There is no <CODE CLASS="literal">
+[alice]</code> share defined in the <I CLASS="filename">
+smb.conf</i> file, but there is a <CODE CLASS="literal">
+[homes]</code>, so Samba searches the password database file and finds an <CODE CLASS="literal">alice</code> user account is present on the system. Samba then checks the password provided by the client against user <CODE CLASS="literal">alice</code>'s Unix password&nbsp;- either with the password database file if it's using non-encrypted passwords, or Samba's <I CLASS="filename">
+smbpasswd</i> file if encrypted passwords are in use. If the passwords match, then Samba knows it has guessed right: the user <CODE CLASS="literal">alice</code> is trying to connect to her home directory. Samba will then create a share called <CODE CLASS="literal">[alice]</code> for her.</p><P CLASS="para">
+The process of using the <CODE CLASS="literal">
+[homes]</code> section to create users (and dealing with their passwords) is discussed in more detail in the <a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains</cite></b></a>.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-942816">
+4.2.3 The [printers] Section</a></h3><P CLASS="para">
+The third special section is called <CODE CLASS="literal">
+[printers]</code> and is similar to <CODE CLASS="literal">
+[homes]</code>. If a client attempts to connect to a share that isn't in the <I CLASS="filename">
+smb.conf</i>  file, and its name can't be found in the password file, Samba will check to see if it is a printer share. Samba does this by reading the printer capabilities file (usually <I CLASS="filename">
+/etc/printcap</i>) to see if the share name appears there.[<A CLASS="footnote" HREF="#ch04-pgfId-960558">1</a>] If it does, Samba creates a share named after the printer.</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch04-pgfId-960558">[1]</a> Depending on your system, this file may not be <EM CLASS="emphasis">
+/etc/printcap</em>. You can use the <EM CLASS="emphasis">
+testparm</em> command that comes with Samba to determine the value of the <CODE CLASS="literal">
+printcap</code> <CODE CLASS="literal">
+name</code> configuration option; this was the default value chosen when Samba was compiled.</p></div></blockquote><P CLASS="para">
+Like <CODE CLASS="literal">
+[homes]</code>, this means you don't have to maintain a share for each of your system printers in the <I CLASS="filename">
+smb.conf</i>  file. Instead, Samba honors the Unix printer registry if you request it to, and provides the registered printers to the client machines. There is, however, an obvious limitation: if you have an account named <CODE CLASS="literal">
+fred</code> and a printer named <CODE CLASS="literal">
+fred</code>, Samba will always find the user account first, even if the client really needed to connect to the printer.</p><P CLASS="para">
+The process of setting up the <CODE CLASS="literal">
+[printers]</code> share is discussed in more detail in <a href="ch07_01.html"><b>Chapter 7, <CITE CLASS="chapter">Printing and Name Resolution</cite></b></a>.<I CLASS="filename">
+</i> </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-968226">
+4.2.4 Configuration Options</a></h3><P CLASS="para">
+<I CLASS="filename">
+</i>Options in the Samba configuration files fall into one of two categories: <I CLASS="firstterm">
+global</i> or <I CLASS="firstterm">
+share</i>. Each category dictates where an option can appear in the configuration file.</p><DL CLASS="variablelist">
+<DT CLASS="term">
+Global</dt><DD CLASS="listitem">
+<P CLASS="para">Global options <EM CLASS="emphasis">
+must</em> appear in the <CODE CLASS="literal">
+[global]</code> section and nowhere else. These are options that typically apply to the behavior of the Samba server itself, and not to any of its shares.</p></dd><DT CLASS="term">
+Share</dt><DD CLASS="listitem">
+<P CLASS="para">Share options can appear in specific shares, or they can appear in the <CODE CLASS="literal">
+[global]</code> section. If they appear in the <CODE CLASS="literal">
+[global]</code> section, they will define a default behavior for all shares, unless a share overrides the option with a value of its own.</p></dd></dl><P CLASS="para">
+In addition, the values that a configuration option can take can be divided into four categories. They are as follows:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+Boolean</dt><DD CLASS="listitem">
+<P CLASS="para">These are simply yes or no values, but can be represented by any of the following: <CODE CLASS="literal">
+yes</code>, <CODE CLASS="literal">
+no</code>, <CODE CLASS="literal">
+true</code>, <CODE CLASS="literal">
+false</code>, <CODE CLASS="literal">
+0</code>, <CODE CLASS="literal">
+1</code>. The values are case insensitive: <CODE CLASS="literal">
+YES</code> is the same as <CODE CLASS="literal">
+yes</code>.</p></dd><DT CLASS="term">
+Numerical</dt><DD CLASS="listitem">
+<P CLASS="para">An integer, hexidecimal, or octal number. The standard <CODE CLASS="literal">
+0x</code><EM CLASS="emphasis">
+nn</em> syntax is used for hexadecimal and <CODE CLASS="literal">
+0</code><EM CLASS="emphasis">
+nnn</em> for octal.</p></dd><DT CLASS="term">
+String</dt><DD CLASS="listitem">
+<P CLASS="para">
+A string of case-sensitive characters, such as a filename or a username.</p></dd><DT CLASS="term">
+Enumerated list</dt><DD CLASS="listitem">
+<P CLASS="para">
+A finite list of known values. In effect, a boolean is an enumerated list with only two values.<I CLASS="filename">
+</i> </p></dd></dl></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_01.html" TITLE="4.1 Learning the Samba Configuration File">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.1 Learning the Samba Configuration File" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_03.html" TITLE="4.3 Configuration File Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.3 Configuration File Options" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.1 Learning the Samba Configuration File</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.3 Configuration File Options</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_03.html b/docs/htmldocs/using_samba/ch04_03.html
new file mode 100755
index 00000000000..3e5ae738659
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_03.html
@@ -0,0 +1,190 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.3 Configuration File Options</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:06Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_02.html" TITLE="4.2 Special Sections">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.2 Special Sections" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_04.html" TITLE="4.4 Server Configuration">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.4 Server Configuration" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-46076">
+4.3 Configuration File Options</a></h2><P CLASS="para">
+Samba has well over 200 configuration options at its disposal. So let's start off easy by introducing some of the options you can use to modify the configuration file itself. </p><P CLASS="para">
+As we hinted earlier in the chapter, configuration files are by no means static. You can instruct Samba to include or even replace configuration options as it is processing them. The options to do this are summarized in <A CLASS="xref" HREF="ch04_03.html#ch04-94939">
+Table 4.2</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-94939">
+Table 4.2: Configuration File Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+config file</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the location of a configuration file to use instead of the current one.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+include</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies an additional segment of configuration options to be included at this point in the configuration file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+copy</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (name of share)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows you to clone the configuration options of another share in the current share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-960146">
+4.3.1 config file</a></h3><P CLASS="para">
+The global <CODE CLASS="literal">
+config</code> <CODE CLASS="literal">
+file</code> option specifies a replacement configuration file that will be loaded when the option is encountered. If the target file exists, the remainder of the current configuration file, as well as the options encounter so far, will be discarded; Samba will configure itself entirely with the options in the new file. The <CODE CLASS="literal">
+config</code> <CODE CLASS="literal">
+file</code> option takes advantage of the variables above, which is useful in the event that you want load a special configuration file based on the machine name or user of the client that it connecting. </p><P CLASS="para">
+For example, the following line instructs Samba to use a configuration file specified by the NetBIOS name of the client connecting, if such a file exists. If it does, options specified in the original configuration file are ignored. The following example attempts to lead a new configuration file based on the client's NetBIOS name: </p><PRE CLASS="programlisting">
+[global]
+	config file = /usr/local/samba/lib/smb.conf.%m</pre><P CLASS="para">
+If the configuration file specified does not exist, the option is ignored and Samba will continue to configure itself based on the current file.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-960151">
+4.3.2 include</a></h3><P CLASS="para">
+This option, discussed in greater detail earlier, copies the target file into the current configuration file at the point specified, as shown in <A CLASS="xref" HREF="ch04_03.html#ch04-97340">
+Figure 4.1</a>. This option also takes advantage of the variables specified earlier in the chapter, which is useful in the event that you want load configuration options based on the machine name or user of the client that it connecting. You can use this option as follows:</p><PRE CLASS="programlisting">
+[global]
+	include = /usr/local/samba/lib/smb.conf.%m</pre><P CLASS="para">
+If the configuration file specified does not exist, the option is ignored. Remember that any option specified previously is overridden. In <A CLASS="xref" HREF="ch04_03.html#ch04-97340">
+Figure 4.1</a>, all three options will override their previous values.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-97340">
+Figure 4.1: The include option in a Samba configuration file</a></h4><IMG CLASS="graphic" SRC="figs/sam.0401.gif" ALT="Figure 4.1"><P CLASS="para">
+The <CODE CLASS="literal">
+include</code> option cannot understand the variables <CODE CLASS="literal">
+%u</code> (user), <CODE CLASS="literal">
+%p</code> (current share's rout directory), or <CODE CLASS="literal">
+%s</code> (current share) because they are not set at the time the file is read.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-960290">
+4.3.3 copy</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+copy</code> configuration option allows you to clone the configuration options of the share name that you specify in the current share. The target share must appear earlier in the configuration file than the share that is performing the copy. For example:</p><PRE CLASS="programlisting">
+[template]
+	writable = yes
+	browsable = yes
+	valid users = andy, dave, peter
+
+[data]
+	path = /usr/local/samba
+	copy = template</pre><P CLASS="para">
+Note that any options in the share that invoked the <CODE CLASS="literal">
+copy</code> directive will override those in the cloned share; it does not matter whether they appear before or after the <CODE CLASS="literal">
+copy</code><I CLASS="filename">
+</i> directive.<I CLASS="filename">
+</i> </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_02.html" TITLE="4.2 Special Sections">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.2 Special Sections" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_04.html" TITLE="4.4 Server Configuration">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.4 Server Configuration" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.2 Special Sections</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.4 Server Configuration</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_04.html b/docs/htmldocs/using_samba/ch04_04.html
new file mode 100755
index 00000000000..5eac6db9e5d
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_04.html
@@ -0,0 +1,214 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.4 Server Configuration</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:07Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_03.html" TITLE="4.3 Configuration File Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.3 Configuration File Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_05.html" TITLE="4.5 Disk Share Configuration">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.5 Disk Share Configuration" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-71382">
+4.4 Server Configuration</a></h2><P CLASS="para">Now it's time to begin configuring your Samba server. Let's introduce three basic configuration options that can appear in the <CODE CLASS="literal">
+[global]</code> section of your <I CLASS="filename">
+smb.conf</i> file:</p><PRE CLASS="programlisting">
+[global]
+	#  Server configuration parameters
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE</pre><P CLASS="para">
+This configuration file is pretty simple; it advertises the Samba server on a NBT network under the NetBIOS name <CODE CLASS="literal">
+hydra</code>. In addition, the machine belongs to the workgroup SIMPLE and displays a description to clients that includes the Samba version number as well as the NetBIOS name of the Samba server.</p><P CLASS="para">
+If you had to enter <CODE CLASS="literal">
+encrypt passwords=yes </code>in your earlier configuration file, you should do so here as well.</p><P CLASS="para">
+Go ahead and try this configuration file. Create a file named <I CLASS="filename">
+smb.conf</i> under the <I CLASS="filename">
+/usr/local/samba/lib</i> directory with the text listed above. Then reset the Samba server and use a Windows client to verify the results. Be sure that your Windows clients are in the SIMPLE workgroup as well. After clicking on the Network Neighborhood on a Windows client, you should see a window similar to <A CLASS="xref" HREF="ch04_04.html#ch04-38915">
+Figure 4.2</a>. (In this figure, <CODE CLASS="literal">
+phoenix</code> and <CODE CLASS="literal">
+chimaera</code> are our Windows clients.) </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-38915">
+Figure 4.2: Network Neighborhood showing the Samba server</a></h4><IMG CLASS="graphic" SRC="figs/sam.0402.gif" ALT="Figure 4.2"><P CLASS="para">
+You can verify the <CODE CLASS="literal">
+server</code> <CODE CLASS="literal">
+string</code> by listing the details of the Network Neighborhood window (select the Details menu item under the View menu), at which point you should see a window similar to <A CLASS="xref" HREF="ch04_04.html#ch04-50900">
+Figure 4.3</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-50900">
+Figure 4.3: Network Neighborhood details listing</a></h4><IMG CLASS="graphic" SRC="figs/sam.0403.gif" ALT="Figure 4.3"><P CLASS="para">
+If you were to click on the Hydra icon, a window should appear that shows the services that it provides. In this case, the window would be completely empty because there are no shares on the server yet.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-961293">
+4.4.1 Server Configuration Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch04_04.html#ch04-61150">Table 4.3</a> summarizes the server configuration options introduced previously. Note that all three of these options are global in scope; in other words, they must appear in the <CODE CLASS="literal">
+[global]</code> section of the configuration file. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-61150">
+Table 4.3: Server Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+netbios name</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the primary NetBIOS name of the Samba server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Server DNS hostname</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+server string</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a descriptive string for the Samba server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+Samba %v</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+workgroup</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the NetBIOS group of machines that the server belongs to.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Defined at compile time</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-955762">
+4.4.1.1 netbios name</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+netbios</code> <CODE CLASS="literal">
+name</code> option allows you to set the NetBIOS name of the server. For example:</p><PRE CLASS="programlisting">
+netbios name = YORKVM1</pre><P CLASS="para">
+The default value for this configuration option is the server's hostname; that is, the first part of its complete DNS machine name. For example, a machine with the DNS name <CODE CLASS="literal">
+ruby.ora.com</code> would be given the NetBIOS name <CODE CLASS="literal">
+RUBY</code> by default. While you can use this option to restate the machine's NetBIOS name in the configuration file (as we did previously), it is more commonly used to assign the Samba server a NetBIOS name other than its current DNS name. Remember that the name given must follow the rules for valid NetBIOS machine names as outlines in <a href="ch01_01.html"><b>Chapter 1, <CITE CLASS="chapter">Learning the Samba</cite></b></a>.</p><P CLASS="para">
+Changing the NetBIOS name of the server is not recommended unless you have a good reason. One such reason might be if the hostname of the machine is not unique because the LAN is divided over two or more DNS domains. For example, YORKVM1 is a good NetBIOS candidate for <i>vm1.york.example.com</i> to differentiate it from <EM CLASS="emphasis">
+vm1.falkirk.example.com</em>, which has the same hostname but resides in a different DNS domain.</p><P CLASS="para">
+Another use of this option is for relocating SMB services from a dead or retired machine. For example, if <CODE CLASS="literal">
+SALES</code> is the SMB server for the department, and it suddenly dies, you could immediately reset <CODE CLASS="literal">
+netbios</code> <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+SALES</code> on a backup Samba machine that's taking over for it. Users won't have to change their drive mappings to a different machine; new connections to <CODE CLASS="literal">
+SALES</code> will simply go to the new machine.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-955977">
+4.4.1.2 server string</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+server</code> <CODE CLASS="literal">
+string</code> parameter defines a comment string that will appear next to the server name in both the Network Neighborhood (when shown with the Details menu) and the comment entry of the Microsoft Windows print manager. You can use the standard variables to provide information in the description. For example, our entry earlier was:</p><PRE CLASS="programlisting">
+[global]
+	server string = Samba %v on (%h)</pre><P CLASS="para">
+The default for this option simply presents the current version of Samba and is equivalent to:</p><PRE CLASS="programlisting">
+server string = Samba %v</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-955973">
+4.4.1.3 workgroup</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+workgroup</code> parameter sets the current workgroup where the Samba server will advertise itself. Clients that wish to access shares on the Samba server should be on the same NetBIOS workgroup. Remember that workgroups are really just NetBIOS group names, and must follow the standard NetBIOS naming conventions outlined in <a href="ch01_01.html"><b>Chapter 1</b></a>. For example:</p><PRE CLASS="programlisting">
+[global]
+	workgroup = SIMPLE</pre><P CLASS="para">
+The default option for this parameter is set at compile time. If the entry is not changed in the makefile, it will be <CODE CLASS="literal">
+WORKGROUP</code>. Because this tends to be the workgroup name of every unconfigured NetBIOS network, we recommend that you always set your workgroup name in the Samba configuration file.[<A CLASS="footnote" HREF="#ch04-pgfId-962322">2</a>] </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch04-pgfId-962322">[2]</a> We should also mention that it is an inherently bad idea to have a workgroup that shares the same name as a server.</p></div></blockquote></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_03.html" TITLE="4.3 Configuration File Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.3 Configuration File Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_05.html" TITLE="4.5 Disk Share Configuration">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.5 Disk Share Configuration" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.3 Configuration File Options</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.5 Disk Share Configuration</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_05.html b/docs/htmldocs/using_samba/ch04_05.html
new file mode 100755
index 00000000000..ecb8acfebf4
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_05.html
@@ -0,0 +1,309 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.5 Disk Share Configuration</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:13Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_04.html" TITLE="4.4 Server Configuration">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.4 Server Configuration" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_06.html" TITLE="4.6 Networking Options with Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.6 Networking Options with Samba" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-14274">
+4.5 Disk Share Configuration</a></h2><P CLASS="para">We mentioned in the previous section that there were no disk shares on the <CODE CLASS="literal">
+hydra</code> server. Let's continue with the configuration file and create an empty disk share called [<CODE CLASS="literal">data</code>]. Here are the additions that will do it:</p><PRE CLASS="programlisting">
+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE
+
+[data]
+	path = /export/samba/data
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes
+	guest ok = yes</pre><P CLASS="para">
+The <CODE CLASS="literal">
+[data]</code> share is typical for a Samba disk share. The share maps to a directory on the Samba server: <I CLASS="filename">
+/export/samba/data</i>. We've also provided a comment that describes the share as a <CODE CLASS="literal">
+Data</code> <CODE CLASS="literal">
+Drive</code>, as well as a volume name for the share itself.</p><P CLASS="para">
+The share is set to writeable so that users can write data to it; the default with Samba is to create a read-only share. As a result, this option needs to be explicitly set for each disk share you wish to make writeable.</p><P CLASS="para">
+You may have noticed that we set the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> parameter to <CODE CLASS="literal">
+yes</code>. While this isn't very security-conscious, there are some password issues that we need to understand before setting up individual users and authentication. For the moment, this will sidestep those issues and let anyone connect to the share.</p><P CLASS="para">
+Go ahead and make these additions to your configuration file. In addition, create the <I CLASS="filename">
+/export/samba/data</i> directory as root on your Samba machine with the following commands:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">#</code> mkdir /export/samba/data</b><B CLASS="emphasis.bold">
+<CODE CLASS="literal"># </code>chmod 777 /export/samba/data</b></pre><P CLASS="para">
+Now, if you connect to the <CODE CLASS="literal">
+hydra</code> server again (you can do this by clicking on its icon in the Windows Network Neighborhood), you should see a single share listed entitled <CODE CLASS="literal">
+data</code>, as shown in <A CLASS="xref" HREF="ch04_05.html#ch04-13866">
+Figure 4.4</a>. This share should also have read/write access to it. Try creating or copying a file into the share. Or, if you're really feeling adventurous, you can even try mapping a network drive to it! </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-13866">
+Figure 4.4: The initial data share on the Samba server</a></h4><IMG CLASS="graphic" SRC="figs/sam.0404.gif" ALT="Figure 4.4"><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-961433">
+4.5.1 Disk Share Configuration Options</a></h3><P CLASS="para">The basic Samba configuration options for disk shares previously introduced are listed in <A CLASS="xref" HREF="ch04_05.html#ch04-82964">
+Table 4.4</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-82964">
+Table 4.4: Basic Share Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+path (directory)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix directory that will be provided for a disk share or used for spooling by a printer share</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+/tmp</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+guest ok (public)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, authentication is not needed to access this share</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+comment</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the comment that appears with the share</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+volume</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the volume name: the DOS name of the physical drive</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share name</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+read only</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, allows read only access to a share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+writeable (write ok)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+no</code>, allows read only access to a share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-959473">
+4.5.1.1 path</a></h4><P CLASS="para">This option, which has the synonym <CODE CLASS="literal">
+directory</code>, indicates the pathname at the root of the file or printing share. You can choose any path on the Samba server, so long as the owner of the Samba process that is connecting has read and write access to that directory. If the path is for a printing share, it should point to a temporary directory where files can be written on the server before being spooled to the target printer (<I CLASS="filename">/tmp</i> and <I CLASS="filename">
+/var/spool</i> are popular choices). If this path is for a disk share, the contents of the folder representing the share name on the client will match the content of the directory on the Samba server. For example, if we have the following disk share listed in our configuration file:</p><PRE CLASS="programlisting">
+[network]
+	path = /export/samba/network
+	writable = yes
+<CODE CLASS="literal">
+	guest ok = yes</code></pre><P CLASS="para">
+And the contents of the directory <I CLASS="filename">
+/usr/local/network</i> on the Unix side are:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">$</code> ls -al /export/samba/network</b>
+</pre><PRE CLASS="programlisting">
+drwxrwxrwx  9  root   nobody  1024  Feb 16 17:17  .
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  ..
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  quicken
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  tax98
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  taxdocuments</pre><P CLASS="para">
+Then we should see the equivalent of <A CLASS="xref" HREF="ch04_05.html#ch04-88746">
+Figure 4.5</a> on the client side. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-88746">
+Figure 4.5: Windows client view of a network filesystem specified by path</a></h4><IMG CLASS="graphic" SRC="figs/sam.0405.gif" ALT="Figure 4.5"></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-943587">
+4.5.1.2 guest ok</a></h4><P CLASS="para">
+This option (which has an older synonym <CODE CLASS="literal">
+public</code>) allows or prohibits guest access to a share. The default value is <CODE CLASS="literal">
+no</code>. If set to <CODE CLASS="literal">
+yes</code>, it means that no username or password will be needed to connect to the share. When a user connects, the access rights will be equivalent to the designated guest user. The default account to which Samba offers the share is <CODE CLASS="literal">
+nobody</code>. However, this can be reset with the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> configuration option. For example, the following lines allow guest user access to the <CODE CLASS="literal">
+[accounting]</code> share with the permissions of the <EM CLASS="emphasis">
+ftp</em> account:</p><PRE CLASS="programlisting">
+[global]
+	guest account = ftp
+[accounting]
+	path = /usr/local/account
+	guest ok = yes</pre><P CLASS="para">
+Note that users can still connect to the share using a valid username/password combination. If successful, they will hold the access rights granted by their own account and not the guest account. If a user attempts to log in and fails, however, he or she will default to the access rights of the guest account. You can mandate that every user who attaches to the share will be using the guest account (and will have the permissions of the guest) by setting the option <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+only</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-943593">
+4.5.1.3 comment</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+comment</code> option allows you to enter a comment that will be sent to the client when it attempts to browse the share. The user can see the comment by listing Details on the share folder under the appropriate computer in the Windows Network Neighborhood, or type the command <CODE CLASS="literal">
+NET</code> <CODE CLASS="literal">
+VIEW</code> at an MS-DOS prompt. For example, here is how you might insert a comment for a <CODE CLASS="literal">
+[network]</code> share:</p><PRE CLASS="programlisting">
+[network]
+	comment = Network Drive
+	path = /export/samba/network</pre><P CLASS="para">
+This yields a folder similar to <A CLASS="xref" HREF="ch04_05.html#ch04-34850">
+Figure 4.6</a> on the client side. Note that with the current configuration of Windows, this comment will not be shown once a share is mapped to a Windows network drive. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-34850">
+Figure 4.6: Windows client view of a share comment</a></h4><IMG CLASS="graphic" SRC="figs/sam.0406.gif" ALT="Figure 4.6"><P CLASS="para">
+Be sure not to confuse the <CODE CLASS="literal">
+comment</code> option, which documents a Samba server's shares, with the <CODE CLASS="literal">
+server</code> <CODE CLASS="literal">
+string</code> option, which documents the server itself.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-967445">
+4.5.1.4 volume</a></h4><P CLASS="para">
+This option allows you to specify the volume name of the share as reported by SMB. This normally resolves to the name of the share given in the <I CLASS="filename">
+smb.conf</i>  file. However, if you wish to name it something else (for whatever reason) you can do so with this option.</p><P CLASS="para">
+For example, an installer program may check the volume name of a CD-ROM to make sure the right CD-ROM is in the drive before attempting to install it. If you copy the contents of the CD-ROM into a network share, and wish to install from there, you can use this option to get around the issue:</p><PRE CLASS="programlisting">
+[network]
+	comment = Network Drive
+	volume = ASVP-102-RTYUIKA
+	path = /home/samba/network</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-952861">
+4.5.1.5 read only and writeable</a></h4><P CLASS="para">
+The options <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+only</code> and <CODE CLASS="literal">
+writeable</code> (or <CODE CLASS="literal">
+write</code> <CODE CLASS="literal">
+ok</code>) are really two ways of saying the same thing, but approached from opposite ends. For example, you can set either of the following options in the <CODE CLASS="literal">
+[global]</code> section or in an individual share:</p><PRE CLASS="programlisting">
+read only = yes
+writeable = no</pre><P CLASS="para">
+If either option is set as shown, data can be read from a share, but cannot be written to it. You might think you would need this option only if you were creating a read-only share. However, note that this read-only behavior is the <EM CLASS="emphasis">
+default</em> action for shares; if you want to be able to write data to a share, you must explicitly specify one of the following options in the configuration file for each share:</p><PRE CLASS="programlisting">
+read only = no
+writeable = yes</pre><P CLASS="para">
+Note that if you specify more than one occurrence of either option, Samba will adhere to the last value it encounters for the share. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_04.html" TITLE="4.4 Server Configuration">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.4 Server Configuration" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_06.html" TITLE="4.6 Networking Options with Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.6 Networking Options with Samba" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.4 Server Configuration</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.6 Networking Options with Samba</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_06.html b/docs/htmldocs/using_samba/ch04_06.html
new file mode 100755
index 00000000000..897523cc55c
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_06.html
@@ -0,0 +1,414 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.6 Networking Options with Samba</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:15Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_05.html" TITLE="4.5 Disk Share Configuration">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.5 Disk Share Configuration" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_07.html" TITLE="4.7 Virtual Servers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.7 Virtual Servers" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-86705">
+4.6 Networking Options with Samba</a></h2><P CLASS="para">If you're running Samba on a multi-homed machine (that is, one on multiple subnets), or even if you want to implement a security policy on your own subnet, you should take a close look at the networking configuration options: </p><P CLASS="para">
+For the purposes of this exercise, let's assume that our Samba server is connected to a network with more than one subnet. Specifically, the machine can access both the 192.168.220.* and 134.213.233.* subnets. Here are our additions to the ongoing configuration file for the networking configuration options:</p><PRE CLASS="programlisting">
+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE
+
+	#  Networking configuration options
+	hosts allow = 192.168.220. 134.213.233. localhost
+	hosts deny = 192.168.220.102
+	interfaces = 192.168.220.100/255.255.255.0 \
+					134.213.233.110/255.255.255.0
+	bind interfaces only = yes
+
+[data]
+	path = /home/samba/data
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes
+	</pre><P CLASS="para">Let's first talk about the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> options. If these options sound familiar, you're probably thinking of the <I CLASS="filename">
+hosts.allow</i> and <I CLASS="filename">
+hosts.deny</i> files that are found in the <I CLASS="filename">
+/etc</i> directories of many Unix systems. The purpose of these options is identical to those files; they provide a means of security by allowing or denying the connections of other hosts based on their IP addresses. Why not just use the <I CLASS="filename">
+hosts.allow</i> and <I CLASS="filename">
+hosts.deny</i> files themselves? Because there may be services on the server that you want others to access without giving them access Samba's disk or printer shares</p><P CLASS="para">
+With the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> option above, we've specified a cropped IP address: 192.168.220. (Note that there is still a third period; it's just missing the fourth number.) This is equivalent to saying: "All hosts on the 192.168.220 subnet." However, we've explicitly specified in a hosts deny line that 192.168.220.102 is not to be allowed access.</p><P CLASS="para">
+You might be wondering: why will 192.168.220.102 be denied even though it is still in the subnet matched by the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> option? Here is how Samba sorts out the rules specified by <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code>:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-961914">
+</a>If there are no <CODE CLASS="literal">
+allow</code> or <CODE CLASS="literal">
+deny</code> options defined anywhere in <I CLASS="filename">
+smb.conf</i>, Samba will allow connections from any machine allowed by the system itself.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-961915">
+</a>If there are <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> or <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> options defined in the <CODE CLASS="literal">
+[global]</code> section of <I CLASS="filename">
+smb.conf</i>, they will apply to all shares, even if the shares have an overriding option defined.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-961916">
+</a>If there is only a <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> option defined for a share, only the hosts listed will be allowed to use the share. All others will be denied.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-961917">
+</a>If there is only a <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> option defined for a share, any machine which is not on the list will be able to use the share.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-961918">
+</a>If both a <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> option are defined, a host must appear in the allow list and not appear in the deny list (in any form) in order to access the share. Otherwise, the host will not be allowed.</p><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> Take care that you don't explicitly allow a host to access a share, but then deny access to the entire subnet of which the host is part.</p></blockquote></li></ol><P CLASS="para">
+Let's look at another example of that final item. Consider the following options:</p><PRE CLASS="programlisting">
+hosts allow = 111.222.
+hosts deny = 111.222.333.</pre><P CLASS="para">
+In this case, only the hosts that belong to the subnet 111.222.*.* will be allowed access to the Samba shares. However, if a client belongs to the 111.222.333.* subnet, it will be denied access, even though it still matches the qualifications outlined by <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code>. The client must appear on the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> list and <EM CLASS="emphasis">
+must not</em> appear on the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> list in order to gain access to a Samba share. If a computer attempts to access a share to which it is not allowed access, it will receive an error message.</p><P CLASS="para">
+The other two options that we've specified are the <CODE CLASS="literal">
+interfaces</code> and the <CODE CLASS="literal">
+bind</code> <CODE CLASS="literal">
+interface</code> <CODE CLASS="literal">
+only</code> address. Let's look at the <CODE CLASS="literal">
+interfaces</code> option first. Samba, by default, sends data only from the primary network interface, which in our example is the 192.168.220.100 subnet. If we would like it to send data to more than that one interface, we need to specify the complete list with the <CODE CLASS="literal">
+interfaces</code> option. In the previous example, we've bound Samba to interface with both subnets (192.168.220 and 134.213.233) on which the machine is operating by specifying the other network interface address: 134.213.233.100. If you have more than one interface on your computer, you should always set this option as there is no guarantee that the primary interface that Samba chooses will be the right one.</p><P CLASS="para">
+Finally, the <CODE CLASS="literal">
+bind</code> <CODE CLASS="literal">
+interfaces</code> <CODE CLASS="literal">
+only</code> option instructs the <I CLASS="filename">
+nmbd</i> process not to accept any broadcast messages other than those subnets specified with the <CODE CLASS="literal">
+interfaces</code> option. Note that this is different from the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> options, which prevent machines from making connections to services, but not from receiving broadcast messages. Using the <CODE CLASS="literal">
+bind</code> <CODE CLASS="literal">
+interfaces</code> <CODE CLASS="literal">
+only</code> option is a way to shut out even datagrams from foreign subnets from being received by the Samba server. In addition, it instructs the <EM CLASS="emphasis">
+smbd </em>process to bind to only the interface list given by the <EM CLASS="emphasis">
+interfaces</em> option. This restricts the networks that Samba will serve.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-961674">
+4.6.1 Networking Options</a></h3><P CLASS="para">The networking options we introduced above are summarized in <A CLASS="xref" HREF="ch04_06.html#ch04-32963">
+Table 4.5</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-32963">
+Table 4.5: Networking Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+hosts allow (allow hosts)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of hostnames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the machines that can connect to Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+none</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+hosts deny (deny hosts)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of hostnames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the machines that cannot connect to Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+none</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+interfaces</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of IP/netmask combinations)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the network interfaces Samba will respond to. Allows correcting defaults.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+system-dependent</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+bind</code></p><P CLASS="para">
+<CODE CLASS="literal">
+interfaces only</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, Samba will bind only to those interfaces specified by the <CODE CLASS="literal">
+interfaces</code> option.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+socket</code></p><P CLASS="para">
+<CODE CLASS="literal">
+address</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (IP address)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets IP address to listen on, for use with multiple virtual interfaces on a server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+none</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-961754">
+4.6.1.1 hosts allow</a></h4><P CLASS="para">The <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> option (sometimes written as <CODE CLASS="literal">
+allow</code> <CODE CLASS="literal">
+hosts</code>) specifies the machines that have permission to access shares on the Samba server, written as a comma- or space-separated list of names of machines or their IP addresses. You can gain quite a bit of security by simply placing your LAN's subnet address in this option. For example, we specified the following in our example:</p><PRE CLASS="programlisting">
+hosts allow = 192.168.220. localhost</pre><P CLASS="para">
+Note that we placed <CODE CLASS="literal">
+localhost</code> after the subnet address. One of the most common mistakes when attempting to use the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> option is to accidentally disallow the Samba server from communicating with itself. The <I CLASS="filename">
+smbpasswd</i> program will occasionally need to connect to the Samba server as a client in order to change a user's encrypted password. In addition, local browsing propagation requires local host access. If this option is enabled and the localhost address is not specified, the locally-generated packets requesting the change of the encrypted password will be discarded by Samba, and browsing propagation will not work properly. To avoid this, explicitly allow the loopback address (either <CODE CLASS="literal">
+localhost</code> or <CODE CLASS="literal">
+127.0.0.1</code>) to be used.[<A CLASS="footnote" HREF="#ch04-pgfId-965714">3</a>] </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch04-pgfId-965714">[3]</a> Starting with Samba 2.0.5, <CODE CLASS="literal">
+localhost</code> will automatically be allowed unless it is explicitly denied.</p></div></blockquote><P CLASS="para">
+You can specify any of the following formats for this option: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959824">
+</a>Hostnames, such as <CODE CLASS="literal">
+ftp.example.com</code>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959825">
+</a>IP addresses, like <CODE CLASS="literal">
+130.63.9.252</code>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959826">
+</a>Domain names, which can be differentiated from individual hostnames because they start with a dot. For example, <CODE CLASS="literal">.ora.com</code> represents all machines within the <EM CLASS="emphasis">
+ora.com</em> domain.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959827">
+</a>Netgroups, which start with an at-sign, such as <CODE CLASS="literal">
+@printerhosts</code>. Netgroups are available on systems running yellow pages/NIS or NIS+, but rarely otherwise. If netgroups are supported on your system, there should be a <CODE CLASS="literal">
+netgroups</code> manual page that describes them in more detail.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959828">
+</a>Subnets, which end with a dot. For example, <CODE CLASS="literal">
+130.63.9.</code> means all the machines whose IP addresses begin with 130.63.9.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959830">
+</a>The keyword <CODE CLASS="literal">
+ALL</code>, which allows any client access.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch04-pgfId-959831">
+</a>The keyword <CODE CLASS="literal">
+EXCEPT</code> followed by more one or more names, IP addresses, domain names, netgroups, or subnets. For example, you could specify that Samba allow all hosts except those on the 192.168.110 subnet with <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+ALL</code> <CODE CLASS="literal">
+EXCEPT</code> <CODE CLASS="literal">
+192.168.110.</code> (remember the trailing dot).</p></li></ul><P CLASS="para">
+Using the <CODE CLASS="literal">
+ALL</code> keyword is almost always a bad idea, since it means that anyone on any network can browse your files if they guess the name of your server. </p><P CLASS="para">
+Note that there is no default value for the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> configuration option, although the default course of action in the event that neither option is specified is to allow access from all sources. In addition, if you specify this option in the <CODE CLASS="literal">
+[global]</code> section of the configuration file, it will override any <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> options defined shares.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-959836">
+4.6.1.2 hosts deny</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> option (also <CODE CLASS="literal">
+deny</code> <CODE CLASS="literal">
+hosts</code>) specifies machines that do not have permission to access a share, written as a comma- or space-separated list of machine names or their IP addresses. Use the same format as specifying clients as the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> option above. For example, to restrict access to the server from everywhere but <I CLASS="filename">
+example.com</i>, you could write:</p><PRE CLASS="programlisting">
+hosts deny = ALL EXCEPT .example.com</pre><P CLASS="para">
+Like <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code>, there is no default value for the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> configuration option, although the default course of action in the event that neither option is specified is to allow access from all sources. Also, if you specify this option in the <CODE CLASS="literal">
+[global]</code> section of the configuration file, it will override any <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> options defined in shares. If you wish to deny <EM CLASS="emphasis">
+hosts</em> access to specific shares, omit both the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> and <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> options in the <CODE CLASS="literal">
+[global]</code> section of the configuration file.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-958192">
+4.6.1.3 interfaces</a></h4><P CLASS="para">The <CODE CLASS="literal">
+interfaces</code> option outlines the network addresses to which you want the Samba server to recognize and respond. This option is handy if you have a computer that resides on more than one network subnet. If this option is not set, Samba searches for the primary network interface of the server (typically the first Ethernet card) upon startup and configures itself to operate on only that subnet. If the server is configured for more than one subnet and you do not specify this option, Samba will only work on the first subnet it encounters. You must use this option to force Samba to serve the other subnets on your network.</p><P CLASS="para">
+The value of this option is one or more sets of IP address/netmask pairs, such as the following:</p><PRE CLASS="programlisting">
+interfaces = 192.168.220.100/255.255.255.0 192.168.210.30/255.255.255.0</pre><P CLASS="para">
+You can optionally specify a CIDR format bitmask, as follows:</p><PRE CLASS="programlisting">
+interfaces = 192.168.220.100/24 192.168.210.30/24</pre><P CLASS="para">
+The bitmask number specifies the first number of bits that will be turned on in the netmask. For example, the number 24 means that the first 24 (of 32) bits will be activated in the bit mask, which is the same as saying 255.255.255.0. Likewise, 16 would be equal to 255.255.0.0, and 8 would be equal to 255.0.0.0.</p><P CLASS="para">
+This option may not work correctly if you are using DHCP.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-968052">
+4.6.1.4 bind interfaces only</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+bind</code> <CODE CLASS="literal">
+interfaces</code> <CODE CLASS="literal">
+only</code> option can be used to force the <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em> processes to serve SMB requests to only those addresses specified by the <CODE CLASS="literal">
+interfaces</code> option. The <EM CLASS="emphasis">
+nmbd</em> process normally binds to the all addresses interface (0.0.0.0.) on ports 137 and 138, allowing it to receive broadcasts from anywhere. However, you can override this behavior with the following:</p><PRE CLASS="programlisting">
+bind interfaces only = yes</pre><P CLASS="para">
+This will cause both Samba processes to ignore any packets whose origination address does not match the broadcast address(es) specified by the <CODE CLASS="literal">
+interfaces</code> option, including broadcast packets. With <EM CLASS="emphasis">
+smbd</em>, this option will cause Samba to not serve file requests to subnets other than those listed in the <CODE CLASS="literal">
+interfaces</code> option. You should avoid using this option if you want to allow temporary network connections, such as those created through SLIP or PPP. It's very rare that this option is needed, and it should only be used by experts.</p><P CLASS="para">
+If you set <CODE CLASS="literal">
+bind interfaces only</code> to <CODE CLASS="literal">
+yes</code>, you should add the localhost address (127.0.01) to the "interfaces" list. Otherwise, <EM CLASS="emphasis">
+smbpasswd</em> will be unable to connect to the server using its default mode in order to change a password. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-958204">
+4.6.1.5 socket address</a></h4><P CLASS="para">The <CODE CLASS="literal">
+socket</code> <CODE CLASS="literal">
+address</code> option dictates which of the addresses specified with the <CODE CLASS="literal">
+interfaces</code> parameter Samba should listen on for connections. Samba accepts connections on all addresses specified by default. When used in an <I CLASS="filename">
+smb.conf</i>  file, this option will force Samba to listen on only one IP address. For example:</p><PRE CLASS="programlisting">
+interfaces = 192.168.220.100/24 192.168.210.30/24
+socket address = 192.168.210.30</pre><P CLASS="para">
+This option is a programmer's tool and we recommend that you do not use it. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_05.html" TITLE="4.5 Disk Share Configuration">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.5 Disk Share Configuration" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_07.html" TITLE="4.7 Virtual Servers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.7 Virtual Servers" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.5 Disk Share Configuration</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.7 Virtual Servers</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_07.html b/docs/htmldocs/using_samba/ch04_07.html
new file mode 100755
index 00000000000..6f5d495a0b1
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_07.html
@@ -0,0 +1,151 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.7 Virtual Servers</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:17Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_06.html" TITLE="4.6 Networking Options with Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.6 Networking Options with Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_08.html" TITLE="4.8 Logging Configuration Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.8 Logging Configuration Options" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-16899">
+4.7 Virtual Servers</a></h2><P CLASS="para">Virtual servers are a technique for creating the illusion of multiple NetBIOS servers on the network, when in reality there is only one. The technique is simple to implement: a machine simply registers more than one NetBIOS name in association with its IP address. There are tangible benefits to doing this.</p><P CLASS="para">
+The accounting department, for example, might have an <CODE CLASS="literal">
+accounting</code> server, and clients of it would see just the accounting disks and printers. The marketing department could have their own server, <CODE CLASS="literal">
+marketing</code>, with their own reports, and so on. However, all the services would be provided by one medium-sized Unix workstation (and one relaxed administrator), instead of having one small server and one administrator per department.</p><P CLASS="para">
+Samba will allow a Unix server to use more than one NetBIOS name with the <CODE CLASS="literal">
+netbios</code> <CODE CLASS="literal">
+aliases</code> option. See <A CLASS="xref" HREF="ch04_07.html#ch04-92259">
+Table 4.6</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-92259">
+Table 4.6: Virtual Server Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+netbios aliases</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">List of NetBIOS names</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Additional NetBIOS names to respond to, for use with multiple "virtual" Samba servers.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-962377">
+4.7.1 netbios aliases</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+netbios</code> <CODE CLASS="literal">
+aliases</code> option can be used to give the Samba server more than one NetBIOS name. Each NetBIOS name listed as a value will be displayed in the Network Neighborhood of a browsing machine. When a connection is requested to any machine, however, it will connect to the same Samba server.</p><P CLASS="para">
+This might come in handy, for example, if you're transferring three departments' data to a single Unix server with modern large disks, and are retiring or reallocating the old NT servers. If the three servers are called <CODE CLASS="literal">
+sales</code>, <CODE CLASS="literal">
+accounting</code>, and <CODE CLASS="literal">
+admin</code>, you can have Samba represent all three servers with the following options:</p><PRE CLASS="programlisting">
+[global]
+	netbios aliases = sales accounting admin
+	include = /usr/local/samba/lib/smb.conf.%L</pre><P CLASS="para">
+See <A CLASS="xref" HREF="ch04_07.html#ch04-28393">
+Figure 4.7</a> for what the Network Neighborhood would display from a client.When a client attempts to connect to Samba, it will specify the name of the server that it's trying to connect to, which you can access through the <CODE CLASS="literal">
+%L</code> variable. If the requested server is <CODE CLASS="literal">
+sales</code>, Samba will include the <I CLASS="filename">
+/usr/local/samba/lib/smb.conf.sales</i> file. This file might contain global and share declarations exclusively for the sales team, such as the following:</p><PRE CLASS="programlisting">
+[global]
+	workgroup = SALES
+	hosts allow = 192.168.10.255
+
+[sales1998]
+	path = /usr/local/samba/sales/sales1998/
+...</pre><P CLASS="para">
+This particular example would set the workgroup to SALES as well, and set the IP address to allow connections only from the SALES subnet (192.168.10). In addition, it would offer shares specific to the sales department.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch04-28393">
+Figure 4.7: Using NetBIOS aliases for a Samba server </a></h4><IMG CLASS="graphic" SRC="figs/sam.0407.gif" ALT="Figure 4.7"></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_06.html" TITLE="4.6 Networking Options with Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.6 Networking Options with Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_08.html" TITLE="4.8 Logging Configuration Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 4.8 Logging Configuration Options" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.6 Networking Options with Samba</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+4.8 Logging Configuration Options</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch04_08.html b/docs/htmldocs/using_samba/ch04_08.html
new file mode 100755
index 00000000000..7336022e151
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch04_08.html
@@ -0,0 +1,423 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 4] 4.8 Logging Configuration Options</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:18Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_07.html" TITLE="4.7 Virtual Servers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.7 Virtual Servers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch04_01.html" TITLE="4. Disk Shares ">
+Chapter 4<br>
+Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch05_01.html" TITLE="5. Browsing and Advanced Disk Shares ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5. Browsing and Advanced Disk Shares " BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch04-29331">
+4.8 Logging Configuration Options</a></h2><P CLASS="para">Occasionally, we need to find out what Samba is up to. This is especially true when Samba is performing an unexpected action or is not performing at all. To find out this information, we need to check Samba's log files to see exactly why it did what it did.</p><P CLASS="para">
+Samba log files can be as brief or verbose as you like. Here is an example of what a Samba log file looks like:</p><PRE CLASS="programlisting">
+[1999/07/21 13:23:25, 3] smbd/service.c:close_cnum(514)
+  phoenix (192.168.220.101) closed connection to service IPC$
+[1999/07/21 13:23:25, 3] smbd/connection.c:yield_connection(40)
+  Yielding connection to IPC$
+[1999/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+  Transaction 923 of length 49
+[1999/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+  switch message SMBread (pid 467)
+[1999/07/21 13:23:25, 3] lib/doscalls.c:dos_ChDir(336)
+  dos_ChDir to /home/samba
+[1999/07/21 13:23:25, 3] smbd/reply.c:reply_read(2199)
+  read fnum=4207 num=2820 nread=2820
+[1999/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+  Transaction 924 of length 55
+[1999/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+  switch message SMBreadbraw (pid 467)
+[1999/07/21 13:23:25, 3] smbd/reply.c:reply_readbraw(2053)
+  readbraw fnum=4207 start=130820 max=1276 min=0 nread=1276
+[1999/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+  Transaction 925 of length 55
+[1999/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+  switch message SMBreadbraw (pid 467)                          </pre><P CLASS="para">
+Many of these options are of use only to Samba programmers. However, we will go over the meaning of some of these entries in more detail in <a href="ch09_01.html"><b>Chapter 9, <CITE CLASS="chapter">Troubleshooting Samba</cite></b></a>.</p><P CLASS="para">
+Samba contains six options that allow users to describe how and where logging information should be written. Each of these options are global options and cannot appear inside a share definition. Here is an up-to-date configuration file that covers each of the share and logging options that we've seen so far:</p><PRE CLASS="programlisting">
+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%I)
+	workgroup = SIMPLE
+
+	#  Networking configuration options
+	hosts allow = 192.168.220. 134.213.233. localhost
+	hosts deny = 192.168.220.102
+	interfaces = 192.168.220.100/255.255.255.0 \
+					134.213.233.110/255.255.255.0
+	bind interfaces only = yes
+
+	# Debug logging information
+	log level = 2
+	log file = /var/log/samba.log.%m
+	max log size = 50
+	debug timestamp = yes
+
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes
+	</pre><P CLASS="para">
+	Here, we've added a custom log file that reports information up to debug level 2. This is a relatively light debugging level. The logging level ranges from 1 to 10, where level 1 provides only a small amount of information and level 10 provides a plethora of low-level information. Level 2 will provide us with useful debugging information without wasting disk space on our server. In practice, you should avoid using log levels greater than 3 unless you are programming Samba.</p><P CLASS="para">
+This file is located in the <I CLASS="filename">
+/var/log</i> directory thanks to the <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+file</code> configuration option. However, we can use variable substitution to create log files specifically for individual users or clients, such as with the <CODE CLASS="literal">
+%m</code> variable in the following line:</p><PRE CLASS="programlisting">
+log file = /usr/local/logs/samba.log.%m</pre><P CLASS="para">
+Isolating the log messages can be invaluable in tracking down a network error if you know the problem is coming from a specific machine or user.</p><P CLASS="para">
+We've added another precaution to the log files: no one log file can exceed 50 kilobytes in size, as specified by the <CODE CLASS="literal">
+max</code> <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+size</code> option. If a log file exceeds this size, the contents are moved to a file with the same name but with the suffix <EM CLASS="emphasis">
+.old</em> appended. If the <EM CLASS="emphasis">
+.old</em> file already exists, it is overwritten and its contents are lost. The original file is cleared, waiting to receive new logging information. This prevents the hard drive from being overwhelmed with Samba log files during the life of our daemons.</p><P CLASS="para">
+For convenience, we have decided to leave the debug timestamp in the logs with the <CODE CLASS="literal">
+debug</code> <CODE CLASS="literal">
+timestamp</code> option, which is the default behavior. This will place a timestamp next to each message in the logging file. If we were not interested in this information, we could specify <CODE CLASS="literal">
+no</code> for this option instead.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-97929">
+4.8.1 Using syslog</a></h3><P CLASS="para">
+If you wish to use the system logger (<I CLASS="filename">syslog</i>) in addition to or in place of the standard Samba logging file, Samba provides options for this as well. However, to use <I CLASS="filename">
+syslog</i>, the first thing you will have to do is make sure that Samba was built with the <CODE CLASS="literal">
+configure</code> <CODE CLASS="literal">
+--with-syslog</code> option. See <a href="ch02_01.html"><b>Chapter 2</b></a> for more information on configuring and compiling Samba.</p><P CLASS="para">
+Once that is done, you will need to configure your <I CLASS="filename">
+/etc/syslog.conf</i> to accept logging information from Samba. If there is not already a <CODE CLASS="literal">
+daemon.*</code> entry in the <CODE CLASS="replaceable">
+<I>
+/etc/syslog.conf</i></code> file, add the following:</p><PRE CLASS="programlisting">
+daemon.*        /var/log/daemon.log</pre><P CLASS="para">
+This specifies that any logging information from system daemons will be stored in the <I CLASS="filename">
+/var/log/daemon.log</i> file. This is where the Samba information will be stored as well. From there, you can specify the following global option in your configuration file:</p><PRE CLASS="programlisting">
+syslog = 2</pre><P CLASS="para">
+This specifies that any logging messages with a level of 1 will be sent to both the <I CLASS="filename">
+syslog</i> and the Samba logging files. (The mappings to <I CLASS="filename">
+syslog</i> priorities are described in the upcoming section "syslog.") Let's assume that we set the regular <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> option above to 4. Any logging messages with a level of 2, 3, or 4 will be sent to the Samba logging files, but not to the <I CLASS="filename">
+syslog</i>. Only level 1 logging messages will be sent to both. If the <CODE CLASS="literal">
+syslog</code> value exceeds the <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> value, nothing will be written to the <I CLASS="filename">
+syslog</i>.</p><P CLASS="para">
+If you want to specify that messages be sent only to <I CLASS="filename">
+syslog</i>&nbsp;- and not to the standard Samba logging files&nbsp;- you can place this option in the configuration file:</p><PRE CLASS="programlisting">
+syslog only = yes</pre><P CLASS="para">
+If this is the case, any logging information above the number specified in the <CODE CLASS="literal">
+syslog</code> option will be discarded, just like the <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> option.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch04-pgfId-961771">
+4.8.2 Logging Configuration Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch04_08.html#ch04-92838">
+Table 4.7</a> lists each of the logging configuration options that Samba can use. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-92838">
+Table 4.7: Global Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+log file</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified filename)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the name and location of the log file that Samba is to use. Uses standard variables.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specified in Samba makefile</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+log level</code></p><P CLASS="para">
+<CODE CLASS="literal">
+(debug level)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (0-10)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the amount of log/debug messages that are sent to the log file. 0 is none, 3 is considerable.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max log size</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (size in KB)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the maximum size of log file. After the log exceeds this size, the file will be renamed to <EM CLASS="emphasis">
+.bak </em>and a new log file started.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+5000</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+debug</code></p><P CLASS="para">
+<CODE CLASS="literal">
+timestamp (timestamp logs)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If no, doesn't timestamp logs, making them easier to read during heavy debugging.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+syslog</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (0-10)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets level of messages sent to <EM CLASS="emphasis">
+syslog</em>. Those levels below <CODE CLASS="literal">
+syslog level</code> will be sent to the system logger.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+syslog only</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If yes, uses <EM CLASS="emphasis">
+syslog</em> entirely and sends no output to the standard Samba log files.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-log-file-option">
+4.8.2.1 log file</a></h4><P CLASS="para">
+On our server, Samba outputs log information to text files in the <I CLASS="filename">
+var</i> subdirectory of the Samba home directory, as set by the makefile during the build. The <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+file</code> option can be used to reset the name of the log file to another location. For example, to reset the name and location of the Samba log file to <I CLASS="filename">
+/usr/local/logs/samba.log</i>, you could use the following:</p><PRE CLASS="programlisting">
+[global]
+	log file = /usr/local/logs/samba.log</pre><P CLASS="para">
+You may use variable substitution to create log files specifically for individual users or clients.</p><P CLASS="para">
+You can override the default log file location using the <CODE CLASS="literal">
+-l</code> command-line switch when either daemon is started. However, this does not override the <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+file</code> option. If you do specify this parameter, initial logging information will be sent to the file specified after <CODE CLASS="literal">
+-l</code> (or the default specified in the Samba makefile) until the daemons have processed the <I CLASS="filename">
+smb.conf</i> file and know to redirect it to a new log file.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-953284">
+4.8.2.2 log level</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> option sets the amount of data to be logged. Normally this is left at 0 or 1. However, if you have a specific problem you may want to set it at 3, which provides the most useful debugging information you would need to track down a problem. Levels above 3 provide information that's primarily for the developers to use for chasing internal bugs, and slows down the server considerably. Therefore, we recommend that you avoid setting this option to anything above 3. </p><PRE CLASS="programlisting">
+[global]
+log file = /usr/local/logs/samba.log.%m
+log level = 3</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-960212">
+4.8.2.3 max log size</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+max</code> <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+size</code> option sets the maximum size, in kilobytes, of the debugging log file that Samba keeps. When the log file exceeds this size, the current log file is renamed to add an <EM CLASS="emphasis">
+.old</em> extension (erasing any previous file with that name) and a new debugging log file is started with the original name. For example:</p><PRE CLASS="programlisting">
+[global]
+log file = /usr/local/logs/samba.log.%m
+max log size = 1000</pre><P CLASS="para">
+Here, if the size of any log file exceeds one megabyte in size, Samba renames the log file <EM CLASS="emphasis">
+samba.log. </em><CODE CLASS="replaceable">
+<I>
+machine-name</i></code><EM CLASS="emphasis">
+.old</em> and a new log file is generated. If there was a file there previously with the <EM CLASS="emphasis">
+.old</em> extension, Samba deletes it. We highly recommend setting this option in your configuration files because debug logging (even at lower levels) can covertly eat away at your available disk space. Using this option protects unwary administrators from suddenly discovering that most of their disk space has been swallowed up by a single Samba log file.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-953294">
+4.8.2.4 debug timestamp or timestamp logs</a></h4><P CLASS="para">
+If you happen to be debugging a network problem and you find that the date-stamp and timestamp information within the Samba log lines gets in the way, you can turn it off by giving either the <CODE CLASS="literal">
+timestamp</code> <CODE CLASS="literal">
+logs</code> or the <CODE CLASS="literal">
+debug</code> <CODE CLASS="literal">
+timestamp</code> option (they're synonymous) a value of <CODE CLASS="literal">
+no</code>. For example, a regular Samba log file presents its output in the following form:</p><PRE CLASS="programlisting">
+12/31/98 12:03:34 hydra (192.168.220.101) connect to server network as user davecb</pre><P CLASS="para">
+With a <CODE CLASS="literal">
+no</code> value for this option, the output would appear without the datestamp or  the timestamp:</p><PRE CLASS="programlisting">
+hydra (192.168.220.101) connect to server network as user davecb</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-78696">
+4.8.2.5 syslog</a></h4><P CLASS="para">The <CODE CLASS="literal">
+syslog</code> option causes Samba log messages to be sent to the Unix system logger. The type of log information to be sent is specified as the parameter for this argument. Like the <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> option, it can be a number from 0 to 10. Logging information with a level less than the number specified will be sent to the system logger. However, debug logs equal to or above the <CODE CLASS="literal">
+syslog</code> level, but less than log level, will still be sent to the standard Samba log files. To get around this, use the <CODE CLASS="literal">
+syslog</code> <CODE CLASS="literal">
+only</code> option. For example:</p><PRE CLASS="programlisting">
+[global]
+	log level = 3
+	syslog = 1</pre><P CLASS="para">
+With this, all logging information with a level of 0 would be sent to the standard Samba logs and the system logger, while information with levels 1, 2, and 3 would be sent only to the standard Samba logs. Levels above 3 are not logged at all. Note that all messages sent to the system logger are mapped to a priority level that the <EM CLASS="emphasis">
+syslog</em> process understands, as shown in <A CLASS="xref" HREF="ch04_08.html#ch04-80576">
+Table 4.8</a>. The default level is 1.    </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch04-80576">
+Table 4.8: Syslog Priority Conversion </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Log Level</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Syslog Priority</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+0</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LOG_ERR</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LOG_WARNING</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LOG_NOTICE</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LOG_INFO</code></p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4 and above</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+LOG_DEBUG</code></p></td></tr></tbody></table><P CLASS="para">
+If you wish to use <EM CLASS="emphasis">
+syslog</em>, you will have to run <CODE CLASS="literal">
+configure</code> <CODE CLASS="literal">
+--with-syslog</code> when compiling Samba, and you will need to configure your <I CLASS="filename">
+/etc/syslog.conf</i> to suit. (See the section <A CLASS="xref" HREF="ch04_08.html#ch04-97929">
+Section 4.8.1, Using syslog</a>, earlier in this chapter.)</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch04-pgfId-953338">
+4.8.2.6 syslog only</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+syslog</code> <CODE CLASS="literal">
+only</code> option tells Samba not to use the regular logging files&nbsp;- the system logger only. To enable this, specify the following option in the global ection of the Samba configuration file:</p><PRE CLASS="programlisting">
+[global]
+	syslog only = yes </pre></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_07.html" TITLE="4.7 Virtual Servers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.7 Virtual Servers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch05_01.html" TITLE="5. Browsing and Advanced Disk Shares ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5. Browsing and Advanced Disk Shares " BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.7 Virtual Servers</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+5. Browsing and Advanced Disk Shares </td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch05_01.html b/docs/htmldocs/using_samba/ch05_01.html
new file mode 100755
index 00000000000..d45bd13f32d
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch05_01.html
@@ -0,0 +1,786 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 5] Browsing and Advanced Disk Shares </title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:41Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_08.html" TITLE="4.8 Logging Configuration Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.8 Logging Configuration Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 5</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_02.html" TITLE="5.2 Filesystem Differences">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.2 Filesystem Differences" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch05-51347">
+5. Browsing and Advanced Disk Shares </a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch05-23763" TITLE="5.1 Browsing">
+Browsing</a><br>
+<A CLASS="sect1" HREF="ch05_02.html" TITLE="5.2 Filesystem Differences">
+Filesystem Differences</a><br>
+<A CLASS="sect1" HREF="ch05_03.html" TITLE="5.3 File Permissions and Attributes on MS-DOS and Unix">
+File Permissions and Attributes on MS-DOS and Unix</a><br>
+<A CLASS="sect1" HREF="ch05_04.html" TITLE="5.4 Name Mangling and Case">
+Name Mangling and Case</a><br>
+<A CLASS="sect1" HREF="ch05_05.html" TITLE="5.5 Locks and Oplocks">
+Locks and Oplocks</a></p><P>
+</p></div><P CLASS="para">This chapter continues our discussion of disk shares from the previous chapter. Here, we will discuss various differences between the Windows and Unix filesystems&nbsp;- and how Samba works to bridge the gap. There are a surprising number of inconsistencies between a DOS filesystem and a Unix filesystem. In addition, we will talk briefly about name mangling, file locking, and a relatively new feature for Samba: opportunistic locking, or oplocks. However, before we move into that territory, we should first discuss the somewhat arcane topic of browsing with Samba.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch05-23763">
+5.1 Browsing</a></h2><P CLASS="para">
+Browsing is the ability to examine the servers and shares that are currently available on your network. On a Windows NT 4.0 or 95/98 client, a user can browse network servers through the Network Neighborhood folder. By double-clicking  the icon representing the server, the user should be able to see the printer and disk share resources available on that machine as well. (If you have Windows NT 3.<EM CLASS="emphasis">
+x</em>, you can use the Disk-Connect Network Drive menu in the File Manager to display the available shares on a server.) </p><P CLASS="para">
+From the Windows command line, you can also use the <CODE CLASS="literal">
+net</code> <CODE CLASS="literal">
+view</code> option to see which servers are currently on the network. Here is an example of the <CODE CLASS="literal">
+net</code> <CODE CLASS="literal">
+view</code> command in action:</p><PRE CLASS="programlisting">C:\&gt;<CODE CLASS="userinput"><B> net view</b></code>
+Servers available in workgroup SIMPLE
+Server name            Remark
+----------------------------------------------------------
+\\CHIMAERA             Windows NT 4.0
+\\HYDRA                Samba 2.0.4 on (hydra)
+\\PHOENIX              Windows 98</pre><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-962596">
+5.1.1 Preventing Browsing</a></h3><P CLASS="para">You can restrict a share from being in a browse list by using the <CODE CLASS="literal">
+browseable</code> option. This boolean option prevents a share from being seen in the Network Neighborhood at all. For example, to prevent the <CODE CLASS="literal">
+[data]</code> share from the previous chapter from being visible, we could write:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = no
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes</pre><P CLASS="para">
+Although you typically don't want to do this to an ordinary disk share, the browseable option is useful in the event that you need to create a share with contents that you do not want others to see, such as a <CODE CLASS="literal">
+[netlogin]</code> share for storing logon scripts for Windows domain control (see <a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains</cite></b></a> for more information on logon scripts).</p><P CLASS="para">
+Another example is the <CODE CLASS="literal">
+[homes]</code> share. This share is often marked non-browsable so that a share named <CODE CLASS="literal">
+[homes]</code> won't appear when its machine's resources are browsed. However, if a user <CODE CLASS="literal">
+alice</code> logs on and looks at the machine's shares, an <CODE CLASS="literal">
+[alice]</code> share will appear under the machine. What if we wanted to make sure <CODE CLASS="literal">
+alice</code>'s share appeared to everyone before she logs in? This could be done with the global <CODE CLASS="literal">
+auto</code> <CODE CLASS="literal">
+services</code> option. This option preloads shares into the browse list to ensure that they are always visible: </p><PRE CLASS="programlisting">
+[global]
+	...
+	auto services = alice
+	...</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-962409">
+5.1.2 Default Services</a></h3><P CLASS="para">
+In the event that a user cannot successfully connect to a share, you can specify a default share to which they can connect. Since you do not know who will default to this share at any time, you will probably want to set the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> option to <CODE CLASS="literal">
+yes</code> for this share. Specifying a <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+service</code> can be useful when sending the utterly befuddled to a directory of help files. For example:</p><PRE CLASS="programlisting">
+[global]
+	...
+	default service = helpshare
+	...
+	
+[helpshare]
+	path = /home/samba/helpshare/%S
+	browseable = yes
+	guest ok = yes
+	comment = Default Share for Unsuccessful Connections
+	volume = Sample-Data-Drive
+	writeable = no</pre><P CLASS="para">
+Note that we used the <CODE CLASS="literal">
+%S</code> variable in the <CODE CLASS="literal">
+path</code> option. If you use the <CODE CLASS="literal">
+%S</code> variable, it will refer to the requested nonexistent share (the original share requested by the user), not the name of the resulting default share. This allows us to create different paths with the names of each server, which can provide more customized help files for users. In addition, any underscores (_) specified in the requested share will be converted to slashes (/) when the <CODE CLASS="literal">
+%S</code> variable is used.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-969505">
+5.1.3 Browsing Elections</a></h3><P CLASS="para">As mentioned in <a href="ch01_01.html"><b>Chapter 1, <CITE CLASS="chapter">Learning the Samba</cite></b></a>, one machine in each subnet always keeps a list of the currently active machines. This list is called the <I CLASS="firstterm">
+browse list</i> and the server that maintains it is called the <I CLASS="firstterm">local master browser</i>. As machines come on and off the network, the local master browser continually updates the information in the browse list and provides it to any machine that requests it.</p><P CLASS="para">
+A computer becomes a local master browser by holding a browsing election on the local subnet. Browsing elections can be called at any time. Samba can rig a browsing election for a variety of outcomes, including always becoming the local master browser of the subnet or never becoming it. For example, the following options, which we've added to the configuration file from <a href="ch04_01.html"><b>Chapter 4, <CITE CLASS="chapter">Disk Shares</cite></b></a>, will ensure that Samba always wins the election for local master browser no matter which machines are also present:</p><PRE CLASS="programlisting">
+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE
+
+	#  Browsing election options
+	os level = 34
+	local master = yes
+
+	#  Networking configuration options
+	hosts allow = 192.168.220. 134.213.233. localhost
+	hosts deny = 192.168.220.102
+	interfaces = 192.168.220.100/255.255.255.0 \
+					134.213.233.110/255.255.255.0
+
+	# Debug logging information
+	log level = 2
+	log file = /var/log/samba.log.%m
+	max log size = 50
+	debug timestamp = yes
+
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writable = yes</pre><P CLASS="para">
+However, what if we didn't always want to win the election? What if we wanted to yield browsing to a Windows NT Server if present? In order to do that, we need to learn how browsing elections work. As you already know, each machine that takes place in the election must broadcast information about itself. This information includes the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962259">
+</a>The version of the election protocol used</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962260">
+</a>The operating system on the machine</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962261">
+</a>The amount of time the client has been on the network</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962267">
+</a>The hostname of the client</p></li></ul><P CLASS="para">
+Here is how the election is decided. Operating systems are assigned a binary value according to their version, as shown in <A CLASS="xref" HREF="ch05_01.html#ch05-51423">
+Table 5.1</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-51423">
+Table 5.1: Operating System Values in an Election </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Operating System</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Value</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Windows NT Server 4.0</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+33</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT Server 3.51</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+32</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT Workstation 4.0</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+17</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT Workstation 3.51</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+16</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 98</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 95</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 3.1 for Workgroups</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td></tr></tbody></table><P CLASS="para">
+Following that, each computer on the network is assigned a separate value according to its role, as shown in <A CLASS="xref" HREF="ch05_01.html#ch05-pgfId-962213">
+Table 5.2</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-pgfId-962213">
+Table 5.2: Computer Role Settings in an Election </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Role</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Value</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Primary Domain Controller</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+128</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+WINS Client</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+32</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Preferred Master Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+8</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Active Master Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+4</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Standby Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+2</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Active Backup Browser</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+1</p></td></tr></tbody></table><P CLASS="para">Elections are decided in the following order:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962245">
+</a>The machine with the highest version of the election protocol will win. (So far, this is meaningless, as all Windows clients have version 1 of the election protocol.)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962246">
+</a>The machine with the highest operating system value wins the election.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962247">
+</a>If there is a tie, the machine with the setting of Preferred Master Browser (role 8) wins the election.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962248">
+</a>If there is still a tie, the client who has been online the longest wins the election.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962282">
+</a>And finally, if there is still a tie, the client name that comes first alphabetically wins.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-969905">
+</a>The machine that is the "runner-up" can become a backup browser.</p></li></ol><P CLASS="para">
+As a result, if you want Samba to take the role of a local master browser, but only if there isn't a Windows NT Server (4.0 or 3.51) on the network, you could change the <CODE CLASS="literal">
+os</code> <CODE CLASS="literal">
+level</code> parameter in the previous example to:</p><PRE CLASS="programlisting">
+os level = 31</pre><P CLASS="para">
+This will cause Samba to immediately lose the election to a Windows NT 4.0 or  Windows NT 3.5 Server, both of which have a higher operating systems level. On the other hand, if you wanted to decide the local master browser on the basis of the network role, such as which machine is the primary domain controller, you could set the <CODE CLASS="literal">
+os</code> <CODE CLASS="literal">
+level</code> to match the highest type of operating system on the network and let the election protocol fall down to the next level.</p><P CLASS="para">How can you can tell if a machine is a local master browser? By using the <CODE CLASS="literal">
+nbtstat</code> command. Place the NetBIOS name of the machine you wish to check after the <CODE CLASS="literal">
+-a</code> option:</p><PRE CLASS="programlisting">C:\&gt;<CODE CLASS="userinput"><B> nbtstat -a hydra</b></code>
+
+       NetBIOS Remote Machine Name Table
+
+ Name                            Type         Status
+----------------------------------------------------------
+ HYDRA                     &lt;00&gt;  UNIQUE       Registered
+ HYDRA                     &lt;03&gt;  UNIQUE       Registered
+ HYDRA                     &lt;20&gt;  UNIQUE       Registered
+ ..__MSBROWSE__.           &lt;01&gt;  GROUP        Registered
+ SIMPLE                    &lt;00&gt;  GROUP        Registered
+ SIMPLE                    &lt;1D&gt;  UNIQUE       Registered
+ SIMPLE                    &lt;1E&gt;  GROUP        Registered
+
+ MAC Address = 00-00-00-00-00-00</pre><P CLASS="para">
+The resource entry that you're looking for is the <CODE CLASS="literal">
+..__MSBROWSE__.&lt;01&gt;</code>. This indicates that the server is currently acting as the local master browser for the current subnet. In addition, if the machine is a Samba server, you can check the Samba <I CLASS="filename">
+nmbd</i> log file for an entry such as:</p><PRE CLASS="programlisting">
+nmbd/nmbd_become_lmb.c:become_local_master_stage2(406)
+*****
+Samba name server HYDRA is now a local master browser for
+workgroup SIMPLE on subnet 192.168.220.100
+****</pre><P CLASS="para">
+Finally, Windows NT servers serving as primary domain controllers contain a sneak that allows them to assume the role of the local master browser in certain conditions; this is called the <EM CLASS="emphasis">
+preferred</em> <EM CLASS="emphasis">
+master browser</em> bit. Earlier, we mentioned that Samba could set this bit on itself as well. You can enable it with the <CODE CLASS="literal">
+preferred</code> <CODE CLASS="literal">
+master</code> option:</p><PRE CLASS="programlisting">
+#  Browsing election options
+os level = 33
+local master = yes
+preferred master = yes</pre><P CLASS="para">
+If the preferred master bit is set, the machine will force a browsing election at startup. Of course, this is needed only if you set the <CODE CLASS="literal">
+os</code> <CODE CLASS="literal">
+level</code> option to match the Windows NT machine. We recommend that you don't use this option if another machine also has the role of preferred master, such as an NT server. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-962289">
+5.1.4 Domain Master Browser</a></h3><P CLASS="para">In the opening chapter, we mentioned that in order for a Windows workgroup or domain to extend into multiple subnets, one machine would have to take the role of the <I CLASS="firstterm">
+domain master browser</i>. The domain master browser propagates browse lists across each of the subnets in the workgroup. This works because each local master browser periodically synchronizes its browse list with the domain master browser. During this synchronization, the local master browser passes on any server that the domain master browser does not have in its browse list, and vice versa. In a perfect world, each local master browser would eventually have the browse list for the entire domain.</p><P CLASS="para">
+Unlike the local master browser, there is no election to determine which machine assumes the role of the domain master browser. Instead, the administrator has to set it manually. By Microsoft design, however, the domain master browser and the primary domain controller (PDC) both register a resource type of &lt;1B&gt;, so the roles&nbsp;- and the machines&nbsp;- are inseparable. </p><P CLASS="para">
+If you have a Windows NT server on the network acting as a PDC, we recommend that you do not use Samba to become the domain master browser. The reverse is true as well: if Samba is taking on the responsibilities of a PDC, we recommend making it the domain master browser as well. Although it is possible to split the roles with Samba, this is not a good idea. Using two different machines to serve as the PDC and the domain master browser can cause random errors to occur on a Windows workgroup.</p><P CLASS="para">
+Samba can assume the role of a domain master browser for all subnets in the workgroup with the following option:</p><PRE CLASS="programlisting">
+domain master = yes</pre><P CLASS="para">
+You can verify that a Samba machine is in fact the domain master browser by checking the <EM CLASS="emphasis">
+nmbd</em> log file:</p><PRE CLASS="programlisting">
+nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118)
+*****
+Samba name server HYDRA is now a domain master browser for
+workgroup SIMPLE on subnet 192.168.220.100
+*****</pre><P CLASS="para">
+Or you can use the <CODE CLASS="literal">nmblookup</code> command that comes with the Samba distribution to query for a unique &lt;1B&gt; resource type in the workgroup:</p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>nmblookup SIMPLE#1B</b></code>
+Sending queries to 192.168.220.255
+192.168.220.100 SIMPLE&lt;1b&gt;</pre><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-963109">
+5.1.4.1 Multiple subnets</a></h4><P CLASS="para">There are three rules that you must remember when creating a workgroup/domain that spans more than one subnet:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962339">
+</a>You must have either a Windows NT or Samba machine acting as a local master browser on each subnet in the workgroup/domain. (If you have a domain master browser in a subnet, a local master browser is not needed.)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962340">
+</a>You must have a Windows NT Server or a Samba machine acting as a domain master browser somewhere in the workgroup.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-962343">
+</a>Each local master browser must be instructed to synchronize with the domain master browser.</p></li></ul><P CLASS="para">
+Samba has a few other features in this arena in the event that you don't have or want a domain master browser on your network. Consider the subnets shown in <A CLASS="xref" HREF="ch05_01.html#ch05-15706">
+Figure 5.1</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-15706">
+Figure 5.1: Multiple subnets with Samba servers</a></h4><IMG CLASS="graphic" SRC="figs/sam.0501.gif" ALT="Figure 5.1"><P CLASS="para">
+First, a Samba server that is a local master browser can use the <CODE CLASS="literal">
+remote</code> <CODE CLASS="literal">
+announce</code> configuration option to make sure that computers in different subnets are sent broadcast announcements about the server. This has the effect of ensuring that the Samba server appears in the browse lists of foreign subnets. To achieve this, however, the directed broadcasts must reach the local master browser on the other subnet. Be aware that many routers do not allow directed broadcasts by default; you may have to change this setting on the router for the directed broadcasts to get through to its subnet.</p><P CLASS="para">
+With the <CODE CLASS="literal">
+remote</code> <CODE CLASS="literal">
+announce</code> option, list the subnets and the workgroup that should receive the broadcast. For example, to ensure that machines in the 192.168.221 and 192.168.222 subnets and SIMPLE workgroup are sent broadcast information from our Samba server, we could specify the following:</p><PRE CLASS="programlisting">
+#  Browsing election options
+os level = 34
+local master = yes
+remote announce = 192.168.221.255/SIMPLE \
+	192.168.222.255/SIMPLE</pre><P CLASS="para">
+In addition, you are allowed to specify the exact address to send broadcasts to if the local master browser on the foreign subnet is guaranteed to always have a fixed IP address.</p><P CLASS="para">
+A Samba local master browser can synchronize its browse list directly with another Samba server acting as a local master browser on a different subnet. For example, let's assume that Samba is configured as a local master browser, and Samba local master browsers exist at 192.168.221.130 and 192.168.222.120. We can use the <CODE CLASS="literal">
+remote</code> <CODE CLASS="literal">
+browse</code> <CODE CLASS="literal">
+sync</code> option to sync directly with the Samba servers, as follows:</p><PRE CLASS="programlisting">
+#  Browsing election options
+os level = 34
+local master = yes
+remote browse sync = 192.168.221.130 192.168.222.120</pre><P CLASS="para">
+In order for this to work, the other Samba machines must also be local master browsers. You can also use directed broadcasts with this option if you do not know specific IP addresses of local master browsers. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-969941">
+5.1.5 Browsing Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch05_01.html#ch05-81028">Table 5.3</a> shows 14 options that define how Samba handles browsing tasks. We recommend the defaults for a site that prefers to be easy on its users with respect to locating shares and printers. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-81028">
+Table 5.3: Browsing Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+announce as</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+NT</code> or <CODE CLASS="literal">
+Win95</code> or <CODE CLASS="literal">
+WfW</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the operating system that Samba will announce itself as.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+NT</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+announce version</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the version of the operating system that Samba will announce itself as.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+4.2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+browseable (browsable)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows share to be displayed in list of machine resources.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+browse list</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba will provide a browse list on this server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+auto services (preload)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (share list)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a list of shares that will always appear in the browse list.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+default service (default)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (share name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Names a share (service) that will be provided if the client requests a share not listed in <EM CLASS="emphasis">
+smb.conf.</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+local master</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba will try to become a master browser on the local subnet.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lm announce</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code> or <CODE CLASS="literal">
+no</code> or <CODE CLASS="literal">
+auto</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Enables or disables LAN Manager style host announcements.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+auto</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lm interval</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the frequency in seconds that LAN Manager announcements will be made if activated.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+60</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+preferred master (prefered master)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba will use the preferred master browser bit to attempt to become the local master browser.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+domain master</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba will try to become the main browser master for the workgroup.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+os level</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the operating system level of Samba in an election for local master browser.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+remote browse sync</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of IP addresses)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Lists Samba servers to synchronize browse lists with.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+remote announce</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (IP address/ workgroup pairs)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Lists subnets and workgroups to send directed broadcast packets to, allowing Samba to appear to browse lists.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959886">
+5.1.5.1 announce as</a></h4><P CLASS="para">
+This global configuration option specifies the type of operating system that Samba will announce to other machines on the network. The default value for this option is <CODE CLASS="literal">
+NT</code>, which represents a Windows NT operating system. Other possible values are <CODE CLASS="literal">
+Win95</code>, which represents a Windows 95 operating system, and <CODE CLASS="literal">
+WfW</code> for a Windows for Workgroup operating system. You can override the default value with the following:</p><PRE CLASS="programlisting">
+[global]
+	announce as = Win95</pre><P CLASS="para">
+We recommend against changing the default value of this configuration option.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959896">
+5.1.5.2 announce version</a></h4><P CLASS="para">
+This global option is frequently used with the <CODE CLASS="literal">
+announce</code> <CODE CLASS="literal">
+as</code> configuration option; it specifies the version of the operating system that Samba will announce to other machines on the network. The default value of this options is 4.2, which places itself above the current Windows NT version of 4.0. You can specify a new value with a global entry such as the following:</p><PRE CLASS="programlisting">
+[global]
+	announce version = 4.3</pre><P CLASS="para">
+We recommend against changing the default value of this configuration option.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-38345">
+5.1.5.3 browseable</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+browseable</code> option (also spelled <CODE CLASS="literal">
+browsable</code>) indicates whether the share referenced should appear in the list of available resources of the machine on which it resides. This option is always set to <CODE CLASS="literal">
+yes</code> by default. If you wish to prevent the share from being seen in a client's browser, you can reset this option to <CODE CLASS="literal">
+no</code>.</p><P CLASS="para">
+Note that this does not prevent someone from accessing the share using other means, such as specifying a UNC location (<CODE CLASS="literal">//server/accounting)</code> in Windows Explorer. It only prevents the share from being listed under the machine's resources when being browsed.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959474">
+5.1.5.4 browse list</a></h4><P CLASS="para">You should never need to change this parameter from its default value of <CODE CLASS="literal">
+yes</code>. If your Samba server is acting as a local master browser (i.e., it has won the browsing election), you can use the global <CODE CLASS="literal">
+browse</code> <CODE CLASS="literal">
+list</code> option to instruct Samba to provide or withhold its browse list to all clients. By default, Samba always provides a browse list. You can withhold this information by specifying the following:</p><PRE CLASS="programlisting">
+[global]
+	browse list = no</pre><P CLASS="para">
+If you disable the browse list, clients cannot browse the names of other machines, their services, and other domains currently available on the network. Note that this won't make any particular machine inaccessible; if someone knows a valid machine name/address and a share on that machine, they can still connect to it explicitly using NET USE or by mapping a drive letter to it using Windows Explorer. It simply prevents information in the browse list from being retrieved by any client that requests it.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957885">
+5.1.5.5 auto services</a></h4><P CLASS="para">
+The global <CODE CLASS="literal">
+auto</code> <CODE CLASS="literal">
+services</code> option, which is also called <CODE CLASS="literal">
+preload</code>, ensures that the specified shares are always visible in the browse list. One common use for this option is to advertise specific user or printer shares that are created by the <CODE CLASS="literal">
+[homes]</code> or <CODE CLASS="literal">
+[printers]</code> shares, but are not otherwise browsable.</p><P CLASS="para">
+This option works best with disk shares. If you wish to force each of your system printers (i.e., those listed in the printer capabilities file) into the browse list using this option, we recommend using the <CODE CLASS="literal">
+load</code> <CODE CLASS="literal">
+printers</code> option instead. Any shares listed with the <CODE CLASS="literal">
+auto</code> <CODE CLASS="literal">
+services</code> option will not be displayed if the <CODE CLASS="literal">
+browse</code> <CODE CLASS="literal">
+list</code> option is set to <CODE CLASS="literal">
+no</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-962615">
+5.1.5.6 default service</a></h4><P CLASS="para">
+The global <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+service</code> option (sometimes called <CODE CLASS="literal">
+default</code>) names a "last-ditch" share. If set to an existing share name, and a client requests a nonexistent disk or printer share, Samba will attempt to connect the user to the share specified by this option instead. The option is specified as follows:</p><PRE CLASS="programlisting">
+default service = helpshare</pre><P CLASS="para">
+Note that there are no braces surrounding the share name <CODE CLASS="literal">
+helpshare</code>, even though the definition of the share later in the Samba configuration file will have braces. Also, if you use the <CODE CLASS="literal">
+%S</code> variable in the share specified by this option, it will represent the requested, nonexistent share, not the default service. Any underscores (<CODE CLASS="literal">_</code>) specified in the request share will be converted to slashes (<CODE CLASS="literal">/</code>) when the variable is used.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957903">
+5.1.5.7 local master</a></h4><P CLASS="para">This global option specifies whether Samba will attempt to become the local master browser for the subnet when it starts up. If this option is set to <CODE CLASS="literal">
+yes</code>, Samba will take place in elections. However, setting this option by itself does not guarantee victory. (Other parameters, such as <CODE CLASS="literal">
+preferred</code> <CODE CLASS="literal">
+master</code> and <CODE CLASS="literal">
+os</code> <CODE CLASS="literal">
+level</code> help Samba win browsing elections.) If this option is set to <CODE CLASS="literal">
+no</code>, Samba will lose all browsing elections, no matter which values are specified by the other configuration options. The default value is <CODE CLASS="literal">
+yes</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957907">
+5.1.5.8 lm announce</a></h4><P CLASS="para">
+The global <CODE CLASS="literal">
+lm</code> <CODE CLASS="literal">
+announce</code> option tells Samba's <EM CLASS="emphasis">
+nmbd</em> whether or not to send LAN Manager host announcements on behalf of the server. These host announcements may be required by older clients, such as IBM's OS/2 operating system. This announcement allows the server to be added to the browse lists of the client. If activated, Samba will announce itself repetitively at the number of seconds specified by the <CODE CLASS="literal">
+lm</code> <CODE CLASS="literal">
+interval</code> option.</p><P CLASS="para">
+This configuration option takes the standard boolean values, <CODE CLASS="literal">
+yes</code> and <CODE CLASS="literal">
+no</code>, which engage or disengage LAN Manager announcements, respectively. In addition, there is a third option, <CODE CLASS="literal">
+auto</code>, which causes <EM CLASS="emphasis">
+nmbd</em> to passively listen for LAN Manager announcements, but not send any of its own initially. If LAN Manager announcements are detected for another machine on the network, <EM CLASS="emphasis">
+nmbd</em> will start sending its own LAN Manager announcements to ensure that it is visible. You can specify the option as follows:</p><PRE CLASS="programlisting">
+[global]
+	lm announce = yes</pre><P CLASS="para">
+The default value is <CODE CLASS="literal">
+auto</code>. You probably won't need to change this value from its default.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959967">
+5.1.5.9 lm interval</a></h4><P CLASS="para">
+This option, which is used in conjunction with <CODE CLASS="literal">
+lm</code> <CODE CLASS="literal">
+announce</code>, indicates the number of seconds <EM CLASS="emphasis">
+nmbd</em> will wait before repeatedly broadcasting LAN Manager-style announcements. Remember that LAN Manager announcements must be activated in order for this option to be used. The default value is 60 seconds. If you set this value to 0, Samba will not send any LAN Manager host announcements, no matter what the value of the <CODE CLASS="literal">
+lm</code> <CODE CLASS="literal">
+announce</code> option. You can reset the value of this option as follows:</p><PRE CLASS="programlisting">
+[global]
+	lm interval = 90</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959947">
+5.1.5.10 preferred master</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+preferred</code> <CODE CLASS="literal">
+master</code> option requests that Samba set the preferred master bit when participating in an election. This gives the server a higher preferred status in the workgroup than other machines at the same operating system level. If you are configuring your Samba machine to become the local master browser, it is wise to set the following value:</p><PRE CLASS="programlisting">
+[global]
+	preferred master = yes</pre><P CLASS="para">
+Otherwise, you should leave it set to its default, <CODE CLASS="literal">
+no</code>. If Samba is configured as a preferred master browser, it will force an election when it first comes online.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957912">
+5.1.5.11 os level</a></h4><P CLASS="para">
+The global <CODE CLASS="literal">
+os</code> <CODE CLASS="literal">
+level</code> option dictates the operating system level at which Samba will masquerade during a browser election. If you wish to have Samba win an election and become the master browser, you can set the level above that of the operating system on your network with the highest current value. The values are shown in Table 5-1. The default level is 0, which means that Samba will lose all elections. If you wish Samba to win all elections, you can reset its value as follows:</p><PRE CLASS="programlisting">
+os level = 34</pre><P CLASS="para">
+This means that the server will vote for itself 34 times each time an election is called, which ensures a victory.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957960">
+5.1.5.12 domain master</a></h4><P CLASS="para">
+If Samba is the primary domain controller for your workgroup or NT domain, it should also be the  domain master browser. The domain master browser is a special machine that has the NetBIOS resource type &lt;1B&gt; and is used to propagate browse lists to and from each of the local master browsers in individual subnets across the domain. To force Samba to become the domain master browser, set the following in the <CODE CLASS="literal">
+[global]</code> section of the <I CLASS="filename">
+smb.conf</i>:</p><PRE CLASS="programlisting">
+[global]
+	domain master = yes</pre><P CLASS="para">
+If you have a Windows NT server on the network acting as a primary domain controller (PDC), we recommend that you do not use Samba to become the domain master browser. The reverse is true as well: if Samba is taking on the responsibilities of a PDC, we recommend making it the domain master browser. Splitting the PDC and the domain master browser will cause unpredictable errors to occur on the network.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957965">
+5.1.5.13 remote browse sync</a></h4><P CLASS="para">
+The global <CODE CLASS="literal">
+remote</code> <CODE CLASS="literal">
+browse</code> <CODE CLASS="literal">
+sync</code> option specifies that Samba should synchronize its browse lists with local master browsers in other subnets. However, the synchronization can occur only with other Samba servers, and not with Windows computers. For example, if your Samba server was a master browser on the subnet 192.168.235, and Samba local master browsers existed on other subnets at 192.168.234.92 and 192.168.236.2, you could specify the following:</p><PRE CLASS="programlisting">
+remote browse sync = 192.168.234.92 192.168.236.2 </pre><P CLASS="para">
+The Samba server would then directly contact the other machines on the address list and synchronize browse lists. You can also say:</p><PRE CLASS="programlisting">
+remote browse sync = 192.168.234.255 192.168.236.255</pre><P CLASS="para">
+This forces Samba to broadcast queries to determine the IP addresses of the local master browser on each subnet, with which it will then synchronize browse lists. This only works, however, if your router doesn't block directed broadcast requests ending in 255.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-957971">
+5.1.5.14 remote announce</a></h4><P CLASS="para">
+Samba servers are capable of providing browse lists to foreign subnets with the <CODE CLASS="literal">
+remote</code> <CODE CLASS="literal">
+announce</code> option. This is typically sent to the local master browser of the foreign subnet in question. However, if you do not know the address of the local master browser, you can do the following:</p><PRE CLASS="programlisting">
+[global]
+    remote announce = 192.168.234.255/ACCOUNTING \       
+						192.168.236.255/ACCOUNTING</pre><P CLASS="para">
+With this, Samba will broadcast host announcements to all machines on subnets 192.168.234 and 192.168.236, which will hopefully reach the local master browser of the subnet. You can also specify exact IP addresses, if they are known.</p></div></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch04_08.html" TITLE="4.8 Logging Configuration Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 4.8 Logging Configuration Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_02.html" TITLE="5.2 Filesystem Differences">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.2 Filesystem Differences" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+4.8 Logging Configuration Options</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+5.2 Filesystem Differences</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch05_02.html b/docs/htmldocs/using_samba/ch05_02.html
new file mode 100755
index 00000000000..462e23f3c09
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch05_02.html
@@ -0,0 +1,429 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 5] 5.2 Filesystem Differences</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:56Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_01.html" TITLE="5.1 Browsing">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.1 Browsing" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch05_01.html" TITLE="5. Browsing and Advanced Disk Shares ">
+Chapter 5<br>
+Browsing and Advanced Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_03.html" TITLE="5.3 File Permissions and Attributes on MS-DOS and Unix">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.3 File Permissions and Attributes on MS-DOS and Unix" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch05-34221">
+5.2 Filesystem Differences</a></h2><P CLASS="para">One of the biggest issues for which Samba has to correct is the difference between Unix and non-Unix filesystems. This includes items such as handling symbolic links, hidden files, and dot files. In addition, file permissions can also be a headache if not accounted for properly. This section describes how to use Samba to make up for some of those annoying differences, and even how to add some new functionality of its own.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-963262">
+5.2.1 Hiding and Vetoing Files</a></h3><P CLASS="para">There are some cases when we need to ensure that a user cannot see or access a file at all. Other times, we don't want to keep a user from accessing a file&nbsp;- we just want to hide it when they view the contents of the directory. On Windows systems, an attribute of files allows them to be hidden from a folder listing. With Unix, the traditional way of hiding files in a directory is to precede them with a dot (.). This prevents items such as configuration files or defaults from being seen when performing an ordinary <CODE CLASS="literal">
+ls</code> command. Keeping a user from accessing a file at all, however, involves working with permissions on files and or directories.</p><P CLASS="para">
+The first option we should discuss is the boolean <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+dot</code> <CODE CLASS="literal">
+files</code>. This option does exactly what it says. When set to <CODE CLASS="literal">
+yes</code>, the option treats files beginning with a period (.) as hidden. If set to <CODE CLASS="literal">
+no</code>, those files are always shown. The important thing to remember is that the files are only hidden. If the user has chosen to show all hidden files while browsing (e.g., using the Folder Options menu item under the View menu in Windows 98), they will still be able to see the files, as shown in <A CLASS="xref" HREF="ch05_02.html#ch05-77260">
+Figure 5.2</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-77260">
+Figure 5.2: Hidden files in the [data] share</a></h4><IMG CLASS="graphic" SRC="figs/sam.0502.gif" ALT="Figure 5.2"><P CLASS="para">
+Instead of simply hiding files beginning with a dot, you can also specify a string pattern to Samba for files to hide, using the <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code> option. For example, let's assume that we specified the following in our example <CODE CLASS="literal">
+[data]</code> share:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	hide files = /*.java/*README*/</pre><P CLASS="para">
+Each entry for this option must begin, end, or be separated from another with a slash (/) character, even if there is only one pattern listed. This convention allows spaces to appear in filenames. In this example, the share directory would appear as shown in <A CLASS="xref" HREF="ch05_02.html#ch05-19743">
+Figure 5.3</a>. Again, note that we have set the Windows 98 option to view hidden files for the window. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-19743">
+Figure 5.3: Hiding files based on filename patterns</a></h4><IMG CLASS="graphic" SRC="figs/sam.0503.gif" ALT="Figure 5.3"><P CLASS="para">If we want to prevent users from seeing files at all, we can instead use the <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+files</code> option. This option, which takes the same syntax as the <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code> option, specifies a list of files that should never be seen by the user. For example, let's change the <CODE CLASS="literal">
+[data]</code> share to the following:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	veto files = /*.java/*README*/</pre><P CLASS="para">
+The syntax of this option is identical to the <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code> configuration option: each entry must begin, end, or be separated from another with a slash (<CODE CLASS="literal">/</code>) character, even if there is only one pattern listed. By doing so, the files <CODE CLASS="literal">
+hello.java</code> and <CODE CLASS="literal">
+README</code> will simply disappear from the directory, and the user will not be able to access them through SMB. </p><P CLASS="para">
+There is one other question that we need to address. What happens if the user tries to delete a directory that contains vetoed files? This is where the <CODE CLASS="literal">
+delete</code> <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+files</code> option comes in. If this boolean option is set to <CODE CLASS="literal">
+yes</code>, the user is allowed to delete both the regular files and the vetoed files in the directory, and the directory itself will be removed. If the option is set to <CODE CLASS="literal">
+no</code>, the user will not be able to delete the vetoed files, and consequently the directory will not be deleted either. From the user's perspective, the directory will appear to be empty, but cannot be removed.</p><P CLASS="para">
+The <CODE CLASS="literal">
+dont</code> <CODE CLASS="literal">
+descend</code> directive specifies a list of directories whose contents Samba should not allow to be visible. Note that we say <EM CLASS="emphasis">
+contents</em>, not the directory itself. Users will be able to enter a directory marked as such, but they are prohibited from descending the directory tree any farther&nbsp;- they will always see an empty folder. For example, let's use this option with a more basic form of the share that we defined earlier in the chapter:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	dont descend = config defaults</pre><P CLASS="para">
+In addition, let's assume that the <I CLASS="filename">
+/home/samba/data</i> directory has the following contents:</p><PRE CLASS="programlisting">
+drwxr-xr-x   6 tom      users     1024 Jun 13 09:24 .
+drwxr-xr-x   8 root     root      1024 Jun 10 17:53 ..
+-rw-r--r--   2 tom      users     1024 Jun  9 11:43 README
+drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 config
+drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 defaults
+drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 market</pre><P CLASS="para">
+If the user then connects to the share, he or she would see the directories shown in <A CLASS="xref" HREF="ch05_02.html#ch05-62659">
+Figure 5.4</a>. However, the contents of the <I CLASS="filename">
+/config</i> and <I CLASS="filename">
+/defaults</i> directories would appear empty to the user, even if other folders or files existed in them. In addition, users cannot write any data to the folder (which prevents them from creating a file or folder with the same name as one that is already there but invisible). If a user attempts to do so, he or she will receive an "Access Denied" message. <CODE CLASS="literal">
+dont</code> <CODE CLASS="literal">
+descend</code> is an administrative option, not a security option, and is not a substitute for good file permissions.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-62659">
+Figure 5.4: Contents of the [data] share with dont descend </a></h4><IMG CLASS="graphic" SRC="figs/sam.0504.gif" ALT="Figure 5.4"></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-963441">
+5.2.2 Links</a></h3><P CLASS="para">DOS and NT filesystems don't have symbolic links; Windows 95/98/NT systems approximate this with "shortcuts" instead. Therefore, when a client tries to open a symbolic link on a Samba server share, Samba attempts to follow the link to find the real file and let the client open it, as if he or she were on a Unix machine. If you don't want to allow this, set the <CODE CLASS="literal">
+follow</code> <CODE CLASS="literal">
+symlinks</code> option:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	follow symlinks = no</pre><P CLASS="para">
+You can test this by creating a directory on the Unix server inside the share as the user that you are logging in with. Enter the following commands:</p><PRE CLASS="programlisting">
+% <CODE CLASS="userinput"><B>mkdir hello; cd hello</b></code>
+% <CODE CLASS="userinput"><B>cat &quot;This is a test&quot; &gt;hello.txt</b></code>
+% <CODE CLASS="userinput"><B>ln -s hello.txt &quot;Link to hello&quot;</b></code></pre><P CLASS="para">
+This results in the two files shown in the window in <A CLASS="xref" HREF="ch05_02.html#ch05-36377">
+Figure 5.5</a>. Normally, if you click on either one, you will receive a file which has the text "This is a test" inside of it. However, with the <CODE CLASS="literal">
+follow</code> <CODE CLASS="literal">
+symlinks</code> option set to <CODE CLASS="literal">
+no</code>, you should receive an error similar to the dialog in <A CLASS="xref" HREF="ch05_02.html#ch05-36377">
+Figure 5.5</a> if you click on "Link to hello."  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-36377">
+Figure 5.5: An error dialog trying to follow symbolic links when forbidden by Samba</a></h4><IMG CLASS="graphic" SRC="figs/sam.0505.gif" ALT="Figure 5.5"><P CLASS="para">
+Finally, let's discuss the <CODE CLASS="literal">
+wide</code> <CODE CLASS="literal">
+links</code> option. This option, if set to <CODE CLASS="literal">
+yes</code>, allows the client user to follow symbolic links that point outside the shared directory tree, including files or directories at the other end of the link. For example, let's assume that we modified the <CODE CLASS="literal">
+[data]</code> share as follows:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	follow symlinks = yes
+	wide links = yes</pre><P CLASS="para">
+As long as the <CODE CLASS="literal">
+follow</code> <CODE CLASS="literal">
+symlinks</code> option is enabled, this will cause Samba to follow all symbolic links outside the current share tree. If we create a file outside the share (for example, in someone's home directory) and then create a link to it in the share as follows:</p><PRE CLASS="programlisting">
+ln -s ~tom/datafile ./datafile</pre><P CLASS="para">
+then you will be able to open the file in Tom's directory as per the target file's permissions.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-963127">
+5.2.3 Filesystem Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch05_02.html#ch05-48353">Table 5.4</a> shows a breakdown of the options we discussed earlier. We recommend the defaults for most, except those listed in the following descriptions. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-48353">
+Table 5.4: Filesystem Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+unix realname</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Provides Unix user's full name to client.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+dont descend</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of directories)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates a list of directories whose contents Samba should make invisible to clients.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+follow symlinks</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+no</code>, Samba will not honor symbolic links.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+getwd cache</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, Samba will use a cache for <CODE CLASS="literal">
+getwd()</code> calls.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+wide links</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, Samba will follow symbolic links outside the share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+hide dot files</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, treats Unix hidden files as hidden files in Windows.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+hide files</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of files)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+List of file patterns to treat as hidden.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+veto files</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of files)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+List of file patterns to never show.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+delete veto files</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, will delete files matched by <CODE CLASS="literal">
+veto files</code> when the directory they reside in is deleted.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958657">
+5.2.3.1 unix realname</a></h4><P CLASS="para">
+Some programs require a full username in order to operate. For example, a Windows email program often needs to associate a username with a given real name. If your system password file contains the real names of users in the GCOS field, the <CODE CLASS="literal">
+unix</code> <CODE CLASS="literal">
+realname</code> option instructs Samba to provide this information to clients. Without it, the name of the user will simply be his or her login ID. For example, if your Unix password file contains the following line:</p><PRE CLASS="programlisting">
+rcollins:/KaBfco47Rer5:500:500:Robert Collins:
+/home/rcollins:/bin/ksh</pre><P CLASS="para">
+And the option in the configuration file is:</p><PRE CLASS="programlisting">
+[global]
+	unix realname = yes</pre><P CLASS="para">
+then the name Robert Collins will be provided to any client that requests the real name of user <CODE CLASS="literal">
+rcollins</code>. You typically don't need to bother with this option.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958929">
+5.2.3.2 dont descend</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+dont</code> <CODE CLASS="literal">
+descend</code> option can be used to specify various directories that should appear empty to the client. Note that the directory itself will still appear. However, Samba will not show any of the contents of the directory to the client user. This is not a good option to use as a security feature (a user could probably find a way around it); it really is meant only as a convenience to keep client users from browsing into directories that might have sensitive files. See our example earlier in this section.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958663">
+5.2.3.3 follow symlinks</a></h4><P CLASS="para">This option, which is discussed in greater detail earlier, controls whether Samba will follow a symbolic link in the Unix operating system to the target, or if it should return an error to the client user. If the option is set to <CODE CLASS="literal">
+yes</code>, the target of the link will be interpreted as the file.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-963512">
+5.2.3.4 getwd cache</a></h4><P CLASS="para">
+This global option specifies whether Samba should use a local cache for the Unix <CODE CLASS="literal">
+getwd()</code> (get current working directory) system call. You can override the default value of <CODE CLASS="literal">
+yes</code> as follows:</p><PRE CLASS="programlisting">
+[global]
+	getwd cache = no</pre><P CLASS="para">
+Setting this option to <CODE CLASS="literal">
+yes</code> can significantly increase the time it takes to resolve the working directory, especially if the <CODE CLASS="literal">
+wide</code> <CODE CLASS="literal">
+links</code> option is set to <CODE CLASS="literal">
+no</code>. You should normally not need to alter this option.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-960186">
+5.2.3.5 wide links</a></h4><P CLASS="para">
+This option specifies whether the client user can follow symbolic links that point outside the shared directory tree. This includes any files or directories at the other end of the link, as long as the permissions are correct for the user. The default value for this option is <CODE CLASS="literal">
+yes</code>. Note that this option will not be honored if the <CODE CLASS="literal">
+follow</code> <CODE CLASS="literal">
+symlinks</code> options is set to <CODE CLASS="literal">
+no</code>. Setting this option to <CODE CLASS="literal">
+no</code> slows <EM CLASS="emphasis">
+smbd</em> considerably.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958655">
+5.2.3.6 hide files</a></h4><P CLASS="para">The <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code> option provides one or more directory or filename patterns to Samba. Any file matching this pattern will be treated as a hidden file from the perspective of the client. Note that this simply means that the DOS hidden attribute is set, which may or may not mean that the user can actually see it while browsing.</p><P CLASS="para">
+Each entry in the list must begin, end, or be separated from another entry with a slash (<CODE CLASS="literal">/</code>) character, even if there is only one pattern listed. This allows spaces to appear in the list. Asterisks can be used as a wildcard to represent zero or more characters. Questions marks can be used to represent exactly one character. For example:</p><PRE CLASS="programlisting">
+hide files = /.jav*/README.???/</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-963549">
+5.2.3.7 hide dot files</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+dot</code> <CODE CLASS="literal">
+files</code> option hides any files on the server that begin with a dot (.) character, in order to mimic the functionality behind several shell commands that are present on Unix systems. Like <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code>, those files that begin with a dot have the DOS hidden attribute set, which doesn't necessarily guarantee that a client cannot view them. The default value for this option is <CODE CLASS="literal">
+yes</code>. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-963556">
+5.2.3.8 veto files</a></h4><P CLASS="para">
+More stringent than the hidden files state is the state provided by the <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+files</code> configuration option. Samba won't even admit these files exist. You cannot list or open them from the client. In reality, this isn't a trustworthy security option. It is actually a mechanism to keep PC programs from deleting special files, such as ones used to store the resource fork of a Macintosh file on a Unix filesystem. If both Windows and Macs are sharing the same files, this can prevent ill-advised power users from removing files the Mac users need.</p><P CLASS="para">
+The syntax of this option is identical to that of the <CODE CLASS="literal">
+hide</code> <CODE CLASS="literal">
+files</code> configuration option: each entry must begin, end, or be separated from another with a slash (/) character, even if only one pattern is listed. Asterisks can be used as a wildcard to represent zero or more characters. Questions marks can be used to represent exactly one character. For example:</p><PRE CLASS="programlisting">
+veto files = /*config/*default?/</pre><P CLASS="para">
+This option is primarily administrative&nbsp;- not a substitute for good file permissions.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958851">
+5.2.3.9 delete veto files</a></h4><P CLASS="para">This option tells Samba to delete vetoed files when a user attempts to delete the directory in which they reside. The default value is <CODE CLASS="literal">
+no</code>. This means if a user tries to delete a directory that contains a vetoed file, the file (and the directory) will not be deleted. Instead, the directory will remain and appear to be empty from the perspective of the user. If set to <CODE CLASS="literal">
+yes</code>, the directory and the vetoed files will be deleted.</p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_01.html" TITLE="5.1 Browsing">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.1 Browsing" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_03.html" TITLE="5.3 File Permissions and Attributes on MS-DOS and Unix">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.3 File Permissions and Attributes on MS-DOS and Unix" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+5.1 Browsing</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+5.3 File Permissions and Attributes on MS-DOS and Unix</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch05_03.html b/docs/htmldocs/using_samba/ch05_03.html
new file mode 100755
index 00000000000..aaa5648c6cb
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch05_03.html
@@ -0,0 +1,426 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 5] 5.3 File Permissions and Attributes on MS-DOS and Unix</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:32:58Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_02.html" TITLE="5.2 Filesystem Differences">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.2 Filesystem Differences" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch05_01.html" TITLE="5. Browsing and Advanced Disk Shares ">
+Chapter 5<br>
+Browsing and Advanced Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_04.html" TITLE="5.4 Name Mangling and Case">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.4 Name Mangling and Case" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch05-34062">
+5.3 File Permissions and Attributes on MS-DOS and Unix</a></h2><P CLASS="para">DOS was never intended to be a multiuser, networked operating system. Unix, on the other hand, was designed that way from the start. Consequently, there are inconsistencies and gaps in coverage between the two filesystems that Samba must not only be aware of, but also provide solutions for. One of the biggest gaps is how Unix and DOS handle permissions with files.</p><P CLASS="para">
+Let's take a look at how Unix assigns permissions. All Unix files have read, write, and execute bits for three classifications of users: owner, group, and world. These permissions can be seen at the extreme left-hand side when a <CODE CLASS="literal">
+ls</code> <CODE CLASS="literal">
+-al</code> command is issued in a Unix directory. For example:</p><PRE CLASS="programlisting">
+-rwxr--r--   1 tom     users   2014 Apr 13 14:11 access.conf     </pre><P CLASS="para">
+Windows, on the other hand, has four principal bits that it uses with any file: read-only, system, hidden, and archive. You can view these bits by right-clicking on the file and choosing the Properties menu item. You should see a dialog similar to <A CLASS="xref" HREF="ch05_03.html#ch05-76568">
+Figure 5.6</a>.[<A CLASS="footnote" HREF="#ch05-pgfId-964268">1</a>] </p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch05-pgfId-964268">[1]</a> The system checkbox will probably be greyed for your file. Don't worry about that&nbsp;- you should still be able to see when the box is checked and when it isn't.</p></div></blockquote><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-76568">
+Figure 5.6: DOS and Windows file properties</a></h4><IMG CLASS="graphic" SRC="figs/sam.0506.gif" ALT="Figure 5.6"><P CLASS="para">
+The definition of each of those bits follows:</p><DL CLASS="variablelist">
+<DT CLASS="term">Read-only</dt><DD CLASS="listitem">
+<P CLASS="para">
+The file's contents can be read by a user but cannot be written to. </p></dd><DT CLASS="term">System</dt><DD CLASS="listitem">
+<P CLASS="para">
+This file has a specific purpose required by the operating system.</p></dd><DT CLASS="term">Hidden</dt><DD CLASS="listitem">
+<P CLASS="para">
+This file has been marked to be invisible to the user, unless the operating systems is explicitly set to show it.</p></dd><DT CLASS="term">Archive</dt><DD CLASS="listitem">
+<P CLASS="para">
+This file has been touched since the last DOS backup was performed on it.</p></dd></dl><P CLASS="para">
+Note that there is no bit to specify that a file is executable. DOS and Windows NT filesystems identify executable files by giving them the extensions .EXE, .COM, .CMD, or .BAT.</p><P CLASS="para">
+Consequently, there is no use for any of the three Unix executable bits that are present on a file in a Samba disk share. DOS files, however, have their own attributes that need to be preserved when they are stored in a Unix environment: the archive, system, and hidden bits. Samba can preserve these bits by reusing the executable permission bits of the file on the Unix side&nbsp;- if it is instructed to do so. Mapping these bits, however, has an unfortunate side-effect: if a Windows user stores a file in a Samba share, and you view it on Unix with the <CODE CLASS="literal">
+ls</code> <CODE CLASS="literal">
+-al</code> command, some of the executable bits won't mean what you'd expect them to.</p><P CLASS="para">
+Three Samba options decide whether the bits are mapped: <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+archive</code>, <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+system</code>, and <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+hidden</code>. These options map the archive, system, and hidden attributes to the owner, group, and world execute bits of the file, respectively. You can add these options to the <CODE CLASS="literal">
+[data]</code> share, setting each of their values as follows:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	map archive = yes
+	map system = yes
+	map hidden = yes</pre><P CLASS="para">
+After that, try creating a file in the share under Unix&nbsp;- such as <CODE CLASS="literal">
+hello.java</code>&nbsp;- and change the permissions of the file to 755. With these Samba options set, you should be able to check the permissions on the Windows side and see that each of the three values has been checked in the Properties dialog box. What about the read-only attribute? By default, Samba 2.0 sets this whenever a file does not have the Unix owner write permission bit set. In other words, you can set this bit by changing the permissions of the file to 555.</p><P CLASS="para">
+We should warn you that the default value of the <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+archive</code> option is <CODE CLASS="literal">
+yes</code>, while the other two options have a default value of <CODE CLASS="literal">
+no</code>. This is because many programs do not work properly if the archive bit is not stored correctly for DOS and Windows files. The system and hidden attributes, however, are not critical for a program's operation and are left to the discretion of the administrator.</p><P CLASS="para">
+<A CLASS="xref" HREF="ch05_03.html#ch05-56404">
+Figure 5.7</a> summarizes the Unix permission bits and illustrates how Samba maps those bits to DOS attributes. Note that the group read/write and world read/write bits do not directly translate to a DOS attribute, but they still retain their original Unix definitions on the Samba server. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-56404">
+Figure 5.7: How Samba and Unix view the permissions of a file</a></h4><IMG CLASS="graphic" SRC="figs/sam.0507.gif" ALT="Figure 5.7"><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-964095">
+5.3.1 Creation masks</a></h3><P CLASS="para">
+Samba has several options to help with file creation masks. File creation masks (or <I CLASS="firstterm">
+umasks</i>) help to define the permissions a file or directory will receive at the time it is created. In Unix, this means that you can control what permissions a file or directory does not have when it is created. For files accessed from Windows, this means you can disable the read-only, archive, system, and hidden attributes of a file as well.</p><P CLASS="para">
+For example, the <CODE CLASS="literal">
+create</code> <CODE CLASS="literal">
+mask</code> option will force the permissions of a file created by a Windows client to be at most 744:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	create mask = 744</pre><P CLASS="para">
+while the <CODE CLASS="literal">
+directory</code> <CODE CLASS="literal">
+mask</code> option shown here will force the permissions of a newly created directory to be at most 755:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	directory mask = 755</pre><P CLASS="para">
+Alternatively, you can also force various bits with the <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+create</code> <CODE CLASS="literal">
+mode</code> and <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+directory</code> <CODE CLASS="literal">
+mode</code> options. These options will perform a logical OR against the file and directory creation masks, ensuring that those bits that are specified will always be set. You would typically set these options globally in order to ensure that group and world read/write permissions have been set appropriately for new files or directories in each share.</p><P CLASS="para">
+In the same spirit, if you wish to explicitly set the Unix user and group attributes of a file that is created on the Windows side, you can use the <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+user</code> and <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+group</code> options. For example:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+
+	create mask = 744
+	directory mask = 755
+	force user = joe
+	force group = accounting</pre><P CLASS="para">
+These options actually assign a static Unix user and group to each connection that is made to a share. However, this occurs <EM CLASS="emphasis">
+after</em> the client authenticates; it does not allow free access to a share. These options are frequently used for their side effects of assigning a specific user and group to each new file or directory that is created in a share. Use these options with discretion.</p><P CLASS="para">
+Finally, one of the capabilities of Unix that DOS lacks is the ability to delete a read-only file from a writable directory. In Unix, if a directory is writable, a read-only file in that directory can still be removed. This could permit you to delete files in any of your directories, even if the file was left by someone else.</p><P CLASS="para">
+DOS filesystems are not designed for multiple users, and so its designers decided that read-only means "protected against accidental change, including deletion," rather than "protected against some other user on a single-user machine." So the designers of DOS prohibited removal of a read-only file. Even today, Windows file systems exhibit the same behavior.</p><P CLASS="para">
+Normally, this is harmless. Windows programs don't try to remove read-only files because they know it's a bad idea. However, a number of source-code control programs&nbsp;- which were first written for Unix&nbsp;- run on Windows and require the ability to delete read-only files. Samba permits this behavior with the <CODE CLASS="literal">
+delete</code> <CODE CLASS="literal">
+readonly</code> option. In order to enable this functionality, set the option to <CODE CLASS="literal">
+yes</code>:</p><PRE CLASS="programlisting">
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+
+	create mask = 744
+	directory mask = 755
+	force user = joe
+	force group = accounting
+	delete readonly = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-964323">
+5.3.2 File and Directory Permission Options</a></h3><P CLASS="para">The options for file and directory permissions are summarized in <A CLASS="xref" HREF="ch05_03.html#ch05-96508">
+Table 5.5</a>; each option is then described in detail. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-96508">
+Table 5.5: File and Directory Permission Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+map archive</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Preserve DOS archive attribute in user execute bit (0100).</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+map system</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Preserve DOS system attribute in group execute bit (0010).</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+map hidden</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Preserve DOS hidden attribute in world execute bit (0001).</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+create mask (create mode)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the maximum permissions for files created by Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0744</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+directory mask (directory mode)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the maximum permissions for directories created by Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0755</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+force create mode</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Forces the specified permissions (bitwise or) for directories created by Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0000</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+force directory mode</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Forces the specified permissions (bitwise or) for directories created by Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0000</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+force group (group)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (group name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the effective group for a user accessing this share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+force user</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (username)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the effective username for a user accessing this share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+delete readonly</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows a user to delete a read-only file from a writable directory.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961746">
+5.3.2.1 create mask</a></h4><P CLASS="para">
+The argument for this option is an octal number indicating which permission flags may be set at file creation by a client in a share. The default is 0755, which means the Unix owner can at most read, write, and optionally execute his or her own files, while members of the user's group and others can only read or execute them. If you need to change it for non-executable files, we recommend 0644, or <CODE CLASS="literal">
+rw-r--r--</code>. Keep in mind that the execute bits may be used by the server to map certain DOS file attributes, as described earlier. If you're altering the create mask, those bits have to be part of the create mask as well.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961749">
+5.3.2.2 directory mask</a></h4><P CLASS="para">
+The argument for this option is an octal number indicating which permission flags may be set at directory creation by a client in a share. The default is 0755, which allows everyone on the Unix side to at most read and traverse the directories, but allows only you to modify them. We recommend the mask 0750, removing access by world users.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961751">
+5.3.2.3 force create mode</a></h4><P CLASS="para">
+This option sets the permission bits that Samba will force to be set when a file permission change is made. It's often used to force group permissions, mentioned previously. It can also be used to preset any of the DOS attributes we mentioned: archive (0100), system (0010), or hidden (0001). This option always takes effect after the <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+archive</code>, <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+system </code>, <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+hidden</code>, and <CODE CLASS="literal">
+create</code> <CODE CLASS="literal">
+mask</code> options.</p><P CLASS="para">
+Many Windows applications rename their data files to <EM CLASS="emphasis">
+datafile.bak</em> and create new ones, thus changing their ownership and permissions so that members of the same Unix group can't edit them. Setting <CODE CLASS="literal">
+force create mask = 0660</code> will keep the new file editable by members of the group.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961753">
+5.3.2.4 force directory mode</a></h4><P CLASS="para">
+This option sets the permission bits which Samba will force when a directory permission change is made or a directory is created. It's often used to force group permissions, as mentioned previously. This option defaults to 0000, and can be used just like the <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+create</code> <CODE CLASS="literal">
+mode</code> to add group or other permissions if needed. This option always takes effect after the <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+archive</code>, <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+system</code>, <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+hidden</code>, and <CODE CLASS="literal">
+directory</code> <CODE CLASS="literal">
+mask</code> options.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961755">
+5.3.2.5 force group</a></h4><P CLASS="para">
+This option, sometimes called <CODE CLASS="literal">
+group</code>, assigns a static group ID that will be used on all connections to a service after the client has successfully authenticated. This assigns a specific group to each new file or directory created from an SMB client.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961757">
+5.3.2.6 force user</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+force</code> <CODE CLASS="literal">
+user</code> option assigns a static user ID that will be used on all connections to a service after the client has successfully authenticated. This assigns a specific user to each new file or directory created from an SMB client.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961759">
+5.3.2.7 delete readonly</a></h4><P CLASS="para">This option allows a user to delete a directory containing a read-only file. By default, DOS and Windows will not allow such an operation. You probably will want to leave this option turned off unless a program needs this capability; many Windows users would be appalled to find that they'd accidentally deleted a file which they had set read-only. In fact, even the Unix <CODE CLASS="literal">
+rm</code> command will ask users if they really want to override the protection and delete read-only files. It's a good idea to have Samba be at least as cautious. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961826">
+5.3.2.8 map archive</a></h4><P CLASS="para">
+The DOS archive bit is used to flag a file that has been changed since it was last archived (e.g., backed up with the DOS archive program.) Setting the Samba option <CODE CLASS="literal">
+map</code> <CODE CLASS="literal">
+archive</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> causes the DOS archive flag to be mapped to the Unix execute-by-owner (0100) bit. It's best to leave this option on if your Windows users are doing their own backups, or are using programs that require the archive bit. Unix lacks the notion of an archive bit entirely. Backup programs typically keep a file that lists what files were backed up on what date, so comparing file modification dates serves the same purpose.</p><P CLASS="para">
+Setting this option to <CODE CLASS="literal">
+yes</code> causes an occasional surprise on Unix when a user notices that a data file is marked as executable, but rarely causes harm. If a user tries to run it, he or she will normally get a string of error messages as the shell tries to execute the first few lines as commands. The reverse is also possible; an executable Unix program looks like it hasn't been backed up recently on Windows. But again, this is rare, and is usually harmless. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961836">
+5.3.2.9 map system</a></h4><P CLASS="para">
+The DOS system attribute is used to indicate files that are required by the operating system, and should not be deleted, renamed, or moved without special effort. Set this option only if you need to store Windows system files on the Unix file server. Executable Unix programs will appear to be non-removable special Windows files when viewed from Windows clients. This may prove mildly inconvenient if you want to move or remove one. For most sites, however, this is fairly harmless.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-961845">
+5.3.2.10 map hidden</a></h4><P CLASS="para">DOS uses the hidden attribute to indicate that a file should not ordinarily be visible in directory listings. Unix doesn't have such a facility; it's up to individual programs (notably the shell) to decide what to display and what not to display. Normally, you won't have any DOS files that need to be hidden, so the best thing to do is to leave this option turned off.</p><P CLASS="para">
+Setting this option to <CODE CLASS="literal">
+yes</code> causes the server to map the hidden flag onto the executable-by-others bit (0001). This feature can produce a rather startling effect. Any Unix program that is executable by world seems to vanish when you look for it from a Windows client. If this option is not set, however, and a Windows user attempts to mark a file hidden on a Samba share, it will not work&nbsp;- Samba has no place to store the hidden attribute! </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_02.html" TITLE="5.2 Filesystem Differences">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.2 Filesystem Differences" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_04.html" TITLE="5.4 Name Mangling and Case">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.4 Name Mangling and Case" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+5.2 Filesystem Differences</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+5.4 Name Mangling and Case</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch05_04.html b/docs/htmldocs/using_samba/ch05_04.html
new file mode 100755
index 00000000000..e506445c103
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch05_04.html
@@ -0,0 +1,433 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 5] 5.4 Name Mangling and Case</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:33:01Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_03.html" TITLE="5.3 File Permissions and Attributes on MS-DOS and Unix">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.3 File Permissions and Attributes on MS-DOS and Unix" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch05_01.html" TITLE="5. Browsing and Advanced Disk Shares ">
+Chapter 5<br>
+Browsing and Advanced Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_05.html" TITLE="5.5 Locks and Oplocks">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.5 Locks and Oplocks" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch05-30534">
+5.4 Name Mangling and Case</a></h2><P CLASS="para">Back in the days of DOS and Windows 3.1, every filename was limited to eight upper-case characters, followed by a dot, and three more uppercase characters. This was known as the <I CLASS="firstterm">
+8.3 format</i>, and was a huge nuisance. Windows 95/98, Windows NT, and Unix have since relaxed this problem by allowing many more case-sensitive characters to make up a filename. <A CLASS="xref" HREF="ch05_04.html#ch05-24354">
+Table 5.6</a> shows the current naming state of several popular operating systems. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-24354">
+Table 5.6: Operating System Filename Limitations </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Operating System</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+File Naming Rules</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+DOS 6.22 or below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Eight characters followed by a dot followed by a three-letter extension (8.3 format); case insensitive</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 3.1 for Workgroups</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight characters followed by a dot followed by a three-letter extension (8.3 format); case insensitive</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 95/98</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+127 characters; case sensitive</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+127 characters; case sensitive</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Unix</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+255 characters; case sensitive</p></td></tr></tbody></table><P CLASS="para">Samba still has to remain backwards compatible with network clients who store files only in the 8.3 format, such as Windows for Workgroups. If a user creates a file on a share called <EM CLASS="emphasis">
+antidisestablishmentarianism.txt</em>, a Windows for Workgroups client couldn't tell it apart from another file in the same directory called <EM CLASS="emphasis">
+antidisease.txt</em>. Like Windows 95/98 and Windows NT, Samba has to employ a special methodology of translating a long filename to an 8.3 filename in such a way that similar filenames will not cause collisions. This is called <I CLASS="firstterm">
+name mangling</i>, and Samba deals with this in a manner that is similar, but not identical to, Windows 95 and its successors.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-959448">
+5.4.1 The Samba Mangling Operation</a></h3><P CLASS="para">Here is how Samba mangles a long filename into an 8.3 filename:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-959148">
+</a>If the original filename does not begin with a dot, up to the first five alphanumeric characters that occur before the last dot (if there is one) are converted to uppercase. These characters are used as the first five characters of the 8.3 mangled filename.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-959229">
+</a>If the original filename begins with a dot, the dot is removed and up to the first five alphanumeric characters that occur before the last dot (if there is one) are converted to uppercase. These characters are used as the first five characters of the 8.3 mangled filename.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-959228">
+</a>These characters are immediately followed a special mangling character: by default, a tilde (~), although Samba allows you to change this character.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-959149">
+</a>The base of the long filename before the last period is hashed into a two-character code; parts of the name after the last dot may be used if necessary. This two character code is appended to the 8.3 filename after the mangling character.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch05-pgfId-967828">
+</a>The first three characters after the last dot (if there is one) of the original filename are converted to uppercase and appended onto the mangled name as the extension. If the original filename began with a dot, three underscores (<CODE CLASS="literal">___</code>) are used as the extension instead.</p></li></ul><P CLASS="para">
+Here are some examples:</p><PRE CLASS="programlisting">
+virtuosity.dat                       VIRTU~F1.DAT
+.htaccess                            HTACC~U0.___
+hello.java                           HELLO~1F.JAV
+team.config.txt                      TEAMC~04.TXT
+antidisestablishmentarianism.txt     ANTID~E3.TXT
+antidiseast.txt                      ANTID~9K.TXT</pre><P CLASS="para">
+Using these rules will allow Windows for Workgroups to differentiate the two files on behalf of the poor individual who is forced to see the network through the eyes of that operating system. Note that the same long filename should always hash to the same mangled name with Samba; this doesn't always happen with Windows. The downside of this approach is that there can still be collisions; however, the chances are greatly reduced.</p><P CLASS="para">
+You generally want to use the mangling configuration options with only the oldest clients. We recommend doing this without disrupting other clients by adding an <CODE CLASS="literal">
+include</code> directive to the <I CLASS="filename">
+smb.conf</i> file:</p><PRE CLASS="programlisting">
+[global]
+	include = /ucsr/local/samba/lib/smb.conf.%m</pre><P CLASS="para">
+This resolves to <I CLASS="filename">
+smb.conf.WfWg</i> when a Window for Workgroups client attaches.  Now you can create a file <I CLASS="filename">
+/usr/local/samba/lib/smb.conf.WfWg</i> which might contain these options:</p><PRE CLASS="programlisting">
+[global]
+	case sensitive = no
+	default case = upper
+	preserve case = no
+	short preserve case = no
+	mangle case = yes
+	mangled names= yes</pre><P CLASS="para">
+If you are not using Windows for Workgroups 3.1, then you probably do not need to change any of these options from their defaults.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959447">
+5.4.1.1 Representing and resolving filenames with Samba</a></h4><P CLASS="para">Another item that we should point out is that there is a difference between how an operating system <EM CLASS="emphasis">
+represents</em> a file and how it <EM CLASS="emphasis">
+resolves</em> it. For example, if you've used Windows 95/98/NT, you have likely run across a file called <I CLASS="filename">
+README.TXT</i>. The file can be represented by the operating system entirely in uppercase letters. However, if you open an MS-DOS prompt and enter the command <CODE CLASS="literal">
+edit</code> <CODE CLASS="literal">
+readme.txt</code>, the all-caps file is loaded into the editing program, even though you typed the name in lowercase letters!</p><P CLASS="para">
+This is because the Windows 95/98/NT family of operating systems resolves files in a case-insensitive manner, even though the files are represented it in a case-sensitive manner. Unix-based operating systems, on the other hand, always resolve files in a case-sensitive manner; if you try to edit <I CLASS="filename">
+README.TXT</i> with the command <CODE CLASS="literal">
+vi</code> <CODE CLASS="literal">
+readme.txt</code>, you will likely be editing the empty buffer of a new file.</p><P CLASS="para">
+Here is how Samba handles case: if the <CODE CLASS="literal">
+preserve</code> <CODE CLASS="literal">
+case</code> is set to <CODE CLASS="literal">
+yes</code>, Samba will always use the case provided by the operating system for representing (not resolving) filenames. If it is set to <CODE CLASS="literal">
+no</code>, it will use the case specified by the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> option. The same is true for <CODE CLASS="literal">
+short</code> <CODE CLASS="literal">
+preserve</code> <CODE CLASS="literal">
+case</code>. If this option is set to <CODE CLASS="literal">
+yes</code>, Samba will use the default case of the operating system for representing 8.3 filenames; otherwise it will use the case specified by the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> option. Finally, Samba will always resolve filenames in its shares based on the value of the <CODE CLASS="literal">
+case</code> <CODE CLASS="literal">
+sensitive</code> option.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-970053">
+5.4.2 Mangling Options</a></h3><P CLASS="para">Samba allows you to give it more refined instructions on how it should perform name mangling, including those controlling the case sensitivity, the character inserted to form a mangled name, and the ability to manually map filenames from one format to another. These options are shown in <A CLASS="xref" HREF="ch05_04.html#ch05-47431">
+Table 5.7</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-47431">
+Table 5.7: Name Mangling Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+case sensitive</code></p><P CLASS="para">
+<CODE CLASS="literal">
+(casesignames)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba will treat filenames as case-sensitive (Windows doesn't).</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+default case</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+(<CODE CLASS="literal">upper</code> or <CODE CLASS="literal">
+lower</code>)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Case to assume as default (only used when preserve case is <CODE CLASS="literal">
+no</code>).</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Lower</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+preserve case</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, keep the case the client supplied (i.e., do not convert to <CODE CLASS="literal">
+default case</code>).</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+short preserve case</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, preserve case of 8.3-format names that the client provides.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+mangle case</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Mangle a name if it is mixed case.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+mangled names</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Mangles long names into 8.3 DOS format.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+mangling char</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (single character)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Gives mangling character.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+~</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+mangled stack</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Number of mangled names to keep on the local mangling stack.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+50</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+mangled map</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of patterns)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows mapping of filenames from one format into another.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-960977">
+5.4.2.1 case sensitive</a></h4><P CLASS="para">This share-level option, which has the obtuse synonym <CODE CLASS="literal">
+casesignames</code>, specifies whether Samba should preserve case when resolving filenames in a specific share. The default value for this option is <CODE CLASS="literal">
+no</code>, which is how Windows handles file resolution. If clients are using an operating system that takes advantage of case-sensitive filenames, you can set this configuration option to <CODE CLASS="literal">
+yes</code> as shown here:</p><PRE CLASS="programlisting">
+[accounting]
+	case sensitive = yes</pre><P CLASS="para">
+Otherwise, we recommend that you leave this option set to its default.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958897">
+5.4.2.2 default case</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> option is used with <CODE CLASS="literal">
+preserve</code> <CODE CLASS="literal">
+case</code>. This specifies the default case (upper or lower) that Samba will use when it creates a file on one of its shares on behalf of a client. The default case is <CODE CLASS="literal">
+lower</code>, which means that newly created files will use the mixed-case names given to them by the client. If you need to, you can override this global option by specifying the following:</p><PRE CLASS="programlisting">
+[global]
+	default case = upper</pre><P CLASS="para">
+If you specify this value, the names of newly created files will be translated into uppercase, and cannot be overridden in a program. We recommend that you use the default value unless you are dealing with a Windows for Workgroups or other 8.3 client, in which case it should be <CODE CLASS="literal">
+upper</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958899">
+5.4.2.3 preserve case</a></h4><P CLASS="para">
+This option specifies whether a file created by Samba on behalf of the client is created with the case provided by the client operating system, or the case specified by the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> configuration option above. The default value is <CODE CLASS="literal">
+yes</code>, which uses the case provided by the client operating system. If it is set to <CODE CLASS="literal">
+no</code>, the value of the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> option is used.</p><P CLASS="para">
+Note that this option does not handle 8.3 file requests sent from the client&nbsp;- see the <CODE CLASS="literal">
+short</code> <CODE CLASS="literal">
+preserve</code> <CODE CLASS="literal">
+case</code> option below. You may want to set this option to <CODE CLASS="literal">
+yes</code> if applications that create files on the Samba server are sensitive to the case used when creating the file. If you want to force Samba, for example, to mimic the behavior of a Windows NT filesystem, you can leave this option to its default, <CODE CLASS="literal">
+yes</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958901">
+5.4.2.4 short preserve case</a></h4><P CLASS="para">
+This option specifies whether an 8.3 filename created by Samba on behalf of the client is created with the default case of the client operating system, or the case specified by the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> configuration option. The default value is <CODE CLASS="literal">
+yes</code>, which uses the case provided by the client operating system. You can let Samba choose the case through the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> option by setting it as follows:</p><PRE CLASS="programlisting">
+[global]
+	short preserve case = no</pre><P CLASS="para">
+If you want to force Samba to mimic the behavior of a Windows NT filesystem, you can leave this option set to its default, <CODE CLASS="literal">
+yes</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958984">
+5.4.2.5 mangled names</a></h4><P CLASS="para">
+This share-level option specifies whether Samba will mangle filenames for 8.3 clients in that share. If the option is set to <CODE CLASS="literal">
+no</code>, Samba will not mangle the names and (depending on the client), they will either be invisible or appear truncated to those using 8.3 operating systems. The default value is <CODE CLASS="literal">
+yes</code>. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[data]
+	mangled names = no</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958903">
+5.4.2.6 mangle case</a></h4><P CLASS="para">
+This option tells Samba whether it should mangle filenames that are not composed entirely of the case specified using the <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+case</code> configuration option. The default for this option is <CODE CLASS="literal">
+no</code>. If you set it to <CODE CLASS="literal">
+yes</code>, you should be sure that all clients will be able to handle the mangled filenames that result. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[data]
+	mangle case = yes</pre><P CLASS="para">
+We recommend that you leave this option alone unless you have a well-justified need to change it.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958976">
+5.4.2.7 mangling char</a></h4><P CLASS="para">
+This share-level option specifies the mangling character used when Samba mangles filenames into the 8.3 format. The default character used is a tilde (~). You can reset it to whatever character you wish, for instance:</p><PRE CLASS="programlisting">
+[data]
+	mangling char = #</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959322">
+5.4.2.8 mangled stack</a></h4><P CLASS="para">
+Samba maintains a local stack of recently mangled 8.3 filenames; this stack can be used to reverse map mangled filenames back to their original state. This is often needed by applications that create and save a file, close it, and need to modify it later. The default number of long filename/mangled filename pairs stored on this stack is 50. However, if you want to cut down on the amount of processor time used to mangle filenames, you can increase the size of the stack to whatever you wish, at the expense of memory and slightly slower file access.</p><PRE CLASS="programlisting">
+[global]
+	mangled stack = 100</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959327">
+5.4.2.9 mangled map</a></h4><P CLASS="para">
+If the default behavior of name mangling is not sufficient, you can give Samba further instructions on how to behave using the <CODE CLASS="literal">
+mangled</code> <CODE CLASS="literal">
+map</code> option. This option allows you to specify mapping patterns that can be used before or even in place of name mangling performed by Samba. For example:</p><PRE CLASS="programlisting">
+[data]
+	mangled map =(*.database *.db) (*.class *.cls)</pre><P CLASS="para">
+Here, Samba is instructed to search each file it encounters for characters that match the first pattern specified in the parenthesis and convert them to the modified second pattern in the parenthesis for display on an 8.3 client. This is useful in the event that name mangling converts the filename incorrectly or to a format that the client cannot understand readily. Patterns are separated by whitespaces. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_03.html" TITLE="5.3 File Permissions and Attributes on MS-DOS and Unix">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.3 File Permissions and Attributes on MS-DOS and Unix" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_05.html" TITLE="5.5 Locks and Oplocks">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 5.5 Locks and Oplocks" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+5.3 File Permissions and Attributes on MS-DOS and Unix</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+5.5 Locks and Oplocks</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch05_05.html b/docs/htmldocs/using_samba/ch05_05.html
new file mode 100755
index 00000000000..b0298624f87
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch05_05.html
@@ -0,0 +1,399 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 5] 5.5 Locks and Oplocks</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:33:03Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_04.html" TITLE="5.4 Name Mangling and Case">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.4 Name Mangling and Case" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch05_01.html" TITLE="5. Browsing and Advanced Disk Shares ">
+Chapter 5<br>
+Browsing and Advanced Disk Shares </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6. Users, Security, and Domains " BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch05-75933">
+5.5 Locks and Oplocks</a></h2><P CLASS="para">Concurrent writes to a single file are not desirable in any operating system. To prevent this, most operating systems use <I CLASS="firstterm">
+locks</i> to guarantee that only one process can write to a file at a time. Operating systems traditionally lock entire files, although newer ones allow a range of bytes within a file to be locked. If another process attempts to write to a file (or section of one) that is already locked, it will receive an error from the operating system and will wait until the lock is released.</p><P CLASS="para">
+Samba supports the standard DOS and NT filesystem (deny-mode) locking requests, which allow only one process to write to an entire file on a server at a give time, as well as byte-range locking. In addition, Samba supports a new locking mechanism known in the Windows NT world as <I CLASS="firstterm">
+opportunistic locking&nbsp;- </i><EM CLASS="emphasis">
+oplock</em> for short.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-964663">
+5.5.1 Opportunistic Locking</a></h3><P CLASS="para">
+Opportunistic locking allows a client to notify the Samba server that it will not only be the exclusive writer of a file, but will also cache its changes to that file on its own machine (and not on the Samba server) in order to speed up file access for that client. When Samba knows that a file has been opportunistically locked by a client, it marks its version as having an opportunistic lock and waits for the client to complete work on the file, at which point it expects the client to send the final changes back to the Samba server for synchronization.</p><P CLASS="para">
+If a second client requests access to that file before the first client has finished working on it, Samba can send an <I CLASS="firstterm">
+oplock break</i> request to the first client. This tells the client to stop caching its changes and return the current state of the file to the server so that the interrupting client can use it as it sees fit. An opportunistic lock, however, is not a replacement for a standard deny-mode lock. It is not unheard of for the interrupting process to be granted an oplock break only to discover that the original process also has a deny-mode lock on a file as well. <A CLASS="xref" HREF="ch05_05.html#ch05-74304">
+Figure 5.8</a> illustrates this opportunistic locking process.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch05-74304">
+Figure 5.8: Opportunistic locking</a></h4><IMG CLASS="graphic" SRC="figs/sam.0508.gif" ALT="Figure 5.8"><P CLASS="para">
+In terms of locks, we highly recommend using the defaults provided by Samba: standard DOS/Windows deny-mode locks for compatibility and oplocks for the extra performance that local caching allows. If your operating system can take advantage of oplocks, it should provide significant performance improvements. Unless you have a specific reason for changing any of these options, it's best to leave them as they are.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch05-pgfId-969392">
+5.5.2 Unix and Locking</a></h3><P CLASS="para">Windows systems cooperate well to avoid overwriting each other's changes. But if a file stored on a Samba system is accessed by a Unix process, this process won't know a thing about Windows oplocks and could easily ride roughshod over a lock. Some Unix systems have been enhanced to understand the Windows oplocks maintained by Samba. Currently the support exists only in SGI Irix 6.5.2f and later; Linux and FreeBSD should soon follow.</p><P CLASS="para">
+If you have a system that understands oplocks, set <CODE CLASS="literal">
+kernel</code> <CODE CLASS="literal">
+oplocks</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> in the Samba configuration file. That should eliminate conflicts between Unix processes and Windows users. </p><P CLASS="para">
+If your system does not support kernel oplocks, you could end up with corrupted data when somebody runs a Unix process that reads or writes a file that Windows users also access. However, Samba provides a rough protection mechanism in the absence of kernel oplocks: the <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+oplock</code> <CODE CLASS="literal">
+files</code> option. If you can anticipate which Samba files are used by both Windows users and Unix users, set their names in a <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+oplock</code> <CODE CLASS="literal">
+files</code> option. This will suppress the use of oplocks on matching filenames, which will supress client caching, and let the Windows and Unix programs use system locking or update times to detect competition for the same file. A sample option is: </p><PRE CLASS="programlisting">
+veto oplock files = /*.dbm/</pre><P CLASS="para">
+This option allows both Unix processes and Windows users to edit files ending in the suffix <EM CLASS="emphasis">
+.dbm</em>. Note that the syntax of this option is similar to <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+files</code>.</p><P CLASS="para">
+Samba's options for locks and oplocks are given in <A CLASS="xref" HREF="ch05_05.html#ch05-53407">
+Table 5.8</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-53407">
+Table 5.8: Locks and Oplocks Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+share modes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, turns on support for DOS-style whole-file locks.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+locking</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, turns on byte-range locks.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+strict locking</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, denies access to an entire file if a byte-range lock exists in it.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+oplocks</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, turn on local caching of files on the client for this share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+kernel oplocks</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, indicates that the kernel supports oplocks.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+fake oplocks</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, tells client the lock was obtained, but doesn't actually lock it.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+blocking locks </code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows lock requestor to wait for the lock to be granted.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+veto oplock files</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of filenames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Does not oplock specified files.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lock directory</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the location where various Samba files, including locks, are stored.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+As specified in Samba makefile</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958552">
+5.5.2.1 share modes</a></h4><P CLASS="para">
+The most primitive locks available to Samba are deny-mode locks, known as <I CLASS="firstterm">
+share modes</i>, which are employed by programs such as text editors to avoid accidental overwriting of files. For reference, the deny-mode locks are listed in <A CLASS="xref" HREF="ch05_05.html#ch05-55885">
+Table 5.9</a>.   </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch05-55885">
+Table 5.9: SMB Deny-Mode Locks </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Lock</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Description</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DENY_NONE</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Do not deny any other file requests.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DENY_ALL</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Deny all open requests on the current file.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DENY_READ</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Deny any read-only open requests on the current file.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DENY_WRITE</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Deny any write-only open requests on the current file.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DENY_DOS</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If opened for reading, others can read but cannot write to the file. If opened for writing, others cannot open the file at all.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+DENY_FCB</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Obsolete.</p></td></tr></tbody></table><P CLASS="para">
+The <CODE CLASS="literal">
+share</code> <CODE CLASS="literal">
+modes</code> parameter, which enforces the use of these locks, is enabled by default. To disable it, use the following command:</p><PRE CLASS="programlisting">
+[accounting]
+	share modes = no</pre><P CLASS="para">
+We highly recommend against disabling the default locking mechanism unless you have a justifiable reason for doing so. Most Windows and DOS applications rely on these locking mechanisms in order to work correctly, and will complain bitterly if this functionality is taken away.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958557">
+5.5.2.2 locking</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+locking</code> option can be used to tell Samba to engage or disengage server-side byte-range locks on behalf of the client. Samba implements byte-range locks on the server side with normal Unix advisory locks and will consequently prevent other properly-behaved Unix processes from overwriting a locked byte range.</p><P CLASS="para">
+This option can be specified per share as follows:</p><PRE CLASS="programlisting">
+[accounting]
+	locking = yes</pre><P CLASS="para">
+If the <CODE CLASS="literal">
+locking</code> option is set to <CODE CLASS="literal">
+yes</code>, the requestor will be delayed until the holder of either type of lock releases it (or crashes). If, however, the option is set to <CODE CLASS="literal">
+no</code>, no byte-range locks will be kept for the files, although requests to lock and unlock files will appear to succeed. The option is set to <CODE CLASS="literal">
+yes</code> by default; however, you can turn this option off if you have read-only media.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-959694">
+5.5.2.3 strict locking</a></h4><P CLASS="para">
+This option checks every file access for a byte-range lock on the range of bytes being accessed. This is typically not needed if a client adheres to all the locking mechanisms in place. This option is set to <CODE CLASS="literal">
+no</code> by default; however, you can reset it per share as follows:</p><PRE CLASS="programlisting">
+[accounting]
+	strict locking = yes</pre><P CLASS="para">
+If this option is set to <CODE CLASS="literal">
+yes</code>, mandatory locks are enforced on any file with byte-range locks.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958563">
+5.5.2.4 blocking locks</a></h4><P CLASS="para">
+Samba also supports <I CLASS="firstterm">
+blocking locks</i>, a minor variant of range locks. Here, if the range of bytes is not available, the client specifies an amount of time that it's willing to wait. The server then caches the lock request, periodically checking to see if the file is available. If it is, it notifies the client; however, if time expires, Samba will tell the client that the request has failed. This strategy prevents the client from continually polling to see if the lock is available.</p><P CLASS="para">
+You can disable this option per share as follows:</p><PRE CLASS="programlisting">
+[accounting]
+	blocking locks = no</pre><P CLASS="para">
+When set to <CODE CLASS="literal">
+yes</code>, blocking locks will be enforced on the file. If this option is set to <CODE CLASS="literal">
+no</code>, Samba behaves as if normal locking mechanisms are in place on the file. The default is <CODE CLASS="literal">
+yes</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958571">
+5.5.2.5 oplocks</a></h4><P CLASS="para">
+This option enables or disables support for oplocks on the client. The option is enabled by default. However, you can disable it with the following command:</p><PRE CLASS="programlisting">
+[data]
+	oplocks = no</pre><P CLASS="para">
+If you are in an extremely unstable network environment or have many clients that cannot take advantage of opportunistic locking, it may be better to shut this Samba feature off. Oplocks should be disabled if you are accessing the same files from both Unix applications (such as <EM CLASS="emphasis">
+vi</em>) and SMB clients (unless you are lucky enough to have an operating system that supports kernel oplocks as discussed earlier).</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958575">
+5.5.2.6 fake oplocks</a></h4><P CLASS="para">
+Before opportunistic locking was available on Samba, the Samba daemons pretended to allow oplocks via the <CODE CLASS="literal">
+fake</code> <CODE CLASS="literal">
+oplocks</code> option. If this option was enabled, all clients were told that the file is available for opportunistic locking, and never warned of simultaneous access. This option is deprecated now that real oplocks are available on Samba.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958577">
+5.5.2.7 kernel oplocks</a></h4><P CLASS="para">
+If a Unix application separate from Samba tries to update a file that Samba has oplocked to a Windows client, it will likely succeed (depending on the operating system) and both Samba and the client will never be aware of it. However, if the local Unix operating system supports it, Samba can warn it of oplocked files, which can suspend the Unix process, notify the client via Samba to write its copy back, and only then allow the open to complete. Essentially, this means that the operating system kernel on the Samba system has the ability to handle oplocks as well as Samba.</p><P CLASS="para">
+You can enable this behavior with the <CODE CLASS="literal">
+kernel</code> <CODE CLASS="literal">
+oplocks</code> option, as follows:</p><PRE CLASS="programlisting">
+[global]
+	kernel oplocks = yes</pre><P CLASS="para">
+Samba can automatically detect kernel oplocks and use them if present. At the time of this writing, this feature is supported only by SGI Irix 6.5.2f and later. However, Linux and FreeBSD support are expected in the near future. A system without kernel oplocks will allow the Unix process to update the file, but the client programs will notice the change only at a later time, if at all. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-958581">
+5.5.2.8 veto oplock files</a></h4><P CLASS="para">
+You can provide a list of filenames that are never granted opportunistic locks with the <CODE CLASS="literal">
+veto</code> <CODE CLASS="literal">
+oplock</code> <CODE CLASS="literal">
+files</code> option. This option can be set either globally or on a per-share basis. For example:</p><PRE CLASS="programlisting">
+veto oplock files = /*.bat/*.htm/</pre><P CLASS="para">
+The value of this option is a series of patterns. Each pattern entry must begin, end, or be separated from another with a slash (/) character, even if there is only one pattern listed. Asterisks can be used as a wildcard to represent zero or more characters. Questions marks can be used to represent exactly one character.</p><P CLASS="para">
+We recommend that you disable oplocks on any files that are meant to be updated by Unix or are intended to be shared by several processes simultaneously.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch05-pgfId-960237">
+5.5.2.9 lock directory</a></h4><P CLASS="para">
+This option (sometimes called <CODE CLASS="literal">
+lock</code> <CODE CLASS="literal">
+dir</code>) specifies the location of a directory where Samba will store SMB deny-mode lock files. Samba stores other files in this directory as well, such as browse lists and its shared memory file. If WINS is enabled, the WINS database is written to this directory as well. The default for this option is specified in the Samba makefile; it is typically <I CLASS="filename">
+/usr/local/samba/var/locks</i>. You can override this location as follows:</p><PRE CLASS="programlisting">
+[global]
+	lock directory = /usr/local/samba/locks</pre><P CLASS="para">
+You typically would not need to override this option, unless you want to move the lock files to a more standardized location, such as <I CLASS="filename">
+/var/spool/locks</i>. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_04.html" TITLE="5.4 Name Mangling and Case">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.4 Name Mangling and Case" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6. Users, Security, and Domains " BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+5.4 Name Mangling and Case</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+6. Users, Security, and Domains </td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch06_01.html b/docs/htmldocs/using_samba/ch06_01.html
new file mode 100755
index 00000000000..439e66f3944
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06_01.html
@@ -0,0 +1,221 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 6] Users, Security, and Domains </title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:33:28Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_05.html" TITLE="5.5 Locks and Oplocks">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.5 Locks and Oplocks" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 6</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_02.html" TITLE="6.2 Controlling Access to Shares">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.2 Controlling Access to Shares" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch06-88749">
+6. Users, Security, and Domains </a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch06-92902" TITLE="6.1 Users and Groups">
+Users and Groups</a><br>
+<A CLASS="sect1" HREF="ch06_02.html" TITLE="6.2 Controlling Access to Shares">
+Controlling Access to Shares</a><br>
+<A CLASS="sect1" HREF="ch06_03.html" TITLE="6.3 Authentication Security">
+Authentication Security</a><br>
+<A CLASS="sect1" HREF="ch06_04.html" TITLE="6.4 Passwords">
+Passwords</a><br>
+<A CLASS="sect1" HREF="ch06_05.html" TITLE="6.5 Windows Domains">
+Windows Domains</a><br>
+<A CLASS="sect1" HREF="ch06_06.html" TITLE="6.6 Logon Scripts">
+Logon Scripts</a></p><P>
+</p></div><P CLASS="para">
+This chapter discusses how to configure users with the Samba server. This topic may seem straightforward at first, but you'll soon discover that there are several ancillary problems that can crop up. One issue that Samba administrators have difficulty with is user authentication&nbsp;- password and security problems are by far the most common support questions on the Samba mailing lists. Learning why various authentication mechanisms work on certain architectures (and don't on others) can save you a tremendous amount of time testing and debugging Samba users in the future.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch06-92902">
+6.1 Users and Groups</a></h2><P CLASS="para">Before we start, we need to warn you up front that if you are connecting to Samba with a Windows 98 or NT 4.0 Workstation SP3, you need to configure your server for encrypted passwords before you can make a connection; otherwise, the clients will refuse to connect to the Samba server. This is because each of those Windows clients sends encrypted passwords, and Samba needs to be configured to expect and decrypt them. We'll show you how to set up Samba for this task later in the chapter, assuming you haven't already tackled this problem in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>.</p><P CLASS="para">Let's start with a single user. The easiest way to set up a client user is to create a Unix account (and home directory) for that individual on the server, and notify Samba of the user's existence. You can do the latter by creating a disk share that maps to the user's home directory in the Samba configuration file, and restricting access to that user with the <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> option. For example:</p><PRE CLASS="programlisting">
+[dave]
+		path = /home/dave
+		comment = Dave's home directory
+		writeable = yes<B CLASS="emphasis.bold">
+		valid users = dave</b></pre><P CLASS="para">
+The <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> option lists the users that will be allowed to access the share.  In this case, only the user <CODE CLASS="literal">
+dave</code> is allowed to access the share. In the previous chapters, we specified that any user could access a disk share using the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> parameter. Because we don't wish to allow guest access, that option is absent here. We could grant both authenticated users and guest users access to a specific share if we wanted to. The difference between the two typically involves access rights for each of the files. </p><P CLASS="para">
+Remember that you can abbreviate the user's home directory by using the <CODE CLASS="literal">
+%H</code> variable. In addition, you can use the Unix username variable <CODE CLASS="literal">
+%u</code> and/or the client username variable <CODE CLASS="literal">
+%U</code> in your options as well. For example<EM CLASS="emphasis"></em>:</p><PRE CLASS="programlisting">
+[dave]
+	comment = %U home directory
+	writeable = yes
+	valid users = dave
+	path = %H</pre><P CLASS="para">
+Both of these examples work as long as the Unix user that Samba uses to represent the client has read/write access to the directory referenced by the <CODE CLASS="literal">
+path</code> option. In other words, a client must first pass Samba's security mechanisms (e.g., encrypted passwords, the <CODE CLASS="literal">
+valid users</code> option, etc.) as well as the normal Unix file and directory permissions of its Unix-side user <EM CLASS="emphasis">
+before</em> it can gain read/write access to a share.</p><P CLASS="para">
+With a single user accessing a home directory, access permissions are taken care of when the operating system creates the user account. However, if you're creating a shared directory for group access, there are a few more steps you need to perform. Let's take a stab at a group share for the accounting department in the <EM CLASS="emphasis">
+smb.conf</em> file:</p><PRE CLASS="programlisting">
+[accounting]
+	comment = Accounting Department Directory
+	writeable = yes
+	valid users = @account
+	path = /home/samba/accounting
+	create mode = 0660
+	directory mode = 0770</pre><P CLASS="para">
+The first thing that you might notice we did differently is to specify <CODE CLASS="literal">
+@account</code> as the valid user instead of one or more individual usernames. This is shorthand for saying that the valid users are represented by the Unix group <CODE CLASS="literal">
+account</code>. These users will need to be added to the group entry <CODE CLASS="literal">
+account</code> in the system group file (<I CLASS="filename">/etc/group</i> or equivalent) to be recognized as part of the group. Once they are, Samba will recognize those users as valid users for the share.</p><P CLASS="para">
+In addition, you will need to create a shared directory that the members of the group can access, which is pointed to by the <CODE CLASS="literal">
+path</code> configuration option. Here are the Unix commands that create the shared directory for the accounting department (assuming <EM CLASS="emphasis">
+/home/samba</em> already exists):</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">#</code> mkdir /home/samba/accounting</b><B CLASS="emphasis.bold">
+<CODE CLASS="literal">#</code> chgrp account /home/samba/accounting</b><B CLASS="emphasis.bold">
+<CODE CLASS="literal">#</code> chmod 770 /home/samba/accounting</b></pre><P CLASS="para">
+There are two other options in this <I CLASS="filename">
+smb.conf</i> example, both of which we saw in the previous chapter. These options are <CODE CLASS="literal">
+create</code> <CODE CLASS="literal">
+mode</code> and <CODE CLASS="literal">
+directory</code> <CODE CLASS="literal">
+mode</code>. These options set the maximum file and directory permissions that a new file or directory can have. In this case, we have denied all world access to the contents of this share. (This is reinforced by the <EM CLASS="emphasis">
+chmod</em> command, shown earlier.).</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-968835">
+6.1.1 The [homes] Share</a></h3><P CLASS="para">
+Let's return to user shares for a moment. If we have several users to set up home directory shares for, we probably want to use the special <CODE CLASS="literal">
+[homes]</code> share that we introduced in <a href="ch05_01.html"><b>Chapter 5, <CITE CLASS="chapter">Browsing and Advanced Disk Shares</cite></b></a>. With the <CODE CLASS="literal">
+[homes]</code> share, all we need to say is: </p><PRE CLASS="programlisting">
+[homes]
+<CODE CLASS="literal">
+	</code>browsable = no
+	writable = yes</pre><P CLASS="para">
+The <CODE CLASS="literal">
+[homes]</code> share is a special section of the Samba configuration file. If a user attempts to connect to an ordinary share that doesn't appear in the <I CLASS="filename">
+smb.conf</i> file (such as specifying it with a UNC in Windows Explorer), Samba will search for a <CODE CLASS="literal">
+[homes]</code> share. If one exists, the incoming share name is assumed to be a username and is queried as such in the password database (<I CLASS="filename">/etc/passwd</i> or equivalent) file of the Samba server. If it appears, Samba assumes the client is a Unix user trying to connect to his or her home directory.</p><P CLASS="para">
+As an illustration, let's assume that <CODE CLASS="literal">
+sofia</code> is attempting to connect to a share called [<CODE CLASS="literal">sofia]</code> on the Samba server. There is no share by that name in the configuration file, but a <CODE CLASS="literal">
+[homes]</code> share exists and user <CODE CLASS="literal">
+sofia</code> is present in the password database, so Samba takes the following steps:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957527">
+</a>Samba creates a new disk share called <CODE CLASS="literal">
+[sofia]</code> with the <CODE CLASS="literal">
+path</code> specified in the <CODE CLASS="literal">
+[homes]</code> section. If there is no <CODE CLASS="literal">
+path</code> option specified in <CODE CLASS="literal">
+[homes]</code>, Samba initializes it to her home directory.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957528">
+</a>Samba initializes the new share's options from the defaults in <CODE CLASS="literal">
+[globals]</code>, and any overriding options in <CODE CLASS="literal">
+[homes]</code> with the exception of <CODE CLASS="literal">
+browseable</code>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957529">
+</a>Samba connects <CODE CLASS="literal">
+sofia</code>'s client to that share.</p></li></ol><P CLASS="para">
+The <CODE CLASS="literal">
+[homes]</code> share is a fast, painless way to create shares for your user community without having to duplicate the information from the password database file in the <I CLASS="filename">
+smb.conf</i> file. It does have some peculiarities, however, that we need to point out:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957531">
+</a>The <CODE CLASS="literal">
+[homes]</code> section can represent any account on the machine, which isn't always desirable. For example, it can potentially create a share for <EM CLASS="emphasis">
+root</em>, <EM CLASS="emphasis">
+bin</em>, <EM CLASS="emphasis">
+sys</em>, <EM CLASS="emphasis">
+uucp</em>, and the like. (You can set a global <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> option to protect against this.)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957533">
+</a>The meaning of the <CODE CLASS="literal">
+browseable</code> configuration option is different from other shares; it indicates only that a <CODE CLASS="literal">
+[homes]</code> section won't show up in the local browse list, not that the <CODE CLASS="literal">
+[alice]</code> share won't. When the <CODE CLASS="literal">
+[alice]</code> section is created (after the initial connection), it will use the browsable value from the <CODE CLASS="literal">
+[globals]</code> section for that share, not the value from <CODE CLASS="literal">
+[homes]</code>.</p></li></ul><P CLASS="para">
+As we mentioned, there is no need for a path statement in <CODE CLASS="literal">
+[homes]</code> if the users have Unix home directories in the server's <I CLASS="filename">
+/etc/passwd</i> file. You should ensure that a valid home directory does exist, however, as Samba will not automatically create a home directory for a user, and will refuse a tree connect if the user's directory does not exist or is not accessible. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch05_05.html" TITLE="5.5 Locks and Oplocks">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 5.5 Locks and Oplocks" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_02.html" TITLE="6.2 Controlling Access to Shares">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.2 Controlling Access to Shares" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+5.5 Locks and Oplocks</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+6.2 Controlling Access to Shares</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch06_02.html b/docs/htmldocs/using_samba/ch06_02.html
new file mode 100755
index 00000000000..a5b7bf4d520
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06_02.html
@@ -0,0 +1,423 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 6] 6.2 Controlling Access to Shares</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:33:37Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_01.html" TITLE="6.1 Users and Groups">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.1 Users and Groups" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+Chapter 6<br>
+Users, Security, and Domains </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_03.html" TITLE="6.3 Authentication Security">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.3 Authentication Security" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch06-27678">
+6.2 Controlling Access to Shares</a></h2><P CLASS="para">Often you will need to restrict the users who can access a specific share for security reasons. This is very easy to do with Samba since it contains a wealth of options for creating practically any security configuration. Let's introduce a few configurations that you might want to use in your own Samba setup.</p><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> Again, if you are connecting with Windows 98 or NT 4.0 with Service Pack 3 (or above), those clients will send encrypted passwords to the Samba server. If Samba is not configured for this, it will continually refuse the connection. This chapter describes how to set up Samba for encrypted passwords. See the <A CLASS="xref" HREF="ch06_04.html">
+Section 6.4, Passwords</a> section.</p></blockquote><P CLASS="para">
+We've seen what happens when you specify valid users. However, you are also allowed to specify a list of invalid users&nbsp;- users who should never be allowed access to Samba or its shares. This is done with the <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> option. We hinted at one frequent use of this option earlier: a global default with the <CODE CLASS="literal">
+[homes]</code> section to ensure that various system users and superusers cannot be forged for access. For example:</p><PRE CLASS="programlisting">
+[global]
+	invalid users = root bin daemon adm sync shutdown \
+						halt mail news uucp operator gopher
+	auto services = dave peter bob
+
+[homes]
+	browsable = no
+	writeable = yes</pre><P CLASS="para">
+The <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> option, like <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code>, can take group names as well as usernames. In the event that a user or group appears in both lists, the <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> option takes precedence and the user or group will be denied access to the share.</p><P CLASS="para">
+At the other end of the spectrum, you can explicitly specify users who will be allowed superuser (root) access to a share with the <CODE CLASS="literal">
+admin</code> <CODE CLASS="literal">
+users</code> option. An example follows:</p><PRE CLASS="programlisting">
+[sales]
+		path = /home/sales
+		comment = Fiction Corp Sales Data
+		writeable = yes
+		valid users = tom dick harry
+		admin users = mike</pre><P CLASS="para">
+This option takes both group names and usernames. In addition, you can specify NIS netgroups by preceding them with an <CODE CLASS="literal">
+@</code> as well; if the netgroup is not found, Samba will assume that you are referring to a standard Unix group. </p><P CLASS="para">
+Be careful if you assign an entire group administrative privileges to a share. The Samba team highly recommends you avoid using this option, as it essentially gives root access to the specified users or groups for that share.</p><P CLASS="para">
+If you wish to force read-only or read-write access to users who access a share, you can do so with the <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+list</code> and <CODE CLASS="literal">
+write</code> <CODE CLASS="literal">
+list</code> options, respectively. These options can be used on a per-share basis to restrict a writable share or grant write access to specific users in a read-only share, respectively. For example:</p><PRE CLASS="programlisting">
+[sales]
+		path = /home/sales
+		comment = Fiction Corp Sales Data
+		read only = yes
+		write list = tom dick</pre><P CLASS="para">
+The <CODE CLASS="literal">
+write</code> <CODE CLASS="literal">
+list</code> option cannot override Unix permissions. If you've created the share without giving the write-list user write permission on the Unix system, he or she will be denied write access regardless of the setting of <CODE CLASS="literal">
+write</code> <CODE CLASS="literal">
+list</code>.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-968870">
+6.2.1 Guest Access</a></h3><P CLASS="para">As mentioned earlier, you can specify users who have guest access to a share. The options that control guest access are easy to work with. The first option, <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code>, specifies the Unix account that guest users should be assigned when connecting to the Samba server. The default value for this is set during compilation, and is typically <CODE CLASS="literal">
+nobody</code>. However, you may want to reset the guest user to <CODE CLASS="literal">
+ftp</code> if you have trouble accessing various system services. </p><P CLASS="para">
+If you wish to restrict access in a share only to guests&nbsp;- in other words, all clients connect as the guest account when accessing the share&nbsp;- you can use the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+only</code> option in conjunction with the <CODE CLASS="literal">
+guest ok</code> option, as shown in the following example:</p><PRE CLASS="programlisting">
+[sales]
+		path = /home/sales
+		comment = Fiction Corp Sales Data
+		writeable = yes
+		guest ok = yes
+		guest account = ftp
+		guest only = yes</pre><P CLASS="para">
+Make sure you specify <CODE CLASS="literal">
+yes</code> for both <CODE CLASS="literal">
+guest only</code> and <CODE CLASS="literal">
+guest ok</code> in this scenario; otherwise, Samba will not use the guest acount that you specify.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-960007">
+6.2.2 Access Control Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch06_02.html#ch06-28077">Table 6.1</a> summarizes the options that you can use to control access to shares. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-28077">
+Table 6.1: Share-level Access Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+admin users</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of usernames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of users who can perform operations as root.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+valid users</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of usernames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of users that can connect to a share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+invalid users</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of usernames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of users that will be denied access to a share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+read list</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of usernames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of users that have read-only access to a writable share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+write list</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of usernames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of users that have read-write access to a read-only share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max connections</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates the maximum number of connections for a share at a given time.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+guest only (only guest)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies that this share allows only guest access.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+guest account</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (name of account)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Names the Unix account that will be used for guest access.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+nobody</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959222">
+6.2.2.1 admin users</a></h4><P CLASS="para">
+This option specifies a list of users that perform file operations as if they were <CODE CLASS="literal">
+root</code>. This means that they can modify or destroy any other user's work, no matter what the permissions. Any files that they create will have root ownership and will use the default group of the admin user. The <CODE CLASS="literal">
+admin</code> <CODE CLASS="literal">
+users</code> option is used to allow PC users to act as administrators for particular shares. We urge you to avoid this option. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960368">
+6.2.2.2 valid users and invalid users</a></h4><P CLASS="para">
+These two options let you enumerate the users and groups who are granted or denied access to a particular share. You can enter a list of comma-delimited users, or indicate an NIS or Unix group name by prefixing the name with an at-sign (<CODE CLASS="literal">@</code>). </p><P CLASS="para">
+The important rule to remember with these options is that any name or group in the <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> list will <EM CLASS="emphasis">
+always</em> be denied access, even if it is included (in any form) in the <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> list. By default, neither option has a value associated with it. If both options have no value, any user is allowed to access the share.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959243">
+6.2.2.3 read list and write list</a></h4><P CLASS="para">
+Like the <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> <CODE CLASS="literal">
+and</code> <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> options, this pair of options specifies which users have read-only access to a writeable share and read-write access to a read-only share, respectively. The value of either options is a list of users. <CODE CLASS="literal">
+read</code> <CODE CLASS="literal">
+list</code> overrides any other Samba permissions granted&nbsp;- as well as Unix file permissions on the server system&nbsp;- to deny users write access. <CODE CLASS="literal">
+write</code> <CODE CLASS="literal">
+list</code> overrides other Samba permissions to grant write access, but cannot grant write access if the user lacks write permissions for the file on the Unix system. You can specify NIS or Unix group names by prefixing the name with an at sign (such as <CODE CLASS="literal">
+@users</code>). Neither configuration option has a default value associated with it.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959253">
+6.2.2.4 max connections</a></h4><P CLASS="para">
+This option specifies the maximum number of client connections that a share can have at any given time. Any connections that are attempted after the maximum is reached will be rejected. The default value is <CODE CLASS="literal">
+0</code>, which means that an unlimited number of connections are allowed. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[accounting]
+	max connections = 30</pre><P CLASS="para">
+This option is useful in the event that you need to limit the number of users who are accessing a licensed program or piece of data concurrently.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-958842">
+6.2.2.5 guest only</a></h4><P CLASS="para">
+This share-level option (sometimes called <CODE CLASS="literal">
+only</code> <CODE CLASS="literal">
+guest</code>) forces a connection to a share to be performed with the user specified by the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> option. The share to which this is applied must explicitly specify <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> in order for this option to be recognized by Samba. The default value for this option is <CODE CLASS="literal">
+no</code>. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960637">
+6.2.2.6 guest account</a></h4><P CLASS="para">
+This option specifies the name of account to be used for guest access to shares in Samba. The default for this option varies from system to system, but it is often set to <CODE CLASS="literal">
+nobody</code>. Some default user accounts have trouble connecting as guest users. If that occurs on your system, the Samba team recommends using the ftp account as the guest user. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-959934">
+6.2.3 Username Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch06_02.html#ch06-82964">Table 6.2</a> shows two additional options that Samba can use to correct for incompatibilities in usernames between Windows and Unix. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-82964">
+Table 6.2: Username Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+username map</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the name of the username mapping file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+username level</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates the number of capital letters to use when trying to match a username.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959982">
+6.2.3.1 username map</a></h4><P CLASS="para">Client usernames on an SMB network can be relatively large (up to 255 characters), while usernames on a Unix network often cannot be larger than eight characters. This means that an individual user may have one username on a client and another (shorter) one on the Samba server. You can get past this issue by<I CLASS="firstterm">
+ mapping</i> a free-form client username to a Unix username of eight or fewer characters. It is placed in a standard text file, using a format that we'll describe shortly. You can then specify the pathname to Samba with the global <CODE CLASS="literal">
+username</code> <CODE CLASS="literal">
+map</code> option. Be sure to restrict access to this file; make the root user the file's owner and deny write access to others. Otherwise, an untrusted user who can access the file can easily map their client username to the root user of the Samba server.</p><P CLASS="para">
+You can specify this option as follows:</p><PRE CLASS="programlisting">
+[global]
+	username map = /etc/samba/usermap.txt</pre><P CLASS="para">
+Each of the entries in the username map file should be listed as follows: the Unix username, followed by an equal sign (<CODE CLASS="literal">=</code>), followed by one or more whitespace-separated SMB client usernames. Note that unless instructed otherwise, (i.e., a guest connection), Samba will expect both the client and the server user to have the same password. You can also map NT groups to one or more specific Unix groups using the <CODE CLASS="literal">
+@</code> sign. Here are some examples:</p><PRE CLASS="programlisting">
+jarwin = JosephArwin
+manderso = MarkAnderson
+users = @account</pre><P CLASS="para">
+Also, you can use the asterisk to specify a wildcard that matches any free-form client username as an entry in the username map file:</p><PRE CLASS="programlisting">
+nobody = *</pre><P CLASS="para">
+Comments in the file can be specified as lines beginning with (<CODE CLASS="literal">#</code>) and (<CODE CLASS="literal">;</code>).</p><P CLASS="para">
+Note that you can also use this file to redirect one Unix user to another user. Be careful if you do so because Samba and your client may not notify the user that the mapping has been made and Samba may be expecting a different password. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959994">
+6.2.3.2 username level</a></h4><P CLASS="para">SMB clients (such as Windows) will often send usernames in SMB connection requests entirely in capital letters; in other words, client usernames are not necessarily case sensitive. On a Unix server, however, usernames <EM CLASS="emphasis">
+are</em> case sensitive: the user <CODE CLASS="literal">
+ANDY</code> is different from the user <CODE CLASS="literal">
+andy</code>. By default, Samba attacks this problem by doing the following:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-959996">
+</a>Checking for a user account with the exact name sent by the client</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-969146">
+</a>Testing the username in all lowercase letters</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-969147">
+</a>Testing the username in lowercase letters with only the first letter capitalized</p></li></ol><P CLASS="para">
+If you wish to have Samba attempt more combinations of uppercase and lowercase letters, you can use the <CODE CLASS="literal">
+username</code> <CODE CLASS="literal">
+level</code> global configuration option. This option takes an integer value that specifies how many letters in the username should be capitalized when attempting to connect to a share. You can specify this options as follows:</p><PRE CLASS="programlisting">
+[global]
+	username level = 3</pre><P CLASS="para">
+In this case, Samba will then attempt all permutations of usernames it can compute having three capital letters. The larger the number, the more computations Samba will have to perform to match the username and the longer the authentication will take. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_01.html" TITLE="6.1 Users and Groups">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.1 Users and Groups" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_03.html" TITLE="6.3 Authentication Security">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.3 Authentication Security" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+6.1 Users and Groups</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+6.3 Authentication Security</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch06_03.html b/docs/htmldocs/using_samba/ch06_03.html
new file mode 100755
index 00000000000..a9e1b7ace71
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06_03.html
@@ -0,0 +1,384 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 6] 6.3 Authentication Security</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:33:44Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_02.html" TITLE="6.2 Controlling Access to Shares">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.2 Controlling Access to Shares" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+Chapter 6<br>
+Users, Security, and Domains </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_04.html" TITLE="6.4 Passwords">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.4 Passwords" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch06-88596">
+6.3 Authentication Security</a></h2><P CLASS="para">At this point, we should discuss how Samba authenticates users. Each user who attempts to connect to a share that does not allow guest access must provide a password to make a successful connection. What Samba does with that password&nbsp;- and consequently the strategy Samba will use to handle user authentication&nbsp;- is the arena of the <CODE CLASS="literal">
+security</code> configuration option. There are currently four security levels that Samba supports on its network: <I CLASS="firstterm">
+share</i>, <I CLASS="firstterm">
+user</i>, <I CLASS="firstterm">
+server</i>, and <I CLASS="firstterm">
+domain</i>.</p><DL CLASS="variablelist">
+<DT CLASS="term">Share-level security</dt><DD CLASS="listitem">
+<P CLASS="para">
+Each share in the workgroup has one or more passwords associated with it. Anyone who knows a valid password for the share can access it.</p></dd><DT CLASS="term">User-level security</dt><DD CLASS="listitem">
+<P CLASS="para">
+Each share in the workgroup is configured to allow access from certain users. With each initial tree connection, the Samba server verifies users and their passwords to allow them access to the share.</p></dd><DT CLASS="term">
+Server-level security</dt><DD CLASS="listitem">
+<P CLASS="para">
+This is the same as user-level security, except that the Samba server uses a separate SMB server to validate users and their passwords before granting access to the share.</p></dd><DT CLASS="term">Domain-level security</dt><DD CLASS="listitem">
+<P CLASS="para">
+Samba becomes a member of a Windows domain and uses the domain's primary domain controller (PDC) to perform authentication. Once authenticated, the user is given a special token that allows him or her access to any share with appropriate access rights. With this token, the PDC will not have to revalidate the user's password each time he or she attempts to access another share within the domain.</p></dd></dl><P CLASS="para">
+Each of these security policies can be implemented with the global <CODE CLASS="literal">
+security</code> option, as shown in <A CLASS="xref" HREF="ch06_03.html#ch06-73905">
+Table 6.3</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-73905">
+Table 6.3: Security Option </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+security</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">domain</code>, <CODE CLASS="literal">
+server</code>, <CODE CLASS="literal">
+share</code>, or <CODE CLASS="literal">
+user</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates the type of security that the Samba server will use.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+user</code> (Samba 2.0) or <CODE CLASS="literal">
+share</code> (Samba 1.9)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-957225">
+6.3.1 Share-level Security</a></h3><P CLASS="para">With share-level security, each share has one or more passwords associated with it. This differs from the other modes of security in that there are no restrictions as to whom can access a share, as long as that individual knows the correct password. Shares often have multiple passwords. For example, one password may grant read-only access, while another may grant read-write access, and so on. Security is maintained as long as unauthorized users do not discover the password for a share to which they shouldn't have access.</p><P CLASS="para">OS/2 and Window 95/98 both support share-level security on their resources. You can set up share-level security with Windows 95/98 by first enabling share-level security using the Access Control tab of the Network Control Panel dialog. Then select the Share-level Access Control radio button (which deselects the user-level access control radio button), as shown in <A CLASS="xref" HREF="ch06_03.html#ch06-33100">
+Figure 6.1</a>, and press the OK button. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch06-33100">
+Figure 6.1: Selecting share-level security on a Windows machine</a></h4><IMG CLASS="graphic" SRC="figs/sam.0601.gif" ALT="Figure 6.1"><P CLASS="para">
+Next, right click on a resource&nbsp;- such as a hard drive or a CD-ROM&nbsp;- and select the Properties menu item. This will bring up the Resource Properties dialog box. Select the Sharing tab at the top of the dialog box and enable the resource as Shared As. From here, you can configure how the shared resource will appear to individual users, as well as assigning whether the resource will appear as read-only, read-write, or a mix, depending on the password that is supplied.</p><P CLASS="para">
+You might be thinking that this security model is not a good fit for Samba&nbsp;- and you would be right. In fact, if you set the <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+share</code> option in the Samba configuration file, Samba will still reuse the username/passwords combinations in the system password files to authenticate access. More precisely, Samba will take the following steps when a client requests a connection using share-level security:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957239">
+</a>When a connection is requested, Samba will accept the password and (if sent) the username of the client.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-958140">
+</a>If the share is <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+only</code>, the user is immediately granted access to the share with the rights of the user specified by the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> parameter; no password checking is performed.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957243">
+</a>For other shares, Samba appends the username to a list of users who are allowed access to the share. It then attempts to validate the password given in association with that username. If successful, Samba grants the user access to the share with the rights assigned to that user. The user will not need to authenticate again unless a <CODE CLASS="literal">
+revalidate</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option has been set inside the share.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957257">
+</a>If the authentication is unsuccessful, Samba will attempt to validate the password against the list of users it has previously compiled throughout the attempted connections, as well as any specified under the share in the configuration file. If the password does not match any usernames (as specified in the system password file, typically <I CLASS="filename">
+/etc/passwd</i>), the user is not granted access to the share under that username.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-958141">
+</a>However, if the share has a <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> or <CODE CLASS="literal">
+public</code> option set, the user will default to access with the rights of the user specified by the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> option.</p></li></ol><P CLASS="para">
+You can indicate in the configuration file which users should be initially placed on the share-level security user list by using the <CODE CLASS="literal">
+username</code> configuration option, as shown below:</p><PRE CLASS="programlisting">
+[global]
+	security = share
+[accounting1]
+	path = /home/samba/accounting1
+	guest ok = no
+	writable = yes
+	username = davecb, pkelly, andyo</pre><P CLASS="para">
+Here, when a user attempts to connect to a share, Samba will verify the password that was sent against each of the users in its own list, in addition to the passwords of users <CODE CLASS="literal">
+davecb</code>, <CODE CLASS="literal">
+pkelly</code>, and <CODE CLASS="literal">
+andyo</code>. If any of the passwords match, the connection will be verified and the user will be allowed. Otherwise, connection to the specific share will fail.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960345">
+6.3.1.1 Share Level Security Options</a></h4><P CLASS="para">
+<A CLASS="xref" HREF="ch06_03.html#ch06-80998">
+Table 6.4</a> shows the options typically associated with share-level security. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-80998">
+Table 6.4: Share-Level Access Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+only user</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates whether usernames specified by <CODE CLASS="literal">
+username</code> will be the only ones allowed.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+username </code>(user or users)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (list of usernames)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a list of users against which a client's password will be tested.  </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960350">
+6.3.1.2 only user</a></h4><P CLASS="para">
+This boolean option indicates whether Samba will allow connections to a share using share-level security based solely on the individuals specified in the <CODE CLASS="literal">
+username</code> option, instead of those users compiled on Samba's internal list. The default value for this option is <CODE CLASS="literal">
+no</code>. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[global]
+    security = share
+[data]
+    username = andy, peter, valerie
+    only user = yes</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960355">
+6.3.1.3 username</a></h4><P CLASS="para">
+This option presents a list of users against which Samba will test a connection password to allow access. It is typically used with clients that have share-level security to allow connections to a particular service based solely on a qualifying password&nbsp;- in this case, one that matches a password set up for a specific user:</p><PRE CLASS="programlisting">
+[global]
+    security = share
+[data]
+     username = andy, peter, terry</pre><P CLASS="para">
+We recommend against using this option unless you are implementing a Samba server with share-level security. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-957260">
+6.3.2 User-level Security</a></h3><P CLASS="para">The preferred mode of security with Samba is <I CLASS="firstterm">
+user-level security</i>. With this method, each share is assigned specific users that can access it. When a user requests a connection to a share, Samba authenticates by validating the given username and password with the authorized users in the configuration file and the passwords in the password database of the Samba server. As mentioned earlier in the chapter, one way to isolate which users are allowed access to a specific share is by using the <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> option for each share:</p><PRE CLASS="programlisting">
+[global]
+	security = user
+[accounting1]
+	writable = yes
+	valid users = bob, joe, sandy</pre><P CLASS="para">
+Each of the users listed will be allowed to connect to the share if the password provided matches the password stored in the system password database on the server. Once the initial authentication succeeds, the user will not need to re-enter a password again to access that share unless the <CODE CLASS="literal">
+revalidate</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option has been set.</p><P CLASS="para">Passwords can be sent to the Samba server in either an encrypted or a non-encrypted format. If you have both types of systems on your network, you should ensure that the passwords represented by each user are stored both in a traditional account database and Samba's encrypted password database. This way, authorized users can gain access to their shares from any type of client.[<A CLASS="footnote" HREF="#ch06-pgfId-968956">1</a>] However, we recommend that you move your system to encrypted passwords and abandon non-encrypted passwords if security is an issue. The <A CLASS="xref" HREF="ch06_04.html">
+Section 6.4</a> section of this chapter explains how to use encrypted as well as non-encrypted passwords.</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch06-pgfId-968956">[1]</a> Having both encrypted and non-encrypted password clients on your network is another reason why Samba allows you to include (or not include) various options in the Samba configuration file based on the client operating system or machine name variables. </p></div></blockquote></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-957282">
+6.3.3 Server-level Security</a></h3><P CLASS="para">Server-level security is similar to user-level security. However, with server-level security, Samba delegates password authentication to another SMB password server, typically another Samba server or a Windows NT Server acting as a PDC on the network. Note that Samba still maintains its list of shares and their configuration in its <I CLASS="filename">
+smb.conf</i> file. When a client attempts to make a connection to a particular share, Samba validates that the user is indeed authorized to connect to the share. Samba will then attempt to validate the password by contacting the SMB password server through a known protocol and presenting the username and password to the SMB password server. If the password is accepted, a session will be established with the client. See <A CLASS="xref" HREF="ch06_03.html#ch06-89929">
+Figure 6.2</a> for an illustration of this setup.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch06-89929">
+Figure 6.2: A typical system setup using server level security</a></h4><IMG CLASS="graphic" SRC="figs/sam.0602.gif" ALT="Figure 6.2"><P CLASS="para">
+You can configure Samba to use a separate password server under server-level security with the use of the <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+server</code> global configuration option, as follows:</p><PRE CLASS="programlisting">
+[global]
+	security = server
+	password server = PHOENIX120 HYDRA134</pre><P CLASS="para">
+Note that you can specify more than one machine as the target of the <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+server</code>; Samba will move down the list of servers in the event that its first choice is unreachable. The servers identified by the <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+server</code> option are given as NetBIOS names, not their DNS names or equivalent IP addresses. Also, if any of the servers reject the given password, the connection will automatically fail&nbsp;- Samba will not attempt another server.</p><P CLASS="para">
+One caveat: when using this option, you will still need an account representing that user on the regular Samba server. This is because the Unix operating system needs a username to perform various I/O operations. The preferable method of handling this is to give the user an account on the Samba server but disable the account's password by replacing it in the system password file (e.g., <I CLASS="filename">
+/etc/passwd  </i>) with an asterisk (*).</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-957298">
+6.3.4 Domain-level Security</a></h3><P CLASS="para">Domain-level security is similar to server-level security. However, with domainlevel security, the Samba server is acting as a member of a Windows domain. Recall from Chapter 1 that each domain has a <I CLASS="firstterm">
+domain controller</i>, which is usually a Windows NT server offering password authentication. Including these controllers provides the workgroup with a definitive password server. The domain controllers keep track of users and passwords in their own security authentication module (SAM), and authenticates each user when he or she first logs on and wishes to access another machine's shares.</p><P CLASS="para">
+As mentioned earlier in this chapter, Samba has a similar ability to offer user-level security, but this option is Unix-centric and assumes that the authentication occurs via Unix password files. If the Unix machine is part of a NIS or NIS+ domain, Samba will authenticate the users transparently against a shared password file, in typical Unix fashion. Samba then provides access to the NIS or NIS+ domain from Windows. There is, of course, no relationship between the NIS concept of a domain and the Windows concept of a domain.</p><P CLASS="para">With domain-level security, we now have the option of using the native NT mechanism. This has a number of advantages:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963199">
+</a>It provides far better integration with NT: there are fewer "kludges" in the <I CLASS="filename">
+smb.conf</i> options dealing with domains than with most Windows features. This allows more extensive use of NT management tools, such as the User Manager for Domains tool allowing PC support individuals to treat Samba servers as if they were large NT machines.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963200">
+</a>With the better integration comes protocol and code cleanups, allowing the Samba team to track the evolving NT implementation. NT Service Pack 4 corrects several problems in the protocol, and Samba's better integration makes it easier to track and adapt to these changes.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963202">
+</a>There is less overhead on the PDC because there is one less permanent network connection between it and the Samba server. Unlike the protocol used by the <CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+server</code> option, the Samba server can make a Remote Procedure Call (RPC) call only when it needs authentication information. It can not keep a connection permanently up just for that.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963203">
+</a>Finally, the NT domain authentication scheme returns the full set of user attributes, not just success or failure. The attributes include a longer, more network-oriented version of the Unix uid, NT groups, and other information. This includes:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963204">
+</a>Username</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963205">
+</a>Full name</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963206">
+</a>Description</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963207">
+</a>Security identifier (a domain-wide extension of the Unix uid)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963208">
+</a>NT group memberships</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963209">
+</a>Logon hours, and whether to force the user to log out immediately</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963210">
+</a>Workstations the user is allowed to use</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963211">
+</a>Account expiration date</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963212">
+</a>Home directory</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963213">
+</a>Login script</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963214">
+</a>Profile</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963215">
+</a>Account type</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963216">
+</a>The Samba developers used domain-level security in Samba version 2.0.4 to add and delete domain users on Samba servers semi-automatically. In addition, it adds room for other NT-like additions, such as supporting access control lists and changing permissions of files from the client.</p></li></ul><P CLASS="para">
+The advantage to this approach is less administration; there is only one authentication database to keep synchronized. The only local administration required on the Samba server will be creating directories for users to work in and <I CLASS="filename">
+/etc/passwd</i> entries to keep their UIDs and groups in. </p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-963191">
+6.3.4.1 Adding a Samba server to a Windows NT Domain</a></h4><P CLASS="para">
+If you already have an NT domain, you can easily add a Samba server to it. First, you will need to stop the Samba daemons. Then, add the Samba server to the NT domain on the PDC using the "Windows NT Server Manager for Domains" tool. When it asks for the computer type, choose "Windows NT Workstation or Server," and give it the NetBIOS name of the Samba server. This creates the machine account on the NT server.</p><P CLASS="para">
+Next, generate a Microsoft-format machine password using the <I CLASS="filename">
+smbpasswd</i> tool, which is explained in further detail in the next section. For example, if our domain is SIMPLE and the Windows NT PDC is <CODE CLASS="literal">
+beowulf</code>, we could use the following command on the Samba server to accomplish this:</p><PRE CLASS="programlisting">
+<CODE CLASS="literal">
+smbpasswd -j SIMPLE -r beowulf</code></pre><P CLASS="para">
+Finally, add the following options to the <CODE CLASS="literal">
+[global]</code> section of your <I CLASS="filename">
+smb.conf</i> and restart the Samba daemons.</p><PRE CLASS="programlisting">
+[global]
+	security = domain
+	domain logins = yes
+	workgroup = SIMPLE
+	password server = beowulf</pre><P CLASS="para">
+Samba should now be configured for domain-level security. The <CODE CLASS="literal">
+domain</code> <CODE CLASS="literal">
+logins</code> option is explained in more detail later in this chapter. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_02.html" TITLE="6.2 Controlling Access to Shares">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.2 Controlling Access to Shares" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_04.html" TITLE="6.4 Passwords">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.4 Passwords" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+6.2 Controlling Access to Shares</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+6.4 Passwords</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch06_04.html b/docs/htmldocs/using_samba/ch06_04.html
new file mode 100755
index 00000000000..646c6128f40
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06_04.html
@@ -0,0 +1,738 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 6] 6.4 Passwords</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:33:50Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_03.html" TITLE="6.3 Authentication Security">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.3 Authentication Security" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+Chapter 6<br>
+Users, Security, and Domains </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_05.html" TITLE="6.5 Windows Domains">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.5 Windows Domains" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch06-61393">
+6.4 Passwords</a></h2><P CLASS="para">Passwords are a thorny issue with Samba. So much so, in fact, that they are almost always the first major problem that users encounter when they install Samba, and generate by far the most questions sent to Samba support groups. In previous chapters, we've gotten around the need for passwords by placing the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> option in each of our configuration files, which allows connections without authenticating passwords. However, at this point, we need to delve deeper into Samba to discover what is happening on the network.</p><P CLASS="para">Passwords sent from individual clients can be either encrypted or non-encrypted. Encrypted passwords are, of course, more secure. A non-encrypted password can be easily read with a packet sniffing program, such as the modified <EM CLASS="emphasis">
+tcpdump</em> program for Samba that we used in <a href="ch03_01.html"><b>Chapter 3, <CITE CLASS="chapter">Configuring Windows Clients</cite></b></a>. Whether passwords are encrypted depends on the operating system that the client is using to connect to the Samba server. <A CLASS="xref" HREF="ch06_04.html#ch06-75183">
+Table 6.5</a> lists which Windows operating systems encrypt their passwords before sending them to the primary domain controller for authentication. If your client is not Windows, check the system documentation to see if SMB passwords are encrypted.   </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-75183">
+Table 6.5: Windows Operating Systems with Encrypted Passwords </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Operating System</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Encrypted or Non-encrypted</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+</code>Windows 95</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Non-encrypted</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 95 with SMB Update</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Encrypted</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 98</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Encrypted</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT 3.<EM CLASS="emphasis">
+x</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Non-encrypted</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT 4.0 before SP<CODE CLASS="literal">
+ 3</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Non-encrypted</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows NT 4.0 after SP 3</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Encrypted</p></td></tr></tbody></table><P CLASS="para">
+There are actually two different encryption methods used: one for Windows 95 and 98 clients that reuses Microsoft's LAN Manager encryption style, and a separate one for Windows NT clients and servers. Windows 95 and 98 use an older encryption system inherited from the LAN Manager network software, while Windows NT clients and servers use a newer encryption system.</p><P CLASS="para">
+If encrypted passwords are supported, Samba stores the encrypted passwords in a file called <I CLASS="filename">
+smbpasswd</i>. By default, this file is located in the <I CLASS="filename">
+private</i> directory of the Samba distribution (<I CLASS="filename">/usr/local/samba/private</i>). At the same time, the client stores an encrypted version of a user's password on its own system. The plaintext password is never stored on either system. Each system encrypts the password automatically using a known algorithm when the password is set or changed.</p><P CLASS="para">
+When a client requests a connection to an SMB server that supports encrypted passwords (such as Samba or Windows NT), the two computers undergo the following negotiations:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957427">
+</a>The client attempts to negotiate a protocol with the server.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957428">
+</a>The server responds with a protocol and indicates that it supports encrypted passwords. At this time, it sends back a randomly-generated 8-byte challenge string.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957433">
+</a>The client uses the challenge string as a key to encrypt its already encrypted password using an algorithm predefined by the negotiated protocol. It then sends the result to the server.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957436">
+</a>The server does the same thing with the encrypted password stored in its database. If the results match, the passwords are equivalent and the user is authenticated.</p></li></ol><P CLASS="para">
+Note that even though the original passwords are not involved in the authentication process, you need to be very careful that the encrypted passwords located inside of the <I CLASS="filename">
+smbpasswd</i> file are guarded from unauthorized users. If they are compromised, an unauthorized user can break into the system by replaying the steps of the previous algorithm. The encrypted passwords are just as sensitive as the plaintext passwords&nbsp;- this is known as <I CLASS="firstterm">
+plaintext-equivalent</i> data in the cryptography world. Of course, you should also ensure that the clients safeguard their plaintext-equivalent passwords as well.</p><P CLASS="para">
+You can configure Samba to accept encrypted passwords with the following global additions to <I CLASS="filename">
+smb.conf</i>. Note that we explicitly name the location of the Samba password file:</p><PRE CLASS="programlisting">
+[global]
+	security = user
+	encrypt passwords = yes
+	smb passwd file = /usr/local/samba/private/smbpasswd</pre><P CLASS="para">
+Samba, however, will not accept any users until the <I CLASS="filename">
+smbpasswd</i> file has been initialized.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-959309">
+6.4.1 Disabling encrypted passwords on the client</a></h3><P CLASS="para">While Unix authentication has been in use for decades, including the use of <EM CLASS="emphasis">
+telnet</em> and <EM CLASS="emphasis">
+rlogin</em> access across the Internet, it embodies well-known security risks. Plaintext passwords are sent over the Internet and can be retrieved from TCP packets by malicious snoopers. However, if you feel that your network is secure and you wish to use standard Unix <I CLASS="filename">
+/etc/passwd</i> authentication for all clients, you can do so, but you must disable encrypted passwords on those Windows clients that default to using them. </p><P CLASS="para">
+In order to do this, you must modify the Windows registry by installing two files on each system. Depending on the platform involved, the files are either <I CLASS="filename">
+NT4_PlainPassword.reg</i> or <I CLASS="filename">
+Win95_PlainPassword.reg</i>. You can perform this installation by copying the appropriate <I CLASS="filename">
+.reg</i> files from the Samba distribution's <I CLASS="filename">
+/docs</i> directory to a DOS floppy, and running it from the Run menu item on the client's Start Menu button. Incidentally, the Windows 95 <I CLASS="filename">
+.reg</i> file works fine on Windows 98 as well.</p><P CLASS="para">
+After you reboot the machine, the client will not encrypt its hashed passwords before sending them to the server. This means that the plaintext-equivalent passwords can been seen in the TCP packets that are broadcast across the network. Again, we encourage you not to do this unless you are absolutely sure that your network is secure.</p><P CLASS="para">
+If passwords are not encrypted, you can indicate as much in your Samba configuration file:</p><PRE CLASS="programlisting">
+[global]
+	security = user
+	encrypt passwords = no</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-17782">
+6.4.2 The smbpasswd File</a></h3><P CLASS="para">
+<I CLASS="filename">
+</i>Samba stores its encrypted passwords in a file called <I CLASS="filename">
+smbpasswd</i>, which by default resides in the <I CLASS="filename">
+/usr/local/samba/private</i> directory. The <I CLASS="filename">
+smbpasswd</i> file should be guarded as closely as the <I CLASS="filename">
+passwd</i> file; it should be placed in a directory to which only the root user has read/write access. All other users should not be able to read from the directory at all. In addition, the file should have all access closed off to all users except for root.</p><P CLASS="para">
+Before you can use encrypted passwords, you will need to create an entry for each Unix user in the <I CLASS="filename">
+smbpasswd</i> file. The structure of the file is somewhat similar to a Unix <I CLASS="filename">
+passwd</i> file, but has different fields. <A CLASS="xref" HREF="ch06_04.html#ch06-54128">
+Figure 6.3</a> illustrates the layout of the <I CLASS="filename">
+smbpasswd</i> file; the entry shown is actually one line in the file. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch06-54128">
+Figure 6.3: Structure of the smbpasswd file entry (actually one line)</a></h4><IMG CLASS="graphic" SRC="figs/sam.0603.gif" ALT="Figure 6.3"><P CLASS="para">
+Here is a breakdown of the individual fields:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+Username</dt><DD CLASS="listitem">
+<P CLASS="para">
+This is the username of the account. It is taken directly from the system password file.</p></dd><DT CLASS="term">
+UID</dt><DD CLASS="listitem">
+<P CLASS="para">
+This is the user ID of the account. Like the username, it is taken directly from the system password file and must match the user it represents there.</p></dd><DT CLASS="term">
+LAN Manager Password Hash</dt><DD CLASS="listitem">
+<P CLASS="para">
+This is a 32-bit hexadecimal sequence that represents the password Windows 95 and 98 clients will use. It is derived by encrypting the string <CODE CLASS="literal">
+KGS!@#$%</code> with a 56-bit DES algorithm using the user's password (forced to 14 bytes and converted to capital letters) twice repeated as the key. If there is currently no password for this user, the first 11 characters of the hash will consist of the sequence <CODE CLASS="literal">
+NO</code> <CODE CLASS="literal">
+PASSWORD</code> followed by <CODE CLASS="literal">
+X</code> characters for the remainder. Anyone can access the share with no password. On the other hand, if the password has been disabled, it will consist of 32 <CODE CLASS="literal">
+X</code> characters. Samba will not grant access to a user without a password unless the <CODE CLASS="literal">
+null</code> <CODE CLASS="literal">
+passwords</code> option has been set.</p></dd><DT CLASS="term">
+NT Password Hash</dt><DD CLASS="listitem">
+<P CLASS="para">
+This is a 32-bit hexadecimal sequence that represents the password Windows NT clients will use. It is derived by hashing the user's password (represented as a 16-bit little-endian Unicode sequence) with an MD4 hash. The password is not converted to uppercase letters first.</p></dd><DT CLASS="term">
+Account Flags</dt><DD CLASS="listitem">
+<P CLASS="para">
+This field consists of 11 characters between two braces ([]). Any of the following characters can appear in any order; the remaining characters should be spaces:</p><P CLASS="para">
+U</p><P CLASS="para">
+This account is a standard user account.</p><P CLASS="para">
+D</p><P CLASS="para">
+This account is currently disabled and Samba should not allow any logins.</p><P CLASS="para">
+N</p><P CLASS="para">
+This account has no password associated with it.</p><P CLASS="para">
+W</p><P CLASS="para">
+This is a workstation trust account that can be used to configure Samba as a primary domain controller (PDC) when allowing Windows NT machines to join its domain.</p></dd></dl><DL CLASS="variablelist">
+<DT CLASS="term">
+Last Change Time</dt><DD CLASS="listitem">
+<P CLASS="para">
+This code consists of the characters <CODE CLASS="literal">
+LCT-</code> followed by a hexidecimal representation of the amount of seconds since the epoch (midnight on January 1, 1970) that the entry was last changed.</p></dd></dl><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-957988">
+6.4.2.1 Adding entries to smbpasswd</a></h4><P CLASS="para">
+<I CLASS="filename">
+</i>There are a few ways you can add a new entry to the <I CLASS="filename">
+smbpasswd</i> file:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-961684">
+</a>You can use the <I CLASS="firstterm">
+smbpasswd</i> program with the <CODE CLASS="literal">
+-a</code> option to automatically add any user that currently has a standard Unix system account on the server. This program resides in the <I CLASS="filename">
+/usr/local/samba/bin</i> directory.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957867">
+</a>You can use the <I CLASS="firstterm">
+addtosmbpass</i> executable inside the <I CLASS="firstterm">
+/usr/local/samba/bin</i> directory. This is actually a simple <EM CLASS="emphasis">
+awk</em> script that parses a system password file and extracts the username and UID of each entry you wish to add to the SMB password file. It then adds default fields for the remainder of the user's entry, which can be updated using the <I CLASS="filename">
+smbpasswd</i> program later. In order to use this program, you will probably need to edit the first line of the file to correctly point to <EM CLASS="emphasis">
+awk</em> on your system.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957870">
+</a>In the event that the neither of those options work for you, you can create a default entry by hand in the <I CLASS="filename">
+smbpasswd</i> file. The entry should be entirely on one line. Each field should be colon-separated and should look similar to the following:</p></li></ul><PRE CLASS="programlisting">
+dave:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:</pre><P CLASS="para">
+This consists of the username and the UID as specified in the system password file, followed by two sets of exactly 32 <CODE CLASS="literal">
+X</code> characters, followed by the account flags and last change time as it appears above. After you've added this entry, you must use the <I CLASS="firstterm">
+smbpasswd</i> program to change the password for the user.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-958012">
+6.4.2.2 Changing the encrypted password</a></h4><P CLASS="para">If you need to change the encrypted password in the <I CLASS="filename">
+smbpasswd</i> file, you can also use the <I CLASS="filename">
+smbpasswd</i> program. Note that this program shares the same name as the encrypted password file itself, so be sure not to accidentally confuse the password file with the password-changing program.</p><P CLASS="para">
+The <I CLASS="filename">
+smbpasswd</i> program is almost identical to the <I CLASS="filename">
+passwd</i> program that is used to change Unix account passwords. The program simply asks you to enter your old password (unless you're the root user), and duplicate entries of your new password. No password characters are shown on the screen. </p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">#</code> smbpasswd dave</b>
+</pre><PRE CLASS="programlisting">
+Old SMB password:
+New SMB password:
+Retype new SMB password:
+Password changed for user dave</pre><P CLASS="para">
+You can look at the <I CLASS="filename">
+smbpasswd</i> file after this command completes to verify that both the LAN Manager and the NT hashes of the passwords have been stored in their respective positions. Once users have encrypted password entries in the database, they should be able to connect to shares using encrypted passwords!<I CLASS="filename">
+</i> </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-97004">
+6.4.3 Password Synchronization</a></h3><P CLASS="para">Having a regular password and an encrypted version of the same password can be troublesome when you need to change both of them. Luckily, Samba affords you a limited ability to keep your passwords synchronized. Samba has a pair of configuration options that can be used to automatically update a user's regular Unix password when the encrypted password is changed on the system. The feature can be activated by specifying the <CODE CLASS="literal">
+unix</code> <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+sync</code> global configuration option:</p><PRE CLASS="programlisting">
+[global]
+	encrypt passwords = yes
+	smb passwd file = /usr/local/samba/private/smbpasswd
+
+	unix password sync = yes</pre><P CLASS="para">
+With this option enabled, Samba will attempt to change the user's regular password (as <CODE CLASS="literal">
+root</code>) when the encrypted version is changed with <I CLASS="filename">
+smbpasswd</i>. However, there are two other options that have to be set correctly in order for this to work.</p><P CLASS="para">
+The easier of the two is <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+program</code>. This option simply specifies the Unix command used to change a user's standard system password. It is set to <CODE CLASS="literal">
+/bin/passw</code>d <CODE CLASS="literal">
+%u</code> by default. With some Unix systems, this is sufficient and you do not need to change anything. Others, such as Red Hat Linux, use <I CLASS="filename">
+/usr/bin/passwd</i> instead. In addition, you may want to change this to another program or script at some point in the future. For example, let's assume that you want to use a script called <CODE CLASS="literal">
+changepass</code> to change a user's password. Recall that you can use the variable <CODE CLASS="literal">
+%u</code> to represent the current Unix username. So the example becomes:</p><PRE CLASS="programlisting">
+[global]
+	encrypt passwords = yes
+	smb passwd file = /usr/local/samba/private/smbpasswd
+
+	unix password sync = yes
+	passwd program = changepass %u</pre><P CLASS="para">
+Note that this program will be called as the <CODE CLASS="literal">
+root</code> user when the <CODE CLASS="literal">
+unix</code> <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+sync</code> option is set to <CODE CLASS="literal">
+yes</code>. This is because Samba does not necessarily have the plaintext old password of the user. </p><P CLASS="para">
+The harder option to configure is <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code>. The <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code> option works like a Unix chat script. It specifies a series of strings to send as well as responses to expect from the program specified by the <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+program</code> option. For example, this is what the default <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code> looks like. The delimiters are the spaces between each groupings of characters:</p><PRE CLASS="programlisting">
+passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*</pre><P CLASS="para">
+The first grouping represents a response expected from the password-changing program. Note that it can contain wildcards (*), which help to generalize the chat programs to be able to handle a variety of similar outputs. Here, <CODE CLASS="literal">
+*old*password*</code> indicates that Samba is expecting any line from the password program containing the letters <CODE CLASS="literal">
+old</code> followed by the letters <CODE CLASS="literal">
+password</code>, without regard for what comes on either side or between them. Once instructed to, Samba will wait indefinitely for such a match. Is Samba does not receive the expected response, the password will fail.</p><P CLASS="para">
+The second grouping indicates what Samba should send back once the data in the first grouping has been matched. In this case, you see <CODE CLASS="literal">
+%o\n</code>. This response is actually two items: the variable <CODE CLASS="literal">
+%o</code> represents the old password, while the <CODE CLASS="literal">
+\n</code> is a newline character. So, in effect, this will "type" the old password into the standard input of the password changing program, and then "press" Enter.</p><P CLASS="para">
+Following that is another response grouping, followed by data that will be sent back to the password changing program. (In fact, this response/send pattern continues indefinitely in any standard Unix <EM CLASS="emphasis">
+chat</em> script.) The script continues until the final pattern is matched.[<A CLASS="footnote" HREF="#ch06-pgfId-969009">2</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch06-pgfId-969009">[2]</a> This may not work under Red Hat Linux, as the password program typically responds "All authentication tokens updated successfully," instead of "Password changed." We provide a fix for this later in this section.</p></div></blockquote><P CLASS="para">
+You can help match the response strings sent from the password program with the characters listed in <A CLASS="xref" HREF="ch06_04.html#ch06-77246">
+Table 6.6</a>. In addition, you can use the characters listed in <A CLASS="xref" HREF="ch06_04.html#ch06-38512">
+Table 6.7</a> to help formulate your response.     </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-77246">
+Table 6.6: Password Chat Response Characters </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Character</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+*</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Zero or more occurrences of any character.</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+&quot; &quot;</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows you to include matching strings that contain spaces. Asterisks are still considered wildcards even inside of quotes, and you can represent a null response with empty quotes.</p></td></tr></tbody></table><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-38512">
+Table 6.7: Password Chat Send Characters </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Character</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%o</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The user's old password</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%n</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The user's new password</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+\n</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The linefeed character</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+\r</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The carriage-return character</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+\t</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The tab character</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+\s</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+A space</p></td></tr></tbody></table><P CLASS="para">
+For example, you may want to change your password chat to the following entry. This will handle scenarios in which you do not have to enter the old password. In addition, this will also handle the new <CODE CLASS="literal">
+all</code> <CODE CLASS="literal">
+tokens</code> <CODE CLASS="literal">
+updated</code> <CODE CLASS="literal">
+successfully</code> string that Red Hat Linux sends:</p><PRE CLASS="programlisting">
+passwd chat = *new password* %n\n *new password* %n\n *success*</pre><P CLASS="para">
+Again, the default chat should be sufficient for many Unix systems. If it isn't, you can use the <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code> <CODE CLASS="literal">
+debug</code> global option to set up a new chat script for the password change program. The <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code> <CODE CLASS="literal">
+debug</code> option logs everything during a password chat. This option is a simple boolean, as shown below:</p><PRE CLASS="programlisting">
+[global]
+    encrypted passwords = yes
+    smb passwd file = /usr/local/samba/private/smbpasswd
+
+    unix password sync = yes
+    passwd chat debug = yes
+    log level = 100</pre><P CLASS="para">
+After you activate the password chat debug feature, all I/O received by Samba through the password chat will be sent to the Samba logs with a debug level of 100, which is why we entered a new log level option as well. As this can often generate multitudes of error logs, it may be more efficient to use your own script, by setting the <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+program</code> option, in place of <I CLASS="filename">
+/bin/passwd</i> to record what happens during the exchange. Also, make sure to protect your log files with strict file permissions and to delete them as soon as you've grabbed the information you need, because they contain the passwords in plaintext.</p><P CLASS="para">
+The operating system on which Samba is running may have strict requirements for valid passwords in order to make them more impervious to dictionary attacks and the like. Users should be made aware of these restrictions when changing their passwords.</p><P CLASS="para">
+Earlier we said that password synchronization is limited. This is because there is no reverse synchronization of the encrypted <I CLASS="filename">
+smbpasswd</i> file when a standard Unix password is updated by a user. There are various strategies to get around this, including NIS and freely available implementations of the pluggable authentication modules (PAM) standard, but none of them really solve all the problems yet. In the future, when Windows 2000 emerges, we will see more compliance with the Lightweight Directory Access Protocol (LDAP), which promises to make password synchronization a thing of the past. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-958652">
+6.4.4 Password Configuration Options</a></h3><P CLASS="para">
+The options in <A CLASS="xref" HREF="ch06_04.html#ch06-68460">
+Table 6.8</a> will help you work with passwords in Samba.   </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-68460">
+Table 6.8: Password Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+encrypt passwords</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Turns on encrypted passwords.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+unix password sync </code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba updates the standard Unix password database when a user changes his or her encrypted password.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+passwd chat</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (chat commands)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a sequence of commands that will be sent to the password program.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See earlier section on this option</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+passwd chat debug</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sends debug logs of the password-change process to the log files with a level of 100.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+passwd program</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (Unix command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the program to be used to change passwords.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+/bin/passwd %u</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+password level</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the number of capital letter permutations to attempt when matching a client's password.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+update encrypted</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba updates the encrypted password file when a client connects to a share with a plaintext password.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+null passwords</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba allows access for users with null passwords.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+smb passwd file</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the name of the encrypted password file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+/usr/local/samba/private/smbpasswd</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+hosts equiv</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the name of a file that contains hosts and users that can connect without using a password.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+use rhosts</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the name of an .<EM CLASS="emphasis">
+rhosts</em> file that allows users to connect without using a password.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-968072">
+6.4.4.1 unix password sync</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+unix</code> <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+sync</code> global option allows Samba to update the standard Unix password file when a user changes his or her encrypted password. The encrypted password is stored on a Samba server in the <I CLASS="filename">
+smbpasswd</i> file, which is located in <I CLASS="filename">
+/usr/local/samba/private</i> by default. You can activate this feature as follows:</p><PRE CLASS="programlisting">
+[global]
+	unix password sync = yes</pre><P CLASS="para">
+If this option is enabled, Samba changes the encrypted password and, in addition, attempts to change the standard Unix password by passing the username and new password to the program specified by the <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+program</code> option (described earlier). Note that Samba does not necessarily have access to the plaintext password for this user, so the password changing program must be invoked as <CODE CLASS="literal">
+root</code>.[<A CLASS="footnote" HREF="#ch06-pgfId-959675">3</a>] If the Unix password change does not succeed, for whatever reason, the SMB password will not be changed either.</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch06-pgfId-959675">[3]</a> This is because the Unix <EM CLASS="emphasis">
+passwd</em> program, which is the usual target for this operation, allows <CODE CLASS="literal">
+root</code> to change a user's password without the security restriction that requests the old password of that user.</p></div></blockquote></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-958684">
+6.4.4.2 encrypt passwords</a></h4><P CLASS="para">The <CODE CLASS="literal">
+encrypt</code> <CODE CLASS="literal">
+passwords</code> global option switches Samba from using plaintext passwords to encrypted passwords for authentication. Encrypted passwords will be expected from clients if the option is set to <CODE CLASS="literal">
+yes</code>:</p><PRE CLASS="programlisting">
+encrypt passwords = yes</pre><P CLASS="para">
+By default, Windows NT 4.0 with Service Pack 3 or above and Windows 98 transmit encrypted passwords over the network. If you are enabling encrypted passwords, you must have a valid <I CLASS="filename">
+smbpasswd</i> file in place and populated with usernames that will authenticate with encrypted passwords. (See the section <A CLASS="xref" HREF="ch06_04.html#ch06-17782">
+Section 6.4.2, The smbpasswd File</a>, earlier in this chapter.) In addition, Samba must know the location of the <I CLASS="filename">
+smbpasswd</i> file; if it is not in the default location (typically <I CLASS="filename">
+/usr/local/samba/private/smbpasswd</i>), you can explicitly name it using the <CODE CLASS="literal">
+smb</code> <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+file</code> option.</p><P CLASS="para">
+If you wish, you can use the <CODE CLASS="literal">
+update</code> <CODE CLASS="literal">
+encrypted</code> to force Samba to update the <I CLASS="filename">
+smbpasswd</i> file with encrypted passwords each time a client connects to a non-encrypted password.</p><P CLASS="para">
+A common strategy to ensure that hosts who need encrypted password authentication indeed receive it is with the <CODE CLASS="literal">
+include</code> option. With this, you can create individual configuration files that will be read in based on OS-type (<CODE CLASS="literal">%a</code>) or client name (<CODE CLASS="literal">%m</code>). These host-specific or OS-specific configuration files can contain an <CODE CLASS="literal">
+encrypted</code> <CODE CLASS="literal">
+passwords</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option that will activate only when those clients are connecting to the server.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-954367">
+6.4.4.3 passwd program</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+program</code> is used to specify a program on the Unix Samba server that Samba can use to update the standard system password file when the encrypted password file is updated. This option defaults to the standard<EM CLASS="emphasis">
+ passwd</em> program, usually located in the <I CLASS="filename">
+/bin</i> directory. The <CODE CLASS="literal">
+%u</code> variable is typically used here as the requesting user when the command is executed. The actual handling of input and output to this program during execution is handled through the <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code> option. The "Password Synchronization" section, earlier in this chapter, covers this option in detail.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-954372">
+6.4.4.4 passwd chat</a></h4><P CLASS="para">
+This option specifies a series of send/response strings similar to a Unix chat script, which are used to interface with the password-changing program on the Samba server. The "Password Synchronization" section, earlier in this chapter, covers this option in detail.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-954442">
+6.4.4.5 passwd chat debug</a></h4><P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, the <CODE CLASS="literal">
+passwd</code> <CODE CLASS="literal">
+chat</code> <CODE CLASS="literal">
+debug</code> global option logs everything sent or received by Samba during a password chat. All the I/O received by Samba through the password chat is sent to the Samba logs with a debug level of 100; you will need to specify <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+100</code> in order for the information to be recorded. The "Password Synchronization" section<EM CLASS="emphasis">
+,</em> earlier in this chapter, describes this option in more detail. Be aware that if you do set this option, the plaintext passwords will be visible in the debugging logs, which could be a security hazard if they are not properly secured.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-958069">
+6.4.4.6 password level</a></h4><P CLASS="para">
+With SMB, non-encrypted (or plaintext) passwords are sent with capital letters, just like the usernames mentioned previously. Many Unix users, however, choose passwords with both uppercase and lowercase letters. Samba, by default, only attempts to match the password entirely in lowercase letters, and not capitalizing the first letter.</p><P CLASS="para">
+Like <CODE CLASS="literal">
+username</code> <CODE CLASS="literal">
+level</code>, there is a <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+level</code> option that can be used to attempt various permutations of the password with capital letters. This option takes an integer value that specifies how many letters in the password should be capitalized when attempting to connect to a share. You can specify this options as follows:</p><PRE CLASS="programlisting">
+[global]
+	password level = 3</pre><P CLASS="para">
+In this case, Samba will then attempt all permutations of the password it can compute having three capital letters. The larger the number, the more computations Samba will have to perform to match the password, and the longer a connection to a specific share may take. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-954452">
+6.4.4.7 update encrypted</a></h4><P CLASS="para">
+For sites switching over to the encrypted password format, Samba provides an option that should help with the transition. The <CODE CLASS="literal">
+update</code> <CODE CLASS="literal">
+encrypted</code> option allows a site to ease into using encrypted passwords from plaintext passwords. You can activate this option as follows:</p><PRE CLASS="programlisting">
+[global]
+    update encrypted = yes</pre><P CLASS="para">
+This instructs Samba to create an encrypted version of each user's Unix password in the <I CLASS="filename">
+smbpasswd</i> file each time he or she connects to a share. When this option is enabled, you must have the <CODE CLASS="literal">
+encrypt</code> <CODE CLASS="literal">
+passwords</code> option set to <CODE CLASS="literal">
+no</code> so that the client will pass plaintext passwords to Samba to use to update the files. Once each user has connected at least once, you can set <CODE CLASS="literal">
+encrypted</code> <CODE CLASS="literal">
+passwords</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code>, allowing you to use only the encrypted passwords. The user must already have a valid entry in the <I CLASS="filename">
+smbpasswd</i> file for this option to work.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-958716">
+6.4.4.8 null passwords</a></h4><P CLASS="para">
+This global option tells Samba whether or not to allow access from users that have null passwords (encrypted or non-encrypted) set in their accounts. The default value is <CODE CLASS="literal">
+no</code>. You can override it as follows:</p><PRE CLASS="programlisting">
+null passwords = yes</pre><P CLASS="para">
+We highly recommend against doing so unless you are familiar with the security risks this option can present to your system, including inadvertent access to system users (such as <I CLASS="filename">
+bin</i>) in the system password file who have null passwords set.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959357">
+6.4.4.9 smb passwd file</a></h4><P CLASS="para">This global option identifies the location of the encrypted password database. By default, it is set to <I CLASS="filename">
+/usr/local/samba/private/smbpasswd</i>. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	smb passwd file = /etc/smbpasswd</pre><P CLASS="para">
+This location, for example, is common on many Red Hat distributions.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-969088">
+6.4.4.10 hosts equiv</a></h4><P CLASS="para">
+This global option specifies the name of a standard Unix <I CLASS="filename">
+hosts.equiv</i> file that will allow hosts or users to access shares without specifying a password. You can specify the location of such a file as follows:</p><PRE CLASS="programlisting">
+[global]
+	hosts equiv = /etc/hosts.equiv</pre><P CLASS="para">
+The default value for this option does not specify any <I CLASS="filename">
+hosts.equiv</i> file. Because using such a file is essentially a huge security risk, we highly recommend that you do not use this option unless you are confident in the security of your network.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-959358">
+6.4.4.11 use rhosts</a></h4><P CLASS="para">
+This global option specifies the name of a standard Unix user's <I CLASS="filename">
+.rhosts</i> file that will allow foreign hosts to access shares without specifying a password. You can specify the location of such a file as follows:</p><PRE CLASS="programlisting">
+[global]
+	use rhosts = /home/dave/.rhosts</pre><P CLASS="para">
+The default value for this option does not specify any <I CLASS="filename">
+.rhosts</i> file. Like the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+equiv</code> option above, using such a file is a security risk. We highly recommend that you do use this option unless you are confident in the security of your network. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_03.html" TITLE="6.3 Authentication Security">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.3 Authentication Security" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_05.html" TITLE="6.5 Windows Domains">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.5 Windows Domains" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+6.3 Authentication Security</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+6.5 Windows Domains</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch06_05.html b/docs/htmldocs/using_samba/ch06_05.html
new file mode 100755
index 00000000000..fbf6d245a16
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06_05.html
@@ -0,0 +1,333 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 6] 6.5 Windows Domains</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:34:04Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_04.html" TITLE="6.4 Passwords">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.4 Passwords" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+Chapter 6<br>
+Users, Security, and Domains </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_06.html" TITLE="6.6 Logon Scripts">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.6 Logon Scripts" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch06-23084">
+6.5 Windows Domains</a></h2><P CLASS="para">Now that you are comfortable with users and passwords on a Samba server, we can show you how to set up Samba to become a primary domain controller for Windows 95/98 and NT machines. Why use domains? The answer probably isn't obvious until you look behind the scenes, especially with Windows 95/98.</p><P CLASS="para">
+Recall that with traditional workgroups, Windows 95/98 simply accepts each username and password that you enter when logging on to the system. There are no unauthorized users with Windows 95/98; if a new user logs on, the operating system simply asks for a new password and authenticates the user against that password from then on. The only time that Windows 95/98 attempts to use the password you entered is when connecting to another share.</p><P CLASS="para">Domain logons, on the other hand, are similar to Unix systems. In order to log on to the domain, a valid username and password must be presented at startup, which is then authenticated against the primary domain controller's password database. If the password is invalid, the user is immediately notified and they cannot log on to the domain.</p><P CLASS="para">
+There's more good news: once you have successfully logged on to the domain, you can access any of the shares in the domain to which you have rights without having to reauthenticate yourself. More precisely, the primary domain controller returns a token to the client machine that allows it to access any share without consulting the PDC again. Although you probably won't notice the shift, this can be beneficial in cutting down network traffic. (You can disable this behavior if you wish by using the <CODE CLASS="literal">
+revalidate</code> option.)</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-36822">
+6.5.1 Configuring Samba for Windows Domain Logons</a></h3><P CLASS="para">
+If you wish to allow Samba to act as a domain controller, use the following sections to configure Samba and your clients to allow domain access. </p><P CLASS="para">
+If you would like more information on how to set up domains, see the <I CLASS="filename">
+DOMAINS.TXT</i> file that comes with the Samba distribution.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962093">
+6.5.1.1 Windows 95/98 clients</a></h4><P CLASS="para">Setting up Samba as a PDC for Windows 95/98 clients is somewhat anticlimactic. All you really need to do on the server side is ensure that:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-962098">
+</a>Samba is the only primary domain controller for the current workgroup.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-963241">
+</a>There is a WINS server available on the network, either a Samba machine or a Windows NT server. (See <a href="ch07_01.html"><b>Chapter 7, <CITE CLASS="chapter">Printing and Name Resolution</cite></b></a>, for more information on WINS.)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-962099">
+</a>Samba is using user-level security (i.e., it doesn't hand off password authentication to anyone else). You do not want to use domain-level security if Samba itself is acting as the PDC.</p></li></ul><P CLASS="para">
+At that point, you can insert the following options into your Samba configuration file:</p><PRE CLASS="programlisting">
+[global]
+	workgroup = SIMPLE
+	domain logons = yes
+
+# Be sure to set user-level security!
+
+	security = user
+
+# Be sure to become the primary domain controller!
+
+	os level = 34
+	local master = yes
+	preferred master = yes
+	domain master = yes</pre><P CLASS="para">
+The <CODE CLASS="literal">
+domain</code> <CODE CLASS="literal">
+logons</code> option enables Samba to perform domain authentication on behalf of other clients that request it. The name of the domain will be the same as the workgroup listed in the Samba configuration file, in this case: SIMPLE.</p><P CLASS="para">
+After that, you need to create a non-writable, non-public, non-browesable disk share called <CODE CLASS="literal">
+[netlogon]</code> (it does not matter where this share points to as long as each Windows client can connect to it): </p><PRE CLASS="programlisting">
+[netlogon]
+	comment = The domain logon service
+	path = /export/samba/logon
+	public = no
+	writeable = no
+	browsable = no</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-961711">
+6.5.1.2 Windows NT clients</a></h4><P CLASS="para">If you have Window NT clients on your system, there are a few more steps that need to be taken in order for Samba to act as their primary domain controller.</p><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> You will need to use at least Samba 2.1 to ensure that PDC functionality for Windows NT clients is present. Prior to Samba 2.1, only limited user authentication for NT clients was present. At the time this book went to press, Samba 2.0.5 was the latest version, but Samba  2.1 was available through CVS download. Instructions on downloading alpha versions of Samba are given in <a href="appe_01.html"><b>Appendix E, <CITE CLASS="appendix">Downloading Samba with CVS</cite></b></a>.</p></blockquote><P CLASS="para">
+As before, you need to ensure that Samba is a primary domain controller for the current workgroup and is using user-level security. However, you must also ensure that Samba is using encrypted passwords. In other words, alter the <CODE CLASS="literal">
+[global]</code> options the previous example to include the <CODE CLASS="literal">
+encrypted</code> <CODE CLASS="literal">
+passwords</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option, as shown here: </p><PRE CLASS="programlisting">
+[global]
+	workgroup = SIMPLE
+	encrypted passwords = yes
+	domain logons = yes
+
+	security = user </pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-961829">
+6.5.1.3 Creating trust accounts for NT clients</a></h4><P CLASS="para">
+This step is exclusively for Windows NT clients. All NT clients that connect to a primary domain controller make use of <I CLASS="firstterm">
+trust accounts</i>. These accounts allow a machine to log in to the PDC itself (not one of its shares), which means that the PDC can trust any further connections from users on that client. For all intents and purposes, a trust account is identical to a user account. In fact, we will be using standard Unix user accounts to emulate trust accounts for the Samba server.</p><P CLASS="para">
+The login name of a machine's trust account is the name of the machine with a dollar sign appended to it. For example, if our Windows NT machine is named <CODE CLASS="literal">
+chimaera</code>, the login account would be <CODE CLASS="literal">
+chimaera$</code>. The initial password of the account is simply the name of the machine in lowercase letters. In order to forge the trust account on the Samba server, you need to create a Unix account with the appropriate machine name, as well as an encrypted password entry in the <I CLASS="filename">
+smbpasswd</i> database.</p><P CLASS="para">
+Let's tackle the first part. Here, we only need to modify the <I CLASS="filename">
+/etc/passwd</i> file to support the trust account; there is no need to create a home directory or assign a shell to the "user" because the only part we are interested in is whether a login is permitted. Therefore, we can create a "dummy" account with the following entry:</p><PRE CLASS="programlisting">
+chimaera$:*:1000:900:Trust Account:/dev/null:/dev/null</pre><P CLASS="para">
+Note that we have also disabled the password field by placing a <CODE CLASS="literal">
+*</code> in it. This is because Samba will use the <I CLASS="filename">
+smbpasswd</i> file to contain the password instead, and we don't want anyone to telnet into the machine using that account. In fact, the only value other than the account name that is used here is the UID of the account for the encrypted password database (1000). This number must map to a unique resource ID on the NT server and cannot conflict with any other resource IDs. Hence, no NT user or group should map to this number or a networking error will occur.</p><P CLASS="para">
+Next, add the encrypted password using the <I CLASS="filename">
+smbpasswd</i> command, as follows: </p><PRE CLASS="programlisting"># <CODE CLASS="userinput"><B>smbpasswd -a -m chimaera</b></code>
+Added user chimaera$
+Password changed for user chimaera$</pre><P CLASS="para">
+The <CODE CLASS="literal">
+-m</code> option specifies that a machine trust account is being generated. The <I CLASS="filename">
+smbpasswd</i> program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters; you don't need to enter it. When specifying this option on the command line, do not put a dollar sign after the machine name&nbsp;- it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-961709">
+6.5.2 Configuring Windows Clients for Domain Logons</a></h3><P CLASS="para">
+Once you have Samba configured for domain logons, you need to set up your Windows clients to log on to the domain at startup.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962166">
+6.5.2.1 Windows 95/98</a></h4><P CLASS="para">With Windows 95/98, this can be done by raising the Network configuration dialog in the Windows Control Panel and selecting the Properties for "Client for Microsoft Networks." At this point, you should see a dialog box similar to <A CLASS="xref" HREF="ch06_05.html#ch06-48609">
+Figure 6.4</a>. Select the "Logon to Windows Domain" checkbox at the top of the dialog box, and enter the workgroup that is listed in the Samba configuration file as the Windows NT domain. Then click on OK and reboot the machine when asked.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch06-48609">
+Figure 6.4: Configuring a Windows 95/98 client for domain logons</a></h4><IMG CLASS="graphic" SRC="figs/sam.0604.gif" ALT="Figure 6.4"><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> If Windows complains that you are already logged into the domain,  you probably have an active connection to a share in the workgroup (such as a mapped network drive). Simply disconnect the resource temporarily by right-clicking on its icon and choosing the Disconnect pop-up menu item.</p></blockquote><P CLASS="para">
+When Windows reboots, you should see the standard login dialog with an addition: a field for a domain. The domain name should already be filled in, so simply enter your password and click on the OK button. At this point, Windows should consult the primary domain controller (Samba) to see if the password is correct. (You can check the log files if you want to see this in action.) If it worked, congratulations! You have properly configured Samba to act as a domain controller for Windows 95/98 machines and your client is successfully connected.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-961780">
+6.5.2.2 Windows NT 4.0</a></h4><P CLASS="para">To configure Windows NT for domain logons, open the Network configuration dialog in the Windows NT Control Panel. The first tab that you see should list the identification of the machine.</p><P CLASS="para">
+Press the Change button and you should see the dialog box shown in <A CLASS="xref" HREF="ch06_05.html#ch06-89804">
+Figure 6.5</a>. In this dialog box, you can choose to have the Windows NT client become a member of the domain by selecting the radio button marked Domain in the "Member of" box. Then, type in the domain that you wish the client to login to; it should be the same as the workgroup that you specified in the Samba configuration file. Do not check the box marked "Create a Computer Account in the Domain"&nbsp;- Samba does not currently support this functionality. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch06-89804">
+Figure 6.5: Configuring a Windows NT client for domain logons</a></h4><IMG CLASS="graphic" SRC="figs/sam.0605.gif" ALT="Figure 6.5"><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> Like Windows 95/98, if NT complains that you are already logged in, you probably have an active connection to a share in the workgroup (such as a mapped network drive). Disconnect the resource temporarily by right-clicking on its icon and choosing the Disconnect pop-up menu item.</p></blockquote><P CLASS="para">
+After you press the OK button, Windows should present you with a small dialog box welcoming you to the domain. At this point, you will need to reset the Windows NT machine. Once it comes up again, the machine will automatically present you with a log on screen similar to the one for Windows 95/98 clients. You can now log in using any account that you have already on the Samba server that is configured to accept logins.</p><BLOCKQUOTE CLASS="warning">
+<P CLASS="para">
+<STRONG>
+WARNING:</strong> Be sure to select the correct domain in the Windows NT logon dialog box. Once selected, it may take a moment for Windows NT to build the list of available domains.</p></blockquote><P CLASS="para">
+After you enter the password, Windows NT should consult the primary domain controller (Samba) to see if the password is correct. Again, you can check the log files if you want to see this in action. If it worked, you have successfully configured Samba to act as a domain controller for Windows NT machines.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-961353">
+6.5.3 Domain Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch06_05.html#ch06-53106">
+Table 6.9</a> shows the options that are commonly used in association with domain logons. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-53106">
+Table 6.9: Windows 95/98 Domain Logon Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+domain logons</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Indicates whether Windows domain logons are to be used.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+domain group map</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Name of the file used to map Unix to Windows NT domain groups.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+domain user map</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Name of the file used to map Unix to Windows NT domain users.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+local group map</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Name of the file used to map Unix to Windows NT local groups.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+revalidate</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba forces users to authenticate themselves with each connection to a share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960379">
+6.5.3.1 domain logons</a></h4><P CLASS="para">
+This option configures Samba to accept domain logons as a primary domain controller. When a client successfully logs on to the domain, Samba will return a special token to the client that allows the client to access domain shares without consulting the PDC again for authentication. Note that the Samba machine must be in user-level security (<CODE CLASS="literal">security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+user</code>) and must be the PDC in order for this option to function. In addition, Windows machines will expect a <CODE CLASS="literal">
+[netlogon]</code> share to exist on the Samba server (see the section <A CLASS="xref" HREF="ch06_05.html#ch06-36822">
+Section 6.5.1, Configuring Samba for Windows Domain Logons</a>, earlier in this chapter).</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-966160">
+6.5.3.2 domain group map</a></h4><P CLASS="para">
+This option specifies the location of a mapping file designed to translate Windows NT domain group names to Unix group names. The file should reside on the Samba server. For example:</p><PRE CLASS="programlisting">
+/usr/local/samba/private/groups.mapping</pre><P CLASS="para">
+The file has a simple format:</p><PRE CLASS="programlisting"><CODE CLASS="replaceable"><I>UnixGroup = NTGroup</i></code></pre><P CLASS="para">
+An example is:</p><PRE CLASS="programlisting">
+admin = Administrative</pre><P CLASS="para">
+The specified Unix group should be a valid group in the <I CLASS="filename">
+/etc/group</i> file. The NT group should be the name to which you want the Unix group to map on an NT client. This option will work only with Windows NT clients.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-961959">
+6.5.3.3 domain user map</a></h4><P CLASS="para">
+This option specifies the location of a mapping file designed to translate Unix usernames to Windows NT domain usernames. The file should reside on the Samba server. For example:</p><PRE CLASS="programlisting">/usr/local/samba/private/domainuser.mapping</pre><P CLASS="para">The file has a simple format:</p><PRE CLASS="programlisting"><CODE CLASS="replaceable"><I>UnixUsername</i></code> = [\\<CODE CLASS="replaceable"><I>Domain</i></code>\\]<CODE CLASS="replaceable"><I>NTUserName</i></code></pre><P CLASS="para">
+An example entry is:</p><PRE CLASS="programlisting">
+joe = Joseph Miller</pre><P CLASS="para">
+The Unix name specified should be a valid username in the <I CLASS="filename">
+/etc/passwd</i> file. The NT name should be the username to which you want to Unix username to map on an NT client. This option will work with Windows NT clients only.</p><P CLASS="para">
+If you would like more information on how Windows NT uses domain usernames and local groups, we recommend Eric Pearce's <CITE CLASS="citetitle">
+Windows NT in a Nutshell</cite>, published by O'Reilly.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-961962">
+6.5.3.4 local group map</a></h4><P CLASS="para">
+This option specifies the location of a mapping file designed to translate Windows NT local group names to Unix group names. Local group names include those such as Administrator and Users. The file should reside on the Samba server. For example:</p><PRE CLASS="programlisting">/usr/local/samba/private/localgroup.mapping</pre><P CLASS="para">The file has a simple format:</p><PRE CLASS="programlisting"><CODE CLASS="replaceable"><I>UnixGroup</i></code> = [BUILTIN\]<CODE CLASS="replaceable"><I>NTGroup</i></code></pre><P CLASS="para">
+An example entry is:</p><PRE CLASS="programlisting">
+root = BUILTIN\Administrators</pre><P CLASS="para">
+This option will work with Windows NT clients only. For more information, see Eric Pearce's <CITE CLASS="citetitle">
+Windows NT in a Nutshell</cite> (O'Reilly).</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962075">
+6.5.3.5 revalidate</a></h4><P CLASS="para">
+This share-level option tells Samba to force users to authenticate with passwords each time they connect to a different share on a machine, no matter what level of security is in place on the Samba server. The default value is <CODE CLASS="literal">
+no</code>, which allows users to be trusted once they successfully authenticate themselves. You can override it as:</p><PRE CLASS="programlisting">
+revalidate = yes</pre><P CLASS="para">
+You can use this option to increase security on your system. However, you should weigh it against the inconvenience of having users revalidate themselves to every share. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_04.html" TITLE="6.4 Passwords">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.4 Passwords" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_06.html" TITLE="6.6 Logon Scripts">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 6.6 Logon Scripts" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+6.4 Passwords</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+6.6 Logon Scripts</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch06_06.html b/docs/htmldocs/using_samba/ch06_06.html
new file mode 100755
index 00000000000..f80e4d37464
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch06_06.html
@@ -0,0 +1,537 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 6] 6.6 Logon Scripts</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:34:19Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_05.html" TITLE="6.5 Windows Domains">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.5 Windows Domains" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch06_01.html" TITLE="6. Users, Security, and Domains ">
+Chapter 6<br>
+Users, Security, and Domains </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch07_01.html" TITLE="7. Printing and Name Resolution">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 7. Printing and Name Resolution" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch06-38153">
+6.6 Logon Scripts</a></h2><P CLASS="para">Samba supports the execution of Windows logon scripts, which are scripts (.BAT or .CMD) that are executed on the client when a user logs on to a Windows domain. Note that these scripts are stored on the Unix side, but are transported across the network to the client side and executed once a user logs on. These scripts are invaluable for dynamically setting up network configurations for users when they log on. The downside is that because they run on Windows, they must use the Windows network configuration commands.</p><P CLASS="para">
+If you would like more information on NET commands, we recommend the following O'Reilly handbooks: <EM CLASS="emphasis">
+Windows NT in a Nutshell</em>, <EM CLASS="emphasis">
+Windows 95 in a Nutshell</em>, and <EM CLASS="emphasis">
+Windows 98 in a Nutshell.</em></p><P CLASS="para">
+You can instruct Samba to use a logon script with the <CODE CLASS="literal">
+logon</code> <CODE CLASS="literal">
+script</code> option, as follows:</p><PRE CLASS="programlisting">
+[global]
+	domain logons = yes
+	security = user
+	workgroup = SIMPLE
+
+	os level = 34
+	local master = yes
+	preferred master = yes
+	domain master = yes
+	logon script = %U.bat
+
+[netlogon]
+	comment = The domain logon service
+	path = /export/samba/logon
+	public = no
+	writeable = no
+	browsable = no</pre><P CLASS="para">
+Note that this example uses the <CODE CLASS="literal">
+%U</code> variable, which will individualize the script based on the user that is logging in. It is common to customize logon scripts based on the user or machine name that is logging onto the domain. These scripts can then be used to configure individual settings for users or clients.</p><P CLASS="para">
+Each logon script should be stored at the base of the <CODE CLASS="literal">
+[netlogon]</code> share. For example, if the base of the <CODE CLASS="literal">
+[netlogon]</code> share is <I CLASS="filename">
+/export/samba/logon</i> and the logon script is <I CLASS="filename">
+jeff.bat</i>, the file should be located at <I CLASS="filename">
+/export/samba/logon/jeff.bat</i>. When a user logs on to a domain that contains a startup script, he or she will see a small dialog that informs them that the script is executing, as well as any output the script generates in an MS-DOS-like box.</p><P CLASS="para">
+One warning: because these scripts are loaded by Windows and executed on the Windows side, they must consist of DOS formatted carriage-return/linefeed characters instead of Unix carriage returns. It's best to use a DOS- or Windows-based editor to create them.</p><P CLASS="para">
+Here is an example of a logon script that sets the current time to match that of the Samba server and maps two network drives, <CODE CLASS="literal">
+h</code> and <CODE CLASS="literal">
+i</code>, to individual shares on the server:</p><PRE CLASS="programlisting">
+#  Reset the current time to that shown by the server.
+#  We must have the &quot;time server = yes&quot; option in the
+#  smb.conf for this to work.
+
+echo Setting Current Time...
+net time \\hydra /set /yes
+
+#  Here we map network drives to shares on the Samba
+#  server
+echo Mapping Network Drives to Samba Server Hydra...
+net use h: \\hydra\data
+net use i: \\hydra\network</pre><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-960385">
+6.6.1 Roaming profiles</a></h3><P CLASS="para">
+<I CLASS="firstterm">
+</i>In Windows 95 and NT, each user can have his or her own <I CLASS="firstterm">
+profile</i>. A profile bundles information such as: the appearance of a user's desktop, the applications that appear on the start menus, the background, and other miscellaneous items. If the profile is stored on a local disk, it's called a <I CLASS="firstterm">
+local profile</i>, since it describes what a user's environment is like on one machine. If the profile is stored on a server, on the other hand, the user can download the same profile to any client machine that is connected to the server. The latter is called a <I CLASS="firstterm">
+roaming profile</i> because the user can roam around from machine to machine and still use the same profile. This makes it particularly convenient when someone might be logging in from his or her desk one day and from a portable in the field the next. <A CLASS="xref" HREF="ch06_06.html#ch06-71393">
+Figure 6.6</a> illustrates local and roaming profiles.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch06-71393">
+Figure 6.6: Local profiles versus roaming profiles</a></h4><IMG CLASS="graphic" SRC="figs/sam.0606.gif" ALT="Figure 6.6"><P CLASS="para">
+
+
+<!-- 2.0.7 amendment begins, davecb -->
+<P>Samba will provide roaming profiles if it is configured for domain logons
+and you set <CODE CLASS="literal">logon path</CODE> to the user's home
+directory and <CODE CLASS="literal">logon home </CODE> to a
+subdirectory of the user's home directory used to store profiles. These
+options are typically used with one of the user variables, as shown in this
+example:
+<PRE CLASS="programlisting">
+[global]
+        domain logons = yes
+        security = user
+	workgroup = SIMPLE
+	os level = 34
+	local master = yes
+	preferred master = yes
+	domain master = yes
+
+	logon home = \\%N\%U
+	logon path = \\%N\%U\profile <!-- from the man page -->
+</PRE>
+<P> Samba versions previous to 2.0.6 allowed Win9X machines to store
+profiles in separate shares, but that prevented the clients from setting
+their <CODE CLASS="literal">logon path</CODE> so they could get their home
+directory mounted by saying "net use /home".  This was corrected in
+2.0.6.</P>
+
+<!-- end of profiles modification -->
+<!-- WARNING: we never warn anywhere that "Windows clients can sometimes
+maintain a connection to the [homes] share, even though there is 
+no user logged in. Therefore, it is vital that the logon path does not 
+include a reference to the homes share."  I read the above as being
+equivalen to the homes share, just not leiterally [homes]. I expect
+the bug will persist. davecb-->
+
+
+Once a user initially logs on, the Windows client will create a <I CLASS="filename">
+user.dat</i> or <I CLASS="filename">
+ntuser.dat</i> file&nbsp;- depending on which operating system the client is running. The client then uploads the contents of the desktop, the Start Menu, the Network Neighborhood, and the programs folders in individual folders in the directory. When the user subsequently logs on, those contents will be downloaded from the server and activated for the client machine with which the user is logging on. When he or she logs off, those contents will be uploaded back on the server until the next time the user connects. If you look at the directory listing of a profile folder, you'll see the following:</p><PRE CLASS="programlisting">
+# ls -al 
+
+total 321
+drwxrwxr-x   9 root  simple    Jul 21 20:44 .
+drwxrwxr-x   4 root  simple    Jul 22 14:32 ..
+drwxrwx---   3 fred  develope  Jul 12 07:15 Application Data
+drwxrwx---   3 fred  develope  Jul 12 07:15 Start Menu
+drwxrwx---   2 fred  develope  Jul 12 07:15 cookies
+drwxrwx---   2 fred  develope  Jul 12 07:15 desktop
+drwxrwx---   7 fred  develope  Jul 12 07:15 history
+drwxrwx---   2 fred  develope  Jul 12 07:15 nethood
+drwxrwx---   2 fred  develope  Jul 19 21:05 recent
+-rw-------   1 fred  develope  Jul 21 21:59 user.dat</pre><P CLASS="para">
+The <I CLASS="filename">
+user.dat</i> files are binary configuration files, created automatically by Windows. They can be edited with the Profile Editor on a Windows client, but they can be somewhat tricky to get correct. Samba supports them correctly for all clients up to NT 5.0 beta, but they're still relatively new<I CLASS="firstterm"></i>.</p><P CLASS="para">
+Hints and HOWTOs for handling logon scripts are available in the Samba documentation tree, in both <I CLASS="filename">
+docs/textdocs/DOMAIN.txt</i> and <I CLASS="filename">
+docs/textdocs/PROFILES.txt</i>.<I CLASS="firstterm">
+</i> </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-961462">
+6.6.2 Mandatory profiles</a></h3><P CLASS="para">Users can also have <I CLASS="firstterm">
+mandatory profiles</i>, which are roaming profiles that they cannot change. For example, with a mandatory profile, if a user adds a command to the Start Menu on Tuesday, it will be gone when he or she logs in again on Wednesday. The mandatory profile is simply a <I CLASS="filename">
+user.dat</i> file that has been renamed to <I CLASS="filename">
+user.man</i> and made read-only on the Unix server. It normally contains settings that the administrator wishes to ensure the user always executes. For example, if an administrator wants to create a fixed user configuration, he or she can do the following:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957763">
+</a>Create the read-write directory on the Samba server. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957764">
+</a>Set the <CODE CLASS="literal">
+logon</code> <CODE CLASS="literal">
+path</code> option in the <EM CLASS="emphasis">
+smb.conf</em> file to point to this directory.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957765">
+</a>Logon as the user from Windows 95/98 to have the client populate the directory. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957766">
+</a>Rename the resulting <I CLASS="filename">
+user.dat</i> to <I CLASS="filename">
+user.man</i>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch06-pgfId-957767">
+</a>Make the directory and its contents read only.</p></li></ol><P CLASS="para">
+Mandatory profiles are fairly unusual. Roaming profiles, on the other hand, are one of the more desirable features of Windows that Samba can support.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-962637">
+6.6.3 Logon Script Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch06_06.html#ch06-46661">Table 6.10</a> summarizes the options commonly used in association with Windows domain logon scripts. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-46661">
+Table 6.10: Logon Script Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+logon script</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (DOS path)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Name of DOS/NT batch file</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+logon path</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (UNC server and share name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Location of roaming profile for user</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+\\%N\%U\profile</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+logon drive</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (drive letter)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the logon drive for a home directory (NT only)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+Z</code>:</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+logon home</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (UNC server and share name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies a location for home directories for clients logging on to the domain</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+\\%N\%U</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962334">
+6.6.3.1 logon script</a></h4><P CLASS="para">
+This option specifies a Windows .BAT or .CMD file with lines ending in carriage-return/line feed that will be executed on the client after a user has logged on to the domain. Each logon script should be stored at the base of a share entitled <CODE CLASS="literal">
+[netlogin]</code> (see the section <A CLASS="xref" HREF="ch06_05.html#ch06-36822">
+Section 6.5.1</a> for details.) This option frequently uses the <CODE CLASS="literal">
+%U</code> or <CODE CLASS="literal">
+%m</code> variables (user or NetBIOS name) to point to an individual script. For example:</p><PRE CLASS="programlisting">
+logon script = %U.bat</pre><P CLASS="para">
+will execute a script based on the username located at the base of the <CODE CLASS="literal">
+[netlogin]</code> share. If the user who is connecting is <CODE CLASS="literal">
+fred</code> and the path of the <CODE CLASS="literal">
+[netlogin]</code> share maps to the directory <I CLASS="filename">
+/export/samba/netlogin</i>, the script should be <I CLASS="filename">
+/export/samba/netlogin/fred.bat</i>. Because these scripts are downloaded to the client and executed on the Windows side, they must consist of DOS formatted carriage-return/linefeed characters instead of Unix carriage returns.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962671">
+6.6.3.2 logon path</a></h4><P CLASS="para">
+This option provides a location for roaming profiles. When the user logs on, a roaming profile will be downloaded from the server to the client and activated for the user who is logging on. When the user logs off, those contents will be uploaded back on the server until the next time the user connects. </p><P CLASS="para">
+It is often more secure to create a separate share exclusively for storing user profiles:</p><PRE CLASS="programlisting">
+logon path = \\hydra\profile\%U</pre><P CLASS="para">
+For more informaiton on this option, see the section <A CLASS="xref" HREF="ch06_06.html">
+Section 6.6, Logon Scripts</a>, earlier in this chapter.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962332">
+6.6.3.3 logon drive</a></h4><P CLASS="para">
+This option specifies the drive letter on an NT client to which the home directory specified with the <CODE CLASS="literal">
+logon</code> <CODE CLASS="literal">
+home</code> option will be mapped. Note that this option will work with Windows NT clients only. For example:</p><PRE CLASS="programlisting">
+logon home = I:</pre><P CLASS="para">
+You should always use drive letters that will not conflict with fixed drives on the client machine. The default is Z:, which is a good choice because it is as far away from A:, C:, and D: as possible.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-962319">
+6.6.3.4 logon home </a></h4><P CLASS="para">
+This option specifies the location of a user's home directory for use by the DOS NET commands. For example, to specify a home directory as a share on a Samba server, use the following:</p><PRE CLASS="programlisting">
+logon home = \\hydra\%U</pre><P CLASS="para">
+Note that this works nicely with the <CODE CLASS="literal">
+[homes]</code> service, although you can specify any directory you wish. Home directories can be mapped with a logon script using the following command:</p><PRE CLASS="programlisting">
+NET USE I: /HOME</pre><P CLASS="para">
+In addition, you can use the User Environment Profile under User Properties in the Windows NT User Manager to verify that the home directory has automatically been set. </p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-960476">
+6.6.4 Other Connection Scripts</a></h3><P CLASS="para">After a user successfully makes a connection to any Samba share, you may want the Samba server to execute a program on its side to prepare the share for use. Samba allows scripts to be executed before and after someone connects to a share. You do not need to be using Windows domains to take advantage of the options. <A CLASS="xref" HREF="ch06_06.html#ch06-67528">
+Table 6.11</a> introduces some of the configuration options provided for setting up users.  </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-67528">
+Table 6.11: Connection Script Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+root preexec</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (Unix command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a command to run as <CODE CLASS="literal">
+root</code>, before connecting to the share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+preexec (exec)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (Unix command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a Unix command to run as the user before connecting to the share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+postexec</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (Unix command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a Unix command to run as the user after disconnecting from the share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+root postexec</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (Unix command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a Unix command to run as <CODE CLASS="literal">
+root</code> after disconnecting from the share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960575">
+6.6.4.1 root preexec</a></h4><P CLASS="para">
+The first form of the logon command is called <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+preexec</code>. This option specifies a Unix command as its value that will be run <EM CLASS="emphasis">
+as the root user</em> before any connection to a share is completed. You should use this option specifically for performing actions that require root privilege. For example, <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+preexec</code> can be used to mount CD-ROMs for a share that makes them available to the clients, or to create necessary directories. If no <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+preexec</code> option is specified, there is no default action. Here is an example of how you can use the command to mount a CD-ROM:</p><PRE CLASS="programlisting">
+[homes]
+	browseable = no
+	writeable = yes
+	root preexec = /etc/mount /dev/cdrom2</pre><P CLASS="para">
+Remember that these commands will be run as the root user. Therefore, in order to ensure security, users should never be able to modify the target of the <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+preexec</code> command.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960582">
+6.6.4.2 preexec</a></h4><P CLASS="para">
+The next option run before logon is the <CODE CLASS="literal">
+preexec</code> option, sometimes just called <CODE CLASS="literal">
+exec</code>. This is an ordinary unprivileged command run by Samba as the user specified by the variable <CODE CLASS="literal">
+%u</code>. For example, a common use of this option is to perform logging, such as the following:</p><PRE CLASS="programlisting">
+[homes]
+<CODE CLASS="userinput"><B>preexec = echo &quot;%u connected to %S from %m (%I)\&quot; &gt;&gt;/tmp/.log</b></code> </pre><P CLASS="para">
+Be warned that any information the command sends to standard output will not be seen by the user, but is instead thrown away. If you intend to use a <CODE CLASS="literal">
+preexec</code> script, you should ensure that it will run correctly before having Samba invoke it.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960594">
+6.6.4.3 postexec</a></h4><P CLASS="para">
+Once the user disconnects from the share, the command specified with <CODE CLASS="literal">
+postexec</code> is run as the user on the Samba server to do any necessary cleanup. This option is essentially the same as the <CODE CLASS="literal">
+preexec</code> option. Again, remember that the command is run as the user represented by <CODE CLASS="literal">
+%u</code> and any information sent to standard output will be ignored.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960596">
+6.6.4.4 root postexec</a></h4><P CLASS="para">
+Following the <CODE CLASS="literal">
+postexec</code> option, the <CODE CLASS="literal">
+root</code> <CODE CLASS="literal">
+postexec</code> command is run, if one has been specified. Again, this option specifies a Unix command as its value that will be run <EM CLASS="emphasis">
+as the </em><EM CLASS="emphasis">root user</em> before disconnecting from a share. You should use this option specifically for performing actions that require root privilege.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch06-pgfId-960610">
+6.6.5 Working with NIS and NFS</a></h3><P CLASS="para">
+Finally, Samba has the ability to work with NIS and NIS+. If there is more than one file server, and each runs Samba, it may be desirable to have the SMB client connect to the server whose disks actually house the user's home directory. It isn't normally a good idea to ship files across the network once via NFS to a Samba server, only to be sent across the network once again to the client via SMB. (For one thing, it's slow&nbsp;- about 30 percent of normal Samba speed). Therefore, there are a pair of options to tell Samba that NIS knows the name of the right server and indicate in which NIS map the information lives.</p><P CLASS="para">
+<A CLASS="xref" HREF="ch06_06.html#ch06-27466">
+Table 6.12</a> introduces some of the other configuration options specifically for setting up users. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch06-27466">
+Table 6.12: NIS Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+nis homedir</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, use NIS instead of <I CLASS="filename">
+/etc/passwd</i> to look up the path of a user's home directory</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+homedir map</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (NIS map name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the NIS map to use to look up a user's home directory</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch06-pgfId-960612">
+6.6.5.1 nis homedir and homedir map</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+nis</code> <CODE CLASS="literal">
+homedir</code> and <CODE CLASS="literal">
+homedir</code> <CODE CLASS="literal">
+map</code> options are for Samba servers on network sites where Unix home directories are provided using NFS, the automounter, and NIS (Yellow Pages).</p><P CLASS="para">
+The <CODE CLASS="literal">
+nis</code> <CODE CLASS="literal">
+homedir</code> option indicates that the home directory server for the user needs to be looked up in NIS. The <CODE CLASS="literal">
+homedir</code> <CODE CLASS="literal">
+map</code> option tells Samba what NIS map to look in for the server that has the user's home directory. The server needs to be a Samba server, so the client can do an SMB connect to it, and the other Samba servers need to have NIS installed so they can do the lookup.</p><P CLASS="para">
+For example, if user <CODE CLASS="literal">
+joe</code> asks for a share called <CODE CLASS="literal">
+[joe]</code>, and the <CODE CLASS="literal">
+nis</code> <CODE CLASS="literal">
+homedir</code> option is set to <CODE CLASS="literal">
+yes</code>, Samba will look in the file specified by <CODE CLASS="literal">
+homedir</code> <CODE CLASS="literal">
+map</code> for a home directory for <CODE CLASS="literal">
+joe</code>. If it finds one, Samba will return the associated machine name to the client. The client will then try to connect to <EM CLASS="emphasis">
+that</em> machine and get the share from there. Enabling NIS lookups looks like the following:</p><PRE CLASS="programlisting">
+[globals]
+	nis homedir = yes
+	homedir map = amd.map</pre></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_05.html" TITLE="6.5 Windows Domains">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.5 Windows Domains" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch07_01.html" TITLE="7. Printing and Name Resolution">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 7. Printing and Name Resolution" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+6.5 Windows Domains</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+7. Printing and Name Resolution</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch07_01.html b/docs/htmldocs/using_samba/ch07_01.html
new file mode 100755
index 00000000000..a061c6a94ee
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch07_01.html
@@ -0,0 +1,565 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 7] Printing and Name Resolution</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:34:47Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_06.html" TITLE="6.6 Logon Scripts">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.6 Logon Scripts" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 7</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_02.html" TITLE="7.2 Printing to Windows Client Printers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 7.2 Printing to Windows Client Printers" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch07-98459">
+7. Printing and Name Resolution</a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch07-61388" TITLE="7.1 Sending Print Jobs to Samba">
+Sending Print Jobs to Samba</a><br>
+<A CLASS="sect1" HREF="ch07_02.html" TITLE="7.2 Printing to Windows Client Printers">
+Printing to Windows Client Printers</a><br>
+<A CLASS="sect1" HREF="ch07_03.html" TITLE="7.3 Name Resolution with Samba">
+Name Resolution with Samba</a></p><P>
+</p></div><P CLASS="para">This chapter tackles two Samba topics: setting up printers for use with a Samba server and configuring Samba to use or become a Windows Internet Name Service (WINS) server. Samba allows client machines to send documents to printers connected to the Samba server. In addition, Samba can also assist you with printing Unix documents to a printer on a Windows machine. In the first part of this chapter, we will discuss how to get printers configured to work on either side.</p><P CLASS="para">
+In the second half of the chapter, we will introduce the Windows Internet Name Service, Microsoft's implementation of a NetBIOS Name Server (NBNS). As mentioned in <a href="ch01_01.html"><b>Chapter 1, <CITE CLASS="chapter">Learning the Samba</cite></b></a>, an NBNS allows machines to perform name resolution on a NetBIOS network without having to rely on broadcasts. Instead, each machine knows exactly where the WINS server is and can query it for the IP addresses of other machines on the network.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch07-61388">
+7.1 Sending Print Jobs to Samba</a></h2><P CLASS="para">A printer attached to the Samba server shows up in the list of shares offered in the Network Neighborhood. If the printer is registered on the client machine and the client has the correct printer driver installed, the client can effortlessly send print jobs to a printer attached to a Samba server. <A CLASS="xref" HREF="ch07_01.html#ch07-35075">
+Figure 7.1</a> shows a Samba printer as it appears in the Network Neighborhood of a Windows client. </p><P CLASS="para">To administer printers with Samba, you should understand the basic process by which printing takes place on a network. Sending a print job to a printer on a Samba server involves four steps:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-948964">
+</a>Opening and authenticating a connection to the printer share</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-948965">
+</a>Copying the file over the network</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-948966">
+</a>Closing the connection</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-948967">
+</a>Printing and deleting the copy of the file </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-35075">
+Figure 7.1: A Samba printer in the Network Neighborhood</a></h4><IMG CLASS="graphic" SRC="figs/sam.0701.gif" ALT="Figure 7.1"></li></ol><P CLASS="para">
+When a print job arrives at a Samba server, the print data is temporarily written to disk in the directory specified by the <CODE CLASS="literal">
+path</code> option of the printer share. Samba then executes a Unix print command to send that data file to the printer. The job is printed as the authenticated user of the share. Note that this may be the guest user, depending on how the share is configured.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-951370">
+7.1.1 Print Commands</a></h3><P CLASS="para">In order to print the document, you'll need to tell Samba what the command is to print and delete a file. On Linux, such a command is:</p><PRE CLASS="programlisting">
+lpr -r -P<CODE CLASS="replaceable"><I>printer</i></code> <CODE CLASS="replaceable"><I>file</i></code></pre><P CLASS="para">
+This tells <CODE CLASS="literal">
+lpr</code> to copy the document to a spool area, usually <I CLASS="filename">
+/var/spool</i>, retrieve the name of the printer in the system configuration file (<I CLASS="filename">/etc/printcap</i>), and interpret the rules it finds there to decide how to process the data and which physical device to send it to. Note that because the <CODE CLASS="literal">
+-r</code> option has been listed, the file specified on the command line will be deleted after it has been printed. Of course, the file removed is just a copy stored on the Samba server; the original file on the client is unaffected.</p><P CLASS="para">
+Linux uses a Berkeley (BSD) style of printing. However, the process is similar on System V Unix. Here, printing and deleting becomes a compound command:</p><PRE CLASS="programlisting">lp -d<CODE CLASS="replaceable"><I>printer</i></code> -s <CODE CLASS="replaceable"><I>file</i></code>; rm <CODE CLASS="replaceable"> <I>file</i></code></pre><P CLASS="para">
+With System V, the <I CLASS="filename">
+/etc/printcap</i> file is replaced with different set of configuration files hiding in <I CLASS="filename">
+/usr/spool/lp</i>, and there is no option to delete the file. You have to do it yourself, which is why we have added the <CODE CLASS="literal">
+rm</code> command afterward.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-951469">
+7.1.2 Printing Variables</a></h3><P CLASS="para">Samba provides four variables specifically for use with printing configuration options. They are shown in <A CLASS="xref" HREF="ch07_01.html#ch07-29758">
+Table 7.1</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch07-29758">
+Table 7.1: Printing Variables </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%s</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The full pathname of the file on the Samba server to be printed</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%f</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The name of the file itself (without the preceding path) on the Samba server to be printed</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%p</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The name of the Unix printer to use</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%j</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The number of the print job (for use with <CODE CLASS="literal">
+lprm</code>, <CODE CLASS="literal">
+lppause</code>, and <CODE CLASS="literal">
+lpresume</code>)</p></td></tr></tbody></table></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-943749">
+7.1.3 A Minimal Printing Setup</a></h3><P CLASS="para">Let's start with a simple but illustrative printing share. Assuming that you're on a Linux system and you have a printer called <CODE CLASS="literal">
+lp</code> listed in the printer capabilities file, the following addition to your <I CLASS="filename">
+smb.conf</i> file will make the printer accessible through the network:</p><PRE CLASS="programlisting">
+[printer1]
+	printable = yes
+	print command = /usr/bin/lpr -r  %s
+	printer = lp
+	printing = BSD
+	read only = yes
+	guest ok = yes</pre><P CLASS="para">
+This configuration allows anyone to send data to the printer, something we may want to change later. For the moment, what's important to understand is that the variable <CODE CLASS="literal">
+%s</code> in the <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code> option will be replaced with the name of the file to be printed when Samba executes the command. Changing the <CODE CLASS="literal">
+print command</code> to reflect a different style of Unix machine typically involves only replacing the right side of the <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code> option with whatever command you need for your system and changing the target of the <CODE CLASS="literal">
+printing</code> option.</p><P CLASS="para">
+Let's look at the commands for a System V Unix. With variable substitution, the System V Unix command becomes:</p><PRE CLASS="programlisting">
+print command = lp -d%p -s %s; rm %s</pre><P CLASS="para">
+As mentioned earlier, the <CODE CLASS="literal">
+%p</code> variable resolves to the name of the printer, while the <CODE CLASS="literal">
+%s</code> variable resolves to the name of the file. After that, you can change the <CODE CLASS="literal">
+printing</code> option to reflect that you're using a System V architecture:</p><PRE CLASS="programlisting">
+printing = SYSV</pre><P CLASS="para">
+If you are using share-level security, pay special attention to the guest account used by Samba. The typical setting, <CODE CLASS="literal">
+nobody</code>, may not be allowed to print by the operating system. If that's true for your operating system, you should place a <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> option under the printing share (or even perhaps the global share) specifying an account that can. A popular candidate with the Samba authors is the <CODE CLASS="literal">
+ftp</code> account, which is often preconfigured to be safe for untrusted guest users. You can set it with the following command:</p><PRE CLASS="programlisting">
+guest account = ftp</pre><P CLASS="para">
+Another common printing issue is that clients may need to request the status of a print job sent to the Samba server. Samba will not reject a document from being sent to an already busy printer share. Consequently, Samba needs the ability to communicate not only the status of the current printing job to the client, but also which documents are currently waiting to be printed on that printer. Samba also has to provide the client the ability to pause print jobs, resume print jobs, and remove print jobs from the printing queue. Samba provides options for each of these tasks. As you might expect, they borrow functionality from existing Unix commands. The options are: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956989">
+</a><CODE CLASS="literal">
+lpq command</code></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956990">
+</a><CODE CLASS="literal">
+lprm command</code></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956991">
+</a><CODE CLASS="literal">
+lppause command</code></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956992">
+</a><CODE CLASS="literal">
+lpresume command</code></p></li></ul><P CLASS="para">
+We will cover these options in more detail below. For the most part, however, the value of the <CODE CLASS="literal">
+printing</code> configuration option will determine their values, and you should not need to alter the default values of these options.</p><P CLASS="para">
+Here are a few important items to remember about printing shares:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-951650">
+</a>You must put <CODE CLASS="literal">
+printable</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> in all printer shares (even <CODE CLASS="literal">
+[printers]</code>), so that Samba will know that they are printer shares. If you forget, the shares will not be usable for printing and will instead be treated as disk shares.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-951651">
+</a>If you set the <CODE CLASS="literal">
+path</code> configuration option in the printer section, any files sent to the printer(s) will be copied to the directory you specify instead of to the default location of <I CLASS="filename">
+/tmp</i>. As the amount of disk space allocated to <I CLASS="filename">
+/tmp</i> can be relatively small in some Unix operating systems, many administrators opt to use <I CLASS="filename">
+/var/spool</i> or some other directory instead.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-951652">
+</a>The <CODE CLASS="literal">
+read only</code> option is ignored for printer shares.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-951648">
+</a>If you set <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> in a printer share and Samba is configured for share-level security, it will allow anyone to send data to the printer as the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> user. </p></li></ul><P CLASS="para">
+Using one or more Samba machines as a print server gives you a great deal of flexibility on your LAN. You can easily partition your available printers, restricting some to members of one department, or you can maintain a bank of printers available to all. In addition, you can restrict a printer to a selected few by adding the trusty <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> option to its share definition:</p><PRE CLASS="programlisting">
+[deskjet]
+	printable = yes
+	path = /var/spool/samba/print
+	valid users = gail sam</pre><P CLASS="para">
+All of the other share accessibility options defined in the previous chapter should work for printing shares as well. Since the printers themselves are accessed through Samba by name, it's also simple to delegate print services among several servers using familiar Unix commands for tasks such as load balancing or maintenance. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-951458">
+7.1.4 The [printers] Share</a></h3><P CLASS="para">
+<a href="ch04_01.html"><b>Chapter 4, <CITE CLASS="chapter">Disk Shares </cite></b></a>, briefly introduced <CODE CLASS="literal">
+[printers]</code>, a special share for automatically creating printing services. Let's review how it works: if you create a share named <CODE CLASS="literal">
+[printers]</code> in the configuration file, Samba will automatically read in your printer capabilities file and create a printing share for each printer that appears in the file. For example, if the Samba server had <CODE CLASS="literal">
+lp</code>, <CODE CLASS="literal">
+pcl</code> and <CODE CLASS="literal">
+ps</code> printers in its printer capabilities file, Samba would provide three printer shares with those names, each configured with the options in the <CODE CLASS="literal">
+[printers]</code> share.</p><P CLASS="para">Recall that Samba obeys following rules when a client requests a share that has not been created through the <I CLASS="filename">
+smb.conf</i> file:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949501">
+</a>If the share name matches a username in the system password file and a <CODE CLASS="literal">
+[homes]</code> share exists, a new share is created with the name of the user and is initialized using the values given in the <CODE CLASS="literal">
+[homes]</code> and <CODE CLASS="literal">
+[global]</code> sections.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949506">
+</a>Otherwise, if the name matches a printer in the system printer capabilities file, and a <CODE CLASS="literal">
+[printers]</code> share exists, a new share is created with the name of the printer and initialized using the values given in the <CODE CLASS="literal">
+[printers]</code> section. (Variables in the <CODE CLASS="literal">
+[global]</code> section do not apply here.) </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949507">
+</a>If neither of those succeed, Samba looks for a <CODE CLASS="literal">
+default</code> <CODE CLASS="literal">
+service</code> share. If none is found, it returns an error.</p></li></ul><P CLASS="para">
+This brings to light an important point: be careful that you do not give a printer the same name as a user. Otherwise, you will end up connecting to a disk share when you may have wanted a printer share instead.</p><P CLASS="para">
+Here is an example <CODE CLASS="literal">
+[printers]</code> share for a Linux (BSD) system. Some of these options are already defaults; however, we have listed them anyway for illustrative purposes:</p><PRE CLASS="programlisting">
+[global] 
+	printing = BSD
+	print command = /usr/bin/lpr -P%p -r %s 
+	printcap file = /etc/printcap 
+	min print space = 2000
+
+[printers] 
+	path = /usr/spool/public 
+	printable = true  
+	guest ok = true 
+	guest account = pcguest </pre><P CLASS="para">
+Here, we've given Samba global options that specify the printing type (BSD), a print command to send data to the printer and remove a temporary file, our default printer capabilities file, and a minimum printing space of 2 megabytes.</p><P CLASS="para">
+In addition, we've created a <CODE CLASS="literal">
+[printers]</code> share for each of the system printers. Our temporary spooling directory is specified by the <CODE CLASS="literal">
+path</code> option: <I CLASS="filename">
+/usr/spool/public</i>. Each of the shares is marked as printable&nbsp;- this is necessary, even in the <CODE CLASS="literal">
+[printers]</code> section. The two <CODE CLASS="literal">
+guest</code> options are useful in the event that Samba is using share-level security: we allow guest access to the printer and we specify the guest user that Samba should use to execute print commands. </p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-943839">
+7.1.5 Test Printing</a></h3><P CLASS="para">Here is how you can test printing from the Samba server. Let's assume the most complex case and use a guest account. First, run the Samba <EM CLASS="emphasis">
+testparm</em> command on your configuration file that contains the print shares, as we did in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>. This will tell you if there are any syntactical problems with the configuration file. For example, here is what you would see if you left out the <CODE CLASS="literal">
+path</code> configuration option in the previous example:</p><PRE CLASS="programlisting">
+# testparm 
+Load smb config files from /usr/local/samba/lib/smb.conf 
+Processing configuration file &quot;/usr/local/samba/lib/smb.conf&quot; 
+Processing section &quot;[global]&quot; 
+Processing section &quot;[homes]&quot; 
+Processing section &quot;[data]&quot; 
+Processing section &quot;[printers]&quot; 
+No path in service printers - using /tmp 
+Loaded services file OK. 
+Press enter to see a dump of your service definitions
+Global parameters: 
+	load printers: Yes 
+	printcap name: /etc/printcap
+Default service parameters: 
+	guest account: ftp 
+	min print space: 0 
+	print command: lpr -r -P%p %s 
+	lpq command: lpq -P%p 
+	lprm command: lprm -P%p %j 
+lppause command: 
+	lpresume command: 
+ Service parameters [printers]: 
+	path: /tmp 	
+	print ok: Yes 
+	read only: true 
+	public: true </pre><P CLASS="para">
+Second, try the command <CODE CLASS="literal">
+testprns</code> <CODE CLASS="replaceable">
+<I>
+printername</i></code>. This is a simple program that verifies that the specified printer is available in your <EM CLASS="emphasis">
+printcap</em> file. If your <EM CLASS="emphasis">
+printcap</em> file is not in the usual place, you can specify its full pathname as the second argument to the <EM CLASS="emphasis">
+testprns</em> command:</p><PRE CLASS="programlisting">
+# testprns lp /etc/printcap
+Looking for printer lp in printcap file /etc/printcap
+Printer name lp is valid.</pre><P CLASS="para">
+Next, log on as the guest user, go to the spooling directory, and ensure that you can print using the same command that <EM CLASS="emphasis">
+testparm</em> says Samba will use. As mentioned before, this will tell you if you need to change the guest account, as the default account may not be allowed to print.</p><P CLASS="para">
+Finally, print something to the Samba server via <CODE CLASS="literal">
+smbclient</code>, and see if the following actions occur:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-943874">
+</a>The job appears (briefly) in the Samba spool directory specified by the path.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-943875">
+</a>The job shows up in your print systems spool directory.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-943876">
+</a>The job disappears from the spool directory that Samba used.</p></li></ul><P CLASS="para">
+If <EM CLASS="emphasis">
+smbclient</em> cannot print, you can reset the <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code> option to collect debugging information:</p><PRE CLASS="programlisting">
+print command = /bin/cat %s &gt;&gt;/tmp/printlog; rm %s</pre><P CLASS="para">
+or:</p><PRE CLASS="programlisting">
+print command = echo &quot;printed %s on %p&quot; &gt;&gt;/tmp/printlog</pre><P CLASS="para">
+A common problem with Samba printer configuration is forgetting to use the full pathnames for commands; simple commands often don't work because the guest account's PATH doesn't include them. Another frequent problem is not having the correct permissions on the spooling directory. </p><P CLASS="para">There is more information on debugging printers in the Samba documentation (<I CLASS="filename">Printing.txt</i>). In addition, the Unix print systems are covered in detail in AEleen Frisch's <EM CLASS="emphasis">
+Essential Systems Administration</em> (published by O'Reilly).</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-943883">
+7.1.6 Setting Up and Testing a Windows Client</a></h3><P CLASS="para">Now that Samba is offering a workable printer, you need to set it up on a Windows client. Look at the Samba server in the Network Neighborhood. It should now show each of the printers that are available. For example, in <A CLASS="xref" HREF="ch07_01.html#ch07-35075">
+Figure 7.1</a>, we saw a printer called <CODE CLASS="literal">
+lp</code>.</p><P CLASS="para">
+Next, you need to have the Windows client recognize the printer. Double-click on the printer icon to get started. If you try to select an uninstalled printer (as you just did), Windows will ask you if it should help configure it for the Windows system. Respond "Yes," which will open the Printer Wizard. </p><P CLASS="para">
+The first thing the wizard will ask is whether you need to print from DOS.  Let's assume you don't, so choose No and press the Next button to get to the manufacturer/model window as shown in <A CLASS="xref" HREF="ch07_01.html#ch07-60084">
+Figure 7.2</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-60084">
+Figure 7.2: A printer in the Network Neighborhood</a></h4><IMG CLASS="graphic" SRC="figs/sam.0702.gif" ALT="Figure 7.2"><P CLASS="para">
+In this dialog box, you should see a large list of manufacturers and models for almost every printer imaginable. If you don't see your printer on the list, but you know it's a PostScript printer, select Apple as the manufacturer and Apple LaserWriter as the model. This will give you the most basic Postscript printer setup, and arguably one of the most reliable. If you already have any Postscript printers attached, you will be asked about replacing or reusing the existing driver. Be aware that if you replace it with a new one, you may make your other printers fail. Therefore, we recommend you keep using your existing printer drivers as long as they're working properly.</p><P CLASS="para">
+Following that, the Printer Wizard will ask you to name the printer. <A CLASS="xref" HREF="ch07_01.html#ch07-69466">
+Figure 7.3</a> shows this example, where the name has defaulted to our second laserwriter. Here, you rename it from Apple Laserwriter (Copy 2) to "ps on Samba server," so you know where to look for the printouts. In reality, you can name the printer anything you want.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-69466">
+Figure 7.3: Printer manufacturers and models</a></h4><IMG CLASS="graphic" SRC="figs/sam.0703.gif" ALT="Figure 7.3"><P CLASS="para">
+Finally, the Printing Wizard asks if it should print a test page. Click on Yes, and you should be presented with the dialog in <A CLASS="xref" HREF="ch07_01.html#ch07-43374">
+Figure 7.4</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-43374">
+Figure 7.4: Printing successfully completed</a></h4><IMG CLASS="graphic" SRC="figs/sam.0704.gif" ALT="Figure 7.4"><P CLASS="para">
+If the test printing was unsuccessful, press the No button in <A CLASS="xref" HREF="ch07_01.html#ch07-43374">
+Figure 7.4</a> and the Printing Wizard will walk you through some debugging steps for the client side of the process. If the test printing does work, congratulations! The remote printer will now be available to all your PC applications through the File and Print menu items.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-30008">
+7.1.7 Automatically Setting Up Printer Drivers</a></h3><P CLASS="para">The previous section described how to manually configure a printer driver for your Windows system. As a system administrator, however, you can't always guarantee that users can perform such a process without making mistakes. Luckily, however, you can ask Samba to automatically set up the printer drivers for a specific printer.</p><P CLASS="para">
+Samba has three options that can be used to automatically set up printer drivers for clients who are connecting for the first time. These options are <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code>, <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> <CODE CLASS="literal">
+file</code>, and <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> <CODE CLASS="literal">
+location</code>. This section explains how to use these options to allow users to skip over the Manufacturer dialog in the Add Printer Wizard above.</p><P CLASS="para">
+For more information on how to do this, see the <I CLASS="filename">
+PRINTER_DRIVER.TXT</i> file in the Samba distribution documentation.</p><P CLASS="para">
+There are four major steps:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949602">
+</a>Install the drivers for the printer on a Windows client (the printer need not be attached).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949746">
+</a>Create a printer definition file from the information on a Windows machine.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949600">
+</a>Create a <CODE CLASS="literal">
+PRINTER$</code> share where the resulting driver files can be placed.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949601">
+</a>Modify the Samba configuration file accordingly.</p></li></ol><P CLASS="para">
+Let's go over each of the four steps in greater detail.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949749">
+7.1.7.1 Install the drivers on a windows client</a></h4><P CLASS="para">
+Use Windows 95/98 for this step. It doesn't matter which client you choose, as long as it has the ability to load the appropriate drivers for the printer. In fact, you don't even need to have the printer attached to the machine. All you're interested in here is getting the appropriate driver files into the Windows directory. First, go to the Printers window of My Computer and double-click on the Add Printer icon, as shown in <A CLASS="xref" HREF="ch07_01.html#ch07-52397">
+Figure 7.5</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-52397">
+Figure 7.5: The Printers window</a></h4><IMG CLASS="graphic" SRC="figs/sam.0705.gif" ALT="Figure 7.5"><P CLASS="para">
+At this point, you can follow the Add Printer Wizard dialogs through to select the manufacturer and model of the printer in question. If it asks you if you want to print from MS-DOS, answer No. Windows should load the appropriate driver resources from its CD-ROM and ask you if you want to print a test page. Again, respond No and close the Add Printer Wizard dialog.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949606">
+7.1.7.2 Create a printer definition file</a></h4><P CLASS="para">
+You can create a printer definition file by using the <I CLASS="filename">
+make_ printerdef</i> script in the <I CLASS="filename">
+/usr/local/samba/bin</i> directory. In order to use this script, you need to copy over the following four files from a Windows client:[<A CLASS="footnote" HREF="#ch07-pgfId-951615">1</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch07-pgfId-951615">[1]</a> Older Windows 95 clients may have only the first two files.</p></div></blockquote><TABLE CLASS="simplelist" BORDER="0">
+<TR>
+<TD CLASS="member">
+<EM CLASS="emphasis">
+C:\WINDOWS\INF\MSPRINT.INF</em></td></tr><TR>
+<TD CLASS="member">
+<EM CLASS="emphasis">
+C:\WINDOWS\INF\MSPRINT2.INF</em></td></tr><TR>
+<TD CLASS="member">
+<EM CLASS="emphasis">
+C:\WINDOWS\INF\MSPRINT3.INF</em></td></tr><TR>
+<TD CLASS="member">
+<EM CLASS="emphasis">
+C:\WINDOWS\INF\MSPRINT4.INF</em></td></tr></table><P CLASS="para">
+Once you have the four files, you can create a printer definition file using the appropriate printer driver and its .INF file. If the printer driver starts with the letters A-K, use either the <EM CLASS="emphasis">
+MSPRINT.INF</em> file or the <EM CLASS="emphasis">
+MSPRINT3.INF</em> file. If it begins with the letters L-Z, use the <EM CLASS="emphasis">
+MSPRINT2.INF</em> file or the <EM CLASS="emphasis">
+MSPRINT4.INF</em> file. You may need to <EM CLASS="emphasis">
+grep</em> through each of the files to see where your specific driver is. For the following example, we have located our driver in <EM CLASS="emphasis">
+MSPRINT3.INF</em> and created a printer definition file for a HP DeskJet 560C printer:</p><PRE CLASS="programlisting">
+$grep &quot;HP DeskJet 560C Printer&quot; MSPRINT.INF MSPRINT3.INF
+MSPRINT3.INF: &quot;HP DeskJet 560C Printer&quot;=DESKJETC.DRV,HP_DeskJet_ ...
+
+$make_printerdef MSPRINT3.INF &quot;HP DeskJet 560C Printer&quot; &gt;printers.def
+FOUND:DESKJETC.DRV
+End of section found
+CopyFiles: DESKJETC,COLOR_DESKJETC
+Datasection: (null)
+Datafile: DESKJETC.DRV
+Driverfile: DESKJETC.DRV
+Helpfile: HPVDJC.HLP
+LanguageMonitor: (null)
+
+Copy the following files to your printer$ share location:
+DESKJETC.DRV
+HPVCM.HPM
+HPVIOL.DLL
+HPVMON.DLL
+HPVRES.DLL
+HPCOLOR.DLL
+HPVUI.DLL
+HPVDJCC.HLP
+color\HPDESK.ICM</pre><P CLASS="para">
+Note the files that the script asks you to copy. You'll need those for the next step.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949683">
+7.1.7.3 Create a PRINTER$ share</a></h4><P CLASS="para">This part is relatively easy. Create a share called <CODE CLASS="literal">
+[PRINTER$]</code> in your <I CLASS="filename">
+smb.conf</i> that points to an empty directory on the Samba server. Once that is done, copy over the files that the <I CLASS="filename">
+make_ printerdef</i> script requested of you into the location of the <CODE CLASS="literal">
+path</code> configuration option for the <CODE CLASS="literal">
+[PRINTER$]</code> share. For example, you can put the following in your configuration file:</p><PRE CLASS="programlisting">
+[PRINTER$]
+	path = /usr/local/samba/print
+	read only = yes
+	browsable = no
+	guest ok = yes</pre><P CLASS="para">
+The files requested by the <I CLASS="filename">
+make_ printerdef</i> script are typically located in the <EM CLASS="emphasis">
+C:\WINDOWS\SYSTEM</em> directory, although you can use the following commands to find out exactly where they are:</p><PRE CLASS="programlisting">
+cd C:\WINDOWS
+dir <CODE CLASS="replaceable">
+<I>
+filename</i></code> /s</pre><P CLASS="para">
+In this case, each of the files needs to be copied to the <I CLASS="filename">
+/usr/local/samba/print</i> directory on the Samba server. In addition, copy the <I CLASS="filename">
+printers.def</i> file that you created over to that share as well. Once you've done that, you're almost ready to go. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949694">
+7.1.7.4 Modify the Samba configuration file</a></h4><P CLASS="para">
+<I CLASS="filename">
+</i>The last step is to modify the Samba configuration file by adding the following three options: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956995">
+</a><CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956996">
+</a><CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> <CODE CLASS="literal">
+file</code></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-956997">
+</a><CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> <CODE CLASS="literal">
+location</code></p></li></ul><P CLASS="para">
+The <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> <CODE CLASS="literal">
+file</code> is a global option that points to the <I CLASS="filename">
+printers.def</i> file; place that option in your <CODE CLASS="literal">
+[global]</code> section. The other options should be set in the printer share for which you wish to automatically configure the drivers. The value for <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> should match the string that shows up in the Printer Wizard on the Windows system. The value of the <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> <CODE CLASS="literal">
+location</code> is the pathname of the PRINTER$ share you set up, not the Unix pathname on the server. Thus, you could use the following:</p><PRE CLASS="programlisting">
+[global]
+	printer driver file = /usr/local/samba/print/printers.def
+[hpdeskjet]
+	path = /var/spool/samba/printers
+	printable = yes
+
+	printer driver = HP DeskJet 560C Printer
+	printer driver location = \\%L\PRINTER$</pre><P CLASS="para">
+Now you're ready to test it out. At this point, remove the Windows printer that you "set up" in the first step from the list of printers in the Printers window of My Computer. If Samba asks you to delete unneeded files, do so. These files will be replaced shortly on the client, as they now exist on the Samba server.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949710">
+7.1.7.5 Testing the configuration</a></h4><P CLASS="para">
+Restart the Samba daemons and look for the <CODE CLASS="literal">
+[hpdeskjet]</code> share under the machine name in the Network Neighborhood. At this point, if you click on the printer icon, you should begin the printer setup process and come to the dialog shown in <A CLASS="xref" HREF="ch07_01.html#ch07-60108">
+Figure 7.6</a>.</p><P CLASS="para">
+This is different from the dialog you saw earlier when setting up a printer. Essentially, the dialog is asking if you wish to accept the driver that is "already installed"&nbsp;- in other words, offered by Samba. Go ahead and keep the existing driver, and press the Next button. At this point, you can give the printer a name and print out a test page. If it works, the setup should be complete. You should be able to repeat the process now from any Windows client.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-60108">
+Figure 7.6: Automatically configuring the printer driver</a></h4><IMG CLASS="graphic" SRC="figs/sam.0706.gif" ALT="Figure 7.6"></div></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch06_06.html" TITLE="6.6 Logon Scripts">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 6.6 Logon Scripts" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_02.html" TITLE="7.2 Printing to Windows Client Printers">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 7.2 Printing to Windows Client Printers" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+6.6 Logon Scripts</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+7.2 Printing to Windows Client Printers</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch07_02.html b/docs/htmldocs/using_samba/ch07_02.html
new file mode 100755
index 00000000000..c9a9010e976
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch07_02.html
@@ -0,0 +1,757 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 7] 7.2 Printing to Windows Client Printers</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:34:58Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_01.html" TITLE="7.1 Sending Print Jobs to Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 7.1 Sending Print Jobs to Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch07_01.html" TITLE="7. Printing and Name Resolution">
+Chapter 7<br>
+Printing and Name Resolution</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_03.html" TITLE="7.3 Name Resolution with Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 7.3 Name Resolution with Samba" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch07-31526">
+7.2 Printing to Windows Client Printers</a></h2><P CLASS="para">If you have printers connected to clients running Windows 95/98 or NT 4.0, those printers can also be accessed from Samba. Samba comes equipped with a tool called <EM CLASS="emphasis">
+smbprint</em> that can be used to spool print jobs to Windows-based printers. In order to use this, however, you need to set up the printer as a shared resource on the client machine. If you haven't already done this, you can reset this from the Printers window, reached from the Start button, as shown in <A CLASS="xref" HREF="ch07_02.html#ch07-32814">
+Figure 7.7</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-32814">
+Figure 7.7: The Printers window</a></h4><IMG CLASS="graphic" SRC="figs/sam.0707.gif" ALT="Figure 7.7"><P CLASS="para">
+Select a printer that's locally connected (for example, ours is the Canon printer), press the right mouse button to bring up a menu, and select Sharing. This will give you the Sharing tab of the Printer Properties frame, as shown in <A CLASS="xref" HREF="ch07_02.html#ch07-92021">
+Figure 7.8</a>. If you want it available to everybody on your LAN as the Windows guest user, enter a blank password. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-92021">
+Figure 7.8: The Sharing tab of the printer</a></h4><IMG CLASS="graphic" SRC="figs/sam.0708.gif" ALT="Figure 7.8"><P CLASS="para">
+Once you've got this working, you can add your printer to the list of standard printers and Samba can make it available to all the other PCs in the workgroup. To make installation on Unix easier, the Samba distribution provides two sample scripts: <I CLASS="filename">
+smbprint</i> and <I CLASS="filename">
+smbprint.sysv</i>. The first works with BSD-style printers; the second is designed for System V printers.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-949813">
+7.2.1 BSD printers</a></h3><P CLASS="para">There are two steps you need to have a BSD Unix recognize a remote printer:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949817">
+</a>Place an entry for the printer in the <I CLASS="filename">
+/etc/printcap</i> file (or equivalent).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949818">
+</a>Place a configuration file in the <I CLASS="filename">
+/var/spool</i> directory for the printer.</p></li></ol><P CLASS="para">
+First, edit your <I CLASS="filename">
+/etc/printcap</i> file and add an entry for the remote printer. Note that the input filter (<CODE CLASS="literal">if</code>) entry needs to point to the <EM CLASS="emphasis">
+smbprint</em> program if the machine is on Windows 95/98. The following set of lines will accomplish on a Linux machine, for example:</p><PRE CLASS="programlisting">
+laserjet:\
+  :sd=/var/spool/lpd/laser:\         <CODE CLASS="replaceable">
+<I>
+# spool directory</i></code>
+  :mx#0:\                            <CODE CLASS="replaceable">
+<I>
+# maximum file size (none)</i></code>
+  :sh:\                              <CODE CLASS="replaceable">
+<I>
+# surpress burst header (no)</i></code>
+  :if=/usr/local/samba/bin/smbprint: <CODE CLASS="replaceable">
+<I>
+# text filter</i></code></pre><P CLASS="para">
+After that, you need to create a configuration file in the spool directory that you specified with the <CODE CLASS="literal">
+sd</code> parameter above. (You may need to create that directory.) The file must have the name <EM CLASS="emphasis">
+.config</em> and should contain the following information: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-954773">
+</a>The NetBIOS name of the Windows machine with the printer</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-954774">
+</a>The service name that represents the printer</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-954775">
+</a>The password used to access that service</p></li></ul><P CLASS="para">
+The last two parameters were set up in the Sharing dialog for the requested resource on the Windows machine. In this case, the <EM CLASS="emphasis">
+.config</em> file would have three lines:</p><PRE CLASS="programlisting">
+server = phoenix
+service = CANON
+password = &quot;&quot;</pre><P CLASS="para">
+After you've done that, reset the Samba server machine and try printing to it using any standard Unix program.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-949855">
+7.2.2 System V printers</a></h3><P CLASS="para">Sending print jobs from a System V Unix system is a little easier. Here, you need to get obtain the <I CLASS="filename">
+smbprint.sysv</i> script in the <I CLASS="filename">
+/usr/local/samba/examples/printing</i> directory and do the following:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949865">
+</a>Change the <CODE CLASS="literal">
+server</code>, <CODE CLASS="literal">
+service</code>, and <CODE CLASS="literal">
+password</code> parameters in the script to match the NetBIOS machine, its shared printer service, and its password, respectively. For example, the following entries would be correct for the service in the previous example:</p></li></ol><PRE CLASS="programlisting">
+server = phoenix
+service = CANON
+password = &quot;&quot;</pre><OL CLASS="orderedlist" START="2">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-949876">
+</a>Run the following commands, which create a reference for the printer in the printer capabilities file. Note that the new Unix printer entry <CODE CLASS="literal">canon_printer</code> is named:</p></li></ol><PRE CLASS="programlisting">
+# lpadmin -p canon_printer -v /dev/null -i ./smbprint.sysv
+# enable canon_printer
+# accept canon_printer</pre><P CLASS="para">
+After you've done that, restart the Samba daemons and try printing to it using any standard Unix program. You should now be able to send data to a printer on a Windows client across the network.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-950287">
+7.2.3 Samba Printing Options</a></h3><P CLASS="para">
+<A CLASS="xref" HREF="ch07_02.html#ch07-19361">Table 7.2</a> summarizes the Samba printing options. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch07-19361">
+Table 7.2: Printing Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printing</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+bsd</code>, <CODE CLASS="literal">
+sysv</code>, <CODE CLASS="literal">
+hpux</code>, <CODE CLASS="literal">
+aix</code>, <CODE CLASS="literal">
+qnx</code>, <CODE CLASS="literal">
+plp</code>, <CODE CLASS="literal">
+softq</code>, or <CODE CLASS="literal">
+lprng</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the print system type for your Unix system.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+System dependent</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printable (print ok)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Marks a share as a printing share.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printer (printer name)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (Unix printer name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the name of the printer to be shown to clients.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+System dependent</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printer driver</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (printer driver name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the driver name that should be used by the client to send data to the printer.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printer driver file</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the name of the printer driver file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printer driver location</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (network pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the pathname of the share for the printer driver file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lpq cache time</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric (time in seconds)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the amount of time in seconds that Samba will cache the lpq status.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+10</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+postscript</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Treats all print jobs sent as postscript by prepending <CODE CLASS="literal">
+%!</code> at the beginning of each file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+load printers</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Automatically loads each of the printers in the <EM CLASS="emphasis">
+printcap</em> file as printing shares.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+print command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to perform printing.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lpq command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to return the status of the printing queue.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lprm command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to remove a job from the printing queue.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lppause command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to pause a job on the printing queue.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lpresume command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to resume a paused job on the printing queue.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+printcap name</code></p><P CLASS="para">
+<CODE CLASS="literal">
+(printcap)</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the location of the printer capabilities file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+System dependent</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+min print space</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numeric (size in kilobytes)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the minimum amount of disk free space that must be present to print.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+queuepause command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to pause a queue.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+queueresume command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (shell command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the Unix command to resume a queue.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+See below</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950502">
+7.2.3.1 printing</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+printing</code> configuration option tells Samba a little about your Unix printing system, in this case which printing parser to use. With Unix, there are several different families of commands to control printing and print statusing. Samba supports seven different types, as shown in <A CLASS="xref" HREF="ch07_02.html#ch07-28758">
+Table 7.3</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch07-28758">
+Table 7.3: Printing Types </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+BSD</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Berkeley Unix system</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+SYSV</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+System V</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+AIX</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+AIX Operating System (IBM)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+HPUX</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Hewlett-Packard Unix </p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+QNX</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+QNX Realtime Operating System (QNX)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+LPRNG</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+LPR Next Generation (Powell)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+SOFTQ</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+SOFTQ system</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+PLP</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Portable Line Printer (Powell)</p></td></tr></tbody></table><P CLASS="para">
+The value for this optio.n will be one of these seven options. For example:</p><PRE CLASS="programlisting">
+printing = SYSV</pre><P CLASS="para">
+The default value of this option is system dependent and is configured when Samba is first compiled. For most systems, the <I CLASS="filename">
+configure</i> script will automatically detect the printing system to be used and configure it properly in the Samba makefile. However, if your system is a PLP, LPRNG, or QNX printing system, you will need to explicitly specify this in the makefile or the printing share.</p><P CLASS="para">
+The most common system types are BSD and SYSV. Each of the printers on a BSD Unix server are described in the printer capabilities file&nbsp;- normally <I CLASS="filename">
+/etc/printcap</i>.</p><P CLASS="para">
+Setting the <CODE CLASS="literal">
+printing</code> configuration option automatically sets at least three other printing options for the service in question: <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code>, <CODE CLASS="literal">
+lpq</code> <CODE CLASS="literal">
+command</code>, and <CODE CLASS="literal">
+lprm</code> <CODE CLASS="literal">
+command</code>. If you are running Samba on a system that doesn't support any of these printing styles, simply set the commands for each of these manually.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950507">
+7.2.3.2 printable</a></h4><P CLASS="para">
+The printable option must be set to <CODE CLASS="literal">
+yes</code> in order to flag a share as a printing service. If this option is not set, the share will be treated as a disk share instead. You can set the option as follows:</p><PRE CLASS="programlisting">
+[printer1]
+	printable = yes</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950511">
+7.2.3.3 printer</a></h4><P CLASS="para">The option, sometimes called <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+name</code>, specifies the name of the printer on the server to which the share points. This option has no default and should be set explicitly in the configuration file, even though Unix systems themselves often recognize a default name such as <CODE CLASS="literal">
+lp</code> for a printer. For example:</p><PRE CLASS="programlisting">
+[deskjet]
+	printer = hpdkjet1</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950515">
+7.2.3.4 printer driver</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+printer</code> <CODE CLASS="literal">
+driver</code> option sets the string that Samba uses to tell Windows what the printer is. If this option is set correctly, the Windows Printer Wizard will already know what the printer is, making installation easier for end users by giving them one less dialog to worry about. The string given should match the string that shows up in the Printer Wizard, as shown in <A CLASS="xref" HREF="ch07_02.html#ch07-46183">
+Figure 7.9</a>. For example, an Apple LaserWriter typically uses <CODE CLASS="literal">
+Apple</code> <CODE CLASS="literal">LaserWriter</code>; a Hewlett Packard Deskjet 560C uses <CODE CLASS="literal">
+HP</code> <CODE CLASS="literal">
+DeskJet</code> <CODE CLASS="literal">
+560C</code> <CODE CLASS="literal">
+Printer</code>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch07-46183">
+Figure 7.9: The Add Printer Wizard dialog box in Windows 98</a></h4><IMG CLASS="graphic" SRC="figs/sam.0709.gif" ALT="Figure 7.9"><P CLASS="para">
+Automatically configuring printer drivers with Samba is explained in greater detail in the section <A CLASS="xref" HREF="ch07_01.html#ch07-30008">
+Section 7.1.7, Automatically Setting Up Printer Drivers</a>, earlier in this chapter.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-954814">
+7.2.3.5 printer driver file</a></h4><P CLASS="para">
+This global option gives the location of the Windows 95/98 printer driver definition file, which is needed to give printer drivers to clients using a Samba printer. The default value of this option is <I CLASS="filename">
+/usr/local/samba/lib/printers.def</i>. You can override this default as shown below:</p><PRE CLASS="programlisting">
+[deskjet]
+	printer driver file = /var/printers/printers.def</pre><P CLASS="para">
+This option is explained in greater detail in the section <A CLASS="xref" HREF="ch07_01.html#ch07-30008">
+Section 7.1.7</a>, earlier in this chapter.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950552">
+7.2.3.6 printer driver location</a></h4><P CLASS="para">
+This option specifies a specific share that contains Windows 95 and 98 printer driver and definition files. There is no default parameter for this value. You can specify the location as a network pathname. A frequent approach is to use a share on your own machine, as shown here:</p><PRE CLASS="programlisting">
+[deskjet]
+	printer driver location = \\%L\PRINTER$</pre><P CLASS="para">
+This option is also explained in greater detail in the section <A CLASS="xref" HREF="ch07_01.html#ch07-30008">
+Section 7.1.7</a>, earlier in this chapter. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950560">
+7.2.3.7 lpq cache time</a></h4><P CLASS="para">The global <CODE CLASS="literal">
+lpq</code> <CODE CLASS="literal">
+cache</code> <CODE CLASS="literal">
+time</code> option allows you to set the number of seconds that Samba will remember the current printer status. After this time elapses, Samba will issue an <EM CLASS="emphasis">
+lpq</em> command (or whatever command you specify with the <CODE CLASS="literal">
+lpq</code> <CODE CLASS="literal">
+command</code> option) to get a more up-to-date status. This defaults to 10 seconds, but can be increased if your <CODE CLASS="literal">
+lpq</code> <CODE CLASS="literal">
+command</code> takes an unusually long time to run or you have lots of clients. The following example resets the time to 30 seconds:</p><PRE CLASS="programlisting">
+[deskjet]
+	lpq cache time = 30</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950564">
+7.2.3.8 postscript</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+postscript</code> option forces the printer to treat all data sent to it as Postscript. It does this by prepending the characters <CODE CLASS="literal">
+%!</code> at the beginning of the first line of each job. It is normally used with PCs that insert a <CODE CLASS="literal">
+^D</code> (control-D or end-of-file mark) in front of the first line of a PostScript file. It will not, obviously, turn a non-PostScript printer into a PostScript one. The default value of this options is <CODE CLASS="literal">
+no</code>. You can override it as follows:</p><PRE CLASS="programlisting">[deskjet]
+	postscript = yes</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950568">
+7.2.3.9 print command, lpq command, lprm command, lppause command, lpresume command</a></h4><P CLASS="para">These options tell Samba which Unix commands used to control and send data to the printer. The Unix commands involved are: <EM CLASS="emphasis">
+lpr</em> (send to Line PRinter), <EM CLASS="emphasis">
+lpq</em> (List Printer Queue), <EM CLASS="emphasis">
+lprm</em> (Line printer ReMove), and optionally <EM CLASS="emphasis">
+lppause</em> and <EM CLASS="emphasis">
+lpresume</em>. Samba provides an option named after each of these commands, in case you need to override any of the system defaults. For example, consider:</p><PRE CLASS="programlisting">
+lpq command = /usr/ucb/lpq %p</pre><P CLASS="para">
+This would set the <CODE CLASS="literal">
+lpq command</code> to use <I CLASS="filename">
+/usr/ucb/lpq</i>. Similarly:</p><PRE CLASS="programlisting">
+lprm command = /usr/local/lprm -P%p %j</pre><P CLASS="para">
+would set the Samba printer remove command to <I CLASS="filename">
+/usr/local/lprm</i>, and provide it the print job number using the <CODE CLASS="literal">
+%j</code> variable.</p><P CLASS="para">
+The default values for each of these options are dependent on the value of the <CODE CLASS="literal">
+printing</code> option. <A CLASS="xref" HREF="ch07_02.html#ch07-82964">
+Table 7.4</a> shows the default commands for each of the printing options. The most popular printing system is BSD. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch07-82964">
+Table 7.4: Default Commands for Various Printing Commands </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+BSD, AIX, PLP, LPRNG</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+SYSV, HPUX</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+QNX</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+SOFTQ</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+print command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lpr -r -P%p %s</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">lp -c -d%p %s; rm %s</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lp -r -P%p %s</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lp -d%p -s %s; rm %s</code></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lpq command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lpq -P%p</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lpstat -o%p</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lpq -P%p</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lpstat -o%p</code></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lprm command</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lprm -P%p %j</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+cancel %p-%j</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+cancel %p-%j</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+cancel %p-%j</code></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lppause command</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lp -i %p-%j -H hold </code>(SYSV only)</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+None</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+None</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+None</td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lpresume command</code></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+lp -i %p-%j -H resume</code>(SYSV only)</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+None</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+None</td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<CODE CLASS="literal">
+qstat -s -j%j -r</code>
+</td></tr></tbody></table><P CLASS="para">
+It is typically not necessary to reset these options in Samba, with the possible exception of <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+command</code>. This option may need to be explicitly set if your printing system doesn't have a <CODE CLASS="literal">
+-r</code> (remove after printing) option on the printing command. For example: </p><PRE CLASS="programlisting">
+/usr/local/lpr -P%p %s; /bin/rm %s</pre><P CLASS="para">
+With a bit of judicious programming, these <I CLASS="filename">
+smb.conf</i> options can also used for debugging:</p><PRE CLASS="programlisting">
+print command = cat %s &gt;&gt;/tmp/printlog; lpr -r -P%p %s</pre><P CLASS="para">
+For example, this configuration can verify that files are actually being delivered to the Samba server. If they are, their contents will show up in the <I CLASS="filename">
+/tmp/printlog</i> file.</p><P CLASS="para">
+After BSD, the next most popular kind of printing system is SYSV (or System V) printing, plus some SYSV variants for IBM's AIX and Hewlett-Packard's HP-UX. These system do not have an <I CLASS="filename">
+/etc/printcap</i> file. Instead, the <CODE CLASS="literal">
+printcap</code> <CODE CLASS="literal">
+file</code> option can be set to an appropriate <EM CLASS="emphasis">
+lpstat</em> command for the system. This tells Samba to get a list of printers from the <EM CLASS="emphasis">
+lpstat</em> command. Alternatively, you can set the global configuration option <CODE CLASS="literal">
+printcap</code> <CODE CLASS="literal">
+name</code> to the name of a dummy <I CLASS="filename">
+printcap</i> file you provide. In the latter case, the file must contain a series of lines such as:</p><PRE CLASS="programlisting">
+lp|print1|My Printer 1
+print2|My Printer 2
+print3|My Printer 3</pre><P CLASS="para">
+Each line names a printer, and provides aliases for it. In this example, the first printer is called <CODE CLASS="literal">
+lp</code>, <CODE CLASS="literal">
+print1</code>, or <CODE CLASS="literal">
+My</code> <CODE CLASS="literal">
+Printer</code> <CODE CLASS="literal">
+1</code>, whichever the user prefers to use. The first name will be used in place of <CODE CLASS="literal">
+%p</code> in any command Samba executes for that printer.</p><P CLASS="para">
+Two additional printer types are also supported by Samba: LPRNG (LPR New Generation) and PLP (Public Line Printer). These are public domain and Open Source printing systems, and are used by many sites to overcome problems with vendor-supplied software. In addition, the SOFTQ and QNX realtime operating systems are supported by Samba.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950650">
+7.2.3.10 load printers</a></h4><P CLASS="para">The <CODE CLASS="literal">
+load</code> <CODE CLASS="literal">
+printers</code> option tells Samba to create shares for all known printer names and load those shares into the browse list. Samba will create and list a printer share for each printer name in <I CLASS="filename">
+/etc/printcap</i> (or system equivalent). For example, if your <I CLASS="filename">
+printcap</i> file looks like this:[<A CLASS="footnote" HREF="#ch07-pgfId-950654">2</a>]</p><BLOCKQUOTE CLASS="footnote">
+<DIV CLASS="footnote">
+<P CLASS="para">
+<A CLASS="footnote" NAME="ch07-pgfId-950654">[2]</a> We have placed annotated comments off to the side in case you've never dealt with this file before.</p></div></blockquote><PRE CLASS="programlisting">
+lp:\
+  :sd=/var/spool/lpd/lp:\            <CODE CLASS="replaceable">
+<I>
+# spool directory</i></code>
+  :mx#0:\                            <CODE CLASS="replaceable">
+<I>
+# maximum file size (none)</i></code>
+  :sh:\                              <CODE CLASS="replaceable">
+<I>
+# surpress burst header (no)</i></code>
+  :lp=/dev/lp1:\                     <CODE CLASS="replaceable">
+<I>
+# device name for output</i></code>
+  :if=/var/spool/lpd/lp/filter:      <CODE CLASS="replaceable">
+<I>
+# text filter</i></code>
+
+laser:\
+  :sd=/var/spool/lpd/laser:\         <CODE CLASS="replaceable">
+<I>
+# spool directory</i></code>
+  :mx#0:\                            <CODE CLASS="replaceable">
+<I>
+# maximum file size (none)</i></code>
+  :sh:\                              <CODE CLASS="replaceable">
+<I>
+# surpress burst header (no)</i></code>
+  :lp=/dev/laser:\                   <CODE CLASS="replaceable">
+<I>
+# device name for output</i></code>
+  :if=/var/spool/lpd/lp/filter:      <CODE CLASS="replaceable">
+<I>
+# text filter</i></code></pre><P CLASS="para">
+and you specify:</p><PRE CLASS="programlisting">
+load printers = yes</pre><P CLASS="para">
+the shares <CODE CLASS="literal">
+[lp]</code> and <CODE CLASS="literal">
+[laser]</code> will automatically be created as valid print shares when Samba is started. Both shares will borrow the configuration options specified in the <CODE CLASS="literal">
+[printers]</code> section to configure themselves, and will be available in the browse list for the Samba server.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950671">
+7.2.3.11 printcap name</a></h4><P CLASS="para">
+If the <CODE CLASS="literal">
+printcap</code> <CODE CLASS="literal">
+name</code> option (also called <CODE CLASS="literal">
+printcap</code>) appears in a printing share, Samba will use the file specified as the system printer capabilities file. This is normally <I CLASS="filename">
+/etc/printcap</i>. However, you can reset it to a file consisting of only the printers you want to share over the network. The value must be a fully-qualified filename of a printer capabilities file on the server:</p><PRE CLASS="programlisting">
+[deskjet]
+	printcap name = /usr/local/printcap</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950678">
+7.2.3.12 min print space</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+min</code> <CODE CLASS="literal">
+print</code> <CODE CLASS="literal">
+space</code> option sets the amount of spool space that must be available on the disk before printing is allowed. Setting it to zero (the default) turns the check off; setting it to any other number sets the amount of free space in kilobytes required. This option helps avoid having print jobs fill up the remaining disk space on the server, which may cause other processes to fail:</p><PRE CLASS="programlisting">
+[deskjet]
+	min print space = 4000</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950682">
+7.2.3.13 queuepause command</a></h4><P CLASS="para">
+This configuration option specifies a command that tells Samba how to pause a print queue entirely, as opposed to a single job on the queue. The default value depends on the printing type chosen. You should not need to alter this option.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-950684">
+7.2.3.14 queueresume command</a></h4><P CLASS="para">
+This configuration option specifies a command that tells Samba how to resume a paused print queue, as opposed to resuming a single job on the print queue. The default value depends on the printing type chosen. You should not need to alter this option. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_01.html" TITLE="7.1 Sending Print Jobs to Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 7.1 Sending Print Jobs to Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_03.html" TITLE="7.3 Name Resolution with Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 7.3 Name Resolution with Samba" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+7.1 Sending Print Jobs to Samba</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+7.3 Name Resolution with Samba</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch07_03.html b/docs/htmldocs/using_samba/ch07_03.html
new file mode 100755
index 00000000000..56a531681ca
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch07_03.html
@@ -0,0 +1,404 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 7] 7.3 Name Resolution with Samba</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:08Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_02.html" TITLE="7.2 Printing to Windows Client Printers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 7.2 Printing to Windows Client Printers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch07_01.html" TITLE="7. Printing and Name Resolution">
+Chapter 7<br>
+Printing and Name Resolution</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8. Additional Samba Information " BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch07-12219">
+7.3 Name Resolution with Samba</a></h2><P CLASS="para">Before NetBIOS Name Servers (NBNS) came about, name resolution worked entirely by broadcast. If you needed a machine's address, you simply broadcast its name across the network and, in theory, the machine itself would reply. This approach is still possible: anyone looking for a machine named <CODE CLASS="literal">
+fred</code> can still broadcast a query and find out if it exists and what its IP address is. (We use this capability to troubleshoot Samba name services with the <CODE CLASS="literal">
+nmblookup</code> command in <a href="ch09_01.html"><b>Chapter 9, <CITE CLASS="chapter">Troubleshooting Samba</cite></b></a>.)</p><P CLASS="para">
+As you saw in the first chapter, however, broadcasting&nbsp;- whether it be browsing or name registration and resolution&nbsp;- does not pass easily across multiple subnets. In addition, many broadcasts tend to bog down networks. To solve this problem, Microsoft now provides the Windows Internet Naming Service (WINS), a cross-subnet NBNS, which Samba supports. With it, an administrator can designate a single machine to act as a WINS server, and can then provide each client that requires name resolution the address of the WINS server. Consequently, name registration and resolution requests can be directed to a single machine from any point on the network, instead of broadcast.</p><P CLASS="para">
+WINS and broadcasting are not the only means of name resolution, however. There are actually four mechanisms that can be used with Samba:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-950848">
+</a>WINS</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-950856">
+</a>Broadcasting</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-950851">
+</a>Unix <I CLASS="filename">
+/etc/hosts</i> or NIS/NIS+ matches</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch07-pgfId-951953">
+</a><EM CLASS="emphasis">
+LMHOSTS</em> file</p></li></ul><P CLASS="para">
+Samba can use any or all of these name resolution methods in the order that you specify in the Samba configuration file using the <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+resolve</code> <CODE CLASS="literal">
+order</code> parameter. However, before delving into configuration options, let's discuss the one that you've probably not encountered before: the <I CLASS="filename">
+LMHOSTS</i> file.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-949950">
+7.3.1 The LMHOSTS File</a></h3><P CLASS="para">
+<I CLASS="filename">
+LMHOSTS</i> is the standard LAN Manager <EM CLASS="emphasis">
+hosts</em> file used to resolve names into IP addresses on the system. It is the NBT equivalent of the <I CLASS="filename">
+/etc/hosts</i> file that is standard on all Unix systems. By default, the file is usually stored as <I CLASS="filename">
+/usr/local/samba/lib/LMHOSTS</i> and shares a format similar to <I CLASS="filename">
+/etc/hosts</i>. For example:</p><PRE CLASS="programlisting">
+192.168.220.100    hydra
+192.168.220.101    phoenix</pre><P CLASS="para">
+The only difference is that the names on the right side of the entries are NetBIOS names instead of DNS names. Because they are NetBIOS names, you can assign resource types to them as well:</p><PRE CLASS="programlisting">
+192.168.220.100    hydra#20
+192.168.220.100    simple#1b
+192.168.220.101    phoenix#20</pre><P CLASS="para">
+Here, we've assigned the <CODE CLASS="literal">
+hydra</code> machine to be the primary domain controller of the <CODE CLASS="literal">
+SIMPLE</code> domain, as indicated by the resource type &lt;1B&gt; assigned to the name after <CODE CLASS="literal">
+hydra</code>'s IP address in the second line. The other two are standard workstations.</p><P CLASS="para">
+If you wish to place an <EM CLASS="emphasis">
+LMHOSTS</em> file somewhere other than the default location, you will need to notify the <EM CLASS="emphasis">
+nmbd</em> process upon start up, as follows:</p><PRE CLASS="programlisting">
+nmbd -H /etc/samba/lmhosts -D</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-951120">
+7.3.2 Setting Up Samba to Use Another WINS Server</a></h3><P CLASS="para">You can set up Samba to use a WINS server somewhere else on the network by simply pointing it to the IP address of the WINS server. This is done with the global <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+server</code> configuration option, as shown here:</p><PRE CLASS="programlisting">
+[global]
+	wins server = 192.168.200.122</pre><P CLASS="para">
+With this option enabled, Samba will direct all WINS requests to the server at 192.168.200.122. Note that because the request is directed at a single machine, we don't have to worry about any of the problems inherent to broadcasting. However, though you have specified an IP address for a WINS server in the configuration file, Samba will not necessarily use the WINS server before other forms of name resolution. The order in which Samba attempts various name-resolution techniques is given with the <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+resolve</code> <CODE CLASS="literal">
+order</code> configuration option, which we will discuss shortly.</p><P CLASS="para">
+If you have a Samba server on a subnet that still uses broadcasting and the Samba server knows the correct location of a WINS server on another subnet, you can configure the Samba server to forward any name resolution requests with the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+proxy</code> option:</p><PRE CLASS="programlisting">
+[global]
+	wins server = 192.168.200.12
+	wins proxy = yes</pre><P CLASS="para">
+Use this only in situations where the WINS server resides on another subnet. Otherwise, the broadcast will reach the WINS server regardless of any proxying.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-83429">
+7.3.3 Setting Up Samba as a WINS Server</a></h3><P CLASS="para">You can set up Samba as a WINS server by setting two global options in the configuration file, as shown below:</p><PRE CLASS="programlisting">
+[global]
+	wins support = yes
+	name resolve order = wins lmhosts hosts bcast</pre><P CLASS="para">
+The <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+support</code> option turns Samba into a WINS server. Believe it or not, that's all you need to do! Samba handles the rest of the details behind the scenes, leaving you a relaxed administrator. The <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+support=yes</code> and the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+server</code> option are mutually exclusive; you cannot simultaneously offer Samba as the WINS server and point to another system as the server.</p><P CLASS="para">
+If Samba is acting as a WINS server, you should probably get familiar with the <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+resolve</code> <CODE CLASS="literal">
+order</code> option mentioned earlier. This option tells Samba the order of methods in which it tries to resolve a NetBIOS name. It can take up to four values:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+lmhosts</dt><DD CLASS="listitem">
+<P CLASS="para">
+Uses a LAN Manager <EM CLASS="emphasis">
+LMHOSTS</em> file</p></dd><DT CLASS="term">
+hosts</dt><DD CLASS="listitem">
+<P CLASS="para">
+Uses the standard name resolution methods of the Unix system, <EM CLASS="emphasis">
+/etc/hosts</em>, DNS, NIS, or a combination (as configured for the system)</p></dd><DT CLASS="term">
+wins</dt><DD CLASS="listitem">
+<P CLASS="para">
+Uses the WINS server</p></dd><DT CLASS="term">
+bcast</dt><DD CLASS="listitem">
+<P CLASS="para">
+Uses a broadcast method</p></dd></dl><P CLASS="para">
+The order in which you specify them in the value is the order in which Samba will attempt name resolution when acting as a WINS server. For example, let's look at the value specified previously:</p><PRE CLASS="programlisting">
+name resolve order = wins lmhosts hosts bcast</pre><P CLASS="para">
+This means that Samba will attempt to use its WINS entries first for name resolution, followed by the LAN Manager <EM CLASS="emphasis">
+LMHOSTS</em> file on its system. Next, the hosts value causes it to use Unix name resolution methods. The word <CODE CLASS="literal">
+hosts</code> may be misleading; it covers not only the <I CLASS="filename">
+/etc/hosts</i> file, but also the use of DNS or NIS (as configured on the Unix host). Finally, if those three do not work, it will use a broadcast to try to locate the correct machine.</p><P CLASS="para">
+Finally, you can instruct a Samba server that is acting as a WINS server to check with the system's DNS server if a requested host cannot be found in its WINS database. With a typical Linux system, for example, you can find the IP address of the DNS server by searching the <I CLASS="filename">
+/etc/resolv.conf</i> file. In it, you might see an entry such as the following:</p><PRE CLASS="programlisting">
+nameserver 127.0.0.1
+nameserver 192.168.200.192</pre><P CLASS="para">
+This tells us that a DNS server is located at 192.168.220.192. (The 127.0.0.1 is the localhost address and is never a valid DNS server address.) </p><P CLASS="para">
+Use the global <CODE CLASS="literal">
+dns</code> <CODE CLASS="literal">
+proxy</code> option to alert Samba to use the configured DNS server:</p><PRE CLASS="programlisting">
+[global]
+	wins support = yes
+	name resolve order = wins lmhosts hosts bcast
+	dns proxy = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch07-pgfId-949952">
+7.3.4 Name Resolution Configuration Options</a></h3><P CLASS="para">Samba's WINS options are shown in <A CLASS="xref" HREF="ch07_03.html#ch07-82331">
+Table 7.5</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch07-82331">
+Table 7.5: WINS Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+wins support</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, Samba will act as a WINS server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+wins server</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (IP address or DNS name)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Identifies a WINS server for Samba to use for name registration and resolution.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+wins proxy</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows Samba to act as a proxy to a WINS server on another subnet.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+dns proxy</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If set to <CODE CLASS="literal">
+yes</code>, a Samba WINS server will search DNS if it cannot find a name in WINS.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+name resolve order</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lmhosts</code>, <CODE CLASS="literal">
+hosts</code>, <CODE CLASS="literal">
+wins</code>, or <CODE CLASS="literal">
+bcast</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies an order of the methods used to resolve NetBIOS names.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+lmhosts hosts wins bcast</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max ttl</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the maximum time-to-live in seconds for a requested NetBIOS names.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+259200</code> (3 days)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max wins ttl</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the maximum time-to-live in seconds for NetBIOS names given out by Samba as a WINS server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+518400</code> (6 days)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+min wins ttl</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the minimum time-to-live in seconds for NetBIOS names given out by Samba as a WINS server.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+21600</code> (6 hours)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-946762">
+7.3.4.1 wins support</a></h4><P CLASS="para">
+Samba will provide WINS name service to all machines in the network if you set the following in the <CODE CLASS="literal">
+[global]</code> section of the <I CLASS="filename">
+smb.conf</i> file:</p><PRE CLASS="programlisting">
+[global]
+    wins support = yes</pre><P CLASS="para">
+The default value is <CODE CLASS="literal">
+no</code>, which is typically used to allow another Windows NT server to become a WINS server. If you do enable this option, remember that a Samba WINS server currently cannot exchange data with any backup WINS servers. If activated, this option is mutually exclusive with the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+server</code> parameter; you cannot set both to <CODE CLASS="literal">
+yes</code> at the same time or Samba will flag an error.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-946766">
+7.3.4.2 wins server</a></h4><P CLASS="para">
+Samba will use an existing WINS server on the network if you specify the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+server</code> global option in your configuration file. The value of this option is either the IP address or DNS name (not NetBIOS name) of the WINS server. For example:</p><PRE CLASS="programlisting">
+[global]
+    wins server = 192.168.220.110</pre><P CLASS="para">
+or:</p><PRE CLASS="programlisting">
+[global]
+    wins server = wins.example.com</pre><P CLASS="para">
+In order for this option to work, the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+support</code> option must be set to <CODE CLASS="literal">
+no</code> (the default). Otherwise, Samba will report an error. You can specify only one WINS server using this option.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-947973">
+7.3.4.3 wins proxy</a></h4><P CLASS="para">
+This option allows Samba to act as a proxy to another WINS server, and thus relay name registration and resolution requests from itself to the real WINS server, often outside the current subnet. The WINS server can be indicated through the <CODE CLASS="literal">
+wins</code> <CODE CLASS="literal">
+server</code> option. The proxy will then return the WINS response back to the client. You can enable this option by specifying the following in the <CODE CLASS="literal">
+[global]</code> section:</p><PRE CLASS="programlisting">
+[global]
+    wins proxy = yes</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-946778">
+7.3.4.4 dns proxy</a></h4><P CLASS="para">
+If you want the domain name service (DNS) to be used if a name isn't found in WINS, you can set the following option:</p><PRE CLASS="programlisting">
+[global]
+    dns proxy = yes</pre><P CLASS="para">
+This will cause <I CLASS="filename">
+nmbd</i> to query for machine names using the server's standard domain name service. You may wish to deactivate this option if you do not have a permanent connection to your DNS server. Despite this option, we recommend using a WINS server. If you don't already have any WINS servers on your network, make one Samba machine a WINS server. Do not, however, make two Samba machines WINS servers (one primary and one backup) as they currently cannot exchange WINS databases.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949945">
+7.3.4.5 name resolve order</a></h4><P CLASS="para">
+The global <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+resolve</code> <CODE CLASS="literal">
+order</code> option specifies the order of services that Samba will use in attempting name resolution. The default order is to use the <EM CLASS="emphasis">
+LMHOSTS</em> file, followed by standard Unix name resolution methods (some combination of    <I CLASS="filename">
+/etc/hosts</i>, DNS, and NIS), then query a WINS server, and finally use broadcasting to determine the address of a NetBIOS name. You can override this option by specifying something like the following:</p><PRE CLASS="programlisting">
+[global]
+    name resolve order = lmhosts wins hosts bcast</pre><P CLASS="para">
+This causes resolution to use the <EM CLASS="emphasis">
+LMHOSTS</em> file first, followed by a query to a WINS server, the system password file, and finally broadcasting. You need not use all four options if you don't want to. This option is covered in more detail in the section <A CLASS="xref" HREF="ch07_03.html#ch07-83429">
+Section 7.3.3, Setting Up Samba as a WINS Server</a>, earlier in this chapter.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949986">
+7.3.4.6 max ttl</a></h4><P CLASS="para">
+This option gives the maximum time to live (TTL) during which a NetBIOS name registered with the Samba server will remain active. You should never need to alter this value.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949988">
+7.3.4.7 max wins ttl</a></h4><P CLASS="para">
+This option give the maximum time to live (TTL) during which a NetBIOS name resolved from a WINS server will remain active. You should never need to change this value from its default.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch07-pgfId-949990">
+7.3.4.8 min wins ttl</a></h4><P CLASS="para">
+This option give the minimum time to live (TTL) during which a NetBIOS name resolved from a WINS server will remain active. You should never need to alter this value from its default. </p></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_02.html" TITLE="7.2 Printing to Windows Client Printers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 7.2 Printing to Windows Client Printers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8. Additional Samba Information " BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+7.2 Printing to Windows Client Printers</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8. Additional Samba Information </td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_01.html b/docs/htmldocs/using_samba/ch08_01.html
new file mode 100755
index 00000000000..a6767271b62
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_01.html
@@ -0,0 +1,267 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] Additional Samba Information </title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:49Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_03.html" TITLE="7.3 Name Resolution with Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 7.3 Name Resolution with Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 8</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_02.html" TITLE="8.2 Magic Scripts">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.2 Magic Scripts" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch08-74589">
+8. Additional Samba Information </a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch08-56646" TITLE="8.1 Supporting Programmers">
+Supporting Programmers</a><br>
+<A CLASS="sect1" HREF="ch08_02.html" TITLE="8.2 Magic Scripts">
+Magic Scripts</a><br>
+<A CLASS="sect1" HREF="ch08_03.html" TITLE="8.3 Internationalization">
+Internationalization</a><br>
+<A CLASS="sect1" HREF="ch08_04.html" TITLE="8.4 WinPopup Messages">
+WinPopup Messages</a><br>
+<A CLASS="sect1" HREF="ch08_05.html" TITLE="8.5 Recently Added Options">
+Recently Added Options</a><br>
+<A CLASS="sect1" HREF="ch08_06.html" TITLE="8.6 Miscellaneous Options">
+Miscellaneous Options</a><br>
+<A CLASS="sect1" HREF="ch08_07.html" TITLE="8.7 Backups with smbtar">
+Backups with smbtar</a></p><P>
+</p></div><P CLASS="para">
+This chapter wraps up our coverage of the <I CLASS="filename">
+smb.conf</i> configuration file with some miscellaneous options that can perform a variety of tasks. We will talk briefly about options for supporting programmers, internationalization, messages, and common Windows bugs. For the most part, you will use these options only in isolated circumstances. We also cover performing automated backups with the <I CLASS="filename">
+smbtar</i> command at the end of this chapter. So without further ado, let's jump into our first subject: options to help programmers.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch08-56646">
+8.1 Supporting Programmers</a></h2><P CLASS="para">If you have programmers accessing your Samba server, you'll want to be aware of the special options listed in <A CLASS="xref" HREF="ch08_01.html#ch08-73167">
+Table 8.1</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-73167">
+Table 8.1: Programming Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+time server</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, <EM CLASS="emphasis">
+nmbd</em> announces itself as a SMB time service to Windows clients.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+time offset</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (number of minutes)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Adds a specified number of minutes to the reported time.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+dos filetimes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Allows non-owners of a file to change its time if they can write to it.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+dos filetime</code></p><P CLASS="para">
+<CODE CLASS="literal">
+resolution</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Causes file times to be rounded to the next even second.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+fake directory create times</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets directory times to avoid a MS <EM CLASS="emphasis">
+nmake</em> bug.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-958487">
+8.1.1 Time Synchronization</a></h3><P CLASS="para">Time synchronization can be very important to programmers. Consider the following options:</p><PRE CLASS="programlisting">
+time service = yes
+dos filetimes = yes
+fake directory create times = yes
+dos filetime resolution = yes
+delete readonly = yes</pre><P CLASS="para">
+If you set these options, Samba shares will provide the kind of compatible file times that Visual C++, <EM CLASS="emphasis">
+nmake</em>, and other Microsoft programming tools require. Otherwise, PC <EM CLASS="emphasis">
+make</em> programs will tend to think that all the files in a directory need to be recompiled every time. Obviously, this is not the behavior you want.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch08-pgfId-958495">
+8.1.1.1 time server</a></h4><P CLASS="para">
+If your Samba server has an accurate clock, or if it's a client of one of the Unix network time servers, you can instruct it to advertise itself as an SMB time server by setting the <CODE CLASS="literal">
+time</code> <CODE CLASS="literal">
+server</code> option as follows:</p><PRE CLASS="programlisting">
+[global]
+	time service = yes</pre><P CLASS="para">
+The client will still have to request the correct time with the following DOS command, substituting the Samba server name in at the appropriate point:</p><PRE CLASS="programlisting">
+C:\NET TIME \\<CODE CLASS="replaceable"><I>server</i></code> /YES /SET</pre><P CLASS="para">
+This command can be placed in a Windows logon script (see <a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains </cite></b></a>).</p><P CLASS="para">
+By default, the <CODE CLASS="literal">
+time</code> <CODE CLASS="literal">
+server</code> option is normally set to <CODE CLASS="literal">
+no</code>. If you turn this service on, you can use the command above to keep the client clocks from drifting. Time synchronization is important to clients using programs such as <EM CLASS="emphasis">
+make</em>, which compile based on the last time the file was changed. Incorrectly synchronized times can cause such programs to either remake all files in a directory, which wastes time, or not recompile a source file that was just modified because of a slight clock drift.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch08-pgfId-958501">
+8.1.1.2 time offset</a></h4><P CLASS="para">
+To deal with clients that don't process daylight savings time properly, Samba provides the <CODE CLASS="literal">
+time</code> <CODE CLASS="literal">
+offset</code> option. If set, it adds the specified number of minutes to the current time. This is handy if you're in Newfoundland and Windows doesn't know about the 30-minute time difference there:</p><PRE CLASS="programlisting">
+[global]
+	time offset = 30</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch08-pgfId-958505">
+8.1.1.3 dos filetimes</a></h4><P CLASS="para">
+Traditionally, only the root user and the owner of a file can change its last-modified date on a Unix system. The share-level <CODE CLASS="literal">
+dos</code> <CODE CLASS="literal">
+filetimes</code> option allows the Samba server to mimic the characteristics of a DOS/Windows machine: any user can change the last modified date on a file in that share if he or she has write permission to it. In order to do this, Samba uses its root privileges to modify the timestamp on the file. </p><P CLASS="para">
+By default, this option is disabled. Setting this option to <CODE CLASS="literal">
+yes</code> is often necessary to allow PC <EM CLASS="emphasis">
+make</em> programs to work properly. Without it, they cannot change the last-modified date themselves. This often results in the program thinking <EM CLASS="emphasis">
+all</em> files need recompiling when they really don't. </p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch08-pgfId-958509">
+8.1.1.4 dos filetime resolution</a></h4><P CLASS="para">
+<CODE CLASS="literal">
+dos</code> <CODE CLASS="literal">
+filetime</code> <CODE CLASS="literal">
+resolution</code> is share-level option. If set to <CODE CLASS="literal">
+yes</code>, Samba will arrange to have the file times rounded to the closest two-second boundary. This option exists primarily to satisfy a quirk in Windows that prevents Visual C++ from correctly recognizing that a file has not changed. You can enable it as follows:</p><PRE CLASS="programlisting">
+[data]
+	dos filetime resolution = yes</pre><P CLASS="para">
+We recommend using this option only if you are using Microsoft Visual C++ on a Samba share that supports opportunistic locking.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch08-pgfId-958515">
+8.1.1.5 fake directory create times</a></h4><P CLASS="para">
+The <CODE CLASS="literal">
+fake</code> <CODE CLASS="literal">
+directory</code> <CODE CLASS="literal">
+create</code> <CODE CLASS="literal">
+times</code> option exists to keep PC <EM CLASS="emphasis">
+make</em> programs sane. VFAT and NTFS filesystems record the creation date of a specific directory while Unix does not. Without this option, Samba takes the earliest recorded date it has for the directory (often the last-modified date of a file) and returns it to the client. If this is not sufficient, set the following option under a share definition:</p><PRE CLASS="programlisting">
+[data]
+	fake directory create times = yes</pre><P CLASS="para">
+If set, Samba will adjust the directory create time it reports to the hardcoded value January 1st, 1980. This is primarily used to convince the Visual C++ <EM CLASS="emphasis">
+nmake</em> program that any object files in its build directories are indeed younger than the creation date of the directory itself and need to be recompiled.</p></div></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch07_03.html" TITLE="7.3 Name Resolution with Samba">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 7.3 Name Resolution with Samba" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_02.html" TITLE="8.2 Magic Scripts">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.2 Magic Scripts" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">7.3 Name Resolution with Samba</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8.2 Magic Scripts</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_02.html b/docs/htmldocs/using_samba/ch08_02.html
new file mode 100755
index 00000000000..54b24800711
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_02.html
@@ -0,0 +1,156 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] 8.2 Magic Scripts</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:51Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_01.html" TITLE="8.1 Supporting Programmers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.1 Supporting Programmers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+Chapter 8<br>
+Additional Samba Information </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_03.html" TITLE="8.3 Internationalization">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.3 Internationalization" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch08-79987">
+8.2 Magic Scripts</a></h2><P CLASS="para">The following options deal with <I CLASS="firstterm">
+magic scripts</i> on the Samba server. Magic scripts are a method of running programs on Unix and redirecting the output back to the SMB client. These are essentially an experimental hack. However, some users and their programs still rely on these two options for their programs to function correctly. Magic scripts are not widely trusted and their use is highly discouraged by the Samba team. See <A CLASS="xref" HREF="ch08_02.html#ch08-33693">
+Table 8.2</a> for more information. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-33693">
+Table 8.2: Networking Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+magic script</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">string (fully-qualified filename)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the name of a file to be executed by Samba, as the logged-on user, when closed.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+magic output</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified filename)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a file to log output from the magic file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<EM CLASS="emphasis">
+scriptname.out</em></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-958578">
+8.2.1 magic script</a></h3><P CLASS="para">
+If the <CODE CLASS="literal">
+magic</code> <CODE CLASS="literal">
+script</code> option is set to a filename and the client creates a file by that name in that share, Samba will run the file as soon as the user has opened and closed it. For example, let's assume that the following option was created in the share <CODE CLASS="literal">
+[accounting]</code>:</p><PRE CLASS="programlisting">
+[accounting]
+	magic script = tally.sh</pre><P CLASS="para">
+Samba continually monitors the files in that share. If one by the name of <EM CLASS="emphasis">
+tally.sh</em> is closed (after being opened) by a user, Samba will execute the contents of that file locally. The file will be passed to the shell to execute; it must therefore be a legal Unix shell script. This means that it must have newline characters as line endings instead of Windows CR/LFs. In addition, it helps if you use the <CODE CLASS="literal">
+#!</code> directive at the beginning of the file to indicate under which shell the script should run.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-958584">
+8.2.2 magic output</a></h3><P CLASS="para">
+This option specifies an output file that the script specified by the <CODE CLASS="literal">
+magic</code> <CODE CLASS="literal">
+script</code> option will send output to. You must specify a filename in a writable directory:</p><PRE CLASS="programlisting">
+[accounting]
+	magic script = tally.sh
+	magic output = /var/log/magicoutput</pre><P CLASS="para">
+If this option is omitted, the default output file is the name of the script (as stated in the <CODE CLASS="literal">
+magic</code> <CODE CLASS="literal">
+script</code> option) with the extension <EM CLASS="emphasis">
+.out</em> appended onto it. </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_01.html" TITLE="8.1 Supporting Programmers">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.1 Supporting Programmers" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_03.html" TITLE="8.3 Internationalization">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.3 Internationalization" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+8.1 Supporting Programmers</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8.3 Internationalization</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_03.html b/docs/htmldocs/using_samba/ch08_03.html
new file mode 100755
index 00000000000..9e2f60c4328
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_03.html
@@ -0,0 +1,472 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] 8.3 Internationalization</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:51Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_02.html" TITLE="8.2 Magic Scripts">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.2 Magic Scripts" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+Chapter 8<br>
+Additional Samba Information </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_04.html" TITLE="8.4 WinPopup Messages">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.4 WinPopup Messages" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch08-91233">
+8.3 Internationalization</a></h2><P CLASS="para">Samba has a limited ability to speak foreign tongues: if you need to deal with characters that aren't in standard ASCII, some options that can help you are shown in <A CLASS="xref" HREF="ch08_03.html#ch08-40870">
+Table 8.3</a>. Otherwise, you can skip over this section.   </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-40870">
+Table 8.3: Networking Configuration Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+client code page</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Described in this section</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a code page to expect from clients</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+850</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+character set</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Described in this section</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Translates code pages into alternate UNIX character sets</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+coding system</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Described in this section</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Translates code page 932 into an Asian character set</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+valid chars</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (set of characters)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Obsolete: formerly added individual characters to a code page, and had to be used after setting client code page</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-17721">
+8.3.1 client code page</a></h3><P CLASS="para">
+The character sets on Windows platforms hark back to the original concept of a <EM CLASS="emphasis">
+code page</em>. These code pages are used by DOS and Windows clients to determine rules for mapping lowercase letters to uppercase letters. Samba can be instructed to use a variety of code pages through the use of the global <CODE CLASS="literal">
+client</code> <CODE CLASS="literal">
+code</code> <CODE CLASS="literal">
+page</code> option in order to match the corresponding code page in use on the client. This option loads a code-page definition file, and can take the values specified in <A CLASS="xref" HREF="ch08_03.html#ch08-20815">
+Table 8.4</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-20815">
+Table 8.4: Valid Code Pages with Samba 2.0 </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Code Page</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+437</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">MS-DOS Latin (United States)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+737</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Windows 95 Greek</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+850</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Latin 1 (Western European)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+852</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Latin 2 (Eastern European)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+861</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Icelandic</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+866</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Cyrillic (Russian)</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+932</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Japanese Shift-JIS</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+936</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Simplified Chinese</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+949</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Korean Hangul</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+950</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+MS-DOS Traditional Chinese</p></td></tr></tbody></table><P CLASS="para">
+You can set the client code page as follows:</p><PRE CLASS="programlisting">
+[global]
+	client code page = 852</pre><P CLASS="para">
+The default value of this option is 850. You can use the <EM CLASS="emphasis">
+make_smbcodepage</em> tool that comes with Samba (by default in <I CLASS="filename">
+/usr/local/samba/bin</i>) to create your own SMB code pages, in the event that those listed earlier are not sufficient.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-965812">
+8.3.2 character set</a></h3><P CLASS="para">
+The global <CODE CLASS="literal">
+character</code> <CODE CLASS="literal">
+set</code> option can be used to convert filenames offered through a DOS code page (see the previous section, <A CLASS="xref" HREF="ch08_03.html#ch08-17721">
+Section 8.3.1, client code page</a>) to equivalents that can be represented by Unix character sets other than those in the United States. For example, if you want to convert the Western European MS-DOS character set on the client to a Western European Unix character set on the server, you can use the following in your configuration file:</p><PRE CLASS="programlisting">
+[global]
+	client code page = 850
+	character set = ISO8859-1</pre><P CLASS="para">
+Note that you must include a <CODE CLASS="literal">
+client</code> <CODE CLASS="literal">
+code</code> <CODE CLASS="literal">
+page</code> option to specify the character set from which you are converting. The valid character sets (and their matching code pages) that Samba 2.0 accepts are listed in <A CLASS="xref" HREF="ch08_03.html#ch08-14126">
+Table 8.5</a>: </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-14126">
+Table 8.5: Valid Character Sets with Samba 2.0 </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Character Set</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Matching Code Page</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ISO8859-1</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+850</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Western European Unix</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ISO8859-2</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+852</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eastern European Unix</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ISO8859-5</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+866</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Russian Cyrillic Unix</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+KOI8-R</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+866</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Alternate Russian Cyrillic Unix</p></td></tr></tbody></table><P CLASS="para">
+Normally, the <CODE CLASS="literal">
+character</code> <CODE CLASS="literal">
+set</code> option is disabled completely.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-958761">
+8.3.3 coding system</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+coding</code> <CODE CLASS="literal">
+system</code> option is similar to the <CODE CLASS="literal">
+character</code> <CODE CLASS="literal">
+set</code> option. However, its purpose is to determine how to convert a Japanese Shift JIS code page into an appropriate Unix character set. In order to use this option, the <CODE CLASS="literal">
+client</code> <CODE CLASS="literal">
+code</code> <CODE CLASS="literal">
+page</code> option described previously must be set to page 932. The valid coding systems that Samba 2.0 accepts are listed in <A CLASS="xref" HREF="ch08_03.html#ch08-57476">
+Table 8.6</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-57476">
+Table 8.6: Valid Coding System Parameters with Samba 2.0 </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Character Set</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+SJIS</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Standard Shift JIS</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JIS8</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J8BB</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J8BH</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J8@B</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J8@J</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J8@H</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Eight-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JIS7</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Seven-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J7BB</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Seven-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J7BH</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Seven-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J7@B</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Seven-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J7@J</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Seven-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+J7@H</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Seven-bit JIS codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JUNET</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+JUNET codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JUBB</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+JUNET codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JUBH</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+JUNET codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JU@B</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+JUNET codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JU@J</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+JUNET codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+JU@H</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+JUNET codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+EUC</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+EUC codes</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+HEX</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Three-byte hexidecimal code</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+CAP</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Three-byte hexidecimal code (Columbia Appletalk Program)</p></td></tr></tbody></table></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-958865">
+8.3.4 valid chars</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+chars</code> option is an older Samba feature that will add individual characters to a code page. However, this option is being phased out in favor of more modern coding systems. You can use this option as follows:</p><PRE CLASS="programlisting">
+valid chars = �
+valid chars = 0450:0420 0x0A20:0x0A00
+valid chars = A:a</pre><P CLASS="para">
+Each of the characters in the list specified should be separated by spaces. If there is a colon between two characters or their numerical equivalents, the data to the left of the colon is considered an uppercase character, while the data to the right is considered the lowercase character. You can represent characters both by literals (if you can type them) and by octal, hexidecimal, or decimal Unicode equivalents.</p><P CLASS="para">
+We recommend against using this option. Instead, go with one of the standard code pages listed earlier in this section. If you do use this option, however, it must be listed after the <CODE CLASS="literal">
+client</code> <CODE CLASS="literal">
+code</code> <CODE CLASS="literal">
+page</code> to which you wish to add the character. Otherwise, the characters will not be added.</p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_02.html" TITLE="8.2 Magic Scripts">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.2 Magic Scripts" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_04.html" TITLE="8.4 WinPopup Messages">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.4 WinPopup Messages" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">8.2 Magic Scripts</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8.4 WinPopup Messages</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_04.html b/docs/htmldocs/using_samba/ch08_04.html
new file mode 100755
index 00000000000..d45ce31474a
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_04.html
@@ -0,0 +1,168 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] 8.4 WinPopup Messages</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:55Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_03.html" TITLE="8.3 Internationalization">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.3 Internationalization" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+Chapter 8<br>
+Additional Samba Information </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_05.html" TITLE="8.5 Recently Added Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.5 Recently Added Options" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch08-82569">
+8.4 WinPopup Messages</a></h2><P CLASS="para">You can use the WinPopup tool (<I CLASS="filename">WINPOPUP.EXE</i>) in Windows to send messages to users, machines, or entire workgroups on the network. This tool is provided with Windows 95 OSR2 and comes standard with Windows 98. With either Windows 95 or 98, however, you need to be running WinPopup to receive and send WinPopup messages. With Windows NT, you can still receive messages without starting such a tool; they will automatically appear in a small dialog box on the screen when received. The WinPopup application is shown in <A CLASS="xref" HREF="ch08_04.html#ch08-66444">
+Figure 8.1</a>.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch08-66444">
+Figure 8.1: The WinPopup application</a></h4><IMG CLASS="graphic" SRC="figs/sam.0801.gif" ALT="Figure 8.1"><P CLASS="para">
+Samba has a single WinPopup messaging option, <CODE CLASS="literal">
+message</code> <CODE CLASS="literal">
+command</code>, as shown in <A CLASS="xref" HREF="ch08_04.html#ch08-18671">
+Table 8.7</a>.  </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-18671">
+Table 8.7: WinPopup Configuration Option </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameter</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+message command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">string (fully-qualified pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a command to run on Unix when a WinPopup message is received.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-958949">
+8.4.1 message command</a></h3><P CLASS="para">
+Samba's <CODE CLASS="literal">
+message</code> <CODE CLASS="literal">
+command</code> option sets the path to a program that will run on the server when a Windows popup message arrives at the server. The command will be executed using the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+account</code> user. What to do with one of these is questionable since it's probably for the Samba administrator, and Samba doesn't know his or her name. If you know there's a human using the console, the Samba team once suggested the following:</p><PRE CLASS="programlisting">
+[global]
+	message command = /bin/csh -c 'xedit %s; rm %s' &amp;</pre><P CLASS="para">
+Note the use of variables here. The <CODE CLASS="literal">
+%s</code> variable will become the file that the message is in. This file should be deleted when the command is finished with it; otherwise, there will be a buildup of pop-up files collecting on the Samba server. In addition, the command must fork its own process (note the &amp; after the command); otherwise the client may suspend and wait for notification that the command was sent successfully before continuing.</p><P CLASS="para">
+In addition to the standard variables, <A CLASS="xref" HREF="ch08_04.html#ch08-29758">
+Table 8.8</a> shows the three unique variables that you can use in a <CODE CLASS="literal">
+message</code> <CODE CLASS="literal">
+command</code>.   </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-29758">
+Table 8.8: Message Command Variables </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%s</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The name of the file in which the message resides</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%</code>f</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The name of the client that sent the message</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+%t</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+The name of the machine that is the destination of the message </p></td></tr></tbody></table></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_03.html" TITLE="8.3 Internationalization">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.3 Internationalization" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_05.html" TITLE="8.5 Recently Added Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.5 Recently Added Options" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+8.3 Internationalization</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8.5 Recently Added Options</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_05.html b/docs/htmldocs/using_samba/ch08_05.html
new file mode 100755
index 00000000000..90fa20a8cda
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_05.html
@@ -0,0 +1,396 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] 8.5 Recently Added Options</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:55Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_04.html" TITLE="8.4 WinPopup Messages">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.4 WinPopup Messages" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+Chapter 8<br>
+Additional Samba Information </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_06.html" TITLE="8.6 Miscellaneous Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.6 Miscellaneous Options" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch08-pgfId-958954">
+
+<!-- 2.0.7 amendments begin, davecb --> 8.5 Recently Added
+Options</a></h2><P CLASS="para">Samba has several options that appeared
+around the time of Samba 2.0, but either were not entirely supported or were
+in the process of being developed.  With Samba 2.0.7, several more were
+introduced. We will give you a brief overview of their workings in this
+section. These options are shown in <A CLASS="xref"
+HREF="ch08_05.html#ch08-72538">
+<!-- end of first addition -->
+
+Table 8.9</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-72538">
+Table 8.9: Recently Added Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+change notify timeout</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (number of seconds)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the interval between checks when a client asks to wait for a change in a specified directory.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+60</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr>
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+machine password timeout</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (number of seconds)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the renewal interval for NT domain machine passwords.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+604,800</code> (1 week)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+stat cache</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, Samba will cache recent name mappings.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+stat cache size</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the size of the stat cache.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+50</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr>
+
+<!-- 2.0.7 table insertions begin -->
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+utmp</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Turns on logging of Samba users in the utmp file. Requires --with-utmp. </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr>
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+utmp dir</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the directory where Samba expects to find the utmp/utmpx file.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+None</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr>
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+inherit permissions</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the permissions of newly created directories to the same as their parent.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr>
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+write cache size</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (bytes)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the size of a write cache (buffer) used for oplocked files.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Share</p></td></tr>
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+source environment</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (pathname)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets a file to read environment variable from.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+None</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr>
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+min password length</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (number of characters)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the minimum length of a new password which Samba will try to update the password file with .</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+5</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr>
+
+
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+netbios scope</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the NetBIOS scope.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+None</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr>
+<!-- end of 2.0.7 insertions-->
+</tbody></table>
+
+<DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-959050">
+8.5.1 change notify timeout</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+change</code> <CODE CLASS="literal">
+notify</code> <CODE CLASS="literal">
+timeout</code> global option emulates a Windows NT SMB feature called <I CLASS="firstterm">
+change notification</i>. This allows a client to request that a Windows NT server periodically monitor a specific directory on a share for any changes. If any changes occur, the server will notify the client.</p><P CLASS="para">
+As of version 2.0, Samba will perform this function for its clients. However, performing these checks too often can slow the server down considerably. This option sets the time period that Samba should wait between such checks. The default is one minute (60 seconds); however, you can use this option to specify an alternate time that Samba should wait between performing checks:</p><PRE CLASS="programlisting">
+[global]
+	change notify timeout = 30</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-959054">
+8.5.2 machine password timeout</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+machine</code> <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+timeout</code> global option sets a retention period for NT domain machine passwords. The default is currently set to the same time period that Windows NT 4.0 uses: 604,800 seconds (one week). Samba will periodically attempt to change the <I CLASS="firstterm">
+machine account password</i>, which is a password used specifically by another server to report changes to it. This option specifies the number of seconds that Samba should wait before attempting to change that password. The following example changes it to a single day, by specifying the following:</p><PRE CLASS="programlisting">
+[global]
+	machine password timeout = 86400</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-959058">
+8.5.3 stat cache</a></h3><P CLASS="para">
+The <CODE CLASS="literal">
+stat</code> <CODE CLASS="literal">
+cache</code> global option turns on caching of recent case-insensitive name mappings. The default is <CODE CLASS="literal">
+yes</code>. The Samba team recommends that you never change this parameter.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-959060">
+8.5.4 stat cache size</a></h3><P CLASS="para">The <CODE CLASS="literal">
+stat</code> <CODE CLASS="literal">
+cache</code> <CODE CLASS="literal">
+size</code> global option sets the size of the cache entries to be used for the <CODE CLASS="literal">
+stat</code> <CODE CLASS="literal">
+cache</code> option. The default here is 50. Again, the Samba team recommends that you never change this parameter.</p>
+
+===
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add1"> 
+8.5.5 utmp</a></h3> 
+<P CLASS="para">If you specified <CODE CLASS="literal">
+--with-utmp </CODE> when configuring, this option will turn on utmp logging
+of users: they will appear in the utmp file and you will be able to see if
+they are on with <I>last(1)</I>.  It defaults to <CODE
+CLASS="literal">no</code>.</p>
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add2"> 
+8.5.6 utmp dir</a></h3> 
+<P CLASS="para">
+If <CODE CLASS="literal">utmp</CODE> is set, the utmp dir option will change the directory Samba
+looks in for the utmp files.  If it is not set, the default system 
+location will be used.</p>
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add3"> 
+8.5.7 inherit permissions</a></h3> 
+<P CLASS="para">
+This option causes new files and directories to be created with
+the same permissions as the directory they're in. For example, 
+subdirectories will inherit setgid bits from their parents.
+This option will override the <CODE CLASS="literal">create
+mask, directory mask, force create mode</CODE> and <CODE CLASS="literal">
+force directory mode</CODE> options, but not the <CODE CLASS="literal">
+map archive, map hidden</CODE> and <CODE CLASS="literal">map system</CODE>
+options. It will never set the <CODE CLASS="literal">setuid</CODE> bit.
+This option defaults to off.</p>
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add4"> 
+8.5.8 write cache size</a></h3> 
+<P CLASS="para">The <CODE CLASS="literal">write cache size</code> 
+share option sets the size of a cache used by Samba while
+writing oplocked files.  The files will be written in <I>cachesize</I>
+blocks, so you can tune Samba's write size to the optimum size for
+your filesystem or RAID disk array.</p>
+
+<p>The caching applies to the first 10 files opened with oplocks if set,
+and defaults to zero (off) initially.</p>
+
+<p>As with all caching schemes, data that hasn't been written 
+will be lost if the system crashes.</p>
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add5"> 
+8.5.9 source environment</a></h3> 
+<P CLASS="para">
+This options specifies a file of environment variables that Samba
+will read on startup. <!-- and when else? When an smb.conf is read?
+when a child  server process is started? --> The variables set in this
+files can then be used in smb.conf files as $%<I>name</I>.  For example,
+HOME=/home/sofia in the environment file could be used in a smb.conf
+file as "path = "$HOME"</p>
+
+<p>If the pathname begins with a "|" (pipe) symbol, Samba will attempt
+to run it and read its standard output.</p>
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add6"> 
+8.5.10 min password length</a></h3> 
+<P CLASS="para">This option sets the minimum length, in characters,
+of a plain text password that Samba will accept when performing UNIX 
+password changing. This is used to tell Samba about system-defined
+minimums, so it can return an appropriate error to the client.</p>
+
+
+<H3 CLASS="sect2"> <A CLASS="title" NAME="ch08-pgfId-959060-add1"> 
+8.5.11 netbios scope</a></h3> 
+<P CLASS="para">
+This sets the NetBIOS scope that Samba will operate under: Samba
+will not communicate with any machine with a different scope.
+This should not be set unless every machine on your LAN also sets 
+this value.  It was a predecessor to workgroups, and the Samba
+team recommends against using it.</p>
+
+<!-- end of 2.0.7 additions. -->
+
+<div></div></div></blockquote>
+
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_04.html" TITLE="8.4 WinPopup Messages">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.4 WinPopup Messages" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_06.html" TITLE="8.6 Miscellaneous Options">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.6 Miscellaneous Options" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+8.4 WinPopup Messages</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8.6 Miscellaneous Options</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_06.html b/docs/htmldocs/using_samba/ch08_06.html
new file mode 100755
index 00000000000..97e4e3c9767
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_06.html
@@ -0,0 +1,509 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] 8.6 Miscellaneous Options</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:35:56Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_05.html" TITLE="8.5 Recently Added Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.5 Recently Added Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+Chapter 8<br>
+Additional Samba Information </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_07.html" TITLE="8.7 Backups with smbtar">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.7 Backups with smbtar" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch08-70923">
+8.6 Miscellaneous Options</a></h2><P CLASS="para">Many Samba options are present to deal with operating system issues on either  Unix or Windows. The options shown in <A CLASS="xref" HREF="ch08_06.html#ch08-83566">
+Table 8.10</a> deal specifically with some of these known problems. We usually don't change these and we recommend the same to you. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-83566">
+Table 8.10: Miscellaneous Options </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Option</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Parameters</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Function</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Default</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Scope</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+deadtime</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">numerical (number of minutes)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the number of minutes of inactivity before a connection should be terminated.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+0</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+dfree command</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Used to provide a command that returns disk free space in a format recognized by Samba.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+fstype</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+NTFS</code>, <CODE CLASS="literal">
+FAT</code>, or <CODE CLASS="literal">
+Samba</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the filesystem type reported by the server to the client.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+NTFS</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+keep alive</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+seconds</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the number of seconds between checks for an inoperative client.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+0 (none)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max disk size</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical (size in MB)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the largest disk size to return to a client, some of which have limits. Does not affect actual operations on the disk.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+0 (infinity)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max mux</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the maximum number of simultaneous SMB operations that clients may make.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+50</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max open files</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Limits number of open files to be below Unix limits.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+10,000</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+max xmit</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+numerical</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Specifies the maximum packet size that Samba will send.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+65,535</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+nt pipe support</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Turns off an experimental NT feature, for benchmarking or in case of an error.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+nt smb support</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Turns off an experimental NT feature, for benchmarking or in case of an error.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+ole locking compatib-ility</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Remaps out-of-range lock requests used on Windows to fit in allowable range on Unix. Turning it off causes Unix lock errors.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+panic action</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+command</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Program to run if Samba server fails; for debugging.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+set directory</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, allows VMS clients to issue <CODE CLASS="literal">
+set</code> <CODE CLASS="literal">
+dir</code> commands.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+smbrun</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+string (fully-qualified command)</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Sets the command Samba uses as a wrapper for shell commands.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+None</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+status</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, allows Samba to monitor status for <CODE CLASS="literal">
+smbstatus</code> command.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+yes</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+strict sync</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+no</code>, ignores Windows applications requests to perform a sync-to-disk.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+sync always</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, forces all client writes to be committed to disk before returning from the call.</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+strip dot</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+boolean</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+If <CODE CLASS="literal">
+yes</code>, strips trailing dots from Unix filenames. </p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<CODE CLASS="literal">
+no</code></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Global</p></td></tr></tbody></table><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960795">
+8.6.1 deadtime</a></h3><P CLASS="para">
+This global option sets the number of minutes that Samba will wait for an inactive client before closing its session with the Samba server. A client is considered inactive when it has no open files and there is no data being sent from it. The default value for this option is 0, which means that Samba never closes any connections no matter how long they have been inactive. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	deadtime = 10</pre><P CLASS="para">
+This tells Samba to terminate any inactive client sessions after 10 minutes. For most networks, setting this option as such will work because reconnections from the client are generally performed transparently to the user.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960118">
+8.6.2 dfree command</a></h3><P CLASS="para">This global option is used on systems that incorrectly determine the free space left on the disk. So far, the only confirmed system that needs this option set is Ultrix. There is no default value for this option, which means that Samba already knows how to compute the free disk space on its own and the results are considered reliable. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	dfree command = /usr/local/bin/dfree</pre><P CLASS="para">
+This option should point to a script that should return the total disk space in a block, and the number of available blocks. The Samba documentation recommends the following as a usable script:</p><PRE CLASS="programlisting">
+#!/bin/sh
+df $1 | tail -1 | awk '{print $2&quot; &quot;$4}'</pre><P CLASS="para">
+On System V machines, the following will work:</p><PRE CLASS="programlisting">
+#!/bin/sh
+/usr/bin/df $1 | tail -1 | awk '{print $3&quot; &quot;$5}'</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960122">
+8.6.3 fstype</a></h3><P CLASS="para">
+This share-level option sets the type of filesystem that Samba reports when queried by the client. There are three strings that can be used as a value to this configuration option, as listed in <A CLASS="xref" HREF="ch08_06.html#ch08-80519">
+Table 8.11</a>. </p><br>
+<TABLE CLASS="table" BORDER="1" CELLPADDING="3">
+<CAPTION CLASS="table">
+<A CLASS="title" NAME="ch08-80519">
+Table 8.11: Filesystem Types </a></caption><THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Variable</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Definition</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+NTFS</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">Microsoft Windows NT filesystem</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+FAT</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+DOS FAT filesystem</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Samba filesystem</p></td></tr></tbody></table><P CLASS="para">
+The default value for this option is <CODE CLASS="literal">
+NTFS</code>, which represents a Windows NT filesystem. There probably isn't a need to specify any other type of filesystem. However, if you need to, you can override it per share as follows:</p><PRE CLASS="programlisting">
+[data]
+	fstype = FAT</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960124">
+8.6.4 keep alive</a></h3><P CLASS="para">This global option specifies the number of seconds that Samba waits between sending NetBIOS <EM CLASS="emphasis">
+keep-alive packets</em>. These packets are used to ping a client to detect whether it is still alive and on the network. The default value for this option is <CODE CLASS="literal">
+0</code>, which means that Samba will not send any such packets at all. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	keep alive = 10</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960128">
+8.6.5 max disk size</a></h3><P CLASS="para">This global option specifies an illusory limit, in megabytes, for each of the shares that Samba is using. You would typically set this option to prevent clients with older operating systems from incorrectly processing large disk spaces, such as those over one gigabyte.</p><P CLASS="para">
+The default value for this option is <CODE CLASS="literal">
+0</code>, which means there is no upper limit at all. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	max disk size = 1000</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960130">
+8.6.6 max mux</a></h3><P CLASS="para">This global option specifies the maximum number of concurrent SMB operations that Samba allows. The default value for this option is <CODE CLASS="literal">
+50</code>. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	max mux = 100</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960132">
+8.6.7 max open files</a></h3><P CLASS="para">This global option specifies the maximum number of open files that Samba should allow at any given time for all processes. This value must be equal to or less than the amount allowed by the operating system, which varies from system to system. The default value for this option is <CODE CLASS="literal">
+10,000</code>. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	max open files = 8000</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960136">
+8.6.8 max xmit</a></h3><P CLASS="para">This global option sets the maximum size of packets that Samba exchanges with a client. In some cases, setting a smaller maximum packet size can increase performance, especially with Windows for Workgroups. The default value for this option is <CODE CLASS="literal">
+65535</code>. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	max xmit = 4096</pre><P CLASS="para">
+
+The section <a href="appb_02.html#b226"><b>Section B.2.2.6, The TCP receive window</b></a> in <a href="appb_01.html"><b>Appendix B,<CITE CLASS="appendix">
+Samba Performance Tuning</cite></b></a>,
+
+shows some uses for this option.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960138">
+8.6.9 nt pipe support</a></h3><P CLASS="para">This global option is used by developers to allow or disallow Windows NT clients the ability to make connections to the NT SMB-specific IPC$ pipes. As a user, you should never need to override the default:</p><PRE CLASS="programlisting">
+[global]
+	nt pipe support = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960140">
+8.6.10 nt smb support</a></h3><P CLASS="para">This global option is used by developers to negotiate NT-specific SMB options with Windows NT clients. The Samba team has discovered that slightly better performance comes from setting this value to <CODE CLASS="literal">
+no</code>. However, as a user, you should probably not override the default:</p><PRE CLASS="programlisting">
+[global]
+	nt smb support = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960178">
+8.6.11 ole locking compatibility</a></h3><P CLASS="para">
+This global option turns off Samba's internal byte-range locking manipulation in files, which gives compatibility with Object Linking and Embedding (OLE) applications that use high byte-range locks as a method of interprocess communication. The default value for this option is <CODE CLASS="literal">
+yes</code>. If you trust your Unix locking mechanisms, you can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	ole locking compatibility = no</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960182">
+8.6.12 panic action</a></h3><P CLASS="para">This global option specifies a command to execute in the event that Samba itself encounters a fatal error when loading or running. There is no default value for this option. You can specify an action as follows:</p><PRE CLASS="programlisting">
+[global]
+	panic action = /bin/csh -c
+          'xedit &lt; &quot;Samba has shutdown unexpectedly!'</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960190">
+8.6.13 set directory</a></h3><P CLASS="para">
+This boolean share-level option allows Digital Pathworks clients to use the <CODE CLASS="literal">
+setdir</code> command to change directories on the server. If you are not using the Digital Pathworks client, you should not need to alter this option. The default value for this option is <CODE CLASS="literal">
+no</code>. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[data]
+	set directory = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960192">
+8.6.14 smbrun</a></h3><P CLASS="para">
+This option sets the location of the <EM CLASS="emphasis">
+smbrun</em> executable, which Samba uses as a wrapper to run shell commands. The default value for this option is automatically configured by Samba when it is compiled. If you did not install Samba to the standard directory, you can specify where the binary is as follows:</p><PRE CLASS="programlisting">
+[global]
+	smbrun = /usr/local/bin/smbrun</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960194">
+8.6.15 status</a></h3><P CLASS="para">
+This global option indicates whether Samba should log all active connections to   a status file. This file is used only by the <EM CLASS="emphasis">
+smbstatus</em> command. If you have no intentions of using this command, you can set this option to <CODE CLASS="literal">
+no</code>, which can result in a small increase of speed on the server. The default value for this option is <CODE CLASS="literal">
+yes</code>. You can override it as follows:</p><PRE CLASS="programlisting">
+[global]
+	status = no</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960196">
+8.6.16 strict sync</a></h3><P CLASS="para">
+This share-level option determines whether Samba honors all requests to perform a disk sync when requested to do so by a client. Many clients request a disk sync when they are really just trying to flush data to their own open files. As a result, this can substantially slow a Samba server down. The default value for this option is <CODE CLASS="literal">
+no</code>. You can override it as follows:</p><PRE CLASS="programlisting">
+[data]
+	strict sync = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960202">
+8.6.17 sync always</a></h3><P CLASS="para">
+This share-level option decides whether every write to disk should be followed by a disk synchronization before the write call returns control to the client. Even if the value of this option is <CODE CLASS="literal">
+no</code>, clients can request a disk synchronization; see the <CODE CLASS="literal">
+strict</code> <CODE CLASS="literal">
+sync</code> option above. The default value for this option is <CODE CLASS="literal">
+no</code>. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[data]
+	sync always = yes</pre></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch08-pgfId-960204">
+8.6.18 strip dot</a></h3><P CLASS="para">
+This global option determines whether to remove the trailing dot from Unix filenames that are formatted with a dot at the end. The default value for this option is <CODE CLASS="literal">
+no</code>. You can override it per share as follows:</p><PRE CLASS="programlisting">
+[global]
+	strip dot = yes</pre><P CLASS="para">
+This option is now considered obsolete; the user should use the <CODE CLASS="literal">
+mangled</code> <CODE CLASS="literal">
+map</code> option insead. </p></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_05.html" TITLE="8.5 Recently Added Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.5 Recently Added Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_07.html" TITLE="8.7 Backups with smbtar">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 8.7 Backups with smbtar" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+8.5 Recently Added Options</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+8.7 Backups with smbtar</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch08_07.html b/docs/htmldocs/using_samba/ch08_07.html
new file mode 100755
index 00000000000..c0aa0837020
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch08_07.html
@@ -0,0 +1,143 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 8] 8.7 Backups with smbtar</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:36:02Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_06.html" TITLE="8.6 Miscellaneous Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.6 Miscellaneous Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch08_01.html" TITLE="8. Additional Samba Information ">
+Chapter 8<br>
+Additional Samba Information </a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch09_01.html" TITLE="9. Troubleshooting Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 9. Troubleshooting Samba" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch08-74829">
+8.7 Backups with smbtar</a></h2><P CLASS="para">Our final topic in this chapter is the <I CLASS="filename">
+smbtar</i> tool. One common problem with modem PCs is that floppies and even CD-ROMs are often too small to use for backups. However, buying one tape drive per machine would also be silly. Consequently, many sites don't back up their PCs at all. Instead, they reinstall them using floppy disks and CD-ROMs when they fail.</p><P CLASS="para">
+Thankfully, Samba provides us with another option: you can back up PCs' data using the <I CLASS="filename">
+smbtar</i> tool. This can be done on a regular basis if you keep user data on your Samba system, or only occasionally, to save the local applications and configuration files and thus make repairs and reinstallations quicker.</p><P CLASS="para">
+To back up PCs from a Unix server, you need to do three things:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch08-pgfId-961555">
+</a>Ensure that File and Printer Sharing is installed on the PC and is bound to the TCP/IP protocol.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch08-pgfId-961564">
+</a>Explicitly share a disk on the PC so it can be read from the server.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch08-pgfId-961567">
+</a>Set up the backup scripts on the server.</p></li></ol><P CLASS="para">
+We'll use Windows 95/98 to illustrate the first two steps. Go to the Networking icon in the Control Panel window, and check that File and Printer Sharing for Microsoft Networks is currently listed in the top window, as shown in <A CLASS="xref" HREF="ch08_07.html#ch08-18303">
+Figure 8.2</a>. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch08-18303">
+Figure 8.2: The Networking window</a></h4><IMG CLASS="graphic" SRC="figs/sam.0802.gif" ALT="Figure 8.2"><P CLASS="para">
+If "File and printer sharing for Microsoft Networks" isn't installed, you can install it  by clicking on the Add button on the Network panel. After pressing it, you will be asked what service to add. Select Service and move forward, and you will be asked for a vendor and a service to install. Finally, select "File and printer sharing for Microsoft Networks," and click on Done to install the service.</p><P CLASS="para">
+Once you've installed "File and printer sharing for Microsoft Networks," return to the Network panel and select the TCP/IP protocol that is tied to your Samba network adapter. Then, click on the Properties button and choose the Bindings tab at the top. You should see a dialog box similar to <A CLASS="xref" HREF="ch08_07.html#ch08-41042">
+Figure 8.3</a>. Here, you'll need to verify that the "File and Printer Sharing" checkbox is checked, giving it access to TCP/IP. At this point you can share disks with other machines on the net.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch08-41042">
+Figure 8.3: TCP/IP Bindings</a></h4><IMG CLASS="graphic" SRC="figs/sam.0803.gif" ALT="Figure 8.3"><P CLASS="para">
+The next step is to share the disk you want to back up with the tape server. Go to My Computer and select, for example, the My Documents directory. Then right-click on the icon and select its Properties. This should yield the dialog box in <A CLASS="xref" HREF="ch08_07.html#ch08-64918">
+Figure 8.4</a>.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch08-64918">
+Figure 8.4: My Documents Properties</a></h4><IMG CLASS="graphic" SRC="figs/sam.0804.gif" ALT="Figure 8.4"><P CLASS="para">
+Select the Sharing tab and turn file sharing on. You now have the choice to share the disk as read-only, read-write (Full), or either, each with separate password. This is the Windows 95/98 version, so it provides only share-level security. In this example, we made it read/write and set a password, as shown in <A CLASS="xref" HREF="ch08_07.html#ch08-29192">
+Figure 8.5</a>. When you enter the password and click on OK, you'll be prompted to re-enter it. After that, you have finished the second step. </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch08-29192">
+Figure 8.5: MyFiles Properties as shared</a></h4><IMG CLASS="graphic" SRC="figs/sam.0805.gif" ALT="Figure 8.5"><P CLASS="para">
+Finally, the last step is to set up a backup script on the tape server, using the <I CLASS="filename">
+smbtar</i> program. The simplest script might contain only a single line and would be something like the following:</p><PRE CLASS="programlisting">
+smbtar -s client -t /dev/rst0 -x &quot;My Documents&quot; -p <CODE CLASS="replaceable"><I>password</i></code></pre><P CLASS="para">
+This unconditionally backs up the <EM CLASS="emphasis">
+//client/My Documents</em> share to the device <I CLASS="filename">
+/dev/rst0</i>. Of course, this is excessively simple and quite insecure. What you will want to do will depend on your existing backup scheme. </p><P CLASS="para">
+However, to whet your appetite, here are some possibilities of what <I CLASS="filename">
+smbtar</i> can do:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch08-pgfId-961280">
+</a>Back up files incrementally using the DOS archive bit (the <CODE CLASS="literal">
+-i</code> option). This requires the client share to be accessed read-write so the bit can be cleared by <I CLASS="filename">
+smbtar</i></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch08-pgfId-961281">
+</a>Back up only files that have changed since a specified date (using the <CODE CLASS="literal">
+-N</code> <CODE CLASS="replaceable">
+<I>
+filename </i></code>option)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch08-pgfId-961282">
+</a>Back up entire PC drives, by sharing all of C: or D:, for example, and backing that up</p></li></ul><P CLASS="para">
+Except for the first example, each of these can be done with the PC sharing set to read-only, reducing the security risk of having passwords in scripts and passing them on the command line. </p></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_06.html" TITLE="8.6 Miscellaneous Options">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.6 Miscellaneous Options" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="chapter" HREF="ch09_01.html" TITLE="9. Troubleshooting Samba">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 9. Troubleshooting Samba" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+8.6 Miscellaneous Options</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+9. Troubleshooting Samba</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch09_01.html b/docs/htmldocs/using_samba/ch09_01.html
new file mode 100755
index 00000000000..8dc0e80bc56
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch09_01.html
@@ -0,0 +1,397 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 9] Troubleshooting Samba</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:36:14Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_07.html" TITLE="8.7 Backups with smbtar">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.7 Backups with smbtar" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+Chapter 9</font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_02.html" TITLE="9.2 The Fault Tree">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 9.2 The Fault Tree" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div class="samplechapter">
+<H1 CLASS="chapter">
+<A CLASS="title" NAME="ch09-80975">
+9. Troubleshooting Samba</a></h1><DIV CLASS="htmltoc">
+<P>
+<B>
+Contents:</b><br>
+<A CLASS="sect1" HREF="#ch09-36385" TITLE="9.1 The Tool Bag">
+The Tool Bag</a><br>
+<A CLASS="sect1" HREF="ch09_02.html" TITLE="9.2 The Fault Tree">
+The Fault Tree</a><br>
+<A CLASS="sect1" HREF="ch09_03.html" TITLE="9.3 Extra Resources">
+Extra Resources</a></p><P>
+</p></div><P CLASS="para">Samba is extremely robust. Once you've got everything set up the way you want, you'll probably forget that it is running. When trouble occurs, it's typically during installation or when you're trying to add something new to the server. Fortunately, there are a wide variety of resources that you can use to diagnose these troubles. While we can't describe in detail the solution to every problem that you might encounter, you should be able to get a good start at a resolution by following the advice given in this chapter.</p><P CLASS="para">
+The first section of the chapter lists the tool bag, a collection of tools available for troubleshooting Samba; the second section is a detailed how-to, and the last section lists extra resources you may need to track down particularly stubborn problems.</p><DIV CLASS="sect1">
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="s1"></a>
+<A CLASS="title" NAME="ch09-36385">
+9.1 The Tool Bag</a></h2><P CLASS="para">Sometimes Unix seems to be made up of a handful of applications and tools. There are tools to troubleshoot tools. And of course, there are several ways to accomplish the same task. When you are trying to solve a problem related to Samba, a good plan of attack is to check the following:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944982">
+</a>Samba logs </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944983">
+</a>Fault tree </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944984">
+</a>Unix utilities </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944985">
+</a>Samba test utilities </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944986">
+</a>Documentation and FAQs </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944987">
+</a>Searchable archives </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-944988">
+</a>Samba newsgroups</p></li></ol><P CLASS="para">
+Let's go over each of these one by one in the following sections.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-950956">
+9.1.1 Samba Logs</a></h3><P CLASS="para">Your first line of attack should always be to check the log files. The Samba log files can help diagnose the vast majority of the problems that beginning to intermediate Samba administrators are likely to face. Samba is quite flexible when it comes to logging. You can set up the server to log as little or as much as you want. Substitution variables that allow you to isolate individual logs for each machine, share, or combination thereof.</p><P CLASS="para">
+By default, logs are placed in <CODE CLASS="replaceable">
+<I>
+samba_directory</i></code><EM CLASS="emphasis">
+/var/smbd.log</em> and <CODE CLASS="replaceable">
+<I>
+samba_directory</i></code><EM CLASS="emphasis">
+/var/nmbd.log</em>, where <CODE CLASS="literal">
+samba_directory</code> is the location where Samba was installed (typically, <I CLASS="filename">
+/usr/local/samba</i>). As we mentioned in <a href=ch04_01.html><b>Chapter 4, <CITE CLASS="chapter">Disk Shares</cite></b></a>, you can override the location and name using the <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+file</code> configuration option in <I CLASS="filename">
+smb.conf</i>. This option accepts all of the substitution variables mentioned in <a href="ch02_01.html"><b>Chapter 2, <CITE CLASS="chapter">Installing Samba on a Unix System</cite></b></a>, so you could easily have the server keep a separate log for each connecting client by specifying the following in the <CODE CLASS="literal">
+[global]</code> section of <I CLASS="filename">
+smb.conf</i>:</p><PRE CLASS="programlisting">
+log file = %m.log</pre><P CLASS="para">
+Alternatively, you can specify a log directory to use with the <CODE CLASS="literal">
+-l</code> flag on the command line. For example:</p><PRE CLASS="programlisting">
+smbd -l /usr/local/var/samba</pre><P CLASS="para">
+Another useful trick is to have the server keep a log for each service (share) that is offered, especially if you suspect a particular share is causing trouble. Use the <CODE CLASS="literal">
+%S</code> variable to set this up in the <CODE CLASS="literal">
+[global]</code> section of the configuration file:</p><PRE CLASS="programlisting">
+log file = %S.log</pre><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-28969">
+9.1.1.1 Log levels</a></h4><P CLASS="para">The level of logging that Samba uses can be set in the <I CLASS="filename">
+smb.conf</i> file using the global <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> or <CODE CLASS="literal">
+debug</code> <CODE CLASS="literal">
+level</code> option; they are equivalent. The logging level is an integer which ranges from 0 (no logging), and increases the logging to voluminous by <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+3</code>. For example, let's assume that we are going to use a Windows client to browse a directory on a Samba server. For a small amount of log information, you can use <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+1</code>, which instructs Samba to show only cursory information, in this case only the connection itself: </p><PRE CLASS="programlisting">
+105/25/98 22:02:11 server (192.168.236.86) connect to service public as user pcguest (uid=503,gid=100) (pid 3377) </pre><P CLASS="para">
+Higher debug levels produce more detailed information. Usually you won't need any more than level 3; this is more than adequate for most Samba administrators. Levels above 3 are for use by the developers and dump enormous amounts of cryptic information.</p><P CLASS="para">
+Here is example output at levels 2 and 3 for the same operation. Don't worry if you don't understand the intricacies of an SMB connection; the point is simply to show you what types of information are shown at the different logging levels: </p><PRE CLASS="programlisting">
+ /* Level 2 */
+Got SIGHUP
+Processing section &quot;[homes]&quot;
+Processing section &quot;[public]&quot;
+Processing section &quot;[temp]&quot;
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC/
+
+
+/* Level 3 */
+05/25/98 22:15:09 Transaction 63 of length 67
+switch message SMBtconX (pid 3377)
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
+ACCEPTED: guest account and guest ok
+found free connection number 105
+Connect path is /tmp
+chdir to /tmp
+chdir to /
+05/25/98 22:15:09 server (192.168.236.86) connect to service IPC$ as user pcguest (uid=503,gid=100) (pid 3377)
+05/25/98 22:15:09 tconX service=ipc$ user=pcguest cnum=105
+05/25/98 22:15:09 Transaction 64 of length 99
+switch message SMBtrans (pid 3377)
+chdir to /tmp
+trans &lt;\PIPE\LANMAN&gt; data=0 params=19 setup=0
+Got API command 0 of form &lt;WrLeh&gt; &lt;B13BWz&gt; (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
+Doing RNetShareEnum
+RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
+05/25/98 22:15:11 Transaction 65 of length 99
+switch message SMBtrans (pid 3377)
+chdir to /
+chdir to /tmp
+trans &lt;\PIPE\LANMAN&gt; data=0 params=19 setup=0
+Got API command 0 of form &lt;WrLeh&gt; &lt;B13BWz&gt; (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
+Doing RNetShareEnum
+RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
+05/25/98 22:15:11 Transaction 66 of length 95
+switch message SMBtrans2 (pid 3377)
+chdir to /
+chdir to /pcdisk/public
+call_trans2findfirst: dirtype = 0, maxentries = 6, close_after_first=0, close_if_end = 0 requires_resume_key = 0 level = 260, max_data_bytes = 2432
+unix_clean_name [./DESKTOP.INI]
+unix_clean_name [desktop.ini]
+unix_clean_name [./]
+creating new dirptr 1 for path ./, expect_close = 1
+05/25/98 22:15:11 Transaction 67 of length 53
+switch message SMBgetatr (pid 3377)
+chdir to /
+
+[...]</pre><P CLASS="para">
+We cut off this listing after the first packet because it runs on for many pages. However, you should be aware that log levels above 3 will quickly fill your disk with megabytes of excruciating detail concerning Samba internal operations. Log level 3 is extremely useful for following exactly what the server is doing, and most of the time it will be obvious where an error is occurring by glancing through the log file.</p><P CLASS="para">
+A word of warning: using a high log level (3 or above) will <EM CLASS="emphasis">
+seriously</em> slow down the Samba server. Remember that every log message generated causes a write to disk (an inherently slow operation) and log levels greater than 2 produce massive amounts of data. Essentially, you should turn on logging level 3 only when you're actively tracking a problem in the Samba server.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-946537">9.1.1.2 Activating and deactivating logging</a></h4><P CLASS="para">To turn logging on and off, set the appropriate level in the <CODE CLASS="literal">
+[global]</code> section of <I CLASS="filename">
+smb.conf</i>. Then, you can either restart Samba, or force the current daemon to reprocess the configuration file. You also can send the <EM CLASS="emphasis">
+smbd</em> process a SIGUSR1 signal to increase its log level by one while it's running, and a SIGUSR2 signal to decrease it by one:</p><PRE CLASS="programlisting">
+# Increase the logging level by 1
+kill -SIGUSR1 1234
+
+# Decrease the logging level by 1
+kill -SIGUSR2 1234</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-34448">
+9.1.1.3 Logging by individual client machines or users</a></h4><P CLASS="para">An effective way to diagnose problems without hampering other users is to assign different log levels for different machines in <CODE CLASS="literal">
+[global]</code> section of the <I CLASS="filename">
+smb.conf</i> file. We can do this by building on the strategy we presented earlier:</p><PRE CLASS="programlisting">
+[global]
+	log level = 0
+	log file = /usr/local/samba/lib/log.%m
+	include = /usr/local/samba/lib/smb.conf.%m</pre><P CLASS="para">
+These options instruct Samba to use unique configuration and log files for each client that connects. Now all you have to do is create an <I CLASS="filename">
+smb.conf</i> file for a specific client machine with a <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+3</code> entry in it (the others will pick up the default log level of 0) and use that log file to track down the problem.</p><P CLASS="para">
+Similarly, if only particular users are experiencing a problem, and it travels from machine to machine with them, you can isolate logging to a specific user by adding the following to the <I CLASS="filename">
+smb.conf</i> file:</p><PRE CLASS="programlisting">
+[global]
+	log level = 0
+	log file = /usr/local/samba/lib/log.%u
+	include = /usr/local/samba/lib/smb.conf.%u</pre><P CLASS="para">
+Then you can create a unique <I CLASS="filename">
+smb.conf</i> file for each user (e.g., <I CLASS="filename">
+/usr/local/samba/lib/smb.conf.tim</i>) files containing the configuration option <CODE CLASS="literal">
+log</code> <CODE CLASS="literal">
+level</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+3</code> and only those users will get more detailed logging.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-945079">9.1.2 Samba Test Utilities</a></h3><P CLASS="para">A rigorous set of tests that exercise the major parts of Samba are described in various files in the <EM CLASS="emphasis">
+/docs/textdocs</em> directory of the Samba distribution kit, starting with <EM CLASS="emphasis">
+DIAGNOSIS.TXT.</em> The fault tree in this chapter is a more detailed version of the basic tests suggested by the Samba team, but covers only installation and reconfiguration diagnosis, like <EM CLASS="emphasis">
+DIAGNOSIS.TXT.</em> The other files in the <EM CLASS="emphasis">
+/docs</em> subdirectoryies address specific problems (such as Windows NT clients) and instruct you how to troubleshoot items not included in this book. If the fault tree doesn't suffice, be sure to look at <EM CLASS="emphasis">
+DIAGNOSIS.TXT</em> and its friends.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-945083">
+9.1.3 Unix Utilities</a></h3><P CLASS="para">Sometimes it's useful to use a tool outside of the Samba suite to examine what's happening inside the server. Unix has always been a "kitchen-sink" operating system. Two diagnostic tools can be of particular help in debugging Samba troubles: <EM CLASS="emphasis">
+trace</em> and <EM CLASS="emphasis">
+tcpdump</em>.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945085">
+9.1.3.1 Using trace</a></h4><P CLASS="para">
+The <EM CLASS="emphasis">
+trace</em> command masquerades under several different names, depending on the operating system that you are using. On Linux it will be <EM CLASS="emphasis">
+strace</em>, on Solaris you'll use <EM CLASS="emphasis">
+truss</em>, and SGI will have <EM CLASS="emphasis">
+padc</em> and <EM CLASS="emphasis">
+par</em>. All have essentially the same function, which is to display each operating system function call as it is executed. This allows you to follow the execution of a program, such as the Samba server, and will often pinpoint the exact call that is causing the difficulty.</p><P CLASS="para">
+One problem that <EM CLASS="emphasis">
+trace</em> can highlight is the location of an incorrect version of a dynamically linked library. This can happen if you've downloaded prebuilt binaries of Samba. You'll typically see the offending call at the end of the <EM CLASS="emphasis">
+trace</em>, just before the program terminates.</p><P CLASS="para">
+A sample <CODE CLASS="literal">
+strace</code> output for the Linux operating system follows. This is a small section of a larger file created during the opening of a directory on the Samba server. Each line is a system-call name, and includes its parameters and the return value. If there was an error, the error value (e.g., <CODE CLASS="literal">
+ENOENT</code>) and its explanation are also shown. You can look up the parameter types and the errors that can occur in the appropriate <CODE CLASS="literal">
+trace</code> manual page for the operating system that you are using.</p><PRE CLASS="programlisting">
+chdir(&quot;/pcdisk/public&quot;)                 = 0
+stat(&quot;mini/desktop.ini&quot;, 0xbffff7ec)    = -1 ENOENT (No such file or directory)
+stat(&quot;mini&quot;, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
+stat(&quot;mini/desktop.ini&quot;, 0xbffff7ec)    = -1 ENOENT (No such file or directory)
+open(&quot;mini&quot;, O_RDONLY)                  = 5
+fcntl(5, F_SETFD, FD_CLOEXEC)           = 0
+fstat(5, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
+lseek(5, 0, SEEK_CUR)                   = 0
+SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 196
+lseek(5, 0, SEEK_CUR)                   = 1024
+SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 0
+close(5)                                = 0
+stat(&quot;mini/desktop.ini&quot;, 0xbffff86c)    = -1 ENOENT (No such file or directory)
+write(3, &quot;\0\0\0#\377SMB\10\1\0\2\0\200\1\0&quot;..., 39) = 39
+SYS_142(0xff, 0xbffffc3c, 0, 0, 0xbffffc08) = 1
+read(3, &quot;\0\0\0?&quot;, 4)                   = 4
+read(3, &quot;\377SMBu\0\0\0\0\0\0\0\0\0\0\0\0&quot;..., 63) = 63
+time(NULL)                              = 896143871</pre><P CLASS="para">
+This example shows several <CODE CLASS="literal">
+stat</code> calls failing to find the files they were expecting. You don't have to be a expert to see that the file <EM CLASS="emphasis">
+desktop.ini</em> is missing from that directory. In fact, many difficult problems can be identified by looking for obvious, repeatable errors with <EM CLASS="emphasis">
+trace</em>. Often, you need not look farther than the last message before a crash.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945114">
+9.1.3.2 Using tcpdump</a></h4><P CLASS="para">
+The <EM CLASS="emphasis">
+tcpdump</em> program, written by Van Jacobson, Craig Leres, and Steven McCanne, and extended by Andrew Tridgell, allows you to monitor network traffic in real time. A variety of output formats are available and you can filter the output to look at only a particular type of traffic. The <EM CLASS="emphasis">
+tcpdump</em> program lets you examine all conversations between client and server, including SMB and NMB broadcast messages. While its troubleshooting capabilities lie mainly at the OSI network layer, you can still use its output to get a general idea of what the server and client are attempting to accomplish.</p><P CLASS="para">
+A sample <EM CLASS="emphasis">
+tcpdump</em> log follows. In this instance, the client has requested a directory listing and the server has responded appropriately, giving the directory names <CODE CLASS="literal">
+homes</code>, <CODE CLASS="literal">
+public</code>, <CODE CLASS="literal">
+IPC$</code>, and <CODE CLASS="literal">
+temp</code> (we've added a few explanations on the right):</p><PRE CLASS="programlisting">$<CODE CLASS="userinput"><B> tcpdump -v -s 255 -i eth0 port not telnet</b></code>
+SMB PACKET: SMBtrans (REQUEST)	                        <CODE CLASS="replaceable">
+<I>
+Request packet</i></code>
+SMB Command   =  0x25                                 <CODE CLASS="replaceable">
+<I>
+Request was ls or dir</i></code>.
+
+[000] 01 00 00 10                                     ....
+
+
+&gt;&gt;&gt; NBT Packet                                                                 <CODE CLASS="replaceable">
+<I>
+Outer frame of SMB packe</i></code>t
+NBT Session Packet
+Flags=0x0
+Length=226
+[lines skipped]
+                         
+SMB PACKET: SMBtrans (REPLY)	                           <CODE CLASS="replaceable">
+<I>
+Beginning of a reply to  request </i></code>
+SMB Command   =  0x25			                                  <CODE CLASS="replaceable">
+<I>
+Command was an ls or dir</i></code>
+Error class   =  0x0			 
+Error code    =  0                                                                    <CODE CLASS="replaceable">
+<I>
+No errors</i></code>
+Flags1        =  0x80
+Flags2        =  0x1
+Tree ID       =  105
+Proc ID       =  6075
+UID           =  100
+MID           =  30337
+Word Count    =  10
+TotParamCnt=8 
+TotDataCnt=163 
+Res1=0
+ParamCnt=8 
+ParamOff=55 
+Res2=0 
+DataCnt=163 
+DataOff=63 
+Res3=0
+Lsetup=0
+Param Data: (8 bytes)
+[000] 00 00 00 00 05 00 05 00                           ........ 
+
+Data Data: (135 bytes)                                                        <CODE CLASS="replaceable">
+<I>
+			Actual directory contents:</i></code>
+[000] 68 6F 6D 65 73 00 00 00  00 00 00 00 00 00 00 00  homes... ........
+[010] 64 00 00 00 70 75 62 6C  69 63 00 00 00 00 00 00  d...publ ic......
+[020] 00 00 00 00 75 00 00 00  74 65 6D 70 00 00 00 00  ....u... temp....
+[030] 00 00 00 00 00 00 00 00  76 00 00 00 49 50 43 24  ........ v...IPC$
+[040] 00 00 00 00 00 00 00 00  00 00 03 00 77 00 00 00  ........ ....w...
+[050] 64 6F 6E 68 61 6D 00 00  00 00 00 00 00 00 00 00  donham.. ........
+[060] 92 00 00 00 48 6F 6D 65  20 44 69 72 65 63 74 6F  ....Home  Directo
+[070] 72 69 65 73 00 00 00 49  50 43 20 53 65 72 76 69  ries...I PC Servi
+[080] 63 65 20 28 53 61 6D                              ce (Sam</pre><P CLASS="para">
+This is more of the same debugging session as with the 
+<i>trace</i> command; the listing of a directory. The options we used were <CODE CLASS="literal">
+-v</code> (verbose), <CODE CLASS="literal">
+-i</code> <CODE CLASS="literal">
+eth0</code> to tell <EM CLASS="emphasis">
+tcpdump</em> the interface to listen on (an Ethernet port), and <CODE CLASS="literal">
+-s</code> <CODE CLASS="literal">
+255</code> to tell it to save the first 255 bytes of each packet instead of the default: the first 68. The option <CODE CLASS="literal">
+port</code> <CODE CLASS="literal">
+not</code> <CODE CLASS="literal">
+telnet</code> is used to avoid screens of telnet traffic, since we were logged in to the server remotely. The <EM CLASS="emphasis">
+tcpdump</em> program actually has quite a number of options to filter just the traffic you want to look at. If you've used <EM CLASS="emphasis">
+snoop</em> or <EM CLASS="emphasis">
+etherdump</em>, they'll look vaguely familiar.</p><P CLASS="para">
+You can download the modified <EM CLASS="emphasis">
+tcpdump</em> from the Samba FTP server at <I CLASS="filename">
+<a href="ftp://samba.anu.edu.au/pub/samba/tcpdump-smb">ftp://samba.anu.edu.au/pub/samba/tcpdump-smb</i></a>. Other versions don't include support for the SMB protocol; if you don't see output such as that shown in the example, you'll need to<EM CLASS="emphasis">
+</em> use the SMB-enabled version.</p></div></div></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch08_07.html" TITLE="8.7 Backups with smbtar">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 8.7 Backups with smbtar" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_02.html" TITLE="9.2 The Fault Tree">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 9.2 The Fault Tree" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">8.7 Backups with smbtar</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+9.2 The Fault Tree</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch09_02.html b/docs/htmldocs/using_samba/ch09_02.html
new file mode 100755
index 00000000000..e4c740fe278
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch09_02.html
@@ -0,0 +1,1772 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 9] 9.2 The Fault Tree</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:36:27Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_01.html" TITLE="9.1 The Tool Bag">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 9.1 The Tool Bag" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch09_01.html" TITLE="9. Troubleshooting Samba">
+Chapter 9<br>
+Troubleshooting Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_03.html" TITLE="9.3 Extra Resources">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 9.3 Extra Resources" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch09-29538">
+9.2 The Fault Tree</a></h2><P CLASS="para">The fault tree is for diagnosing and fixing problems that occur when you're installing and reconfiguring Samba. It's an expanded form of a trouble and diagnostic document that is part of the Samba distribution.</p><P CLASS="para">Before you set out to troubleshoot any part of the Samba suite, you should know the following information:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945178">
+</a> Your client IP address (we use 192.168.236.10) </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945179">
+</a> Your server IP address (we use 192.168.236.86) </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945180">
+</a> The netmask for your network (typically 255.255.255.0)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945181">
+</a> Whether the machines are all on the same subnet (ours are)</p></li></ul><P CLASS="para">
+For clarity, we've renamed the server in the following examples to <EM CLASS="emphasis">
+server.example.com</em>, and the client machine to <EM CLASS="emphasis">
+client.example.com</em>.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-945183">
+9.2.1 How to use the fault tree</a></h3><P CLASS="para">Start the tests here, without skipping forward; it won't take long (about five minutes) and may actually save you time backtracking. Whenever a test succeeds, you will be given a section name and page number to which you can safely skip.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-953555">
+9.2.2 Troubleshooting Low-level IP </a></h3><P CLASS="para">The first series of tests is that of the low-level services that Samba needs in order to run. The tests in this section will verify that:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945191">
+</a> The IP software works</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945192">
+</a> The Ethernet hardware works</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945193">
+</a> Basic name service is in place</p></li></ul><P CLASS="para">
+Subsequent sections will add TCP software, the Samba daemons <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em>, host-based access control, authentication and per-user access control, file services, and browsing. The tests are described in considerable detail in order to make them understandable by both technically oriented end users and experienced systems and network administrators.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945197">
+9.2.2.1 Testing the networking software with ping </a></h4><P CLASS="para">
+The first command to enter on both the server and the client is <CODE CLASS="literal">
+ping 127.0.0.1</code>. This is the <I CLASS="firstterm">
+loopback</i> <EM CLASS="emphasis">
+address</em> and testing it will indicate whether any networking support is functioning at all. On Unix, you can use <CODE CLASS="literal">
+ping</code> <CODE CLASS="literal">
+127.0.0.1</code> with the statistics option and interrupt it after a few lines. On Sun workstations, the command is typically <CODE CLASS="literal">
+/usr/etc/ping</code> <CODE CLASS="literal">
+-s</code> <CODE CLASS="literal">
+127.0.0.1</code>; on Linux, just <CODE CLASS="literal">
+ping</code> <CODE CLASS="literal">
+127.0.0.1</code>. On Windows clients, run <CODE CLASS="literal">
+ping</code> <CODE CLASS="literal">
+127.0.0.1</code> in an MS-DOS window and it will stop by itself after four lines.</p><P CLASS="para">
+Here is an example on a Linux server:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> ping 127.0.0.1 </b>
+</pre><PRE CLASS="programlisting">
+PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1): 
+icmp-seq=0. time=1. ms 64 bytes from localhost (127.0.0.1): 
+icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1): 
+icmp-seq=2. time=1. ms ^C 
+----127.0.0.1 PING Statistics---- 
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
+min/avg/max = 0/0/1  </pre><P CLASS="para">
+If you get "ping: no answer from..." or "100% packet loss," you have no IP networking at all installed on the machine. The address <CODE CLASS="literal">
+127.0.0.1</code> is the internal loopback address and doesn't depend on the computer being physically connected to a network. If this test fails, you have a serious local problem. TCP/IP either isn't installed or is seriously misconfigured. See your operating system documentation if it is a Unix server. If it is a Windows client, follow the instructions in <a href="ch03_01.html"><b>Chapter 3, <CITE CLASS="chapter">Configuring Windows Clients</cite></b></a>, to install networking support.</p><P CLASS="para">
+If <EM CLASS="emphasis">
+you're</em> the network manager, some good references are Craig Hunt's <EM CLASS="emphasis">
+TCP/IP Network Administration</em>, Chapter 11, and Craig Hunt &amp; Robert Bruce Thompson's new book, <EM CLASS="emphasis">
+Windows NT TCP/IP Network Administration, </em>both published by O'Reilly.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-20350">
+9.2.2.2 Testing local name services with ping </a></h4><P CLASS="para">Next, try to ping <CODE CLASS="literal">
+localhost</code> on the Samba server. <CODE CLASS="literal">
+localhost</code> is the conventional hostname for the 127.0.0.1 loopback, and it should resolve to that address. After typing <CODE CLASS="literal">
+ping</code> <CODE CLASS="literal">
+localhost</code>, you should see output similar to the following:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> ping localhost  </b>
+</pre><PRE CLASS="programlisting">
+PING localhost: 56 data bytes  64 bytes from localhost (127.0.0.1):
+icmp-seq=0. time=0. ms  64 bytes from localhost (127.0.0.1): 
+icmp-seq=1. time=0. ms  64 bytes from localhost (127.0.0.1): 
+icmp-seq=2. time=0. ms  ^C</pre><P CLASS="para">
+If this succeeds, try the same test on the client. Otherwise:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-951025">
+</a>If you get "unknown host: localhost," there is a problem resolving the host name localhost into a valid IP address. (This may be as simple as a missing entry in a local <EM CLASS="emphasis">
+hosts</em> file.) From here, skip down to the section <A CLASS="xref" HREF="ch09_02.html#ch09-23768">
+Section 9.2.8, Troubleshooting Name Services</a>. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946775">
+</a>If you get "ping: no answer," or "100% packet loss," but pinging 127.0.0.1 worked, then name services is resolving to an address, but it isn't the correct one. Check the file or database (typically <I CLASS="filename">
+/etc/hosts</i> on a Unix system) that the name service is using to resolve addresses to ensure that the entry is corrected.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-946776">
+9.2.2.3 Testing the networking hardware with ping </a></h4><P CLASS="para">Next, ping the server's network IP address from itself. This should get you exactly the same results as pinging 127.0.0.1:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> ping 192.168.236.86 </b>
+</pre><PRE CLASS="programlisting">
+PING 192.168.236.86: 56 data bytes 64 bytes from 192.168.236.86 (192.168.236.86): 
+icmp-seq=0. time=1. ms 64 bytes from 192.168.236.86 (192.168.236.86): 
+icmp-seq=1. time=0. ms 64 bytes from 192.168.236.86 (192.168.236.86): 
+icmp-seq=2. time=1. ms ^C 
+----192.168.236.86 PING Statistics---- 
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
+min/avg/max = 0/0/1</pre><P CLASS="para">
+If this works on the server, repeat it for the client. Otherwise:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945243">
+</a>If <CODE CLASS="literal">
+ping</code> <CODE CLASS="replaceable">
+<I>
+network_ip</i></code> fails on either the server or client, but ping 127.0.0.1 works on that machine, you have a TCP/IP problem that is specific to the Ethernet network interface card on the computer. Check with the documentation for the network card or the host operating system to determine how to correctly configure it. However, be aware that on some operating systems, the <EM CLASS="emphasis">
+ping</em> command appears to work even if the network is disconnected, so this test doesn't always diagnose all hardware problems. </p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-84079">
+9.2.2.4 Testing connections with ping</a></h4><P CLASS="para">Now, ping the server by name (instead of its IP address), once from the server and once from the client. This is the general test for working network hardware:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> ping server </b>
+</pre><PRE CLASS="programlisting">
+PING server.example.com: 56 data bytes 64 bytes from server.example.com (192.168.236.86): 
+icmp-seq=0. time=1. ms 64 bytes from server.example.com (192.168.236.86): 
+icmp-seq=1. time=0. ms 64 bytes from server.example.com (192.168.236.86): 
+icmp-seq=2. time=1. ms ^C 
+----server.example.com PING Statistics---- 
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
+min/avg/max = 0/0/1</pre><P CLASS="para">
+On Microsoft Windows, a ping of the server would look like <A CLASS="xref" HREF="ch09_02.html#ch09-91668">
+Figure 9.1</a>.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch09-91668">
+Figure 9.1: Pinging the Samba server from a Windows client</a></h4><IMG CLASS="graphic" SRC="figs/sam.0901.gif" ALT="Figure 9.1"><P CLASS="para">
+If successful, this test tells us five things:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946836">
+</a>The hostname (e.g., "server") is being found by your local nameserver.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946837">
+</a>The hostname has been expanded to the full name (e.g., <A CLASS="email" HREF="mailto:server.example.com" TITLE="server.example.com">
+server.example.com</a>).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945264">
+</a>Its address is being returned (192.168.236.86).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945265">
+</a>The client has sent the Samba server four 56-byte UDP/IP packets.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945266">
+</a>The Samba server has replied to all four packets.</p></li></ol><P CLASS="para">
+If this test isn't successful, there can be one of several things wrong with the network:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945267">
+</a>First, if you get "ping: no answer," or "100% packet loss," you're not connecting to the network, the other machine isn't connecting, or one of the addresses is incorrect. Check the addresses that the <CODE CLASS="literal">
+ping</code> command reports on each machine, and ensure that they match the ones you set up initially.</p><P CLASS="para">
+If not, there is at least one mismatched address between the two machines. Try entering the command <CODE CLASS="literal">
+arp</code> <CODE CLASS="literal">
+-a</code>, and see if there is an entry for the other machine. The <CODE CLASS="literal">
+arp</code> command stands for the Address Resolution Protocol. The <CODE CLASS="literal">
+arp</code> <CODE CLASS="literal">
+-a</code> command lists all the addresses known on the local machine. Here are some things to try:</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946854">
+</a>If you receive a message like "192.168.236.86 at (incomplete)," the Ethernet address of 192.168.236.86 is unknown. This indicates a complete lack of connectivity, and you're likely having a problem at the very bottom of the TCP/IP Network Administration protocol stack, at the Ethernet-interface layer. This is discussed in Chapters 5 and 6 of <CITE CLASS="citetitle">
+TCP/IP Network Administration </cite>(O'Reilly).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945274">
+</a>If you receive a response similar to "server (192.168.236.86) at 8:0:20:12:7c:94," then the server has been reached at some time, or another machine is answering on its behalf. However, this means that <EM CLASS="emphasis">
+ping</em> should have worked: you may have an intermittent networking or ARP problem.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945275">
+</a>If the IP address from ARP doesn't match the addresses you expected, investigate and correct the addresses manually.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945284">
+</a>If each machine can ping itself but not another, something is wrong on the network between them.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945287">
+</a>If you get "ping: network unreachable" or "ICMP Host Unreachable," then you're not receiving an answer and there is likely more than one network involved.</p><P CLASS="para">
+In principle, you shouldn't try to troubleshoot SMB clients and servers on different networks. Try to test a server and client on the same network. The three tests that follow assume you might be testing between two networks:</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-951057">
+</a>First, perform the tests for no answer described earlier in this section. If this doesn't identify the problem, the remaining possibilities are the following: an address is wrong, your netmask is wrong, a network is down, or just possibly you've been stopped by a firewall.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-951077">
+</a>Check both the address and the netmasks on source and destination machines to see if something is obviously wrong. Assuming both machines really are on the same network, they both should have the same netmasks and <EM CLASS="emphasis">
+ping</em> should report the correct addresses. If the addresses are wrong, you'll need to correct them. If they're right, the programs may be confused by an incorrect netmask. See <A CLASS="xref" HREF="ch09_02.html#ch09-21203">
+Section 9.2.9.1, Netmasks</a>, later in this chapter.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945300">
+</a>If the commands are still reporting that the network is unreachable and neither of the previous two conditions is in error, one network really may be unreachable from the other. This, too, is a network manager issue.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946936">
+</a>If you get "ICMP Administratively Prohibited," you've struck a firewall of some sort or a misconfigured router. You will need to speak to your network security officer.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946938">
+</a>If you get "ICMP Host redirect," and <EM CLASS="emphasis">
+ping</em> reports packets getting through, this is generally harmless: you're simply being rerouted over the network.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945305">
+</a>If you get a host redirect and no <EM CLASS="emphasis">
+ping</em> responses, you are being redirected, but no one is responding. Treat this just like the "Network unreachable" response   and check your addresses and netmasks.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945308">
+</a>If you get "ICMP Host Unreachable from gateway <EM CLASS="emphasis">
+gateway_name</em>," ping packets are being routed to another network, but the other machine isn't responding and the router is reporting the problem on its behalf. Again, treat this like a "Network unreachable" response and start checking addresses and netmasks.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946955">
+</a>If you get "ping: unknown host <EM CLASS="emphasis">
+hostname</em>," your machine's name is not known. This tends to indicate a name-service problem, which didn't affect <CODE CLASS="literal">
+localhost</code>. Have a look at <A CLASS="xref" HREF="ch09_02.html#ch09-23768">
+Section 9.2.8</a>, later in this chapter.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946959">
+</a>If you get a partial success, with some pings failing but others succeeding, you either have an intermittent problem between the machines or an overloaded network. Ping for longer, and see if more than about 3 percent of the packets fail. If so, check it with your network manager: a problem may just be starting. However, if only a few fail, or if you happen to know some massive network program is running, don't worry unduly. Ping's ICMP (and UDP) are designed to drop occasional packets.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945319">
+</a>If you get a response like "smtsvr.antares.net is alive" when you actually pinged <EM CLASS="emphasis">
+client.example.com</em>, you're either using someone else's address or the machine has multiple names and addresses. If the address is wrong, name service is clearly the culprit; you'll need to change the address in the name service database to refer to the right machine. This is discussed in <A CLASS="xref" HREF="ch09_02.html#ch09-23768">
+Section 9.2.8</a>, later in this chapter.</p><P CLASS="para">
+Server machines are often <EM CLASS="emphasis">
+multihomed</em> : connected to more than one network, with different names on each net. If you are getting a response from an unexpected name on a multihomed server, look at the address and see if it's on your network (see the section <A CLASS="xref" HREF="ch09_02.html#ch09-21203">
+Section 9.2.9.1</a>, later in this chapter). If so, you should use that address, rather than one on a different network, for both performance and reliability reasons.</p><P CLASS="para">
+Servers may also have multiple names for a single Ethernet address, especially if they are web servers. This is harmless, if otherwise startling. You probably will want to use the official (and permanent) name, rather than an alias which may change.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945333">
+</a>If everything works, but the IP address reported is 127.0.0.1, you have a name service error. This typically occurs when a operating system installation program generates an <I CLASS="filename">
+/etc/hosts</i> line similar to <CODE CLASS="literal">
+127.0.0.1</code> <CODE CLASS="literal">
+localhost</code> <EM CLASS="emphasis">
+hostnamedomainname</em>. The localhost line should say <CODE CLASS="literal">
+127.0.0.1</code> <CODE CLASS="literal">
+localhost</code> or <CODE CLASS="literal">
+127.0.0.1</code> <CODE CLASS="literal">
+localhost</code> <CODE CLASS="literal">
+loghost</code>. Correct it, lest it cause failures to negotiate who is the master browse list holder and who is the master browser. It can, also cause (ambiguous) errors in later tests.</p></li></ul><P CLASS="para">
+If this worked from the server, repeat it from the client.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-945336">9.2.3 Troubleshooting TCP</a></h3><P CLASS="para">Now that you've tested IP, UDP, and a name service with <EM CLASS="emphasis">
+ping</em>, it's time to test TCP. <EM CLASS="emphasis">
+ping</em> and browsing use ICMP and UDP; file and print services (shares) use TCP. Both depend on IP as a lower layer and all four depend on name services. Testing TCP is most conveniently done using the FTP (file transfer protocol) program.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-78512">
+9.2.3.1 Testing TCP with FTP </a></h4><P CLASS="para">
+Try connecting via FTP, once from the server to itself, and once from the client to the server: </p><PRE CLASS="programlisting">
+server% <CODE CLASS="userinput"><B>ftp server</b></code>
+Connected to server.example.com. 
+220 server.example.com FTP server (Version 6.2/OpenBSD/Linux-0.10) ready.
+ Name (server:davecb): 
+331 Password required for davecb. 
+Password: 
+230 User davecb logged in.
+ ftp&gt;<CODE CLASS="userinput"><B> quit </b></code>
+221 Goodbye. </pre><P CLASS="para">
+If this worked, skip to the section <A CLASS="xref" HREF="ch09_02.html#ch09-88968">
+Section 9.2.4, Troubleshooting Server Daemons</a>. Otherwise:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945357">
+</a>If you received the message "server: unknown host," then nameservice has failed. Go back to the corresponding <EM CLASS="emphasis">
+ping</em> step, <A CLASS="xref" HREF="ch09_02.html#ch09-20350">
+Section 9.2.2.2, Testing local name services with ping </a>, and rerun those tests to see why name lookup failed.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945362">
+</a>If you received "ftp: connect: Connection refused," the machine isn't running an FTP daemon. This is mildly unusual on Unix servers. Optionally, you might try this test by connecting to the machine using telnet instead of FTP; the messages are very similar and telnet uses TCP as well.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945364">
+</a>If there was a long pause, then "ftp: connect: Connection timed out," the machine isn't reachable. Return to the section <A CLASS="xref" HREF="ch09_02.html#ch09-84079">
+Section 9.2.2.4, Testing connections with ping</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945369">
+</a>If you received "530 Logon Incorrect," you connected successfully, but you've just found a different problem. You likely provided an incorrect username or password. Try again, making sure you use your username from the Unix server and type your password correctly.</p></li></ul></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-88968">
+9.2.4 Troubleshooting Server Daemons</a></h3><P CLASS="para">Once you've confirmed that TCP networking is working properly, the next step is to make sure the daemons are running on the server. This takes three separate tests because no single one of the following will decisively prove that they're working correctly.</p><P CLASS="para">
+To be sure they're running, you need to find out if:</p><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945374">
+</a>The daemon has started</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945375">
+</a>The daemons are registered or bound to a TCP/IP port by the operating system</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945376">
+</a>They're actually paying attention</p></li></ol><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-947020">
+9.2.4.1 Before you start</a></h4><P CLASS="para">
+First, check the logs. If you've started the daemons, the message "smbd version <EM CLASS="emphasis">
+some_number</em> started" should appear. If it doesn't, you will need to restart the Samba daemons.</p><P CLASS="para">
+If the daemon reports that it has indeed started, look out for "bind failed on port 139 socket_addr=0 (Address already in use)". This means another daemon has been started on port 139 (<EM CLASS="emphasis">smbd</em>). Also, <EM CLASS="emphasis">
+nmbd</em> will report a similar failure if it cannot bind to port 137. Either you've started them twice, or the <EM CLASS="emphasis">
+inetd</em> server has tried to provide a daemon for you. If it's the latter, we'll diagnose that in a moment.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-49239">
+9.2.4.2 Looking for daemon processes with ps</a></h4><P CLASS="para">
+Next, you need to see if the daemons have been started. Use the <CODE CLASS="literal">
+ps</code> command on the server with the <CODE CLASS="literal">
+long</code> option for your machine type (commonly <CODE CLASS="literal">
+ps</code> <CODE CLASS="literal">
+ax</code> or <CODE CLASS="literal">
+ps</code>    <CODE CLASS="literal">
+-ef</code>), and see if you have either <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em> already running. This often looks like the following:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> ps ax</b>
+</pre><PRE CLASS="programlisting">
+ PID TTY STAT TIME   COMMAND
+ 1   ?   S    0:03   init [2] 
+ 2   ?   SW   0:00   (kflushd)
+<EM CLASS="emphasis">
+(...many lines of processes...)</em> 
+ 234 ?   S    0:14   nmbd -D3
+ 237 ?   S    0:11   smbd -D3
+<EM CLASS="emphasis">
+(...more lines, possibly including more smbd lines...) </em></pre><P CLASS="para">
+This example illustrates that <EM CLASS="emphasis">
+smbd</em> and <EM CLASS="emphasis">
+nmbd</em> have already started as stand-alone daemons (the <CODE CLASS="literal">
+-D</code> option) at log level 3.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945392">
+9.2.4.3 Looking for daemons bound to ports</a></h4><P CLASS="para">
+Next, the daemons have to be registered with the operating system so they can get access to TCP/IP ports. The <CODE CLASS="literal">
+netstat</code> command will tell you if this has been done. Run the command <CODE CLASS="literal">
+netstat</code> <CODE CLASS="literal">
+-a</code> on the server, and look for lines mentioning <CODE CLASS="literal">
+netbios</code>, <CODE CLASS="literal">
+137</code> or <CODE CLASS="literal">
+139</code>:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> netstat -a </b>
+</pre><PRE CLASS="programlisting">
+Active Internet connections (including servers) 
+Proto Recv-Q Send-Q  Local Address          Foreign Address      (state) 
+udp   0      0       *.netbios-             *.* 
+tcp   0      0       *.netbios-             *.*                  LISTEN 
+tcp   8370   8760    server.netbios-        client.1439               
+ESTABLISHED </pre><P CLASS="para">
+or:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> netstat -a </b>
+</pre><PRE CLASS="programlisting">
+Active Internet connections (including servers) 
+Proto Recv-Q Send-Q  Local Address          Foreign Address        (state) 
+udp   0      0       *.137                  *.* 
+tcp   0      0       *.139                  *.*                    LISTEN 
+tcp   8370   8760    server.139             client.1439            ESTABLISHED </pre><P CLASS="para">
+Among many similar lines, there should be at least one UDP line for <CODE CLASS="literal">
+*.netbios-</code> or <CODE CLASS="literal">
+*.137</code>. This indicates that the <EM CLASS="emphasis">
+nmbd</em> server is registered and (we hope) is waiting to answer requests. There should also be at least one TCP line mentioning    <CODE CLASS="literal">
+*.netbios-</code> or <CODE CLASS="literal">
+*.139</code>, and it will probably be in the LISTENING state. This means that <EM CLASS="emphasis">
+smbd</em> is up and listening for connections.</p><P CLASS="para">
+There may be other TCP lines indicating connections from <EM CLASS="emphasis">
+smbd</em> to clients, one for each client. These are usually in the ESTABLISHED state. If there are <EM CLASS="emphasis">
+smbd</em> lines in the ESTABLISHED state, <EM CLASS="emphasis">
+smbd</em> is definitely running. If there is only one line in the LISTENING state, we're not sure yet. If both of the lines is missing, a daemon has not succeeded in starting, so it's time to check the logs and then go back to <a href="ch02_01.html"><b>Chapter 2</b></a>.</p><P CLASS="para">
+If there is a line for each client, it may be coming either from a Samba daemon or from the master IP daemon, <EM CLASS="emphasis">
+inetd</em>. It's quite possible that your <EM CLASS="emphasis">
+inetd</em> startup file contains lines that start Samba daemons without your realizing it; for instance, the lines may have been placed there if you installed Samba as part of a Linux distribution. The daemons started by <EM CLASS="emphasis">
+inetd</em> prevent ours from running. This problem typically produces log messages such as "bind failed on port 139 socket_addr=0 (Address already in use)."</p><P CLASS="para">
+Check your <I CLASS="filename">
+/etc/inetd.conf</i> ; unless you're intentionally starting the daemons from there, there <EM CLASS="emphasis">
+must not</em> be any <CODE CLASS="literal">
+netbios-ns</code> (udp port 137) or <CODE CLASS="literal">
+netbios-ssn</code> (tcp port 139) servers mentioned there. <EM CLASS="emphasis">
+inetd</em> is a daemon that provides numerous services, controlled by entries in <EM CLASS="emphasis">
+/etc/inetd.conf</em>. If your system is providing an SMB daemon via <EM CLASS="emphasis">
+inetd</em>, there will be lines like the following in the file:</p><PRE CLASS="programlisting">
+netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
+netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945425">
+9.2.4.4 Checking smbd with telnet</a></h4><P CLASS="para">
+Ironically, the easiest way to test that the <EM CLASS="emphasis">
+smbd</em> server is actually working is to send it a meaningless message and see if it rejects it. Try something like the following:</p><PRE CLASS="programlisting"><CODE CLASS="userinput"><B>echo hello | telnet localhost 139</b></code></pre><P CLASS="para">
+This sends an erroneous but harmless message to <EM CLASS="emphasis">
+smbd</em>. The <CODE CLASS="literal">
+hello</code> message is important. Don't try telneting to the port and typing just anything; you'll probably just hang your process. <CODE CLASS="literal">
+hello</code>, however, is generally a harmless message.</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> echo &quot;hello&quot; | telnet localhost 139 </b>
+</pre><PRE CLASS="programlisting">
+Trying
+Trying 192.168.236.86 ... 
+Connected to localhost. Escape character is '^]'. 
+Connection closed by foreign host. </pre><P CLASS="para">
+If you get a "Connected" message followed by a "Connection closed" message, the test was a success. You have an <EM CLASS="emphasis">
+smbd</em> daemon listening on the port and rejecting improper connection messages. On the other hand, if you get "telnet: connect: Connection refused," there is probably no daemon present. Check the logs and go back to <a href="ch01_01.html"><b>Chapter 2</b></a>.</p><P CLASS="para">
+Regrettably, there isn't an easy test for <EM CLASS="emphasis">
+nmbd</em>. If the <CODE CLASS="literal">
+telnet</code> test and the <CODE CLASS="literal">
+netstat</code> test both say that there is an <EM CLASS="emphasis">
+smbd</em> running, there is a good chance that <CODE CLASS="literal">
+netstat</code> will also be correct about <EM CLASS="emphasis">
+nmbd</em> running.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-67494">
+9.2.4.5 Testing daemons with testparm</a></h4><P CLASS="para">Once you know there's a daemon, you should always run <CODE CLASS="literal">
+testparm</code>, in hopes of getting:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server%</code> testparm </b>
+</pre><PRE CLASS="programlisting">
+Load smb config files from /opt/samba/lib/smb.conf
+Processing section &quot;[homes]&quot; 
+Processing section &quot;[printers]&quot; ... 
+Processing section &quot;[tmp]&quot; 
+Loaded services file OK. ... </pre><P CLASS="para">
+The <CODE CLASS="literal">
+testparm</code> program normally reports processing a series of sections, and responds with "Loaded services file OK" if it succeeds. If not, it will report one or more of the following messages, which will also appear in the logs as noted:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+<EM CLASS="emphasis">
+"Allow/Deny connection from account (n) to service"</em></dt><DD CLASS="listitem">
+<P CLASS="para">
+A <EM CLASS="emphasis">
+testparm</em>-only message produced if you have valid/invalid user options set in your <EM CLASS="emphasis">
+smb.conf</em>. You will want to make sure that you are on the valid user list, and that root, bin, etc., are on the invalid user list. If you don't, you will not be able to connect, or folks who shouldn't <EM CLASS="emphasis">
+will</em> be able to.</p></dd><DT CLASS="term">
+<EM CLASS="emphasis">
+"Warning: You have some share names that are longer than eight chars"</em></dt><DD CLASS="listitem">
+<P CLASS="para">
+For anyone using Windows for Workgroups and older clients. They will fail to connect to shares with long names, producing an overflow message that sounds confusingly like a memory overflow.</p></dd><DT CLASS="term">
+"Warning: [name] service MUST be printable!"</dt><DD CLASS="listitem">
+<P CLASS="para">
+A printer share lacks a <CODE CLASS="literal">
+printable</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option.</p></dd><DT CLASS="term">
+"No path in service name using [name]"</dt><DD CLASS="listitem">
+<P CLASS="para">
+A file share doesn't know which directory to provide to the user, or a print share doesn't know which directory to use for spooling. If no path is specified, the service will try to run with a path of <EM CLASS="emphasis">
+/tmp</em>, which may not be what you want.</p></dd><DT CLASS="term">
+"Note: Servicename is flagged unavailable"</dt><DD CLASS="listitem">
+<P CLASS="para">
+Just a reminder that you have used the <CODE CLASS="literal">
+available</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+no</code> option in a share.</p></dd><DT CLASS="term">
+"Can't find include file [name]" </dt><DD CLASS="listitem">
+<P CLASS="para">
+A configuration file referred to by an <CODE CLASS="literal">
+include</code> option did not exist. If you were including the file unconditionally, this is an error and probably a serious one: the share will not have the configuration you intended. If you were including it based one of the <CODE CLASS="literal">
+%</code> variables, such as <CODE CLASS="literal">
+%a</code> (architecture), you will need to decide if, for example, a missing Windows for Workgroups configuration file is a problem. It often isn't.</p></dd><DT CLASS="term">
+"Can't copy service name, unable to copy to itself"</dt><DD CLASS="listitem">
+<P CLASS="para">
+You tried to copy a <I CLASS="filename">
+smb.conf</i> section into itself.</p></dd><DT CLASS="term">
+"Unable to copy service&nbsp;- source not found: [name]"</dt><DD CLASS="listitem">
+<P CLASS="para">
+Indicates a missing or misspelled section in a <CODE CLASS="literal">
+copy</code> <CODE CLASS="literal">
+=</code> option.</p></dd><DT CLASS="term">
+"Ignoring unknown parameter name" </dt><DD CLASS="listitem">
+<P CLASS="para">
+Typically indicates an obsolete, misspelled or unsupported option.</p></dd><DT CLASS="term">
+"Global parameter name found in service section" </dt><DD CLASS="listitem">
+<P CLASS="para">
+Indicates a global-only parameter has been used in an individual share. Samba will ignore the parameter.</p></dd></dl><P CLASS="para">
+After the <CODE CLASS="literal">
+testparm</code> test, repeat it with (exactly) three parameters: the name of your <I CLASS="filename">
+smb.conf</i> file, the name of your client, and its IP address:</p><PRE CLASS="programlisting">testparm <CODE CLASS="replaceable"><I>samba_directory</i></code>/lib/smb.conf client 192.168.236.10</pre><P CLASS="para">
+This will run one more test that checks the host name and address against <CODE CLASS="literal">
+host</code> <CODE CLASS="literal">
+allow</code> and <CODE CLASS="literal">
+host</code> <CODE CLASS="literal">
+deny</code> options and may produce the "Allow/Deny connection from account account_name" to service message for the client machine. This message indicates you have valid/invalid host options in your <I CLASS="filename">
+smb.conf</i>, and they prohibit access from the client machine. Entering <CODE CLASS="literal">
+testparm</code> <CODE CLASS="literal">
+/usr/local/lib/experimental.conf</code> is also an effective way to test an experimental <I CLASS="filename">
+smb.conf</i> file before putting it into production.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-945478">9.2.5 Troubleshooting SMB Connections</a></h3><P CLASS="para">Now that you know the servers are up, you need to make sure that they're running properly. We start with the <I CLASS="filename">
+smb.conf</i> file in the <CODE CLASS="replaceable">
+<I>
+samba_directory</i></code><I CLASS="filename">
+/lib</i> directory.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-67928">
+9.2.5.1 A minimal smb.conf file</a></h4><P CLASS="para">
+In the following tests, we assume you have a <CODE CLASS="literal">
+[temp]</code> share suitable for testing, plus at least one account. An <I CLASS="filename">
+smb.conf</i> file that includes just these is:</p><PRE CLASS="programlisting">
+[global] 
+    workgroup = <CODE CLASS="replaceable">
+<I>
+EXAMPLE</i></code> 
+    security = user
+    browsable = yes 
+    local master = yes 
+[homes] 
+    guest ok = no 
+    browseble = no
+[temp] 
+    path = /tmp 
+    public = yes </pre><P CLASS="para">
+A word of warning: the <CODE CLASS="literal">
+public</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option in the <CODE CLASS="literal">
+[temp]</code> share is just for testing. You probably don't want people without accounts to be able to store things on your Samba server, so you should comment it out when you're done.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-40595">
+9.2.5.2 Testing locally with smbclient</a></h4><P CLASS="para">The first test is to ensure the server can list its own services (shares). Run the command <CODE CLASS="literal">
+smbclient</code> with a <CODE CLASS="literal">
+-L</code> option of <CODE CLASS="literal">
+localhost</code> to connect to itself, and a <CODE CLASS="literal">
+-U</code> option of just <CODE CLASS="literal">
+%</code> to specify the guest user. You should see the following: </p><PRE CLASS="programlisting">server% <CODE CLASS="userinput"><B>smbclient -L localhost -U% </b></code>
+Server time is Wed May 27 17:57:40 1998 Timezone is UTC-4.0
+Server=[localhost] 
+User=[davecb] 
+Workgroup=[EXAMPLE] 
+Domain=[EXAMPLE]
+	Sharename      Type      Comment 
+	---------           -----       ----------
+	temp               Disk
+	IPC$               IPC       IPC Service (Samba 1.9.18) 
+	homes            Disk       Home directories
+This machine does not have a browse list </pre><P CLASS="para">
+If you received this output, move on to the next test, <A CLASS="xref" HREF="ch09_02.html#ch09-77154">
+Section 9.2.5.3, Testing connections with smbclient</a>. On the other hand, if you receive an error, check the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-950443">
+</a>If you get "Get_hostbyname: unknown host localhost," either you've spelled its name wrong or there actually is a problem (which should have been seen back in <A CLASS="xref" HREF="ch09_02.html#ch09-20350">
+Section 9.2.2.2</a>) In the latter case, move on to "Troubleshooting Name Services."</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945526">
+</a>If you get "Connect error: Connection refused," the server machine was found, but it wasn't running an <EM CLASS="emphasis">
+nmbd</em> daemon. Skip back to <A CLASS="xref" HREF="ch09_02.html#ch09-88968">
+Section 9.2.4</a>, and retest the daemons.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945531">
+</a>If you get the message "Your server software is being unfriendly," the initial session request packet got a garbage response from the server. The server may have crashed or started improperly. The common causes of this can be discovered by scanning the logs for:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945533">
+</a>Invalid command-line parameters to <EM CLASS="emphasis">
+smbd</em>; see the <EM CLASS="emphasis">
+smbd</em> manual page.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945534">
+</a>A fatal problem with the <I CLASS="filename">
+smb.conf</i> file that prevents the startup of <EM CLASS="emphasis">
+smbd</em>. Always check your changes, as was done in the section <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5, Testing daemons with testparm</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947160">
+</a>The directories where Samba keeps its log and lock files are missing.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947165">
+</a>There is already a server on the port (139 for <EM CLASS="emphasis">
+smbd</em>, 137 for <EM CLASS="emphasis">
+nmbd  </em>), preventing it from starting.</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945543">
+</a>If you're using <EM CLASS="emphasis">
+inetd</em> instead of stand-alone daemons, check your <I CLASS="filename">
+/etc/inetd.conf</i> and <I CLASS="filename">
+/etc/services</i> entries against their manual pages for errors as well.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945544">
+</a>If you get a <CODE CLASS="literal">
+Password:</code> prompt, your guest account is not set up properly. The <CODE CLASS="literal">
+%U</code> option tells <EM CLASS="emphasis">
+smbclient</em> to do a "null login," which requires that the guest account be present but does not require it to have any privileges.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947172">
+</a>If you get the message "SMBtconX failed. ERRSRV&nbsp;- ERRaccess," you aren't permitted access to the server. This normally means you have a <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+hosts</code> option that doesn't include the server, or an <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+hosts</code> option  that does. Recheck with the command <CODE CLASS="literal">
+testparm</code> <CODE CLASS="literal">
+smb.conf</code> <CODE CLASS="replaceable">
+<I>
+your_hostname</i></code> <CODE CLASS="replaceable">
+<I>
+your_ip_address</i></code> (see the section <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5</a>) and correct any unintended prohibitions. </p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-77154">
+9.2.5.3 Testing connections with smbclient</a></h4><P CLASS="para">Run the command <CODE CLASS="literal"> smbclient</code><CODE CLASS="literal">\\</code><CODE CLASS="replaceable"><I>server</i></code><CODE CLASS="literal">\temp</code>, which connects to your server's   <I CLASS="filename">
+/tmp</i> share, to see if you can connect to a file service. You should get the following response:</p><PRE CLASS="programlisting"><B CLASS="emphasis.bold"><CODE CLASS="literal">server% </code>smbclient '\\server\temp' </b>
+</pre><PRE CLASS="programlisting">
+Server time is Tue May  5 09:49:32 1998 Timezone is UTC-4.0 Password:
+<B CLASS="emphasis.bold"><CODE CLASS="literal">
+smb:\&gt;</code> quit</b></pre><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947183">
+</a>If you get "Get_Hostbyname: Unknown host name," "Connect error: Connection refused," or "Your server software is being unfriendly," see the section <A CLASS="xref" HREF="ch09_02.html#ch09-40595">
+Section 9.2.5.2, Testing locally with smbclient</a> for the diagnoses.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947188">
+</a>If you get the message "servertemp: Not enough `\' characters in service," you likely didn't quote the address, so Unix stripped off backslashes. You can also write the command:</p></li></ul><PRE CLASS="programlisting"><CODE CLASS="literal">smbclient</code> <CODE CLASS="literal">\\\\</code><CODE CLASS="replaceable"><I>server</i></code><CODE CLASS="literal">\\temp</code> </pre><P CLASS="para">
+or: </p><PRE CLASS="programlisting">smbclient //<CODE CLASS="replaceable"><I>server</i></code>/temp </pre><P CLASS="para">
+Now, provide your Unix account password to the <CODE CLASS="literal">
+Password</code> prompt. If you then get an <CODE CLASS="literal">
+smb\&gt;</code> prompt, it worked. Enter <CODE CLASS="literal">
+quit</code>, and continue on to <A CLASS="xref" HREF="ch09_02.html#ch09-97081">
+Section 9.2.5.4, Testing connections with NET USE</a>. If you then get "SMBtconX failed. ERRSRV&nbsp;- ERRinvnetname," the problem can be any of the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947201">
+</a>A wrong share name: you may have spelled it wrong, it may be too long, it may be in mixed case, or it may not be available. Check that it's what you expect with testparm (see the section <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5</a>.)</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947205">
+</a><CODE CLASS="literal">
+security</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+share</code>, in which you may have to add <CODE CLASS="replaceable">
+<I>
+-U your_account</i></code> to the <EM CLASS="emphasis">
+smbclient</em> command, or know the password of a Unix account named temp. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945578">
+</a>An erroneous username.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945579">
+</a>An erroneous password.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945580">
+</a>An <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> or <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> option in your <EM CLASS="emphasis">
+smb.conf</em> file that doesn't allow your account to connect. Recheck with <CODE CLASS="literal">
+testparm</code> <CODE CLASS="literal">
+smb.conf</code> <CODE CLASS="replaceable">
+<I>
+your_hostname your_ip_address</i></code> (see <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5</a>).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945584">
+</a>A <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+hosts</code> option that doesn't include the server, or an <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+hosts</code> option that does. Also test this with <EM CLASS="emphasis">
+testparm</em>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945585">
+</a>A problem in authentication, such as if shadow passwords or the PAM (Password Authentication Module) is used on the server, but Samba is not compiled to use it. This is rare, but occasionally happens when a SunOS 4 Samba binary (no shadow passwords) is run without recompilation on a Solaris system (with shadow passwords).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945586">
+</a>The <CODE CLASS="literal">
+encrypted</code> <CODE CLASS="literal">
+passwords</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option in the configuration file, but no password for your account in the <EM CLASS="emphasis">
+smbpasswd</em> file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945587">
+</a>You have a null password entry, either in Unix <I CLASS="filename">
+/etc/passwd</i> or in the <EM CLASS="emphasis">
+smbpasswd</em> file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945588">
+</a>You are connecting to <CODE CLASS="literal">
+[temp]</code>, and you do not have the <CODE CLASS="literal">
+guest</code> <CODE CLASS="literal">
+ok</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> option in the <CODE CLASS="literal">
+[temp]</code> section of the <EM CLASS="emphasis">
+smb.conf</em> file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947992">
+</a>You are connecting to <CODE CLASS="literal">
+[temp]</code> before connecting to your home directory, and your guest account isn't set up correctly. If you can connect to your home directory and then connect to <CODE CLASS="literal">
+[temp]</code>, that's the problem. See <a href="ch02_01.html"><b>Chapter 2</b></a> for more information on creating a basic Samba configuration file.</p><P CLASS="para">
+A bad guest account will also prevent you from printing or browsing until after you've logged in to your home directory. </p></li></ul><P CLASS="para">
+There is one more reason for this failure that has nothing at all to do with passwords: the <CODE CLASS="literal">
+path</code> <CODE CLASS="literal">
+=</code>  line in your <I CLASS="filename">
+smb.conf</i> file may point somewhere that doesn't exist. This will not be diagnosed by <EM CLASS="emphasis">
+testparm</em>, and most SMB clients can't tell it from other types of bad user accounts. You will have to check it manually.</p><P CLASS="para">
+Once you have connected to <CODE CLASS="literal">
+[temp]</code> successfully, repeat the test, this time logging in to your home directory (e.g., map network drive <CODE CLASS="replaceable">
+<I>
+server</i></code><CODE CLASS="literal">
+\davecb</code>) looking for failures in doing that. If you have to change anything to get that to work, re-test <CODE CLASS="literal">
+[temp]</code> again afterwards.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-97081">
+9.2.5.4 Testing connections with NET USE</a></h4><P CLASS="para">Run the command <CODE CLASS="literal">
+net</code> <CODE CLASS="literal">use</code> <CODE CLASS="literal">* </code><CODE CLASS="literal">\</code><CODE CLASS="replaceable"><I>server</i></code><CODE CLASS="literal">\temp</code> on the DOS or Windows client to see if it can connect to the server. You should be prompted for a password, then receive the response "The command was completed successfully," as shown in <A CLASS="xref" HREF="ch09_02.html#ch09-99328">
+Figure 9.2</a>.    </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch09-99328">
+Figure 9.2: Results of the NET USE command</a></h4><IMG CLASS="graphic" SRC="figs/sam.0902.gif" ALT="Figure 9.2"><P CLASS="para">
+If that succeeded, continue with the steps in the section <A CLASS="xref" HREF="ch09_02.html#ch09-57065">
+Section 9.2.5.5, Testing connections with Windows Explorer</a>. Otherwise:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945608">
+</a>If you get "The specified shared directory cannot be found," or "Cannot locate specified share name," the directory name is either misspelled or not in the <EM CLASS="emphasis">
+smb.conf</em> file. This message can also warn of a name in mixed case, including spaces, or is longer than eight characters.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945610">
+</a>If you get "The computer name specified in the network path cannot be located," or "Cannot locate specified computer," the directory name has been misspelled, the name service has failed, there is a networking problem, or the <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> <CODE CLASS="literal">
+=</code> option includes your host.</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945612">
+</a>If it is not a spelling mistake, you need to double back to at least the section <A CLASS="xref" HREF="ch09_02.html#ch09-77154">
+Section 9.2.5.3</a>, to investigate why it doesn't connect.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945617">
+</a>If <EM CLASS="emphasis">
+smbclient</em> does work, it's a name service problem with the client name service, and you need to go forward to the section <A CLASS="xref" HREF="ch09_02.html#ch09-12446">
+Section 9.2.6.2, Testing the server with nmblookup</a>, and see if you can look up both client and server with <EM CLASS="emphasis">
+nmblookup</em>.</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945622">
+</a>If you get "The password is invalid for <CODE CLASS="literal">\</code><CODE CLASS="replaceable"><I>server</i></code><CODE CLASS="literal">\</code><CODE CLASS="replaceable"><I>username</i></code>," your locally cached copy on the client doesn't match the one on the server. You will be prompted for a replacement.</p></li></ul><P CLASS="para">
+Windows 95 and 98 clients keep a local <EM CLASS="emphasis">
+password</em> file, but it's really just a cached copy of the password it sends to Samba and NT servers to authenticate you. That's what is being prompted for here. You can still log on to a Windows machine without a password (but not to NT).</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+If you provide your password, and it still fails, your password is not being matched on the server, you have a <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> or <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> list denying you permission, NetBEUI is interfering, or the encrypted password problem described in the next paragraph exists.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945627">
+</a>If your client is NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98 or any of these with Internet Explorer 4.0, these default to using Microsoft encryption for passwords (discussed in <a href="ch06_01.html"><b>Chapter 6, <CITE CLASS="chapter">Users, Security, and Domains</cite></b></a>'s <a href="ch06_04.html"><b>Section 6.4, Passwords</b> in <b>Chapter 6</b></a> section, along with the alternatives). In general, if you have installed a major Microsoft product recently, you may have applied an update and turned on encrypted passwords.</p></li></ul><P CLASS="para">
+Because of Internet Explorer's willingness to honor URLs such as <I CLASS="filename">
+file://somehost/somefile</i> by making SMB connections, clients up to and including Windows 95 Patch Level 2 would happily send your password, in plaintext, to SMB servers anywhere on the Internet. This was considered a bad idea, and Microsoft quite promptly switched to using only encrypted passwords in the SMB protocol. All subsequent releases of their products have included this correction. Encrypted passwords aren't actually needed unless you're using Internet Explorer 4.0 without a firewall, so it's reasonable to keep using unencrypted passwords on your own networks.</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-953889">
+</a>If you have a mixed-case password on Unix, the client is probably sending it in all one case. If changing your password to all one case works, this was the problem. Regrettably, all but the oldest clients support uppercase passwords, so Samba will try once with it in uppercase and once in lower case. If you wish to use mixed-case passwords, see the <CODE CLASS="literal">
+password</code> <CODE CLASS="literal">
+level</code> option in  <a href="ch06_01.html"><b>Chapter 6</b></a> for a workaround.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-953895">
+</a>You may have a <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> problem, as tested with <EM CLASS="emphasis">
+smbclient</em> (see <A CLASS="xref" HREF="ch09_02.html#ch09-77154">
+Section 9.2.5.3</a>).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945642">
+</a>You may have the NetBEUI protocol bound to the Microsoft client. This often produces long timeouts and erratic failures, and is known to have caused failures to accept passwords in the past.</p></li></ul><P CLASS="para">
+The term "bind" is used to mean connecting a piece of software to another in this case. The Microsoft SMB client is "bound to" TCP/IP in the bindings section of the TCP/IP properties panel under the Windows 95/98 Network icon in the Control Panel. TCP/IP in turn is bound to an Ethernet card. This is not the same sense of the word as binding an SMB daemon to a TCP/IP port.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-57065">9.2.5.5 Testing connections with Windows Explorer</a></h4><P CLASS="para">Start Windows Explorer or NT Explorer (not Internet Explorer), select Tools&#8594;Map Network Drive and specify \\<CODE CLASS="replaceable">
+<I>
+server</i></code>\<CODE CLASS="literal">
+temp</code> to see if you can make Explorer connect to the <I CLASS="filename">
+/tmp</i> directory. You should see a screen similar to the one in <A CLASS="xref" HREF="ch09_02.html#ch09-74414">
+Figure 9.3</a>. If so, you've succeeded and can skip to <A CLASS="xref" HREF="ch09_02.html#ch09-23573">
+Section 9.2.6, Troubleshooting Browsing </a>.  </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch09-74414">
+Figure 9.3: Accessing the /tmp directory with Windows Explorer</a></h4><IMG CLASS="graphic" SRC="figs/sam.0903.gif" ALT="Figure 9.3"><P CLASS="para">
+A word of caution: Windows Explorer and NT Explorer are rather poor as diagnostic tools: they do tell you that something's wrong, but rarely what it is. If you get a failure, you'll need to track it down with the NET USE command, which has far superior error reporting:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945661">
+</a>If you get "The password for this connection that is in your password file is no longer correct," you may have any of the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945662">
+</a>Your locally cached copy on the client doesn't match the one on the server.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945663">
+</a>You didn't provide a username and password when logging on to the client. Most Explorers will continue to send a username and password of null, even if you provide a password.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945664">
+</a>You have misspelled the password.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945665">
+</a>You have an <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> or <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> list denying permission.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945666">
+</a>Your client is NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98, or any of these with Internet Explorer 4. They will all want encrypted passwords.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945667">
+</a>You have a mixed-case password, which the client is supplying in all one case.</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945669">
+</a>If you get "The network name is either incorrect, or a network to which you do not have full access," or "Cannot locate specified computer," you may have any of the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945671">
+</a> Misspelled name</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945672">
+</a> Malfunctioning service </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945673">
+</a> Failed share</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945674">
+</a> Networking problem</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945675">
+</a> Bad <CODE CLASS="literal">
+path</code> line</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945676">
+</a> <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> line that excludes you</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945677">
+</a>If you get "You must supply a password to make this connection," the password on the client is out of synchronization with the server, or this is the first time you've tried from this client machine and the client hasn't cached it locally yet.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945681">
+</a>If you get "Cannot locate specified share name," you have a wrong share name or a syntax error in specifying it, a share name longer than eight characters, or one containing spaces or in mixed case.</p></li></ul><P CLASS="para">
+Once you can reliably connect to the <CODE CLASS="literal">
+[temp]</code> directory, try once again, this time using your home directory. If you have to change something to get home directories working, then retest with <CODE CLASS="literal">
+[temp]</code>, and vice versa, as we showed in the section <A CLASS="xref" HREF="ch09_02.html#ch09-97081">
+Section 9.2.5.4</a>. As always, if Explorer fails, drop back to that section and debug it there.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-23573">9.2.6 Troubleshooting Browsing </a></h3><P CLASS="para">Finally, we come to browsing. This was left to last, not because it is hardest, but because it's both optional and partially dependent on a protocol that doesn't guarantee delivery of a packet. Browsing is hard to diagnose if you don't already know all the other services are running. </p><P CLASS="para">
+Browsing is purely optional: it's just a way to find the servers on your net and the shares that they provide. Unix has nothing of the sort and happily does without. Browsing also assumes all your machines are on a local area network (LAN) where broadcasts are allowable.</p><P CLASS="para">
+First, the browsing mechanism identifies a machine using the unreliable UDP protocol; then it makes a normal (reliable) TCP/IP connection to list the shares the machine provides.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-96207">
+9.2.6.1 Testing browsing with smbclient </a></h4><P CLASS="para">We'll start with testing the reliable connection first. From the server, try listing its own shares via <EM CLASS="emphasis">
+smbclient</em> with a <CODE CLASS="literal">
+-L</code> option of your server's name. You should get: </p><PRE CLASS="programlisting">server% <CODE CLASS="userinput"><B>smbclient -L server</b></code> 
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Server time is Tue Apr 28 09:57:28 1998 Timezone is UTC-4.0 
+Password: 
+Domain=[EXAMPLE] 
+OS=[Unix] 
+Server=[Samba 1.9.18]
+Server=[server] 
+User=[davecb] 
+Workgroup=[EXAMPLE] 
+Domain=[EXAMPLE]
+   Sharename      Type      Comment    
+   ---------      ----      -------    
+    cdrom          Disk      CD-ROM    
+    cl             Printer   Color Printer 1    
+    davecb         Disk      Home Directories
+
+ This machine has a browse list:
+   Server         Comment    
+   ---------      -------    
+   SERVER          Samba 1.9.18
+
+ This machine has a workgroup list:
+   Workgroup      Master    
+    ---------      -------    
+    EXAMPLE        SERVER</pre><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-950922">
+</a>If you didn't get a Sharename list, the server is not allowing you to browse any shares. This should not be the case if you've tested any of the shares with Windows Explorer or the NET USE command. If you haven't done the <CODE CLASS="literal">
+smbclient</code> <CODE CLASS="literal">
+-L</code> <CODE CLASS="literal">
+localhost</code> <CODE CLASS="literal">
+-U%</code> test yet (see <A CLASS="xref" HREF="ch09_02.html#ch09-40595">
+Section 9.2.5.2</a>), do it now. An erroneous guest account can prevent the shares from being seen. Also, check the <I CLASS="filename">
+smb.conf</i> file to make sure you do not have the option <CODE CLASS="literal">
+browsable</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+no</code> anywhere in it: we suggest a minimal <I CLASS="filename">
+smb.conf</i> file (see <A CLASS="xref" HREF="ch09_02.html#ch09-67928">
+Section 9.2.5.1, A minimal smb.conf file</a>) for you to steal from. You need to have <CODE CLASS="literal">
+browseable</code> enabled in order to be able to see at least the <CODE CLASS="literal">
+[temp]</code> share.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945728">
+</a>If you didn't get a browse list, the server is not providing information about the machines on the network. At least one machine on the net must support browse lists. Make sure you have <CODE CLASS="literal">
+local</code> <CODE CLASS="literal">
+master</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> in the <I CLASS="filename">
+smb.conf</i> file if you want Samba be the local master browser.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945730">
+</a>If you got a browse list but didn't get <EM CLASS="emphasis">
+/tmp</em>, you probably have a <I CLASS="filename">
+smb.conf</i> problem. Go back to <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945734">
+</a>If you didn't get a workgroup list with your workgroup name in it, it is possible that your workgroup is set incorrectly in the <I CLASS="filename">
+smb.conf</i> file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945735">
+</a>If you didn't get a workgroup list at all, ensure that <CODE CLASS="literal">
+workgroup</code> <CODE CLASS="literal">
+=EXAMPLE</code> is present in the <I CLASS="filename">
+smb.conf</i> file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945736">
+</a>If you get nothing, try once more with the options <CODE CLASS="literal">
+-I</code> <CODE CLASS="replaceable">
+<I>
+ip_address</i></code> <CODE CLASS="literal">
+-n</code> <CODE CLASS="replaceable">
+<I>
+netbios_name</i></code> <CODE CLASS="literal">
+-W</code> <CODE CLASS="replaceable">
+<I>
+workgroup</i></code> <CODE CLASS="literal">
+-d3</code> with the NetBIOS and workgroup name in uppercase. (The <CODE CLASS="literal">
+-d</code> <CODE CLASS="literal">
+3</code> option sets the log /debugging level to 3.)</p></li></ul><P CLASS="para">
+If you're still getting nothing, you shouldn't have gotten this far. Double back to at least <A CLASS="xref" HREF="ch09_02.html#ch09-78512">
+Section 9.2.3.1, Testing TCP with FTP </a>, or perhaps <A CLASS="xref" HREF="ch09_02.html#ch09-84079">
+Section 9.2.2.4</a>. On the other hand:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945746">
+</a>If you get "SMBtconX failed. ERRSRV&nbsp;- ERRaccess," you aren't permitted access to the server. This normally means you have a <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+hosts</code> option that doesn't include the server, or an invalid hosts option that does.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945748">
+</a> If you get "Bad password," then you presumably have one of the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945749">
+</a> An incorrect <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> or <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> line</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945750">
+</a> An incorrect <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> or <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> line</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945751">
+</a> A lowercase password and OS/2 or Windows for Workgroups clients</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945752">
+</a> A missing or invalid guest account</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+Check what your guest account is (see <A CLASS="xref" HREF="ch09_02.html#ch09-40595">
+Section 9.2.5.2</a>) and verify your <I CLASS="filename">
+smb.conf</i> file with <CODE CLASS="literal">
+testparm</code> <CODE CLASS="literal">
+smb.conf</code> <CODE CLASS="replaceable">
+<I>
+your_hostname your_ip_address</i></code> (see <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5</a>) and change or comment out any <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code>, <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code>, <CODE CLASS="literal">
+valid</code> <CODE CLASS="literal">
+users</code> or <CODE CLASS="literal">
+invalid</code> <CODE CLASS="literal">
+users</code> lines.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945761">
+</a>If you get "Connection refused," the <EM CLASS="emphasis">
+smbd</em> server is not running or has crashed. Check that it's up, running, and listening to the network with <EM CLASS="emphasis">
+netstat</em>, see step <A CLASS="xref" HREF="ch09_02.html#ch09-67494">
+Section 9.2.4.5</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-952948">
+</a>If you get "Get_Hostbyname: Unknown host name," you've made a spelling error, there is a mismatch between Unix and NetBIOS hostname, or there is a name service problem. Start nameservice debugging with <A CLASS="xref" HREF="ch09_02.html#ch09-97081">
+Section 9.2.5.4</a>. If this works, suspect a name mismatch and go to step <A CLASS="xref" HREF="ch09_02.html#ch09-35552">
+Section 9.2.10, Troubleshooting NetBIOS Names</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945777">
+</a>If you get "Session request failed," the server refused the connection. This usually indicates an internal error, such as insufficient memory to fork a process.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945778">
+</a>If you get "Your server software is being unfriendly," the initial session request packet received a garbage response from the server. The server may have crashed or started improperly. Go back to <A CLASS="xref" HREF="ch09_02.html#ch09-40595">
+Section 9.2.5.2</a>, where the problem is first analyzed.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945785">
+</a>If you suspect the server is not running, go back to <A CLASS="xref" HREF="ch09_02.html#ch09-49239">
+Section 9.2.4.2, Looking for daemon processes with ps</a> to see why the server daemon isn't responding.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-12446">9.2.6.2 Testing the server with nmblookup</a></h4><P CLASS="para">
+This will test the "advertising" system used for Windows name services and browsing. Advertising works by broadcasting one's presence or willingness to provide services. It is the part of browsing that uses an unreliable protocol (UDP), and works only on broadcast networks like Ethernets. The <EM CLASS="emphasis">
+nmblookup</em> program broadcasts name queries for the hostname you provide, and returns its IP address and the name of the machine, much like <EM CLASS="emphasis">
+nslookup</em> does with DNS. Here, the <CODE CLASS="literal">
+-d</code> (debug- or log-level) option, and the <CODE CLASS="literal">
+-B</code> (broadcast address) options direct queries to specific machines.</p><P CLASS="para">
+First, we check the server from itself. Run <EM CLASS="emphasis">
+nmblookup</em> with a <CODE CLASS="literal">
+-B</code> option of your server's name to tell it to send the query to the Samba server, and a parameter of  <CODE CLASS="literal">
+__SAMBA__</code> as the symbolic name to look up. You should get: </p><PRE CLASS="programlisting">server% <B CLASS="emphasis.bold">nmblookup -B </b><CODE CLASS="replaceable"><I>server</i></code> <B CLASS="emphasis.bold">__SAMBA__ </b>
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 
+Sending queries to 192.168.236.86 192.168.236.86 __SAMBA__ </pre><P CLASS="para">
+You should get the IP address of the server, followed by the name <CODE CLASS="literal">
+__SAMBA__ </code>, which means that the server has successfully advertised that it has a service called <CODE CLASS="literal">
+__SAMBA__ </code>, and therefore at least part of NetBIOS nameservice works.</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945802">
+</a>If you get "Name_query failed to find name __SAMBA__" you may have specified the wrong address to the <CODE CLASS="literal">
+-B</code> option, or <EM CLASS="emphasis">
+nmbd</em> is not running. The <CODE CLASS="literal">
+-B</code> option actually takes a broadcast address: we're using a machine-name to get a unicast address, and to ask server if it has claimed <CODE CLASS="literal">
+__SAMBA__</code>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947471">
+</a>Try again with <CODE CLASS="literal">
+-B</code><CODE CLASS="replaceable">
+<I>
+ ip_address</i></code>, and if that fails too, <EM CLASS="emphasis">
+nmbd</em> isn't claiming the name. Go back briefly to "Testing daemons with testparm" to see if <EM CLASS="emphasis">
+nmbd</em> is running. If so, it may not claiming names; this means that Samba is not providing the browsing service&nbsp;- a configuratiuon problem. If that is the case, make sure that <I CLASS="filename">
+smb.conf</i> doesn't contain the option <CODE CLASS="literal">
+browsing</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+no</code>.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-32122">
+9.2.6.3 Testing the client with nmblookup</a></h4><P CLASS="para">
+Next, check the IP address of the client from the server with <EM CLASS="emphasis">
+nmblookup</em> using <CODE CLASS="literal">
+-B</code> option for the client's name and a parameter of <CODE CLASS="literal">
+'*'</code> meaning "anything," as shown here: </p><PRE CLASS="programlisting">server% <B CLASS="emphasis.bold">nmblookup -B client '*'</b> 
+Sending queries to 192.168.236.10 192.168.236.10 *
+Got a positive name query response from 192.168.236.10 (192.168.236.10)</pre><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945817">
+</a>If you receive "Name-query failed to find name *," you have made a spelling mistake, or the client software on the PC isn't installed, started, or bound to TCP/IP. Double back to <a href="ch02_01.html"><b>Chapter 2</b></a> or <a href="ch03_01.html"><b>Chapter 3</b></a> and ensure you have a client installed and listening to the network. </p></li></ul><P CLASS="para">
+Repeat the command with the following options if you had any failures:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945824">
+</a>If <CODE CLASS="literal">
+nmblookup</code> <CODE CLASS="literal">
+-B</code> <CODE CLASS="replaceable">
+<I>
+client_IP_address</i></code>  succeeds but <CODE CLASS="literal">
+-B</code> <CODE CLASS="replaceable">
+<I>
+client_name</i></code> fails, there is a name service problem with the client's name; go to <A CLASS="xref" HREF="ch09_02.html#ch09-23768">
+Section 9.2.8</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945825">
+</a>If <CODE CLASS="literal">
+nmblookup</code> <CODE CLASS="literal">
+-B</code> <CODE CLASS="literal">
+127.0.0.1'*'</code> succeeds, but <CODE CLASS="literal">
+-B</code> <CODE CLASS="replaceable">
+<I>
+client_IP_address</i></code> fails, there is a hardware problem and ping should have failed. See your network manager. </p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-98123">
+9.2.6.4 Testing the network with nmblookup</a></h4><P CLASS="para">
+Run the command <EM CLASS="emphasis">
+nmblookup</em> again with a <CODE CLASS="literal">
+-d</code> option (debug level) of 2 and a parameter of <CODE CLASS="literal">
+'*'</code> again. This time we are testing the ability of programs (such as <EM CLASS="emphasis">
+nmbd </em>) to use broadcast. It's essentially a connectivity test, done via a broadcast to the default broadcast address. </p><P CLASS="para">
+A number of NetBIOS/TCP-IP hosts on the network should respond with "got a positive name query response" messages. Samba may not catch all of the responses in the short time it listens, so you won't always see all the SMB clients on the network. However, you should see most of them:</p><PRE CLASS="programlisting">server% <B CLASS="emphasis.bold">nmblookup -d 2 '*' </b>
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Sending queries to 192.168.236.255 
+Got a positive name query response from 192.168.236.191 (192.168.236.191) 
+Got a positive name query response from 192.168.236.228 (192.168.236.228) 
+Got a positive name query response from 192.168.236.75 (192.168.236.75) 
+Got a positive name query response from 192.168.236.79 (192.168.236.79) 
+Got a positive name query response from 192.168.236.206 (192.168.236.206) 
+Got a positive name query response from 192.168.236.207 (192.168.236.207) 
+Got a positive name query response from 192.168.236.217 (192.168.236.217) 
+Got a positive name query response from 192.168.236.72 (192.168.236.72) 192.168.236.86 * </pre><P CLASS="para">
+However:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945841">
+</a>If this doesn't give at least the client address you previously tested, the default broadcast address is wrong. Try <CODE CLASS="literal">
+nmblookup</code> <CODE CLASS="literal">
+-B</code> <CODE CLASS="literal">
+255.255.255.255</code> <CODE CLASS="literal">
+-d</code> <CODE CLASS="literal">
+2</code> <CODE CLASS="literal">
+'*'</code>, which is a last-ditch variant (a broadcast address of all ones). If this draws responses, the broadcast address you've been using before is wrong. Troubleshooting these is discussed in the <A CLASS="xref" HREF="ch09_02.html#ch09-45060">
+Section 9.2.9.2, Broadcast addresses</a> section, later in this chapter.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-951306">
+</a>If the address 255.255.255.255 fails too, check your notes to see if your PC and server are on different subnets, as discovered in <A CLASS="xref" HREF="ch09_02.html#ch09-84079">
+Section 9.2.2.4</a>. You should try to diagnose this with a server and client on the same subnet, but if you can't, you can try specifying the remote subnet's broadcast address with <CODE CLASS="literal">
+-B</code>. Finding that address is discussed in the same place as troubleshooting broadcast addresses, in the section <A CLASS="xref" HREF="ch09_02.html#ch09-45060">
+Section 9.2.9.2</a>, later in this chapter. The <CODE CLASS="literal">
+-B</code> option will work if your router supports directed broadcasts; if it doesn't, you may be forced to test with a client on the same network.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-947520">
+9.2.6.5 Testing client browsing with net view</a></h4><P CLASS="para">On the client, run the command <CODE CLASS="replaceable"><I>net view \\server</i></code> in a DOS window to see if you can connect to the client and ask what shares it provides. You should get back a list of available shares on the server, as shown in <A CLASS="xref" HREF="ch09_02.html#ch09-83710">
+Figure 9.4</a>.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch09-83710">
+Figure 9.4: Using the net view command</a></h4><IMG CLASS="graphic" SRC="figs/sam.0904.gif" ALT="Figure 9.4"><P CLASS="para">
+If you received this, continue with the section <A CLASS="xref" HREF="ch09_02.html#ch09-21713">
+Section 9.2.7, Other Things that Fail</a>.</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-953009">
+</a>If you get "Network name not found" for the name you just tested in the section <A CLASS="xref" HREF="ch09_02.html#ch09-32122">
+Section 9.2.6.3, Testing the client with nmblookup</a>, there is a problem with the client software itself. Double-check this by running <EM CLASS="emphasis">
+nmblookup</em> on the client; if it works and NET VIEW doesn't, the client is at fault.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945868">
+</a>Of course, if <EM CLASS="emphasis">
+nmblookup</em> fails, there is a NetBIOS nameservice problem, as discussed in the section <A CLASS="xref" HREF="ch09_02.html#ch09-35552">
+Section 9.2.10</a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945874">
+</a>If you get "You do not have the necessary access rights," or "This server is not configured to list shared resources," either your guest account is misconfigured (see <A CLASS="xref" HREF="ch09_02.html#ch09-40595">
+Section 9.2.5.2</a>), or you have a <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+allow</code> or <CODE CLASS="literal">
+hosts</code> <CODE CLASS="literal">
+deny</code> line that prohibits connections from your machine. These problems should have been detected by the <EM CLASS="emphasis">
+smbclient</em> tests starting in the section <A CLASS="xref" HREF="ch09_02.html#ch09-96207">
+Section 9.2.6.1, Testing browsing with smbclient </a>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945882">
+</a>If you get "The specified computer is not receiving requests," you have misspelled the name, the machine is unreachable by broadcast (tested in "Testing the network with nmblookup"), or it's not running <EM CLASS="emphasis">
+nmbd</em>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-954090">
+</a>If you get "Bad password error," you're probably encountering the Microsoft-encrypted password problem, as discussed in <a href="ch06_01.html"><b>Chapter 6</b></a>, with its corrections.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-954094">
+9.2.6.6 Browsing the server from the client</a></h4><P CLASS="para">From the Network Neighborhood (File Manager in older releases), try to browse the server. Your Samba server should appear in the browse list of your local workgroup. You should be able to double click on the name of the server and get a list of shares, as illustrated in <A CLASS="xref" HREF="ch09_02.html#ch09-60004">
+Figure 9.5</a>.   </p><H4 CLASS="figure">
+<A CLASS="title" NAME="ch09-60004">
+Figure 9.5: List of shares on a server</a></h4><IMG CLASS="graphic" SRC="figs/sam.0905.gif" ALT="Figure 9.5"><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945897">
+</a>If you get an "Invalid password" error with NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98 or any of these with Internet Explorer 4.0, it's most likely the encryption problem again. All of these clients default to using Microsoft encryption for passwords (see <a href="ch06_01.html"><b>Chapter 6</b></a>).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945903">
+</a>If you receive an "Unable to browse the network" error, one of the following has ocurred:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945904">
+</a>You have looked too soon, before the broadcasts and updates have completed; try waiting 30 seconds before re-attempting.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945905">
+</a>There is a network problem you've not yet diagnosed.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945906">
+</a>There is no browse master. Add the configuration option <CODE CLASS="literal">
+local</code> <CODE CLASS="literal">
+master</code> <CODE CLASS="literal">
+=</code> <CODE CLASS="literal">
+yes</code> to your <EM CLASS="emphasis">
+smb.conf</em> file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945907">
+</a>No shares are marked <CODE CLASS="literal">
+browsable</code> in the <EM CLASS="emphasis">
+smb.conf</em> file.</p></li></ul></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945909">
+</a>If you receive the message "\\server is not accessible," then:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945910">
+</a> You have the encrypted password problem</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945911">
+</a> The machine really isn't accessible </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945912">
+</a> The machine doesn't support browsing</p></li></ul></li></ul></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-21713">9.2.7 Other Things that Fail </a></h3><P CLASS="para">
+If you've made it here, either the problem is solved or it's not one we've seen. The next sections cover troubleshooting tasks that are required to have the infrastructure to run Samba, not Samba itself.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945916">
+9.2.7.1 Not logging on</a></h4><P CLASS="para">An occasional problem is forgetting to log in to the client or logging in as a wrong (account-less) person. The former is not diagnosed at all: Windows tries to be friendly and lets you on. Locally! The only warning of the latter is that Windows welcomes you and asks about your new account. Either of these leads to repeated refusals to connect and endless requests for passwords. If nothing else seems to work, try logging out or shutting down and logging in again.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-23768">
+9.2.8 Troubleshooting Name Services</a></h3><P CLASS="para">This section looks at simple troubleshooting of all the name services that you will encounter, but only for the common problems that affect Samba.</p><P CLASS="para">
+There are several good references for troubleshooting particular name services: Paul Albitz and Cricket Liu's <EM CLASS="emphasis">
+DNS and Bind</em> covers the Domain Name Service (DNS), Hal Stern's <EM CLASS="emphasis">
+NFS and NIS</em> (both from O'Reilly) covers NIS ("Yellow pages") while WINS (Windows Internet Name Service), <I CLASS="filename">
+hosts/LMHOSTS</i> files and NIS+ are best covered by their respective vendor's manuals.</p><P CLASS="para">
+The problems addressed in this section are:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945926">
+</a>Identifying name services</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945927">
+</a>A hostname can't be looked up</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945928">
+</a>The long (FQDN) form of a hostname works but the short form doesn't </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945929">
+</a>The short form of the name works, but the long form doesn't</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945930">
+</a>A long delay ocurrs before the expected result </p></li></ul><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-945931">
+9.2.8.1 Identifying what's in use</a></h4><P CLASS="para">First, see if both the server and the client are using DNS, WINS, NIS, or <I CLASS="filename">
+hosts</i> files to look up IP addresses when you give them a name. Each kind of machine will have a different preference: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945934">
+</a>Windows 95 and 98 machines will look in WINS and <I CLASS="filename">
+LMHOSTS</i> files first, then broadcast, and finally try DNS and <I CLASS="filename">
+hosts</i> files.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945935">
+</a>NT will look in WINS, then broadcast, LMHOSTS files, and finally <I CLASS="filename">
+hosts</i> and DNS.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945936">
+</a>Windows programs using the WINSOCK standard (like PC-NFSs) will use hosts files, DNS, WINS, and then broadcast. Don't assume that if a different program's name service works, the SMB client program's name service will!</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945937">
+</a>Samba daemons will use <I CLASS="filename">
+LMHOSTS</i>, WINS, the Unix host's preference, and then broadcast.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945938">
+</a>Unix hosts can be configured to use any combination of DNS, <I CLASS="filename">
+hosts</i> files, and NIS and NIS+, generally in any order.</p></li></ul><P CLASS="para">
+We recommend that the client machines be configured to use WINS and DNS, the Samba daemons to use WINS and DNS, and the Unix server to use DNS. You'll have to look at your notes and the actual machines to see which is in use.</p><P CLASS="para">
+On the clients, the name services are all set in the TCP/IP Properties panel of the Networking Control Panel, as discussed in <a href="ch03_01.html"><b>Chapter 3</b></a>. You may need to check there to see what you've actually turned on. On the server, see if an <I CLASS="filename">
+/etc/resolv.conf</i> file exists. If it does, you're using DNS. You may be using the others as well, though. You'll need to check for NIS and combinations of services.</p><P CLASS="para">
+Check for an <I CLASS="filename">
+/etc/nsswitch.conf</i> file on Solaris and other System V Unix operating systems. If you have one, look for a line that begins <CODE CLASS="literal">
+host</code>:, followed by one or more of <CODE CLASS="literal">
+files</code>, <CODE CLASS="literal">
+bind</code>, <CODE CLASS="literal">
+nis</code> or <CODE CLASS="literal">
+nis+</code>. These are the name services to use, in order, with optional extra material in square brackets. <EM CLASS="emphasis">
+files</em> stands for using<EM CLASS="emphasis">
+ hosts</em> files, while <EM CLASS="emphasis">
+bind</em> (the Berkeley Internet Name Daemon) stands for using DNS.</p><P CLASS="para">
+If the client and server differ, the first thing to do is to get them in sync. Clients can only use only DNS, WINS, <EM CLASS="emphasis">
+hosts </em>files and <EM CLASS="emphasis">
+lmhosts</em> files, not NIS or NIS+. Servers can use <EM CLASS="emphasis">
+hosts</em> files, DNS, and NIS or NIS+, but not WINS&nbsp;- even if your Samba server provides WINS services. If you can't get all the systems to use the same services, you'll have to carefully check the server and the client for the same data.</p><P CLASS="para">
+Samba 2.0 (and late 1.9 versions) added a <CODE CLASS="literal">
+-R</code><I CLASS="option">
+ </i>(resolve order) option to <EM CLASS="emphasis">
+smbclient</em>. If you want to troubleshoot WINS, for example, you'd say:</p><PRE CLASS="programlisting"> smbclient -L <CODE CLASS="replaceable"><I>server</i></code> -R wins</pre><P CLASS="para">
+The possible settings are <CODE CLASS="literal">
+hosts</code> (which means whatever the Unix machine is using, not just<I CLASS="filename">
+ /etc/hosts</i> files), <CODE CLASS="literal">
+lmhosts</code>, <CODE CLASS="literal">
+wins</code> and <CODE CLASS="literal">
+bcast</code> (broadcast).</p><P CLASS="para">
+In the following sections, we use the term <EM CLASS="emphasis">
+long name</em> for a fully-qualified domain name (FQDN), like <CODE CLASS="literal">
+server.example.com</code>, and the term <EM CLASS="emphasis">
+short name</em> for the host part of a FQDN, like <CODE CLASS="literal">
+server</code>.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-947590">
+9.2.8.2 Cannot look up hostnames</a></h4><P CLASS="para">
+ Try the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945950">
+</a>In DNS:</p><P CLASS="para">
+Run <CODE CLASS="literal">
+nslookup</code> <CODE CLASS="replaceable">
+<I>
+name</i></code>. If this fails, look for a <I CLASS="filename">
+resolv.conf</i> error, a downed DNS server, or a short/long name problem (see the next section). Try the following:</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945952">
+</a>Your <I CLASS="filename">
+/etc/resolv.conf</i> should contain one or more name-server lines, each with an IP address. These are the addresses of your DNS servers.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947597">
+</a>ping each of the server addresses you find. If this fails for one, suspect the machine. If it fails for each, suspect your network.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947600">
+</a>Retry the lookup using the full domain name (e.g., <EM CLASS="emphasis">
+server.example.com</em>) if you tried the short name first, or the short name if you tried the long name first. If results differ, skip to the next section. </p></li></ul><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945958">
+</a>In Broadcast/ WINS:</p><P CLASS="para">
+Broadcast/ WINS does only short names such as <CODE CLASS="literal">
+server</code>, (not long ones, such as <CODE CLASS="literal">
+server.example.com)</code>. Run <CODE CLASS="literal">
+nmblookup</code> <CODE CLASS="literal">
+-S</code> <CODE CLASS="replaceable">
+<I>
+server</i></code>.<CODE CLASS="replaceable">
+<I>
+ </i></code>This reports everything broadcast has registered for the name. In our example, it looks like this:</p></li></ul><PRE CLASS="programlisting">
+Looking up status of 192.168.236.86
+received 10 names
+        SERVER           &lt;00&gt; -         M &lt;ACTIVE&gt; 
+        SERVER           &lt;03&gt; -         M &lt;ACTIVE&gt; 
+        SERVER           &lt;1f&gt; -         M &lt;ACTIVE&gt; 
+        SERVER           &lt;20&gt; -         M &lt;ACTIVE&gt; 
+        ..__MSBROWSE__.  &lt;01&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt; 
+        MYGROUP          &lt;00&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt; 
+        MYGROUP          &lt;1b&gt; -         M &lt;ACTIVE&gt; 
+        MYGROUP          &lt;1c&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt; 
+        MYGROUP          &lt;1d&gt; -         M &lt;ACTIVE&gt; 
+        MYGROUP          &lt;1e&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;</pre><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+The required entry is <CODE CLASS="literal">
+SERVER</code> <CODE CLASS="literal">
+&lt;00&gt;</code>, which identifies <CODE CLASS="replaceable">
+<I>
+server</i></code> as being this machine's NetBIOS name. You should also see your workgroup mentioned one or more times. If these lines are missing, Broadcast/WINS cannot look up names and will need attention.</p></li></ul><P CLASS="para">
+The numbers in angle brackets in the previous output identify NetBIOS names as being workgroups, workstations, and file users of the messenger service, master browsers, domain master browsers, domain controllers and a plethora of others. We primarily use <CODE CLASS="literal">
+&lt;00&gt;</code> to identify machine and workgroup names and <CODE CLASS="literal">
+&lt;20&gt;</code> to identify machines as servers. The complete list is available at <A CLASS="systemitem.url" HREF="http://support.microsoft.com/support/kb/articles/q163/4/09.asp">
+http://support.microsoft.com/support/kb/articles/q163/4/09.asp</a>.</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945982">
+</a>In NIS:</p><P CLASS="para">
+Try <CODE CLASS="literal">
+ypmatch</code> <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+hosts</code>. If this fails, NIS is down. Find out the NIS server's name by running<EM CLASS="emphasis">
+ ypwhich</em>, and ping the machine it to see if it's accessible.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945985">
+</a>In NIS+:</p><P CLASS="para">
+If you're running NIS+, try <CODE CLASS="literal">
+nismatch</code> <CODE CLASS="literal">
+name</code> <CODE CLASS="literal">
+hosts</code>. If this fails, NIS is down. Find out the NIS server's name by running <EM CLASS="emphasis">
+niswhich</em>, and ping that machine to see if it's accessible.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-945988">
+</a>In <I CLASS="filename">
+hosts</i> files:</p><P CLASS="para">
+Inspect <I CLASS="filename">
+/etc/hosts</i> on the client (<CODE CLASS="literal">C:\WINDOWS\HOSTS</code>). Each line should have an IP number and one or more names, the primary name first, then any optional aliases. An example follows:</p></li></ul><PRE CLASS="programlisting">
+        127.0.0.1         localhost
+        192.168.236.1     dns.svc.example.com 
+        192.168.236.10    client.example.com client 
+        192.168.236.11    backup.example.com loghost 
+        192.168.236.86    server.example.com server 
+        192.168.236.254   router.svc.example.com </pre><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+On Unix, <CODE CLASS="literal">
+localhost</code> should always be 127.0.0.1, although it may be just an alias for a hostname on the PC. On the client, check that there are no <CODE CLASS="literal">
+#XXX</code> directives at the ends of the lines; these are LAN Manager/NetBIOS directives, and should appear only in <EM CLASS="emphasis">
+LMHOSTS</em> files (<CODE CLASS="literal">C:\WINDOWS\LMHOSTS</code>). </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946000">
+</a>In <EM CLASS="emphasis">
+LMHOSTS</em> files:</p><P CLASS="para">
+This file is a local source for LAN Manager (NetBIOS) names. It has a format very similar to <I CLASS="filename">
+/etc/hosts</i> files, but does not support long-form domain names (e.g., <CODE CLASS="literal">
+server.example.com</code>), and may have a number of optional <CODE CLASS="literal">
+#XXX</code> directives following the names. Note there usually is a <EM CLASS="emphasis">
+lmhosts.sam</em> (for sample) file in <CODE CLASS="literal">
+C:\WINDOWS</code>, but it's not used unless renamed to <CODE CLASS="literal">
+C:\WINDOWS\LMHOSTS</code>.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-946005">
+9.2.8.3 Long and short hostnames</a></h4><P CLASS="para">Where the long (FQDN) form of a hostname works but the short name doesn't (for example, <CODE CLASS="literal">
+client.example.com</code> works but <CODE CLASS="literal">
+client</code> doesn't), consider the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946007">
+</a>DNS: </p><P CLASS="para">
+This usually indicates there is no default domain in which to look up the short names. Look for a <CODE CLASS="literal">
+default</code> line in <I CLASS="filename">
+/etc/resolv.conf</i> on the Samba server with your domain in it, or a <CODE CLASS="literal">
+search</code> line with one or more domains in it. One or the other may need to be present to make short names usable; which one depends on vendor and version of the DNS resolver. Try adding <CODE CLASS="literal">
+domain</code> <CODE CLASS="replaceable">
+<I>
+your domain</i></code> to <I CLASS="filename">
+resolv.conf</i> and ask your network or DNS administrator what should have been in the file.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946010">
+</a>Broadcast/WINS: </p><P CLASS="para">
+Broadcast/WINS doesn't support long names; it won't suffer from this problem. </p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946012">
+</a>NIS: </p><P CLASS="para">
+Try the command <CODE CLASS="literal">
+ypmatch</code> <CODE CLASS="literal">
+hostname</code> <CODE CLASS="literal">
+hosts</code>. If you don't get a match, your tables don't include short names. Speak to your network manager; short names may be missing by accident, or may be unsupported as a matter of policy. Some sites don't ever use (ambiguous) short names.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946014">
+</a>NIS+ :</p><P CLASS="para">
+Try <CODE CLASS="literal">
+nismatch</code> <CODE CLASS="replaceable">
+<I>
+hostname</i></code> <CODE CLASS="literal">
+hosts</code>, and treat failure exactly as with NIS above.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946016">
+</a><EM CLASS="emphasis">
+hosts:</em> </p><P CLASS="para">
+If the short name is not in <I CLASS="filename">
+/etc/hosts</i>, consider adding it as an alias. Avoid, if you can, short names as primary names (the first one on a line). Have them as aliases if your system permits.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946018">
+</a><I CLASS="filename">
+LMHOSTS</i>: </p><P CLASS="para">
+LAN Manager doesn't support long names, so it won't suffer from this problem. </p></li></ul><P CLASS="para">
+On the other hand, if the short form of the name works and the long doesn't, consider the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946022">
+</a>DNS: </p><P CLASS="para">
+This is bizarre; see your network or DNS administrator, as this is probably a DNS setup bug.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947697">
+</a>Broadcast/WINS: </p><P CLASS="para">
+This is a normal bug; Broadcast/WINS can't use the long form. Optionally, consider DNS. Microsoft has stated that they will switch to DNS, though it's not providing name types like &lt;00&gt;.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947709">
+</a>NIS:</p><P CLASS="para">
+If you can use <CODE CLASS="literal">
+ypmatch</code> to look up the short form but not the long, consider adding the long form to the table as at least an alias.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947718">
+</a>NIS+: </p><P CLASS="para">
+Same as NIS, except you use <CODE CLASS="literal">
+nismatch</code> instead of <CODE CLASS="literal">
+ypmatch</code> to look up names.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947720">
+</a><I CLASS="filename">
+hosts:</i></p><P CLASS="para">
+Add the long name as at least an alias, and preferably as the primary form. Also consider using DNS if it's practical.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947727">
+</a><I CLASS="filename">
+LMHOSTS</i>: </p><P CLASS="para">
+This is a normal bug. LAN Manager can't use the long form; consider switching to DNS or <I CLASS="filename">
+hosts</i>.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-946040">
+9.2.8.4 Unusual delays</a></h4><P CLASS="para">When there is a long delay before the expected result: </p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-947733">
+</a>DNS: </p><P CLASS="para">
+Test the same name with the <KBD CLASS="command">
+nslookup</kbd> command on the machine (client or server) that is slow. If <KBD CLASS="command">
+nslookup</kbd> is also slow, you have a DNS problem. If it's slower on a client, you have too many protocols bound to the Ethernet card. Eliminate NetBEUI, which is infamously slow, and optionally, Novel, assuming you don't need them. This is especially important on Windows 95, which is particularly sensitive to excess protocols.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946044">
+</a>Broadcast/ WINS:</p><P CLASS="para">
+Test the client using <CODE CLASS="literal">
+nmblookup</code>, and if it's faster, you probably have the protocols problem as  mentioned in the previous item.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946047">
+</a>NIS:</p><P CLASS="para">
+Try <CODE CLASS="literal">
+ypmatch</code>, and if it's slow, report the problem to your network manager.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946049">
+</a>NIS+: </p><P CLASS="para">
+Try <CODE CLASS="literal">
+nismatch</code>, similarly.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946051">
+</a><EM CLASS="emphasis">
+hosts</em>:</p><P CLASS="para">
+<EM CLASS="emphasis">
+hosts</em> files, if of reasonable size, are always fast. You probably have the protocols problem mentioned under DNS, above.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946053">
+</a><EM CLASS="emphasis">
+LMHOSTS</em>:</p><P CLASS="para">
+This is not a name lookup problem; <EM CLASS="emphasis">
+LMHOSTS</em> files are as fast as <EM CLASS="emphasis">
+hosts</em> files.</p></li></ul></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-946055">
+9.2.8.5 Localhost issues</a></h4><P CLASS="para">When a localhost isn't 127.0.0.1, try the following:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946056">
+</a>DNS:</p><P CLASS="para">
+There is probably no record for <CODE CLASS="literal">
+localhost.</code> <CODE CLASS="literal">
+A</code> <CODE CLASS="literal">
+127.0.0.1</code>. Arrange to add one, and a reverse entry, <CODE CLASS="literal">
+1.0.0.127.IN-ADDR.ARPA</code> <CODE CLASS="literal">
+PTR</code> <CODE CLASS="literal">
+127.0.0.1</code>.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946058">
+</a>Broadcast/WINS:</p><P CLASS="para">
+Not applicable.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946060">
+</a>NIS:</p><P CLASS="para">
+If <CODE CLASS="literal">
+localhost</code> isn't in the table, add it.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946062">
+</a>NIS+: </p><P CLASS="para">
+If <CODE CLASS="literal">
+localhost</code> isn't in the table, add it.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946064">
+</a><I CLASS="filename">
+hosts:</i></p><P CLASS="para">
+Add a line is the <EM CLASS="emphasis">
+hosts</em> file that says <CODE CLASS="literal">
+127.0.0.1</code> <CODE CLASS="literal">
+localhost</code></p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946066">
+</a><I CLASS="filename">
+LMHOSTS</i>:</p><P CLASS="para">
+Not applicable.</p></li></ul></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-953970">9.2.9 Troubleshooting Network Addresses</a></h3><P CLASS="para">
+A number of common problems are caused by incorrect Internet address routing or the incorrect assignment of addresses. This section helps you determine what your addresses are.</p><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-21203">
+9.2.9.1 Netmasks</a></h4><P CLASS="para">The netmasks tell each machine which addresses can be reached directly (are on your local network) and which addresses require forwarding packets through a router. If the netmask is wrong, the machines will make one of two mistakes. One is to try to route local packets via a router, which is an expensive way to waste time&nbsp;- it may work reasonably fast, it may run slowly, or it may fail utterly. The second mistake is to fail to send packets for a remote machine to the router, which will prevent them from being forwarded to the remote machine.</p><P CLASS="para">
+The netmask is a number like an IP address, with one-bits for the network part of an address and zero-bits for the host portion. The netmask is literally used to mask off parts of the address inside the TCP/IP code. If the mask is 255.255.0.0, the first 2 bytes are the network part and the last 2 are the host part. More common is 255.255.255.0, in which the first 3 bytes are the network part and the last one is the host part.</p><P CLASS="para">
+For example, let's say your IP address is 192.168.0.10 and the Samba server is 192.168.236.86. If your netmask happens to be 255.255.255.0, the network part of the addresses is the first 3 bytes and the host part is the last byte. In this case, the network parts are different, and the machines are on different networks: </p><TABLE CLASS="informaltable" BORDER="1" CELLPADDING="3">
+<THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Part</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Host Part</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+192 168 000</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+10</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+192 168 235</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+86</p></td></tr></tbody></table><P CLASS="para">
+If your netmask happens to be 255.255.0.0, the network part is just the first two bytes. In this case, the network parts match and so the two machines are on the same network: </p><TABLE CLASS="informaltable" BORDER="1" CELLPADDING="3">
+<THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Part</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Host Part</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+192 168</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+000 10</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+192 168</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+236 86</p></td></tr></tbody></table><P CLASS="para">
+Of course, if your netmask says one thing and your network manager says another, the netmask is wrong.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-45060">
+9.2.9.2 Broadcast addresses</a></h4><P CLASS="para">
+The broadcast address is a normal address, with the hosts part all one-bits. It means "all hosts on your network." You can compute it easily from your netmask and address: take the address and put one-bits in it for all the bits that are zero at the end of the netmask (the host part). The following table illustrates this: </p><TABLE CLASS="informaltable" BORDER="1" CELLPADDING="3">
+<THEAD CLASS="thead">
+<TR CLASS="row" VALIGN="TOP">
+<TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Network Part</p></th><TH CLASS="entry" ALIGN="LEFT" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+Host Part</p></th></tr></thead><TBODY CLASS="tbody">
+<TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">
+IP address</b></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+192 168 236</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+86</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">
+Netmask</b></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+255 255 255</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+000</p></td></tr><TR CLASS="row" VALIGN="TOP">
+<TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+<B CLASS="emphasis.bold">
+Broadcast</b></p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+192 168 236</p></td><TD CLASS="entry" ROWSPAN="1" COLSPAN="1">
+<P CLASS="para">
+255</p></td></tr></tbody></table><P CLASS="para">
+In this example, the broadcast address on the 192.168.236 network is 192.168.236.255. There is also an old "universal" broadcast address, 255.255.255.255. Routers are prohibited from forwarding these, but most machines on your local network will respond to broadcasts to this address.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-946136">
+9.2.9.3 Network address ranges</a></h4><P CLASS="para">A number of address ranges have been reserved for testing and for non-connected networks; we use one of these for the book. If you don't have an address yet, feel free to use one of these to start with. They include one class A (large) network, 10.*.*.*, and 254 class C (smaller) networks, 192.168.1.* through to 192.168.254.*. In this book we use one of the latter, 192.168.236.*. The domain <I CLASS="filename">
+example.com</i> is also reserved for unconnected networks, explanatory examples, and books.</p><P CLASS="para">
+If you're actually connecting to the Internet, you'll need to get a real network and a domain name, probably through the same company that provides your connection.</p></div><DIV CLASS="sect3">
+<H4 CLASS="sect3">
+<A CLASS="title" NAME="ch09-pgfId-947786">
+9.2.9.4 Finding your network address</a></h4><P CLASS="para">If you haven't recorded your IP address, it will be displayed by the <KBD CLASS="command">
+ifconfig</kbd> command on Unix or by the IPCONFIG command on Windows 95 and NT. (Check your manual pages for any options required by your brand of Unix: Sun wants <CODE CLASS="literal">
+ifconfig</code> <CODE CLASS="literal">
+-a</code>). You should see output similar to the following:</p><PRE CLASS="programlisting">
+server% ifconfig -a 
+le0: flags=63&lt;UP,BROADCAST,NOTRAILERS,RUNNING &gt; 
+      inet 192.168.236.11 netmask ffffff00 broadcast 192.168.236.255 
+lo0: flags=49&lt;&amp;lt&gt;UP,LOOPBACK,RUNNING&lt;&amp;gt&gt; 		
+      inet 127.0.0.1 netmask ff000000</pre><P CLASS="para">
+One of the interfaces will be loopback (in our examples <CODE CLASS="literal">
+lo0</code>), and the other will be the regular IP interface. The flags should show that the interface is running, and Ethernet interfaces will also say they support broadcasts (PPP interfaces don't). The other places to look for IP addresses are <I CLASS="filename">
+/etc/hosts</i> files, Windows <EM CLASS="emphasis">
+HOSTS</em> files, Windows <EM CLASS="emphasis">
+LMHOSTS</em> files, NIS, NIS+ and DNS.</p></div></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-35552">9.2.10 Troubleshooting NetBIOS Names</a></h3><P CLASS="para">Historically, SMB protocols have depended on the NetBIOS name system, also called the LAN Manager name system. This was a simple scheme where each machine had a unique 20-character name and broadcast it on the LAN for everyone to know. With TCP/IP, we tend to use names like <EM CLASS="emphasis">
+client.example.com</em> stored in <I CLASS="filename">
+/etc/hosts</i> files, through DNS or WINS.</p><P CLASS="para">
+The usual mapping to domain names such as <EM CLASS="emphasis">
+server.example.com</em> simply uses the <EM CLASS="emphasis">
+server</em> part as the NetBIOS name and converts it to uppercase. Alas, this doesn't always work, especially if you have a machine with a 21-character name; not everyone uses the same NetBIOS and DNS names. For example, <EM CLASS="emphasis">
+corpvm1</em> along with <EM CLASS="emphasis">
+vm1.corp.com</em> is not unusual.</p><P CLASS="para">
+A machine with a different NetBIOS name and domain name is confusing when you're troubleshooting; we recommend that you try to avoid this wherever possible. NetBIOS names are discoverable with <EM CLASS="emphasis">
+smbclient </em>:</p><UL CLASS="itemizedlist">
+<LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946160">
+</a>If you can list shares on your Samba server with <EM CLASS="emphasis">
+smbclient</em> and a <CODE CLASS="literal">
+-L</code> option (list shares) of <CODE CLASS="replaceable">
+<I>
+short_name_of_server</i></code>, the short name is the NetBIOS name.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946161">
+</a>If you get "Get_Hostbyname: Unknown host name," there is probably a mismatch. Check in the <I CLASS="filename">
+smb.conf</i> file to see if the NetBIOS name is explicitly set.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946162">
+</a>Try again, specifying <CODE CLASS="literal">
+-I</code> and the IP address of the Samba server (e.g., <CODE CLASS="literal">
+smbclient</code> <CODE CLASS="literal">
+-L</code> <CODE CLASS="literal">
+server</code> <CODE CLASS="literal">
+-I</code> <CODE CLASS="literal">
+192.168.236.86</code>). This overrides the name lookup and forces the packets to go to the IP address. If this works, there was a mismatch.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946163">
+</a>Try with <CODE CLASS="literal">
+-I</code> and the full domain name of the server (e.g., <CODE CLASS="literal">
+smbclient</code> <CODE CLASS="literal">
+-L</code> <CODE CLASS="literal">
+server</code> <CODE CLASS="literal">
+-I</code> <CODE CLASS="literal">
+server.example.com</code>). This tests the lookup of the domain name, using whatever scheme the Samba server uses (e.g., DNS). If it fails, you have a name service problem. You should reread the section <A CLASS="xref" HREF="ch09_02.html#ch09-23768">
+Section 9.2.8</a> after you finish troubleshooting the NetBIOS names.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946168">
+</a>Try with <CODE CLASS="literal">
+-n</code> (NetBIOS name) and the name you expect to work (e.g., <CODE CLASS="literal">
+smbclient</code> <CODE CLASS="literal">
+-n</code> <CODE CLASS="literal">
+server</code> <CODE CLASS="literal">
+-L</code> <CODE CLASS="literal">
+server-12</code>) but without overriding the IP address through <CODE CLASS="literal">
+-I</code>. If this works, the name you specified with <CODE CLASS="literal">
+-n</code> is the actual NetBIOS name of the server. If you receive "Get-Hostbyname: Unknown host MARY," it's not the right server yet.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-946169">
+</a>If nothing is working so far, repeat the tests specifying <CODE CLASS="literal">
+-U</code> <CODE CLASS="replaceable">
+<I>
+username</i></code> and <CODE CLASS="literal">
+-W</code> <CODE CLASS="replaceable">
+<I>
+workgroup</i></code>, with the username and workgroup in uppercase, to make sure you're not being derailed by a user or workgroup mismatch.</p></li><LI CLASS="listitem">
+<P CLASS="para">
+<A CLASS="listitem" NAME="ch09-pgfId-953522">
+</a>If nothing works still and you had evidence of a name service problem, troubleshoot name service in the section <A CLASS="xref" HREF="ch09_02.html#ch09-23768">
+Section 9.2.8</a>, and then return to NetBIOS name service.</p></li></ul></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_01.html" TITLE="9.1 The Tool Bag">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 9.1 The Tool Bag" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_03.html" TITLE="9.3 Extra Resources">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: 9.3 Extra Resources" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">9.1 The Tool Bag</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+9.3 Extra Resources</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/ch09_03.html b/docs/htmldocs/using_samba/ch09_03.html
new file mode 100755
index 00000000000..ecaa53ed364
--- /dev/null
+++ b/docs/htmldocs/using_samba/ch09_03.html
@@ -0,0 +1,136 @@
+<HTML>
+<HEAD>
+<TITLE>
+[Chapter 9] 9.3 Extra Resources</title><META NAME="DC.title" CONTENT=""><META NAME="DC.creator" CONTENT=""><META NAME="DC.publisher" CONTENT="O'Reilly &amp; Associates, Inc."><META NAME="DC.date" CONTENT="1999-11-05T21:41:27Z"><META NAME="DC.type" CONTENT="Text.Monograph"><META NAME="DC.format" CONTENT="text/html" SCHEME="MIME"><META NAME="DC.source" CONTENT="" SCHEME="ISBN"><META NAME="DC.language" CONTENT="en-US"><META NAME="generator" CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly
+<br>1st Edition November 1999
+<br>1-56592-449-5, Order Number: 4495
+<br>416 pages, $34.95
+</font>
+<p> <a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy</a>
+<p><a href="index.html">Table of Contents</a>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<center>
+<DIV CLASS="htmlnav">
+<TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_02.html" TITLE="9.2 The Fault Tree">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 9.2 The Fault Tree" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<B>
+<FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">
+<A CLASS="chapter" REL="up" HREF="ch09_01.html" TITLE="9. Troubleshooting Samba">
+Chapter 9<br>
+Troubleshooting Samba</a></font></b></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appa_01.html" TITLE="A. Configuring Samba with SSL">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A. Configuring Samba with SSL" BORDER="0"></a></td></tr></table>&nbsp;<hr noshade size=1></center>
+</div>
+<blockquote>
+<div>
+<H2 CLASS="sect1">
+<A CLASS="title" NAME="ch09-49719">
+9.3 Extra Resources</a></h2><P CLASS="para">At some point during your Samba career, you will want to turn to online or printed resources for news, updates, and aid.</p><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-953071">
+9.3.1 Documentation and FAQs</a></h3><P CLASS="para">It's okay to read the documentation. Really. Nobody can see you, and we won't tell. In fact, Samba ships with a large set of documentation files, and it is well worth the effort to at least browse through them, either in the distribution directory on your computer under <I CLASS="filename">
+/docs</i>, or online at the Samba web site: <a href="http://samba.anu.edu.au/samba/"><I CLASS="filename">http://samba.anu.edu.au/samba/</i></a>. The most current FAQ list, bug information, and distribution locations are located at the web site, with links to all of the Samba manual pages and HOW-TOs.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-946178">
+9.3.2 Samba Newsgroups</a></h3><P CLASS="para">Usenet newsgroups have always been a great place to get advice on just about any topic. In the past few years, though, this vast pool of knowledge has developed something that has made it into an invaluable resource: a memory. Archival and search sites such as DejaNews (<I CLASS="filename"><a href="http://www.dejanews.com">http://www.dejanews.com</i></a>) have made sifting through years of valuable solutions on a topic as simple as a few mouse clicks. </p><P CLASS="para">
+The primary newsgroup for Samba is <EM CLASS="emphasis">
+comp.protocols.smb</em>. This should always be your first stop when there's a problem. More often than not, spending five minutes researching an error here will save hours of frustration while trying to debug something yourself.</p><P CLASS="para">
+When searching a newsgroup, try to be as specific as possible, but not too wordy. Searching on actual error messages is best. If you don't find an answer immediately in the newsgroup, resist the temptation to post a request for help until you've done a bit more work on the problem. You may find that the answer is in a FAQ or one of the many documentation files that ships with Samba, or a solution might become evident when you run one of Samba's diagnostic tools. If nothing works, post a request in <EM CLASS="emphasis">
+comp.protocols.smb</em>, and be as specific as possible about what you have tried and what you are seeing. Include any error messages that appear. It may be several days before you receive help, so be patient and keep trying things while you wait.</p><P CLASS="para">
+Once you post a request for help, keep poking at the problem yourself. Most of us have had the experience of posting a Usenet article containing hundreds of lines of intricate detail, only to solve the problem an hour later after the article has blazed its way across several continents. The rule of thumb goes something like this: the more folks who have read your request, the simpler the solution. Usually this means that once everyone in the Unix community has seen your article, the solution will be something simple like, "Plug the computer into the wall socket."</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-951527">
+9.3.3 Samba Mailing Lists</a></h3><P CLASS="para">The following are mailing lists for support with Samba. See the Samba homepage, <a href="http://www.samba.org/"><I CLASS="filename">http://www.samba.org/</i></a> for information on subscribing and unsubscribing to these mailing lists:</p><DL CLASS="variablelist">
+<DT CLASS="term">
+samba-binaries@samba.org</dt><DD CLASS="listitem">
+<P CLASS="para">
+This mailing list has information on precompiled binaries for the Samba platform.</p></dd><DT CLASS="term">
+samba@samba.org</dt><DD CLASS="listitem">
+<P CLASS="para">
+This mailing list is the place to report suspected bugs in Samba.</p></dd><DT CLASS="term">
+samba-ntdom@samba.org</dt><DD CLASS="listitem">
+<P CLASS="para">
+This mailing list has information on support for domains (particularly Windows NT) with the Samba product.</p></dd><DT CLASS="term">
+samba-technical@samba.org</dt><DD CLASS="listitem">
+<P CLASS="para">
+This mailing list maintains debate about where the future of Samba is headed.</p></dd><DT CLASS="term">
+samba@samba.org</dt><DD CLASS="listitem">
+<P CLASS="para">
+This is the primary Samba mailing list that contains general questions and HOW-TO information on Samba.</p></dd></dl></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-946184">
+9.3.4 Samba Discussion Archives</a></h3><P CLASS="para">There is a search service for the primary Samba mailing list. At the time this book was written, it was listed under "searchable" in the Sources paragraph on the first page of the Samba site and its mirrors, <a href="http://samba.anu.edu.au/listproc/ghindex.html"><I CLASS="filename">http://samba.anu.edu.au/listproc/ghindex.html</i></a>.</p></div><DIV CLASS="sect2">
+<H3 CLASS="sect2">
+<A CLASS="title" NAME="ch09-pgfId-946188">
+9.3.5 Further Reading</a></h3><OL CLASS="orderedlist">
+<LI CLASS="listitem">
+<P CLASS="para">Craig Hunt; <EM CLASS="emphasis">
+TCP/IP Network Administration, 2nd Edition</em>. Sebastopol, CA: O'Reilly and Associates, 1997 (ISBN 1-56592-322-7).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+Hunt, Craig, and Robert Bruce Thompson; <EM CLASS="emphasis">
+Windows NT TCP/IP Network Administration. </em>Sebastopol, CA: O'Reilly and Associates, 1998 (<EM CLASS="emphasis">
+ISBN </em>1-56592-377-4).</p></li><LI CLASS="listitem">
+<P CLASS="para">Albitz, Paul, and Cricket Liu; <EM CLASS="emphasis">
+DNS and Bind, 3rd Edition</em>. Sebastopol, CA: O'Reilly &amp; Associates, 1998 (ISBN 1-56592-512-2).</p></li><LI CLASS="listitem">
+<P CLASS="para">
+Stern, Hal; <EM CLASS="emphasis">
+Managing </em><EM CLASS="emphasis">NFS and NIS</em>. Sebastopol, CA: O'Reilly &amp; Associates, 1991 (ISBN 0-937175-75-7).</p></li></ol></div></div></blockquote>
+<div>
+<center>
+<hr noshade size=1><TABLE WIDTH="515" BORDER="0" CELLSPACING="0" CELLPADDING="0">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">
+<A CLASS="sect1" HREF="ch09_02.html" TITLE="9.2 The Fault Tree">
+<IMG SRC="gifs/txtpreva.gif" ALT="Previous: 9.2 The Fault Tree" BORDER="0"></a></td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="book" HREF="index.html" TITLE="">
+<IMG SRC="gifs/txthome.gif" ALT="" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+<A CLASS="appendix" HREF="appa_01.html" TITLE="A. Configuring Samba with SSL">
+<IMG SRC="gifs/txtnexta.gif" ALT="Next: A. Configuring Samba with SSL" BORDER="0"></a></td></tr><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="172">9.2 The Fault Tree</td><TD ALIGN="CENTER" VALIGN="TOP" WIDTH="171">
+<A CLASS="index" HREF="inx.html" TITLE="Book Index">
+<IMG SRC="gifs/index.gif" ALT="Book Index" BORDER="0"></a></td><TD ALIGN="RIGHT" VALIGN="TOP" WIDTH="172">
+A. Configuring Samba with SSL</td></tr></table><hr noshade size=1></center>
+</div>
+
+<!-- End of sample chapter -->
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/figs/sam.0101.gif b/docs/htmldocs/using_samba/figs/sam.0101.gif
new file mode 100755
index 00000000000..ce022dd3220
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0101.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0102.gif b/docs/htmldocs/using_samba/figs/sam.0102.gif
new file mode 100755
index 00000000000..2c26743160e
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0102.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0103.gif b/docs/htmldocs/using_samba/figs/sam.0103.gif
new file mode 100755
index 00000000000..480b51bdb24
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0103.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0104.gif b/docs/htmldocs/using_samba/figs/sam.0104.gif
new file mode 100755
index 00000000000..a580bfd9da5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0104.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0105.gif b/docs/htmldocs/using_samba/figs/sam.0105.gif
new file mode 100755
index 00000000000..45782f6a54d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0105.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0106.gif b/docs/htmldocs/using_samba/figs/sam.0106.gif
new file mode 100755
index 00000000000..7e43f6a8295
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0106.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0107.gif b/docs/htmldocs/using_samba/figs/sam.0107.gif
new file mode 100755
index 00000000000..60f24ce060d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0107.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0108.gif b/docs/htmldocs/using_samba/figs/sam.0108.gif
new file mode 100755
index 00000000000..93b036c7366
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0108.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0109.gif b/docs/htmldocs/using_samba/figs/sam.0109.gif
new file mode 100755
index 00000000000..ec01228ef7c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0109.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0110.gif b/docs/htmldocs/using_samba/figs/sam.0110.gif
new file mode 100755
index 00000000000..9695cf7c61b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0110.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0111.gif b/docs/htmldocs/using_samba/figs/sam.0111.gif
new file mode 100755
index 00000000000..4dbc2dba41b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0111.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0112.gif b/docs/htmldocs/using_samba/figs/sam.0112.gif
new file mode 100755
index 00000000000..4f559e0d0f0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0112.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0113.gif b/docs/htmldocs/using_samba/figs/sam.0113.gif
new file mode 100755
index 00000000000..5d8cdaef6b5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0113.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0114.gif b/docs/htmldocs/using_samba/figs/sam.0114.gif
new file mode 100755
index 00000000000..291e6f0c824
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0114.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0201.gif b/docs/htmldocs/using_samba/figs/sam.0201.gif
new file mode 100755
index 00000000000..e6f97f63015
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0201.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0202.gif b/docs/htmldocs/using_samba/figs/sam.0202.gif
new file mode 100755
index 00000000000..0490c085717
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0202.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0203.gif b/docs/htmldocs/using_samba/figs/sam.0203.gif
new file mode 100755
index 00000000000..a24c4818600
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0203.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0204.gif b/docs/htmldocs/using_samba/figs/sam.0204.gif
new file mode 100755
index 00000000000..e446b1d4f11
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0204.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0301.gif b/docs/htmldocs/using_samba/figs/sam.0301.gif
new file mode 100755
index 00000000000..82306d6cc9b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0301.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0302.gif b/docs/htmldocs/using_samba/figs/sam.0302.gif
new file mode 100755
index 00000000000..0916db72aea
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0302.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0303.gif b/docs/htmldocs/using_samba/figs/sam.0303.gif
new file mode 100755
index 00000000000..18d63dbbb73
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0303.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0304.gif b/docs/htmldocs/using_samba/figs/sam.0304.gif
new file mode 100755
index 00000000000..a0c5eee0992
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0304.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0305.gif b/docs/htmldocs/using_samba/figs/sam.0305.gif
new file mode 100755
index 00000000000..43be04655ab
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0305.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0306.gif b/docs/htmldocs/using_samba/figs/sam.0306.gif
new file mode 100755
index 00000000000..be7609d9439
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0306.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0307.gif b/docs/htmldocs/using_samba/figs/sam.0307.gif
new file mode 100755
index 00000000000..258d3390bc1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0307.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0308.gif b/docs/htmldocs/using_samba/figs/sam.0308.gif
new file mode 100755
index 00000000000..316643ccfbe
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0308.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0309.gif b/docs/htmldocs/using_samba/figs/sam.0309.gif
new file mode 100755
index 00000000000..4a9d5d762b2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0309.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0310.gif b/docs/htmldocs/using_samba/figs/sam.0310.gif
new file mode 100755
index 00000000000..37262b91be0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0310.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0311.gif b/docs/htmldocs/using_samba/figs/sam.0311.gif
new file mode 100755
index 00000000000..c25e96f936f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0311.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0312.gif b/docs/htmldocs/using_samba/figs/sam.0312.gif
new file mode 100755
index 00000000000..8823f38eb1a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0312.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0313.gif b/docs/htmldocs/using_samba/figs/sam.0313.gif
new file mode 100755
index 00000000000..981a6849887
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0313.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0314.gif b/docs/htmldocs/using_samba/figs/sam.0314.gif
new file mode 100755
index 00000000000..9a7ed5858e2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0314.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0315.gif b/docs/htmldocs/using_samba/figs/sam.0315.gif
new file mode 100755
index 00000000000..ed4bcc42209
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0315.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0316.gif b/docs/htmldocs/using_samba/figs/sam.0316.gif
new file mode 100755
index 00000000000..99908ac7d3b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0316.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0317.gif b/docs/htmldocs/using_samba/figs/sam.0317.gif
new file mode 100755
index 00000000000..14899010064
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0317.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0318.gif b/docs/htmldocs/using_samba/figs/sam.0318.gif
new file mode 100755
index 00000000000..263650a2749
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0318.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0319.gif b/docs/htmldocs/using_samba/figs/sam.0319.gif
new file mode 100755
index 00000000000..0d1c934a564
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0319.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0320.gif b/docs/htmldocs/using_samba/figs/sam.0320.gif
new file mode 100755
index 00000000000..061ce27cb10
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0320.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0321.gif b/docs/htmldocs/using_samba/figs/sam.0321.gif
new file mode 100755
index 00000000000..f40fbbedcad
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0321.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0322.gif b/docs/htmldocs/using_samba/figs/sam.0322.gif
new file mode 100755
index 00000000000..f421311dfc2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0322.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0323.gif b/docs/htmldocs/using_samba/figs/sam.0323.gif
new file mode 100755
index 00000000000..578ffda5524
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0323.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0324.gif b/docs/htmldocs/using_samba/figs/sam.0324.gif
new file mode 100755
index 00000000000..4ab9ceb598f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0324.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0325.gif b/docs/htmldocs/using_samba/figs/sam.0325.gif
new file mode 100755
index 00000000000..f6da1e74347
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0325.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0326.gif b/docs/htmldocs/using_samba/figs/sam.0326.gif
new file mode 100755
index 00000000000..df6313794d0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0326.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0327.gif b/docs/htmldocs/using_samba/figs/sam.0327.gif
new file mode 100755
index 00000000000..1e774392154
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0327.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0328.gif b/docs/htmldocs/using_samba/figs/sam.0328.gif
new file mode 100755
index 00000000000..7baa0ef4e6d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0328.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0401.gif b/docs/htmldocs/using_samba/figs/sam.0401.gif
new file mode 100755
index 00000000000..a62d0d5675d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0401.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0402.gif b/docs/htmldocs/using_samba/figs/sam.0402.gif
new file mode 100755
index 00000000000..ecf03ca8c8a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0402.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0403.gif b/docs/htmldocs/using_samba/figs/sam.0403.gif
new file mode 100755
index 00000000000..755522854a4
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0403.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0404.gif b/docs/htmldocs/using_samba/figs/sam.0404.gif
new file mode 100755
index 00000000000..0d28182e521
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0404.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0405.gif b/docs/htmldocs/using_samba/figs/sam.0405.gif
new file mode 100755
index 00000000000..c7cc9d681b1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0405.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0406.gif b/docs/htmldocs/using_samba/figs/sam.0406.gif
new file mode 100755
index 00000000000..a4f82804aa0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0406.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0407.gif b/docs/htmldocs/using_samba/figs/sam.0407.gif
new file mode 100755
index 00000000000..84ca4e87c75
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0407.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0501.gif b/docs/htmldocs/using_samba/figs/sam.0501.gif
new file mode 100755
index 00000000000..dac53c673a1
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0501.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0502.gif b/docs/htmldocs/using_samba/figs/sam.0502.gif
new file mode 100755
index 00000000000..46e282ce31b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0502.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0503.gif b/docs/htmldocs/using_samba/figs/sam.0503.gif
new file mode 100755
index 00000000000..786de36e69f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0503.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0504.gif b/docs/htmldocs/using_samba/figs/sam.0504.gif
new file mode 100755
index 00000000000..bece7b9e0a5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0504.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0505.gif b/docs/htmldocs/using_samba/figs/sam.0505.gif
new file mode 100755
index 00000000000..6460e0436d5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0505.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0506.gif b/docs/htmldocs/using_samba/figs/sam.0506.gif
new file mode 100755
index 00000000000..e7282b02867
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0506.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0507.gif b/docs/htmldocs/using_samba/figs/sam.0507.gif
new file mode 100755
index 00000000000..bc7f2fda9af
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0507.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0508.gif b/docs/htmldocs/using_samba/figs/sam.0508.gif
new file mode 100755
index 00000000000..95b7ad98c4d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0508.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0601.gif b/docs/htmldocs/using_samba/figs/sam.0601.gif
new file mode 100755
index 00000000000..e826dd51415
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0601.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0602.gif b/docs/htmldocs/using_samba/figs/sam.0602.gif
new file mode 100755
index 00000000000..dce39b1c404
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0602.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0603.gif b/docs/htmldocs/using_samba/figs/sam.0603.gif
new file mode 100755
index 00000000000..15ad6f05d7b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0603.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0604.gif b/docs/htmldocs/using_samba/figs/sam.0604.gif
new file mode 100755
index 00000000000..cd9820d00e7
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0604.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0605.gif b/docs/htmldocs/using_samba/figs/sam.0605.gif
new file mode 100755
index 00000000000..db8e9c5e9f6
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0605.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0606.gif b/docs/htmldocs/using_samba/figs/sam.0606.gif
new file mode 100755
index 00000000000..a4c5e577e5a
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0606.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0701.gif b/docs/htmldocs/using_samba/figs/sam.0701.gif
new file mode 100755
index 00000000000..5933bdabbd0
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0701.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0702.gif b/docs/htmldocs/using_samba/figs/sam.0702.gif
new file mode 100755
index 00000000000..c1160e28383
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0702.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0703.gif b/docs/htmldocs/using_samba/figs/sam.0703.gif
new file mode 100755
index 00000000000..653e9b97617
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0703.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0704.gif b/docs/htmldocs/using_samba/figs/sam.0704.gif
new file mode 100755
index 00000000000..78d5a439eae
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0704.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0705.gif b/docs/htmldocs/using_samba/figs/sam.0705.gif
new file mode 100755
index 00000000000..39cee4c8569
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0705.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0706.gif b/docs/htmldocs/using_samba/figs/sam.0706.gif
new file mode 100755
index 00000000000..8725542429c
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0706.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0707.gif b/docs/htmldocs/using_samba/figs/sam.0707.gif
new file mode 100755
index 00000000000..09abcd5e78f
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0707.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0708.gif b/docs/htmldocs/using_samba/figs/sam.0708.gif
new file mode 100755
index 00000000000..bd5466b319b
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0708.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0709.gif b/docs/htmldocs/using_samba/figs/sam.0709.gif
new file mode 100755
index 00000000000..28452fd2322
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0709.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0801.gif b/docs/htmldocs/using_samba/figs/sam.0801.gif
new file mode 100755
index 00000000000..04e9210e54d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0801.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0802.gif b/docs/htmldocs/using_samba/figs/sam.0802.gif
new file mode 100755
index 00000000000..bf1718c93bf
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0802.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0803.gif b/docs/htmldocs/using_samba/figs/sam.0803.gif
new file mode 100755
index 00000000000..bb5739154a5
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0803.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0804.gif b/docs/htmldocs/using_samba/figs/sam.0804.gif
new file mode 100755
index 00000000000..eceb287e629
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0804.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0805.gif b/docs/htmldocs/using_samba/figs/sam.0805.gif
new file mode 100755
index 00000000000..5a599e13453
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0805.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0901.gif b/docs/htmldocs/using_samba/figs/sam.0901.gif
new file mode 100755
index 00000000000..1965600ab92
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0901.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0902.gif b/docs/htmldocs/using_samba/figs/sam.0902.gif
new file mode 100755
index 00000000000..f604d0ed09d
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0902.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0903.gif b/docs/htmldocs/using_samba/figs/sam.0903.gif
new file mode 100755
index 00000000000..1013d453427
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0903.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0904.gif b/docs/htmldocs/using_samba/figs/sam.0904.gif
new file mode 100755
index 00000000000..db13646f3dc
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0904.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.0905.gif b/docs/htmldocs/using_samba/figs/sam.0905.gif
new file mode 100755
index 00000000000..ef8c89bebbb
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.0905.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.aa01.gif b/docs/htmldocs/using_samba/figs/sam.aa01.gif
new file mode 100755
index 00000000000..495b649cd02
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.aa01.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.ab01.gif b/docs/htmldocs/using_samba/figs/sam.ab01.gif
new file mode 100755
index 00000000000..f7379675056
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.ab01.gif
diff --git a/docs/htmldocs/using_samba/figs/sam.ab02.gif b/docs/htmldocs/using_samba/figs/sam.ab02.gif
new file mode 100755
index 00000000000..6090cfd51d2
--- /dev/null
+++ b/docs/htmldocs/using_samba/figs/sam.ab02.gif
diff --git a/docs/htmldocs/using_samba/gifs/index.gif b/docs/htmldocs/using_samba/gifs/index.gif
new file mode 100755
index 00000000000..b45dcd58518
--- /dev/null
+++ b/docs/htmldocs/using_samba/gifs/index.gif
diff --git a/docs/htmldocs/using_samba/gifs/samba.s.gif b/docs/htmldocs/using_samba/gifs/samba.s.gif
new file mode 100755
index 00000000000..4984d0f8f32
--- /dev/null
+++ b/docs/htmldocs/using_samba/gifs/samba.s.gif
diff --git a/docs/htmldocs/using_samba/gifs/txthome.gif b/docs/htmldocs/using_samba/gifs/txthome.gif
new file mode 100755
index 00000000000..5598a0ff938
--- /dev/null
+++ b/docs/htmldocs/using_samba/gifs/txthome.gif
diff --git a/docs/htmldocs/using_samba/gifs/txtnexta.gif b/docs/htmldocs/using_samba/gifs/txtnexta.gif
new file mode 100755
index 00000000000..b6d67311adc
--- /dev/null
+++ b/docs/htmldocs/using_samba/gifs/txtnexta.gif
diff --git a/docs/htmldocs/using_samba/gifs/txtpreva.gif b/docs/htmldocs/using_samba/gifs/txtpreva.gif
new file mode 100755
index 00000000000..2b040b9b518
--- /dev/null
+++ b/docs/htmldocs/using_samba/gifs/txtpreva.gif
diff --git a/docs/htmldocs/using_samba/index.html b/docs/htmldocs/using_samba/index.html
new file mode 100755
index 00000000000..f1b4ccec6ec
--- /dev/null
+++ b/docs/htmldocs/using_samba/index.html
@@ -0,0 +1,168 @@
+<HTML>
+<HEAD>
+<TITLE></title>
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+
+<center>
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0">
+<tr>
+<td valign="TOP">
+<a href="http://www.oreilly.com/catalog/samba/">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</a>
+</td>
+<td valign="center">
+<H2>Using Samba</H2>
+<font size="-1">
+Robert Eckstein, David Collier-Brown, Peter Kelly<br>
+1st Edition November 1999<br>
+1-56592-449-5, Order Number: 4495<br>
+416 pages, $34.95
+</font>
+<p>
+<a href="http://www.oreilly.com/catalog/samba/">Buy the hardcopy version</a>
+
+</td>
+</tr>
+</table>
+</center>
+
+<hr size=1 noshade>
+<!--sample chapter begins -->
+
+<blockquote>
+<DIV CLASS="toc">
+<H2>
+Table of Contents</h2><P CLASS="toc">
+<a CLASS="chapter" HREF="licenseinfo.html" TITLE="">License Information</a><p>
+<a CLASS="chapter" HREF="this_edition.html" TITLE="">This Edition</a><p>
+<a CLASS="chapter" HREF="ch01_01.html" TITLE="">Chapter 1: <CITE CLASS="chapter">Learning the Samba</cite></a><br>
+	<blockquote>
+	<a CLASS="chapter" HREF="ch01_01.html#s1" TITLE="">Chapter 1.1: <CITE CLASS="chapter">What is Samba?</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_02.html" TITLE="">Chapter 1.2: <CITE CLASS="chapter">What Can Samba Do For Me?</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_03.html" TITLE="">Chapter 1.3: <CITE CLASS="chapter">Getting Familiar with a SMB/CIFS Network</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_04.html" TITLE="">Chapter 1.4: <CITE CLASS="chapter">Microsoft Implementations</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_05.html" TITLE="">Chapter 1.5: <CITE CLASS="chapter">An Overview of the Samba Distribution</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_06.html" TITLE="">Chapter 1.6: <CITE CLASS="chapter">How Can I Get Samba?</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_07.html" TITLE="">Chapter 1.7: <CITE CLASS="chapter">What's New in Samba 2.0?</cite></a><br>
+	<a CLASS="chapter" HREF="ch01_08.html" TITLE="">Chapter 1.8: <CITE CLASS="chapter">And That's Not All...</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch02_01.html" title="">Chapter 2: <CITE CLASS="chapter">Installing Samba on a Unix System</cite></a><br>
+	<blockquote>
+	<a CLASS="chapter" HREF="ch02_01.html#s1" TITLE="">Chapter 2.1: <CITE CLASS="chapter">Downloading the Samba Distribution</cite></a><br>
+	<a CLASS="chapter" HREF="ch02_02.html" TITLE="">Chapter 2.2: <CITE CLASS="chapter">Configuring Samba</cite></a><br>
+	<a CLASS="chapter" HREF="ch02_03.html" TITLE="">Chapter 2.3: <CITE CLASS="chapter">Compiling and Installing Samba</cite></a><br>
+	<a CLASS="chapter" HREF="ch02_04.html" TITLE="">Chapter 2.4: <CITE CLASS="chapter">A Basic Samba Configuration File</cite></a><br>
+	<a CLASS="chapter" HREF="ch02_05.html" TITLE="">Chapter 2.5: <CITE CLASS="chapter">Starting the Samba Daemons</cite></a><br>
+	<a CLASS="chapter" HREF="ch02_06.html" TITLE="">Chapter 2.6: <CITE CLASS="chapter">Testing the Samba Daemons</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch03_01.html" title="">Chapter 3: <CITE CLASS="chapter">Configuring Windows Clients</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch03_01.html#s1" title="">Chapter 3.1: <CITE CLASS="chapter">Setting Up Windows 95/98 Computers</cite></a><br>
+<a CLASS="chapter" HREF="ch03_02.html" title="">Chapter 3.2: <CITE CLASS="chapter">Setting Up Windows NT 4.0 Computers</cite></a><br>
+<a CLASS="chapter" HREF="ch03_03.html" title="">Chapter 3.3: <CITE CLASS="chapter">An Introduction to SMB/CIFS</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch04_01.html" Title="">Chapter 4: <CITE CLASS="chapter">Disk Shares</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch04_01.html#s1" Title="">Chapter 4.1: <CITE CLASS="chapter">Learning the Samba Configuration File</cite></a><br>
+<a CLASS="chapter" HREF="ch04_02.html" Title="">Chapter 4.2: <CITE CLASS="chapter">Special Sections</cite></a><br>
+<a CLASS="chapter" HREF="ch04_03.html" Title="">Chapter 4.3: <CITE CLASS="chapter">Configuration File Options</cite></a><br>
+<a CLASS="chapter" HREF="ch04_04.html" Title="">Chapter 4.4: <CITE CLASS="chapter">Server Configuration</cite></a><br>
+<a CLASS="chapter" HREF="ch04_05.html" Title="">Chapter 4.5: <CITE CLASS="chapter">Disk Share Configuration</cite></a><br>
+<a CLASS="chapter" HREF="ch04_06.html" Title="">Chapter 4.6: <CITE CLASS="chapter">Networking Options with Samba</cite></a><br>
+<a CLASS="chapter" HREF="ch04_07.html" Title="">Chapter 4.7: <CITE CLASS="chapter">Virtual Servers</cite></a><br>
+<a CLASS="chapter" HREF="ch04_08.html" Title="">Chapter 4.8: <CITE CLASS="chapter">Logging Configuration Options</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch05_01.html" title="">Chapter 5: <CITE CLASS="chapter">Browsing and Advanced Disk Shares</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch05_01.html#s1" Title="">Chapter 5.1: <CITE CLASS="chapter">Browsing</cite></a><br>
+<a CLASS="chapter" HREF="ch05_02.html" Title="">Chapter 5.2: <CITE CLASS="chapter">Filesystem Differences</cite></a><br>
+<a CLASS="chapter" HREF="ch05_03.html" Title="">Chapter 5.3: <CITE CLASS="chapter">File Permissions and Attributes on MS-DOS and Unix</cite></a><br>
+<a CLASS="chapter" HREF="ch05_04.html" Title="">Chapter 5.4: <CITE CLASS="chapter">Name Mangling and Case</cite></a><br>
+<a CLASS="chapter" HREF="ch05_05.html" Title="">Chapter 5.5: <CITE CLASS="chapter">Locks and Oplocks</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch06_01.html" title="">Chapter 6: <CITE CLASS="chapter">Users, Security, and Domains</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch06_01.html#s1" Title="">Chapter 6.1: <CITE CLASS="chapter">Users and Groups</cite></a><br>
+<a CLASS="chapter" HREF="ch06_02.html" Title="">Chapter 6.2: <CITE CLASS="chapter">Controlling Access to Shares</cite></a><br>
+<a CLASS="chapter" HREF="ch06_03.html" Title="">Chapter 6.3: <CITE CLASS="chapter">Authentication Security</cite></a><br>
+<a CLASS="chapter" HREF="ch06_04.html" Title="">Chapter 6.4: <CITE CLASS="chapter">Passwords</cite></a><br>
+<a CLASS="chapter" HREF="ch06_05.html" Title="">Chapter 6.5: <CITE CLASS="chapter">Windows Domains</cite></a><br>
+<a CLASS="chapter" HREF="ch06_06.html" Title="">Chapter 6.6: <CITE CLASS="chapter">Logon Scripts</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch07_01.html" Title="">Chapter 7: <CITE CLASS="chapter">Printing and Name Resolution</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch07_01.html#s1" Title="">Chapter 7.1: <CITE CLASS="chapter">Sending Print Jobs to Samba</cite></a><br>
+<a CLASS="chapter" HREF="ch07_02.html" Title="">Chapter 7.2: <CITE CLASS="chapter">Printing to Windows Client Printers</cite></a><br>
+<a CLASS="chapter" HREF="ch07_03.html" Title="">Chapter 7.3: <CITE CLASS="chapter">Name Resolution with Samba</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch08_01.html" title="">Chapter 8: <CITE CLASS="chapter">Additional Samba Information</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch08_01.html#s1" Title="">Chapter 8.1: <CITE CLASS="chapter">Supporting Programmers</cite></a><br>
+<a CLASS="chapter" HREF="ch08_02.html" Title="">Chapter 8.2: <CITE CLASS="chapter">Magic Scripts</cite></a><br>
+<a CLASS="chapter" HREF="ch08_03.html" Title="">Chapter 8.3: <CITE CLASS="chapter">Internationalization</cite></a><br>
+<a CLASS="chapter" HREF="ch08_04.html" Title="">Chapter 8.4: <CITE CLASS="chapter">WinPopup Messages</cite></a><br>
+<a CLASS="chapter" HREF="ch08_05.html" Title="">Chapter 8.5: <CITE CLASS="chapter">Recently Added Options</cite></a><br>
+<a CLASS="chapter" HREF="ch08_06.html" Title="">Chapter 8.6: <CITE CLASS="chapter">Miscellaneous Options</cite></a><br>
+<a CLASS="chapter" HREF="ch08_07.html" Title="">Chapter 8.7: <CITE CLASS="chapter">Backups with smbtar</cite></a><br>
+	</blockquote>
+<a CLASS="chapter" HREF="ch09_01.html" title="">Chapter 9: <CITE CLASS="chapter">Troubleshooting Samba</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="ch09_01.html#s1" Title="">Chapter 9.1: <CITE CLASS="chapter">The Tool Bag</cite></a><br>
+<a CLASS="chapter" HREF="ch09_02.html" Title="">Chapter 9.2: <CITE CLASS="chapter">The Fault Tree</cite></a><br>
+<a CLASS="chapter" HREF="ch09_03.html" Title="">Chapter 9.3: <CITE CLASS="chapter">Extra Resources</cite></a><br>
+	</blockquote>
+
+<a CLASS="appendix" HREF="appa_01.html" title="">Appendix A: <CITE CLASS="appendix">Configuring Samba with SSL</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="appa_01.html#appa-pgfId-986440" Title="">Appendix A.1: <CITE CLASS="chapter">About Certificates</cite></a><br>
+<a CLASS="chapter" HREF="appa_02.html" Title="">Appendix A.2: <CITE CLASS="chapter">Requirements</cite></a><br>
+<a CLASS="chapter" HREF="appa_03.html" Title="">Appendix A.3: <CITE CLASS="chapter">Installing SSLeay</cite></a><br>
+<a CLASS="chapter" HREF="appa_04.html" Title="">Appendix A.4: <CITE CLASS="chapter">Setting Up SSL Proxy</cite></a><br>
+<a CLASS="chapter" HREF="appa_05.html" Title="">Appendix A.5: <CITE CLASS="chapter">SSL Configuration Options</cite></a><br>
+	</blockquote>
+<a CLASS="appendix" HREF="appb_01.html" title="">Appendix B: <CITE CLASS="appendix">Samba Performance Tuning</cite></a><br>
+	<blockquote>
+<a CLASS="chapter" HREF="appb_01.html#appb-47134" Title="">Appendix B.1: <CITE CLASS="chapter">A Simple Benchmark</cite></a><br>
+<a CLASS="chapter" HREF="appb_02.html" Title="">Appendix B.2: <CITE CLASS="chapter">Samba Tuning</cite></a><br>
+<a CLASS="chapter" HREF="appb_03.html" Title="">Appendix B.3: <CITE CLASS="chapter">Sizing Samba Servers</cite></a><br>
+	</blockquote>
+<a CLASS="appendix" HREF="appc_01.html" Title="">Appendix C: <CITE CLASS="appendix">Samba Configuration Option Quick Reference</cite></a><br>
+<p>
+<a CLASS="appendix" HREF="appd_01.html" Title="">Appendix D: <CITE CLASS="appendix">Summary of Samba Daemons and Commands</cite></a><br>
+<p>
+<a CLASS="appendix" HREF="appe_01.html" Title="">Appendix E: <CITE CLASS="appendix">Downloading Samba with CVS</cite></a><br>
+<p>
+<a CLASS="appendix" HREF="appf_01.html" Title="">Appendix F: <CITE CLASS="appendix">Sample Configuration File</cite></a><br>
+<p>
+
+<a HREF="inx.html" Title="">Index</a><br>
+
+</p></div>
+</blockquote>
+
+<!-- End of sample chapter -->
+
+<hr noshade size=1></center>
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+</html>
diff --git a/docs/htmldocs/using_samba/inx.html b/docs/htmldocs/using_samba/inx.html
new file mode 100755
index 00000000000..34207d7a747
--- /dev/null
+++ b/docs/htmldocs/using_samba/inx.html
@@ -0,0 +1,1344 @@
+<html>
+<head>
+<title>Using Samba</title>
+<META NAME="metadata" CONTENT="dublincore.0.1">
+<META NAME="subject" CONTENT="Using Samba">
+<META NAME="title" CONTENT="O'Reilly Catalog Index: Using Samba">
+<META NAME="otheragent" CONTENT="cron job">
+<META NAME="source" CONTENT="internal database">
+<META NAME="publisher" CONTENT="O'Reilly &amp; Associates, Inc.">
+<META NAME="objecttype" CONTENT="catalog index">
+<META NAME="form" CONTENT="html">
+</head>
+<BODY BGCOLOR="#FFFFFF" >
+<table border=0 cellspacing=0 cellpadding=0 width=90%>
+<tr>
+<td>
+<h2>Using Samba</h2>
+<h3>Index</h3>
+
+<PRE>
+</pre>
+<A HREF="#A">[&nbsp;A&nbsp;]</A>, 
+<A HREF="#B">[&nbsp;B&nbsp;]</A>, 
+<A HREF="#C">[&nbsp;C&nbsp;]</A>, 
+<A HREF="#D">[&nbsp;D&nbsp;]</A>, 
+<A HREF="#E">[&nbsp;E&nbsp;]</A>, 
+<A HREF="#F">[&nbsp;F&nbsp;]</A>, 
+<A HREF="#G">[&nbsp;G&nbsp;]</A>, 
+<A HREF="#H">[&nbsp;H&nbsp;]</A>, 
+<A HREF="#I">[&nbsp;I&nbsp;]</A>, 
+<A HREF="#J">[&nbsp;J&nbsp;]</A>, 
+<A HREF="#K">[&nbsp;K&nbsp;]</A>, 
+<A HREF="#L">[&nbsp;L&nbsp;]</A>, 
+<A HREF="#M">[&nbsp;M&nbsp;]</A>, 
+<A HREF="#N">[&nbsp;N&nbsp;]</A>, 
+<A HREF="#O">[&nbsp;O&nbsp;]</A>, 
+<A HREF="#P">[&nbsp;P&nbsp;]</A>, 
+<A HREF="#Q">[&nbsp;Q&nbsp;]</A>, 
+<A HREF="#R">[&nbsp;R&nbsp;]</A>, 
+<A HREF="#S">[&nbsp;S&nbsp;]</A>, 
+<A HREF="#T">[&nbsp;T&nbsp;]</A>, 
+<A HREF="#U">[&nbsp;U&nbsp;]</A>, 
+<A HREF="#V">[&nbsp;V&nbsp;]</A>, 
+<A HREF="#W">[&nbsp;W&nbsp;]</A>, 
+<A HREF="#Y">[&nbsp;Y&nbsp;]</A>, 
+
+
+<BR>&lt;&gt; (angled brackets), 14
+<BR>* (asterisk), 169
+<BR>\ (backslash) in smb.conf file, 85
+<BR>\\ (backslashes, two) in directories, 5
+<BR>: (colon), 6
+<BR>\ (continuation character), 85
+<BR>. (dot), 128, 134
+<BR># (hash mark), 85
+<BR>% (percent sign), 86
+<BR>. (period), 128
+<BR>? (question mark), 135
+<BR>; (semicolon), 85
+<BR>/ (slash character), 129, 134-135
+<BR>/ (slash) in shares, 116
+<BR>_ (underscore) 116
+<BR>* wildcard, 177
+
+<P><A NAME="A"><B>A</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>access-control options (shares), 160-162
+<BR>accessing Samba server, 61
+<BR>accounts, 51-53
+<BR>active connections, option for, 244
+<BR>addresses, networking option for, 106
+<BR>addtosmbpass executable, 176
+<BR>admin users option, 161
+<BR>AFS files, support for, 35
+<BR>aliases
+<BR> &nbsp; &nbsp; &nbsp;   multiple, 29
+<BR> &nbsp; &nbsp; &nbsp;   for NetBIOS names, 107
+<BR>alid users option, 161
+<BR>announce as option, 123
+<BR>announce version option, 123
+<BR>API (application programming interface), 9
+<BR>archive files, 137
+<BR>authentication, 19, 164-171
+<BR> &nbsp; &nbsp; &nbsp;   mechanisms for, 35
+<BR> &nbsp; &nbsp; &nbsp;   NT domain, 170
+<BR> &nbsp; &nbsp; &nbsp;   share-level option for, 192
+<BR>auto services option, 124
+<BR>automounter, support for, 35
+<BR>awk script, 176
+<P><A NAME="B"><B>B</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>backup browsers
+<BR> &nbsp; &nbsp; &nbsp;   local master browser, 22
+<BR> &nbsp; &nbsp; &nbsp;   per local master browser, 23
+<BR> &nbsp; &nbsp; &nbsp;   maximum number per workgroup, 22
+<BR>backup domain controllers (BDCs), 20
+<BR>backups, with smbtar program, 245-248
+<BR>backwards compatibility
+<BR> &nbsp; &nbsp; &nbsp;   elections and, 23
+<BR> &nbsp; &nbsp; &nbsp;   for filenames, 143
+<BR> &nbsp; &nbsp; &nbsp;   Windows domains and, 20
+<BR>base directory, 40
+<BR>.BAT scripts, 192
+<BR>BDCs (backup domain controllers), 20
+<BR>binary vs. source files, 32
+<BR>bind interfaces only option, 106
+<BR>bindings, 71
+<BR>Bindings tab, 60
+<BR>blocking locks option, 152
+<BR>b-node, 13
+<BR>boolean type, 90
+<BR>bottlenecks, 320-328
+<BR> &nbsp; &nbsp; &nbsp;   reducing, 321-326
+<BR> &nbsp; &nbsp; &nbsp;   types of, 320
+<BR>broadcast addresses, troubleshooting, 289
+<BR>broadcast registration, 13
+<BR>broadcast resolution, 13, 59
+<BR>broadcasting
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting with tcpdump utility, 255
+<BR> &nbsp; &nbsp; &nbsp;   (see also browsing; name resolution)
+<BR>browse lists, 21, 116
+<BR> &nbsp; &nbsp; &nbsp;   options for, 124, 127
+<BR> &nbsp; &nbsp; &nbsp;   propagation, 24
+<BR> &nbsp; &nbsp; &nbsp;   restricting shares from, 115
+<BR>browsing, 21-23, 114-127
+<BR> &nbsp; &nbsp; &nbsp;   client-side, testing with net view, 280
+<BR> &nbsp; &nbsp; &nbsp;   configuration options for, 122-127
+<BR> &nbsp; &nbsp; &nbsp;   elections, 23, 116-119
+<BR> &nbsp; &nbsp; &nbsp;   machines, list of, 21
+<BR> &nbsp; &nbsp; &nbsp;   options for, list of, 122
+<BR> &nbsp; &nbsp; &nbsp;   preventing, 115
+<BR> &nbsp; &nbsp; &nbsp;   resources of a specific machine, 21-23
+<BR> &nbsp; &nbsp; &nbsp;   server from client, 281
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 275-282
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      with smbclient, 276-278
+<BR>bug avoidance options, 240-245
+<BR> &nbsp; &nbsp; &nbsp;   list of, 240-241
+<P><A NAME="C"><B>C</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>cache size, new option for (Samba version 2.0), 239
+<BR>cache time (printers), option for, 220
+<BR>capitalization, 84
+<BR>Carnegie Mellon University, 35
+<BR>carriage-returns for scripts, 193
+<BR>case sensitivity
+<BR> &nbsp; &nbsp; &nbsp;   hostnames and, 5
+<BR> &nbsp; &nbsp; &nbsp;   options for, 146
+<BR> &nbsp; &nbsp; &nbsp;   usernames and, 163
+<BR>CD-ROM with this book
+<BR> &nbsp; &nbsp; &nbsp;   Samba distribution, 28, 32
+<BR> &nbsp; &nbsp; &nbsp;   testing tools, 28
+<BR>certificate authority, 300-303
+<BR>change notification, new option for (Samba version 2.0), 239
+<BR>change notify timeout option, 239
+<BR>Change Windows Password dialog box, 52
+<BR>changes at runtime, 85
+<BR>chat characters for passwords, 178
+<BR>CIFS (Common Internet File System), 3
+<BR> &nbsp; &nbsp; &nbsp;   (see also SMB/CIFS protocol)
+<BR>client code page option, 234
+<BR>client users (see users)
+<BR>client variables, 86
+<BR>clients, testing with nmblookup program, 279
+<BR>.CMD scripts, 192
+<BR>code pages, 234
+<BR> &nbsp; &nbsp; &nbsp;   multiple, 30
+<BR>coding system option, 235
+<BR>command string, SMB, 75
+<BR>commands for Samba, 366-377
+<BR>commas in values, 84
+<BR>comment option, 99
+<BR>comments in smb.conf (Samba configuration) file, 85
+<BR>compatibility, Samba with Windows NT, 30
+<BR>compilers, 33
+<BR>compiling Samba, 38-41
+<BR> &nbsp; &nbsp; &nbsp;   in version 2.0, 29
+<BR>config file option, 91
+<BR>configuration files
+<BR> &nbsp; &nbsp; &nbsp;   for individual clients, 253
+<BR> &nbsp; &nbsp; &nbsp;   machine-specific, 87
+<BR> &nbsp; &nbsp; &nbsp;   sample of, 379-383
+<BR> &nbsp; &nbsp; &nbsp;   smb.conf (Samba configuration) file (see smb.conf file)
+<BR>configuration options
+<BR> &nbsp; &nbsp; &nbsp;   browsing, 122-127
+<BR> &nbsp; &nbsp; &nbsp;   disk share, 97-100
+<BR> &nbsp; &nbsp; &nbsp;   format of, 83
+<BR> &nbsp; &nbsp; &nbsp;   list of, 329-356
+<BR> &nbsp; &nbsp; &nbsp;   server, 94-96
+<BR>configuring disk shares, 96-100
+<BR>configuring DNS (Windows NT), 68
+<BR>configuring Samba, 34-38
+<BR> &nbsp; &nbsp; &nbsp;   configuration file
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      creating, 41-45
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      testing, 45
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      (see also smb.conf (Samba configuration) file)
+<BR> &nbsp; &nbsp; &nbsp;   configure script
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      GNU, 34
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      sample execution, 38
+<BR> &nbsp; &nbsp; &nbsp;   options, 34-37
+<BR> &nbsp; &nbsp; &nbsp;   performance tuning, 312-328
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      benchmark for, 312, 314
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      other options for, 319-328
+<BR> &nbsp; &nbsp; &nbsp;   server, 93-96
+<BR> &nbsp; &nbsp; &nbsp;   with SSL, 295-311
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      requirements for, 296
+<BR>configuring TCP/IP networking protocol, 55, 66-71
+<BR>configuring Windows clients, 50-81
+<BR> &nbsp; &nbsp; &nbsp;   Windows 95/98 computers, 50-63
+<BR> &nbsp; &nbsp; &nbsp;   Windows NT 4.0 computers, 63-73
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      basic configuration, 63-67
+<BR>configuring WINS address, 70
+<BR>connected systems, status of, 9
+<BR>connections
+<BR> &nbsp; &nbsp; &nbsp;   active, option for, 244
+<BR> &nbsp; &nbsp; &nbsp;   current, list of, 370
+<BR> &nbsp; &nbsp; &nbsp;   resources, connecting to, 81
+<BR> &nbsp; &nbsp; &nbsp;   scripts for, 198
+<BR> &nbsp; &nbsp; &nbsp;   SMB, 77
+<BR> &nbsp; &nbsp; &nbsp;   testing, 259-263
+<BR> &nbsp; &nbsp; &nbsp;   virtual, 78
+<BR>copy option, 92
+<BR>creation masks, 138
+<BR> &nbsp; &nbsp; &nbsp;   option for, 140
+<BR>cryptography, private key, 35
+<BR>CVS (Concurrent Versions Systems), 378
+<BR>Cyclic Software, 378
+<P><A NAME="D"><B>D</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>daemons, 82, 359-362
+<BR> &nbsp; &nbsp; &nbsp;   killing, 48
+<BR> &nbsp; &nbsp; &nbsp;   messages generated by, reading, 8
+<BR> &nbsp; &nbsp; &nbsp;   stand-alone, 47
+<BR> &nbsp; &nbsp; &nbsp;   starting, 46-48
+<BR> &nbsp; &nbsp; &nbsp;   status report, 8
+<BR> &nbsp; &nbsp; &nbsp;   testing, 49
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      with testparm, 266
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 264-268
+<BR> &nbsp; &nbsp; &nbsp;   Unix, 2
+<BR> &nbsp; &nbsp; &nbsp;   viewing, 8
+<BR> &nbsp; &nbsp; &nbsp;   (see also smbd daemon; nmbd daemon)
+<BR>data transfer protocol, 6
+<BR>datagram service, 10, 16-18
+<BR>deadtime option, 241
+<BR>debug files, 49
+<BR>debug level option, 251, 314
+<BR>debug timestamp option, 112
+<BR>default case option, 146
+<BR>default services, 115
+<BR> &nbsp; &nbsp; &nbsp;   option for, 124
+<BR>defending hostnames, 12
+<BR>delays, troubleshooting, 287
+<BR>delete, 142
+<BR>delete readonly option, 139, 142
+<BR>delete veto files option, 135
+<BR>dfree command option, 241
+<BR>DFS, support for, 35
+<BR>DHCP (Dynamic Host Configuration Protocol), 57, 67
+<BR>dialup connection, 53
+<BR>Digital Pathworks clients, option for, 244
+<BR>directories
+<BR> &nbsp; &nbsp; &nbsp;   barring users from viewing contents, 130, 133
+<BR> &nbsp; &nbsp; &nbsp;   installation, 40
+<BR> &nbsp; &nbsp; &nbsp;   permissions, options for, 140
+<BR> &nbsp; &nbsp; &nbsp;   for Samba startup file, 363
+<BR> &nbsp; &nbsp; &nbsp;   target, 40
+<BR> &nbsp; &nbsp; &nbsp;   working, option for, 134
+<BR>directory mask option, 138, 141
+<BR>disabling/enabling features, 34
+<BR>discussion archives for Samba, 293
+<BR>disk quotas, support for, 37
+<BR>disk shares, 4-7, 49, 82-113
+<BR> &nbsp; &nbsp; &nbsp;   advanced, 114-154
+<BR> &nbsp; &nbsp; &nbsp;   configuring, 96-100
+<BR> &nbsp; &nbsp; &nbsp;   creating, 96
+<BR> &nbsp; &nbsp; &nbsp;   maximum size of, option for, 242
+<BR> &nbsp; &nbsp; &nbsp;   path option, 98
+<BR>disk sync, options for, 245
+<BR>DMB (domain master browser), 119-122
+<BR> &nbsp; &nbsp; &nbsp;   option for, 126
+<BR> &nbsp; &nbsp; &nbsp;   resource type, 24
+<BR>DNS Configuration tab, 57
+<BR>DNS (Domain Name System), 57
+<BR> &nbsp; &nbsp; &nbsp;   configuring, 68
+<BR> &nbsp; &nbsp; &nbsp;   as fallback for WINS address, 71
+<BR> &nbsp; &nbsp; &nbsp;   names
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      NetBIOS names and, 14
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      resource types and, 15
+<BR> &nbsp; &nbsp; &nbsp;   option for, 228
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 293
+<BR> &nbsp; &nbsp; &nbsp;   tab, 68
+<BR>dns proxy option, 228
+<BR>docs directory, 34
+<BR> &nbsp; &nbsp; &nbsp;   test utilities, 254
+<BR>documentation for Samba, 291
+<BR> &nbsp; &nbsp; &nbsp;   importance of reading, 34
+<BR>domain controllers, 20, 169
+<BR> &nbsp; &nbsp; &nbsp;   for Windows 95/98, 18-20
+<BR>domain group map option, 191
+<BR>domain logons, 28, 184
+<BR> &nbsp; &nbsp; &nbsp;   configuring Windows 95/98 for, 188
+<BR> &nbsp; &nbsp; &nbsp;   configuring Windows NT 4.0 for, 189
+<BR> &nbsp; &nbsp; &nbsp;   scripts for, 192-200
+<BR>domain logons option, 190
+<BR>domain master browser (see DMB)
+<BR>domain master option, 126
+<BR>Domain Name System (see DNS)
+<BR>domain user map option, 191
+<BR>domain-level security, 164, 169-171
+<BR>domains, 18-20
+<BR> &nbsp; &nbsp; &nbsp;   adding Samba server to Windows NT domain, 171
+<BR> &nbsp; &nbsp; &nbsp;   behavior vs. Windows workgroups, 20
+<BR> &nbsp; &nbsp; &nbsp;   controllers (see domain controllers)
+<BR> &nbsp; &nbsp; &nbsp;   logons (see domain logons)
+<BR> &nbsp; &nbsp; &nbsp;   new option for password timeout (Samba version 2.0), 239
+<BR> &nbsp; &nbsp; &nbsp;   roles in assumed by Samba, 26
+<BR> &nbsp; &nbsp; &nbsp;   Windows, 18, 28, 184-192
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      authentication, 170
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      caution when selecting, 190
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      support for, 28
+<BR>dont descend option, 133
+<BR>DOS file permissions and attributes, 135-143
+<BR>DOS-formatted carriage returns, 193
+<BR>downloads
+<BR> &nbsp; &nbsp; &nbsp;   Samba, 32
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      obtained using CVS, 378
+<BR> &nbsp; &nbsp; &nbsp;   tcpdump utility, 78, 257
+<BR>drive letters, mapping, 5
+<BR>dynamically linked libraries, 33
+<P><A NAME="E"><B>E</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>elections, 23
+<BR> &nbsp; &nbsp; &nbsp;   operating system values in, 117
+<BR> &nbsp; &nbsp; &nbsp;   order of decisions in, 118
+<BR> &nbsp; &nbsp; &nbsp;   role settings in, 117
+<BR> &nbsp; &nbsp; &nbsp;   WINS servers and, 26
+<BR>enabling/disabling features, 34
+<BR>encrypt passwords option, 181
+<BR>encrypted passwords, 172
+<BR> &nbsp; &nbsp; &nbsp;   Microsoft format, 183
+<BR> &nbsp; &nbsp; &nbsp;   option for, 181
+<BR> &nbsp; &nbsp; &nbsp;   vs. plaintext passwords, 173
+<BR>Entire Network icon, 4
+<BR>enumerated lists, 91
+<BR>errors
+<BR> &nbsp; &nbsp; &nbsp;   searching for, 38
+<BR> &nbsp; &nbsp; &nbsp;   syntax, 45
+<BR>/etc/hosts file, 57, 60
+<BR>/etc/inetd.conf configuration files, 48
+<BR> &nbsp; &nbsp; &nbsp;   adding SWAT tool to, 41
+<BR>/etc/resolv.conf file, 57
+<BR>/etc/services configuration file, adding SWAT tool to, 41, 48
+<BR>Ethernet adaptor cards, 53, 70
+<BR> &nbsp; &nbsp; &nbsp;   linking to TCP/IP networking protocol, 55
+<BR>execute permissions, 47
+<BR>/export/samba/test directory, 42
+<P><A NAME="F"><B>F</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>fake directory create times option, 232
+<BR>fake oplocks option, 153
+<BR>FAQ, Samba, 291
+<BR>fast locking, 36
+<BR>fatal error, option for, 244
+<BR>fault tree, 257-291
+<BR> &nbsp; &nbsp; &nbsp;   how to use, 257
+<BR>"File and Printer Sharing for Microsoft Networks", 53, 60, 246
+<BR>file creation masks, 138
+<BR>filenames
+<BR> &nbsp; &nbsp; &nbsp;   8.3 format, 143
+<BR> &nbsp; &nbsp; &nbsp;   limitations on, 143
+<BR> &nbsp; &nbsp; &nbsp;   representing/resolving, 145
+<BR> &nbsp; &nbsp; &nbsp;   Unix, option for, 245
+<BR>files
+<BR> &nbsp; &nbsp; &nbsp;   archive, 137
+<BR> &nbsp; &nbsp; &nbsp;   attributes, 135-143
+<BR> &nbsp; &nbsp; &nbsp;   deleting, option for, 129
+<BR> &nbsp; &nbsp; &nbsp;   hidden, 128, 136
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      options for, 134
+<BR> &nbsp; &nbsp; &nbsp;   open, option for maximum number of, 243
+<BR> &nbsp; &nbsp; &nbsp;   permissions, 135-143
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      options for, 140
+<BR> &nbsp; &nbsp; &nbsp;   read-only, 136
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      deleting, 139, 142
+<BR> &nbsp; &nbsp; &nbsp;   system, 136
+<BR> &nbsp; &nbsp; &nbsp;   in use, status of, 9
+<BR> &nbsp; &nbsp; &nbsp;   veto, 129-131
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      option for deleting, 135
+<BR>filesystems
+<BR> &nbsp; &nbsp; &nbsp;   differences between, 127-131
+<BR> &nbsp; &nbsp; &nbsp;   links and, 130
+<BR> &nbsp; &nbsp; &nbsp;   options for, 132-135
+<BR> &nbsp; &nbsp; &nbsp;   reporting on by Samba, option for, 242
+<BR> &nbsp; &nbsp; &nbsp;   (see also files)
+<BR>fixed user configuration, 196
+<BR>flat namespaces, 14, 25
+<BR>follow symlinks option, 133
+<BR>force create mode option, 141
+<BR>force directory mode option, 141
+<BR>force group option, 139, 141
+<BR>force user option, 139, 141
+<BR>foreign-language characters, 234-236
+<BR>free space on disk, option for, 241
+<BR>fstype option, 242
+<BR>FTP (File Transfer Protocol), 6
+<BR> &nbsp; &nbsp; &nbsp;   sites for Samba downloads, 32
+<P><A NAME="G"><B>G</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>gateway field, 68
+<BR>getwd cache option, 134, 320
+<BR>global options, 90
+<BR>[globals] section, 88
+<BR>GNU autoconf, 29
+<BR>GNU configure script, 34
+<BR>GNU General Public License (GPL), 3, 378
+<BR>groups, 155-158
+<BR> &nbsp; &nbsp; &nbsp;   administrative privileges for, 159
+<BR> &nbsp; &nbsp; &nbsp;   names and types of, 15
+<BR>guest, 162
+<BR>guest access, 159-162
+<BR>guest account option, 162
+<BR>guest ok option, 98
+<BR>guest only option, 162
+<P><A NAME="H"><B>H</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>hangup (HUP) signal, 48
+<BR>header, SMB, 74
+<BR>Hexidecimal byte value
+<BR> &nbsp; &nbsp; &nbsp;   for NetBIOS group resource types, 16
+<BR> &nbsp; &nbsp; &nbsp;   for NetBIOS unique resource types, 15
+<BR>hidden files, 128, 136
+<BR> &nbsp; &nbsp; &nbsp;   options for, 134, 142, 319
+<BR>h-node, 13
+<BR>home directory, user's, 36, 155
+<BR> &nbsp; &nbsp; &nbsp;   logon script option for location of, 198
+<BR>homedir map option, 200
+<BR>[homes] share, 89, 157
+<BR>hort preserve case option, 147
+<BR>hostnames
+<BR> &nbsp; &nbsp; &nbsp;   case sensitivity and, 5
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      long/short, 286
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      lookup, 284
+<BR>hosts
+<BR> &nbsp; &nbsp; &nbsp;   files (Windows 95/98), 59
+<BR> &nbsp; &nbsp; &nbsp;   files (Windows NT computers), 71
+<BR> &nbsp; &nbsp; &nbsp;   networking option for connections, 101, 103, 105
+<BR> &nbsp; &nbsp; &nbsp;   subnets and, caution with, 102
+<BR>hosts allow option, 103
+<BR>hosts deny option, 105
+<BR>hosts equiv option, 184
+<BR>how-tos, fault tree, 257-291
+<BR>http, 6
+<BR>HUP (hangup) signal, 48
+<P><A NAME="I"><B>I</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>Identification Changes dialog box (Windows NT), 63
+<BR>Identification tab, 60
+<BR>implementations, Microsoft, 18-27
+<BR>include option, 92
+<BR>inetd daemon, starting other daemons from, 48
+<BR>installing Samba, 31-49
+<BR> &nbsp; &nbsp; &nbsp;   common problems, 34
+<BR> &nbsp; &nbsp; &nbsp;   installation directories, 40
+<BR> &nbsp; &nbsp; &nbsp;   steps in, 31
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      final, 41
+<BR> &nbsp; &nbsp; &nbsp;   time required, 31
+<BR>installing TCP/IP protocol, 65
+<BR>installing Workstation service, 65
+<BR>interfaces, networking options for, 102
+<BR>interfaces option, 105
+<BR>internationalization, 234-236
+<BR>invalid users option, 161
+<BR>IP address, 288-290
+<BR> &nbsp; &nbsp; &nbsp;   setting for Windows NT computers, 67
+<BR>IP Address tab
+<BR> &nbsp; &nbsp; &nbsp;   Windows 95/98, 57
+<BR> &nbsp; &nbsp; &nbsp;   Windows NT, 67
+<BR>IP packet size, tuning, 316
+<P><A NAME="J"><B>J</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>Jacobson, Van, 255
+<P><A NAME="K"><B>K</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>keep-alive packets, option for, 242
+<BR>Kerberos, support for, 35
+<BR>kernel oplocks option, 153
+<P><A NAME="L"><B>L</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>languages, non-European, 30
+<BR>LDAP (Lightweight Directory Access Protocol)
+<BR> &nbsp; &nbsp; &nbsp;   replacement for password synchronization, 179
+<BR> &nbsp; &nbsp; &nbsp;   support for, 36
+<BR>ldd tool, 33
+<BR>legal agreements covering multi-user functionality, 6
+<BR>Leres, Craig, 255
+<BR>Lightweight Directory Access Protocol (see LDAP)
+<BR>line continuation, 85
+<BR>links, 130
+<BR> &nbsp; &nbsp; &nbsp;   option for, 133
+<BR>Linux
+<BR> &nbsp; &nbsp; &nbsp;   installing Samba on Linux system, 31
+<BR> &nbsp; &nbsp; &nbsp;   submount and, 36
+<BR>lm announce option, 125
+<BR>lm interval option, 125
+<BR>LMHOSTS file, 224
+<BR>load printers option, 222
+<BR>local group map option, 192
+<BR>local master browser, 21, 116-122
+<BR> &nbsp; &nbsp; &nbsp;   checking machines for, 118
+<BR> &nbsp; &nbsp; &nbsp;   option for, 125
+<BR>local master option, 125
+<BR>local profiles, 194
+<BR>localhost
+<BR> &nbsp; &nbsp; &nbsp;   address, 69
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 288
+<BR>localization, 234-236
+<BR>lock directory option, 154
+<BR>locking option, 152
+<BR>locks/locking files, 9, 149-154
+<BR> &nbsp; &nbsp; &nbsp;   messaging option for, 237
+<BR> &nbsp; &nbsp; &nbsp;   opportunistic locking, 29
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      tuning of, 316
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      (see also oplocks)
+<BR> &nbsp; &nbsp; &nbsp;   options for, 151-154
+<BR> &nbsp; &nbsp; &nbsp;   Unix and, 150
+<BR>log files/logging
+<BR> &nbsp; &nbsp; &nbsp;   activating/deactivating, 253
+<BR> &nbsp; &nbsp; &nbsp;   checking, 108-113
+<BR> &nbsp; &nbsp; &nbsp;   configuration options, 108-113
+<BR> &nbsp; &nbsp; &nbsp;   in for the first time (Samba), 52
+<BR> &nbsp; &nbsp; &nbsp;   levels of
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      setting, 251-253
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      tuning, 314
+<BR> &nbsp; &nbsp; &nbsp;   options for, 199
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 282
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting from, 251-254
+<BR>log level option, 112, 251, 314
+<BR>login dialog box, domain logons
+<BR> &nbsp; &nbsp; &nbsp;   Windows 95/98, 188
+<BR> &nbsp; &nbsp; &nbsp;   Windows NT, 190
+<BR>login parameters, setting, 79
+<BR>logon drive option, 197
+<BR>logon home option, 198
+<BR>logon path option, 197
+<BR>logon script option, 197
+<BR>logon scripts, 192-200
+<BR> &nbsp; &nbsp; &nbsp;   options for, 196-198
+<BR>logons (see domain logons)
+<BR>lppause command option, 221
+<BR>lpq cache time option, 220, 319
+<BR>lpq command option, 221
+<BR>lpresume command option, 221
+<BR>lprm command option, 221
+<P><A NAME="M"><B>M</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>machine name, types, 15
+<BR>machine password timeout option, 239
+<BR>magic output option, 233
+<BR>magic script option, 233
+<BR>magic scripts, 233
+<BR>mailing lists
+<BR> &nbsp; &nbsp; &nbsp;   posting to, 39
+<BR> &nbsp; &nbsp; &nbsp;   for Samba, 292
+<BR>main tree, 40
+<BR>makefiles, 33-34
+<BR>mandatory profiles, 196
+<BR>mangle case option, 148
+<BR>mangled map option, 148
+<BR>mangled names option, 147
+<BR>mangled stack option, 148
+<BR>mangling char option, 148
+<BR>map archive option, 142
+<BR>map hidden option, 142
+<BR>Map Network Drive option, 5, 62
+<BR>map system option, 142
+<BR>mapping
+<BR> &nbsp; &nbsp; &nbsp;   files, options for location of, 191
+<BR> &nbsp; &nbsp; &nbsp;   network drives, 5
+<BR>masks
+<BR> &nbsp; &nbsp; &nbsp;   creation, 138
+<BR> &nbsp; &nbsp; &nbsp;   netmasks, 57
+<BR> &nbsp; &nbsp; &nbsp;   subnet, 57, 67
+<BR> &nbsp; &nbsp; &nbsp;   umasks, 138
+<BR>master browsers (see local master browser; DMB; preferred master browser)
+<BR>max connections option, 161
+<BR>max disk size option, 242
+<BR>max log size option, 112
+<BR>max mux option, 243
+<BR>max open files option, 243
+<BR>max ttl option, 229
+<BR>max wins ttl option, 229
+<BR>max xmit option, 243, 317
+<BR>Maximum Transport Unit (MTU), 316
+<BR>McCanne, Steven, 255
+<BR>measurement forms, 326
+<BR>memory, status of, 9
+<BR>message command option, 238
+<BR>messages
+<BR> &nbsp; &nbsp; &nbsp;   from daemons, reading, 8
+<BR> &nbsp; &nbsp; &nbsp;   WinPopup, 237
+<BR>Microsoft, 3
+<BR> &nbsp; &nbsp; &nbsp;   encryption, 30
+<BR> &nbsp; &nbsp; &nbsp;   implementations, 18-27
+<BR>Microsoft Networking Client, 65
+<BR>min print space option, 223
+<BR>min wins ttl option, 229
+<BR>mirror sites for Samba distribution, 28
+<BR>MIT, 35
+<BR>mmap code, 36
+<BR>m-node, 13
+<BR>modem, linking to TCP/IP networking protocol, 55
+<BR>MTU (Maximum Transport Unit), 316
+<BR>multiple code pages, 30
+<BR>multiple subnets, 120
+<BR>multi-user functionality, legal agreements and, 6
+<BR>My Computer (Windows 95/98), 51
+<P><A NAME="N"><B>N</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>name mangling, 143-149
+<BR> &nbsp; &nbsp; &nbsp;   options for, 145-149
+<BR> &nbsp; &nbsp; &nbsp;   steps in, 143
+<BR>name registration, 10
+<BR>name resolution, 11, 60, 224-229
+<BR> &nbsp; &nbsp; &nbsp;   options for, 227-229
+<BR>name resolve order option, 229
+<BR>name services, 10
+<BR> &nbsp; &nbsp; &nbsp;   identifying what is in use, 283
+<BR> &nbsp; &nbsp; &nbsp;   nmblookup program, 372
+<BR> &nbsp; &nbsp; &nbsp;   testing, 258
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 282-288
+<BR>naming
+<BR> &nbsp; &nbsp; &nbsp;   machine name, types, 15
+<BR> &nbsp; &nbsp; &nbsp;   machines on NetBIOS network, 10-13
+<BR> &nbsp; &nbsp; &nbsp;   NT computers, 63
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      caution with, 64
+<BR> &nbsp; &nbsp; &nbsp;   TCP/IP networking protocol, setting machine name for, 60
+<BR>NBNS (see NetBIOS, name server)
+<BR>NBT standard, 10
+<BR>NBTSTAT utility, 15
+<BR>Netatalk (Macintosh), support for interoperating with, 37
+<BR>NetBEUI (NetBIOS Extended User Interface), 10, 53
+<BR> &nbsp; &nbsp; &nbsp;   Windows NT computers and, 65
+<BR>netbios aliases option, 107
+<BR>NetBIOS name, 14-16
+<BR> &nbsp; &nbsp; &nbsp;   option for aliases, 107
+<BR> &nbsp; &nbsp; &nbsp;   setting
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      Windows 95/98, 61
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      Windows NT, 63
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 290
+<BR>netbios name option, 95
+<BR>NetBIOS (Network Basic Input/Output System), 9
+<BR> &nbsp; &nbsp; &nbsp;   compared with TCP/IP, 10
+<BR> &nbsp; &nbsp; &nbsp;   Extended User Interface (see NetBEUI)
+<BR> &nbsp; &nbsp; &nbsp;   multiple servers (see virtual servers)
+<BR> &nbsp; &nbsp; &nbsp;   name (see NetBIOS name)
+<BR> &nbsp; &nbsp; &nbsp;   name server (NBNS), 11, 25, 58
+<BR> &nbsp; &nbsp; &nbsp;   network, naming machines on, 10-13
+<BR> &nbsp; &nbsp; &nbsp;   over TCP/IP, 10
+<BR> &nbsp; &nbsp; &nbsp;   Unique Resource Types, 15
+<BR>netmasks, 57, 67
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 288
+<BR>network addresses
+<BR> &nbsp; &nbsp; &nbsp;   finding, 290
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting, 288-290
+<BR>Network Basic Input/Output System (see NetBIOS)
+<BR>network configuration commands, 192
+<BR>Network dialog box (Windows NT), 63
+<BR>network drives, mapping, 5
+<BR>Network File System
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 293
+<BR>Network File System (NFS), 30
+<BR>Network icon
+<BR> &nbsp; &nbsp; &nbsp;   Windows 95/98, 53
+<BR> &nbsp; &nbsp; &nbsp;   Windows NT, 63
+<BR>network masks (see netmasks)
+<BR>Network Neighborhood icon, 61, 93
+<BR> &nbsp; &nbsp; &nbsp;   viewing Samba server, 72
+<BR>Network Neighborhood window, 21-22
+<BR> &nbsp; &nbsp; &nbsp;   mapping network drives via, 5
+<BR>networking
+<BR> &nbsp; &nbsp; &nbsp;   hardware for, testing, 259
+<BR> &nbsp; &nbsp; &nbsp;   network address ranges, 289
+<BR> &nbsp; &nbsp; &nbsp;   nmblookup program, testing with, 279
+<BR> &nbsp; &nbsp; &nbsp;   options, 101-106
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      list of, 103
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      magic script, 233
+<BR> &nbsp; &nbsp; &nbsp;   printing on a network, steps in, 201
+<BR> &nbsp; &nbsp; &nbsp;   setting up, 53-60
+<BR>newsgroups for Samba, 291
+<BR>NFS (Network File System), 30
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 293
+<BR>nis homedir option, 200
+<BR>NIS/NIS+ protocol, 36, 169
+<BR> &nbsp; &nbsp; &nbsp;   how Samba works with, 199
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 293
+<BR>nmbd daemon, 2, 29, 82, 85, 361-362
+<BR> &nbsp; &nbsp; &nbsp;   browsing options for, 125
+<BR> &nbsp; &nbsp; &nbsp;   killing, 48
+<BR> &nbsp; &nbsp; &nbsp;   starting, 46
+<BR>nmblookup program, 372
+<BR> &nbsp; &nbsp; &nbsp;   networks, testing with, 279
+<BR>node types, 13
+<BR>non-encrypted passwords, 172
+<BR>non-European languages, 30
+<BR>Novell Networking, 53
+<BR>nt pipe support option, 243
+<BR>nt smb support option, 243
+<BR>null passwords, 183
+<BR>null TID, 74
+<BR>numerical type, 90
+<P><A NAME="O"><B>O</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>.old files, 39
+<BR>ole locking compatibility option, 244
+<BR>Open Source Software (OSS), 3
+<BR>operating systems
+<BR> &nbsp; &nbsp; &nbsp;   encrypted/non-encrypted passwords, 172
+<BR> &nbsp; &nbsp; &nbsp;   miscellaneous options for, 240
+<BR> &nbsp; &nbsp; &nbsp;   values in elections, 117
+<BR>oplock files option, 316
+<BR>oplocks, 149-154
+<BR> &nbsp; &nbsp; &nbsp;   break requests, 149
+<BR> &nbsp; &nbsp; &nbsp;   messaging option for, 237
+<BR> &nbsp; &nbsp; &nbsp;   options for, 151-154
+<BR>oplocks option, 153
+<BR>opportunistic locking, 29
+<BR> &nbsp; &nbsp; &nbsp;   tuning, 316
+<BR> &nbsp; &nbsp; &nbsp;   (see also oplocks)
+<BR>option names, 84
+<BR>os filetime resolution option, 232
+<BR>os level option, 126
+<BR>OS/2, support for share-level security, 165
+<BR>OSF/1 (Digital Unix), 35
+<P><A NAME="P"><B>P</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>packets
+<BR> &nbsp; &nbsp; &nbsp;   headers for, tcpdump utility and, 376
+<BR> &nbsp; &nbsp; &nbsp;   maximum size of, option for, 243
+<BR>PAM (pluggable authentication modules), 179
+<BR> &nbsp; &nbsp; &nbsp;   support for, 36
+<BR>panic action option, 244
+<BR>passwd chat debug option, 182
+<BR>passwd chat option, 182
+<BR>passwd program option, 182
+<BR>password file, security and, 53
+<BR>password level option, 182
+<BR>Password settings (Windows 95/98), 51
+<BR>passwords, 171-184
+<BR> &nbsp; &nbsp; &nbsp;   chat characters for, 178
+<BR> &nbsp; &nbsp; &nbsp;   encrypted
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      changing, 176
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      disabling on Windows computers, 173
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      vs. non-encrypted, 172, 173
+<BR> &nbsp; &nbsp; &nbsp;   null, 183
+<BR> &nbsp; &nbsp; &nbsp;   options for, 180-184
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      share-level, 192
+<BR> &nbsp; &nbsp; &nbsp;   passwd program, 182
+<BR> &nbsp; &nbsp; &nbsp;   smbpasswd program, 374
+<BR> &nbsp; &nbsp; &nbsp;   stored by Samba, 172
+<BR> &nbsp; &nbsp; &nbsp;   synchronizing, 176-179
+<BR> &nbsp; &nbsp; &nbsp;   user-level security and, 168
+<BR> &nbsp; &nbsp; &nbsp;   Windows 95/98, 51-53
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      changing, 52
+<BR>pathnames
+<BR> &nbsp; &nbsp; &nbsp;   option for, 98
+<BR> &nbsp; &nbsp; &nbsp;   printer configuration and, 207
+<BR>paths, architecture-specific, 86
+<BR>pdate encrypted option, 183
+<BR>PDC (primary domain controller), 20
+<BR> &nbsp; &nbsp; &nbsp;   domain master browser and, 119
+<BR> &nbsp; &nbsp; &nbsp;   domain option for, 190
+<BR> &nbsp; &nbsp; &nbsp;   domain-level security and, 164
+<BR>PDC (continued)
+<BR> &nbsp; &nbsp; &nbsp;   Samba 2.1 and, 186
+<BR> &nbsp; &nbsp; &nbsp;   Samba, setting up as, 184
+<BR> &nbsp; &nbsp; &nbsp;   sever-level security and, 168
+<BR> &nbsp; &nbsp; &nbsp;   trust accounts and, 186
+<BR>performance, 29
+<BR>performance tuning, 312-328
+<BR> &nbsp; &nbsp; &nbsp;   benchmark for, 312, 314
+<BR> &nbsp; &nbsp; &nbsp;   other options for, 319-328
+<BR> &nbsp; &nbsp; &nbsp;   recommended enhancements, 320
+<BR>permissions, 207
+<BR> &nbsp; &nbsp; &nbsp;   options for, 140-143
+<BR> &nbsp; &nbsp; &nbsp;   for printing, 207
+<BR>plaintext passwords, 173
+<BR>pluggable authentication modules (PAM), 36, 179
+<BR>p-node, 13
+<BR>point-to-point communication, 13
+<BR>point-to-point registration/resolution, 13
+<BR>port not telnet option, 257
+<BR>postexec option, 199
+<BR>postscript option, 221
+<BR>preexec option, 199
+<BR>preferred master browser, 119
+<BR>preferred master option, 126
+<BR>preserve case option, 147
+<BR>preventing browsing, 115
+<BR>primary domain controller (see PDC)
+<BR>primary WINS server, 26
+<BR>print command option, 221
+<BR>print queue, options for, 223
+<BR>print shares, 7-9, 89-90, 204-205
+<BR> &nbsp; &nbsp; &nbsp;   created by Samba, 205
+<BR> &nbsp; &nbsp; &nbsp;   options for, 222
+<BR> &nbsp; &nbsp; &nbsp;   path option, 98
+<BR> &nbsp; &nbsp; &nbsp;   setting up on Windows client, 7
+<BR>printable option, 219
+<BR>printcap name option, 223
+<BR>printer capabilities file, 89
+<BR>printer driver file option, 219
+<BR>printer driver location option, 220
+<BR>printer driver option, 219
+<BR>printer option, 219
+<BR>PRINTER$ share, creating, 212
+<BR>printers
+<BR> &nbsp; &nbsp; &nbsp;   BSD, 215
+<BR> &nbsp; &nbsp; &nbsp;   names
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      caution with, 205
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      checking, 375
+<BR> &nbsp; &nbsp; &nbsp;   option for, 219-221
+<BR> &nbsp; &nbsp; &nbsp;   sharing (see print shares)
+<BR> &nbsp; &nbsp; &nbsp;   System V, 216
+<BR>printing, 201-224
+<BR> &nbsp; &nbsp; &nbsp;   commands, 202
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      default commands for, 221
+<BR> &nbsp; &nbsp; &nbsp;   configuration, minimal, 203-205
+<BR> &nbsp; &nbsp; &nbsp;   configuration options, 203-207
+<BR> &nbsp; &nbsp; &nbsp;   drivers for, setting up, 210-213
+<BR> &nbsp; &nbsp; &nbsp;   on a network, steps in, 201
+<BR> &nbsp; &nbsp; &nbsp;   options for, 217-224
+<BR> &nbsp; &nbsp; &nbsp;   pathnames used in commands for, 207
+<BR> &nbsp; &nbsp; &nbsp;   permissions for, 207
+<BR> &nbsp; &nbsp; &nbsp;   print jobs, 204
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      spooling with smbprint tool, 213
+<BR> &nbsp; &nbsp; &nbsp;   printer definition file, 211
+<BR> &nbsp; &nbsp; &nbsp;   resources for information on debugging, 208
+<BR> &nbsp; &nbsp; &nbsp;   through Samba, 201-213
+<BR> &nbsp; &nbsp; &nbsp;   test for, 206
+<BR> &nbsp; &nbsp; &nbsp;   types, 218
+<BR> &nbsp; &nbsp; &nbsp;   variables for, 203
+<BR> &nbsp; &nbsp; &nbsp;   Windows client printers
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      printing to, 213-224
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      setting up and testing, 208
+<BR>printing configuration option, 218
+<BR>private directory (Samba distribution), 172
+<BR>private key cryptography, 35
+<BR>privileges, option for, 199
+<BR>processes (see daemons)
+<BR>profiles, 194
+<BR> &nbsp; &nbsp; &nbsp;   creating, 53
+<BR> &nbsp; &nbsp; &nbsp;   local, 194
+<BR> &nbsp; &nbsp; &nbsp;   mandatory, 196
+<BR> &nbsp; &nbsp; &nbsp;   roaming, 194-196
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      option for location of, 197
+<BR>programmers, support for, 230-233
+<BR>propagation, browse list, 24
+<BR>Properties button (Windows 95/98), 55
+<BR>protocols
+<BR> &nbsp; &nbsp; &nbsp;   routed through a hardware device, 53
+<BR> &nbsp; &nbsp; &nbsp;   variant, negotiating, 78
+<BR>Protocols tab, 65-66
+<P><A NAME="Q"><B>Q</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>queuepause command option, 223
+<BR>queueresume command option, 223
+<BR>quotation marks in values, 84
+<P><A NAME="R"><B>R</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>rc.local file, 47
+<BR>read list option, 161
+<BR>read only option, 100
+<BR>read prediction, testing, 318
+<BR>read raw, tuning, 315
+<BR>read size, tuning, 318
+<BR>reading documentation, importance of, 34
+<BR>read-only files, 136
+<BR> &nbsp; &nbsp; &nbsp;   deleting, 139, 142
+<BR>read-only partitions, 40
+<BR>read-only/read-write access, 159
+<BR>remote announce option, 127
+<BR>remote browse sync option, 127
+<BR>remote procedure call (RPC), 376
+<BR>representing/resolving filenames, 145
+<BR>resource names, 14
+<BR>resource types, 14
+<BR> &nbsp; &nbsp; &nbsp;   for primary domain controller vs. domain master browser, 24
+<BR>resources, connecting to, 81
+<BR>resources for further information, 291-293
+<BR> &nbsp; &nbsp; &nbsp;   group attributes, 16
+<BR> &nbsp; &nbsp; &nbsp;   NFS (Network File System), 293
+<BR> &nbsp; &nbsp; &nbsp;   printers, debugging, 208
+<BR> &nbsp; &nbsp; &nbsp;   Samba, 32
+<BR> &nbsp; &nbsp; &nbsp;   Solaris servers, 321
+<BR> &nbsp; &nbsp; &nbsp;   Windows network configuration commands, 192
+<BR>revalidation of users, 192
+<BR>roaming profiles, 194-196
+<BR> &nbsp; &nbsp; &nbsp;   option for location of, 197
+<BR>role settings in elections, 117
+<BR>root postexec option, 199
+<BR>root preexec option, 198
+<BR>root user, 37, 199
+<BR> &nbsp; &nbsp; &nbsp;   access, 159
+<BR>routers, TCP/IP configuring and, 68
+<BR>RPC (remote procedure call), 376
+<BR>rpcclient program, 376
+<P><A NAME="S"><B>S</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>SAM (security account manager), 19, 169
+<BR>Samba, 1-9
+<BR> &nbsp; &nbsp; &nbsp;   compatibility with Windows NT, 30
+<BR> &nbsp; &nbsp; &nbsp;   compiling (see compiling Samba)
+<BR> &nbsp; &nbsp; &nbsp;   configuring (see configuring Samba)
+<BR> &nbsp; &nbsp; &nbsp;   daemons (see daemons)
+<BR> &nbsp; &nbsp; &nbsp;   distribution, xi, 28, 32
+<BR> &nbsp; &nbsp; &nbsp;   documentation, importance of reading, 34
+<BR> &nbsp; &nbsp; &nbsp;   downloading, 32-34
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      with CVS, 378
+<BR> &nbsp; &nbsp; &nbsp;   features/uses, x
+<BR> &nbsp; &nbsp; &nbsp;   installing (see installing Samba)
+<BR> &nbsp; &nbsp; &nbsp;   logging in for the first time, 52
+<BR> &nbsp; &nbsp; &nbsp;   Microsoft encryption and, 30
+<BR> &nbsp; &nbsp; &nbsp;   new features file, 34
+<BR> &nbsp; &nbsp; &nbsp;   origin of name, 2
+<BR> &nbsp; &nbsp; &nbsp;   performance tuning, 312-328
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      benchmark for, 312, 314
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      other options for, 319-328
+<BR> &nbsp; &nbsp; &nbsp;   reasons for using, 3
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 291-293
+<BR> &nbsp; &nbsp; &nbsp;   roles in Windows domains/workgroups, 26
+<BR> &nbsp; &nbsp; &nbsp;   startup file, 363
+<BR> &nbsp; &nbsp; &nbsp;   test utilities, 254-257
+<BR> &nbsp; &nbsp; &nbsp;   version 2.0, 20, 28
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      character sets, 235
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      code pages for, 234
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      coding system parameters, 235
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      new options, 238
+<BR> &nbsp; &nbsp; &nbsp;   version 2.0.5, xi, 28
+<BR> &nbsp; &nbsp; &nbsp;   version 2.1, 20
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      PDC functionality and, 186
+<BR> &nbsp; &nbsp; &nbsp;   web site, 32, 291
+<BR> &nbsp; &nbsp; &nbsp;   WINS server and, 225
+<BR>Samba server
+<BR> &nbsp; &nbsp; &nbsp;   accessing, 61
+<BR> &nbsp; &nbsp; &nbsp;   connecting to, 71
+<BR> &nbsp; &nbsp; &nbsp;   resources offered, 72
+<BR> &nbsp; &nbsp; &nbsp;   sizing, 320-328
+<BR> &nbsp; &nbsp; &nbsp;   viewing via Network Neighborhood icon, 72
+<BR>Samba Web Administration Tool (see SWAT tool)
+<BR>scripts
+<BR> &nbsp; &nbsp; &nbsp;   connection, 198
+<BR> &nbsp; &nbsp; &nbsp;   logon, 192-200
+<BR> &nbsp; &nbsp; &nbsp;   magic, 233
+<BR> &nbsp; &nbsp; &nbsp;   for Samba startup file, 363
+<BR>secondary WINS server, 26
+<BR>sections of smb.conf (Samba configuration) file, 83
+<BR>Secure Sockets Layer protocol (see SSL)
+<BR>security, 35, 164-171
+<BR> &nbsp; &nbsp; &nbsp;   domain-level, 169-171
+<BR> &nbsp; &nbsp; &nbsp;   levels of, 164
+<BR>security (continued)
+<BR> &nbsp; &nbsp; &nbsp;   options for, 164
+<BR> &nbsp; &nbsp; &nbsp;   restricting access to shares, 158-163
+<BR> &nbsp; &nbsp; &nbsp;   server-level, 168
+<BR> &nbsp; &nbsp; &nbsp;   share-level, 164-167
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      options for, 167
+<BR> &nbsp; &nbsp; &nbsp;   user-level, 167
+<BR>security account manager (SAM), 19, 169
+<BR>Select Network Protocol dialog box, 65
+<BR>server configuration options, 94-96
+<BR>Server Message Block (see SMB)
+<BR>server string parameter, 95
+<BR>server-level security, 168
+<BR>servers
+<BR> &nbsp; &nbsp; &nbsp;   active, list of, 116
+<BR> &nbsp; &nbsp; &nbsp;   testing with nmblookup program, 278
+<BR> &nbsp; &nbsp; &nbsp;   virtual, 106-108
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      options for, 107
+<BR>service bindings, 71
+<BR>services, 83
+<BR> &nbsp; &nbsp; &nbsp;   list of enabled on machine, 45
+<BR> &nbsp; &nbsp; &nbsp;   performed by Samba, 2
+<BR> &nbsp; &nbsp; &nbsp;   testing low-level, 257-263
+<BR> &nbsp; &nbsp; &nbsp;   Workstation, 65
+<BR> &nbsp; &nbsp; &nbsp;   (see also shares)
+<BR>Services tab, 65
+<BR>session layer, connection at, 78
+<BR>session parameters, setting, 79
+<BR>session service, 10, 16-18
+<BR>set directory option, 244
+<BR>share modes, 151
+<BR>share options, 90
+<BR>shared directory/resources (see shares)
+<BR>shared resources (see shares)
+<BR>share-level security, 164-167
+<BR> &nbsp; &nbsp; &nbsp;   options for, 167
+<BR> &nbsp; &nbsp; &nbsp;   printing and guest accounts, 204
+<BR> &nbsp; &nbsp; &nbsp;   steps in taken by Samba, 165
+<BR>shares, 30, 83
+<BR> &nbsp; &nbsp; &nbsp;   access to
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      controlling, 158-163
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      creating for groups, 157
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      by foreign hosts, option for, 184
+<BR> &nbsp; &nbsp; &nbsp;   contents, restricting view of, 115
+<BR> &nbsp; &nbsp; &nbsp;   default, 115
+<BR> &nbsp; &nbsp; &nbsp;   file, path option for, 98
+<BR> &nbsp; &nbsp; &nbsp;   [globals] section, 88
+<BR> &nbsp; &nbsp; &nbsp;   option for identifying users allowed access to, 168
+<BR> &nbsp; &nbsp; &nbsp;   viewing (see browsing)
+<BR>sharing
+<BR> &nbsp; &nbsp; &nbsp;   disks (see disk shares)
+<BR> &nbsp; &nbsp; &nbsp;   printers (see print shares)
+<BR>Sharpe, Richard, 74
+<BR>SIGHUP signal, 85
+<BR>sizing Samba servers, 320-328
+<BR>smb passwd file option, 183
+<BR>SMB (Server Message Block), 2, 74-81
+<BR> &nbsp; &nbsp; &nbsp;   command string, 75
+<BR> &nbsp; &nbsp; &nbsp;   commercial products for, 77
+<BR> &nbsp; &nbsp; &nbsp;   deny-mode locks, 151
+<BR> &nbsp; &nbsp; &nbsp;   format of, 74
+<BR> &nbsp; &nbsp; &nbsp;   header, 75
+<BR> &nbsp; &nbsp; &nbsp;   magic scripts, 233
+<BR> &nbsp; &nbsp; &nbsp;   making a simple connection, 77
+<BR> &nbsp; &nbsp; &nbsp;   maximum number of operations, option for, 243
+<BR> &nbsp; &nbsp; &nbsp;   networks, 4
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      usernames and, 162
+<BR> &nbsp; &nbsp; &nbsp;   option for NT-specific options, 243
+<BR> &nbsp; &nbsp; &nbsp;   password server, 168
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 74
+<BR> &nbsp; &nbsp; &nbsp;   seamless operation across networks, 30
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting connections, 268-275
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      testing locally, 268
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      testing with NET USE, 271-274
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      testing with smbclient, 270
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      testing with Windows Explorer, 274-275
+<BR> &nbsp; &nbsp; &nbsp;   wrapper support, 34
+<BR>SMB/CIFS protocol, 3
+<BR> &nbsp; &nbsp; &nbsp;   filesystems, 34
+<BR> &nbsp; &nbsp; &nbsp;   network and, 9-18
+<BR>smbclient program, 49, 364-370
+<BR>smb.conf (Samba configuration) file, 8, 41, 63, 82-93
+<BR> &nbsp; &nbsp; &nbsp;   configuring printers, 203
+<BR> &nbsp; &nbsp; &nbsp;   creating, 93
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      for each client, 253
+<BR> &nbsp; &nbsp; &nbsp;   example of, 82
+<BR> &nbsp; &nbsp; &nbsp;   modifying for printer drivers, 212
+<BR> &nbsp; &nbsp; &nbsp;   options for, 90-93
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      format of, 83
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      supporting programmers, 230-232
+<BR> &nbsp; &nbsp; &nbsp;   special sections of, 88-91
+<BR> &nbsp; &nbsp; &nbsp;   structure of, 83-86
+<BR> &nbsp; &nbsp; &nbsp;   testparm program for, 375
+<BR> &nbsp; &nbsp; &nbsp;   variables for, 86-88
+<BR>smbd daemon, 2, 82, 359-360
+<BR> &nbsp; &nbsp; &nbsp;   file, 47
+<BR> &nbsp; &nbsp; &nbsp;   killing, 48
+<BR> &nbsp; &nbsp; &nbsp;   starting, 46
+<BR>smbd server, checking with telnet, 266
+<BR>smbmount, support for, 36
+<BR>smbpasswd file, 172, 174-176
+<BR> &nbsp; &nbsp; &nbsp;   adding entries to, 175
+<BR> &nbsp; &nbsp; &nbsp;   caution with, 173-174
+<BR> &nbsp; &nbsp; &nbsp;   option for location of, 183
+<BR>smbpasswd program, 171, 374
+<BR> &nbsp; &nbsp; &nbsp;   changing passwords with, 176
+<BR>smbprint tool, spooling print jobs, 213
+<BR>smbrun option, 244
+<BR>smbsh program, 364
+<BR>smbstatus program, 8, 370
+<BR>smbtar program, 245-248
+<BR> &nbsp; &nbsp; &nbsp;   tar operations and, 371
+<BR>smbwrapper client, 30
+<BR>smbwrapper package, 35
+<BR>socket address option, 106
+<BR>socket options configuration options, 314
+<BR>software distribution (see Samba, distribution)
+<BR>source vs. binary files, 32
+<BR>spaces in values, 84
+<BR>special sections, smb.conf (Samba configuration) file, 88-91
+<BR>spelling, caution with, 61
+<BR>spool space, options for, 223
+<BR>square brackets, 83
+<BR>ssl CA certDir option, 308
+<BR>ssl CA certFile option, 308
+<BR>ssl ciphers option, 310
+<BR>ssl client cert option, 309
+<BR>ssl client key option, 309
+<BR>ssl compatibility option, 311
+<BR>ssl hosts option, 307
+<BR>ssl hosts resign option, 307
+<BR>ssl option, 307
+<BR>ssl require clientcert option, 309
+<BR>ssl require servercert option, 310
+<BR>SSL (Secure Sockets Layer) protocol, 30
+<BR> &nbsp; &nbsp; &nbsp;   configuration options for, 306-311
+<BR> &nbsp; &nbsp; &nbsp;   configuring Samba to use, 300
+<BR> &nbsp; &nbsp; &nbsp;   configuring Samba with, 295-311
+<BR> &nbsp; &nbsp; &nbsp;   SS Proxy, 296
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      setting up, 304
+<BR> &nbsp; &nbsp; &nbsp;   SSLeay, 296-304
+<BR> &nbsp; &nbsp; &nbsp;   support for, 34, 36
+<BR>ssl server cert option, 308
+<BR>ssl server key option, 308
+<BR>ssl version option, 310
+<BR>stand-alone daemons, 47
+<BR>stat cache option, 239
+<BR>stat cache size option, 239
+<BR>status option, 244
+<BR>status report on Samba, 8
+<BR>strict locking option, 152, 319
+<BR>strict sync option, 245, 319
+<BR>string types, 90
+<BR>strip dot option, 245
+<BR>subnets, 12
+<BR> &nbsp; &nbsp; &nbsp;   hosts and, caution with, 102
+<BR> &nbsp; &nbsp; &nbsp;   mask, 57, 67
+<BR> &nbsp; &nbsp; &nbsp;   multiple spanned by Windows workgroups, 24
+<BR> &nbsp; &nbsp; &nbsp;   Windows NT workstations and, 24
+<BR>superuser (see root user)
+<BR>SWAT tool, 29
+<BR> &nbsp; &nbsp; &nbsp;   adding to configuration files, 41
+<BR> &nbsp; &nbsp; &nbsp;   creating configuration file with, 42
+<BR>sync always option, 245, 319
+<BR>synchronizing
+<BR> &nbsp; &nbsp; &nbsp;   passwords, 176-179
+<BR> &nbsp; &nbsp; &nbsp;   time, options for, 231
+<BR>syntax errors, 45
+<BR>syslog only option, 113
+<BR>syslog option, 113
+<BR>SYSLOG utility, 110
+<BR> &nbsp; &nbsp; &nbsp;   support for, 36
+<BR>system administrator, WINS server and, 26
+<BR>system files, 136
+<BR>System V Unix, 47
+<BR> &nbsp; &nbsp; &nbsp;   printer configuration for, 203
+<P><A NAME="T"><B>T</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>tar operations, 371
+<BR>tcpdump utility, 78, 255-257, 376
+<BR> &nbsp; &nbsp; &nbsp;   passwords, reading, 172
+<BR>TCP/IP networking protocol, 9
+<BR> &nbsp; &nbsp; &nbsp;   adding/configuring, 54
+<BR> &nbsp; &nbsp; &nbsp;   checking setup, 53
+<BR> &nbsp; &nbsp; &nbsp;   compared with NetBIOS, 10
+<BR> &nbsp; &nbsp; &nbsp;   configuring, 66-71
+<BR> &nbsp; &nbsp; &nbsp;   installing, 65
+<BR> &nbsp; &nbsp; &nbsp;   NetBIOS over, 10
+<BR> &nbsp; &nbsp; &nbsp;   receive window, tuning, 317
+<BR> &nbsp; &nbsp; &nbsp;   resources for further information, 293
+<BR> &nbsp; &nbsp; &nbsp;   TCP, troubleshooting, 263
+<BR>TCP/IP Properties panel (Windows 95/98), 55
+<BR>test parser, 45
+<BR>test share, 42
+<BR>testing
+<BR> &nbsp; &nbsp; &nbsp;   configuration file, 45
+<BR> &nbsp; &nbsp; &nbsp;   daemons, 49
+<BR> &nbsp; &nbsp; &nbsp;   Samba, 41-46
+<BR> &nbsp; &nbsp; &nbsp;   smbclient program, 364-370
+<BR> &nbsp; &nbsp; &nbsp;   test utilities for Samba, 254-257
+<BR> &nbsp; &nbsp; &nbsp;   tools for (CD-ROM with this book), 28
+<BR>testparm program, 375
+<BR>testparm test parser, 45
+<BR>testprns program, 375
+<BR>TID (tree identifier), 74, 78, 80
+<BR>time server option, 231
+<BR>time synchronization, options for, 231
+<BR>time to live (TTL), options for, 229
+<BR>timestamp logs option, 112
+<BR>trace utility, 254
+<BR>trailing dot, option for, 245
+<BR>tree identifier (TID), 74, 78, 80
+<BR>Tridgell, Andrew, 2, 255
+<BR>troubleshooting, 250-291
+<BR> &nbsp; &nbsp; &nbsp;   information to have on hand, 257
+<BR> &nbsp; &nbsp; &nbsp;   network addresses, 288-290
+<BR> &nbsp; &nbsp; &nbsp;   where to start, 250
+<BR>trust accounts, creating, 186
+<BR>TTL (time to live), options for, 229
+<BR>tuning (see performance tuning)
+<P><A NAME="U"><B>U</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>umasks, 138
+<BR>uniform resource locators (URLs), 6
+<BR>Universal Naming Convention (UNC), 5
+<BR>Unix
+<BR> &nbsp; &nbsp; &nbsp;   carriage returns, 193
+<BR> &nbsp; &nbsp; &nbsp;   daemons, 2
+<BR> &nbsp; &nbsp; &nbsp;   file permissions and attributes, 135-143
+<BR> &nbsp; &nbsp; &nbsp;   filenames, option for, 245
+<BR> &nbsp; &nbsp; &nbsp;   locks and, 150
+<BR> &nbsp; &nbsp; &nbsp;   networks, usernames and, 162
+<BR> &nbsp; &nbsp; &nbsp;   options
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      for messaging, 237
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      miscellaneous, 240
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      for print commands, 221
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      for system logger, 113
+<BR> &nbsp; &nbsp; &nbsp;   password files, 169
+<BR> &nbsp; &nbsp; &nbsp;   permissions, share write access and, 159
+<BR> &nbsp; &nbsp; &nbsp;   servers, backing up computers from, 246
+<BR> &nbsp; &nbsp; &nbsp;   System V, 47
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      printer configuration for, 203
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      printing and, 29
+<BR> &nbsp; &nbsp; &nbsp;   troubleshooting utilities, 254
+<BR> &nbsp; &nbsp; &nbsp;   user classifications, 135
+<BR>unix password sync option, 180
+<BR>unix realname option, 133
+<BR>URLs (uniform resource locators), 6
+<BR> &nbsp; &nbsp; &nbsp;   distribution, 28
+<BR> &nbsp; &nbsp; &nbsp;   Kerberos, 35
+<BR> &nbsp; &nbsp; &nbsp;   Samba, 28, 32
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      distribution, xi
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      web site, 291
+<BR> &nbsp; &nbsp; &nbsp;   SMB (Server Message Block), 74
+<BR>use rhosts option, 184
+<BR>user profiles (Windows 95/98), 50
+<BR>user variables, 86
+<BR>user-level security, 164, 167
+<BR>username level option, 163
+<BR>username map option, 162
+<BR>username option, 167
+<BR>usernames
+<BR> &nbsp; &nbsp; &nbsp;   case sensitivity and, 163
+<BR> &nbsp; &nbsp; &nbsp;   options for, 162-163
+<BR> &nbsp; &nbsp; &nbsp;   SMB vs. Unix networks, 162
+<BR> &nbsp; &nbsp; &nbsp;   Windows 95/98, 51-53
+<BR>users, 155-158
+<BR> &nbsp; &nbsp; &nbsp;   allowing superuser (root) access to, 159
+<BR> &nbsp; &nbsp; &nbsp;   creating, 89
+<BR> &nbsp; &nbsp; &nbsp;   domain, semi-automatic deletion, 171
+<BR> &nbsp; &nbsp; &nbsp;   home directory, 36
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      logon script option for location of, 198
+<BR> &nbsp; &nbsp; &nbsp;   invalid, specifying, 158
+<BR> &nbsp; &nbsp; &nbsp;   read-only/read-write access, 159
+<BR> &nbsp; &nbsp; &nbsp;   setting up, 155
+<BR> &nbsp; &nbsp; &nbsp;   share-level option for authentication of, 192
+<BR> &nbsp; &nbsp; &nbsp;   shares for, setting up, 157
+<BR>/usr/local/samba file, 40
+<BR>/usr/local/samba/var/log.smb file, 49
+<P><A NAME="V"><B>V</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>valid chars option, 236
+<BR>variables, 86-88
+<BR>veto files, 129-131
+<BR> &nbsp; &nbsp; &nbsp;   option for deleting, 135
+<BR>veto files option, 134
+<BR>veto oplock files option, 154
+<BR>viewing daemons, 8
+<BR>virtual connection, 78
+<BR>virtual hosts, 29
+<BR>virtual servers, 106-108
+<BR> &nbsp; &nbsp; &nbsp;   options for, 107
+<BR>volume option, 100
+<P><A NAME="W"><B>W</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+<BR>Whistle, 3
+<BR>whitespaces in values, 84
+<BR>wide links option, 134, 319
+<BR>Windows 95/98
+<BR> &nbsp; &nbsp; &nbsp;   domain controllers for, 18-20
+<BR> &nbsp; &nbsp; &nbsp;   domain logons, configuring, 185
+<BR> &nbsp; &nbsp; &nbsp;   domains, 184-192
+<BR> &nbsp; &nbsp; &nbsp;   miscellaneous options for, 240
+<BR> &nbsp; &nbsp; &nbsp;   multiple users, support for, 50
+<BR> &nbsp; &nbsp; &nbsp;   passwords, encrypted, 172
+<BR> &nbsp; &nbsp; &nbsp;   printer drivers, installing, 210
+<BR> &nbsp; &nbsp; &nbsp;   share-level security, support for, 165
+<BR> &nbsp; &nbsp; &nbsp;   WinPopup tool, 237
+<BR>Windows clients
+<BR> &nbsp; &nbsp; &nbsp;   configuring, 50-81
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      Windows NT 4.0 computers, 63-73
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      Windows95/98 computers, 50-63
+<BR> &nbsp; &nbsp; &nbsp;   individual configuration files for, 253
+<BR> &nbsp; &nbsp; &nbsp;   printers for, setting up and testing, 208
+<BR> &nbsp; &nbsp; &nbsp;   role settings in elections, 117
+<BR>Windows Explorer, Map Network Drive option, 5
+<BR>Windows Internet Name Service (see WINS)
+<BR>Windows NT
+<BR> &nbsp; &nbsp; &nbsp;   client/server and, 77
+<BR> &nbsp; &nbsp; &nbsp;   configuring domain logons, 186
+<BR> &nbsp; &nbsp; &nbsp;   domains, 18, 28, 184-192
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      caution when selecting, 190
+<BR> &nbsp; &nbsp; &nbsp;   IP address, setting, 67
+<BR> &nbsp; &nbsp; &nbsp;   naming, caution with, 63
+<BR> &nbsp; &nbsp; &nbsp;   passwords
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      encrypted, 172
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      new option for timeout (Samba version 2.0), 239
+<BR> &nbsp; &nbsp; &nbsp;   pipes, option for, 243
+<BR> &nbsp; &nbsp; &nbsp;   server, domain master browser and, 119
+<BR> &nbsp; &nbsp; &nbsp;   SMB, option for, 243
+<BR> &nbsp; &nbsp; &nbsp;   user authentication and, 186
+<BR> &nbsp; &nbsp; &nbsp;   WINS address and, 70
+<BR>Windows NT Server 4.0, 65
+<BR>Windows NT Server Manager for Domains tool, 171
+<BR>Windows NT Workstation 4.0, 65
+<BR>Windows UNC format, 62
+<BR>Windows workgroups (see workgroups, Windows)
+<BR>WINDOWSHOSTS directory, 71
+<BR>WinPopup tool, 237
+<BR>WINS Address tab (Windows NT panel), 70
+<BR>WINS Configuration tab, 58
+<BR>wins proxy option, 228
+<BR>wins server option, 228
+<BR>wins support option, 228
+<BR>WINS (Windows Internet Name Service), 2, 25, 58
+<BR> &nbsp; &nbsp; &nbsp;   address, configuring, 70
+<BR> &nbsp; &nbsp; &nbsp;   name resolution and, 224
+<BR> &nbsp; &nbsp; &nbsp;   options for, 228
+<BR> &nbsp; &nbsp; &nbsp;   server, 44
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      configuring Windows domain logons and, 185
+<BR> &nbsp; &nbsp; &nbsp;   servers, 25, 59
+<BR> &nbsp; &nbsp; &nbsp;   Windows operating systems and, 26
+<BR> &nbsp; &nbsp; &nbsp;   WINS server
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      primary/secondary, 26
+<BR>WINS (Windows Internet Name Service) server
+<BR> &nbsp; &nbsp; &nbsp;   setting up Samba as, 226
+<BR> &nbsp; &nbsp; &nbsp;   setting up Sambato use, 225
+<BR>Wong, Brian, 321
+<BR>workgroup parameter, 96
+<BR>workgroups, 4
+<BR> &nbsp; &nbsp; &nbsp;   roles in assumed by Samba, 26
+<BR> &nbsp; &nbsp; &nbsp;   setting, 60
+<BR> &nbsp; &nbsp; &nbsp;   Windows
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      behaviors vs. Windows domain, 20
+<BR> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;      spanning multiple subnets, 24
+<BR>working directory, option for, 134
+<BR>Workstation service, installing, 65
+<BR>wrapper support for SMB (Server Message Block), 34
+<BR>write ahead, tuning, 318
+<BR>write list option, 161
+<BR>write privileges, 40
+<BR>write raw, tuning, 315
+<BR>write size, tuning, 317
+<BR>writeable/write ok option, 100
+<P><A NAME="Y"><B>Y</B><A HREF="inx.html">[&nbsp;Top&nbsp;]</A>
+
+<pre>
+</PRE>
+
+<P>
+<HR NOSHADE SIZE="-1">
+<P>
+Using Samba <a href="index.html">Table of Contents</a>
+<P>
+<CENTER>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</td>
+</tr>
+</table>
+</body>
+</html>
diff --git a/docs/htmldocs/using_samba/licenseinfo.html b/docs/htmldocs/using_samba/licenseinfo.html
new file mode 100755
index 00000000000..7e8962a8325
--- /dev/null
+++ b/docs/htmldocs/using_samba/licenseinfo.html
@@ -0,0 +1,181 @@
+<HTML>
+<HEAD>
+<TITLE>License Info</title>
+</head>
+
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font>
+By Robert Eckstein, David Collier-Brown & Peter Kelly
+<br>1st Edition October 1999 (est.)
+<br>1-56592-449-5, Order Number: 4495
+<br>424 pages (est.), $34.95 (est.)
+</font>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+<!--sample chapter begins -->
+<h2>License Info</h2>
+<p>"Using Samba" may be freely reproduced and distributed in any
+form, in any medium physical or electronic, in whole or in
+part, provided that the terms of this license are adhered to
+and that the reproduction includes this license or a reference
+to it. For a complete reproduction of the book, the reference
+should read:
+<blockquote>
+  Copyright (c) 1999 by O'Reilly & Associates. This book,
+  Using Samba, first edition, was written by Robert Eckstein,
+  David Collier-Brown, and Peter Kelly, and published by
+  O'Reilly & Associates. This material may be distributed only
+  subject to the terms and conditions set forth in the
+  license, which is presently available at
+  <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html">
+  http://www.oreilly.com/catalog/samba/licenseinfo.html</a>.
+</blockquote>
+<p>
+For an excerpt, the reference should read:
+<blockquote>
+  Copyright (c) 1999 by O'Reilly & Associates. This material
+  was taken from the book Using Samba, first edition, written
+  by Robert Eckstein, David Collier-Brown, and Peter Kelly,
+  and published by O'Reilly & Associates. This material may be
+  distributed only subject to the terms and conditions set
+  forth in the license, which is presently available at
+  <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html">
+  http://www.oreilly.com/catalog/samba/licenseinfo.html</a>.
+</blockquote>
+<p>
+Translations must contain similar references in the target
+language. A sample model for a reference in a translation is
+the following:
+<blockquote>
+  Copyright (c) 1999 by [whoever owns the translation]. This
+  is a translation of Using Samba, first edition, written by
+  Robert Eckstein, David Collier-Brown, and Peter Kelly, and
+  published by O'Reilly & Associates. This material may be
+  distributed only subject to the terms and conditions set
+  forth in the license, which is presently available at
+  <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html">
+  http://www.oreilly.com/catalog/samba/licenseinfo.html</a>.
+</blockquote>
+<p>
+Both commercial and noncommercial redistribution of material
+from this book is permitted, but the following restrictions
+apply.
+<ol>
+<li> All copies of any version, including derivative works, must
+   display a prominent notice indicating the original authors
+   of the book and that it was originally developed by
+   O'Reilly & Associates. Any publication as a physical
+   (paper) book shall show the names of the authors and
+   O'Reilly & Associates on the outer surface.
+
+<li> Any changes made must be shared as described below.
+
+<li> No translation can be distributed publicly in print form
+   without approval from O'Reilly & Associates. Any
+   translation, by O'Reilly & Associates or another party,
+   falls under the same conditions as the original version.
+</ol>
+<p>
+MODIFIED VERSIONS. Distribution of any modified version must
+include a prominent notice describing the modifications that
+have been made, and must provide a URL or other sufficient
+information concerning how to obtain the original work.
+O'Reilly & Associates and the Samba Team are not responsible
+for the accuracy of any modifications not incorporated into
+their originally distributed version. The names of the
+original authors, O'Reilly & Associates, or the Samba team may
+not be used to assert or imply endorsement of the resulting
+document unless permission is obtained in advance. Anyone who
+distributes a version of the book with changes to text,
+figures, or any other element must provide the changed version
+in a standard source format to both O'Reilly and the Samba
+team, and must provide them under the same terms as the
+original book.
+<p>
+Mere aggregation of this work, or a portion of the work, with
+other works or programs on the same media shall not cause this
+license to apply to those other works.  The aggregate work
+shall contain this license and a notice specifying the
+inclusion of this material.
+<p>
+The copyright will stay in O'Reilly's hands, unless O'Reilly stops
+printing the book.  However, the book will be maintained by
+the Samba team.  Any changes made by O'Reilly will be given to
+the team, and vice versa.
+<p>
+TRANSLATIONS. In the case of translations, O'Reilly will
+choose when to update and reprint printed versions.  If
+O'Reilly lets the translation go out of print for more than 6
+months, the copyright and all other rights go to the Samba
+team.
+<p>
+SEVERABILITY. If any part of this license is found to be
+unenforceable in any jurisdiction, the remaining portions of
+the license remain in force.
+<p>
+NO WARRANTY. This work is licensed and provided "as is"
+without warranty of any kind, express or implied, including,
+but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose or a warranty of
+non-infringement.
+<p>
+GOOD-PRACTICE RECOMMENDATIONS. In addition to the requirements
+of this license, it is requested from and strongly recommended
+of redistributors that:
+<ol>
+ <li> If you are distributing the work on hardcopy or CD-ROM,
+    you provide email notification to the authors of your
+    intent to redistribute at least thirty days before your
+    manuscript or media freeze, to give the authors time to
+    provide updated documents. This notification should
+    describe modifications, if any, made to the document.
+
+ <li> All substantive modifications (including deletions) should
+    be either clearly marked in the document or else described
+    in an attachment to the document.
+
+ <li> While it is not mandatory under this license, it is
+    considered good form to offer a free copy of any hardcopy
+    and CD-ROM expression of this work to its authors and the
+    original software developers.
+
+ <li> Translations should contain this license in the target
+    language.
+</ol>
+
+
+<!-- End of sample chapter -->
+<CENTER>
+<HR SIZE="1" NOSHADE>
+<FONT SIZE="1" FACE="Verdana, Arial, Helvetica">
+<A HREF="http://www.oreilly.com/">
+<B>O'Reilly Home</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/sales/bookstores">
+<B>O'Reilly Bookstores</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/order_new/">
+<B>How to Order</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/contact.html">
+<B>O'Reilly Contacts<BR></B></A>
+<A HREF="http://www.oreilly.com/international/">
+<B>International</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/oreilly/about.html">
+<B>About O'Reilly</B></A> <B> | </B>
+<A HREF="http://www.oreilly.com/affiliates.html">
+<B>Affiliated Companies</B></A><p>
+<EM>&copy; 1999, O'Reilly &amp; Associates, Inc.</EM>
+</FONT>
+</CENTER>
+</BODY>
+
+</html>
diff --git a/docs/htmldocs/using_samba/this_edition.html b/docs/htmldocs/using_samba/this_edition.html
new file mode 100755
index 00000000000..71522ac31e1
--- /dev/null
+++ b/docs/htmldocs/using_samba/this_edition.html
@@ -0,0 +1,48 @@
+<HTML>
+<HEAD>
+<TITLE>This Edition</title>
+</head>
+
+<BODY BGCOLOR="#FFFFFF" TEXT="#000000" link="#990000" vlink="#0000CC">
+<table BORDER="0" CELLPADDING="0" CELLSPACING="0" width="90%">
+<tr>
+<td width="25%" valign="TOP">
+<img hspace=10 vspace=10 src="gifs/samba.s.gif" 
+alt="Using Samba" align=left valign=top border=0>
+</td>
+<td height="105" valign="TOP">
+<br>
+<H2>Using Samba</H2>
+<font>
+By Robert Eckstein, David Collier-Brown & Peter Kelly
+<br>1st Edition October 1999 (est.)
+<br>1-56592-449-5, Order Number: 4495
+<br>424 pages (est.), $34.95 (est.)
+</font>
+</td>
+</tr>
+</table>
+<hr size=1 noshade>
+
+<blockquote>
+  Copyright (c) 1999 by O'Reilly & Associates. This book,
+  Using Samba, first edition, was written by Robert Eckstein,
+  David Collier-Brown, and Peter Kelly, and published by
+  O'Reilly & Associates. This material may be distributed only
+  subject to the terms and conditions set forth in the
+  license, which is presently available at
+  <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html">
+  http://www.oreilly.com/catalog/samba/licenseinfo.html</a>.
+</blockquote>
+
+<hr size=1 noshade>
+
+<pre>
+This is a modified version of the O'Reilly first edition of
+<i>Using Samba</i>. Some of the modifications were made by <a
+href="mailto:jayts@bigfoot.com">Jay Ts</a> - thanks Jay!
+
+</pre>
+
+</BODY>
+</html>
diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html
new file mode 100755
index 00000000000..fe218a8f676
--- /dev/null
+++ b/docs/htmldocs/wbinfo.1.html
@@ -0,0 +1,382 @@
+<HTML
+><HEAD
+><TITLE
+>wbinfo</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="WBINFO"
+>wbinfo</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>wbinfo&nbsp;--&nbsp;Query information from winbind daemon</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>wbinfo</B
+>  [-u] [-g] [-h name] [-i ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN26"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+>The <B
+CLASS="COMMAND"
+>wbinfo</B
+> program queries and returns information 
+	created and used by the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>	winbindd(8)</B
+></A
+> daemon. </P
+><P
+>The <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> daemon must be configured 
+	and running for the <B
+CLASS="COMMAND"
+>wbinfo</B
+> program to be able 
+	to return information.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN37"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-u</DT
+><DD
+><P
+>This option will list all users available 
+		in the Windows NT domain for which the <B
+CLASS="COMMAND"
+>winbindd(8)
+		</B
+> daemon is operating in. Users in all trusted domains 
+		will also be listed.  Note that this operation does not assign 
+		user ids to any users that have not already been seen by 
+		<B
+CLASS="COMMAND"
+>winbindd(8)</B
+>.</P
+></DD
+><DT
+>-g</DT
+><DD
+><P
+>This option will list all groups available 
+		in the Windows NT domain for which the <B
+CLASS="COMMAND"
+>winbindd(8)
+		</B
+> daemon is operating in. Groups in all trusted domains
+		will also be listed.  Note that this operation does not assign 
+		group ids to any groups that have not already been seen by
+		<B
+CLASS="COMMAND"
+>winbindd(8)</B
+>. </P
+></DD
+><DT
+>-h name</DT
+><DD
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>-h</I
+></TT
+> option 
+		queries <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> to query the WINS
+		server for the IP address associated with the NetBIOS name
+		specified by the <TT
+CLASS="PARAMETER"
+><I
+>name</I
+></TT
+> parameter.
+		</P
+></DD
+><DT
+>-i ip</DT
+><DD
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>-i</I
+></TT
+> option 
+		queries <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> to send a node status
+		request to get the NetBIOS name associated with the IP address
+		specified by the <TT
+CLASS="PARAMETER"
+><I
+>ip</I
+></TT
+> parameter.
+		</P
+></DD
+><DT
+>-n name</DT
+><DD
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>-n</I
+></TT
+> option 
+		queries <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> for the SID 		
+		associated with the name specified. Domain names can be specified 
+		before the user name by using the winbind separator character.  
+		For example CWDOM1/Administrator refers to the Administrator
+		user in the domain CWDOM1.  If no domain is specified then the 
+		domain used is the one specified in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+		<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> parameter. </P
+></DD
+><DT
+>-s sid</DT
+><DD
+><P
+>Use <TT
+CLASS="PARAMETER"
+><I
+>-s</I
+></TT
+> to resolve
+		a SID to a name.  This is the inverse of the <TT
+CLASS="PARAMETER"
+><I
+>-n
+		</I
+></TT
+> option above.  SIDs must be specified as ASCII strings 
+		in the traditional Microsoft format. For example,
+		S-1-5-21-1455342024-3071081365-2475485837-500. </P
+></DD
+><DT
+>-U uid</DT
+><DD
+><P
+>Try to convert a UNIX user id to a Windows NT 
+		SID.  If the uid specified does not refer to one within
+		the winbind uid range then the operation will fail. </P
+></DD
+><DT
+>-G gid</DT
+><DD
+><P
+>Try to convert a UNIX group id to a Windows 
+		NT SID.  If the gid specified does not refer to one within 
+		the winbind gid range then the operation will fail. </P
+></DD
+><DT
+>-S sid</DT
+><DD
+><P
+>Convert a SID to a UNIX user id.  If the SID 
+		does not correspond to a UNIX user mapped by <B
+CLASS="COMMAND"
+>		winbindd(8)</B
+> then the operation will fail. </P
+></DD
+><DT
+>-Y sid</DT
+><DD
+><P
+>Convert a SID to a UNIX group id.  If the SID 
+		does not correspond to a UNIX group mapped by <B
+CLASS="COMMAND"
+>		winbindd(8)</B
+> then the operation will fail. </P
+></DD
+><DT
+>-t</DT
+><DD
+><P
+>Verify that the workstation trust account 
+		created when the Samba server is added to the Windows NT
+		domain is working. </P
+></DD
+><DT
+>-m</DT
+><DD
+><P
+>Produce a list of domains trusted by the 
+		Windows NT server <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> contacts 
+		when resolving names.  This list does not include the Windows 
+		NT domain the server is a Primary Domain Controller for.
+		</P
+></DD
+><DT
+>-r username</DT
+><DD
+><P
+>Try to obtain the list of UNIX group ids
+		to which the user belongs.  This only works for users
+		defined on a Domain Controller.
+		</P
+></DD
+><DT
+>-a username%password</DT
+><DD
+><P
+>Attempt to authenticate a user via winbindd. 
+                This checks both authenticaion methods and reports its results.
+		</P
+></DD
+><DT
+>-A username%password</DT
+><DD
+><P
+>Store username and password used by winbindd 
+		during session setup to a domain controller.  This enables
+		winbindd to operate in a Windows 2000 domain with Restrict
+		Anonymous turned on (a.k.a. Permissions compatiable with
+		Windows 2000 servers only).
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN119"
+></A
+><H2
+>EXIT STATUS</H2
+><P
+>The wbinfo program returns 0 if the operation 
+	succeeded, or 1 if the operation failed.  If the <B
+CLASS="COMMAND"
+>winbindd(8)
+	</B
+> daemon is not working <B
+CLASS="COMMAND"
+>wbinfo</B
+> will always return 
+	failure. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN124"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN127"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="winbindd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>winbindd(8)</B
+>
+	</A
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN132"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+><B
+CLASS="COMMAND"
+>wbinfo</B
+> and <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	were written by Tim Potter.</P
+><P
+>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/wfw_slip.htm b/docs/htmldocs/wfw_slip.htm
new file mode 100755
index 00000000000..5b4a0a5e539
--- /dev/null
+++ b/docs/htmldocs/wfw_slip.htm
@@ -0,0 +1,175 @@
+<HTML>
+<HEAD>
+<TITLE>Peter Karrer Announces SLIP for WFW</TITLE>
+</HEAD>
+<BODY>
+<H1><I>Winserve</I></H1>
+<HR>
+<H2><I>Peter Karrer Announces SLIP for WFW</I></H2>
+[NEW 03-22-95)
+<HR>
+<B>Hello,</B>
+<P>
+I've discovered a way to run WfW's TCP/IP-32 over a SLIP packet driver. This
+allows WfW users to do Windows networking over dialup lines just like it is
+possible with NT and the Windows 95 beta!
+<P>
+For instance, you can mount Microsoft's FTP server as a network drive in File
+Manager or connect to an MS Mail post office over the Internet.  Of course,
+the usual Internet stuff works as well.  Another interesting site is
+WINSERVE.001; check out www.winserve.com.
+<HR>
+This method should work with any class 1 (Ethernet II) packet driver. However,
+I'm not in a position to try anything else than SLIPPER/CSLIPPER. 
+<HR>
+<H3>Files you need:</H3>
+<B>WFWT32.EXE:</B>   ftp://ftp.microsoft.com/bussys/msclient/wfw/wfwt32.exe
+<P>
+  Microsoft's free TCP/IP for WfW.  It's a self-extracting archive which
+  should be executed in an empty directory.
+<P>
+<B>SLIPPER.EXE:</B>  ftp://biocserver.bioc.cwru.edu/pub/dos/slipper/slippr15.zip
+<P>
+  Peter Tattam's SLIP packet driver. CSLIPPER.EXE is a variant which supports
+  VJ header compression.
+<P>
+<B>PDETHER.EXE:</B>  ftp://sjf-lwp.idz.sjf.novell.com/odi/pdether/pde105.zip
+<P>
+  Don Provan's ODI-over-Packet Driver shim. This *must* be version 1.05 (or
+  above).
+<P>
+<B>LSL.COM:</B>
+<P>
+  Novell's LAN Support Layer.  If you're an owner of Windows 3.10, you'll
+  have it on one of your install disks.  Use "expand a:lsl.co_ lsl.com" to
+  expand it.  Microsoft has stopped bundling LSL.COM with WfW 3.11, though.
+  The newest version of LSL.COM can be downloaded as part of
+    ftp://ftp.novell.com/pub/netware/nwos/dosclnt12/vlms/vlmup2.exe.
+  However, it's not clear if this one may be legally used outside Netware
+  environments.
+<P>
+<B>NET.CFG:</B>
+<P>
+  A configuration file for LSL and PDETHER. It should contain the following
+  text:
+<P>
+<PRE>
+Link Support
+        Buffers 8 1600
+Link Driver PDETHER
+        Int 60
+        Frame Ethernet_II
+        Protocol IP   800  Ethernet_II
+        Protocol ARP  806  Ethernet_II
+        Protocol RARP 8035 Ethernet_II
+</PRE> 
+<P>
+<B>DISCOMX.COM:</B>
+<P>
+  A little hack of mine to disable the COM port used by the SLIP packet driver.
+  Usage is e.g. "discomx 2" to disable COM2.  This should be run before
+  starting WfW, otherwise you'll get "device conflict" messages. Here it is:
+<P><PRE>
+begin 644 discomx.com
+F,=N)V8H.@`"P(+^!`/.N3XH="=MT!DN`XP/1XS')!R:)CP`$S2``
+`
+end
+ </PRE>
+  (Save this text to disk as <I>filename</I>, then run "uudecode <I>filename</I>".
+   uudecode can be found, for instance, at
+     ftp://ftp.switch.ch/mirror/simtel/msdos/starter/uudecode.com )
+<P>
+<B>LMHOSTS:</B>
+ <P> 
+  An optional file which should be stored in your Windows subdirectory. It is
+  used to map NetBIOS computer names to IP addresses. Example:
+<P>
+<PRE>
+198.105.232.1   ftp             #PRE  # ftp.microsoft.com
+204.118.34.11   winserve.001    #PRE  # Winserve
+</PRE>
+<HR>
+<H3>How to install it:</H3>
+<P>
+<UL>
+<LI>Put the files mentioned above into a directory, e.g. C:\SLIP.
+<P>
+<LI>Put the following lines into AUTOEXEC.BAT:
+<P><PRE>
+  cd \slip
+  slipper com1 vec=60 baud=57600 ether	(may vary with your modem setup)
+  lsl
+  pdether
+  discomx 1				(must correspond to SLIPPER's COM port)
+</PRE>
+  (If you use another vec= setting, you must update that in NET.CFG as well.)
+  Use CSLIPPER instead of SLIPPER if your SLIP provider supports VJC.
+<P>
+<LI>Start WfW.
+<UL>
+<LI>Under Windows Setup, choose "Change Network Settings".
+<LI>Select  "Install Microsoft Windows Network".  
+<LI>In "Drivers...", choose "Add Adapter"
+  and install the "IPXODI Support driver (Ethernet) [ODI/NDIS3]".  
+<LI>In "Add Protocols...", select "Unlisted or Updated Protocol". When asked for a
+  driver disk, enter the directory where you expanded WFWT32.EXE. 
+<LI>Configure TCP/IP (IP address, enable LMHOSTS lookup, try 204.118.34.11 as primary
+  WINS server). Remove all other protocols (NetBEUI, IPX/SPX).
+</UL>
+<P>
+<LI>Windows will probably update the first lines of AUTOEXEC.BAT with
+<P>
+<PRE>
+  c:\windows\net start
+  c:\windows\odihlp.exe.
+</PRE>
+  The "odihlp" line must be moved behind the "pdether" line.
+<P>
+<LI>Windows will also update NET.CFG with some "Frame" lines. These must
+  be removed (except "Frame Ethernet_II").
+<P>
+<LI>Somehow, you will have to dial in to your SLIP provider.  I do it manually
+  before slipper (or cslipper) gets loaded, using a DOS-based terminal program.
+  But there are some automatic dialers around.  I've seen recommendations for
+    ftp://mvmpc9.ciw.uni-karlsruhe.de/x-slip/slip_it.exe. 
+<P>
+<LI>To connect to Microsoft's FTP server (or Winserve) go into File Manager,
+  choose "Connect Network drive" and enter "\\ftp" or "\\winserve.001" into
+  the "Path:" field.
+</UL>
+<HR>
+<H3>How it works:</H3>
+<P>
+Microsoft's TCP/IP-32 requires an NDIS3 interface. NDIS is Microsoft's way
+to interface with a network.
+<P>
+WfW also contains an NDIS3-over-ODI "shim", whose real mode component is
+ODIHLP.EXE.  ODI is Novell's way to interface with a network.
+<P>
+SLIPPER is a Packet Driver (PD) for use over serial lines.  PDs are everybody
+else's way to interface with a network.  SLIPPER's "ether" option makes it
+look like an Ethernet PD to applications using it. 
+<P>
+A "shim" is a program which simulates a network application programming
+interface on top of another.
+<P>
+There is no NDIS SLIP driver which would work with WfW.
+<P>
+There is no NDIS-over-PD shim.
+<P>
+However, there's an ODI-over-PD shim (PDETHER) and an NDIS-over-ODI shim
+(ODIHLP etc.)
+<P>
+OK, so let's do NDIS-over-ODI-over-PD!
+   <P>
+This should have worked all the time; however, a non-feature in PDETHER
+versions < 1.05 has prevented the method from functioning until now.
+<HR>
+<B>Questions, suggestions etc. please to
+<P>
+<PRE>
+Peter Karrer		pkarrer@ife.ee.ethz.ch
+</PRE>
+</B>
+</BODY>
+</HTML>
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
new file mode 100755
index 00000000000..bb18545c5b8
--- /dev/null
+++ b/docs/htmldocs/winbind.html
@@ -0,0 +1,1211 @@
+<HTML
+><HEAD
+><TITLE
+>Unified Logons between Windows NT and UNIX using Winbind</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="WINBIND"
+>Unified Logons between Windows NT and UNIX using Winbind</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Abstract</A
+></H1
+><P
+>Integration of UNIX and Microsoft Windows NT through 
+	a unified logon has been considered a "holy grail" in heterogeneous 
+	computing environments for a long time. We present 
+	<I
+CLASS="EMPHASIS"
+>winbind</I
+>, a component of the Samba suite 
+	of programs as a solution to the unified logon problem. Winbind 
+	uses a UNIX implementation 
+	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
+	Service Switch to allow Windows NT domain users to appear and operate 
+	as UNIX users on a UNIX machine. This paper describes the winbind 
+	system, explaining the functionality it provides, how it is configured, 
+	and how it works internally.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN7"
+>Introduction</A
+></H1
+><P
+>It is well known that UNIX and Microsoft Windows NT have 
+	different models for representing user and group information and 
+	use different technologies for implementing them. This fact has 
+	made it difficult to integrate the two systems in a satisfactory 
+	manner.</P
+><P
+>One common solution in use today has been to create 
+	identically named user accounts on both the UNIX and Windows systems 
+	and use the Samba suite of programs to provide file and print services 
+	between the two. This solution is far from perfect however, as 
+	adding and deleting users on both sets of machines becomes a chore 
+	and two sets of passwords are required both of which
+	can lead to synchronization problems between the UNIX and Windows 
+	systems and confusion for users.</P
+><P
+>We divide the unified logon problem for UNIX machines into 
+	three smaller problems:</P
+><P
+></P
+><UL
+><LI
+><P
+>Obtaining Windows NT user and group information
+		</P
+></LI
+><LI
+><P
+>Authenticating Windows NT users
+		</P
+></LI
+><LI
+><P
+>Password changing for Windows NT users
+		</P
+></LI
+></UL
+><P
+>Ideally, a prospective solution to the unified logon problem 
+	would satisfy all the above components without duplication of 
+	information on the UNIX machines and without creating additional 
+	tasks for the system administrator when maintaining users and 
+	groups on either system. The winbind system provides a simple 
+	and elegant solution to all three components of the unified logon 
+	problem.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN20"
+>What Winbind Provides</A
+></H1
+><P
+>Winbind unifies UNIX and Windows NT account management by 
+	allowing a UNIX box to become a full member of a NT domain. Once 
+	this is done the UNIX box will see NT users and groups as if 
+	they were native UNIX users and groups, allowing the NT domain 
+	to be used in much the same manner that NIS+ is used within 
+	UNIX-only environments.</P
+><P
+>The end result is that whenever any 
+	program on the UNIX machine asks the operating system to lookup 
+	a user or group name, the query will be resolved by asking the 
+	NT domain controller for the specified domain to do the lookup.
+	Because Winbind hooks into the operating system at a low level 
+	(via the NSS name resolution modules in the C library) this 
+	redirection to the NT domain controller is completely 
+	transparent.</P
+><P
+>Users on the UNIX machine can then use NT user and group 
+	names as they would use "native" UNIX names. They can chown files 
+	so that they are owned by NT domain users or even login to the 
+	UNIX machine and run a UNIX X-Window session as a domain user.</P
+><P
+>The only obvious indication that Winbind is being used is 
+	that user and group names take the form DOMAIN\user and 
+	DOMAIN\group. This is necessary as it allows Winbind to determine 
+	that redirection to a domain controller is wanted for a particular 
+	lookup and which trusted domain is being referenced.</P
+><P
+>Additionally, Winbind provides an authentication service 
+	that hooks into the Pluggable Authentication Modules (PAM) system 
+	to provide authentication via a NT domain to any PAM enabled 
+	applications. This capability solves the problem of synchronizing 
+	passwords between systems since all passwords are stored in a single 
+	location (on the domain controller).</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN27"
+>Target Uses</A
+></H2
+><P
+>Winbind is targeted at organizations that have an 
+		existing NT based domain infrastructure into which they wish 
+		to put UNIX workstations or servers. Winbind will allow these 
+		organizations to deploy UNIX workstations without having to 
+		maintain a separate account infrastructure. This greatly 
+		simplifies the administrative overhead of deploying UNIX 
+		workstations into a NT based organization.</P
+><P
+>Another interesting way in which we expect Winbind to 
+		be used is as a central part of UNIX based appliances. Appliances
+		that provide file and print services to Microsoft based networks 
+		will be able to use Winbind to provide seamless integration of 
+		the appliance into the domain.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN31"
+>How Winbind Works</A
+></H1
+><P
+>The winbind system is designed around a client/server 
+	architecture. A long running <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+	listens on a UNIX domain socket waiting for requests
+	to arrive. These requests are generated by the NSS and PAM 
+	clients and processed sequentially.</P
+><P
+>The technologies used to implement winbind are described 
+	in detail below.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN36"
+>Microsoft Remote Procedure Calls</A
+></H2
+><P
+>Over the last two years, efforts have been underway 
+		by various Samba Team members to decode various aspects of 
+		the Microsoft Remote Procedure Call (MSRPC) system. This 
+		system is used for most network related operations between 
+		Windows NT machines including remote management, user authentication
+		and print spooling. Although initially this work was done 
+		to aid the implementation of Primary Domain Controller (PDC) 
+		functionality in Samba, it has also yielded a body of code which 
+		can be used for other purposes.</P
+><P
+>Winbind uses various MSRPC calls to enumerate domain users 
+		and groups and to obtain detailed information about individual 
+		users or groups. Other MSRPC calls can be used to authenticate 
+		NT domain users and to change user passwords. By directly querying 
+		a Windows PDC for user and group information, winbind maps the 
+		NT account information onto UNIX user and group names.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN40"
+>Name Service Switch</A
+></H2
+><P
+>The Name Service Switch, or NSS, is a feature that is 
+		present in many UNIX operating systems. It allows system 
+		information such as hostnames, mail aliases and user information 
+		to be resolved from different sources. For example, a standalone 
+		UNIX workstation may resolve system information from a series of 
+		flat files stored on the local filesystem. A networked workstation 
+		may first attempt to resolve system information from local files, 
+		and then consult a NIS database for user information or a DNS server 
+		for hostname information.</P
+><P
+>The NSS application programming interface allows winbind 
+		to present itself as a source of system information when 
+		resolving UNIX usernames and groups.  Winbind uses this interface, 
+		and information obtained from a Windows NT server using MSRPC 
+		calls to provide a new source of account enumeration.  Using standard 
+		UNIX library calls, one can enumerate the users and groups on
+		a UNIX machine running winbind and see all users and groups in 
+		a NT domain plus any trusted domain as though they were local 
+		users and groups.</P
+><P
+>The primary control file for NSS is 
+		<TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+>. 
+		When a UNIX application makes a request to do a lookup 
+		the C library looks in <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> 
+		for a line which matches the service type being requested, for 
+		example the "passwd" service type is used when user or group names 
+		are looked up. This	config line species which implementations 
+		of that service should be tried and in what order. If the passwd 
+		config line is:</P
+><P
+><B
+CLASS="COMMAND"
+>passwd: files example</B
+></P
+><P
+>then the C library will first load a module called 
+		<TT
+CLASS="FILENAME"
+>/lib/libnss_files.so</TT
+> followed by
+		the module <TT
+CLASS="FILENAME"
+>/lib/libnss_example.so</TT
+>. The 
+		C library will dynamically load each of these modules in turn 
+		and call resolver functions within the modules to try to resolve 
+		the request. Once the request is resolved the C library returns the
+		result to the application.</P
+><P
+>This NSS interface provides a very easy way for Winbind 
+		to hook into the operating system. All that needs to be done 
+		is to put <TT
+CLASS="FILENAME"
+>libnss_winbind.so</TT
+> in <TT
+CLASS="FILENAME"
+>/lib/</TT
+> 
+		then add "winbind" into <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> at 
+		the appropriate place. The C library will then call Winbind to 
+		resolve user and group names.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN56"
+>Pluggable Authentication Modules</A
+></H2
+><P
+>Pluggable Authentication Modules, also known as PAM, 
+		is a system for abstracting authentication and authorization 
+		technologies. With a PAM module it is possible to specify different 
+		authentication methods for different system applications without 
+		having to recompile these applications. PAM is also useful
+		for implementing a particular policy for authorization. For example, 
+		a system administrator may only allow console logins from users 
+		stored in the local password file but only allow users resolved from 
+		a NIS database to log in over the network.</P
+><P
+>Winbind uses the authentication management and password 
+		management PAM interface to integrate Windows NT users into a 
+		UNIX system. This allows Windows NT users to log in to a UNIX 
+		machine and be authenticated against a suitable Primary Domain 
+		Controller. These users can also change their passwords and have 
+		this change take effect directly on the Primary Domain Controller.
+		</P
+><P
+>PAM is configured by providing control files in the directory 
+		<TT
+CLASS="FILENAME"
+>/etc/pam.d/</TT
+> for each of the services that 
+		require authentication. When an authentication request is made 
+		by an application the PAM code in the C library looks up this
+		control file to determine what modules to load to do the 
+		authentication check and in what order. This interface makes adding 
+		a new authentication service for Winbind very easy, all that needs 
+		to be done is that the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> module 
+		is copied to <TT
+CLASS="FILENAME"
+>/lib/security/</TT
+> and the PAM 
+		control files for relevant services are updated to allow 
+		authentication via winbind. See the PAM documentation
+		for more details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN64"
+>User and Group ID Allocation</A
+></H2
+><P
+>When a user or group is created under Windows NT 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers that are 
+		used to identify users, and the same range in which to identify 
+		groups. It is winbind's job to convert RIDs to UNIX id numbers and
+		vice versa.  When winbind is configured it is given part of the UNIX 
+		user id space and a part of the UNIX group id space in which to 
+		store Windows NT users and groups. If a Windows NT user is 
+		resolved for the first time, it is allocated the next UNIX id from 
+		the range. The same process applies for Windows NT groups. Over 
+		time, winbind will have mapped all Windows NT users and groups
+		to UNIX user ids and group ids.</P
+><P
+>The results of this mapping are stored persistently in 
+		an ID mapping database held in a tdb database). This ensures that 
+		RIDs are mapped to UNIX IDs in a consistent way.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN68"
+>Result Caching</A
+></H2
+><P
+>An active system can generate a lot of user and group 
+		name lookups. To reduce the network cost of these lookups winbind 
+		uses a caching scheme based on the SAM sequence number supplied 
+		by NT domain controllers.  User or group information returned 
+		by a PDC is cached by winbind along with a sequence number also 
+		returned by the PDC. This sequence number is incremented by 
+		Windows NT whenever any user or group information is modified. If 
+		a cached entry has expired, the sequence number is requested from 
+		the PDC and compared against the sequence number of the cached entry. 
+		If the sequence numbers do not match, then the cached information 
+		is discarded and up to date information is requested directly 
+		from the PDC.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN71"
+>Installation and Configuration</A
+></H1
+><P
+>Many thanks to John Trostel <A
+HREF="mailto:jtrostel@snapserver.com"
+TARGET="_top"
+>jtrostel@snapserver.com</A
+>
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
+to control access and authenticate users on your Linux box using 
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN75"
+>Introduction</A
+></H2
+><P
+>This HOWTO describes the procedures used to get winbind up and 
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.</P
+><P
+>This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.</P
+><P
+></P
+><UL
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>Why should I to this?</I
+>
+	</P
+><P
+>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
+	accounts on the SAMBA server.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>Who should be reading this document?</I
+>
+	</P
+><P
+>	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
+	integrate existing NT/Win2K users from your PDC onto the
+	SAMBA server, this HOWTO is for you.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN88"
+>Requirements</A
+></H2
+><P
+>If you have a samba configuration file that you are currently
+using... <I
+CLASS="EMPHASIS"
+>BACK IT UP!</I
+>  If your system already uses PAM,
+<I
+CLASS="EMPHASIS"
+>back up the <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>)
+directory contents!</I
+> If you haven't already made a boot disk,
+<I
+CLASS="EMPHASIS"
+>MAKE ONE NOW!</I
+></P
+><P
+>Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
+<TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>pam.conmf</TT
+>) back to
+the original state they were in if
+you get frustrated with the way things are going.</P
+><P
+>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
+<A
+HREF="http://samba.org/"
+TARGET="_top"
+>main SAMBA web page</A
+> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.</P
+><P
+>To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
+SAMBA machine, PAM (pluggable authentication modules) must
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <TT
+CLASS="FILENAME"
+>pam</TT
+> and <TT
+CLASS="FILENAME"
+>pam-devel</TT
+> RPM.
+The former is installed by default on all Linux systems of which the author is aware.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN104"
+>Testing Things Out</A
+></H2
+><P
+>Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <B
+CLASS="COMMAND"
+>smbd</B
+>, <B
+CLASS="COMMAND"
+>nmbd</B
+>, and <B
+CLASS="COMMAND"
+>winbindd</B
+> processes that may
+be running (<B
+CLASS="COMMAND"
+>winbindd</B
+> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+>
+directory structure, including the pam modules are used by pam-aware
+services, several pam libraries, and the <TT
+CLASS="FILENAME"
+>/usr/doc</TT
+>
+and <TT
+CLASS="FILENAME"
+>/usr/man</TT
+> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> library or
+include the <B
+CLASS="COMMAND"
+>--with-pam</B
+> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.</P
+><P
+>[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN117"
+>Configure and Compile SAMBA</A
+></H3
+><P
+>The configuration and compilation of SAMBA is straightforward.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>./configure --with-winbind</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make install</B
+></PRE
+></P
+><P
+>This will, by default, install SAMBA in <TT
+CLASS="FILENAME"
+>/usr/local/samba</TT
+>.
+See the main SAMBA documentation if you want to install SAMBA somewhere else.
+It will also build the winbindd executable and NSS library.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN130"
+>Configure <TT
+CLASS="FILENAME"
+>nsswitch.conf</TT
+> and the
+winbind libraries</A
+></H3
+><P
+>The libraries needed to run the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon
+through nsswitch need to be copied to their proper locations.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>cp nsswitch/libnss_winbind.so /lib</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/libnss_winbind.so</B
+></P
+><P
+>It necessary to make the following symbolic link:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>.2</TT
+> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
+<TT
+CLASS="FILENAME"
+>/lib/nss_winbind.so.1</TT
+></P
+><P
+>Now, as root edit <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> to
+allow user and group entries to be visible from the <B
+CLASS="COMMAND"
+>winbindd</B
+>
+daemon.  After editing, the file look appear:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	passwd:     files winbind
+	shadow:     files
+	group:      files winbind</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN152"
+>Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+></H3
+><P
+>Several parameters are needed in the smb.conf file to control
+the behavior of <B
+CLASS="COMMAND"
+>winbindd</B
+>. Configure
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> These are described in more detail in
+the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> man page.  My
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file was modified to
+include the following entries in the [global] section:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+     &#60;...&#62;
+     # separate domain and username with '+', like DOMAIN+username
+     <A
+HREF="winbindd.8.html#WINBINDSEPARATOR"
+TARGET="_top"
+>winbind separator</A
+> = +
+     # use uids from 10000 to 20000 for domain users
+     <A
+HREF="winbindd.8.html#WINBINDUID"
+TARGET="_top"
+>winbind uid</A
+> = 10000-20000
+     # use gids from 10000 to 20000 for domain groups
+     <A
+HREF="winbindd.8.html#WINBINDGID"
+TARGET="_top"
+>winbind gid</A
+> = 10000-20000
+     # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
+     <A
+HREF="winbindd.8.html#WINBINDENUMUSERS"
+TARGET="_top"
+>winbind enum users</A
+> = yes
+     <A
+HREF="winbindd.8.html#WINBINDENUMGROUP"
+TARGET="_top"
+>winbind enum groups</A
+> = yes
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
+     <A
+HREF="winbindd.8.html#TEMPLATEHOMEDIR"
+TARGET="_top"
+>template homedir</A
+> = /home/winnt/%D/%U
+     <A
+HREF="winbindd.8.html#TEMPLATESHELL"
+TARGET="_top"
+>template shell</A
+> = /bin/bash</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN169"
+>Join the SAMBA server to the PDC domain</A
+></H3
+><P
+>Enter the following command to make the SAMBA server join the
+PDC domain, where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the name of
+your Windows domain and <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator</I
+></TT
+> is
+a domain user who has administrative privileges in the domain.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B
+></P
+><P
+>The proper response to the command should be: "Joined the domain
+<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+>" where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+>
+is your DOMAIN name.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN180"
+>Start up the winbindd daemon and test it!</A
+></H3
+><P
+>Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
+SAMBA start, but it is possible to test out just the winbind
+portion first.  To start up winbind services, enter the following
+command as root:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>export PATH=$PATH:/usr/local/samba/bin</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>winbindd</B
+></P
+><P
+>I'm always paranoid and like to make sure the daemon
+is really running...</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ps -ae | grep winbindd</B
+></P
+><P
+>This command should produce output like this, if the daemon is running</P
+><P
+>3025 ?        00:00:00 winbindd</P
+><P
+>Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <TT
+CLASS="FILENAME"
+>packaging/RedHat/winbind.init</TT
+>.</P
+><P
+>Now... for the real test, try to get some information about the
+users on your PDC</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>wbinfo -u</B
+></P
+><P
+>This should echo back a list of users on your Windows users on
+your PDC.  For example, I get the following response:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>CEO+Administrator
+CEO+burdell
+CEO+Guest
+CEO+jt-ad
+CEO+krbtgt
+CEO+TsInternetUser</PRE
+></P
+><P
+>Obviously, I have named my domain 'CEO' and my <TT
+CLASS="PARAMETER"
+><I
+>winbind
+separator</I
+></TT
+> is '+'.</P
+><P
+>You can do the same sort of thing to get group information from
+the PDC:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>/usr/local/samba/bin/wbinfo -g</B
+>
+CEO+Domain Admins
+CEO+Domain Users
+CEO+Domain Guests
+CEO+Domain Computers
+CEO+Domain Controllers
+CEO+Cert Publishers
+CEO+Schema Admins
+CEO+Enterprise Admins
+CEO+Group Policy Creator Owners</PRE
+></P
+><P
+>The function 'getent' can now be used to get unified
+lists of both local and PDC users and groups.
+Try the following command:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>getent passwd</B
+></P
+><P
+>You should get a list that looks like your <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <TT
+CLASS="FILENAME"
+>rwxr-xr-x</TT
+>.</P
+><P
+>The same thing can be done for groups with the command</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>getent group</B
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN221"
+>Configure Winbind and PAM</A
+></H3
+><P
+>At this point we are assured that <B
+CLASS="COMMAND"
+>winbindd</B
+> and <B
+CLASS="COMMAND"
+>smbd</B
+>
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
+<TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>) file[s]? If not, do it now.)</P
+><P
+>You will need a PAM module to use <B
+CLASS="COMMAND"
+>winbindd</B
+> with these other services.  This
+module will be compiled in the <TT
+CLASS="FILENAME"
+>../source/nsswitch</TT
+> directory
+by invoking the command</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make nsswitch/pam_winbind.so</B
+></P
+><P
+>from the <TT
+CLASS="FILENAME"
+>../source</TT
+> directory.  The
+<TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> file should be copied to the location of
+your other pam security modules.  On Linux and Solaris systems, this is the
+<TT
+CLASS="FILENAME"
+>/lib/security</TT
+> directory.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>cp nsswitch/pam_winbind.so /lib/security</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/security/pam_winbind.so</B
+></P
+><P
+>Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
+<TT
+CLASS="FILENAME"
+>/etc/xinetd.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
+to change the lines in <TT
+CLASS="FILENAME"
+>/etc/xinetd.d/telnet</TT
+>
+and <TT
+CLASS="FILENAME"
+>/etc/xinetd.d/wu-ftp</TT
+> from</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>enable = no</PRE
+></P
+><P
+>to</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>enable = yes</PRE
+></P
+><P
+>For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
+the server, or change the home directory template to a general
+directory for all domain users.  These can be easily set using
+the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> global entry
+<B
+CLASS="COMMAND"
+>template homedir</B
+>.</P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/pam.d/ftp</TT
+> file can be changed
+to allow winbind ftp access in a manner similar to the
+samba file.  My <TT
+CLASS="FILENAME"
+>/etc/pam.d/ftp</TT
+> file was
+changed to look like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       sufficient   /lib/security/pam_winbind.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_shells.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth</PRE
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/pam.d/login</TT
+> file can be changed nearly the
+same way.  It now looks like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>auth       required     /lib/security/pam_securetty.so
+auth       sufficient   /lib/security/pam_winbind.so
+auth       sufficient   /lib/security/pam_unix.so use_first_pass
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so</PRE
+></P
+><P
+>In this case, I added the <B
+CLASS="COMMAND"
+>auth sufficient /lib/security/pam_winbind.so</B
+>
+lines as before, but also added the <B
+CLASS="COMMAND"
+>required pam_securetty.so</B
+>
+above it, to disallow root logins over the network.  I also added a
+<B
+CLASS="COMMAND"
+>sufficient /lib/security/pam_unix.so use_first_pass</B
+>
+line after the <B
+CLASS="COMMAND"
+>winbind.so</B
+> line to get rid of annoying
+double prompts for passwords.</P
+><P
+>Note that a Solaris <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass</PRE
+></P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN274"
+>Limitations</A
+></H1
+><P
+>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
+	releases:</P
+><P
+></P
+><UL
+><LI
+><P
+>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
+		containing this information is corrupted or destroyed.</P
+></LI
+><LI
+><P
+>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
+		that may be been set for Windows NT users.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN282"
+>Conclusion</A
+></H1
+><P
+>The winbind system, through the use of the Name Service 
+	Switch, Pluggable Authentication Modules, and appropriate 
+	Microsoft RPC calls have allowed us to provide seamless 
+	integration of Microsoft Windows NT domain users on a
+	UNIX system. The result is a great reduction in the administrative 
+	cost of running a mixed UNIX and NT network.</P
+></DIV
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html
new file mode 100755
index 00000000000..5d76dae2fdc
--- /dev/null
+++ b/docs/htmldocs/winbindd.8.html
@@ -0,0 +1,964 @@
+<HTML
+><HEAD
+><TITLE
+>winbindd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="WINBINDD"
+>winbindd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>winbindd&nbsp;--&nbsp;Name Service Switch daemon for resolving names 
+	from NT servers</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>winbindd</B
+>  [-i] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN14"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This program is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>winbindd</B
+> is a daemon that provides 
+	a service for the Name Service Switch capability that is present 
+	in most modern C libraries.  The Name Service Switch allows user 
+	and system information to be obtained from different databases 
+	services such as NIS or DNS.  The exact behaviour can be configured 
+	throught the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file.  
+	Users and groups are allocated as they are resolved to a range 
+	of user and group ids specified by the administrator of the 
+	Samba system.</P
+><P
+>The service provided by <B
+CLASS="COMMAND"
+>winbindd</B
+> is called `winbind' and 
+	can be used to resolve user and group information from a 
+	Windows NT server. The service can also provide authentication
+	services via an associated PAM module. </P
+><P
+>	The <TT
+CLASS="FILENAME"
+>pam_winbind</TT
+> module in the 2.2.2 release only 
+	supports the <TT
+CLASS="PARAMETER"
+><I
+>auth</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>account</I
+></TT
+> 
+	module-types.  The latter is simply
+	performs a getpwnam() to verify that the system can obtain a uid for the
+	user.  If the <TT
+CLASS="FILENAME"
+>libnss_winbind</TT
+> library has been correctly 
+	installed, this should always suceed.
+	</P
+><P
+>The following nsswitch databases are implemented by 
+	the winbindd service: </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>hosts</DT
+><DD
+><P
+>User information traditionally stored in 
+		the <TT
+CLASS="FILENAME"
+>hosts(5)</TT
+> file and used by 
+		<B
+CLASS="COMMAND"
+>gethostbyname(3)</B
+> functions. Names are
+		resolved through the WINS server or by broadcast.
+		</P
+></DD
+><DT
+>passwd</DT
+><DD
+><P
+>User information traditionally stored in 
+		the <TT
+CLASS="FILENAME"
+>passwd(5)</TT
+> file and used by 
+		<B
+CLASS="COMMAND"
+>getpwent(3)</B
+> functions. </P
+></DD
+><DT
+>group</DT
+><DD
+><P
+>Group information traditionally stored in 
+		the <TT
+CLASS="FILENAME"
+>group(5)</TT
+> file and used by 		
+		<B
+CLASS="COMMAND"
+>getgrent(3)</B
+> functions. </P
+></DD
+></DL
+></DIV
+><P
+>For example, the following simple configuration in the
+	<TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file can be used to initially 
+	resolve user and group information from <TT
+CLASS="FILENAME"
+>/etc/passwd
+	</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/group</TT
+> and then from the 
+	Windows NT server. </P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>passwd:         files winbind
+group:          files winbind
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The following simple configuration in the
+	<TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file can be used to initially
+	resolve hostnames from <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> and then from the
+	WINS server.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN57"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-d debuglevel</DT
+><DD
+><P
+>Sets the debuglevel to an integer between 
+		0 and 100. 0 is for no debugging and 100 is for reams and 
+		reams. To submit a bug report to the Samba Team, use debug 
+		level 100 (see BUGS.txt).   </P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Tells <B
+CLASS="COMMAND"
+>winbindd</B
+> to not 
+		become a daemon and detach from the current terminal. This 
+		option is used by developers when interactive debugging 
+		of <B
+CLASS="COMMAND"
+>winbindd</B
+> is required. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN70"
+></A
+><H2
+>NAME AND ID RESOLUTION</H2
+><P
+>Users and groups on a Windows NT server are assigned 
+	a relative id (rid) which is unique for the domain when the 
+	user or group is created.  To convert the Windows NT user or group 
+	into a unix user or group, a mapping between rids and unix user 
+	and group ids is required.  This is one of the jobs that <B
+CLASS="COMMAND"
+>	winbindd</B
+> performs. </P
+><P
+>As winbindd users and groups are resolved from a server, user 
+	and group ids are allocated from a specified range.  This
+	is done on a first come, first served basis, although all existing 
+	users and groups will be mapped as soon as a client performs a user 
+	or group enumeration command.  The allocated unix ids are stored 
+	in a database file under the Samba lock directory and will be 
+	remembered. </P
+><P
+>WARNING: The rid to unix id database is the only location 
+	where the user and group mappings are stored by winbindd.  If this 
+	file is deleted or corrupted, there is no way for winbindd to 
+	determine which user and group ids correspond to Windows NT user 
+	and group rids. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN76"
+></A
+><H2
+>CONFIGURATION</H2
+><P
+>Configuration of the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+	is done through configuration parameters in the <TT
+CLASS="FILENAME"
+>smb.conf(5)
+	</TT
+> file.  All parameters should be specified in the 
+	[global] section of smb.conf. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>winbind separator</DT
+><DD
+><P
+>The winbind separator option allows you 
+		to specify how NT domain names and user names are combined 
+		into unix user names when presented to users. By default, 
+		<B
+CLASS="COMMAND"
+>winbindd</B
+> will use the traditional '\' 
+		separator so that the unix user names look like 
+		DOMAIN\username. In some cases this separator character may 
+		cause problems as the '\' character has special meaning in 
+		unix shells.  In that case you can use the winbind separator 
+		option to specify an alternative separator character. Good 
+		alternatives may be '/' (although that conflicts
+		with the unix directory separator) or a '+ 'character. 
+		The '+' character appears to be the best choice for 100% 
+		compatibility with existing unix utilities, but may be an 
+		aesthetically bad choice depending on your taste. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind separator = \ </B
+>
+		</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind separator = + </B
+></P
+></DD
+><DT
+>winbind uid</DT
+><DD
+><P
+>The winbind uid parameter specifies the 
+		range of user ids that are allocated by the winbindd daemon.  
+		This range of ids should have no existing local or NIS users 
+		within it as strange conflicts can occur otherwise. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind uid = &#60;empty string&#62; 
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind uid = 10000-20000</B
+></P
+></DD
+><DT
+>winbind gid</DT
+><DD
+><P
+>The winbind gid parameter specifies the 
+		range of group ids that are allocated by the winbindd daemon.  
+		This range of group ids should have no existing local or NIS 
+		groups within it as strange conflicts can occur otherwise.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind gid = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind gid = 10000-20000
+		</B
+> </P
+></DD
+><DT
+>winbind cache time</DT
+><DD
+><P
+>This parameter specifies the number of 
+		seconds the winbindd daemon will cache user and group information 
+		before querying a Windows NT server again. When a item in the 
+		cache is older than this time winbindd will ask the domain 
+		controller for the sequence number of the server's account database. 
+		If the sequence number has not changed then the cached item is 
+		marked as valid for a further <TT
+CLASS="PARAMETER"
+><I
+>winbind cache time
+		</I
+></TT
+> seconds.  Otherwise the item is fetched from the 
+		server. This means that as long as the account database is not 
+		actively changing winbindd will only have to send one sequence 
+		number query packet every <TT
+CLASS="PARAMETER"
+><I
+>winbind cache time
+		</I
+></TT
+> seconds. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind cache time = 15</B
+>
+		</P
+></DD
+><DT
+>winbind enum users</DT
+><DD
+><P
+>On large installations it may be necessary 
+		to suppress the enumeration of users through the <B
+CLASS="COMMAND"
+>		setpwent()</B
+>, <B
+CLASS="COMMAND"
+>getpwent()</B
+> and 
+		<B
+CLASS="COMMAND"
+>endpwent()</B
+> group of system calls.  If 
+		the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum users</I
+></TT
+> parameter is false, 
+		calls to the <B
+CLASS="COMMAND"
+>getpwent</B
+> system call will not 
+		return any data. </P
+><P
+><EM
+>Warning:</EM
+> Turning off user enumeration 
+		may cause some programs to behave oddly.  For example, the <B
+CLASS="COMMAND"
+>finger</B
+> 
+		program relies on having access to the full user list when 
+		searching  for matching usernames. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum users = yes </B
+></P
+></DD
+><DT
+>winbind enum groups</DT
+><DD
+><P
+>On large installations it may be necessary 
+		to suppress the enumeration of groups through the <B
+CLASS="COMMAND"
+>		setgrent()</B
+>, <B
+CLASS="COMMAND"
+>getgrent()</B
+> and 
+		<B
+CLASS="COMMAND"
+>endgrent()</B
+> group of system calls.  If 
+		the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum groups</I
+></TT
+> parameter is 
+		false, calls to the <B
+CLASS="COMMAND"
+>getgrent()</B
+> system 
+		call will not return any data. </P
+><P
+><EM
+>Warning:</EM
+> Turning off group 
+		enumeration may cause some programs to behave oddly. 
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum groups = no </B
+>
+		</P
+></DD
+><DT
+>template homedir</DT
+><DD
+><P
+>When filling out the user information 
+		for a Windows NT user, the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+		uses this parameter to fill in the home directory for that user.  
+		If the string <TT
+CLASS="PARAMETER"
+><I
+>%D</I
+></TT
+> is present it is 
+		substituted with the user's Windows NT domain name.  If the 
+		string <TT
+CLASS="PARAMETER"
+><I
+>%U</I
+></TT
+> is present it is substituted
+		with the user's Windows NT user name. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template homedir = /home/%D/%U </B
+>
+		</P
+></DD
+><DT
+>template shell</DT
+><DD
+><P
+>When filling out the user information for 
+ 		a Windows NT user, the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+		uses this parameter to fill in the shell for that user. 
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template shell = /bin/false </B
+>
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN158"
+></A
+><H2
+>EXAMPLE SETUP</H2
+><P
+>To setup winbindd for user and group lookups plus 
+	authentication from a domain controller use something like the 
+	following setup. This was tested on a RedHat 6.2 Linux box. </P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> put the 
+	following:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>passwd:     files winbind
+group:      files winbind
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/pam.d/*</TT
+> replace the 
+	<TT
+CLASS="PARAMETER"
+><I
+>auth</I
+></TT
+> lines with something like this: </P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>auth       required	/lib/security/pam_securetty.so
+auth       required	/lib/security/pam_nologin.so
+auth       sufficient	/lib/security/pam_winbind.so
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Note in particular the use of the <TT
+CLASS="PARAMETER"
+><I
+>sufficient</I
+></TT
+> 
+	keyword and the <TT
+CLASS="PARAMETER"
+><I
+>use_first_pass</I
+></TT
+> keyword. </P
+><P
+>Now replace the account lines with this: </P
+><P
+><B
+CLASS="COMMAND"
+>account    required	/lib/security/pam_winbind.so
+	</B
+></P
+><P
+>The next step is to join the domain. To do that use the 
+	<B
+CLASS="COMMAND"
+>smbpasswd</B
+> program like this:  </P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd -j DOMAIN -r PDC -U
+	Administrator</B
+></P
+><P
+>The username after the <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> can be any
+	Domain user that has administrator privileges on the machine.
+	Substitute your domain name for "DOMAIN" and the name of your PDC
+	for "PDC".</P
+><P
+>Next copy <TT
+CLASS="FILENAME"
+>libnss_winbind.so</TT
+> to 
+	<TT
+CLASS="FILENAME"
+>/lib</TT
+> and <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+>
+	to <TT
+CLASS="FILENAME"
+>/lib/security</TT
+>.  A symbolic link needs to be
+	made from <TT
+CLASS="FILENAME"
+>/lib/libnss_winbind.so</TT
+> to
+	<TT
+CLASS="FILENAME"
+>/lib/libnss_winbind.so.2</TT
+>.  If you are using an
+	older version of glibc then the target of the link should be
+	<TT
+CLASS="FILENAME"
+>/lib/libnss_winbind.so.1</TT
+>.</P
+><P
+>Finally, setup a <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> containing directives like the 
+	following:  </P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+	winbind separator = +
+        winbind cache time = 10
+        template shell = /bin/bash
+        template homedir = /home/%D/%U
+        winbind uid = 10000-20000
+        winbind gid = 10000-20000
+        workgroup = DOMAIN
+        security = domain
+        password server = *
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Now start winbindd and you should find that your user and 
+	group database is expanded to include your NT users and groups, 
+	and that you can login to your unix box as a domain user, using 
+	the DOMAIN+user syntax for the username. You may wish to use the 
+	commands <B
+CLASS="COMMAND"
+>getent passwd</B
+> and <B
+CLASS="COMMAND"
+>getent group
+	</B
+> to confirm the correct operation of winbindd.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN197"
+></A
+><H2
+>NOTES</H2
+><P
+>The following notes are useful when configuring and 
+	running <B
+CLASS="COMMAND"
+>winbindd</B
+>: </P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> must be running on the local machine 
+	for <B
+CLASS="COMMAND"
+>winbindd</B
+> to work. <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	queries the list of trusted domains for the Windows NT server
+	on startup and when a SIGHUP is received.  Thus, for a running <B
+CLASS="COMMAND"
+>	winbindd</B
+> to become aware of new trust relationships between 
+	servers, it must be sent a SIGHUP signal. </P
+><P
+>Client processes resolving names through the <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	nsswitch module read an environment variable named <TT
+CLASS="ENVAR"
+>	$WINBINDD_DOMAIN</TT
+>.  If this variable contains a comma separated
+	list of Windows NT domain names, then winbindd will only resolve users
+	and groups within those Windows NT domains. </P
+><P
+>PAM is really easy to misconfigure.  Make sure you know what 
+	you are doing when modifying PAM configuration files.  It is possible 
+	to set up PAM such that you can no longer log into your system. </P
+><P
+>If more than one UNIX machine is running <B
+CLASS="COMMAND"
+>winbindd</B
+>, 
+	then in general the user and groups ids allocated by winbindd will not 
+	be the same.  The user and group ids will only be valid for the local 
+	machine.</P
+><P
+>If the the Windows NT RID to UNIX user and group id mapping 
+	file is damaged or destroyed then the mappings will be lost. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN213"
+></A
+><H2
+>SIGNALS</H2
+><P
+>The following signals can be used to manipulate the 
+	<B
+CLASS="COMMAND"
+>winbindd</B
+> daemon. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>SIGHUP</DT
+><DD
+><P
+>Reload the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+		file and apply any parameter changes to the running 
+		version of winbindd.  This signal also clears any cached 
+		user and group information.  The list of other domains trusted 
+		by winbindd is also reloaded.  </P
+></DD
+><DT
+>SIGUSR1</DT
+><DD
+><P
+>The SIGUSR1 signal will cause <B
+CLASS="COMMAND"
+>		winbindd</B
+> to write status information to the winbind 
+		log file including information about the number of user and 
+		group ids allocated by <B
+CLASS="COMMAND"
+>winbindd</B
+>.</P
+><P
+>Log files are stored in the filename specified by the 
+		log file parameter.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN230"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf(5)</TT
+></DT
+><DD
+><P
+>Name service switch configuration file.</P
+></DD
+><DT
+>/tmp/.winbindd/pipe</DT
+><DD
+><P
+>The UNIX pipe over which clients communicate with 
+		the <B
+CLASS="COMMAND"
+>winbindd</B
+> program.  For security reasons, the 
+		winbind client will only attempt to connect to the winbindd daemon 
+		if both the <TT
+CLASS="FILENAME"
+>/tmp/.winbindd</TT
+> directory
+		and <TT
+CLASS="FILENAME"
+>/tmp/.winbindd/pipe</TT
+> file are owned by 
+		root. </P
+></DD
+><DT
+>/lib/libnss_winbind.so.X</DT
+><DD
+><P
+>Implementation of name service switch library.
+		</P
+></DD
+><DT
+>$LOCKDIR/winbindd_idmap.tdb</DT
+><DD
+><P
+>Storage for the Windows NT rid to UNIX user/group 
+		id mapping.  The lock directory is specified when Samba is initially 
+		compiled using the <TT
+CLASS="PARAMETER"
+><I
+>--with-lockdir</I
+></TT
+> option.
+		This directory is by default <TT
+CLASS="FILENAME"
+>/usr/local/samba/var/locks
+		</TT
+>. </P
+></DD
+><DT
+>$LOCKDIR/winbindd_cache.tdb</DT
+><DD
+><P
+>Storage for cached user and group information.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN259"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of
+        the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN262"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><TT
+CLASS="FILENAME"
+>nsswitch.conf(5)</TT
+>,
+	<A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>,
+	<A
+HREF="wbinfo.1.html"
+TARGET="_top"
+>wbinfo(1)</A
+>,
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN269"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+><B
+CLASS="COMMAND"
+>wbinfo</B
+> and <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	were written by Tim Potter.</P
+><P
+>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1
new file mode 100755
index 00000000000..c498abede02
--- /dev/null
+++ b/docs/manpages/findsmb.1
@@ -0,0 +1,90 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "FINDSMB" "1" "19 November 2002" "" ""
+.SH NAME
+findsmb \- list info about machines that respond to SMB  name queries on a subnet
+.SH SYNOPSIS
+.sp
+\fBfindsmb\fR [ \fBsubnet broadcast address\fR ] 
+.SH "DESCRIPTION"
+.PP
+This perl script is part of the  Samba suite.
+.PP
+\fBfindsmb\fR is a perl script that
+prints out several pieces of information about machines 
+on a subnet that respond to SMB name query requests.
+It uses \fB nmblookup(1)\fR to obtain this information.
+.SH "OPTIONS"
+.TP
+\fBsubnet broadcast address\fR
+Without this option, \fBfindsmb
+\fRwill probe the subnet of the machine where 
+\fBfindsmb\fR is run. This value is passed 
+to \fBnmblookup\fR as part of the 
+-B option
+.SH "EXAMPLES"
+.PP
+The output of \fBfindsmb\fR lists the following 
+information for all machines that respond to the initial 
+\fBnmblookup\fR for any name: IP address, NetBIOS name, 
+Workgroup name, operating system, and SMB server version.
+.PP
+There will be a '+' in front of the workgroup name for 
+machines that are local master browsers for that workgroup. There 
+will be an '*' in front of the workgroup name for 
+machines that are the domain master browser for that workgroup. 
+Machines that are running Windows, Windows 95 or Windows 98 will 
+not show any information about the operating system or server 
+version.
+.PP
+The command must be run on a system without \fBnmbd\fR running. 
+If \fBnmbd\fR is running on the system, you will 
+only get the IP address and the DNS name of the machine. To 
+get proper responses from Windows 95 and Windows 98 machines, 
+the command must be run as root. 
+.PP
+For example running \fBfindsmb\fR on a machine 
+without \fBnmbd\fR running would yield output similar
+to the following
+.sp
+.nf
+IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
+--------------------------------------------------------------------- 
+192.168.35.10   MINESET-TEST1  [DMVENGR]
+192.168.35.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2.0.6]
+192.168.35.56   HERBNT2        [HERB-NT]
+192.168.35.63   GANDALF        [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
+192.168.35.65   SAUNA          [WORKGROUP] [Unix] [Samba 1.9.18p10]
+192.168.35.71   FROGSTAR       [ENGR] [Unix] [Samba 2.0.0 for IRIX]
+192.168.35.78   HERBDHCP1     +[HERB]
+192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
+192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
+192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
+	
+.sp
+.fi
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBnmbd(8)\fR 
+\fBsmbclient(1)
+\fR and  \fBnmblookup(1)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
new file mode 100755
index 00000000000..ad4a131aef9
--- /dev/null
+++ b/docs/manpages/lmhosts.5
@@ -0,0 +1,92 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "LMHOSTS" "5" "19 November 2002" "" ""
+.SH NAME
+lmhosts \- The Samba NetBIOS hosts file
+.SH SYNOPSIS
+.PP
+\fIlmhosts\fR is the  Samba NetBIOS name to IP address mapping file.
+.SH "DESCRIPTION"
+.PP
+This file is part of the  Samba suite.
+.PP
+\fIlmhosts\fR is the \fBSamba
+\fRNetBIOS name to IP address mapping file. It 
+is very similar to the \fI/etc/hosts\fR file 
+format, except that the hostname component must correspond 
+to the NetBIOS naming format.
+.SH "FILE FORMAT"
+.PP
+It is an ASCII file containing one line for NetBIOS name. 
+The two fields on each line are separated from each other by 
+white space. Any entry beginning with '#' is ignored. Each line 
+in the lmhosts file contains the following information :
+.TP 0.2i
+\(bu
+IP Address - in dotted decimal format.
+.TP 0.2i
+\(bu
+NetBIOS Name - This name format is a 
+maximum fifteen character host name, with an optional 
+trailing '#' character followed by the NetBIOS name type 
+as two hexadecimal digits.
+
+If the trailing '#' is omitted then the given IP 
+address will be returned for all names that match the given 
+name, whatever the NetBIOS name type in the lookup.
+.PP
+An example follows :
+.PP
+.PP
+.sp
+.nf
+#
+# Sample Samba lmhosts file.
+#
+192.9.200.1	TESTPC
+192.9.200.20	NTSERVER#20
+192.9.200.21	SAMBASERVER
+	
+.sp
+.fi
+.PP
+.PP
+Contains three IP to NetBIOS name mappings. The first 
+and third will be returned for any queries for the names "TESTPC" 
+and "SAMBASERVER" respectively, whatever the type component of 
+the NetBIOS name requested.
+.PP
+.PP
+The second mapping will be returned only when the "0x20" name 
+type for a name "NTSERVER" is queried. Any other name type will not 
+be resolved.
+.PP
+.PP
+The default location of the \fIlmhosts\fR file 
+is in the same directory as the  
+smb.conf(5)> file.
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbclient(1)
+\fR and \fB smbpasswd(8)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1
new file mode 100755
index 00000000000..3a8d318089e
--- /dev/null
+++ b/docs/manpages/make_smbcodepage.1
@@ -0,0 +1,140 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "MAKE_SMBCODEPAGE" "1" "19 November 2002" "" ""
+.SH NAME
+make_smbcodepage \- construct a codepage file for Samba
+.SH SYNOPSIS
+.sp
+\fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBmake_smbcodepage\fR compiles or de-compiles 
+codepage files for use with the internationalization features 
+of Samba 2.2
+.SH "OPTIONS"
+.TP
+\fBc|d\fR
+This tells \fBmake_smbcodepage\fR 
+if it is compiling (\fIc\fR) a text format code 
+page file to binary, or (\fId\fR) de-compiling 
+a binary codepage file to text. 
+.TP
+\fBcodepage\fR
+This is the codepage we are processing (a 
+number, e.g. 850). 
+.TP
+\fBinputfile\fR
+This is the input file to process. In 
+the \fIc\fR case this will be a text 
+codepage definition file such as the ones found in the Samba 
+\fIsource/codepages\fR directory. In
+the \fId\fR case this will be the 
+binary format codepage definition file normally found in 
+the \fIlib/codepages\fR directory in the 
+Samba install directory path.
+.TP
+\fBoutputfile\fR
+This is the output file to produce.
+.SH "SAMBA CODEPAGE FILES"
+.PP
+A text Samba codepage definition file is a description 
+that tells Samba how to map from upper to lower case for 
+characters greater than ascii 127 in the specified DOS code page. 
+Note that for certain DOS codepages (437 for example) mapping 
+from lower to upper case may be non-symmetrical. For example, in
+code page 437 lower case a acute maps to a plain upper case A 
+when going from lower to upper case, but plain upper case A maps 
+to plain lower case a when lower casing a character. 
+.PP
+A binary Samba codepage definition file is a binary 
+representation of the same information, including a value that
+specifies what codepage this file is describing. 
+.PP
+As Samba does not yet use UNICODE (current for Samba version 2.2) 
+you must specify the client code page that your DOS and Windows 
+clients are using if you wish to have case insensitivity done 
+correctly for your particular language. The default codepage Samba 
+uses is 850 (Western European). Text codepage definition sample files
+are provided in the Samba distribution for codepages 437 (USA), 737 (Greek),
+850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic),
+932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional
+Chinese). Users are encouraged to write text codepage definition files for
+their own code pages and donate them to samba@samba.org. All codepage files
+in the Samba \fIsource/codepages\fR directory are 
+compiled and installed when a \fB'make install'\fR 
+command is issued there. 
+.PP
+The client codepage used by the \fBsmbd\fR server 
+is configured using the \fBclient code page\fR parameter 
+in the \fBsmb.conf\fR file. 
+.SH "FILES"
+.PP
+\fBcodepage_def.<codepage>\fR
+.PP
+These are the input (text) codepage files provided in the 
+Samba \fIsource/codepages\fR directory.
+.PP
+A text codepage definition file consists of multiple lines 
+containing four fields. These fields are:
+.TP 0.2i
+\(bu
+\fBlower\fR: which is the 
+(hex) lower case character mapped on this line.
+.TP 0.2i
+\(bu
+\fBupper\fR: which is the (hex) 
+upper case character that the lower case character will map to.
+.TP 0.2i
+\(bu
+\fBmap upper to lower\fR which 
+is a boolean value (put either True or False here) which tells 
+Samba if it is to map the given upper case character to the 
+given lower case character when lower casing a filename.
+.TP 0.2i
+\(bu
+\fBmap lower to upper\fR which 
+is a boolean value (put either True or False here) which tells 
+Samba if it is to map the given lower case character to the 
+given upper case character when upper casing a filename.
+.PP
+\fBcodepage.<codepage>\fR - These are the 
+output (binary) codepage files produced and placed in the Samba 
+destination \fIlib/codepage\fR directory. 
+.PP
+.SH "INSTALLATION"
+.PP
+The location of the server and its support files is a 
+matter for individual system administrators. The following are 
+thus suggestions only. 
+.PP
+It is recommended that the \fBmake_smbcodepage
+\fRprogram be installed under the \fI/usr/local/samba
+\fRhierarchy, in a directory readable by all, writeable 
+only by root. The program itself should be executable by all. The 
+program should NOT be setuid or setgid! 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR 
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1
new file mode 100755
index 00000000000..94eeea097da
--- /dev/null
+++ b/docs/manpages/make_unicodemap.1
@@ -0,0 +1,99 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "MAKE_UNICODEMAP" "1" "19 November 2002" "" ""
+.SH NAME
+make_unicodemap \- construct a unicode map file for Samba
+.SH SYNOPSIS
+.sp
+\fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Samba 
+suite.
+.PP
+\fBmake_unicodemap\fR compiles text unicode map 
+files into binary unicode map files for use with the 
+internationalization features of Samba 2.2.
+.SH "OPTIONS"
+.TP
+\fBcodepage\fR
+This is the codepage or UNIX character 
+set we are processing (a number, e.g. 850).
+.TP
+\fBinputfile\fR
+This is the input file to process. This is a 
+text unicode map file such as the ones found in the Samba
+\fIsource/codepages\fR directory. 
+.TP
+\fBoutputfile\fR
+This is the binary output file to produce. 
+.SH "SAMBA UNICODE MAP FILES"
+.PP
+A text Samba unicode map file is a description that tells Samba 
+how to map characters from a specified DOS code page or UNIX character 
+set to 16 bit unicode.
+.PP
+A binary Samba unicode map file is a binary representation 
+of the same information, including a value that specifies what 
+codepage or UNIX character set this file is describing. 
+.SH "FILES"
+.PP
+\fICP<codepage>.TXT\fR
+.PP
+These are the input (text) unicode map files provided 
+in the Samba \fIsource/codepages\fR 
+directory. 
+.PP
+A text unicode map file consists of multiple lines 
+containing two fields. These fields are : 
+.TP 0.2i
+\(bu
+\fIcharacter\fR - which is 
+the (hex) character mapped on this line.
+.TP 0.2i
+\(bu
+\fIunicode\fR - which 
+is the (hex) 16 bit unicode character that the character
+will map to. 
+.PP
+\fIunicode_map.<codepage>\fR - These are 
+the output (binary) unicode map files produced and placed in 
+the Samba destination \fIlib/codepage\fR 
+directory.
+.PP
+.SH "INSTALLATION"
+.PP
+The location of the server and its support files is a matter
+for individual system administrators. The following are thus 
+suggestions only. 
+.PP
+It is recommended that the \fBmake_unicodemap\fR 
+program be installed under the 
+\fI$prefix/samba\fR hierarchy, 
+in a directory readable by all, writeable only by root. The 
+program itself should be executable by all. The program
+should NOT be setuid or setgid! 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR 
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8
new file mode 100755
index 00000000000..338ae3a95ed
--- /dev/null
+++ b/docs/manpages/nmbd.8
@@ -0,0 +1,260 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "NMBD" "8" "19 November 2002" "" ""
+.SH NAME
+nmbd \- NetBIOS name server to provide NetBIOS  over IP naming services to clients
+.SH SYNOPSIS
+.sp
+\fBnmbd\fR [ \fB-D\fR ]  [ \fB-a\fR ]  [ \fB-i\fR ]  [ \fB-o\fR ]  [ \fB-P\fR ]  [ \fB-h\fR ]  [ \fB-V\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-H <lmhosts file>\fR ]  [ \fB-l <log directory>\fR ]  [ \fB-n <primary netbios name>\fR ]  [ \fB-p <port number>\fR ]  [ \fB-s <configuration file>\fR ] 
+.SH "DESCRIPTION"
+.PP
+This program is part of the Samba suite.
+.PP
+\fBnmbd\fR is a server that understands 
+and can reply to NetBIOS over IP name service requests, like 
+those produced by SMB/CIFS clients such as Windows 95/98/ME, 
+Windows NT, Windows 2000, and LanManager clients. It also
+participates in the browsing protocols which make up the 
+Windows "Network Neighborhood" view.
+.PP
+SMB/CIFS clients, when they start up, may wish to 
+locate an SMB/CIFS server. That is, they wish to know what 
+IP number a specified host is using.
+.PP
+Amongst other services, \fBnmbd\fR will 
+listen for such requests, and if its own NetBIOS name is 
+specified it will respond with the IP number of the host it 
+is running on. Its "own NetBIOS name" is by
+default the primary DNS name of the host it is running on, 
+but this can be overridden with the \fB-n\fR 
+option (see OPTIONS below). Thus \fBnmbd\fR will 
+reply to broadcast queries for its own name(s). Additional
+names for \fBnmbd\fR to respond on can be set 
+via parameters in the \fI smb.conf(5)\fR configuration file.
+.PP
+\fBnmbd\fR can also be used as a WINS 
+(Windows Internet Name Server) server. What this basically means 
+is that it will act as a WINS database server, creating a 
+database from name registration requests that it receives and 
+replying to queries from clients for these names.
+.PP
+In addition, \fBnmbd\fR can act as a WINS 
+proxy, relaying broadcast queries from clients that do 
+not understand how to talk the WINS protocol to a WIN 
+server.
+.SH "OPTIONS"
+.TP
+\fB-D\fR
+If specified, this parameter causes 
+\fBnmbd\fR to operate as a daemon. That is, 
+it detaches itself and runs in the background, fielding 
+requests on the appropriate port. By default, \fBnmbd\fR 
+will operate as a daemon if launched from a command shell. 
+nmbd can also be operated from the \fBinetd\fR 
+meta-daemon, although this is not recommended.
+.TP
+\fB-a\fR
+If this parameter is specified, each new 
+connection will append log messages to the log file. 
+This is the default.
+.TP
+\fB-i\fR
+If this parameter is specified it causes the
+server to run "interactively", not as a daemon, even if the
+server is executed on the command line of a shell. Setting this
+parameter negates the implicit deamon mode when run from the
+command line.
+.TP
+\fB-o\fR
+If this parameter is specified, the 
+log files will be overwritten when opened. By default, 
+\fBsmbd\fR will append entries to the log 
+files.
+.TP
+\fB-h\fR
+Prints the help information (usage) 
+for \fBnmbd\fR.
+.TP
+\fB-H <filename>\fR
+NetBIOS lmhosts file. The lmhosts 
+file is a list of NetBIOS names to IP addresses that 
+is loaded by the nmbd server and used via the name 
+resolution mechanism  name resolve order described in  \fIsmb.conf(5)\fR
+to resolve any NetBIOS name queries needed by the server. Note 
+that the contents of this file are \fBNOT\fR 
+used by \fBnmbd\fR to answer any name queries. 
+Adding a line to this file affects name NetBIOS resolution 
+from this host \fBONLY\fR.
+
+The default path to this file is compiled into 
+Samba as part of the build process. Common defaults 
+are \fI/usr/local/samba/lib/lmhosts\fR,
+\fI/usr/samba/lib/lmhosts\fR or
+\fI/etc/lmhosts\fR. See the  \fIlmhosts(5)\fR man page for details on the 
+contents of this file.
+.TP
+\fB-V\fR
+Prints the version number for 
+\fBnmbd\fR.
+.TP
+\fB-d <debug level>\fR
+debuglevel is an integer 
+from 0 to 10. The default value if this parameter is 
+not specified is zero.
+
+The higher this value, the more detail will 
+be logged to the log files about the activities of the 
+server. At level 0, only critical errors and serious 
+warnings will be logged. Level 1 is a reasonable level for
+day to day running - it generates a small amount of 
+information about operations carried out.
+
+Levels above 1 will generate considerable amounts 
+of log data, and should only be used when investigating 
+a problem. Levels above 3 are designed for use only by developers 
+and generate HUGE amounts of log data, most of which is extremely 
+cryptic.
+
+Note that specifying this parameter here will override 
+the log level 
+parameter in the \fI smb.conf\fR file.
+.TP
+\fB-l <log directory>\fR
+The -l parameter specifies a directory 
+into which the "log.nmbd" log file will be created
+for operational data from the running
+\fBnmbd\fR server. The default log directory is compiled into Samba
+as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or
+\fI/var/log/log.nmb\fR. \fBBeware:\fR
+If the directory specified does not exist, \fBnmbd\fR
+will log to the default debug log location defined at compile time.
+.TP
+\fB-n <primary NetBIOS name>\fR
+This option allows you to override
+the NetBIOS name that Samba uses for itself. This is identical 
+to setting the  NetBIOS name parameter in the  
+\fIsmb.conf\fR file. However, a command
+line setting will take precedence over settings in 
+\fIsmb.conf\fR.
+.TP
+\fB-p <UDP port number>\fR
+UDP port number is a positive integer value.
+This option changes the default UDP port number (normally 137)
+that \fBnmbd\fR responds to name queries on. Don't
+use this option unless you are an expert, in which case you
+won't need help!
+.TP
+\fB-s <configuration file>\fR
+The default configuration file name
+is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but
+this may be changed when Samba is autoconfigured.
+
+The file specified contains the configuration details
+required by the server. See  \fIsmb.conf(5)\fR for more information.
+.SH "FILES"
+.TP
+\fB\fI/etc/inetd.conf\fB\fR
+If the server is to be run by the
+\fBinetd\fR meta-daemon, this file
+must contain suitable startup information for the
+meta-daemon. See the UNIX_INSTALL.html document
+for details.
+.TP
+\fB\fI/etc/rc\fB\fR
+or whatever initialization script your
+system uses).
+
+If running the server as a daemon at startup,
+this file will need to contain an appropriate startup
+sequence for the server. See the UNIX_INSTALL.html document
+for details.
+.TP
+\fB\fI/etc/services\fB\fR
+If running the server via the
+meta-daemon \fBinetd\fR, this file
+must contain a mapping of service name (e.g., netbios-ssn)
+to service port (e.g., 139) and protocol type (e.g., tcp).
+See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+This is the default location of the
+\fIsmb.conf\fR
+server configuration file. Other common places that systems
+install this file are \fI/usr/samba/lib/smb.conf\fR
+and \fI/etc/smb.conf\fR.
+
+When run as a WINS server (see the
+wins support
+parameter in the \fIsmb.conf(5)\fR man page),
+\fBnmbd\fR
+will store the WINS database in the file \fIwins.dat\fR
+in the \fIvar/locks\fR directory configured under
+wherever Samba was configured to install itself.
+
+If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master
+parameter in the \fIsmb.conf(5)\fR man page,
+\fBnmbd\fR
+will store the browsing database in the file \fIbrowse.dat
+\fRin the \fIvar/locks\fR directory
+configured under wherever Samba was configured to install itself.
+.SH "SIGNALS"
+.PP
+To shut down an \fBnmbd\fR process it is recommended
+that SIGKILL (-9) \fBNOT\fR be used, except as a last
+resort, as this may leave the name database in an inconsistent state.
+The correct way to terminate \fBnmbd\fR is to send it
+a SIGTERM (-15) signal and wait for it to die on its own.
+.PP
+\fBnmbd\fR will accept SIGHUP, which will cause
+it to dump out its namelists into the file \fInamelist.debug
+\fRin the \fI/usr/local/samba/var/locks\fR
+directory (or the \fIvar/locks\fR directory configured
+under wherever Samba was configured to install itself). This will also
+cause \fBnmbd\fR to dump out its server database in
+the \fIlog.nmb\fR file.
+.PP
+The debug log level of nmbd may be raised or lowered using
+\fBsmbcontrol(1)\fR
+ (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
+to allow transient problems to be diagnosed, whilst still running
+at a normally low log level.
+.SH "TROUBLESHOOTING"
+.PP
+One of the common causes of difficulty when installing Samba and SWAT
+is the existsnece of some type of firewall or port filtering software
+on the Samba server. Make sure that the appropriate ports
+outlined in this man page are available on the server and are not currently
+being blocked by some type of security software such as iptables or
+"port sentry". For more troubleshooting information, refer to the additional
+documentation included in the Samba distribution.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBinetd(8)\fR, \fBsmbd(8)\fR 
+\fIsmb.conf(5)\fR
+ \fBsmbclient(1)
+\fR and the Internet RFC's
+\fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
+In addition the CIFS (formerly SMB) specification is available 
+as a link from the Web page  
+http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1
new file mode 100755
index 00000000000..51f6aa1caef
--- /dev/null
+++ b/docs/manpages/nmblookup.1
@@ -0,0 +1,159 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "NMBLOOKUP" "1" "19 November 2002" "" ""
+.SH NAME
+nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS  names
+.SH SYNOPSIS
+.sp
+\fBnmblookup\fR [ \fB-f\fR ]  [ \fB-M\fR ]  [ \fB-R\fR ]  [ \fB-S\fR ]  [ \fB-r\fR ]  [ \fB-A\fR ]  [ \fB-h\fR ]  [ \fB-B <broadcast address>\fR ]  [ \fB-U <unicast address>\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-i <NetBIOS scope>\fR ]  [ \fB-T\fR ]  \fBname\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBnmblookup\fR is used to query NetBIOS names 
+and map them to IP addresses in a network using NetBIOS over TCP/IP 
+queries. The options allow the name queries to be directed at a 
+particular IP broadcast area or to a particular machine. All queries 
+are done over UDP.
+.SH "OPTIONS"
+.TP
+\fB-f\fR
+Causes nmblookup to print out the flags
+in the NMB packet headers. These flags will print out as 
+strings like Authoritative, Recursion_Desired, Recursion_available, etc.
+.TP
+\fB-M\fR
+Searches for a master browser by looking 
+up the NetBIOS name \fIname\fR with a 
+type of 0x1d. If \fI name\fR is "-" then it does a lookup on the special name 
+__MSBROWSE__.
+.TP
+\fB-R\fR
+Set the recursion desired bit in the packet 
+to do a recursive lookup. This is used when sending a name 
+query to a machine running a WINS server and the user wishes 
+to query the names in the WINS server. If this bit is unset 
+the normal (broadcast responding) NetBIOS processing code 
+on a machine is used instead. See rfc1001, rfc1002 for details.
+.TP
+\fB-S\fR
+Once the name query has returned an IP 
+address then do a node status query as well. A node status 
+query returns the NetBIOS names registered by a host.
+.TP
+\fB-r\fR
+Try and bind to UDP port 137 to send and receive UDP
+datagrams. The reason for this option is a bug in Windows 95 
+where it ignores the source port of the requesting packet 
+and only replies to UDP port 137. Unfortunately, on most UNIX 
+systems root privilege is needed to bind to this port, and 
+in addition, if the nmbd(8) 
+daemon is running on this machine it also binds to this port.
+.TP
+\fB-A\fR
+Interpret \fIname\fR as 
+an IP Address and do a node status query on this address.
+.TP
+\fB-h\fR
+Print a help (usage) message.
+.TP
+\fB-B <broadcast address>\fR
+Send the query to the given broadcast address. Without 
+this option the default behavior of nmblookup is to send the 
+query to the broadcast address of the network interfaces as 
+either auto-detected or defined in the \fIinterfaces\fR
+ parameter of the \fIsmb.conf (5)\fR file.
+.TP
+\fB-U <unicast address>\fR
+Do a unicast query to the specified address or 
+host \fIunicast address\fR. This option 
+(along with the \fI-R\fR option) is needed to 
+query a WINS server.
+.TP
+\fB-d <debuglevel>\fR
+debuglevel is an integer from 0 to 10.
+
+The default value if this parameter is not specified 
+is zero.
+
+The higher this value, the more detail will be logged 
+about the activities of \fBnmblookup\fR. At level 
+0, only critical errors and serious warnings will be logged.
+
+Levels above 1 will generate considerable amounts of 
+log data, and should only be used when investigating a problem. 
+Levels above 3 are designed for use only by developers and 
+generate HUGE amounts of data, most of which is extremely cryptic.
+
+Note that specifying this parameter here will override 
+the \fI log level\fR parameter in the \fI smb.conf(5)\fR file.
+.TP
+\fB-s <smb.conf>\fR
+This parameter specifies the pathname to 
+the Samba configuration file,  smb.conf(5) This file controls all aspects of
+the Samba setup on the machine.
+.TP
+\fB-i <scope>\fR
+This specifies a NetBIOS scope that
+\fBnmblookup\fR will use to communicate with when 
+generating NetBIOS names. For details on the use of NetBIOS 
+scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are 
+\fBvery\fR rarely used, only set this parameter 
+if you are the system administrator in charge of all the 
+NetBIOS systems you communicate with.
+.TP
+\fB-T\fR
+This causes any IP addresses found in the 
+lookup to be looked up via a reverse DNS lookup into a 
+DNS name, and printed out before each
+
+\fBIP address .... NetBIOS name\fR
+
+pair that is the normal output.
+.TP
+\fBname\fR
+This is the NetBIOS name being queried. Depending 
+upon the previous options this may be a NetBIOS name or IP address. 
+If a NetBIOS name then the different name types may be specified 
+by appending '#<type>' to the name. This name may also be
+\&'*', which will return all registered names within a broadcast 
+area.
+.SH "EXAMPLES"
+.PP
+\fBnmblookup\fR can be used to query 
+a WINS server (in the same way \fBnslookup\fR is 
+used to query DNS servers). To query a WINS server, 
+\fBnmblookup\fR must be called like this:
+.PP
+\fBnmblookup -U server -R 'name'\fR
+.PP
+For example, running :
+.PP
+\fBnmblookup -U samba.org -R 'IRIX#1B'\fR
+.PP
+would query the WINS server samba.org for the domain 
+master browser (1B name type) for the IRIX workgroup.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBnmbd(8)\fR 
+samba(7) and smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8
new file mode 100755
index 00000000000..30fe63e4da5
--- /dev/null
+++ b/docs/manpages/pdbedit.8
@@ -0,0 +1,202 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "PDBEDIT" "8" "19 November 2002" "" ""
+.SH NAME
+pdbedit \- manage the SAM database
+.SH SYNOPSIS
+.sp
+\fBpdbedit\fR [ \fB-l\fR ]  [ \fB-v\fR ]  [ \fB-w\fR ]  [ \fB-u username\fR ]  [ \fB-f fullname\fR ]  [ \fB-h homedir\fR ]  [ \fB-d drive\fR ]  [ \fB-s script\fR ]  [ \fB-p profile\fR ]  [ \fB-a\fR ]  [ \fB-b\fR ]  [ \fB-m\fR ]  [ \fB-x\fR ]  [ \fB-i file\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+The pdbedit program is used to manage the users accounts
+stored in the sam database and can be run only by root.
+.PP
+The pdbedit tool use the passdb modular interface and is
+independent from the kind of users database used (currently there
+are smbpasswd, ldap, nis+ and tdb based and more can be addedd
+without changing the tool).
+.PP
+There are five main ways to use pdbedit: adding a user account,
+removing a user account, modifing a user account, listing user
+accounts, importing users accounts.
+.SH "OPTIONS"
+.TP
+\fB-l\fR
+This option list all the user accounts
+present in the users database.
+This option prints a list of user/uid pairs separated by
+the ':' character.
+
+Example: \fBpdbedit -l\fR
+
+.sp
+.nf
+		sorce:500:Simo Sorce
+		samba:45:Test User
+		
+.sp
+.fi
+.TP
+\fB-v\fR
+This option sets the verbose listing format.
+It will make pdbedit list the users in the database printing
+out the account fields in a descriptive format.
+
+Example: \fBpdbedit -l -v\fR
+
+.sp
+.nf
+		---------------
+		username:       sorce
+		user ID/Group:  500/500
+		user RID/GRID:  2000/2001
+		Full Name:      Simo Sorce
+		Home Directory: \\\\BERSERKER\\sorce
+		HomeDir Drive:  H:
+		Logon Script:   \\\\BERSERKER\\netlogon\\sorce.bat
+		Profile Path:   \\\\BERSERKER\\profile
+		---------------
+		username:       samba
+		user ID/Group:  45/45
+		user RID/GRID:  1090/1091
+		Full Name:      Test User
+		Home Directory: \\\\BERSERKER\\samba
+		HomeDir Drive:  
+		Logon Script:   
+		Profile Path:   \\\\BERSERKER\\profile
+		
+.sp
+.fi
+.TP
+\fB-w\fR
+This option sets the "smbpasswd" listing format.
+It will make pdbedit list the users in the database printing
+out the account fields in a format compatible with the
+\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details)
+
+Example: \fBpdbedit -l -w\fR
+
+.sp
+.nf
+		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
+		
+.sp
+.fi
+.TP
+\fB-u username\fR
+This option specifies that the username to be
+used for the operation requested (listing, adding, removing)
+It is \fBrequired\fR in add, remove and modify
+operations and \fBoptional\fR in list
+operations.
+.TP
+\fB-f fullname\fR
+This option can be used while adding or
+modifing a user account. It will specify the user's full
+name. 
+
+Example: \fB-f "Simo Sorce"\fR
+.TP
+\fB-h homedir\fR
+This option can be used while adding or
+modifing a user account. It will specify the user's home
+directory network path.
+
+Example: \fB-h "\\\\\\\\BERSERKER\\\\sorce"\fR
+.TP
+\fB-d drive\fR
+This option can be used while adding or
+modifing a user account. It will specify the windows drive
+letter to be used to map the home directory.
+
+Example: \fB-d "H:"\fR
+.TP
+\fB-s script\fR
+This option can be used while adding or
+modifing a user account. It will specify the user's logon
+script path.
+
+Example: \fB-s "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce.bat"\fR
+.TP
+\fB-p profile\fR
+This option can be used while adding or
+modifing a user account. It will specify the user's profile
+directory.
+
+Example: \fB-p "\\\\\\\\BERSERKER\\\\netlogon"\fR
+.TP
+\fB-a\fR
+This option is used to add a user into the
+database. This command need the user name be specified with
+the -u switch. When adding a new user pdbedit will also
+ask for the password to be used
+
+Example: \fBpdbedit -a -u sorce\fR
+.sp
+.nf
+new password:
+		retype new password
+.sp
+.fi
+.TP
+\fB-b\fR
+This option causes pdbedit to read the password from standard
+input, rather than from \fI/dev/tty\fR.
+
+Example: \fBecho -e "secret\\nsecret\\n" | pdbedit -a -b -u sorce\fR
+.fi
+.TP
+\fB-m\fR
+This option may only be used in conjunction 
+with the \fI-a\fR option. It will make
+pdbedit to add a machine trust account instead of a user
+account (-u username will provide the machine name).
+
+Example: \fBpdbedit -a -m -u w2k-wks\fR
+.TP
+\fB-x\fR
+This option causes pdbedit to delete an account
+from the database. It need the username be specified with the
+-u switch.
+
+Example: \fBpdbedit -x -u bob\fR
+.TP
+\fB-i file\fR
+This command is used to import a smbpasswd
+file into the database.
+
+This option will ease migration from the plain smbpasswd
+file database to more powerful backend databases like tdb and
+ldap.
+
+Example: \fBpdbedit -i /etc/smbpasswd.old\fR
+.SH "NOTES"
+.PP
+This command may be used only by root.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+smbpasswd(8) 
+samba(7)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
new file mode 100755
index 00000000000..0957b1b60cf
--- /dev/null
+++ b/docs/manpages/rpcclient.1
@@ -0,0 +1,329 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "RPCCLIENT" "1" "19 November 2002" "" ""
+.SH NAME
+rpcclient \- tool for executing client side  MS-RPC functions
+.SH SYNOPSIS
+.sp
+\fBrpcclient\fR [ \fB-A authfile\fR ]  [ \fB-c <command string>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-h\fR ]  [ \fB-l logfile\fR ]  [ \fB-N\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-U username[%password]\fR ]  [ \fB-W workgroup\fR ]  [ \fB-N\fR ]  \fBserver\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBrpcclient\fR is a utility initially developed
+to test MS-RPC functionality in Samba itself. It has undergone 
+several stages of development and stability. Many system administrators
+have now written scripts around it to manage Windows NT clients from 
+their UNIX workstation. 
+.SH "OPTIONS"
+.TP
+\fBserver\fR
+NetBIOS name of Server to which to connect. 
+The server can be any SMB/CIFS server. The name is 
+resolved using the  \fIname resolve order\fR line from 
+\fIsmb.conf(5)\fR.
+.TP
+\fB-A filename\fR
+This option allows 
+you to specify a file from which to read the username and 
+password used in the connection. The format of the file is 
+
+.sp
+.nf
+		username = <value> 
+		password = <value>
+		domain   = <value>
+		
+.sp
+.fi
+
+Make certain that the permissions on the file restrict 
+access from unwanted users. 
+.TP
+\fB-c 'command string'\fR
+execute semicolon separated commands (listed 
+below)) 
+.TP
+\fB-d debuglevel\fR
+set the debuglevel. Debug level 0 is the lowest 
+and 100 being the highest. This should be set to 100 if you are
+planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR). 
+.TP
+\fB-h\fR
+Print a summary of command line options.
+.TP
+\fB-l logbasename\fR
+File name for log/debug files. The extension 
+\&'.client' will be appended. The log file is never removed 
+by the client.
+.TP
+\fB-N\fR
+instruct \fBrpcclient\fR not to ask 
+for a password. By default, \fBrpcclient\fR will prompt 
+for a password. See also the \fI-U\fR option.
+.TP
+\fB-s smb.conf\fR
+Specifies the location of the all important 
+\fIsmb.conf\fR file. 
+.TP
+\fB-U username[%password]\fR
+Sets the SMB username or username and password. 
+
+If %password is not specified, the user will be prompted. The 
+client will first check the \fBUSER\fR environment variable, then the 
+\fBLOGNAME\fR variable and if either exists, the 
+string is uppercased. If these environmental variables are not 
+found, the username GUEST is used. 
+
+A third option is to use a credentials file which 
+contains the plaintext of the username and password. This 
+option is mainly provided for scripts where the admin doesn't 
+desire to pass the credentials on the command line or via environment 
+variables. If this method is used, make certain that the permissions 
+on the file restrict access from unwanted users. See the 
+\fI-A\fR for more details. 
+
+Be cautious about including passwords in scripts. Also, on 
+many systems the command line of a running process may be seen 
+via the \fBps\fR command. To be safe always allow 
+\fBrpcclient\fR to prompt for a password and type 
+it in directly. 
+.TP
+\fB-W domain\fR
+Set the SMB domain of the username. This 
+overrides the default domain which is the domain defined in 
+smb.conf. If the domain specified is the same as the server's NetBIOS name, 
+it causes the client to log on using the server's local SAM (as 
+opposed to the Domain SAM). 
+.SH "COMMANDS"
+.PP
+\fBLSARPC\fR
+.TP 0.2i
+\(bu
+\fBlsaquery\fR
+.TP 0.2i
+\(bu
+\fBlookupsids\fR - Resolve a list 
+of SIDs to usernames.
+.TP 0.2i
+\(bu
+\fBlookupnames\fR - Resolve s list 
+of usernames to SIDs.
+.TP 0.2i
+\(bu
+\fBenumtrusts\fR
+.PP
+.PP
+.PP
+\fBSAMR\fR
+.PP
+.TP 0.2i
+\(bu
+\fBqueryuser\fR
+.TP 0.2i
+\(bu
+\fBquerygroup\fR
+.TP 0.2i
+\(bu
+\fBqueryusergroups\fR
+.TP 0.2i
+\(bu
+\fBquerygroupmem\fR
+.TP 0.2i
+\(bu
+\fBqueryaliasmem\fR
+.TP 0.2i
+\(bu
+\fBquerydispinfo\fR
+.TP 0.2i
+\(bu
+\fBquerydominfo\fR
+.TP 0.2i
+\(bu
+\fBenumdomgroups\fR
+.PP
+.PP
+.PP
+\fBSPOOLSS\fR
+.PP
+.TP 0.2i
+\(bu
+\fBadddriver <arch> <config>\fR 
+- Execute an AddPrinterDriver() RPC to install the printer driver 
+information on the server. Note that the driver files should 
+already exist in the directory returned by 
+\fBgetdriverdir\fR. Possible values for 
+\fIarch\fR are the same as those for 
+the \fBgetdriverdir\fR command.
+The \fIconfig\fR parameter is defined as 
+follows: 
+
+.sp
+.nf
+		Long Printer Name:\\
+		Driver File Name:\\
+		Data File Name:\\
+		Config File Name:\\
+		Help File Name:\\
+		Language Monitor Name:\\
+		Default Data Type:\\
+		Comma Separated list of Files
+		
+.sp
+.fi
+
+Any empty fields should be enter as the string "NULL". 
+
+Samba does not need to support the concept of Print Monitors
+since these only apply to local printers whose driver can make
+use of a bi-directional link for communication. This field should 
+be "NULL". On a remote NT print server, the Print Monitor for a 
+driver must already be installed prior to adding the driver or 
+else the RPC will fail. 
+.TP 0.2i
+\(bu
+\fBaddprinter <printername> 
+<sharename> <drivername> <port>\fR 
+- Add a printer on the remote server. This printer 
+will be automatically shared. Be aware that the printer driver 
+must already be installed on the server (see \fBadddriver\fR) 
+and the \fIport\fRmust be a valid port name (see
+\fBenumports\fR.
+.TP 0.2i
+\(bu
+\fBdeldriver\fR - Delete the 
+specified printer driver for all architectures. This
+does not delete the actual driver files from the server,
+only the entry from the server's list of drivers.
+.TP 0.2i
+\(bu
+\fBenumdata\fR - Enumerate all 
+printer setting data stored on the server. On Windows NT clients, 
+these values are stored in the registry, while Samba servers 
+store them in the printers TDB. This command corresponds
+to the MS Platform SDK GetPrinterData() function (* This
+command is currently unimplemented).
+.TP 0.2i
+\(bu
+\fBenumjobs <printer>\fR 
+- List the jobs and status of a given printer. 
+This command corresponds to the MS Platform SDK EnumJobs() 
+function (* This command is currently unimplemented).
+.TP 0.2i
+\(bu
+\fBenumports [level]\fR 
+- Executes an EnumPorts() call using the specified 
+info level. Currently only info levels 1 and 2 are supported. 
+.TP 0.2i
+\(bu
+\fBenumdrivers [level]\fR 
+- Execute an EnumPrinterDrivers() call. This lists the various installed 
+printer drivers for all architectures. Refer to the MS Platform SDK 
+documentation for more details of the various flags and calling 
+options. Currently supported info levels are 1, 2, and 3.
+.TP 0.2i
+\(bu
+\fBenumprinters [level]\fR 
+- Execute an EnumPrinters() call. This lists the various installed 
+and share printers. Refer to the MS Platform SDK documentation for 
+more details of the various flags and calling options. Currently
+supported info levels are 0, 1, and 2.
+.TP 0.2i
+\(bu
+\fBgetdata <printername>\fR 
+- Retrieve the data for a given printer setting. See 
+the \fBenumdata\fR command for more information. 
+This command corresponds to the GetPrinterData() MS Platform 
+SDK function (* This command is currently unimplemented). 
+.TP 0.2i
+\(bu
+\fBgetdriver <printername>\fR 
+- Retrieve the printer driver information (such as driver file, 
+config file, dependent files, etc...) for 
+the given printer. This command corresponds to the GetPrinterDriver()
+MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
+.TP 0.2i
+\(bu
+\fBgetdriverdir <arch>\fR 
+- Execute a GetPrinterDriverDirectory()
+RPC to retreive the SMB share name and subdirectory for 
+storing printer driver files for a given architecture. Possible 
+values for \fIarch\fR are "Windows 4.0" 
+(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
+Alpha_AXP", and "Windows NT R4000". 
+.TP 0.2i
+\(bu
+\fBgetprinter <printername>\fR 
+- Retrieve the current printer information. This command 
+corresponds to the GetPrinter() MS Platform SDK function. 
+.TP 0.2i
+\(bu
+\fBopenprinter <printername>\fR 
+- Execute an OpenPrinterEx() and ClosePrinter() RPC 
+against a given printer. 
+.TP 0.2i
+\(bu
+\fBsetdriver <printername> <drivername>\fR 
+- Execute a SetPrinter() command to update the printer driver associated
+with an installed printer. The printer driver must already be correctly
+installed on the print server. 
+
+See also the \fBenumprinters\fR and 
+\fBenumdrivers\fR commands for obtaining a list of
+of installed printers and drivers.
+.PP
+\fBGENERAL OPTIONS\fR
+.PP
+.TP 0.2i
+\(bu
+\fBdebuglevel\fR - Set the current debug level
+used to log information.
+.TP 0.2i
+\(bu
+\fBhelp (?)\fR - Print a listing of all 
+known commands or extended help on a particular command. 
+.TP 0.2i
+\(bu
+\fBquit (exit)\fR - Exit \fBrpcclient
+\fR\&.
+.SH "BUGS"
+.PP
+\fBrpcclient\fR is designed as a developer testing tool 
+and may not be robust in certain areas (such as command line parsing). 
+It has been known to generate a core dump upon failures when invalid 
+parameters where passed to the interpreter. 
+.PP
+From Luke Leighton's original rpcclient man page:
+.PP
+\fB"WARNING!\fR The MSRPC over SMB code has 
+been developed from examining Network traces. No documentation is 
+available from the original creators (Microsoft) on how MSRPC over 
+SMB works, or how the individual MSRPC services work. Microsoft's 
+implementation of these services has been demonstrated (and reported) 
+to be... a bit flaky in places. 
+.PP
+The development of Samba's implementation is also a bit rough, 
+and as more of the services are understood, it can even result in 
+versions of \fBsmbd(8)\fR and \fBrpcclient(1)\fR 
+that are incompatible for some commands or services. Additionally, 
+the developers are sending reports to Microsoft, and problems found 
+or reported to Microsoft are fixed in Service Packs, which may 
+result in incompatibilities." 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of the Samba 
+suite.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original rpcclient man page was written by Matthew 
+Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. 
+The conversion to DocBook for Samba 2.2 was done by Gerald 
+Carter.
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
new file mode 100755
index 00000000000..383b40fa033
--- /dev/null
+++ b/docs/manpages/samba.7
@@ -0,0 +1,141 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SAMBA" "7" "19 November 2002" "" ""
+.SH NAME
+SAMBA \- A Windows SMB/CIFS fileserver for UNIX
+.SH SYNOPSIS
+.sp
+\fBSamba\fR
+.SH "DESCRIPTION"
+.PP
+The Samba software suite is a collection of programs 
+that implements the Server Message Block (commonly abbreviated 
+as SMB) protocol for UNIX systems. This protocol is sometimes 
+also referred to as the Common Internet File System (CIFS), 
+LanManager or NetBIOS protocol.
+.TP
+\fBsmbd\fR
+The \fBsmbd \fR
+daemon provides the file and print services to 
+SMB clients, such as Windows 95/98, Windows NT, Windows 
+for Workgroups or LanManager. The configuration file 
+for this daemon is described in \fIsmb.conf\fR
+.TP
+\fBnmbd\fR
+The \fBnmbd\fR
+daemon provides NetBIOS nameserving and browsing
+support. The configuration file for this daemon 
+is described in \fIsmb.conf\fR
+.TP
+\fBsmbclient\fR
+The \fBsmbclient\fR
+program implements a simple ftp-like client. This 
+is useful for accessing SMB shares on other compatible
+servers (such as Windows NT), and can also be used 
+to allow a UNIX box to print to a printer attached to 
+any SMB server (such as a PC running Windows NT).
+.TP
+\fBtestparm\fR
+The \fBtestparm\fR
+utility is a simple syntax checker for Samba's
+\fIsmb.conf\fRconfiguration file.
+.TP
+\fBtestprns\fR
+The \fBtestprns\fR
+utility supports testing printer names defined 
+in your \fIprintcap>\fR file used 
+by Samba.
+.TP
+\fBsmbstatus\fR
+The \fBsmbstatus\fR
+tool provides access to information about the 
+current connections to \fBsmbd\fR.
+.TP
+\fBnmblookup\fR
+The \fBnmblookup\fR
+tools allows NetBIOS name queries to be made 
+from a UNIX host.
+.TP
+\fBmake_smbcodepage\fR
+The \fBmake_smbcodepage\fR
+utility provides a means of creating SMB code page 
+definition files for your \fBsmbd\fR server.
+.TP
+\fBsmbpasswd\fR
+The \fBsmbpasswd\fR
+command is a tool for changing LanMan and Windows NT 
+password hashes on Samba and Windows NT servers.
+.SH "COMPONENTS"
+.PP
+The Samba suite is made up of several components. Each 
+component is described in a separate manual page. It is strongly 
+recommended that you read the documentation that comes with Samba 
+and the manual pages of those components that you use. If the 
+manual pages aren't clear enough then please send a patch or 
+bug report to  samba@samba.org <URL:mailto:samba@samba.org>
+.SH "AVAILABILITY"
+.PP
+The Samba software suite is licensed under the 
+GNU Public License(GPL). A copy of that license should 
+have come with the package in the file COPYING. You are 
+encouraged to distribute copies of the Samba suite, but 
+please obey the terms of this license.
+.PP
+The latest version of the Samba suite can be 
+obtained via anonymous ftp from samba.org in the
+directory pub/samba/. It is also available on several 
+mirror sites worldwide.
+.PP
+You may also find useful information about Samba 
+on the newsgroup  comp.protocol.smb <URL:news:comp.protocols.smb> and the Samba mailing 
+list. Details on how to join the mailing list are given in 
+the README file that comes with Samba.
+.PP
+If you have access to a WWW viewer (such as Netscape 
+or Mosaic) then you will also find lots of useful information, 
+including back issues of the Samba mailing list, at
+http://lists.samba.org <URL:http://lists.samba.org/>.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of the 
+Samba suite. 
+.SH "CONTRIBUTIONS"
+.PP
+If you wish to contribute to the Samba project, 
+then I suggest you join the Samba mailing list at 
+http://lists.samba.org <URL:http://lists.samba.org/>.
+.PP
+If you have patches to submit or bugs to report 
+then you may mail them directly to samba-patches@samba.org.
+Note, however, that due to the enormous popularity of this 
+package the Samba Team may take some time to respond to mail. We 
+prefer patches in \fBdiff -u\fR format.
+.SH "CONTRIBUTORS"
+.PP
+Contributors to the project are now too numerous 
+to mention here but all deserve the thanks of all Samba 
+users. To see a full list, look at  ftp://samba.org/pub/samba/alpha/change-log <URL:ftp://samba.org/pub/samba/alpha/change-log>
+for the pre-CVS changes and at  ftp://samba.org/pub/samba/alpha/cvs.log <URL:ftp://samba.org/pub/samba/alpha/cvs.log>
+for the contributors to Samba post-CVS. CVS is the Open Source 
+source code control system used by the Samba Team to develop 
+Samba. The project would have been unmanageable without it.
+.PP
+In addition, several commercial organizations now help 
+fund the Samba Team with money and equipment. For details see 
+the Samba Web pages at  http://samba.org/samba/samba-thanks.html
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
new file mode 100755
index 00000000000..d272e43f247
--- /dev/null
+++ b/docs/manpages/smb.conf.5
@@ -0,0 +1,7679 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMB.CONF" "5" "30 March 2003" "" ""
+.SH NAME
+smb.conf \- The configuration file for the Samba suite
+.SH "SYNOPSIS"
+.PP
+The \fIsmb.conf\fR file is a configuration 
+file for the Samba suite. \fIsmb.conf\fR contains 
+runtime configuration information for the Samba programs. The
+\fIsmb.conf\fR file is designed to be configured and 
+administered by the \fBswat(8)\fR
+ program. The complete description of the file format and 
+possible parameters held within are here for reference purposes.
+.SH "FILE FORMAT"
+.PP
+The file consists of sections and parameters. A section 
+begins with the name of the section in square brackets and continues 
+until the next section begins. Sections contain parameters of the 
+form
+.PP
+\fIname\fR = \fIvalue
+\fR.PP
+The file is line-based - that is, each newline-terminated 
+line represents either a comment, a section name or a parameter.
+.PP
+Section and parameter names are not case sensitive.
+.PP
+Only the first equals sign in a parameter is significant. 
+Whitespace before or after the first equals sign is discarded.
+Leading, trailing and internal whitespace in section and parameter 
+names is irrelevant. Leading and trailing whitespace in a parameter 
+value is discarded. Internal whitespace within a parameter value 
+is retained verbatim.
+.PP
+Any line beginning with a semicolon (';') or a hash ('#') 
+character is ignored, as are lines containing only whitespace.
+.PP
+Any line ending in a '\\' is continued
+on the next line in the customary UNIX fashion.
+.PP
+The values following the equals sign in parameters are all 
+either a string (no quotes needed) or a boolean, which may be given 
+as yes/no, 0/1 or true/false. Case is not significant in boolean 
+values, but is preserved in string values. Some items such as 
+create modes are numeric.
+.SH "SECTION DESCRIPTIONS"
+.PP
+Each section in the configuration file (except for the
+[global] section) describes a shared resource (known
+as a "share"). The section name is the name of the 
+shared resource and the parameters within the section define 
+the shares attributes.
+.PP
+There are three special sections, [global],
+[homes] and [printers], which are
+described under \fBspecial sections\fR. The
+following notes apply to ordinary section descriptions.
+.PP
+A share consists of a directory to which access is being 
+given plus a description of the access rights which are granted 
+to the user of the service. Some housekeeping options are 
+also specifiable.
+.PP
+Sections are either file share services (used by the 
+client as an extension of their native file systems) or 
+printable services (used by the client to access print services 
+on the host running the server).
+.PP
+Sections may be designated \fBguest\fR services,
+in which case no password is required to access them. A specified 
+UNIX \fBguest account\fR is used to define access
+privileges in this case.
+.PP
+Sections other than guest services will require a password 
+to access them. The client provides the username. As older clients 
+only provide passwords and not usernames, you may specify a list 
+of usernames to check against the password using the "user =" 
+option in the share definition. For modern clients such as 
+Windows 95/98/ME/NT/2000, this should not be necessary.
+.PP
+Note that the access rights granted by the server are 
+masked by the access rights granted to the specified or guest 
+UNIX user by the host system. The server does not grant more
+access than the host system grants.
+.PP
+The following sample section defines a file space share. 
+The user has write access to the path \fI/home/bar\fR. 
+The share is accessed via the share name "foo":
+.sp
+.nf
+	 	[foo]
+ 		path = /home/bar
+ 		read only = no
+	
+	
+.sp
+.fi
+.PP
+The following sample section defines a printable share. 
+The share is readonly, but printable. That is, the only write 
+access permitted is via calls to open, write to and close a 
+spool file. The \fBguest ok\fR parameter means 
+access will be permitted as the default guest user (specified 
+elsewhere):
+.sp
+.nf
+	 	[aprinter]
+ 		path = /usr/spool/public
+ 		read only = yes
+ 		printable = yes
+ 		guest ok = yes
+	
+	
+.sp
+.fi
+.SH "SPECIAL SECTIONS"
+.SS "THE  GLOBAL  SECTION"
+.PP
+parameters in this section apply to the server 
+as a whole, or are defaults for sections which do not 
+specifically define certain items. See the notes
+under PARAMETERS for more information.
+.SS "THE  HOMES  SECTION"
+.PP
+If a section called homes is included in the 
+configuration file, services connecting clients to their 
+home directories can be created on the fly by the server.
+.PP
+When the connection request is made, the existing 
+sections are scanned. If a match is found, it is used. If no 
+match is found, the requested section name is treated as a 
+user name and looked up in the local password file. If the 
+name exists and the correct password has been given, a share is 
+created by cloning the [homes] section.
+.PP
+Some modifications are then made to the newly 
+created share:
+.TP 0.2i
+\(bu
+The share name is changed from homes to 
+the located username.
+.TP 0.2i
+\(bu
+If no path was given, the path is set to
+the user's home directory.
+.PP
+If you decide to use a \fBpath =\fR line 
+in your [homes] section then you may find it useful 
+to use the %S macro. For example :
+.PP
+.PP
+\fBpath = /data/pchome/%S\fR
+.PP
+.PP
+would be useful if you have different home directories 
+for your PCs than for UNIX access.
+.PP
+.PP
+This is a fast and simple way to give a large number 
+of clients access to their home directories with a minimum 
+of fuss.
+.PP
+.PP
+A similar process occurs if the requested section 
+name is "homes", except that the share name is not 
+changed to that of the requesting user. This method of using
+the [homes] section works well if different users share 
+a client PC.
+.PP
+.PP
+The [homes] section can specify all the parameters 
+a normal service section can specify, though some make more sense 
+than others. The following is a typical and suitable [homes]
+section:
+.PP
+.sp
+.nf
+			 	[homes]
+ 			read only = no
+		
+		
+.sp
+.fi
+.PP
+An important point is that if guest access is specified 
+in the [homes] section, all home directories will be 
+visible to all clients \fBwithout a password\fR. 
+In the very unlikely event that this is actually desirable, it 
+would be wise to also specify \fBread only
+access\fR.
+.PP
+.PP
+Note that the \fBbrowseable\fR flag for 
+auto home directories will be inherited from the global browseable 
+flag, not the [homes] browseable flag. This is useful as 
+it means setting \fBbrowseable = no\fR in
+the [homes] section will hide the [homes] share but make
+any auto home directories visible.
+.PP
+.SS "THE  PRINTERS  SECTION"
+.PP
+This section works like [homes], 
+but for printers.
+.PP
+If a [printers] section occurs in the 
+configuration file, users are able to connect to any printer 
+specified in the local host's printcap file.
+.PP
+When a connection request is made, the existing sections 
+are scanned. If a match is found, it is used. If no match is found, 
+but a [homes] section exists, it is used as described
+above. Otherwise, the requested section name is treated as a
+printer name and the appropriate printcap file is scanned to see 
+if the requested section name is a valid printer share name. If 
+a match is found, a new printer share is created by cloning 
+the [printers] section.
+.PP
+A few modifications are then made to the newly created 
+share:
+.TP 0.2i
+\(bu
+The share name is set to the located printer 
+name
+.TP 0.2i
+\(bu
+If no printer name was given, the printer name 
+is set to the located printer name
+.TP 0.2i
+\(bu
+If the share does not permit guest access and 
+no username was given, the username is set to the located 
+printer name.
+.PP
+Note that the [printers] service MUST be 
+printable - if you specify otherwise, the server will refuse 
+to load the configuration file.
+.PP
+.PP
+Typically the path specified would be that of a 
+world-writeable spool directory with the sticky bit set on 
+it. A typical [printers] entry would look like 
+this:
+.PP
+.sp
+.nf
+	 	[printers]
+ 			path = /usr/spool/public
+ 			guest ok = yes
+ 			printable = yes 
+		
+.sp
+.fi
+.PP
+All aliases given for a printer in the printcap file 
+are legitimate printer names as far as the server is concerned. 
+If your printing subsystem doesn't work like that, you will have 
+to set up a pseudo-printcap. This is a file consisting of one or 
+more lines like this:
+.PP
+.sp
+.nf
+			        alias|alias|alias|alias...    
+		
+		
+.sp
+.fi
+.PP
+Each alias should be an acceptable printer name for 
+your printing subsystem. In the [global] section, specify 
+the new file as your printcap. The server will then only recognize 
+names found in your pseudo-printcap, which of course can contain 
+whatever aliases you like. The same technique could be used 
+simply to limit access to a subset of your local printers.
+.PP
+.PP
+An alias, by the way, is defined as any component of the 
+first entry of a printcap record. Records are separated by newlines,
+components (if there are more than one) are separated by vertical 
+bar symbols ('|').
+.PP
+.PP
+NOTE: On SYSV systems which use lpstat to determine what 
+printers are defined on the system you may be able to use
+"printcap name = lpstat" to automatically obtain a list 
+of printers. See the "printcap name" option 
+for more details.
+.PP
+.SH "PARAMETERS"
+.PP
+parameters define the specific attributes of sections.
+.PP
+Some parameters are specific to the [global] section
+(e.g., \fBsecurity\fR). Some parameters are usable 
+in all sections (e.g., \fBcreate mode\fR). All others 
+are permissible only in normal sections. For the purposes of the 
+following descriptions the [homes] and [printers]
+sections will be considered normal. The letter \fBG\fR 
+in parentheses indicates that a parameter is specific to the
+[global] section. The letter \fBS\fR
+indicates that a parameter can be specified in a service specific
+section. Note that all \fBS\fR parameters can also be specified in 
+the [global] section - in which case they will define
+the default behavior for all services.
+.PP
+parameters are arranged here in alphabetical order - this may 
+not create best bedfellows, but at least you can find them! Where
+there are synonyms, the preferred synonym is described, others refer 
+to the preferred synonym.
+.SH "VARIABLE SUBSTITUTIONS"
+.PP
+Many of the strings that are settable in the config file 
+can take substitutions. For example the option "path =
+/tmp/%u" would be interpreted as "path = 
+/tmp/john" if the user connected with the username john.
+.PP
+These substitutions are mostly noted in the descriptions below, 
+but there are some general substitutions which apply whenever they 
+might be relevant. These are:
+.TP
+\fB%S\fR
+the name of the current service, if any.
+.TP
+\fB%P\fR
+the root directory of the current service, 
+if any.
+.TP
+\fB%u\fR
+user name of the current service, if any.
+.TP
+\fB%g\fR
+primary group name of %u.
+.TP
+\fB%U\fR
+session user name (the user name that the client 
+wanted, not necessarily the same as the one they got).
+.TP
+\fB%G\fR
+primary group name of %U.
+.TP
+\fB%H\fR
+the home directory of the user given 
+by %u.
+.TP
+\fB%v\fR
+the Samba version.
+.TP
+\fB%h\fR
+the Internet hostname that Samba is running 
+on.
+.TP
+\fB%m\fR
+the NetBIOS name of the client machine 
+(very useful).
+.TP
+\fB%L\fR
+the NetBIOS name of the server. This allows you 
+to change your config based on what the client calls you. Your 
+server can have a "dual personality".
+
+Note that this paramater is not available when Samba listens
+on port 445, as clients no longer send this information 
+.TP
+\fB%M\fR
+the Internet name of the client machine.
+.TP
+\fB%N\fR
+the name of your NIS home directory server. 
+This is obtained from your NIS auto.map entry. If you have 
+not compiled Samba with the \fB--with-automount\fR 
+option then this value will be the same as %L.
+.TP
+\fB%p\fR
+the path of the service's home directory, 
+obtained from your NIS auto.map entry. The NIS auto.map entry 
+is split up as "%N:%p".
+.TP
+\fB%R\fR
+the selected protocol level after 
+protocol negotiation. It can be one of CORE, COREPLUS, 
+LANMAN1, LANMAN2 or NT1.
+.TP
+\fB%d\fR
+The process id of the current server
+process.
+.TP
+\fB%a\fR
+the architecture of the remote
+machine. Only some are recognized, and those may not be 
+100% reliable. It currently recognizes Samba, "WfWg", "Win95",
+"WinNT", "Win2K", WinXP, and "Win2K3". Anything else will be known as 
+"UNKNOWN". If it gets it wrong then sending a level 
+3 log to samba@samba.org
+ <URL:mailto:samba@samba.org> should allow it to be fixed.
+.TP
+\fB%I\fR
+The IP address of the client machine.
+.TP
+\fB%T\fR
+the current date and time.
+.TP
+\fB%$(\fIenvvar\fB)\fR
+The value of the environment variable
+\fIenvar\fR.
+.PP
+There are some quite creative things that can be done 
+with these substitutions and other smb.conf options.
+.PP
+.SH "NAME MANGLING"
+.PP
+Samba supports "name mangling" so that DOS and 
+Windows clients can use files that don't conform to the 8.3 format. 
+It can also be set to adjust the case of 8.3 format filenames.
+.PP
+There are several options that control the way mangling is 
+performed, and they are grouped here rather than listed separately. 
+For the defaults look at the output of the testparm program. 
+.PP
+All of these options can be set separately for each service 
+(or globally, of course). 
+.PP
+The options are: 
+.TP
+\fBmangling method\fR
+controls the algorithm used for the generating
+the mangled names. Can take two different values, "hash" and
+"hash2". "hash" is the default and is the algorithm that has been
+used in Samba for many years. "hash2" is a newer and considered
+a better algorithm (generates less collisions) in the names.
+However, many Win32 applications store the
+mangled names and so changing to the new algorithm must not be done
+lightly as these applications may break unless reinstalled.
+New installations of Samba may set the default to hash2.
+Default \fBhash\fR.
+.TP
+\fBmangle case = yes/no\fR
+controls if names that have characters that 
+aren't of the "default" case are mangled. For example, 
+if this is yes then a name like "Mail" would be mangled. 
+Default \fBno\fR.
+.TP
+\fBcase sensitive = yes/no\fR
+controls whether filenames are case sensitive. If 
+they aren't then Samba must do a filename search and match on passed 
+names. Default \fBno\fR.
+.TP
+\fBdefault case = upper/lower\fR
+controls what the default case is for new 
+filenames. Default \fBlower\fR.
+.TP
+\fBpreserve case = yes/no\fR
+controls if new files are created with the 
+case that the client passes, or if they are forced to be the 
+"default" case. Default \fByes\fR.
+.TP
+\fBshort preserve case = yes/no\fR
+controls if new files which conform to 8.3 syntax,
+that is all in upper case and of suitable length, are created 
+upper case, or if they are forced to be the "default" 
+case. This option can be use with "preserve case = yes" 
+to permit long filenames to retain their case, while short names 
+are lowercased. Default \fByes\fR.
+.PP
+By default, Samba 2.2 has the same semantics as a Windows 
+NT server, in that it is case insensitive but case preserving.
+.PP
+.SH "NOTE ABOUT USERNAME/PASSWORD VALIDATION"
+.PP
+There are a number of ways in which a user can connect 
+to a service. The server uses the following steps in determining 
+if it will allow a connection to a specified service. If all the 
+steps fail, then the connection request is rejected. However, if one of the 
+steps succeeds, then the following steps are not checked.
+.PP
+If the service is marked "guest only = yes" and the
+server is running with share-level security ("security = share")
+then steps 1 to 5 are skipped.
+.IP 1. 
+If the client has passed a username/password 
+pair and that username/password pair is validated by the UNIX 
+system's password programs then the connection is made as that 
+username. Note that this includes the 
+\\\\server\\service%\fIusername\fR method of passing 
+a username.
+.IP 2. 
+If the client has previously registered a username 
+with the system and now supplies a correct password for that 
+username then the connection is allowed.
+.IP 3. 
+The client's NetBIOS name and any previously 
+used user names are checked against the supplied password, if 
+they match then the connection is allowed as the corresponding 
+user.
+.IP 4. 
+If the client has previously validated a
+username/password pair with the server and the client has passed 
+the validation token then that username is used. 
+.IP 5. 
+If a "user = " field is given in the
+\fIsmb.conf\fR file for the service and the client 
+has supplied a password, and that password matches (according to 
+the UNIX system's password checking) with one of the usernames 
+from the "user =" field then the connection is made as 
+the username in the "user =" line. If one 
+of the username in the "user =" list begins with a
+\&'@' then that name expands to a list of names in 
+the group of the same name.
+.IP 6. 
+If the service is a guest service then a 
+connection is made as the username given in the "guest 
+account =" for the service, irrespective of the 
+supplied password.
+.SH "COMPLETE LIST OF GLOBAL PARAMETERS"
+.PP
+Here is a list of all global parameters. See the section of 
+each parameter for details. Note that some are synonyms.
+.TP 0.2i
+\(bu
+\fIacl compatibility\fR
+.TP 0.2i
+\(bu
+\fIadd printer command\fR
+.TP 0.2i
+\(bu
+\fIadd share command\fR
+.TP 0.2i
+\(bu
+\fIadd user script\fR
+.TP 0.2i
+\(bu
+\fIallow trusted domains\fR
+.TP 0.2i
+\(bu
+\fIannounce as\fR
+.TP 0.2i
+\(bu
+\fIannounce version\fR
+.TP 0.2i
+\(bu
+\fIauto services\fR
+.TP 0.2i
+\(bu
+\fIbind interfaces only\fR
+.TP 0.2i
+\(bu
+\fIbrowse list\fR
+.TP 0.2i
+\(bu
+\fIchange notify timeout\fR
+.TP 0.2i
+\(bu
+\fIchange share command\fR
+.TP 0.2i
+\(bu
+\fIcharacter set\fR
+.TP 0.2i
+\(bu
+\fIclient code page\fR
+.TP 0.2i
+\(bu
+\fIcode page directory\fR
+.TP 0.2i
+\(bu
+\fIcoding system\fR
+.TP 0.2i
+\(bu
+\fIconfig file\fR
+.TP 0.2i
+\(bu
+\fIdeadtime\fR
+.TP 0.2i
+\(bu
+\fIdebug hires timestamp\fR
+.TP 0.2i
+\(bu
+\fIdebug pid\fR
+.TP 0.2i
+\(bu
+\fIdebug timestamp\fR
+.TP 0.2i
+\(bu
+\fIdebug uid\fR
+.TP 0.2i
+\(bu
+\fIdebuglevel\fR
+.TP 0.2i
+\(bu
+\fIdefault\fR
+.TP 0.2i
+\(bu
+\fIdefault service\fR
+.TP 0.2i
+\(bu
+\fIdelete printer command\fR
+.TP 0.2i
+\(bu
+\fIdelete share command\fR
+.TP 0.2i
+\(bu
+\fIdelete user script\fR
+.TP 0.2i
+\(bu
+\fIdfree command\fR
+.TP 0.2i
+\(bu
+\fIdisable spoolss\fR
+.TP 0.2i
+\(bu
+\fIdns proxy\fR
+.TP 0.2i
+\(bu
+\fIdomain admin group\fR
+.TP 0.2i
+\(bu
+\fIdomain guest group\fR
+.TP 0.2i
+\(bu
+\fIdomain logons\fR
+.TP 0.2i
+\(bu
+\fIdomain master\fR
+.TP 0.2i
+\(bu
+\fIencrypt passwords\fR
+.TP 0.2i
+\(bu
+\fIenhanced browsing\fR
+.TP 0.2i
+\(bu
+\fIenumports command\fR
+.TP 0.2i
+\(bu
+\fIgetwd cache\fR
+.TP 0.2i
+\(bu
+\fIhide local users\fR
+.TP 0.2i
+\(bu
+\fIhide unreadable\fR
+.TP 0.2i
+\(bu
+\fIhomedir map\fR
+.TP 0.2i
+\(bu
+\fIhost msdfs\fR
+.TP 0.2i
+\(bu
+\fIhosts equiv\fR
+.TP 0.2i
+\(bu
+\fIinterfaces\fR
+.TP 0.2i
+\(bu
+\fIkeepalive\fR
+.TP 0.2i
+\(bu
+\fIkernel oplocks\fR
+.TP 0.2i
+\(bu
+\fIlanman auth\fR
+.TP 0.2i
+\(bu
+\fIlarge readwrite\fR
+.TP 0.2i
+\(bu
+\fIldap admin dn\fR
+.TP 0.2i
+\(bu
+\fIldap filter\fR
+.TP 0.2i
+\(bu
+\fIldap port\fR
+.TP 0.2i
+\(bu
+\fIldap server\fR
+.TP 0.2i
+\(bu
+\fIldap ssl\fR
+.TP 0.2i
+\(bu
+\fIldap suffix\fR
+.TP 0.2i
+\(bu
+\fIlm announce\fR
+.TP 0.2i
+\(bu
+\fIlm interval\fR
+.TP 0.2i
+\(bu
+\fIload printers\fR
+.TP 0.2i
+\(bu
+\fIlocal master\fR
+.TP 0.2i
+\(bu
+\fIlock dir\fR
+.TP 0.2i
+\(bu
+\fIlock directory\fR
+.TP 0.2i
+\(bu
+\fIlock spin count\fR
+.TP 0.2i
+\(bu
+\fIlock spin time\fR
+.TP 0.2i
+\(bu
+\fIpid directory\fR
+.TP 0.2i
+\(bu
+\fIlog file\fR
+.TP 0.2i
+\(bu
+\fIlog level\fR
+.TP 0.2i
+\(bu
+\fIlogon drive\fR
+.TP 0.2i
+\(bu
+\fIlogon home\fR
+.TP 0.2i
+\(bu
+\fIlogon path\fR
+.TP 0.2i
+\(bu
+\fIlogon script\fR
+.TP 0.2i
+\(bu
+\fIlpq cache time\fR
+.TP 0.2i
+\(bu
+\fImachine password timeout\fR
+.TP 0.2i
+\(bu
+\fImangled stack\fR
+.TP 0.2i
+\(bu
+\fImangling method\fR
+.TP 0.2i
+\(bu
+\fImap to guest\fR
+.TP 0.2i
+\(bu
+\fImax disk size\fR
+.TP 0.2i
+\(bu
+\fImax log size\fR
+.TP 0.2i
+\(bu
+\fImax mux\fR
+.TP 0.2i
+\(bu
+\fImax open files\fR
+.TP 0.2i
+\(bu
+\fImax protocol\fR
+.TP 0.2i
+\(bu
+\fImax smbd processes\fR
+.TP 0.2i
+\(bu
+\fImax ttl\fR
+.TP 0.2i
+\(bu
+\fImax wins ttl\fR
+.TP 0.2i
+\(bu
+\fImax xmit\fR
+.TP 0.2i
+\(bu
+\fImessage command\fR
+.TP 0.2i
+\(bu
+\fImin passwd length\fR
+.TP 0.2i
+\(bu
+\fImin password length\fR
+.TP 0.2i
+\(bu
+\fImin protocol\fR
+.TP 0.2i
+\(bu
+\fImin wins ttl\fR
+.TP 0.2i
+\(bu
+\fIname resolve order\fR
+.TP 0.2i
+\(bu
+\fInetbios aliases\fR
+.TP 0.2i
+\(bu
+\fInetbios name\fR
+.TP 0.2i
+\(bu
+\fInetbios scope\fR
+.TP 0.2i
+\(bu
+\fInis homedir\fR
+.TP 0.2i
+\(bu
+\fInt pipe support\fR
+.TP 0.2i
+\(bu
+\fInt smb support\fR
+.TP 0.2i
+\(bu
+\fInt status support\fR
+.TP 0.2i
+\(bu
+\fInull passwords\fR
+.TP 0.2i
+\(bu
+\fIobey pam restrictions\fR
+.TP 0.2i
+\(bu
+\fIoplock break wait time\fR
+.TP 0.2i
+\(bu
+\fIos level\fR
+.TP 0.2i
+\(bu
+\fIos2 driver map\fR
+.TP 0.2i
+\(bu
+\fIpam password change\fR
+.TP 0.2i
+\(bu
+\fIpanic action\fR
+.TP 0.2i
+\(bu
+\fIpasswd chat\fR
+.TP 0.2i
+\(bu
+\fIpasswd chat debug\fR
+.TP 0.2i
+\(bu
+\fIpasswd program\fR
+.TP 0.2i
+\(bu
+\fIpassword level\fR
+.TP 0.2i
+\(bu
+\fIpassword server\fR
+.TP 0.2i
+\(bu
+\fIprefered master\fR
+.TP 0.2i
+\(bu
+\fIpreferred master\fR
+.TP 0.2i
+\(bu
+\fIpreload\fR
+.TP 0.2i
+\(bu
+\fIprintcap\fR
+.TP 0.2i
+\(bu
+\fIprintcap name\fR
+.TP 0.2i
+\(bu
+\fIprinter driver file\fR
+.TP 0.2i
+\(bu
+\fIprotocol\fR
+.TP 0.2i
+\(bu
+\fIread bmpx\fR
+.TP 0.2i
+\(bu
+\fIread raw\fR
+.TP 0.2i
+\(bu
+\fIread size\fR
+.TP 0.2i
+\(bu
+\fIremote announce\fR
+.TP 0.2i
+\(bu
+\fIremote browse sync\fR
+.TP 0.2i
+\(bu
+\fIrestrict anonymous\fR
+.TP 0.2i
+\(bu
+\fIroot\fR
+.TP 0.2i
+\(bu
+\fIroot dir\fR
+.TP 0.2i
+\(bu
+\fIroot directory\fR
+.TP 0.2i
+\(bu
+\fIsecurity\fR
+.TP 0.2i
+\(bu
+\fIserver string\fR
+.TP 0.2i
+\(bu
+\fIshow add printer wizard\fR
+.TP 0.2i
+\(bu
+\fIsmb passwd file\fR
+.TP 0.2i
+\(bu
+\fIsocket address\fR
+.TP 0.2i
+\(bu
+\fIsocket options\fR
+.TP 0.2i
+\(bu
+\fIsource environment\fR
+.TP 0.2i
+\(bu
+\fIssl\fR
+.TP 0.2i
+\(bu
+\fIssl CA certDir\fR
+.TP 0.2i
+\(bu
+\fIssl CA certFile\fR
+.TP 0.2i
+\(bu
+\fIssl ciphers\fR
+.TP 0.2i
+\(bu
+\fIssl client cert\fR
+.TP 0.2i
+\(bu
+\fIssl client key\fR
+.TP 0.2i
+\(bu
+\fIssl compatibility\fR
+.TP 0.2i
+\(bu
+\fIssl egd socket\fR
+.TP 0.2i
+\(bu
+\fIssl entropy bytes\fR
+.TP 0.2i
+\(bu
+\fIssl entropy file\fR
+.TP 0.2i
+\(bu
+\fIssl hosts\fR
+.TP 0.2i
+\(bu
+\fIssl hosts resign\fR
+.TP 0.2i
+\(bu
+\fIssl require clientcert\fR
+.TP 0.2i
+\(bu
+\fIssl require servercert\fR
+.TP 0.2i
+\(bu
+\fIssl server cert\fR
+.TP 0.2i
+\(bu
+\fIssl server key\fR
+.TP 0.2i
+\(bu
+\fIssl version\fR
+.TP 0.2i
+\(bu
+\fIstat cache\fR
+.TP 0.2i
+\(bu
+\fIstat cache size\fR
+.TP 0.2i
+\(bu
+\fIstrip dot\fR
+.TP 0.2i
+\(bu
+\fIsyslog\fR
+.TP 0.2i
+\(bu
+\fIsyslog only\fR
+.TP 0.2i
+\(bu
+\fItemplate homedir\fR
+.TP 0.2i
+\(bu
+\fItemplate shell\fR
+.TP 0.2i
+\(bu
+\fItime offset\fR
+.TP 0.2i
+\(bu
+\fItime server\fR
+.TP 0.2i
+\(bu
+\fItimestamp logs\fR
+.TP 0.2i
+\(bu
+\fItotal print jobs\fR
+.TP 0.2i
+\(bu
+\fIunix extensions\fR
+.TP 0.2i
+\(bu
+\fIunix password sync\fR
+.TP 0.2i
+\(bu
+\fIupdate encrypted\fR
+.TP 0.2i
+\(bu
+\fIuse mmap\fR
+.TP 0.2i
+\(bu
+\fIuse rhosts\fR
+.TP 0.2i
+\(bu
+\fIusername level\fR
+.TP 0.2i
+\(bu
+\fIusername map\fR
+.TP 0.2i
+\(bu
+\fIutmp\fR
+.TP 0.2i
+\(bu
+\fIutmp directory\fR
+.TP 0.2i
+\(bu
+\fIvalid chars\fR
+.TP 0.2i
+\(bu
+\fIwinbind cache time\fR
+.TP 0.2i
+\(bu
+\fIwinbind enum users\fR
+.TP 0.2i
+\(bu
+\fIwinbind enum groups\fR
+.TP 0.2i
+\(bu
+\fIwinbind gid\fR
+.TP 0.2i
+\(bu
+\fIwinbind separator\fR
+.TP 0.2i
+\(bu
+\fIwinbind uid\fR
+.TP 0.2i
+\(bu
+\fIwinbind use default domain\fR
+.TP 0.2i
+\(bu
+\fIwins hook\fR
+.TP 0.2i
+\(bu
+\fIwins proxy\fR
+.TP 0.2i
+\(bu
+\fIwins server\fR
+.TP 0.2i
+\(bu
+\fIwins support\fR
+.TP 0.2i
+\(bu
+\fIworkgroup\fR
+.TP 0.2i
+\(bu
+\fIwrite raw\fR
+.SH "COMPLETE LIST OF SERVICE PARAMETERS"
+.PP
+Here is a list of all service parameters. See the section on 
+each parameter for details. Note that some are synonyms.
+.TP 0.2i
+\(bu
+\fIadmin users\fR
+.TP 0.2i
+\(bu
+\fIallow hosts\fR
+.TP 0.2i
+\(bu
+\fIavailable\fR
+.TP 0.2i
+\(bu
+\fIblocking locks\fR
+.TP 0.2i
+\(bu
+\fIblock size\fR
+.TP 0.2i
+\(bu
+\fIbrowsable\fR
+.TP 0.2i
+\(bu
+\fIbrowseable\fR
+.TP 0.2i
+\(bu
+\fIcase sensitive\fR
+.TP 0.2i
+\(bu
+\fIcasesignames\fR
+.TP 0.2i
+\(bu
+\fIcomment\fR
+.TP 0.2i
+\(bu
+\fIcopy\fR
+.TP 0.2i
+\(bu
+\fIcreate mask\fR
+.TP 0.2i
+\(bu
+\fIcreate mode\fR
+.TP 0.2i
+\(bu
+\fIcsc policy\fR
+.TP 0.2i
+\(bu
+\fIdefault case\fR
+.TP 0.2i
+\(bu
+\fIdefault devmode\fR
+.TP 0.2i
+\(bu
+\fIdelete readonly\fR
+.TP 0.2i
+\(bu
+\fIdelete veto files\fR
+.TP 0.2i
+\(bu
+\fIdeny hosts\fR
+.TP 0.2i
+\(bu
+\fIdirectory\fR
+.TP 0.2i
+\(bu
+\fIdirectory mask\fR
+.TP 0.2i
+\(bu
+\fIdirectory mode\fR
+.TP 0.2i
+\(bu
+\fIdirectory security mask\fR
+.TP 0.2i
+\(bu
+\fIdont descend\fR
+.TP 0.2i
+\(bu
+\fIdos filemode\fR
+.TP 0.2i
+\(bu
+\fIdos filetime resolution\fR
+.TP 0.2i
+\(bu
+\fIdos filetimes\fR
+.TP 0.2i
+\(bu
+\fIexec\fR
+.TP 0.2i
+\(bu
+\fIfake directory create times\fR
+.TP 0.2i
+\(bu
+\fIfake oplocks\fR
+.TP 0.2i
+\(bu
+\fIfollow symlinks\fR
+.TP 0.2i
+\(bu
+\fIforce create mode\fR
+.TP 0.2i
+\(bu
+\fIforce directory mode\fR
+.TP 0.2i
+\(bu
+\fIforce directory security mode\fR
+.TP 0.2i
+\(bu
+\fIforce group\fR
+.TP 0.2i
+\(bu
+\fIforce security mode\fR
+.TP 0.2i
+\(bu
+\fIforce unknown acl user\fR
+.TP 0.2i
+\(bu
+\fIforce user\fR
+.TP 0.2i
+\(bu
+\fIfstype\fR
+.TP 0.2i
+\(bu
+\fIgroup\fR
+.TP 0.2i
+\(bu
+\fIguest account\fR
+.TP 0.2i
+\(bu
+\fIguest ok\fR
+.TP 0.2i
+\(bu
+\fIguest only\fR
+.TP 0.2i
+\(bu
+\fIhide dot files\fR
+.TP 0.2i
+\(bu
+\fIhide files\fR
+.TP 0.2i
+\(bu
+\fIhosts allow\fR
+.TP 0.2i
+\(bu
+\fIhosts deny\fR
+.TP 0.2i
+\(bu
+\fIinclude\fR
+.TP 0.2i
+\(bu
+\fIinherit acls\fR
+.TP 0.2i
+\(bu
+\fIinherit permissions\fR
+.TP 0.2i
+\(bu
+\fIinvalid users\fR
+.TP 0.2i
+\(bu
+\fIlevel2 oplocks\fR
+.TP 0.2i
+\(bu
+\fIlocking\fR
+.TP 0.2i
+\(bu
+\fIlppause command\fR
+.TP 0.2i
+\(bu
+\fIlpq command\fR
+.TP 0.2i
+\(bu
+\fIlpresume command\fR
+.TP 0.2i
+\(bu
+\fIlprm command\fR
+.TP 0.2i
+\(bu
+\fImagic output\fR
+.TP 0.2i
+\(bu
+\fImagic script\fR
+.TP 0.2i
+\(bu
+\fImangle case\fR
+.TP 0.2i
+\(bu
+\fImangled map\fR
+.TP 0.2i
+\(bu
+\fImangled names\fR
+.TP 0.2i
+\(bu
+\fImangling char\fR
+.TP 0.2i
+\(bu
+\fImap archive\fR
+.TP 0.2i
+\(bu
+\fImap hidden\fR
+.TP 0.2i
+\(bu
+\fImap system\fR
+.TP 0.2i
+\(bu
+\fImax connections\fR
+.TP 0.2i
+\(bu
+\fImax print jobs\fR
+.TP 0.2i
+\(bu
+\fImin print space\fR
+.TP 0.2i
+\(bu
+\fImsdfs root\fR
+.TP 0.2i
+\(bu
+\fInt acl support\fR
+.TP 0.2i
+\(bu
+\fIonly guest\fR
+.TP 0.2i
+\(bu
+\fIonly user\fR
+.TP 0.2i
+\(bu
+\fIoplock contention limit\fR
+.TP 0.2i
+\(bu
+\fIoplocks\fR
+.TP 0.2i
+\(bu
+\fIpath\fR
+.TP 0.2i
+\(bu
+\fIposix locking\fR
+.TP 0.2i
+\(bu
+\fIpostexec\fR
+.TP 0.2i
+\(bu
+\fIpostscript\fR
+.TP 0.2i
+\(bu
+\fIpreexec\fR
+.TP 0.2i
+\(bu
+\fIpreexec close\fR
+.TP 0.2i
+\(bu
+\fIpreserve case\fR
+.TP 0.2i
+\(bu
+\fIprint command\fR
+.TP 0.2i
+\(bu
+\fIprint ok\fR
+.TP 0.2i
+\(bu
+\fIprintable\fR
+.TP 0.2i
+\(bu
+\fIprinter\fR
+.TP 0.2i
+\(bu
+\fIprinter admin\fR
+.TP 0.2i
+\(bu
+\fIprinter driver\fR
+.TP 0.2i
+\(bu
+\fIprinter driver location\fR
+.TP 0.2i
+\(bu
+\fIprinter name\fR
+.TP 0.2i
+\(bu
+\fIprinting\fR
+.TP 0.2i
+\(bu
+\fIprofile acls\fR
+.TP 0.2i
+\(bu
+\fIpublic\fR
+.TP 0.2i
+\(bu
+\fIqueuepause command\fR
+.TP 0.2i
+\(bu
+\fIqueueresume command\fR
+.TP 0.2i
+\(bu
+\fIread list\fR
+.TP 0.2i
+\(bu
+\fIread only\fR
+.TP 0.2i
+\(bu
+\fIroot postexec\fR
+.TP 0.2i
+\(bu
+\fIroot preexec\fR
+.TP 0.2i
+\(bu
+\fIroot preexec close\fR
+.TP 0.2i
+\(bu
+\fIsecurity mask\fR
+.TP 0.2i
+\(bu
+\fIset directory\fR
+.TP 0.2i
+\(bu
+\fIshare modes\fR
+.TP 0.2i
+\(bu
+\fIshort preserve case\fR
+.TP 0.2i
+\(bu
+\fIstatus\fR
+.TP 0.2i
+\(bu
+\fIstrict allocate\fR
+.TP 0.2i
+\(bu
+\fIstrict locking\fR
+.TP 0.2i
+\(bu
+\fIstrict sync\fR
+.TP 0.2i
+\(bu
+\fIsync always\fR
+.TP 0.2i
+\(bu
+\fIuse client driver\fR
+.TP 0.2i
+\(bu
+\fIuse sendfile\fR
+.TP 0.2i
+\(bu
+\fIuser\fR
+.TP 0.2i
+\(bu
+\fIusername\fR
+.TP 0.2i
+\(bu
+\fIusers\fR
+.TP 0.2i
+\(bu
+\fIvalid users\fR
+.TP 0.2i
+\(bu
+\fIveto files\fR
+.TP 0.2i
+\(bu
+\fIveto oplock files\fR
+.TP 0.2i
+\(bu
+\fIvfs object\fR
+.TP 0.2i
+\(bu
+\fIvfs options\fR
+.TP 0.2i
+\(bu
+\fIvolume\fR
+.TP 0.2i
+\(bu
+\fIwide links\fR
+.TP 0.2i
+\(bu
+\fIwritable\fR
+.TP 0.2i
+\(bu
+\fIwrite cache size\fR
+.TP 0.2i
+\(bu
+\fIwrite list\fR
+.TP 0.2i
+\(bu
+\fIwrite ok\fR
+.TP 0.2i
+\(bu
+\fIwriteable\fR
+.SH "EXPLANATION OF EACH PARAMETER"
+.TP
+\fBacl compatibility (G)\fR
+New in Samba 2.2.8 and above, this string parameter tells
+smbd if it should modify any Windows access control lists created
+from POSIX access control lists to remove features which are not
+supported by Windows 2000 but not supported by the Windows NT ACL edit.
+control.
+
+By default this parameter is set automatically by detecting the
+client type and is set to "true" if the client is Windows NT.
+
+Default: \fBclient detected\fR
+
+Example: \fBacl compatibility = Win2k\fR
+
+Example: \fBacl compatibility = winnt\fR
+.TP
+\fBadd printer command (G)\fR
+With the introduction of MS-RPC based printing
+support for Windows NT/2000 clients in Samba 2.2, The MS Add
+Printer Wizard (APW) icon is now also available in the 
+"Printers..." folder displayed a share listing. The APW
+allows for printers to be add remotely to a Samba or Windows 
+NT/2000 print server.
+
+For a Samba host this means that the printer must be 
+physically added to the underlying printing system. The \fIadd 
+printer command\fR defines a script to be run which 
+will perform the necessary operations for adding the printer
+to the print system and to add the appropriate service definition 
+to the \fIsmb.conf\fR file in order that it can be 
+shared by \fBsmbd(8)\fR
+
+
+The \fIadd printer command\fR is
+automatically invoked with the following parameter (in 
+order:
+.RS
+.TP 0.2i
+\(bu
+\fIprinter name\fR
+.TP 0.2i
+\(bu
+\fIshare name\fR
+.TP 0.2i
+\(bu
+\fIport name\fR
+.TP 0.2i
+\(bu
+\fIdriver name\fR
+.TP 0.2i
+\(bu
+\fIlocation\fR
+.TP 0.2i
+\(bu
+\fIWindows 9x driver location\fR
+.RE
+.PP
+All parameters are filled in from the PRINTER_INFO_2 structure sent 
+by the Windows NT/2000 client with one exception. The "Windows 9x
+driver location" parameter is included for backwards compatibility
+only. The remaining fields in the structure are generated from answers
+to the APW questions.
+.PP
+.PP
+Once the \fIadd printer command\fR has 
+been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to determine if the share defined by the APW
+exists. If the sharename is still invalid, then \fBsmbd
+\fRwill return an ACCESS_DENIED error to the client.
+.PP
+.PP
+See also \fI delete printer command\fR, \fIprinting\fR,
+\fIshow add
+printer wizard\fR
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBaddprinter command = /usr/bin/addprinter
+\fR.PP
+.TP
+\fBadd share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIadd share command\fR is used to define an 
+external program or script which will add a new service definition 
+to \fIsmb.conf\fR. In order to successfully 
+execute the \fIadd share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIadd share command\fR with four parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of the new 
+share.
+.TP 0.2i
+\(bu
+\fIpathName\fR - path to an **existing**
+directory on disk.
+.TP 0.2i
+\(bu
+\fIcomment\fR - comment string to associate 
+with the new share.
+.RE
+.PP
+This parameter is only used for add file shares. To add printer shares, 
+see the \fIadd printer 
+command\fR.
+.PP
+.PP
+See also \fIchange share 
+command\fR, \fIdelete share
+command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBadd share command = /usr/local/bin/addshare\fR
+.PP
+.TP
+\fBadd user script (G)\fR
+This is the full pathname to a script that will 
+be run \fBAS ROOT\fR by smbd(8)
+ under special circumstances described below.
+
+Normally, a Samba server requires that UNIX users are 
+created for all users accessing files on this server. For sites 
+that use Windows NT account databases as their primary user database 
+creating these users and keeping the user list in sync with the 
+Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users 
+\fBON DEMAND\fR when a user accesses the Samba server.
+
+In order to use this option, smbd 
+must \fBNOT\fR be set to \fIsecurity = share\fR
+and \fIadd user script\fR
+must be set to a full pathname for a script that will create a UNIX 
+user given one argument of \fI%u\fR, which expands into 
+the UNIX user name to create.
+
+When the Windows user attempts to access the Samba server, 
+at login (session setup in the SMB protocol) time,  smbd contacts the \fIpassword server\fR and 
+attempts to authenticate the given user with the given password. If the 
+authentication succeeds then \fBsmbd\fR 
+attempts to find a UNIX user in the UNIX password database to map the 
+Windows user into. If this lookup fails, and \fIadd user script
+\fRis set then \fBsmbd\fR will
+call the specified script \fBAS ROOT\fR, expanding 
+any \fI%u\fR argument to be the user name to create.
+
+If this script successfully creates the user then \fBsmbd
+\fRwill continue on as though the UNIX user
+already existed. In this way, UNIX users are dynamically created to
+match existing Windows NT accounts.
+
+See also \fI security\fR,  \fIpassword server\fR, 
+\fIdelete user 
+script\fR.
+
+Default: \fBadd user script = <empty string>
+\fR
+Example: \fBadd user script = /usr/local/samba/bin/add_user 
+%u\fR
+.TP
+\fBadmin users (S)\fR
+This is a list of users who will be granted 
+administrative privileges on the share. This means that they 
+will do all file operations as the super-user (root).
+
+You should use this option very carefully, as any user in 
+this list will be able to do anything they like on the share, 
+irrespective of file permissions.
+
+Default: \fBno admin users\fR
+
+Example: \fBadmin users = jason\fR
+.TP
+\fBallow hosts (S)\fR
+Synonym for  \fIhosts allow\fR.
+.TP
+\fBallow trusted domains (G)\fR
+This option only takes effect when the \fIsecurity\fR option is set to 
+server or domain. 
+If it is set to no, then attempts to connect to a resource from 
+a domain or workgroup other than the one which smbd is running 
+in will fail, even if that domain is trusted by the remote server 
+doing the authentication.
+
+This is useful if you only want your Samba server to 
+serve resources to users in the domain it is a member of. As 
+an example, suppose that there are two domains DOMA and DOMB. DOMB 
+is trusted by DOMA, which contains the Samba server. Under normal 
+circumstances, a user with an account in DOMB can then access the 
+resources of a UNIX account with the same account name on the 
+Samba server even if they do not have an account in DOMA. This 
+can make implementing a security boundary difficult.
+
+Default: \fBallow trusted domains = yes\fR
+.TP
+\fBannounce as (G)\fR
+This specifies what type of server 
+\fBnmbd\fR 
+will announce itself as, to a network neighborhood browse 
+list. By default this is set to Windows NT. The valid options 
+are : "NT Server" (which can also be written as "NT"), 
+"NT Workstation", "Win95" or "WfW" meaning Windows NT Server, 
+Windows NT Workstation, Windows 95 and Windows for Workgroups 
+respectively. Do not change this parameter unless you have a 
+specific need to stop Samba appearing as an NT server as this 
+may prevent Samba servers from participating as browser servers 
+correctly.
+
+Default: \fBannounce as = NT Server\fR
+
+Example: \fBannounce as = Win95\fR
+.TP
+\fBannounce version (G)\fR
+This specifies the major and minor version numbers 
+that nmbd will use when announcing itself as a server. The default 
+is 4.9. Do not change this parameter unless you have a specific 
+need to set a Samba server to be a downlevel server.
+
+Default: \fBannounce version = 4.9\fR
+
+Example: \fBannounce version = 2.0\fR
+.TP
+\fBauto services (G)\fR
+This is a synonym for the  \fIpreload\fR.
+.TP
+\fBavailable (S)\fR
+This parameter lets you "turn off" a service. If 
+\fIavailable = no\fR, then \fBALL\fR 
+attempts to connect to the service will fail. Such failures are 
+logged.
+
+Default: \fBavailable = yes\fR
+.TP
+\fBbind interfaces only (G)\fR
+This global parameter allows the Samba admin 
+to limit what interfaces on a machine will serve SMB requests. If 
+affects file service smbd(8) and 
+name service nmbd(8) in slightly 
+different ways.
+
+For name service it causes \fBnmbd\fR to bind 
+to ports 137 and 138 on the interfaces listed in the interfaces parameter. \fBnmbd
+\fRalso binds to the "all addresses" interface (0.0.0.0) 
+on ports 137 and 138 for the purposes of reading broadcast messages. 
+If this option is not set then \fBnmbd\fR will service 
+name requests on all of these sockets. If \fIbind interfaces
+only\fR is set then \fBnmbd\fR will check the 
+source address of any packets coming in on the broadcast sockets 
+and discard any that don't match the broadcast addresses of the 
+interfaces in the \fIinterfaces\fR parameter list. 
+As unicast packets are received on the other sockets it allows 
+\fBnmbd\fR to refuse to serve names to machines that 
+send packets that arrive through any interfaces not listed in the
+\fIinterfaces\fR list. IP Source address spoofing
+does defeat this simple check, however so it must not be used
+seriously as a security feature for \fBnmbd\fR.
+
+For file service it causes smbd(8)
+to bind only to the interface list given in the  interfaces parameter. This restricts the networks that 
+\fBsmbd\fR will serve to packets coming in those 
+interfaces. Note that you should not use this parameter for machines 
+that are serving PPP or other intermittent or non-broadcast network 
+interfaces as it will not cope with non-permanent interfaces.
+
+If \fIbind interfaces only\fR is set then 
+unless the network address \fB127.0.0.1\fR is added 
+to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR 
+and \fBswat(8)\fR may 
+not work as expected due to the reasons covered below.
+
+To change a users SMB password, the \fBsmbpasswd\fR
+by default connects to the \fBlocalhost - 127.0.0.1\fR 
+address as an SMB client to issue the password change request. If 
+\fIbind interfaces only\fR is set then unless the 
+network address \fB127.0.0.1\fR is added to the
+\fIinterfaces\fR parameter list then \fB smbpasswd\fR will fail to connect in it's default mode. 
+\fBsmbpasswd\fR can be forced to use the primary IP interface 
+of the local host by using its  \fI-r remote machine\fR
+ parameter, with \fIremote machine\fR set 
+to the IP name of the primary interface of the local host.
+
+The \fBswat\fR status page tries to connect with
+\fBsmbd\fR and \fBnmbd\fR at the address 
+\fB127.0.0.1\fR to determine if they are running. 
+Not adding \fB127.0.0.1\fR will cause \fB smbd\fR and \fBnmbd\fR to always show
+"not running" even if they really are. This can prevent \fB swat\fR from starting/stopping/restarting \fBsmbd\fR
+and \fBnmbd\fR.
+
+Default: \fBbind interfaces only = no\fR
+.TP
+\fBblock size (S)\fR
+This parameter controls the behavior of smbd(8) when reporting disk free sizes.
+By default, this reports a disk block size of 1024 bytes.
+
+Changing this parameter may have some effect on the
+efficiency of client writes, this is not yet confirmed. This
+parameter was added to allow advanced administrators to change
+it (usually to a higher value) and test the effect it has on
+client write performance without re-compiling the code. As this
+is an experimental option it may be removed in a future release.
+
+Changing this option does not change the disk free reporting
+size, just the block size unit reported to the client.
+
+Default: \fBblock size = 1024\fR
+
+Example: \fBblock size = 65536\fR
+.TP
+\fBblocking locks (S)\fR
+This parameter controls the behavior of smbd(8) when given a request by a client 
+to obtain a byte range lock on a region of an open file, and the 
+request has a time limit associated with it.
+
+If this parameter is set and the lock range requested 
+cannot be immediately satisfied, Samba 2.2 will internally 
+queue the lock request, and periodically attempt to obtain 
+the lock until the timeout period expires.
+
+If this parameter is set to no, then 
+Samba 2.2 will behave as previous versions of Samba would and 
+will fail the lock request immediately if the lock range 
+cannot be obtained.
+
+Default: \fBblocking locks = yes\fR
+.TP
+\fBbrowsable (S)\fR
+See the \fI browseable\fR.
+.TP
+\fBbrowse list (G)\fR
+This controls whether  \fBsmbd(8)\fR will serve a browse list to 
+a client doing a \fBNetServerEnum\fR call. Normally 
+set to yes. You should never need to change 
+this.
+
+Default: \fBbrowse list = yes\fR
+.TP
+\fBbrowseable (S)\fR
+This controls whether this share is seen in 
+the list of available shares in a net view and in the browse list.
+
+Default: \fBbrowseable = yes\fR
+.TP
+\fBcase sensitive (S)\fR
+See the discussion in the section NAME MANGLING.
+
+Default: \fBcase sensitive = no\fR
+.TP
+\fBcasesignames (S)\fR
+Synonym for case 
+sensitive.
+.TP
+\fBchange notify timeout (G)\fR
+This SMB allows a client to tell a server to 
+"watch" a particular directory for any changes and only reply to
+the SMB request when a change has occurred. Such constant scanning of
+a directory is expensive under UNIX, hence an  \fBsmbd(8)\fR daemon only performs such a scan 
+on each requested directory once every \fIchange notify 
+timeout\fR seconds.
+
+Default: \fBchange notify timeout = 60\fR
+
+Example: \fBchange notify timeout = 300\fR
+
+Would change the scan time to every 5 minutes.
+.TP
+\fBchange share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIchange share command\fR is used to define an 
+external program or script which will modify an existing service definition 
+in \fIsmb.conf\fR. In order to successfully 
+execute the \fIchange share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIchange share command\fR with four parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of the new 
+share.
+.TP 0.2i
+\(bu
+\fIpathName\fR - path to an **existing**
+directory on disk.
+.TP 0.2i
+\(bu
+\fIcomment\fR - comment string to associate 
+with the new share.
+.RE
+.PP
+This parameter is only used modify existing file shares definitions. To modify 
+printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+.PP
+.PP
+See also \fIadd share
+command\fR, \fIdelete 
+share command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBchange share command = /usr/local/bin/addshare\fR
+.PP
+.TP
+\fBcharacter set (G)\fR
+This allows smbd to map incoming filenames 
+from a DOS Code page (see the client 
+code page parameter) to several built in UNIX character sets. 
+The built in code page translations are:
+.RS
+.TP 0.2i
+\(bu
+ISO8859-1 : Western European 
+UNIX character set. The parameter \fIclient code page\fR
+\fBMUST\fR be set to code page 850 if the 
+\fIcharacter set\fR parameter is set to
+ISO8859-1 in order for the conversion to the 
+UNIX character set to be done correctly.
+.TP 0.2i
+\(bu
+ISO8859-2 : Eastern European 
+UNIX character set. The parameter \fIclient code page
+\fR\fBMUST\fR be set to code page 852 if 
+the \fI character set\fR parameter is set 
+to ISO8859-2 in order for the conversion 
+to the UNIX character set to be done correctly. 
+.TP 0.2i
+\(bu
+ISO8859-5 : Russian Cyrillic 
+UNIX character set. The parameter \fIclient code page
+\fR\fBMUST\fR be set to code page 
+866 if the \fIcharacter set \fR parameter is 
+set to ISO8859-5 in order for the conversion 
+to the UNIX character set to be done correctly. 
+.TP 0.2i
+\(bu
+ISO8859-7 : Greek UNIX 
+character set. The parameter \fIclient code page
+\fR\fBMUST\fR be set to code page 
+737 if the \fIcharacter set\fR parameter is 
+set to ISO8859-7 in order for the conversion 
+to the UNIX character set to be done correctly.
+.TP 0.2i
+\(bu
+KOI8-R : Alternate mapping 
+for Russian Cyrillic UNIX character set. The parameter 
+\fIclient code page\fR \fBMUST\fR 
+be set to code page 866 if the \fIcharacter set\fR 
+parameter is set to KOI8-R in order for the 
+conversion to the UNIX character set to be done correctly.
+.RE
+.PP
+\fBBUG\fR. These MSDOS code page to UNIX character 
+set mappings should be dynamic, like the loading of MS DOS code pages, 
+not static.
+.PP
+.PP
+Normally this parameter is not set, meaning no filename 
+translation is done.
+.PP
+.PP
+Default: \fBcharacter set = <empty string>\fR
+.PP
+.PP
+Example: \fBcharacter set = ISO8859-1\fR
+.PP
+.TP
+\fBclient code page (G)\fR
+This parameter specifies the DOS code page 
+that the clients accessing Samba are using. To determine what code 
+page a Windows or DOS client is using, open a DOS command prompt 
+and type the command \fBchcp\fR. This will output 
+the code page. The default for USA MS-DOS, Windows 95, and
+Windows NT releases is code page 437. The default for western 
+European releases of the above operating systems is code page 850.
+
+This parameter tells smbd(8) 
+which of the \fIcodepage.XXX
+\fRfiles to dynamically load on startup. These files,
+described more fully in the manual page  \fBmake_smbcodepage(1)\fR tell \fB smbd\fR how to map lower to upper case characters to provide 
+the case insensitivity of filenames that Windows clients expect.
+
+Samba currently ships with the following code page files :
+.RS
+.TP 0.2i
+\(bu
+Code Page 437 - MS-DOS Latin US
+.TP 0.2i
+\(bu
+Code Page 737 - Windows '95 Greek
+.TP 0.2i
+\(bu
+Code Page 850 - MS-DOS Latin 1
+.TP 0.2i
+\(bu
+Code Page 852 - MS-DOS Latin 2
+.TP 0.2i
+\(bu
+Code Page 861 - MS-DOS Icelandic
+.TP 0.2i
+\(bu
+Code Page 866 - MS-DOS Cyrillic
+.TP 0.2i
+\(bu
+Code Page 932 - MS-DOS Japanese SJIS
+.TP 0.2i
+\(bu
+Code Page 936 - MS-DOS Simplified Chinese
+.TP 0.2i
+\(bu
+Code Page 949 - MS-DOS Korean Hangul
+.TP 0.2i
+\(bu
+Code Page 950 - MS-DOS Traditional Chinese
+.RE
+.PP
+Thus this parameter may have any of the values 437, 737, 850, 852,
+861, 932, 936, 949, or 950. If you don't find the codepage you need,
+read the comments in one of the other codepage files and the
+\fBmake_smbcodepage(1)\fR man page and write one. Please 
+remember to donate it back to the Samba user community.
+.PP
+.PP
+This parameter co-operates with the \fIvalid
+chars\fR parameter in determining what characters are
+valid in filenames and how capitalization is done. If you set both
+this parameter and the \fIvalid chars\fR parameter
+the \fIclient code page\fR parameter 
+\fBMUST\fR be set before the \fIvalid 
+chars\fR parameter in the \fIsmb.conf\fR
+file. The \fIvalid chars\fR string will then 
+augment the character settings in the \fIclient code page\fR 
+parameter.
+.PP
+.PP
+If not set, \fIclient code page\fR defaults 
+to 850.
+.PP
+.PP
+See also : \fIvalid 
+chars\fR,  \fIcode page directory\fR
+.PP
+.PP
+Default: \fBclient code page = 850\fR
+.PP
+.PP
+Example: \fBclient code page = 936\fR
+.PP
+.TP
+\fBcode page directory (G)\fR
+Define the location of the various client code page
+files.
+
+See also \fIclient
+code page\fR
+
+Default: \fBcode page directory = ${prefix}/lib/codepages
+\fR
+Example: \fBcode page directory = /usr/share/samba/codepages
+\fR.TP
+\fBcoding system (G)\fR
+This parameter is used to determine how incoming 
+Shift-JIS Japanese characters are mapped from the incoming \fIclient code page\fR
+used by the client, into file names in the UNIX filesystem. 
+Only useful if \fIclient code page\fR is set to 
+932 (Japanese Shift-JIS). The options are :
+.RS
+.TP 0.2i
+\(bu
+SJIS - Shift-JIS. Does no 
+conversion of the incoming filename.
+.TP 0.2i
+\(bu
+JIS8, J8BB, J8BH, J8@B, 
+J8@J, J8@H  - Convert from incoming Shift-JIS to eight 
+bit JIS code with different shift-in, shift out codes.
+.TP 0.2i
+\(bu
+JIS7, J7BB, J7BH, J7@B, J7@J, 
+J7@H  - Convert from incoming Shift-JIS to seven bit 
+JIS code with different shift-in, shift out codes.
+.TP 0.2i
+\(bu
+JUNET, JUBB, JUBH, JU@B, JU@J, JU@H  
+- Convert from incoming Shift-JIS to JUNET code with different shift-in, 
+shift out codes.
+.TP 0.2i
+\(bu
+EUC - Convert an incoming 
+Shift-JIS character to EUC code.
+.TP 0.2i
+\(bu
+HEX - Convert an incoming 
+Shift-JIS character to a 3 byte hex representation, i.e. 
+:AB.
+.TP 0.2i
+\(bu
+CAP - Convert an incoming 
+Shift-JIS character to the 3 byte hex representation used by 
+the Columbia AppleTalk Program (CAP), i.e. :AB. 
+This is used for compatibility between Samba and CAP.
+.RE
+.PP
+Default: \fBcoding system = <empty value>\fR
+.PP
+.TP
+\fBcomment (S)\fR
+This is a text field that is seen next to a share 
+when a client does a queries the server, either via the network 
+neighborhood or via \fBnet view\fR to list what shares 
+are available.
+
+If you want to set the string that is displayed next to the 
+machine name then see the \fI server string\fR parameter.
+
+Default: \fBNo comment string\fR
+
+Example: \fBcomment = Fred's Files\fR
+.TP
+\fBconfig file (G)\fR
+This allows you to override the config file 
+to use, instead of the default (usually \fIsmb.conf\fR). 
+There is a chicken and egg problem here as this option is set 
+in the config file!
+
+For this reason, if the name of the config file has changed 
+when the parameters are loaded then it will reload them from 
+the new config file.
+
+This option takes the usual substitutions, which can 
+be very useful.
+
+If the config file doesn't exist then it won't be loaded 
+(allowing you to special case the config files of just a few 
+clients).
+
+Example: \fBconfig file = /usr/local/samba/lib/smb.conf.%m
+\fR.TP
+\fBcopy (S)\fR
+This parameter allows you to "clone" service 
+entries. The specified service is simply duplicated under the 
+current service's name. Any parameters specified in the current 
+section will override those in the section being copied.
+
+This feature lets you set up a 'template' service and 
+create similar services easily. Note that the service being 
+copied must occur earlier in the configuration file than the 
+service doing the copying.
+
+Default: \fBno value\fR
+
+Example: \fBcopy = otherservice\fR
+.TP
+\fBcreate mask (S)\fR
+A synonym for this parameter is 
+\fIcreate mode\fR
+\&.
+
+When a file is created, the necessary permissions are 
+calculated according to the mapping from DOS modes to UNIX 
+permissions, and the resulting UNIX mode is then bit-wise 'AND'ed 
+with this parameter. This parameter may be thought of as a bit-wise 
+MASK for the UNIX modes of a file. Any bit \fBnot\fR 
+set here will be removed from the modes set on a file when it is 
+created.
+
+The default value of this parameter removes the 
+\&'group' and 'other' write and execute bits from the UNIX modes.
+
+Following this Samba will bit-wise 'OR' the UNIX mode created 
+from this parameter with the value of the \fIforce create mode\fR
+parameter which is set to 000 by default.
+
+This parameter does not affect directory modes. See the 
+parameter \fIdirectory mode
+\fRfor details.
+
+See also the \fIforce 
+create mode\fR parameter for forcing particular mode 
+bits to be set on created files. See also the  \fIdirectory mode\fR parameter for masking 
+mode bits on created directories. See also the  \fIinherit permissions\fR parameter.
+
+Note that this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+a mask on access control lists also, they need to set the \fIsecurity mask\fR.
+
+Default: \fBcreate mask = 0744\fR
+
+Example: \fBcreate mask = 0775\fR
+.TP
+\fBcreate mode (S)\fR
+This is a synonym for \fI create mask\fR.
+.TP
+\fBcsc policy (S)\fR
+This stands for \fBclient-side caching 
+policy\fR, and specifies how clients capable of offline
+caching will cache the files in the share. The valid values
+are: manual, documents, programs, disable.
+
+These values correspond to those used on Windows
+servers.
+
+For example, shares containing roaming profiles can have
+offline caching disabled using \fBcsc policy = disable
+\fR\&.
+
+Default: \fBcsc policy = manual\fR
+
+Example: \fBcsc policy = programs\fR
+.TP
+\fBdeadtime (G)\fR
+The value of the parameter (a decimal integer) 
+represents the number of minutes of inactivity before a connection 
+is considered dead, and it is disconnected. The deadtime only takes 
+effect if the number of open files is zero.
+
+This is useful to stop a server's resources being 
+exhausted by a large number of inactive connections.
+
+Most clients have an auto-reconnect feature when a 
+connection is broken so in most cases this parameter should be 
+transparent to users.
+
+Using this parameter with a timeout of a few minutes 
+is recommended for most systems.
+
+A deadtime of zero indicates that no auto-disconnection 
+should be performed.
+
+Default: \fBdeadtime = 0\fR
+
+Example: \fBdeadtime = 15\fR
+.TP
+\fBdebug hires timestamp (G)\fR
+Sometimes the timestamps in the log messages 
+are needed with a resolution of higher that seconds, this 
+boolean parameter adds microsecond resolution to the timestamp 
+message header when turned on.
+
+Note that the parameter \fI debug timestamp\fR must be on for this to have an 
+effect.
+
+Default: \fBdebug hires timestamp = no\fR
+.TP
+\fBdebug pid (G)\fR
+When using only one log file for more then one 
+forked smbdprocess there may be hard to follow which process 
+outputs which message. This boolean parameter is adds the process-id 
+to the timestamp message headers in the logfile when turned on.
+
+Note that the parameter \fI debug timestamp\fR must be on for this to have an 
+effect.
+
+Default: \fBdebug pid = no\fR
+.TP
+\fBdebug timestamp (G)\fR
+Samba 2.2 debug log messages are timestamped 
+by default. If you are running at a high  \fIdebug level\fR these timestamps
+can be distracting. This boolean parameter allows timestamping 
+to be turned off.
+
+Default: \fBdebug timestamp = yes\fR
+.TP
+\fBdebug uid (G)\fR
+Samba is sometimes run as root and sometime 
+run as the connected user, this boolean parameter inserts the 
+current euid, egid, uid and gid to the timestamp message headers 
+in the log file if turned on.
+
+Note that the parameter \fI debug timestamp\fR must be on for this to have an 
+effect.
+
+Default: \fBdebug uid = no\fR
+.TP
+\fBdebuglevel (G)\fR
+Synonym for \fI log level\fR.
+.TP
+\fBdefault (G)\fR
+A synonym for \fI default service\fR.
+.TP
+\fBdefault case (S)\fR
+See the section on  NAME MANGLING. Also note the  \fIshort preserve case\fR parameter.
+
+Default: \fBdefault case = lower\fR
+.TP
+\fBdefault devmode (S)\fR
+This parameter is only applicable to printable services. When smbd is serving
+Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
+server has a Device Mode which defines things such as paper size and
+orientation and duplex settings. The device mode can only correctly be
+generated by the printer driver itself (which can only be executed on a
+Win32 platform). Because smbd is unable to execute the driver code
+to generate the device mode, the default behavior is to set this field
+to NULL.
+
+Most problems with serving printer drivers to Windows NT/2k/XP clients
+can be traced to a problem with the generated device mode. Certain drivers
+will do things such as crashing the client's Explorer.exe with a NULL devmode.
+However, other printer drivers can cause the client's spooler service
+(spoolsv.exe) to die if the devmode was not created by the driver itself
+(i.e. smbd generates a default devmode).
+
+This parameter should be used with care and tested with the printer
+driver in question. It is better to leave the device mode to NULL
+and let the Windows client set the correct values. Because drivers do not
+do this all the time, setting \fBdefault devmode = yes\fR
+will instruct smbd to generate a default one.
+
+For more information on Windows NT/2k printing and Device Modes,
+see the MSDN documentation <URL:http://msdn.microsoft.com/>.
+
+Default: \fBdefault devmode = no\fR
+.TP
+\fBdefault service (G)\fR
+This parameter specifies the name of a service
+which will be connected to if the service actually requested cannot
+be found. Note that the square brackets are \fBNOT\fR
+given in the parameter value (see example below).
+
+There is no default value for this parameter. If this 
+parameter is not given, attempting to connect to a nonexistent 
+service results in an error.
+
+Typically the default service would be a  \fIguest ok\fR,  \fIread-only\fR service.
+
+Also note that the apparent service name will be changed 
+to equal that of the requested service, this is very useful as it 
+allows you to use macros like \fI%S\fR to make 
+a wildcard service.
+
+Note also that any "_" characters in the name of the service 
+used in the default service will get mapped to a "/". This allows for
+interesting things.
+
+Example:
+
+.sp
+.nf
+[global]
+	default service = pub
+        
+[pub]
+	path = /%S
+		
+.sp
+.fi
+.TP
+\fBdelete printer command (G)\fR
+With the introduction of MS-RPC based printer
+support for Windows NT/2000 clients in Samba 2.2, it is now 
+possible to delete printer at run time by issuing the 
+DeletePrinter() RPC call.
+
+For a Samba host this means that the printer must be 
+physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which 
+will perform the necessary operations for removing the printer
+from the print system and from \fIsmb.conf\fR.
+
+The \fIdelete printer command\fR is 
+automatically called with only one parameter: \fI "printer name"\fR.
+
+Once the \fIdelete printer command\fR has 
+been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. 
+If the sharename is still valid, then \fBsmbd
+\fRwill return an ACCESS_DENIED error to the client.
+
+See also \fI add printer command\fR, \fIprinting\fR,
+\fIshow add
+printer wizard\fR
+
+Default: \fBnone\fR
+
+Example: \fBdeleteprinter command = /usr/bin/removeprinter
+\fR.TP
+\fBdelete readonly (S)\fR
+This parameter allows readonly files to be deleted. 
+This is not normal DOS semantics, but is allowed by UNIX.
+
+This option may be useful for running applications such 
+as rcs, where UNIX file ownership prevents changing file 
+permissions, and DOS semantics prevent deletion of a read only file.
+
+Default: \fBdelete readonly = no\fR
+.TP
+\fBdelete share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIdelete share command\fR is used to define an 
+external program or script which will remove an existing service 
+definition from \fIsmb.conf\fR. In order to successfully 
+execute the \fIdelete share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIdelete share command\fR with two parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of 
+the existing service.
+.RE
+.PP
+This parameter is only used to remove file shares. To delete printer shares, 
+see the \fIdelete printer 
+command\fR.
+.PP
+.PP
+See also \fIadd share
+command\fR, \fIchange 
+share command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBdelete share command = /usr/local/bin/delshare\fR
+.PP
+.TP
+\fBdelete user script (G)\fR
+This is the full pathname to a script that will 
+be run \fBAS ROOT\fR by  \fBsmbd(8)\fR under special circumstances 
+described below.
+
+Normally, a Samba server requires that UNIX users are 
+created for all users accessing files on this server. For sites 
+that use Windows NT account databases as their primary user database 
+creating these users and keeping the user list in sync with the 
+Windows NT PDC is an onerous task. This option allows \fB smbd\fR to delete the required UNIX users \fBON 
+DEMAND\fR when a user accesses the Samba server and the 
+Windows NT user no longer exists.
+
+In order to use this option, \fBsmbd\fR must be 
+set to \fIsecurity = domain\fR or \fIsecurity =
+user\fR and \fIdelete user script\fR 
+must be set to a full pathname for a script 
+that will delete a UNIX user given one argument of \fI%u\fR, 
+which expands into the UNIX user name to delete.
+
+When the Windows user attempts to access the Samba server, 
+at \fBlogin\fR (session setup in the SMB protocol) 
+time, \fBsmbd\fR contacts the  \fIpassword server\fR and attempts to authenticate 
+the given user with the given password. If the authentication fails 
+with the specific Domain error code meaning that the user no longer 
+exists then \fBsmbd\fR attempts to find a UNIX user in 
+the UNIX password database that matches the Windows user account. If 
+this lookup succeeds, and \fIdelete user script\fR is 
+set then \fBsmbd\fR will all the specified script 
+\fBAS ROOT\fR, expanding any \fI%u\fR 
+argument to be the user name to delete.
+
+This script should delete the given UNIX username. In this way, 
+UNIX users are dynamically deleted to match existing Windows NT 
+accounts.
+
+See also security = domain,
+\fIpassword server\fR
+, \fIadd user script\fR
+\&.
+
+Default: \fBdelete user script = <empty string>
+\fR
+Example: \fBdelete user script = /usr/local/samba/bin/del_user 
+%u\fR
+.TP
+\fBdelete veto files (S)\fR
+This option is used when Samba is attempting to 
+delete a directory that contains one or more vetoed directories 
+(see the \fIveto files\fR
+option). If this option is set to no (the default) then if a vetoed 
+directory contains any non-vetoed files or directories then the 
+directory delete will fail. This is usually what you want.
+
+If this option is set to yes, then Samba 
+will attempt to recursively delete any files and directories within 
+the vetoed directory. This can be useful for integration with file 
+serving systems such as NetAtalk which create meta-files within 
+directories you might normally veto DOS/Windows users from seeing 
+(e.g. \fI.AppleDouble\fR)
+
+Setting \fBdelete veto files = yes\fR allows these 
+directories to be transparently deleted when the parent directory 
+is deleted (so long as the user has permissions to do so).
+
+See also the \fIveto 
+files\fR parameter.
+
+Default: \fBdelete veto files = no\fR
+.TP
+\fBdeny hosts (S)\fR
+Synonym for \fIhosts 
+deny\fR.
+.TP
+\fBdfree command (G)\fR
+The \fIdfree command\fR setting should 
+only be used on systems where a problem occurs with the internal 
+disk space calculations. This has been known to happen with Ultrix, 
+but may occur with other operating systems. The symptom that was 
+seen was an error of "Abort Retry Ignore" at the end of each 
+directory listing.
+
+This setting allows the replacement of the internal routines to
+calculate the total disk space and amount available with an external
+routine. The example below gives a possible script that might fulfill
+this function.
+
+The external program will be passed a single parameter indicating 
+a directory in the filesystem being queried. This will typically consist
+of the string \fI./\fR. The script should return two 
+integers in ASCII. The first should be the total disk space in blocks, 
+and the second should be the number of available blocks. An optional 
+third return value can give the block size in bytes. The default 
+blocksize is 1024 bytes.
+
+Note: Your script should \fBNOT\fR be setuid or 
+setgid and should be owned by (and writeable only by) root!
+
+Default: \fBBy default internal routines for 
+determining the disk capacity and remaining space will be used.
+\fR
+Example: \fBdfree command = /usr/local/samba/bin/dfree
+\fR
+Where the script dfree (which must be made executable) could be:
+
+.sp
+.nf
+ 
+		#!/bin/sh
+		df $1 | tail -1 | awk '{print $2" "$4}'
+		
+.sp
+.fi
+
+or perhaps (on Sys V based systems):
+
+.sp
+.nf
+ 
+		#!/bin/sh
+		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+		
+.sp
+.fi
+
+Note that you may have to replace the command names 
+with full path names on some systems.
+.TP
+\fBdirectory (S)\fR
+Synonym for \fIpath
+\fR\&.
+.TP
+\fBdirectory mask (S)\fR
+This parameter is the octal modes which are 
+used when converting DOS modes to UNIX modes when creating UNIX 
+directories.
+
+When a directory is created, the necessary permissions are 
+calculated according to the mapping from DOS modes to UNIX permissions, 
+and the resulting UNIX mode is then bit-wise 'AND'ed with this 
+parameter. This parameter may be thought of as a bit-wise MASK for 
+the UNIX modes of a directory. Any bit \fBnot\fR set 
+here will be removed from the modes set on a directory when it is 
+created.
+
+The default value of this parameter removes the 'group' 
+and 'other' write bits from the UNIX mode, allowing only the 
+user who owns the directory to modify it.
+
+Following this Samba will bit-wise 'OR' the UNIX mode 
+created from this parameter with the value of the \fIforce directory mode
+\fRparameter. This parameter is set to 000 by 
+default (i.e. no extra mode bits are added).
+
+Note that this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+a mask on access control lists also, they need to set the \fIdirectory security mask\fR.
+
+See the \fIforce 
+directory mode\fR parameter to cause particular mode 
+bits to always be set on created directories.
+
+See also the \fIcreate mode
+\fRparameter for masking mode bits on created files, 
+and the \fIdirectory 
+security mask\fR parameter.
+
+Also refer to the \fI inherit permissions\fR parameter.
+
+Default: \fBdirectory mask = 0755\fR
+
+Example: \fBdirectory mask = 0775\fR
+.TP
+\fBdirectory mode (S)\fR
+Synonym for \fI directory mask\fR
+.TP
+\fBdirectory security mask (S)\fR
+This parameter controls what UNIX permission bits 
+can be modified when a Windows NT client is manipulating the UNIX 
+permission on a directory using the native NT security dialog 
+box.
+
+This parameter is applied as a mask (AND'ed with) to 
+the changed permission bits, thus preventing any bits not in 
+this mask from being modified. Essentially, zero bits in this 
+mask may be treated as a set of bits the user is not allowed 
+to change.
+
+If not set explicitly this parameter is set to 0777
+meaning a user is allowed to modify all the user/group/world
+permissions on a directory.
+
+\fBNote\fR that users who can access the 
+Samba server through other means can easily bypass this restriction, 
+so it is primarily useful for standalone "appliance" systems. 
+Administrators of most normal systems will probably want to leave
+it as the default of 0777.
+
+See also the \fI force directory security mode\fR, \fIsecurity mask\fR, 
+\fIforce security mode
+\fRparameters.
+
+Default: \fBdirectory security mask = 0777\fR
+
+Example: \fBdirectory security mask = 0700\fR
+.TP
+\fBdisable spoolss (G)\fR
+Enabling this parameter will disables Samba's support
+for the SPOOLSS set of MS-RPC's and will yield identical behavior
+as Samba 2.0.x. Windows NT/2000 clients will downgrade to using
+Lanman style printing commands. Windows 9x/ME will be uneffected by
+the parameter. However, this will also disable the ability to upload
+printer drivers to a Samba server via the Windows NT Add Printer
+Wizard or by using the NT printer properties dialog window. It will
+also disable the capability of Windows NT/2000 clients to download
+print drivers from the Samba host upon demand.
+\fBBe very careful about enabling this parameter.\fR
+
+See also use client driver
+
+Default : \fBdisable spoolss = no\fR
+.TP
+\fBdns proxy (G)\fR
+Specifies that nmbd(8) 
+when acting as a WINS server and finding that a NetBIOS name has not 
+been registered, should treat the NetBIOS name word-for-word as a DNS 
+name and do a lookup with the DNS server for that name on behalf of 
+the name-querying client.
+
+Note that the maximum length for a NetBIOS name is 15 
+characters, so the DNS name (or DNS alias) can likewise only be 
+15 characters, maximum.
+
+\fBnmbd\fR spawns a second copy of itself to do the
+DNS name lookup requests, as doing a name lookup is a blocking 
+action.
+
+See also the parameter \fI wins support\fR.
+
+Default: \fBdns proxy = yes\fR
+.TP
+\fBdomain admin group (G)\fR
+This parameter is intended as a temporary solution
+to enable users to be a member of the "Domain Admins" group when 
+a Samba host is acting as a PDC. A complete solution will be provided
+by a system for mapping Windows NT/2000 groups onto UNIX groups.
+Please note that this parameter has a somewhat confusing name. It 
+accepts a list of usernames and of group names in standard 
+\fIsmb.conf\fR notation.
+
+See also \fIdomain
+guest group\fR, \fIdomain
+logons\fR
+
+Default: \fBno domain administrators\fR
+
+Example: \fBdomain admin group = root @wheel\fR
+.TP
+\fBdomain guest group (G)\fR
+This parameter is intended as a temporary solution
+to enable users to be a member of the "Domain Guests" group when 
+a Samba host is acting as a PDC. A complete solution will be provided
+by a system for mapping Windows NT/2000 groups onto UNIX groups.
+Please note that this parameter has a somewhat confusing name. It 
+accepts a list of usernames and of group names in standard 
+\fIsmb.conf\fR notation.
+
+See also \fIdomain
+admin group\fR, \fIdomain
+logons\fR
+
+Default: \fBno domain guests\fR
+
+Example: \fBdomain guest group = nobody @guest\fR
+.TP
+\fBdomain logons (G)\fR
+If set to yes, the Samba server will serve 
+Windows 95/98 Domain logons for the  \fIworkgroup\fR it is in. Samba 2.2 also 
+has limited capability to act as a domain controller for Windows 
+NT 4 Domains. For more details on setting up this feature see 
+the Samba-PDC-HOWTO included in the \fIhtmldocs/\fR
+directory shipped with the source code.
+
+Default: \fBdomain logons = no\fR
+.TP
+\fBdomain master (G)\fR
+Tell \fB nmbd(8)\fR to enable WAN-wide browse list
+collation. Setting this option causes \fBnmbd\fR to
+claim a special domain specific NetBIOS name that identifies 
+it as a domain master browser for its given  \fIworkgroup\fR. Local master browsers 
+in the same \fIworkgroup\fR on broadcast-isolated 
+subnets will give this \fBnmbd\fR their local browse lists, 
+and then ask \fBsmbd(8)\fR 
+for a complete copy of the browse list for the whole wide area 
+network. Browser clients will then contact their local master browser, 
+and will receive the domain-wide browse list, instead of just the list 
+for their broadcast-isolated subnet.
+
+Note that Windows NT Primary Domain Controllers expect to be 
+able to claim this \fIworkgroup\fR specific special 
+NetBIOS name that identifies them as domain master browsers for 
+that \fIworkgroup\fR by default (i.e. there is no 
+way to prevent a Windows NT PDC from attempting to do this). This 
+means that if this parameter is set and \fBnmbd\fR claims 
+the special name for a \fIworkgroup\fR before a Windows 
+NT PDC is able to do so then cross subnet browsing will behave 
+strangely and may fail.
+
+If \fBdomain logons = yes\fR
+, then the default behavior is to enable the \fIdomain 
+master\fR parameter. If \fIdomain logons\fR is 
+not enabled (the default setting), then neither will \fIdomain 
+master\fR be enabled by default.
+
+Default: \fBdomain master = auto\fR
+.TP
+\fBdont descend (S)\fR
+There are certain directories on some systems 
+(e.g., the \fI/proc\fR tree under Linux) that are either not 
+of interest to clients or are infinitely deep (recursive). This 
+parameter allows you to specify a comma-delimited list of directories 
+that the server should always show as empty.
+
+Note that Samba can be very fussy about the exact format 
+of the "dont descend" entries. For example you may need \fI ./proc\fR instead of just \fI/proc\fR. 
+Experimentation is the best policy :-) 
+
+Default: \fBnone (i.e., all directories are OK 
+to descend)\fR
+
+Example: \fBdont descend = /proc,/dev\fR
+.TP
+\fBdos filemode (S)\fR
+The default behavior in Samba is to provide 
+UNIX-like behavior where only the owner of a file/directory is 
+able to change the permissions on it. However, this behavior
+is often confusing to DOS/Windows users. Enabling this parameter 
+allows a user who has write access to the file (by whatever 
+means) to modify the permissions on it. Note that a user
+belonging to the group owning the file will not be allowed to
+change permissions if the group is only granted read access.
+Ownership of the file/directory is not changed, only the permissions 
+are modified.
+
+Default: \fBdos filemode = no\fR
+.TP
+\fBdos filetime resolution (S)\fR
+Under the DOS and Windows FAT filesystem, the finest 
+granularity on time resolution is two seconds. Setting this parameter 
+for a share causes Samba to round the reported time down to the 
+nearest two second boundary when a query call that requires one second 
+resolution is made to \fBsmbd(8)\fR
+
+
+This option is mainly used as a compatibility option for Visual 
+C++ when used against Samba shares. If oplocks are enabled on a 
+share, Visual C++ uses two different time reading calls to check if a 
+file has changed since it was last read. One of these calls uses a
+one-second granularity, the other uses a two second granularity. As
+the two second call rounds any odd second down, then if the file has a
+timestamp of an odd number of seconds then the two timestamps will not
+match and Visual C++ will keep reporting the file has changed. Setting
+this option causes the two timestamps to match, and Visual C++ is
+happy.
+
+Default: \fBdos filetime resolution = no\fR
+.TP
+\fBdos filetimes (S)\fR
+Under DOS and Windows, if a user can write to a 
+file they can change the timestamp on it. Under POSIX semantics, 
+only the owner of the file or root may change the timestamp. By 
+default, Samba runs with POSIX semantics and refuses to change the 
+timestamp on a file if the user \fBsmbd\fR is acting 
+on behalf of is not the file owner. Setting this option to  yes allows DOS semantics and smbd will change the file 
+timestamp as DOS requires.
+
+Default: \fBdos filetimes = no\fR
+.TP
+\fBencrypt passwords (G)\fR
+This boolean controls whether encrypted passwords 
+will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
+above and also Windows 98 will by default expect encrypted passwords 
+unless a registry entry is changed. To use encrypted passwords in 
+Samba see the file ENCRYPTION.txt in the Samba documentation 
+directory \fIdocs/\fR shipped with the source code.
+
+In order for encrypted passwords to work correctly
+\fBsmbd(8)\fR must either 
+have access to a local \fIsmbpasswd(5)
+\fR program for information on how to set up 
+and maintain this file), or set the security = [server|domain] parameter which 
+causes \fBsmbd\fR to authenticate against another 
+server.
+
+Default: \fBencrypt passwords = no\fR
+.TP
+\fBenhanced browsing (G)\fR
+This option enables a couple of enhancements to 
+cross-subnet browse propagation that have been added in Samba 
+but which are not standard in Microsoft implementations. 
+
+The first enhancement to browse propagation consists of a regular
+wildcard query to a Samba WINS server for all Domain Master Browsers,
+followed by a browse synchronization with each of the returned
+DMBs. The second enhancement consists of a regular randomised browse
+synchronization with all currently known DMBs.
+
+You may wish to disable this option if you have a problem with empty
+workgroups not disappearing from browse lists. Due to the restrictions
+of the browse protocols these enhancements can cause a empty workgroup
+to stay around forever which can be annoying.
+
+In general you should leave this option enabled as it makes
+cross-subnet browse propagation much more reliable.
+
+Default: \fBenhanced browsing = yes\fR
+.TP
+\fBenumports command (G)\fR
+The concept of a "port" is fairly foreign
+to UNIX hosts. Under Windows NT/2000 print servers, a port
+is associated with a port monitor and generally takes the form of
+a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
+(i.e. LPD Port Monitor, etc...). By default, Samba has only one
+port defined--"Samba Printer Port". Under 
+Windows NT/2000, all printers must have a valid port name. 
+If you wish to have a list of ports displayed (\fBsmbd
+\fRdoes not use a port name for anything) other than 
+the default "Samba Printer Port", you 
+can define \fIenumports command\fR to point to
+a program which should generate a list of ports, one per line,
+to standard output. This listing will then be used in response
+to the level 1 and 2 EnumPorts() RPC.
+
+Default: \fBno enumports command\fR
+
+Example: \fBenumports command = /usr/bin/listports
+\fR.TP
+\fBexec (S)\fR
+This is a synonym for  \fIpreexec\fR.
+.TP
+\fBfake directory create times (S)\fR
+NTFS and Windows VFAT file systems keep a create 
+time for all files and directories. This is not the same as the 
+ctime - status change time - that Unix keeps, so Samba by default 
+reports the earliest of the various times Unix does keep. Setting 
+this parameter for a share causes Samba to always report midnight 
+1-1-1980 as the create time for directories.
+
+This option is mainly used as a compatibility option for 
+Visual C++ when used against Samba shares. Visual C++ generated 
+makefiles have the object directory as a dependency for each object 
+file, and a make rule to create the directory. Also, when NMAKE 
+compares timestamps it uses the creation time when examining a 
+directory. Thus the object directory will be created if it does not 
+exist, but once it does exist it will always have an earlier 
+timestamp than the object files it contains.
+
+However, Unix time semantics mean that the create time 
+reported by Samba will be updated whenever a file is created or 
+or deleted in the directory. NMAKE finds all object files in 
+the object directory. The timestamp of the last one built is then 
+compared to the timestamp of the object directory. If the 
+directory's timestamp if newer, then all object files
+will be rebuilt. Enabling this option 
+ensures directories always predate their contents and an NMAKE build 
+will proceed as expected.
+
+Default: \fBfake directory create times = no\fR
+.TP
+\fBfake oplocks (S)\fR
+Oplocks are the way that SMB clients get permission 
+from a server to locally cache file operations. If a server grants 
+an oplock (opportunistic lock) then the client is free to assume 
+that it is the only one accessing the file and it will aggressively 
+cache file data. With some oplock types the client may even cache 
+file open/close operations. This can give enormous performance benefits.
+
+When you set \fBfake oplocks = yes\fR, \fBsmbd(8)\fR will
+always grant oplock requests no matter how many clients are using 
+the file.
+
+It is generally much better to use the real \fIoplocks\fR support rather 
+than this parameter.
+
+If you enable this option on all read-only shares or 
+shares that you know will only be accessed from one client at a 
+time such as physically read-only media like CDROMs, you will see 
+a big performance improvement on many operations. If you enable 
+this option on shares where multiple clients may be accessing the 
+files read-write at the same time you can get data corruption. Use 
+this option carefully!
+
+Default: \fBfake oplocks = no\fR
+.TP
+\fBfollow symlinks (S)\fR
+This parameter allows the Samba administrator 
+to stop \fBsmbd(8)\fR 
+from following symbolic links in a particular share. Setting this 
+parameter to no prevents any file or directory 
+that is a symbolic link from being followed (the user will get an 
+error). This option is very useful to stop users from adding a 
+symbolic link to \fI/etc/passwd\fR in their home 
+directory for instance. However it will slow filename lookups 
+down slightly.
+
+This option is enabled (i.e. \fBsmbd\fR will 
+follow symbolic links) by default.
+
+Default: \fBfollow symlinks = yes\fR
+.TP
+\fBforce create mode (S)\fR
+This parameter specifies a set of UNIX mode bit 
+permissions that will \fBalways\fR be set on a 
+file created by Samba. This is done by bitwise 'OR'ing these bits onto 
+the mode bits of a file that is being created or having its 
+permissions changed. The default for this parameter is (in octal) 
+000. The modes in this parameter are bitwise 'OR'ed onto the file 
+mode after the mask set in the \fIcreate mask\fR 
+parameter is applied.
+
+See also the parameter \fIcreate 
+mask\fR for details on masking mode bits on files.
+
+See also the \fIinherit 
+permissions\fR parameter.
+
+Default: \fBforce create mode = 000\fR
+
+Example: \fBforce create mode = 0755\fR
+
+would force all created files to have read and execute 
+permissions set for 'group' and 'other' as well as the 
+read/write/execute bits set for the 'user'.
+.TP
+\fBforce directory mode (S)\fR
+This parameter specifies a set of UNIX mode bit 
+permissions that will \fBalways\fR be set on a directory 
+created by Samba. This is done by bitwise 'OR'ing these bits onto the 
+mode bits of a directory that is being created. The default for this 
+parameter is (in octal) 0000 which will not add any extra permission 
+bits to a created directory. This operation is done after the mode 
+mask in the parameter \fIdirectory mask\fR is 
+applied.
+
+See also the parameter \fI directory mask\fR for details on masking mode bits 
+on created directories.
+
+See also the \fI inherit permissions\fR parameter.
+
+Default: \fBforce directory mode = 000\fR
+
+Example: \fBforce directory mode = 0755\fR
+
+would force all created directories to have read and execute
+permissions set for 'group' and 'other' as well as the
+read/write/execute bits set for the 'user'.
+.TP
+\fBforce directory\fR
+This parameter controls what UNIX permission bits 
+can be modified when a Windows NT client is manipulating the UNIX 
+permission on a directory using the native NT security dialog box.
+
+This parameter is applied as a mask (OR'ed with) to the 
+changed permission bits, thus forcing any bits in this mask that 
+the user may have modified to be on. Essentially, one bits in this 
+mask may be treated as a set of bits that, when modifying security 
+on a directory, the user has always set to be 'on'.
+
+If not set explicitly this parameter is 000, which 
+allows a user to modify all the user/group/world permissions on a 
+directory without restrictions.
+
+\fBNote\fR that users who can access the 
+Samba server through other means can easily bypass this restriction, 
+so it is primarily useful for standalone "appliance" systems. 
+Administrators of most normal systems will probably want to leave
+it set as 0000.
+
+See also the \fI directory security mask\fR,  \fIsecurity mask\fR, 
+\fIforce security mode
+\fRparameters.
+
+Default: \fBforce directory security mode = 0\fR
+
+Example: \fBforce directory security mode = 700\fR
+.TP
+\fBforce group (S)\fR
+This specifies a UNIX group name that will be 
+assigned as the default primary group for all users connecting 
+to this service. This is useful for sharing files by ensuring 
+that all access to files on service will use the named group for 
+their permissions checking. Thus, by assigning permissions for this 
+group to the files and directories within this service the Samba 
+administrator can restrict or allow sharing of these files.
+
+In Samba 2.0.5 and above this parameter has extended 
+functionality in the following way. If the group name listed here 
+has a '+' character prepended to it then the current user accessing 
+the share only has the primary group default assigned to this group 
+if they are already assigned as a member of that group. This allows 
+an administrator to decide that only users who are already in a 
+particular group will create files with group ownership set to that 
+group. This gives a finer granularity of ownership assignment. For 
+example, the setting \fIforce group = +sys\fR means 
+that only users who are already in group sys will have their default
+primary group assigned to sys when accessing this Samba share. All
+other users will retain their ordinary primary group.
+
+If the \fIforce user
+\fRparameter is also set the group specified in 
+\fIforce group\fR will override the primary group
+set in \fIforce user\fR.
+
+See also \fIforce 
+user\fR.
+
+Default: \fBno forced group\fR
+
+Example: \fBforce group = agroup\fR
+.TP
+\fBforce security mode (S)\fR
+This parameter controls what UNIX permission 
+bits can be modified when a Windows NT client is manipulating 
+the UNIX permission on a file using the native NT security dialog 
+box.
+
+This parameter is applied as a mask (OR'ed with) to the 
+changed permission bits, thus forcing any bits in this mask that 
+the user may have modified to be on. Essentially, one bits in this 
+mask may be treated as a set of bits that, when modifying security 
+on a file, the user has always set to be 'on'.
+
+If not set explicitly this parameter is set to 0,
+and allows a user to modify all the user/group/world permissions on a file,
+with no restrictions.
+
+\fBNote\fR that users who can access 
+the Samba server through other means can easily bypass this restriction, 
+so it is primarily useful for standalone "appliance" systems. 
+Administrators of most normal systems will probably want to leave
+this set to 0000.
+
+See also the \fI force directory security mode\fR,
+\fIdirectory security
+mask\fR, \fI security mask\fR parameters.
+
+Default: \fBforce security mode = 0\fR
+
+Example: \fBforce security mode = 700\fR
+.TP
+\fBforce unknown acl user (S)\fR
+If this parameter is set, a Windows NT ACL that contains
+an unknown SID (security descriptor, or representation of a user or group id)
+as the owner or group owner of the file will be silently mapped into the
+current UNIX uid or gid of the currently connected user.
+
+This is designed to allow Windows NT clients to copy files and
+folders containing ACLs that were created locally on the client machine
+and contain users local to that machine only (no domain users) to be
+copied to a Samba server (usually with XCOPY /O) and have the unknown
+userid and groupid of the file owner map to the current connected user.
+This can only be fixed correctly when winbindd allows arbitrary mapping
+from any Windows NT SID to a UNIX uid or gid.
+
+Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+
+See also \fIforce group
+\fR
+Default: \fBFalse\fR
+
+Example: \fBforce unknown acl user = yes\fR
+.TP
+\fBforce user (S)\fR
+This specifies a UNIX user name that will be 
+assigned as the default user for all users connecting to this service. 
+This is useful for sharing files. You should also use it carefully 
+as using it incorrectly can cause security problems.
+
+This user name only gets used once a connection is established. 
+Thus clients still need to connect as a valid user and supply a 
+valid password. Once connected, all file operations will be performed 
+as the "forced user", no matter what username the client connected 
+as. This can be very useful.
+
+In Samba 2.0.5 and above this parameter also causes the 
+primary group of the forced user to be used as the primary group 
+for all file activity. Prior to 2.0.5 the primary group was left 
+as the primary group of the connecting user (this was a bug).
+
+See also \fIforce group
+\fR
+Default: \fBno forced user\fR
+
+Example: \fBforce user = auser\fR
+.TP
+\fBfstype (S)\fR
+This parameter allows the administrator to 
+configure the string that specifies the type of filesystem a share 
+is using that is reported by \fBsmbd(8)
+\fR when a client queries the filesystem type
+for a share. The default type is NTFS for 
+compatibility with Windows NT but this can be changed to other 
+strings such as Samba or FAT
+if required.
+
+Default: \fBfstype = NTFS\fR
+
+Example: \fBfstype = Samba\fR
+.TP
+\fBgetwd cache (G)\fR
+This is a tuning option. When this is enabled a 
+caching algorithm will be used to reduce the time taken for getwd() 
+calls. This can have a significant impact on performance, especially 
+when the \fIwide links\fR
+parameter is set to no.
+
+Default: \fBgetwd cache = yes\fR
+.TP
+\fBgroup (S)\fR
+Synonym for \fIforce 
+group\fR.
+.TP
+\fBguest account (S)\fR
+This is a username which will be used for access 
+to services which are specified as \fI guest ok\fR (see below). Whatever privileges this 
+user has will be available to any client connecting to the guest service. 
+Typically this user will exist in the password file, but will not
+have a valid login. The user account "ftp" is often a good choice 
+for this parameter. If a username is specified in a given service, 
+the specified username overrides this one.
+
+One some systems the default guest account "nobody" may not 
+be able to print. Use another account in this case. You should test 
+this by trying to log in as your guest user (perhaps by using the 
+\fBsu -\fR command) and trying to print using the 
+system print command such as \fBlpr(1)\fR or \fB lp(1)\fR.
+
+Default: \fBspecified at compile time, usually 
+"nobody"\fR
+
+Example: \fBguest account = ftp\fR
+.TP
+\fBguest ok (S)\fR
+If this parameter is yes for 
+a service, then no password is required to connect to the service. 
+Privileges will be those of the \fI guest account\fR.
+
+See the section below on \fI security\fR for more information about this option.
+
+Default: \fBguest ok = no\fR
+.TP
+\fBguest only (S)\fR
+If this parameter is yes for 
+a service, then only guest connections to the service are permitted. 
+This parameter will have no effect if  \fIguest ok\fR is not set for the service.
+
+See the section below on \fI security\fR for more information about this option.
+
+Default: \fBguest only = no\fR
+.TP
+\fBhide dot files (S)\fR
+This is a boolean parameter that controls whether 
+files starting with a dot appear as hidden files.
+
+Default: \fBhide dot files = yes\fR
+.TP
+\fBhide files(S)\fR
+This is a list of files or directories that are not 
+visible but are accessible. The DOS 'hidden' attribute is applied 
+to any files or directories that match.
+
+Each entry in the list must be separated by a '/', 
+which allows spaces to be included in the entry. '*'
+and '?' can be used to specify multiple files or directories 
+as in DOS wildcards.
+
+Each entry must be a Unix path, not a DOS path and must 
+not include the Unix directory separator '/'.
+
+Note that the case sensitivity option is applicable 
+in hiding files.
+
+Setting this parameter will affect the performance of Samba, 
+as it will be forced to check all files and directories for a match 
+as they are scanned.
+
+See also \fIhide 
+dot files\fR, \fI veto files\fR and  \fIcase sensitive\fR.
+
+Default: \fBno file are hidden\fR
+
+Example: \fBhide files =
+/.*/DesktopFolderDB/TrashFor%m/resource.frk/\fR
+
+The above example is based on files that the Macintosh 
+SMB client (DAVE) available from  
+Thursby <URL:http://www.thursby.com> creates for internal use, and also still hides 
+all files beginning with a dot.
+.TP
+\fBhide local users(G)\fR
+This parameter toggles the hiding of local UNIX 
+users (root, wheel, floppy, etc) from remote clients.
+
+Default: \fBhide local users = no\fR
+.TP
+\fBhide unreadable (S)\fR
+This parameter prevents clients from seeing the
+existance of files that cannot be read. Defaults to off.
+
+Default: \fBhide unreadable = no\fR
+.TP
+\fBhomedir map (G)\fR
+If\fInis homedir
+\fRis yes, and \fBsmbd(8)\fR is also acting 
+as a Win95/98 \fIlogon server\fR then this parameter 
+specifies the NIS (or YP) map from which the server for the user's 
+home directory should be extracted. At present, only the Sun 
+auto.home map format is understood. The form of the map is:
+
+\fBusername server:/some/file/system\fR
+
+and the program will extract the servername from before 
+the first ':'. There should probably be a better parsing system 
+that copes with different map formats and also Amd (another 
+automounter) maps.
+
+\fBNOTE :\fRA working NIS client is required on 
+the system for this option to work.
+
+See also \fInis homedir\fR
+, \fIdomain logons\fR
+\&.
+
+Default: \fBhomedir map = <empty string>\fR
+
+Example: \fBhomedir map = amd.homedir\fR
+.TP
+\fBhost msdfs (G)\fR
+This boolean parameter is only available 
+if Samba has been configured and compiled with the \fB --with-msdfs\fR option. If set to yes, 
+Samba will act as a Dfs server, and allow Dfs-aware clients 
+to browse Dfs trees hosted on the server.
+
+See also the \fI msdfs root\fR share level parameter. For
+more information on setting up a Dfs tree on Samba,
+refer to msdfs_setup.html
+
+Default: \fBhost msdfs = no\fR
+.TP
+\fBhosts allow (S)\fR
+A synonym for this parameter is \fIallow 
+hosts\fR.
+
+This parameter is a comma, space, or tab delimited 
+set of hosts which are permitted to access a service.
+
+If specified in the [global] section then it will
+apply to all services, regardless of whether the individual 
+service has a different setting.
+
+You can specify the hosts by name or IP number. For 
+example, you could restrict access to only the hosts on a 
+Class C subnet with something like \fBallow hosts = 150.203.5.
+\fR\&. The full syntax of the list is described in the man 
+page \fIhosts_access(5)\fR. Note that this man
+page may not be present on your system, so a brief description will
+be given here also.
+
+Note that the localhost address 127.0.0.1 will always 
+be allowed access unless specifically denied by a \fIhosts deny\fR option.
+
+You can also specify hosts by network/netmask pairs and 
+by netgroup names if your system supports netgroups. The 
+\fBEXCEPT\fR keyword can also be used to limit a 
+wildcard list. The following examples may provide some help:
+
+Example 1: allow all IPs in 150.203.*.*; except one
+
+\fBhosts allow = 150.203. EXCEPT 150.203.6.66\fR
+
+Example 2: allow hosts that match the given network/netmask
+
+\fBhosts allow = 150.203.15.0/255.255.255.0\fR
+
+Example 3: allow a couple of hosts
+
+\fBhosts allow = lapland, arvidsjaur\fR
+
+Example 4: allow only hosts in NIS netgroup "foonet", but 
+deny access from one particular host
+
+\fBhosts allow = @foonet\fR
+
+\fBhosts deny = pirate\fR
+
+Note that access still requires suitable user-level passwords.
+
+See \fBtestparm(1)\fR
+ for a way of testing your host access to see if it does 
+what you expect.
+
+Default: \fBnone (i.e., all hosts permitted access)
+\fR
+Example: \fBallow hosts = 150.203.5. myhost.mynet.edu.au
+\fR.TP
+\fBhosts deny (S)\fR
+The opposite of \fIhosts allow\fR 
+- hosts listed here are \fBNOT\fR permitted access to 
+services unless the specific services have their own lists to override 
+this one. Where the lists conflict, the \fIallow\fR 
+list takes precedence.
+
+Default: \fBnone (i.e., no hosts specifically excluded)
+\fR
+Example: \fBhosts deny = 150.203.4. badhost.mynet.edu.au
+\fR.TP
+\fBhosts equiv (G)\fR
+If this global parameter is a non-null string, 
+it specifies the name of a file to read for the names of hosts 
+and users who will be allowed access without specifying a password.
+
+This is not be confused with  \fIhosts allow\fR which is about hosts 
+access to services and is more useful for guest services. \fI hosts equiv\fR may be useful for NT clients which will 
+not supply passwords to Samba.
+
+\fBNOTE :\fR The use of \fIhosts equiv
+\fRcan be a major security hole. This is because you are 
+trusting the PC to supply the correct username. It is very easy to 
+get a PC to supply a false username. I recommend that the 
+\fIhosts equiv\fR option be only used if you really 
+know what you are doing, or perhaps on a home network where you trust 
+your spouse and kids. And only if you \fBreally\fR trust 
+them :-).
+
+Default: \fBno host equivalences\fR
+
+Example: \fBhosts equiv = /etc/hosts.equiv\fR
+.TP
+\fBinclude (G)\fR
+This allows you to include one config file 
+inside another. The file is included literally, as though typed 
+in place.
+
+It takes the standard substitutions, except \fI%u
+\fR, \fI%P\fR and \fI%S\fR.
+
+Default: \fBno file included\fR
+
+Example: \fBinclude = /usr/local/samba/lib/admin_smb.conf
+\fR.TP
+\fBinherit acls (S)\fR
+This parameter can be used to ensure
+that if default acls exist on parent directories,
+they are always honored when creating a subdirectory.
+The default behavior is to use the mode specified
+when creating the directory. Enabling this option
+sets the mode to 0777, thus guaranteeing that 
+default directory acls are propagated.
+
+Default: \fBinherit acls = no\fR
+.TP
+\fBinherit permissions (S)\fR
+The permissions on new files and directories 
+are normally governed by \fI create mask\fR,  \fIdirectory mask\fR, \fIforce create mode\fR
+and \fIforce 
+directory mode\fR but the boolean inherit 
+permissions parameter overrides this.
+
+New directories inherit the mode of the parent directory,
+including bits such as setgid.
+
+New files inherit their read/write bits from the parent 
+directory. Their execute bits continue to be determined by
+\fImap archive\fR
+, \fImap hidden\fR
+and \fImap system\fR
+as usual.
+
+Note that the setuid bit is \fBnever\fR set via 
+inheritance (the code explicitly prohibits this).
+
+This can be particularly useful on large systems with 
+many users, perhaps several thousand, to allow a single [homes] 
+share to be used flexibly by each user.
+
+See also \fIcreate mask
+\fR, \fI directory mask\fR,  \fIforce create mode\fR and \fIforce directory mode\fR
+\&.
+
+Default: \fBinherit permissions = no\fR
+.TP
+\fBinterfaces (G)\fR
+This option allows you to override the default 
+network interfaces list that Samba will use for browsing, name 
+registration and other NBT traffic. By default Samba will query 
+the kernel for the list of all active interfaces and use any 
+interfaces except 127.0.0.1 that are broadcast capable.
+
+The option takes a list of interface strings. Each string 
+can be in any of the following forms:
+.RS
+.TP 0.2i
+\(bu
+a network interface name (such as eth0). 
+This may include shell-like wildcards so eth* will match 
+any interface starting with the substring "eth"
+.TP 0.2i
+\(bu
+an IP address. In this case the netmask is 
+determined from the list of interfaces obtained from the 
+kernel
+.TP 0.2i
+\(bu
+an IP/mask pair. 
+.TP 0.2i
+\(bu
+a broadcast/mask pair.
+.RE
+.PP
+The "mask" parameters can either be a bit length (such 
+as 24 for a C class network) or a full netmask in dotted 
+decimal form.
+.PP
+.PP
+The "IP" parameters above can either be a full dotted 
+decimal IP address or a hostname which will be looked up via 
+the OS's normal hostname resolution mechanisms.
+.PP
+.PP
+For example, the following line:
+.PP
+.PP
+\fBinterfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
+\fR.PP
+.PP
+would configure three network interfaces corresponding 
+to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. 
+The netmasks of the latter two interfaces would be set to 255.255.255.0.
+.PP
+.PP
+See also \fIbind 
+interfaces only\fR.
+.PP
+.PP
+Default: \fBall active interfaces except 127.0.0.1 
+that are broadcast capable\fR
+.PP
+.TP
+\fBinvalid users (S)\fR
+This is a list of users that should not be allowed 
+to login to this service. This is really a \fBparanoid\fR 
+check to absolutely ensure an improper setting does not breach 
+your security.
+
+A name starting with a '@' is interpreted as an NIS 
+netgroup first (if your system supports NIS), and then as a UNIX 
+group if the name was not found in the NIS netgroup database.
+
+A name starting with '+' is interpreted only 
+by looking in the UNIX group database. A name starting with 
+\&'&' is interpreted only by looking in the NIS netgroup database 
+(this requires NIS to be working on your system). The characters 
+\&'+' and '&' may be used at the start of the name in either order 
+so the value \fI+&group\fR means check the 
+UNIX group database, followed by the NIS netgroup database, and 
+the value \fI&+group\fR means check the NIS
+netgroup database, followed by the UNIX group database (the 
+same as the '@' prefix).
+
+The current servicename is substituted for \fI%S\fR. 
+This is useful in the [homes] section.
+
+See also \fIvalid users
+\fR\&.
+
+Default: \fBno invalid users\fR
+
+Example: \fBinvalid users = root fred admin @wheel
+\fR.TP
+\fBkeepalive (G)\fR
+The value of the parameter (an integer) represents 
+the number of seconds between \fIkeepalive\fR 
+packets. If this parameter is zero, no keepalive packets will be 
+sent. Keepalive packets, if sent, allow the server to tell whether 
+a client is still present and responding.
+
+Keepalives should, in general, not be needed if the socket 
+being used has the SO_KEEPALIVE attribute set on it (see \fIsocket options\fR). 
+Basically you should only use this option if you strike difficulties.
+
+Default: \fBkeepalive = 300\fR
+
+Example: \fBkeepalive = 600\fR
+.TP
+\fBkernel oplocks (G)\fR
+For UNIXes that support kernel based \fIoplocks\fR
+(currently only IRIX and the Linux 2.4 kernel), this parameter 
+allows the use of them to be turned on or off.
+
+Kernel oplocks support allows Samba \fIoplocks
+\fRto be broken whenever a local UNIX process or NFS operation 
+accesses a file that \fBsmbd(8)\fR
+ has oplocked. This allows complete data consistency between 
+SMB/CIFS, NFS and local file access (and is a \fBvery\fR 
+cool feature :-).
+
+This parameter defaults to on, but is translated
+to a no-op on systems that no not have the necessary kernel support.
+You should never need to touch this parameter.
+
+See also the \fIoplocks\fR
+and \fIlevel2 oplocks
+\fRparameters.
+
+Default: \fBkernel oplocks = yes\fR
+.TP
+\fBlanman auth (G)\fR
+This parameter determines whether or not smbd will
+attempt to authenticate users using the LANMAN password hash.
+If disabled, only clients which support NT password hashes (e.g. Windows 
+NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
+network client) will be able to connect to the Samba host.
+
+Default : \fBlanman auth = yes\fR
+.TP
+\fBlarge readwrite (G)\fR
+This parameter determines whether or not smbd
+supports the new 64k streaming read and write varient SMB requests introduced
+with Windows 2000. Note that due to Windows 2000 client redirector bugs
+this requires Samba to be running on a 64-bit capable operating system such
+as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
+Windows 2000 clients. Defaults to on. Windows NT 4.0 only supports
+read version of this call, and ignores the write version.
+
+Default : \fBlarge readwrite = yes\fR
+.TP
+\fBldap admin dn (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+The \fIldap admin dn\fR defines the Distinguished 
+Name (DN) name used by Samba to contact the ldap
+server when retreiving user account information. The \fIldap
+admin dn\fR is used in conjunction with the admin dn password
+stored in the \fIprivate/secrets.tdb\fR file. See the
+\fBsmbpasswd(8)\fR man
+page for more information on how to accmplish this.
+
+Default : \fBnone\fR
+.TP
+\fBldap filter (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+This parameter specifies the RFC 2254 compliant LDAP search filter.
+The default is to match the login name with the uid 
+attribute for all entries matching the sambaAccount 
+objectclass. Note that this filter should only return one entry.
+
+Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR
+.TP
+\fBldap port (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+This option is used to control the tcp port number used to contact
+the \fIldap server\fR.
+The default is to use the stand LDAPS port 636.
+
+See Also: ldap ssl
+
+Default : \fBldap port = 636 ; if ldap ssl = on\fR
+
+Default : \fBldap port = 389 ; if ldap ssl = off\fR
+.TP
+\fBldap server (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+This parameter should contains the FQDN of the ldap directory 
+server which should be queried to locate user account information.
+
+Default : \fBldap server = localhost\fR
+.TP
+\fBldap ssl (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+This option is used to define whether or not Samba should
+use SSL when connecting to the \fIldap
+server\fR. This is \fBNOT\fR related to
+Samba SSL support which is enabled by specifying the 
+\fB--with-ssl\fR option to the \fIconfigure\fR 
+script (see \fIssl\fR).
+
+The \fIldap ssl\fR can be set to one of three values:
+(a) on - Always use SSL when contacting the 
+\fIldap server\fR, (b) off -
+Never use SSL when querying the directory, or (c) start_tls 
+- Use the LDAPv3 StartTLS extended operation 
+(RFC2830) for communicating with the directory server.
+
+Default : \fBldap ssl = on\fR
+.TP
+\fBldap suffix (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+Default : \fBnone\fR
+.TP
+\fBlevel2 oplocks (S)\fR
+This parameter controls whether Samba supports
+level2 (read-only) oplocks on a share.
+
+Level2, or read-only oplocks allow Windows NT clients 
+that have an oplock on a file to downgrade from a read-write oplock 
+to a read-only oplock once a second client opens the file (instead 
+of releasing all oplocks on a second open, as in traditional, 
+exclusive oplocks). This allows all openers of the file that 
+support level2 oplocks to cache the file for read-ahead only (ie. 
+they may not cache writes or lock requests) and increases performance 
+for many accesses of files that are not commonly written (such as 
+application .EXE files).
+
+Once one of the clients which have a read-only oplock 
+writes to the file all clients are notified (no reply is needed 
+or waited for) and told to break their oplocks to "none" and 
+delete any read-ahead caches.
+
+It is recommended that this parameter be turned on 
+to speed access to shared executables.
+
+For more discussions on level2 oplocks see the CIFS spec.
+
+Currently, if \fIkernel 
+oplocks\fR are supported then level2 oplocks are 
+not granted (even if this parameter is set to yes). 
+Note also, the \fIoplocks\fR
+parameter must be set to yes on this share in order for 
+this parameter to have any effect.
+
+See also the \fIoplocks\fR
+and \fIkernel oplocks\fR
+parameters.
+
+Default: \fBlevel2 oplocks = yes\fR
+.TP
+\fBlm announce (G)\fR
+This parameter determines if  \fBnmbd(8)\fR will produce Lanman announce 
+broadcasts that are needed by OS/2 clients in order for them to see 
+the Samba server in their browse list. This parameter can have three 
+values, yes, no, or
+auto. The default is auto. 
+If set to no Samba will never produce these 
+broadcasts. If set to yes Samba will produce 
+Lanman announce broadcasts at a frequency set by the parameter 
+\fIlm interval\fR. If set to auto 
+Samba will not send Lanman announce broadcasts by default but will 
+listen for them. If it hears such a broadcast on the wire it will 
+then start sending them at a frequency set by the parameter 
+\fIlm interval\fR.
+
+See also \fIlm interval
+\fR\&.
+
+Default: \fBlm announce = auto\fR
+
+Example: \fBlm announce = yes\fR
+.TP
+\fBlm interval (G)\fR
+If Samba is set to produce Lanman announce 
+broadcasts needed by OS/2 clients (see the  \fIlm announce\fR parameter) then this 
+parameter defines the frequency in seconds with which they will be 
+made. If this is set to zero then no Lanman announcements will be 
+made despite the setting of the \fIlm announce\fR 
+parameter.
+
+See also \fIlm 
+announce\fR.
+
+Default: \fBlm interval = 60\fR
+
+Example: \fBlm interval = 120\fR
+.TP
+\fBload printers (G)\fR
+A boolean variable that controls whether all 
+printers in the printcap will be loaded for browsing by default. 
+See the printers section for 
+more details.
+
+Default: \fBload printers = yes\fR
+.TP
+\fBlocal master (G)\fR
+This option allows \fB nmbd(8)\fR to try and become a local master browser 
+on a subnet. If set to no then \fB nmbd\fR will not attempt to become a local master browser 
+on a subnet and will also lose in all browsing elections. By
+default this value is set to yes. Setting this value to yes doesn't
+mean that Samba will \fBbecome\fR the local master 
+browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser.
+
+Setting this value to no will cause \fBnmbd\fR
+\fBnever\fR to become a local master browser.
+
+Default: \fBlocal master = yes\fR
+.TP
+\fBlock dir (G)\fR
+Synonym for \fI lock directory\fR.
+.TP
+\fBlock directory (G)\fR
+This option specifies the directory where lock 
+files will be placed. The lock files are used to implement the 
+\fImax connections\fR
+option.
+
+Default: \fBlock directory = ${prefix}/var/locks\fR
+
+Example: \fBlock directory = /var/run/samba/locks\fR
+.TP
+\fBlock spin count (G)\fR
+This parameter controls the number of times
+that smbd should attempt to gain a byte range lock on the 
+behalf of a client request. Experiments have shown that
+Windows 2k servers do not reply with a failure if the lock
+could not be immediately granted, but try a few more times
+in case the lock could later be aquired. This behavior
+is used to support PC database formats such as MS Access
+and FoxPro.
+
+Default: \fBlock spin count = 2\fR
+.TP
+\fBlock spin time (G)\fR
+The time in microseconds that smbd should 
+pause before attempting to gain a failed lock. See
+\fIlock spin 
+count\fR for more details.
+
+Default: \fBlock spin time = 10\fR
+.TP
+\fBlocking (S)\fR
+This controls whether or not locking will be 
+performed by the server in response to lock requests from the 
+client.
+
+If \fBlocking = no\fR, all lock and unlock 
+requests will appear to succeed and all lock queries will report 
+that the file in question is available for locking.
+
+If \fBlocking = yes\fR, real locking will be performed 
+by the server.
+
+This option \fBmay\fR be useful for read-only 
+filesystems which \fBmay\fR not need locking (such as 
+CDROM drives), although setting this parameter of no 
+is not really recommended even in this case.
+
+Be careful about disabling locking either globally or in a 
+specific service, as lack of locking may result in data corruption. 
+You should never need to set this parameter.
+
+Default: \fBlocking = yes\fR
+.TP
+\fBlog file (G)\fR
+This option allows you to override the name 
+of the Samba log file (also known as the debug file).
+
+This option takes the standard substitutions, allowing 
+you to have separate log files for each user or machine.
+
+Example: \fBlog file = /usr/local/samba/var/log.%m
+\fR.TP
+\fBlog level (G)\fR
+The value of the parameter (an integer) allows 
+the debug level (logging level) to be specified in the 
+\fIsmb.conf\fR file. This is to give greater 
+flexibility in the configuration of the system.
+
+The default will be the log level specified on 
+the command line or level zero if none was specified.
+
+Example: \fBlog level = 3\fR
+.TP
+\fBlogon drive (G)\fR
+This parameter specifies the local path to 
+which the home directory will be connected (see \fIlogon home\fR) 
+and is only used by NT Workstations. 
+
+Note that this option is only useful if Samba is set up as a
+logon server.
+
+Default: \fBlogon drive = z:\fR
+
+Example: \fBlogon drive = h:\fR
+.TP
+\fBlogon home (G)\fR
+This parameter specifies the home directory 
+location when a Win95/98 or NT Workstation logs into a Samba PDC. 
+It allows you to do 
+
+C:\\> \fBNET USE H: /HOME\fR
+
+from a command prompt, for example.
+
+This option takes the standard substitutions, allowing 
+you to have separate logon scripts for each user or machine.
+
+This parameter can be used with Win9X workstations to ensure 
+that roaming profiles are stored in a subdirectory of the user's 
+home directory. This is done in the following way:
+
+\fBlogon home = \\\\%N\\%U\\profile\fR
+
+This tells Samba to return the above string, with 
+substitutions made when a client requests the info, generally 
+in a NetUserGetInfo request. Win9X clients truncate the info to
+\\\\server\\share when a user does \fBnet use /home\fR
+but use the whole string when dealing with profiles.
+
+Note that in prior versions of Samba, the  \fIlogon path\fR was returned rather than 
+\fIlogon home\fR. This broke \fBnet use 
+/home\fR but allowed profiles outside the home directory. 
+The current implementation is correct, and can be used for 
+profiles if you use the above trick.
+
+This option is only useful if Samba is set up as a logon 
+server.
+
+Default: \fBlogon home = "\\\\%N\\%U"\fR
+
+Example: \fBlogon home = "\\\\remote_smb_server\\%U"\fR
+.TP
+\fBlogon path (G)\fR
+This parameter specifies the home directory 
+where roaming profiles (NTuser.dat etc files for Windows NT) are 
+stored. Contrary to previous versions of these manual pages, it has 
+nothing to do with Win 9X roaming profiles. To find out how to 
+handle roaming profiles for Win 9X system, see the  \fIlogon home\fR parameter.
+
+This option takes the standard substitutions, allowing you 
+to have separate logon scripts for each user or machine. It also 
+specifies the directory from which the "Application Data", 
+(\fIdesktop\fR, \fIstart menu\fR,
+\fInetwork neighborhood\fR, \fIprograms\fR 
+and other folders, and their contents, are loaded and displayed on 
+your Windows NT client.
+
+The share and the path must be readable by the user for 
+the preferences and directories to be loaded onto the Windows NT
+client. The share must be writeable when the user logs in for the first
+time, in order that the Windows NT client can create the NTuser.dat
+and other directories.
+
+Thereafter, the directories and any of the contents can, 
+if required, be made read-only. It is not advisable that the 
+NTuser.dat file be made read-only - rename it to NTuser.man to 
+achieve the desired effect (a \fBMAN\fRdatory 
+profile). 
+
+Windows clients can sometimes maintain a connection to 
+the [homes] share, even though there is no user logged in. 
+Therefore, it is vital that the logon path does not include a 
+reference to the homes share (i.e. setting this parameter to
+\\%N\\%U\\profile_path will cause problems).
+
+This option takes the standard substitutions, allowing 
+you to have separate logon scripts for each user or machine.
+
+Note that this option is only useful if Samba is set up 
+as a logon server.
+
+Default: \fBlogon path = \\\\%N\\%U\\profile\fR
+
+Example: \fBlogon path = \\\\PROFILESERVER\\PROFILE\\%U\fR
+.TP
+\fBlogon script (G)\fR
+This parameter specifies the batch file (.bat) or 
+NT command file (.cmd) to be downloaded and run on a machine when 
+a user successfully logs in. The file must contain the DOS 
+style CR/LF line endings. Using a DOS-style editor to create the 
+file is recommended.
+
+The script must be a relative path to the [netlogon] 
+service. If the [netlogon] service specifies a  \fIpath\fR of \fI/usr/local/samba/netlogon
+\fR, and \fBlogon script = STARTUP.BAT\fR, then 
+the file that will be downloaded is:
+
+\fI/usr/local/samba/netlogon/STARTUP.BAT\fR
+
+The contents of the batch file are entirely your choice. A 
+suggested command would be to add \fBNET TIME \\\\SERVER /SET 
+/YES\fR, to force every machine to synchronize clocks with 
+the same time server. Another use would be to add \fBNET USE 
+U: \\\\SERVER\\UTILS\fR for commonly used utilities, or \fB NET USE Q: \\\\SERVER\\ISO9001_QA\fR for example.
+
+Note that it is particularly important not to allow write 
+access to the [netlogon] share, or to grant users write permission 
+on the batch files in a secure environment, as this would allow 
+the batch files to be arbitrarily modified and security to be 
+breached.
+
+This option takes the standard substitutions, allowing you 
+to have separate logon scripts for each user or machine.
+
+This option is only useful if Samba is set up as a logon 
+server.
+
+Default: \fBno logon script defined\fR
+
+Example: \fBlogon script = scripts\\%U.bat\fR
+.TP
+\fBlppause command (S)\fR
+This parameter specifies the command to be 
+executed on the server host in order to stop printing or spooling 
+a specific print job.
+
+This command should be a program or script which takes 
+a printer name and job number to pause the print job. One way 
+of implementing this is by using job priorities, where jobs 
+having a too low priority won't be sent to the printer.
+
+If a \fI%p\fR is given then the printer name 
+is put in its place. A \fI%j\fR is replaced with 
+the job number (an integer). On HPUX (see \fIprinting=hpux
+\fR), if the \fI-p%p\fR option is added 
+to the lpq command, the job will show up with the correct status, i.e. 
+if the job priority is lower than the set fence priority it will 
+have the PAUSED status, whereas if the priority is equal or higher it 
+will have the SPOOLED or PRINTING status.
+
+Note that it is good practice to include the absolute path 
+in the lppause command as the PATH may not be available to the server.
+
+See also the \fIprinting
+\fRparameter.
+
+Default: Currently no default value is given to 
+this string, unless the value of the \fIprinting\fR 
+parameter is SYSV, in which case the default is :
+
+\fBlp -i %p-%j -H hold\fR
+
+or if the value of the \fIprinting\fR parameter 
+is SOFTQ, then the default is:
+
+\fBqstat -s -j%j -h\fR
+
+Example for HPUX: \fBlppause command = /usr/bin/lpalt 
+%p-%j -p0\fR
+.TP
+\fBlpq cache time (G)\fR
+This controls how long lpq info will be cached 
+for to prevent the \fBlpq\fR command being called too 
+often. A separate cache is kept for each variation of the \fB lpq\fR command used by the system, so if you use different 
+\fBlpq\fR commands for different users then they won't
+share cache information.
+
+The cache files are stored in \fI/tmp/lpq.xxxx\fR 
+where xxxx is a hash of the \fBlpq\fR command in use.
+
+The default is 10 seconds, meaning that the cached results 
+of a previous identical \fBlpq\fR command will be used 
+if the cached data is less than 10 seconds old. A large value may 
+be advisable if your \fBlpq\fR command is very slow.
+
+A value of 0 will disable caching completely.
+
+See also the \fIprinting
+\fRparameter.
+
+Default: \fBlpq cache time = 10\fR
+
+Example: \fBlpq cache time = 30\fR
+.TP
+\fBlpq command (S)\fR
+This parameter specifies the command to be 
+executed on the server host in order to obtain \fBlpq
+\fR-style printer status information.
+
+This command should be a program or script which 
+takes a printer name as its only parameter and outputs printer 
+status information.
+
+Currently nine styles of printer status information 
+are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. 
+This covers most UNIX systems. You control which type is expected 
+using the \fIprinting =\fR option.
+
+Some clients (notably Windows for Workgroups) may not 
+correctly send the connection number for the printer they are 
+requesting status information about. To get around this, the 
+server reports on the first printer service connected to by the 
+client. This only happens if the connection number sent is invalid.
+
+If a \fI%p\fR is given then the printer name 
+is put in its place. Otherwise it is placed at the end of the 
+command.
+
+Note that it is good practice to include the absolute path 
+in the \fIlpq command\fR as the \fB$PATH
+\fRmay not be available to the server. When compiled with
+the CUPS libraries, no \fIlpq command\fR is
+needed because smbd will make a library call to obtain the 
+print queue listing.
+
+See also the \fIprinting
+\fRparameter.
+
+Default: \fBdepends on the setting of \fI printing\fB\fR
+
+Example: \fBlpq command = /usr/bin/lpq -P%p\fR
+.TP
+\fBlpresume command (S)\fR
+This parameter specifies the command to be 
+executed on the server host in order to restart or continue 
+printing or spooling a specific print job.
+
+This command should be a program or script which takes 
+a printer name and job number to resume the print job. See 
+also the \fIlppause command
+\fRparameter.
+
+If a \fI%p\fR is given then the printer name 
+is put in its place. A \fI%j\fR is replaced with 
+the job number (an integer).
+
+Note that it is good practice to include the absolute path 
+in the \fIlpresume command\fR as the PATH may not 
+be available to the server.
+
+See also the \fIprinting
+\fRparameter.
+
+Default: Currently no default value is given 
+to this string, unless the value of the \fIprinting\fR 
+parameter is SYSV, in which case the default is :
+
+\fBlp -i %p-%j -H resume\fR
+
+or if the value of the \fIprinting\fR parameter 
+is SOFTQ, then the default is:
+
+\fBqstat -s -j%j -r\fR
+
+Example for HPUX: \fBlpresume command = /usr/bin/lpalt 
+%p-%j -p2\fR
+.TP
+\fBlprm command (S)\fR
+This parameter specifies the command to be 
+executed on the server host in order to delete a print job.
+
+This command should be a program or script which takes 
+a printer name and job number, and deletes the print job.
+
+If a \fI%p\fR is given then the printer name 
+is put in its place. A \fI%j\fR is replaced with 
+the job number (an integer).
+
+Note that it is good practice to include the absolute 
+path in the \fIlprm command\fR as the PATH may not be 
+available to the server.
+
+See also the \fIprinting
+\fRparameter.
+
+Default: \fBdepends on the setting of \fIprinting
+\fB\fR
+Example 1: \fBlprm command = /usr/bin/lprm -P%p %j
+\fR
+Example 2: \fBlprm command = /usr/bin/cancel %p-%j
+\fR.TP
+\fBmachine password timeout (G)\fR
+If a Samba server is a member of a Windows 
+NT Domain (see the security = domain) 
+parameter) then periodically a running  smbd(8) process will try and change the MACHINE ACCOUNT 
+PASSWORD stored in the TDB called \fIprivate/secrets.tdb
+\fR\&. This parameter specifies how often this password 
+will be changed, in seconds. The default is one week (expressed in 
+seconds), the same as a Windows NT Domain member server.
+
+See also \fBsmbpasswd(8)
+\fR and the  security = domain) parameter.
+
+Default: \fBmachine password timeout = 604800\fR
+.TP
+\fBmagic output (S)\fR
+This parameter specifies the name of a file 
+which will contain output created by a magic script (see the 
+\fImagic script\fR
+parameter below).
+
+Warning: If two clients use the same \fImagic script
+\fRin the same directory the output file content
+is undefined.
+
+Default: \fBmagic output = <magic script name>.out
+\fR
+Example: \fBmagic output = myfile.txt\fR
+.TP
+\fBmagic script (S)\fR
+This parameter specifies the name of a file which, 
+if opened, will be executed by the server when the file is closed. 
+This allows a UNIX script to be sent to the Samba host and 
+executed on behalf of the connected user.
+
+Scripts executed in this way will be deleted upon 
+completion assuming that the user has the appropriate level 
+of privilege and the file permissions allow the deletion.
+
+If the script generates output, output will be sent to 
+the file specified by the \fI magic output\fR parameter (see above).
+
+Note that some shells are unable to interpret scripts 
+containing CR/LF instead of CR as 
+the end-of-line marker. Magic scripts must be executable 
+\fBas is\fR on the host, which for some hosts and 
+some shells will require filtering at the DOS end.
+
+Magic scripts are \fBEXPERIMENTAL\fR and 
+should \fBNOT\fR be relied upon.
+
+Default: \fBNone. Magic scripts disabled.\fR
+
+Example: \fBmagic script = user.csh\fR
+.TP
+\fBmangle case (S)\fR
+See the section on  NAME MANGLING
+
+Default: \fBmangle case = no\fR
+.TP
+\fBmangled map (S)\fR
+This is for those who want to directly map UNIX 
+file names which cannot be represented on Windows/DOS. The mangling 
+of names is not always what is needed. In particular you may have 
+documents with file extensions that differ between DOS and UNIX. 
+For example, under UNIX it is common to use \fI.html\fR 
+for HTML files, whereas under Windows/DOS \fI.htm\fR 
+is more commonly used.
+
+So to map \fIhtml\fR to \fIhtm\fR 
+you would use:
+
+\fBmangled map = (*.html *.htm)\fR
+
+One very useful case is to remove the annoying \fI;1
+\fRoff the ends of filenames on some CDROMs (only visible 
+under some UNIXes). To do this use a map of (*;1 *;).
+
+Default: \fBno mangled map\fR
+
+Example: \fBmangled map = (*;1 *;)\fR
+.TP
+\fBmangled names (S)\fR
+This controls whether non-DOS names under UNIX 
+should be mapped to DOS-compatible names ("mangled") and made visible, 
+or whether non-DOS names should simply be ignored.
+
+See the section on  NAME MANGLING for details on how to control the mangling process.
+
+If mangling algorithm "hash" is used then the mangling algorithm is as follows:
+.RS
+.TP 0.2i
+\(bu
+The first (up to) five alphanumeric characters 
+before the rightmost dot of the filename are preserved, forced 
+to upper case, and appear as the first (up to) five characters 
+of the mangled name.
+.TP 0.2i
+\(bu
+A tilde "~" is appended to the first part of the mangled
+name, followed by a two-character unique sequence, based on the
+original root name (i.e., the original filename minus its final
+extension). The final extension is included in the hash calculation
+only if it contains any upper case characters or is longer than three
+characters.
+
+Note that the character to use may be specified using 
+the \fImangling char\fR
+option, if you don't like '~'.
+.TP 0.2i
+\(bu
+The first three alphanumeric characters of the final 
+extension are preserved, forced to upper case and appear as the 
+extension of the mangled name. The final extension is defined as that 
+part of the original filename after the rightmost dot. If there are no 
+dots in the filename, the mangled name will have no extension (except 
+in the case of "hidden files" - see below).
+.TP 0.2i
+\(bu
+Files whose UNIX name begins with a dot will be 
+presented as DOS hidden files. The mangled name will be created as 
+for other filenames, but with the leading dot removed and "___" as 
+its extension regardless of actual original extension (that's three 
+underscores).
+.RE
+.PP
+The two-digit hash value consists of upper case 
+alphanumeric characters.
+.PP
+.PP
+This algorithm can cause name collisions only if files 
+in a directory share the same first five alphanumeric characters. 
+The probability of such a clash is 1/1300.
+.PP
+.PP
+If mangling algorithm "hash2" is used then the mangling algorithm is as follows:
+.PP
+.RS
+.TP 0.2i
+\(bu
+The first alphanumeric character 
+before the rightmost dot of the filename is preserved, forced 
+to upper case, and appears as the first character of the mangled name.
+.TP 0.2i
+\(bu
+A base63 hash of 5 characters is generated and the
+first 4 characters of that hash are appended to the first character.
+.TP 0.2i
+\(bu
+A tilde "~" is appended to the first part of the mangled
+name, followed by the final character of the base36 hash of the name.
+
+Note that the character to use may be specified using 
+the \fImangling char\fR
+option, if you don't like '~'.
+.TP 0.2i
+\(bu
+The first three alphanumeric characters of the final 
+extension are preserved, forced to upper case and appear as the 
+extension of the mangled name. The final extension is defined as that 
+part of the original filename after the rightmost dot. If there are no 
+dots in the filename, the mangled name will have no extension (except 
+in the case of "hidden files" - see below).
+.TP 0.2i
+\(bu
+Files whose UNIX name begins with a dot will be 
+presented as DOS hidden files. The mangled name will be created as 
+for other filenames, but with the leading dot removed and "___" as 
+its extension regardless of actual original extension (that's three 
+underscores).
+.RE
+.PP
+The name mangling (if enabled) allows a file to be 
+copied between UNIX directories from Windows/DOS while retaining 
+the long UNIX filename. UNIX files can be renamed to a new extension 
+from Windows/DOS and will retain the same basename. Mangled names 
+do not change between sessions.
+.PP
+.PP
+Default: \fBmangled names = yes\fR
+.PP
+.TP
+\fBmangled stack (G)\fR
+This parameter controls the number of mangled names 
+that should be cached in the Samba server  smbd(8)
+
+This stack is a list of recently mangled base names 
+(extensions are only maintained if they are longer than 3 characters 
+or contains upper case characters).
+
+The larger this value, the more likely it is that mangled 
+names can be successfully converted to correct long UNIX names. 
+However, large stack sizes will slow most directory accesses. Smaller 
+stacks save memory in the server (each stack element costs 256 bytes).
+
+It is not possible to absolutely guarantee correct long 
+filenames, so be prepared for some surprises!
+
+Default: \fBmangled stack = 50\fR
+
+Example: \fBmangled stack = 100\fR
+.TP
+\fBmangling char (S)\fR
+This controls what character is used as 
+the \fBmagic\fR character in name mangling. The default is a '~'
+but this may interfere with some software. Use this option to set 
+it to whatever you prefer.
+
+Default: \fBmangling char = ~\fR
+
+Example: \fBmangling char = ^\fR
+.TP
+\fBmangling mathod(G)\fR
+controls the algorithm used for the generating
+the mangled names. Can take two different values, "hash" and
+"hash2". "hash" is the default and is the algorithm that has been
+used in Samba for many years. "hash2" is a newer and considered
+a better algorithm (generates less collisions) in the names.
+However, many Win32 applications store the mangled names and so
+changing to the new algorithm must not be done
+lightly as these applications may break unless reinstalled.
+New installations of Samba may set the default to hash2.
+
+Default: \fBmangling method = hash\fR
+
+Example: \fBmangling method = hash2\fR
+.TP
+\fBmap archive (S)\fR
+This controls whether the DOS archive attribute 
+should be mapped to the UNIX owner execute bit. The DOS archive bit 
+is set when a file has been modified since its last backup. One 
+motivation for this option it to keep Samba/your PC from making 
+any file it touches from becoming executable under UNIX. This can 
+be quite annoying for shared source code, documents, etc...
+
+Note that this requires the \fIcreate mask\fR
+parameter to be set such that owner execute bit is not masked out 
+(i.e. it must include 100). See the parameter  \fIcreate mask\fR for details.
+
+Default: \fBmap archive = yes\fR
+.TP
+\fBmap hidden (S)\fR
+This controls whether DOS style hidden files 
+should be mapped to the UNIX world execute bit.
+
+Note that this requires the \fIcreate mask\fR 
+to be set such that the world execute bit is not masked out (i.e. 
+it must include 001). See the parameter  \fIcreate mask\fR for details.
+
+Default: \fBmap hidden = no\fR
+.TP
+\fBmap system (S)\fR
+This controls whether DOS style system files 
+should be mapped to the UNIX group execute bit.
+
+Note that this requires the \fIcreate mask\fR 
+to be set such that the group execute bit is not masked out (i.e. 
+it must include 010). See the parameter  \fIcreate mask\fR for details.
+
+Default: \fBmap system = no\fR
+.TP
+\fBmap to guest (G)\fR
+This parameter is only useful in  security modes other than \fIsecurity = share\fR 
+- i.e. user, server, 
+and domain.
+
+This parameter can take three different values, which tell
+smbd(8) what to do with user 
+login requests that don't match a valid UNIX user in some way.
+
+The three settings are :
+.RS
+.TP 0.2i
+\(bu
+Never - Means user login 
+requests with an invalid password are rejected. This is the 
+default.
+.TP 0.2i
+\(bu
+Bad User - Means user
+logins with an invalid password are rejected, unless the username 
+does not exist, in which case it is treated as a guest login and 
+mapped into the \fI guest account\fR.
+.TP 0.2i
+\(bu
+Bad Password - Means user logins 
+with an invalid password are treated as a guest login and mapped 
+into the guest account. Note that 
+this can cause problems as it means that any user incorrectly typing 
+their password will be silently logged on as "guest" - and 
+will not know the reason they cannot access files they think
+they should - there will have been no message given to them
+that they got their password wrong. Helpdesk services will
+\fBhate\fR you if you set the \fImap to 
+guest\fR parameter this way :-).
+.RE
+.PP
+Note that this parameter is needed to set up "Guest" 
+share services when using \fIsecurity\fR modes other than 
+share. This is because in these modes the name of the resource being
+requested is \fBnot\fR sent to the server until after 
+the server has successfully authenticated the client so the server 
+cannot make authentication decisions at the correct time (connection 
+to the share) for "Guest" shares.
+.PP
+.PP
+For people familiar with the older Samba releases, this 
+parameter maps to the old compile-time setting of the  GUEST_SESSSETUP value in local.h.
+.PP
+.PP
+Default: \fBmap to guest = Never\fR
+.PP
+.PP
+Example: \fBmap to guest = Bad User\fR
+.PP
+.TP
+\fBmax connections (S)\fR
+This option allows the number of simultaneous 
+connections to a service to be limited. If \fImax connections
+\fRis greater than 0 then connections will be refused if 
+this number of connections to the service are already open. A value 
+of zero mean an unlimited number of connections may be made.
+
+Record lock files are used to implement this feature. The 
+lock files will be stored in the directory specified by the \fIlock directory\fR 
+option.
+
+Default: \fBmax connections = 0\fR
+
+Example: \fBmax connections = 10\fR
+.TP
+\fBmax disk size (G)\fR
+This option allows you to put an upper limit 
+on the apparent size of disks. If you set this option to 100 
+then all shares will appear to be not larger than 100 MB in 
+size.
+
+Note that this option does not limit the amount of 
+data you can put on the disk. In the above case you could still 
+store much more than 100 MB on the disk, but if a client ever asks 
+for the amount of free disk space or the total disk size then the 
+result will be bounded by the amount specified in \fImax 
+disk size\fR.
+
+This option is primarily useful to work around bugs 
+in some pieces of software that can't handle very large disks, 
+particularly disks over 1GB in size.
+
+A \fImax disk size\fR of 0 means no limit.
+
+Default: \fBmax disk size = 0\fR
+
+Example: \fBmax disk size = 1000\fR
+.TP
+\fBmax log size (G)\fR
+This option (an integer in kilobytes) specifies 
+the max size the log file should grow to. Samba periodically checks 
+the size and if it is exceeded it will rename the file, adding 
+a \fI.old\fR extension.
+
+A size of 0 means no limit.
+
+Default: \fBmax log size = 5000\fR
+
+Example: \fBmax log size = 1000\fR
+.TP
+\fBmax mux (G)\fR
+This option controls the maximum number of 
+outstanding simultaneous SMB operations that Samba tells the client 
+it will allow. You should never need to set this parameter.
+
+Default: \fBmax mux = 50\fR
+.TP
+\fBmax open files (G)\fR
+This parameter limits the maximum number of 
+open files that one smbd(8) file 
+serving process may have open for a client at any one time. The 
+default for this parameter is set very high (10,000) as Samba uses 
+only one bit per unopened file.
+
+The limit of the number of open files is usually set 
+by the UNIX per-process file descriptor limit rather than 
+this parameter so you should never need to touch this parameter.
+
+Default: \fBmax open files = 10000\fR
+.TP
+\fBmax print jobs (S)\fR
+This parameter limits the maximum number of 
+jobs allowable in a Samba printer queue at any given moment.
+If this number is exceeded, \fB smbd(8)\fR will remote "Out of Space" to the client.
+See all \fItotal
+print jobs\fR.
+
+Default: \fBmax print jobs = 1000\fR
+
+Example: \fBmax print jobs = 5000\fR
+.TP
+\fBmax protocol (G)\fR
+The value of the parameter (a string) is the highest 
+protocol level that will be supported by the server.
+
+Possible values are :
+.RS
+.TP 0.2i
+\(bu
+CORE: Earliest version. No 
+concept of user names.
+.TP 0.2i
+\(bu
+COREPLUS: Slight improvements on 
+CORE for efficiency.
+.TP 0.2i
+\(bu
+LANMAN1: First \fB modern\fR version of the protocol. Long filename
+support.
+.TP 0.2i
+\(bu
+LANMAN2: Updates to Lanman1 protocol.
+.TP 0.2i
+\(bu
+NT1: Current up to date version of 
+the protocol. Used by Windows NT. Known as CIFS.
+.RE
+.PP
+Normally this option should not be set as the automatic 
+negotiation phase in the SMB protocol takes care of choosing 
+the appropriate protocol.
+.PP
+.PP
+See also \fImin
+protocol\fR
+.PP
+.PP
+Default: \fBmax protocol = NT1\fR
+.PP
+.PP
+Example: \fBmax protocol = LANMAN1\fR
+.PP
+.TP
+\fBmax smbd processes (G)\fR
+This parameter limits the maximum number of 
+\fBsmbd(8)\fR
+processes concurrently running on a system and is intended
+as a stopgap to prevent degrading service to clients in the event
+that the server has insufficient resources to handle more than this
+number of connections. Remember that under normal operating
+conditions, each user will have an smbd associated with him or her
+to handle connections to all shares from a given host.
+
+Default: \fBmax smbd processes = 0\fR ## no limit
+
+Example: \fBmax smbd processes = 1000\fR
+.TP
+\fBmax ttl (G)\fR
+This option tells nmbd(8)
+what the default 'time to live' of NetBIOS names should be (in seconds) 
+when \fBnmbd\fR is requesting a name using either a
+broadcast packet or from a WINS server. You should never need to
+change this parameter. The default is 3 days.
+
+Default: \fBmax ttl = 259200\fR
+.TP
+\fBmax wins ttl (G)\fR
+This option tells nmbd(8)
+ when acting as a WINS server ( \fIwins support = yes\fR) what the maximum
+\&'time to live' of NetBIOS names that \fBnmbd\fR 
+will grant will be (in seconds). You should never need to change this
+parameter. The default is 6 days (518400 seconds).
+
+See also the \fImin 
+wins ttl\fR parameter.
+
+Default: \fBmax wins ttl = 518400\fR
+.TP
+\fBmax xmit (G)\fR
+This option controls the maximum packet size 
+that will be negotiated by Samba. The default in Samba 2.2.6 is
+now 16644 (changed from 65535 in earlier releases) which matches
+Windows 2000. This allows better performance with Windows NT clients.
+The maximum is 65535. In some cases you may find you get better performance 
+with a smaller value. A value below 2048 is likely to cause problems.
+
+Default: \fBmax xmit = 16644\fR
+
+Example: \fBmax xmit = 8192\fR
+.TP
+\fBmessage command (G)\fR
+This specifies what command to run when the 
+server receives a WinPopup style message.
+
+This would normally be a command that would 
+deliver the message somehow. How this is to be done is 
+up to your imagination.
+
+An example is:
+
+\fBmessage command = csh -c 'xedit %s;rm %s' &\fR
+
+This delivers the message using \fBxedit\fR, then 
+removes it afterwards. \fBNOTE THAT IT IS VERY IMPORTANT 
+THAT THIS COMMAND RETURN IMMEDIATELY\fR. That's why I 
+have the '&' on the end. If it doesn't return immediately then 
+your PCs may freeze when sending messages (they should recover 
+after 30 seconds, hopefully).
+
+All messages are delivered as the global guest user. 
+The command takes the standard substitutions, although \fI %u\fR won't work (\fI%U\fR may be better 
+in this case).
+
+Apart from the standard substitutions, some additional 
+ones apply. In particular:
+.RS
+.TP 0.2i
+\(bu
+\fI%s\fR = the filename containing 
+the message.
+.TP 0.2i
+\(bu
+\fI%t\fR = the destination that 
+the message was sent to (probably the server name).
+.TP 0.2i
+\(bu
+\fI%f\fR = who the message 
+is from.
+.RE
+.PP
+You could make this command send mail, or whatever else 
+takes your fancy. Please let us know of any really interesting 
+ideas you have.
+.PP
+.PP
+Here's a way of sending the messages as mail to root:
+.PP
+.PP
+\fBmessage command = /bin/mail -s 'message from %f on 
+%m' root < %s; rm %s\fR
+.PP
+.PP
+If you don't have a message command then the message 
+won't be delivered and Samba will tell the sender there was 
+an error. Unfortunately WfWg totally ignores the error code 
+and carries on regardless, saying that the message was delivered.
+.PP
+.PP
+If you want to silently delete it then try:
+.PP
+.PP
+\fBmessage command = rm %s\fR
+.PP
+.PP
+Default: \fBno message command\fR
+.PP
+.PP
+Example: \fBmessage command = csh -c 'xedit %s;
+rm %s' &\fR
+.PP
+.TP
+\fBmin passwd length (G)\fR
+Synonym for  \fImin password length\fR.
+.TP
+\fBmin password length (G)\fR
+This option sets the minimum length in characters 
+of a plaintext password that \fBsmbd\fR will accept when performing 
+UNIX password changing.
+
+See also \fIunix 
+password sync\fR,  \fIpasswd program\fR and \fIpasswd chat debug\fR
+\&.
+
+Default: \fBmin password length = 5\fR
+.TP
+\fBmin print space (S)\fR
+This sets the minimum amount of free disk 
+space that must be available before a user will be able to spool 
+a print job. It is specified in kilobytes. The default is 0, which 
+means a user can always spool a print job.
+
+See also the \fIprinting
+\fRparameter.
+
+Default: \fBmin print space = 0\fR
+
+Example: \fBmin print space = 2000\fR
+.TP
+\fBmin protocol (G)\fR
+The value of the parameter (a string) is the 
+lowest SMB protocol dialect than Samba will support. Please refer
+to the \fImax protocol\fR
+parameter for a list of valid protocol names and a brief description
+of each. You may also wish to refer to the C source code in
+\fIsource/smbd/negprot.c\fR for a listing of known protocol
+dialects supported by clients.
+
+If you are viewing this parameter as a security measure, you should
+also refer to the \fIlanman 
+auth\fR parameter. Otherwise, you should never need 
+to change this parameter.
+
+Default : \fBmin protocol = CORE\fR
+
+Example : \fBmin protocol = NT1\fR # disable DOS 
+clients
+.TP
+\fBmin wins ttl (G)\fR
+This option tells nmbd(8)
+when acting as a WINS server (\fI wins support = yes\fR) what the minimum 'time to live' 
+of NetBIOS names that \fBnmbd\fR will grant will be (in 
+seconds). You should never need to change this parameter. The default 
+is 6 hours (21600 seconds).
+
+Default: \fBmin wins ttl = 21600\fR
+.TP
+\fBmsdfs root (S)\fR
+This boolean parameter is only available if 
+Samba is configured and compiled with the \fB --with-msdfs\fR option. If set to yes, 
+Samba treats the share as a Dfs root and allows clients to browse 
+the distributed file system tree rooted at the share directory. 
+Dfs links are specified in the share directory by symbolic 
+links of the form \fImsdfs:serverA\\shareA,serverB\\shareB
+\fRand so on. For more information on setting up a Dfs tree 
+on Samba, refer to msdfs_setup.html
+
+
+See also \fIhost msdfs
+\fR
+Default: \fBmsdfs root = no\fR
+.TP
+\fBname resolve order (G)\fR
+This option is used by the programs in the Samba 
+suite to determine what naming services to use and in what order 
+to resolve host names to IP addresses. The option takes a space 
+separated string of name resolution options.
+
+The options are :"lmhosts", "host", "wins" and "bcast". They 
+cause names to be resolved as follows :
+.RS
+.TP 0.2i
+\(bu
+lmhosts : Lookup an IP 
+address in the Samba lmhosts file. If the line in lmhosts has 
+no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
+any name type matches for lookup.
+.TP 0.2i
+\(bu
+host : Do a standard host 
+name to IP address resolution, using the system \fI/etc/hosts
+\fR, NIS, or DNS lookups. This method of name resolution 
+is operating system depended for instance on IRIX or Solaris this 
+may be controlled by the \fI/etc/nsswitch.conf\fR 
+file. Note that this method is only used if the NetBIOS name 
+type being queried is the 0x20 (server) name type, otherwise 
+it is ignored.
+.TP 0.2i
+\(bu
+wins : Query a name with 
+the IP address listed in the \fI wins server\fR parameter. If no WINS server has
+been specified this method will be ignored.
+.TP 0.2i
+\(bu
+bcast : Do a broadcast on 
+each of the known local interfaces listed in the \fIinterfaces\fR 
+parameter. This is the least reliable of the name resolution 
+methods as it depends on the target host being on a locally 
+connected subnet.
+.RE
+.PP
+Default: \fBname resolve order = lmhosts host wins bcast
+\fR.PP
+.PP
+Example: \fBname resolve order = lmhosts bcast host
+\fR.PP
+.PP
+This will cause the local lmhosts file to be examined 
+first, followed by a broadcast attempt, followed by a normal 
+system hostname lookup.
+.PP
+.TP
+\fBnetbios aliases (G)\fR
+This is a list of NetBIOS names that nmbd(8) will advertise as additional 
+names by which the Samba server is known. This allows one machine 
+to appear in browse lists under multiple names. If a machine is 
+acting as a browse server or logon server none 
+of these names will be advertised as either browse server or logon 
+servers, only the primary name of the machine will be advertised 
+with these capabilities.
+
+See also \fInetbios 
+name\fR.
+
+Default: \fBempty string (no additional names)\fR
+
+Example: \fBnetbios aliases = TEST TEST1 TEST2\fR
+.TP
+\fBnetbios name (G)\fR
+This sets the NetBIOS name by which a Samba 
+server is known. By default it is the same as the first component 
+of the host's DNS name. If a machine is a browse server or
+logon server this name (or the first component
+of the hosts DNS name) will be the name that these services are
+advertised under.
+
+See also \fInetbios 
+aliases\fR.
+
+Default: \fBmachine DNS name\fR
+
+Example: \fBnetbios name = MYNAME\fR
+.TP
+\fBnetbios scope (G)\fR
+This sets the NetBIOS scope that Samba will 
+operate under. This should not be set unless every machine 
+on your LAN also sets this value.
+.TP
+\fBnis homedir (G)\fR
+Get the home share server from a NIS map. For 
+UNIX systems that use an automounter, the user's home directory 
+will often be mounted on a workstation on demand from a remote 
+server. 
+
+When the Samba logon server is not the actual home directory 
+server, but is mounting the home directories via NFS then two 
+network hops would be required to access the users home directory 
+if the logon server told the client to use itself as the SMB server 
+for home directories (one over SMB and one over NFS). This can 
+be very slow.
+
+This option allows Samba to return the home share as 
+being on a different server to the logon server and as 
+long as a Samba daemon is running on the home directory server, 
+it will be mounted on the Samba client directly from the directory 
+server. When Samba is returning the home share to the client, it 
+will consult the NIS map specified in  \fIhomedir map\fR and return the server 
+listed there.
+
+Note that for this option to work there must be a working 
+NIS system and the Samba server with this option must also 
+be a logon server.
+
+Default: \fBnis homedir = no\fR
+.TP
+\fBnt acl support (S)\fR
+This boolean parameter controls whether 
+smbd(8) will attempt to map 
+UNIX permissions into Windows NT access control lists.
+This parameter was formally a global parameter in releases
+prior to 2.2.2.
+
+Default: \fBnt acl support = yes\fR
+.TP
+\fBnt pipe support (G)\fR
+This boolean parameter controls whether 
+smbd(8) will allow Windows NT 
+clients to connect to the NT SMB specific IPC$ 
+pipes. This is a developer debugging option and can be left
+alone.
+
+Default: \fBnt pipe support = yes\fR
+.TP
+\fBnt smb support (G)\fR
+This boolean parameter controls whether smbd(8) will negotiate NT specific SMB
+support with Windows NT/2k/XP clients. Although this is a developer
+debugging option and should be left alone, benchmarking has discovered
+that Windows NT clients give faster performance with this option
+set to no. This is still being investigated.
+If this option is set to no then Samba offers
+exactly the same SMB calls that versions prior to Samba 2.0 offered.
+This information may be of use if any users are having problems
+with NT SMB support.
+
+You should not need to ever disable this parameter.
+
+Default: \fBnt smb support = yes\fR
+.TP
+\fBnt status support (G)\fR
+This boolean parameter controls whether smbd(8) will negotiate NT specific status
+support with Windows NT/2k/XP clients. This is a developer
+debugging option and should be left alone.
+If this option is set to no then Samba offers
+exactly the same DOS error codes that versions prior to Samba 2.2.3
+reported.
+
+You should not need to ever disable this parameter.
+
+Default: \fBnt status support = yes\fR
+.TP
+\fBnull passwords (G)\fR
+Allow or disallow client access to accounts 
+that have null passwords. 
+
+See also smbpasswd (5)
+
+Default: \fBnull passwords = no\fR
+.TP
+\fBobey pam restrictions (G)\fR
+When Samba 2.2 is configured to enable PAM support
+(i.e. --with-pam), this parameter will control whether or not Samba
+should obey PAM's account and session management directives. The 
+default behavior is to use PAM for clear text authentication only
+and to ignore any account or session management. Note that Samba
+always ignores PAM for authentication in the case of \fIencrypt passwords = yes\fR
+\&. The reason is that PAM modules cannot support the challenge/response
+authentication mechanism needed in the presence of SMB password encryption.
+
+Default: \fBobey pam restrictions = no\fR
+.TP
+\fBonly user (S)\fR
+This is a boolean option that controls whether 
+connections with usernames not in the \fIuser\fR 
+list will be allowed. By default this option is disabled so that a 
+client can supply a username to be used by the server. Enabling
+this parameter will force the server to only use the login 
+names from the \fIuser\fR list and is only really
+useful in share level
+security.
+
+Note that this also means Samba won't try to deduce 
+usernames from the service name. This can be annoying for 
+the [homes] section. To get around this you could use \fBuser =
+%S\fR which means your \fIuser\fR list
+will be just the service name, which for home directories is the 
+name of the user.
+
+See also the \fIuser\fR
+parameter.
+
+Default: \fBonly user = no\fR
+.TP
+\fBonly guest (S)\fR
+A synonym for \fI guest only\fR.
+.TP
+\fBoplock break wait time (G)\fR
+This is a tuning parameter added due to bugs in 
+both Windows 9x and WinNT. If Samba responds to a client too 
+quickly when that client issues an SMB that can cause an oplock 
+break request, then the network client can fail and not respond 
+to the break request. This tuning parameter (which is set in milliseconds) 
+is the amount of time Samba will wait before sending an oplock break 
+request to such (broken) clients.
+
+\fBDO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
+AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR.
+
+Default: \fBoplock break wait time = 0\fR
+.TP
+\fBoplock contention limit (S)\fR
+This is a \fBvery\fR advanced 
+smbd(8) tuning option to 
+improve the efficiency of the granting of oplocks under multiple 
+client contention for the same file.
+
+In brief it specifies a number, which causes smbd not to 
+grant an oplock even when requested if the approximate number of 
+clients contending for an oplock on the same file goes over this 
+limit. This causes \fBsmbd\fR to behave in a similar 
+way to Windows NT.
+
+\fBDO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
+AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR.
+
+Default: \fBoplock contention limit = 2\fR
+.TP
+\fBoplocks (S)\fR
+This boolean option tells \fBsmbd\fR whether to 
+issue oplocks (opportunistic locks) to file open requests on this 
+share. The oplock code can dramatically (approx. 30% or more) improve 
+the speed of access to files on Samba servers. It allows the clients 
+to aggressively cache files locally and you may want to disable this 
+option for unreliable network environments (it is turned on by 
+default in Windows NT Servers). For more information see the file 
+\fISpeed.txt\fR in the Samba \fIdocs/\fR 
+directory.
+
+Oplocks may be selectively turned off on certain files with a 
+share. See the \fI veto oplock files\fR parameter. On some systems 
+oplocks are recognized by the underlying operating system. This 
+allows data synchronization between all access to oplocked files, 
+whether it be via Samba or NFS or a local UNIX process. See the 
+\fIkernel oplocks\fR parameter for details.
+
+See also the \fIkernel 
+oplocks\fR and \fI level2 oplocks\fR parameters.
+
+Default: \fBoplocks = yes\fR
+.TP
+\fBos level (G)\fR
+This integer value controls what level Samba 
+advertises itself as for browse elections. The value of this 
+parameter determines whether nmbd(8) 
+has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area.
+
+\fBNote :\fRBy default, Samba will win 
+a local master browsing election over all Microsoft operating 
+systems except a Windows NT 4.0/2000 Domain Controller. This 
+means that a misconfigured Samba host can effectively isolate 
+a subnet for browsing purposes. See \fIBROWSING.txt
+\fRin the Samba \fIdocs/\fR directory 
+for details.
+
+Default: \fBos level = 20\fR
+
+Example: \fBos level = 65 \fR
+.TP
+\fBos2 driver map (G)\fR
+The parameter is used to define the absolute
+path to a file containing a mapping of Windows NT printer driver
+names to OS/2 printer driver names. The format is:
+
+<nt driver name> = <os2 driver 
+name>.<device name>
+
+For example, a valid entry using the HP LaserJet 5
+printer driver would appear as \fBHP LaserJet 5L = LASERJET.HP 
+LaserJet 5L\fR.
+
+The need for the file is due to the printer driver namespace 
+problem described in the Samba 
+Printing HOWTO For more details on OS/2 clients, please 
+refer to the OS2-Client-HOWTO
+ containing in the Samba documentation.
+
+Default: \fBos2 driver map = <empty string>
+\fR.TP
+\fBpam password change (G)\fR
+With the addition of better PAM support in Samba 2.2, 
+this parameter, it is possible to use PAM's password change control 
+flag for Samba. If enabled, then PAM will be used for password
+changes when requested by an SMB client instead of the program listed in 
+\fIpasswd program\fR. 
+It should be possible to enable this without changing your 
+\fIpasswd chat\fR
+parameter for most setups.
+
+Default: \fBpam password change = no\fR
+.TP
+\fBpanic action (G)\fR
+This is a Samba developer option that allows a 
+system command to be called when either  smbd(8) 
+crashes. This is usually used to draw attention to the fact that 
+a problem occurred.
+
+Default: \fBpanic action = <empty string>\fR
+
+Example: \fBpanic action = "/bin/sleep 90000"\fR
+.TP
+\fBpasswd chat (G)\fR
+This string controls the \fB"chat"\fR 
+conversation that takes places between smbd and the local password changing
+program to change the user's password. The string describes a 
+sequence of response-receive pairs that  smbd(8) uses to determine what to send to the 
+\fIpasswd program\fR
+and what to expect back. If the expected output is not 
+received then the password is not changed.
+
+This chat sequence is often quite site specific, depending 
+on what local methods are used for password control (such as NIS 
+etc).
+
+Note that this parameter only is only used if the \fIunix 
+password sync\fR parameter is set to yes. This 
+sequence is then called \fBAS ROOT\fR when the SMB password 
+in the smbpasswd file is being changed, without access to the old 
+password cleartext. This means that root must be able to reset the user's password
+without knowing the text of the previous password. In the presence of NIS/YP, 
+this means that the passwd program must be 
+executed on the NIS master.
+
+The string can contain the macro \fI%n\fR which is substituted 
+for the new password. The chat sequence can also contain the standard 
+macros \\n, \\r,  \\t and \\s to give line-feed, 
+carriage-return, tab and space. The chat sequence string can also contain 
+a '*' which matches any sequence of characters.
+Double quotes can be used to collect strings with spaces 
+in them into a single string.
+
+If the send string in any part of the chat sequence 
+is a full stop ".", then no string is sent. Similarly, 
+if the expect string is a full stop then no string is expected.
+
+If the \fIpam
+password change\fR parameter is set to yes, the chat pairs
+may be matched in any order, and success is determined by the PAM result, 
+not any particular output. The \\n macro is ignored for PAM conversions.
+
+See also \fIunix password 
+sync\fR, \fI passwd program\fR , \fIpasswd chat debug\fR and  \fIpam password change\fR.
+
+Default: \fBpasswd chat = *new*password* %n\\n 
+*new*password* %n\\n *changed*\fR
+
+Example: \fBpasswd chat = "*Enter OLD password*" %o\\n 
+"*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password 
+changed*"\fR
+.TP
+\fBpasswd chat debug (G)\fR
+This boolean specifies if the passwd chat script 
+parameter is run in \fBdebug\fR mode. In this mode the 
+strings passed to and received from the passwd chat are printed 
+in the smbd(8) log with a 
+\fIdebug level\fR 
+of 100. This is a dangerous option as it will allow plaintext passwords 
+to be seen in the \fBsmbd\fR log. It is available to help 
+Samba admins debug their \fIpasswd chat\fR scripts 
+when calling the \fIpasswd program\fR and should 
+be turned off after this has been done. This option has no effect if the 
+\fIpam password change\fR
+paramter is set. This parameter is off by default.
+
+See also \fIpasswd chat\fR
+, \fIpam password change\fR
+, \fIpasswd program\fR
+\&.
+
+Default: \fBpasswd chat debug = no\fR
+.TP
+\fBpasswd program (G)\fR
+The name of a program that can be used to set 
+UNIX user passwords. Any occurrences of \fI%u\fR 
+will be replaced with the user name. The user name is checked for 
+existence before calling the password changing program.
+
+Also note that many passwd programs insist in \fBreasonable
+\fRpasswords, such as a minimum length, or the inclusion 
+of mixed case chars and digits. This can pose a problem as some clients 
+(such as Windows for Workgroups) uppercase the password before sending 
+it.
+
+\fBNote\fR that if the \fIunix 
+password sync\fR parameter is set to yes
+then this program is called \fBAS ROOT\fR 
+before the SMB password in the smbpasswd(5)
+ file is changed. If this UNIX password change fails, then 
+\fBsmbd\fR will fail to change the SMB password also 
+(this is by design).
+
+If the \fIunix password sync\fR parameter 
+is set this parameter \fBMUST USE ABSOLUTE PATHS\fR 
+for \fBALL\fR programs called, and must be examined 
+for security implications. Note that by default \fIunix 
+password sync\fR is set to no.
+
+See also \fIunix 
+password sync\fR.
+
+Default: \fBpasswd program = /bin/passwd\fR
+
+Example: \fBpasswd program = /sbin/npasswd %u\fR
+.TP
+\fBpassword level (G)\fR
+Some client/server combinations have difficulty 
+with mixed-case passwords. One offending client is Windows for 
+Workgroups, which for some reason forces passwords to upper 
+case when using the LANMAN1 protocol, but leaves them alone when 
+using COREPLUS! Another problem child is the Windows 95/98
+family of operating systems. These clients upper case clear
+text passwords even when NT LM 0.12 selected by the protocol
+negotiation request/response.
+
+This parameter defines the maximum number of characters 
+that may be upper case in passwords.
+
+For example, say the password given was "FRED". If \fI password level\fR is set to 1, the following combinations 
+would be tried if "FRED" failed:
+
+"Fred", "fred", "fRed", "frEd","freD"
+
+If \fIpassword level\fR was set to 2, 
+the following combinations would also be tried: 
+
+"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..
+
+And so on.
+
+The higher value this parameter is set to the more likely 
+it is that a mixed case password will be matched against a single 
+case password. However, you should be aware that use of this 
+parameter reduces security and increases the time taken to 
+process a new connection.
+
+A value of zero will cause only two attempts to be 
+made - the password as is and the password in all-lower case.
+
+Default: \fBpassword level = 0\fR
+
+Example: \fBpassword level = 4\fR
+.TP
+\fBpassword server (G)\fR
+By specifying the name of another SMB server (such 
+as a WinNT box) with this option, and using \fBsecurity = domain
+\fRor \fBsecurity = server\fR you can get Samba 
+to do all its username/password validation via a remote server.
+
+This option sets the name of the password server to use. 
+It must be a NetBIOS name, so if the machine's NetBIOS name is 
+different from its Internet name then you may have to add its NetBIOS 
+name to the lmhosts file which is stored in the same directory 
+as the \fIsmb.conf\fR file.
+
+The name of the password server is looked up using the 
+parameter \fIname 
+resolve order\fR and so may resolved
+by any method and order described in that parameter.
+
+The password server much be a machine capable of using 
+the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
+user level security mode.
+
+\fBNOTE:\fR Using a password server 
+means your UNIX box (running Samba) is only as secure as your 
+password server. \fBDO NOT CHOOSE A PASSWORD SERVER THAT 
+YOU DON'T COMPLETELY TRUST\fR.
+
+Never point a Samba server at itself for password 
+serving. This will cause a loop and could lock up your Samba 
+server!
+
+The name of the password server takes the standard 
+substitutions, but probably the only useful one is \fI%m
+\fR, which means the Samba server will use the incoming 
+client as the password server. If you use this then you better 
+trust your clients, and you had better restrict them with hosts allow!
+
+If the \fIsecurity\fR parameter is set to
+domain, then the list of machines in this 
+option must be a list of Primary or Backup Domain controllers for the
+Domain or the character '*', as the Samba server is effectively
+in that domain, and will use cryptographically authenticated RPC calls
+to authenticate the user logging on. The advantage of using \fB security = domain\fR is that if you list several hosts in the 
+\fIpassword server\fR option then \fBsmbd
+\fRwill try each in turn till it finds one that responds. This 
+is useful in case your primary server goes down.
+
+If the \fIpassword server\fR option is set 
+to the character '*', then Samba will attempt to auto-locate the 
+Primary or Backup Domain controllers to authenticate against by 
+doing a query for the name WORKGROUP<1C> 
+and then contacting each server returned in the list of IP 
+addresses from the name resolution source. 
+
+If the \fIsecurity\fR parameter is 
+set to server, then there are different
+restrictions that \fBsecurity = domain\fR doesn't 
+suffer from:
+.RS
+.TP 0.2i
+\(bu
+You may list several password servers in 
+the \fIpassword server\fR parameter, however if an 
+\fBsmbd\fR makes a connection to a password server, 
+and then the password server fails, no more users will be able 
+to be authenticated from this \fBsmbd\fR. This is a 
+restriction of the SMB/CIFS protocol when in \fBsecurity = server
+\fRmode and cannot be fixed in Samba.
+.TP 0.2i
+\(bu
+If you are using a Windows NT server as your 
+password server then you will have to ensure that your users 
+are able to login from the Samba server, as when in \fB security = server\fR mode the network logon will appear to 
+come from there rather than from the users workstation.
+.RE
+.PP
+See also the \fIsecurity
+\fRparameter.
+.PP
+.PP
+Default: \fBpassword server = <empty string>\fR
+.PP
+.PP
+Example: \fBpassword server = NT-PDC, NT-BDC1, NT-BDC2
+\fR.PP
+.PP
+Example: \fBpassword server = *\fR
+.PP
+.TP
+\fBpath (S)\fR
+This parameter specifies a directory to which 
+the user of the service is to be given access. In the case of 
+printable services, this is where print data will spool prior to 
+being submitted to the host for printing.
+
+For a printable service offering guest access, the service 
+should be readonly and the path should be world-writeable and 
+have the sticky bit set. This is not mandatory of course, but 
+you probably won't get the results you expect if you do 
+otherwise.
+
+Any occurrences of \fI%u\fR in the path 
+will be replaced with the UNIX username that the client is using 
+on this connection. Any occurrences of \fI%m\fR 
+will be replaced by the NetBIOS name of the machine they are 
+connecting from. These replacements are very useful for setting 
+up pseudo home directories for users.
+
+Note that this path will be based on  \fIroot dir\fR if one was specified.
+
+Default: \fBnone\fR
+
+Example: \fBpath = /home/fred\fR
+.TP
+\fBpid directory (G)\fR
+This option specifies the directory where pid 
+files will be placed. 
+
+Default: \fBpid directory = ${prefix}/var/locks\fR
+
+Example: \fBpid directory = /var/run/\fR
+.TP
+\fBposix locking (S)\fR
+The \fBsmbd(8)\fR
+daemon maintains an database of file locks obtained by SMB clients.
+The default behavior is to map this internal database to POSIX
+locks. This means that file locks obtained by SMB clients are 
+consistent with those seen by POSIX compliant applications accessing 
+the files via a non-SMB method (e.g. NFS or local file access). 
+You should never need to disable this parameter.
+
+Default: \fBposix locking = yes\fR
+.TP
+\fBpostexec (S)\fR
+This option specifies a command to be run 
+whenever the service is disconnected. It takes the usual 
+substitutions. The command may be run as the root on some 
+systems.
+
+An interesting example may be to unmount server 
+resources:
+
+\fBpostexec = /etc/umount /cdrom\fR
+
+See also \fIpreexec\fR
+\&.
+
+Default: \fBnone (no command executed)\fR
+
+Example: \fBpostexec = echo \\"%u disconnected from %S 
+from %m (%I)\\" >> /tmp/log\fR
+.TP
+\fBpostscript (S)\fR
+This parameter forces a printer to interpret 
+the print files as PostScript. This is done by adding a %!
+to the start of print output.
+
+This is most useful when you have lots of PCs that persist 
+in putting a control-D at the start of print jobs, which then 
+confuses your printer.
+
+Default: \fBpostscript = no\fR
+.TP
+\fBpreexec (S)\fR
+This option specifies a command to be run whenever 
+the service is connected to. It takes the usual substitutions.
+
+An interesting example is to send the users a welcome 
+message every time they log in. Maybe a message of the day? Here 
+is an example:
+
+\fBpreexec = csh -c 'echo \\"Welcome to %S!\\" |
+/usr/local/samba/bin/smbclient -M %m -I %I' & \fR
+
+Of course, this could get annoying after a while :-)
+
+See also \fIpreexec close
+\fRand \fIpostexec
+\fR\&.
+
+Default: \fBnone (no command executed)\fR
+
+Example: \fBpreexec = echo \\"%u connected to %S from %m
+(%I)\\" >> /tmp/log\fR
+.TP
+\fBpreexec close (S)\fR
+This boolean option controls whether a non-zero 
+return code from \fIpreexec
+\fRshould close the service being connected to.
+
+Default: \fBpreexec close = no\fR
+.TP
+\fBpreferred master (G)\fR
+This boolean parameter controls if nmbd(8) is a preferred master browser 
+for its workgroup.
+
+If this is set to yes, on startup, \fBnmbd\fR 
+will force an election, and it will have a slight advantage in 
+winning the election. It is recommended that this parameter is 
+used in conjunction with \fB\fI domain master\fB = yes\fR, so that \fB nmbd\fR can guarantee becoming a domain master.
+
+Use this option with caution, because if there are several 
+hosts (whether Samba servers, Windows 95 or NT) that are preferred 
+master browsers on the same subnet, they will each periodically 
+and continuously attempt to become the local master browser. 
+This will result in unnecessary broadcast traffic and reduced browsing
+capabilities.
+
+See also \fIos level\fR
+\&.
+
+Default: \fBpreferred master = auto\fR
+.TP
+\fBprefered master (G)\fR
+Synonym for \fI preferred master\fR for people who cannot spell :-).
+.TP
+\fBpreload\fR
+This is a list of services that you want to be 
+automatically added to the browse lists. This is most useful 
+for homes and printers services that would otherwise not be 
+visible.
+
+Note that if you just want all printers in your 
+printcap file loaded then the  \fIload printers\fR option is easier.
+
+Default: \fBno preloaded services\fR
+
+Example: \fBpreload = fred lp colorlp\fR
+.TP
+\fBpreserve case (S)\fR
+This controls if new filenames are created
+with the case that the client passes, or if they are forced to 
+be the \fIdefault case
+\fR\&.
+
+Default: \fBpreserve case = yes\fR
+
+See the section on NAME 
+MANGLING for a fuller discussion.
+.TP
+\fBprint command (S)\fR
+After a print job has finished spooling to 
+a service, this command will be used via a \fBsystem()\fR 
+call to process the spool file. Typically the command specified will 
+submit the spool file to the host's printing subsystem, but there 
+is no requirement that this be the case. The server will not remove 
+the spool file, so whatever command you specify should remove the 
+spool file when it has been processed, otherwise you will need to 
+manually remove old spool files.
+
+The print command is simply a text string. It will be used 
+verbatim after macro substitutions have been made:
+
+s, %p - the path to the spool
+file name
+
+%p - the appropriate printer 
+name
+
+%J - the job 
+name as transmitted by the client.
+
+%c - The number of printed pages
+of the spooled job (if known).
+
+%z - the size of the spooled
+print job (in bytes)
+
+The print command \fBMUST\fR contain at least 
+one occurrence of \fI%s\fR or \fI%f
+\fR- the \fI%p\fR is optional. At the time 
+a job is submitted, if no printer name is supplied the \fI%p
+\fRwill be silently removed from the printer command.
+
+If specified in the [global] section, the print command given 
+will be used for any printable service that does not have its own 
+print command specified.
+
+If there is neither a specified print command for a 
+printable service nor a global print command, spool files will 
+be created but not processed and (most importantly) not removed.
+
+Note that printing may fail on some UNIXes from the 
+nobody account. If this happens then create 
+an alternative guest account that can print and set the \fIguest account\fR 
+in the [global] section.
+
+You can form quite complex print commands by realizing 
+that they are just passed to a shell. For example the following 
+will log a print job, print the file, then remove it. Note that 
+\&';' is the usual separator for command in shell scripts.
+
+\fBprint command = echo Printing %s >> 
+/tmp/print.log; lpr -P %p %s; rm %s\fR
+
+You may have to vary this command considerably depending 
+on how you normally print files on your system. The default for 
+the parameter varies depending on the setting of the  \fIprinting\fR parameter.
+
+Default: For \fBprinting = BSD, AIX, QNX, LPRNG 
+or PLP :\fR
+
+\fBprint command = lpr -r -P%p %s\fR
+
+For \fBprinting = SYSV or HPUX :\fR
+
+\fBprint command = lp -c -d%p %s; rm %s\fR
+
+For \fBprinting = SOFTQ :\fR
+
+\fBprint command = lp -d%p -s %s; rm %s\fR
+
+For printing = CUPS : If SAMBA is compiled against
+libcups, then printcap = cups 
+uses the CUPS API to
+submit jobs, etc. Otherwise it maps to the System V
+commands with the -oraw option for printing, i.e. it
+uses \fBlp -c -d%p -oraw; rm %s\fR. 
+With \fBprinting = cups\fR,
+and if SAMBA is compiled against libcups, any manually 
+set print command will be ignored.
+
+Example: \fBprint command = /usr/local/samba/bin/myprintscript
+%p %s\fR
+.TP
+\fBprint ok (S)\fR
+Synonym for  \fIprintable\fR.
+.TP
+\fBprintable (S)\fR
+If this parameter is yes, then 
+clients may open, write to and submit spool files on the directory 
+specified for the service. 
+
+Note that a printable service will ALWAYS allow writing 
+to the service path (user privileges permitting) via the spooling 
+of print data. The \fIread only
+\fRparameter controls only non-printing access to 
+the resource.
+
+Default: \fBprintable = no\fR
+.TP
+\fBprintcap (G)\fR
+Synonym for \fI printcap name\fR.
+.TP
+\fBprintcap name (G)\fR
+This parameter may be used to override the 
+compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR). See the discussion of the [printers] section above for reasons 
+why you might want to do this.
+
+To use the CUPS printing interface set \fBprintcap name = cups
+\fR\&. This should be supplemented by an addtional setting 
+printing = cups in the [global] 
+section. \fBprintcap name = cups\fR will use the 
+"dummy" printcap created by CUPS, as specified in your CUPS
+configuration file.
+
+On System V systems that use \fBlpstat\fR to 
+list available printers you can use \fBprintcap name = lpstat
+\fRto automatically obtain lists of available printers. This 
+is the default for systems that define SYSV at configure time in 
+Samba (this includes most System V based systems). If \fI printcap name\fR is set to \fBlpstat\fR on 
+these systems then Samba will launch \fBlpstat -v\fR and 
+attempt to parse the output to obtain a printer list.
+
+A minimal printcap file would look something like this:
+
+.sp
+.nf
+		print1|My Printer 1
+		print2|My Printer 2
+		print3|My Printer 3
+		print4|My Printer 4
+		print5|My Printer 5
+		
+.sp
+.fi
+
+where the '|' separates aliases of a printer. The fact 
+that the second alias has a space in it gives a hint to Samba 
+that it's a comment.
+
+\fBNOTE\fR: Under AIX the default printcap 
+name is \fI/etc/qconfig\fR. Samba will assume the 
+file is in AIX \fIqconfig\fR format if the string
+\fIqconfig\fR appears in the printcap filename.
+
+Default: \fBprintcap name = /etc/printcap\fR
+
+Example: \fBprintcap name = /etc/myprintcap\fR
+.TP
+\fBprinter admin (S)\fR
+This is a list of users that can do anything to 
+printers via the remote administration interfaces offered by MS-RPC 
+(usually using a NT workstation). Note that the root user always 
+has admin rights.
+
+Default: \fBprinter admin = <empty string>\fR
+
+Example: \fBprinter admin = admin, @staff\fR
+.TP
+\fBprinter driver (S)\fR
+\fBNote :\fRThis is a deprecated 
+parameter and will be removed in the next major release
+following version 2.2. Please see the instructions in
+the Samba 2.2. Printing
+HOWTO for more information
+on the new method of loading printer drivers onto a Samba server.
+
+This option allows you to control the string 
+that clients receive when they ask the server for the printer driver 
+associated with a printer. If you are using Windows95 or Windows NT 
+then you can use this to automate the setup of printers on your 
+system.
+
+You need to set this parameter to the exact string (case 
+sensitive) that describes the appropriate printer driver for your 
+system. If you don't know the exact string to use then you should 
+first try with no \fI printer driver\fR option set and the client will 
+give you a list of printer drivers. The appropriate strings are 
+shown in a scroll box after you have chosen the printer manufacturer.
+
+See also \fIprinter
+driver file\fR.
+
+Example: \fBprinter driver = HP LaserJet 4L\fR
+.TP
+\fBprinter driver file (G)\fR
+\fBNote :\fRThis is a deprecated 
+parameter and will be removed in the next major release
+following version 2.2. Please see the instructions in
+the Samba 2.2. Printing
+HOWTO for more information
+on the new method of loading printer drivers onto a Samba server.
+
+This parameter tells Samba where the printer driver 
+definition file, used when serving drivers to Windows 95 clients, is 
+to be found. If this is not set, the default is :
+
+\fISAMBA_INSTALL_DIRECTORY
+/lib/printers.def\fR
+
+This file is created from Windows 95 \fImsprint.inf
+\fRfiles found on the Windows 95 client system. For more 
+details on setting up serving of printer drivers to Windows 95 
+clients, see the outdated documentation file in the \fIdocs/\fR 
+directory, \fIPRINTER_DRIVER.txt\fR.
+
+See also \fI printer driver location\fR.
+
+Default: \fBNone (set in compile).\fR
+
+Example: \fBprinter driver file = 
+/usr/local/samba/printers/drivers.def\fR
+.TP
+\fBprinter driver location (S)\fR
+\fBNote :\fRThis is a deprecated 
+parameter and will be removed in the next major release
+following version 2.2. Please see the instructions in
+the Samba 2.2. Printing
+HOWTO for more information
+on the new method of loading printer drivers onto a Samba server.
+
+This parameter tells clients of a particular printer 
+share where to find the printer driver files for the automatic 
+installation of drivers for Windows 95 machines. If Samba is set up 
+to serve printer drivers to Windows 95 machines, this should be set to
+
+\fB\\\\MACHINE\\PRINTER$\fR
+
+Where MACHINE is the NetBIOS name of your Samba server, 
+and PRINTER$ is a share you set up for serving printer driver 
+files. For more details on setting this up see the outdated documentation 
+file in the \fIdocs/\fR directory, \fI PRINTER_DRIVER.txt\fR.
+
+See also \fI printer driver file\fR.
+
+Default: \fBnone\fR
+
+Example: \fBprinter driver location = \\\\MACHINE\\PRINTER$
+\fR.TP
+\fBprinter name (S)\fR
+This parameter specifies the name of the printer 
+to which print jobs spooled through a printable service will be sent.
+
+If specified in the [global] section, the printer
+name given will be used for any printable service that does 
+not have its own printer name specified.
+
+Default: \fBnone (but may be lp 
+on many systems)\fR
+
+Example: \fBprinter name = laserwriter\fR
+.TP
+\fBprinter (S)\fR
+Synonym for \fI printer name\fR.
+.TP
+\fBprinting (S)\fR
+This parameters controls how printer status 
+information is interpreted on your system. It also affects the 
+default values for the \fIprint command\fR, 
+\fIlpq command\fR, \fIlppause command
+\fR, \fIlpresume command\fR, and 
+\fIlprm command\fR if specified in the 
+[global] section.
+
+Currently nine printing styles are supported. They are
+BSD, AIX, 
+LPRNG, PLP,
+SYSV, HPUX,
+QNX, SOFTQ,
+and CUPS.
+
+To see what the defaults are for the other print 
+commands when using the various options use the testparm(1) program.
+
+This option can be set on a per printer basis
+
+See also the discussion in the  [printers] section.
+.TP
+\fBprofile acls (S)\fR
+This boolean parameter was added to fix the problems that people have been
+having with storing user profiles on Samba shares from Windows 2000 or
+Windows XP clients. New versions of Windows 2000 or Windows XP service
+packs do security ACL checking on the owner and ability to write of the
+profile directory stored on a local workstation when copied from a Samba
+share. When not in domain mode with winbindd then the security info copied
+onto the local workstation has no meaning to the logged in user (SID) on
+that workstation so the profile storing fails. Adding this parameter
+onto a share used for profile storage changes two things about the
+returned Windows ACL. Firstly it changes the owner and group owner
+of all reported files and directories to be BUILTIN\\Administrators,
+BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
+it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
+every returned ACL. This will allow any Windows 2000 or XP workstation
+user to access the profile. Note that if you have multiple users logging
+on to a workstation then in order to prevent them from being able to access
+each others profiles you must remove the "Bypass traverse checking" advanced
+user right. This will prevent access to other users profile directories as
+the top level profile directory (named after the user) is created by the
+workstation profile code and has an ACL restricting entry to the directory
+tree to the owning user.
+
+If you didn't understand the above text, you probably should not set
+this parameter :-).
+
+Default \fBprofile acls = no\fR
+.TP
+\fBprotocol (G)\fR
+Synonym for  \fImax protocol\fR.
+.TP
+\fBpublic (S)\fR
+Synonym for \fIguest 
+ok\fR.
+.TP
+\fBqueuepause command (S)\fR
+This parameter specifies the command to be 
+executed on the server host in order to pause the printer queue.
+
+This command should be a program or script which takes 
+a printer name as its only parameter and stops the printer queue, 
+such that no longer jobs are submitted to the printer.
+
+This command is not supported by Windows for Workgroups, 
+but can be issued from the Printers window under Windows 95 
+and NT.
+
+If a \fI%p\fR is given then the printer name 
+is put in its place. Otherwise it is placed at the end of the command.
+
+Note that it is good practice to include the absolute 
+path in the command as the PATH may not be available to the 
+server.
+
+Default: \fBdepends on the setting of \fIprinting
+\fB\fR
+Example: \fBqueuepause command = disable %p\fR
+.TP
+\fBqueueresume command (S)\fR
+This parameter specifies the command to be 
+executed on the server host in order to resume the printer queue. It 
+is the command to undo the behavior that is caused by the 
+previous parameter (\fI queuepause command\fR).
+
+This command should be a program or script which takes 
+a printer name as its only parameter and resumes the printer queue, 
+such that queued jobs are resubmitted to the printer.
+
+This command is not supported by Windows for Workgroups, 
+but can be issued from the Printers window under Windows 95 
+and NT.
+
+If a \fI%p\fR is given then the printer name 
+is put in its place. Otherwise it is placed at the end of the 
+command.
+
+Note that it is good practice to include the absolute 
+path in the command as the PATH may not be available to the 
+server.
+
+Default: \fBdepends on the setting of \fIprinting\fB\fR
+
+Example: \fBqueuepause command = enable %p
+\fR.TP
+\fBread bmpx (G)\fR
+This boolean parameter controls whether smbd(8) will support the "Read 
+Block Multiplex" SMB. This is now rarely used and defaults to 
+no. You should never need to set this 
+parameter.
+
+Default: \fBread bmpx = no\fR
+.TP
+\fBread list (S)\fR
+This is a list of users that are given read-only 
+access to a service. If the connecting user is in this list then 
+they will not be given write access, no matter what the \fIread only\fR
+option is set to. The list can include group names using the 
+syntax described in the \fI invalid users\fR parameter.
+
+See also the \fI write list\fR parameter and the \fIinvalid users\fR
+parameter.
+
+Default: \fBread list = <empty string>\fR
+
+Example: \fBread list = mary, @students\fR
+.TP
+\fBread only (S)\fR
+An inverted synonym is  \fIwriteable\fR.
+
+If this parameter is yes, then users 
+of a service may not create or modify files in the service's 
+directory.
+
+Note that a printable service (\fBprintable = yes\fR)
+will \fBALWAYS\fR allow writing to the directory 
+(user privileges permitting), but only via spooling operations.
+
+Default: \fBread only = yes\fR
+.TP
+\fBread raw (G)\fR
+This parameter controls whether or not the server 
+will support the raw read SMB requests when transferring data 
+to clients.
+
+If enabled, raw reads allow reads of 65535 bytes in 
+one packet. This typically provides a major performance benefit.
+
+However, some clients either negotiate the allowable 
+block size incorrectly or are incapable of supporting larger block 
+sizes, and for these clients you may need to disable raw reads.
+
+In general this parameter should be viewed as a system tuning 
+tool and left severely alone. See also  \fIwrite raw\fR.
+
+Default: \fBread raw = yes\fR
+.TP
+\fBread size (G)\fR
+The option \fIread size\fR 
+affects the overlap of disk reads/writes with network reads/writes. 
+If the amount of data being transferred in several of the SMB 
+commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger 
+than this value then the server begins writing the data before it 
+has received the whole packet from the network, or in the case of 
+SMBreadbraw, it begins writing to the network before all the data 
+has been read from disk.
+
+This overlapping works best when the speeds of disk and 
+network access are similar, having very little effect when the 
+speed of one is much greater than the other.
+
+The default value is 16384, but very little experimentation 
+has been done yet to determine the optimal value, and it is likely 
+that the best value will vary greatly between systems anyway. 
+A value over 65536 is pointless and will cause you to allocate 
+memory unnecessarily.
+
+Default: \fBread size = 16384\fR
+
+Example: \fBread size = 8192\fR
+.TP
+\fBremote announce (G)\fR
+This option allows you to setup nmbd(8) to periodically announce itself 
+to arbitrary IP addresses with an arbitrary workgroup name.
+
+This is useful if you want your Samba server to appear 
+in a remote workgroup for which the normal browse propagation 
+rules don't work. The remote workgroup can be anywhere that you 
+can send IP packets to.
+
+For example:
+
+\fBremote announce = 192.168.2.255/SERVERS 
+192.168.4.255/STAFF\fR
+
+the above line would cause \fBnmbd\fR to announce itself 
+to the two given IP addresses using the given workgroup names. 
+If you leave out the workgroup name then the one given in 
+the \fIworkgroup\fR 
+parameter is used instead.
+
+The IP addresses you choose would normally be the broadcast 
+addresses of the remote networks, but can also be the IP addresses 
+of known browse masters if your network config is that stable.
+
+See the documentation file \fIBROWSING.txt\fR 
+in the \fIdocs/\fR directory.
+
+Default: \fBremote announce = <empty string>
+\fR.TP
+\fBremote browse sync (G)\fR
+This option allows you to setup nmbd(8) to periodically request 
+synchronization of browse lists with the master browser of a Samba 
+server that is on a remote segment. This option will allow you to 
+gain browse lists for multiple workgroups across routed networks. This 
+is done in a manner that does not work with any non-Samba servers.
+
+This is useful if you want your Samba server and all local 
+clients to appear in a remote workgroup for which the normal browse 
+propagation rules don't work. The remote workgroup can be anywhere 
+that you can send IP packets to.
+
+For example:
+
+\fBremote browse sync = 192.168.2.255 192.168.4.255
+\fR
+the above line would cause \fBnmbd\fR to request 
+the master browser on the specified subnets or addresses to 
+synchronize their browse lists with the local server.
+
+The IP addresses you choose would normally be the broadcast 
+addresses of the remote networks, but can also be the IP addresses 
+of known browse masters if your network config is that stable. If 
+a machine IP address is given Samba makes NO attempt to validate 
+that the remote machine is available, is listening, nor that it 
+is in fact the browse master on its segment.
+
+Default: \fBremote browse sync = <empty string>
+\fR.TP
+\fBrestrict anonymous (G)\fR
+This is a boolean parameter. If it is yes, then 
+anonymous access to the server will be restricted, namely in the 
+case where the server is expecting the client to send a username, 
+but it doesn't. Setting it to yes will force these anonymous 
+connections to be denied, and the client will be required to always 
+supply a username and password when connecting. Use of this parameter 
+is only recommended for homogeneous NT client environments.
+
+This parameter makes the use of macro expansions that rely
+on the username (%U, %G, etc) consistent. NT 4.0 
+likes to use anonymous connections when refreshing the share list, 
+and this is a way to work around that.
+
+When restrict anonymous is yes, all anonymous connections 
+are denied no matter what they are for. This can effect the ability 
+of a machine to access the Samba Primary Domain Controller to revalidate 
+its machine account after someone else has logged on the client 
+interactively. The NT client will display a message saying that 
+the machine's account in the domain doesn't exist or the password is 
+bad. The best way to deal with this is to reboot NT client machines 
+between interactive logons, using "Shutdown and Restart", rather 
+than "Close all programs and logon as a different user".
+
+Default: \fBrestrict anonymous = no\fR
+.TP
+\fBroot (G)\fR
+Synonym for  \fIroot directory"\fR.
+.TP
+\fBroot dir (G)\fR
+Synonym for  \fIroot directory"\fR.
+.TP
+\fBroot directory (G)\fR
+The server will \fBchroot()\fR (i.e. 
+Change its root directory) to this directory on startup. This is 
+not strictly necessary for secure operation. Even without it the 
+server will deny access to files not in one of the service entries. 
+It may also check for, and deny access to, soft links to other 
+parts of the filesystem, or attempts to use ".." in file names 
+to access other directories (depending on the setting of the \fIwide links\fR 
+parameter).
+
+Adding a \fIroot directory\fR entry other 
+than "/" adds an extra level of security, but at a price. It 
+absolutely ensures that no access is given to files not in the 
+sub-tree specified in the \fIroot directory\fR 
+option, \fBincluding\fR some files needed for 
+complete operation of the server. To maintain full operability 
+of the server you will need to mirror some system files 
+into the \fIroot directory\fR tree. In particular 
+you will need to mirror \fI/etc/passwd\fR (or a 
+subset of it), and any binaries or configuration files needed for 
+printing (if required). The set of files that must be mirrored is
+operating system dependent.
+
+Default: \fBroot directory = /\fR
+
+Example: \fBroot directory = /homes/smb\fR
+.TP
+\fBroot postexec (S)\fR
+This is the same as the \fIpostexec\fR
+parameter except that the command is run as root. This 
+is useful for unmounting filesystems 
+(such as CDROMs) after a connection is closed.
+
+See also \fI postexec\fR.
+
+Default: \fBroot postexec = <empty string>
+\fR.TP
+\fBroot preexec (S)\fR
+This is the same as the \fIpreexec\fR
+parameter except that the command is run as root. This 
+is useful for mounting filesystems (such as CDROMs) when a 
+connection is opened.
+
+See also \fI preexec\fR and  \fIpreexec close\fR.
+
+Default: \fBroot preexec = <empty string>
+\fR.TP
+\fBroot preexec close (S)\fR
+This is the same as the \fIpreexec close
+\fRparameter except that the command is run as root.
+
+See also \fI preexec\fR and  \fIpreexec close\fR.
+
+Default: \fBroot preexec close = no\fR
+.TP
+\fBsecurity (G)\fR
+This option affects how clients respond to 
+Samba and is one of the most important settings in the \fI smb.conf\fR file.
+
+The option sets the "security mode bit" in replies to 
+protocol negotiations with smbd(8)
+ to turn share level security on or off. Clients decide 
+based on this bit whether (and how) to transfer user and password 
+information to the server.
+
+The default is \fBsecurity = user\fR, as this is
+the most common setting needed when talking to Windows 98 and 
+Windows NT.
+
+The alternatives are \fBsecurity = share\fR,
+\fBsecurity = server\fR or \fBsecurity = domain
+\fR\&.
+
+In versions of Samba prior to 2.0.0, the default was 
+\fBsecurity = share\fR mainly because that was
+the only option at one stage.
+
+There is a bug in WfWg that has relevance to this 
+setting. When in user or server level security a WfWg client 
+will totally ignore the password you type in the "connect 
+drive" dialog box. This makes it very difficult (if not impossible) 
+to connect to a Samba service as anyone except the user that 
+you are logged into WfWg as.
+
+If your PCs use usernames that are the same as their 
+usernames on the UNIX machine then you will want to use 
+\fBsecurity = user\fR. If you mostly use usernames 
+that don't exist on the UNIX box then use \fBsecurity = 
+share\fR.
+
+You should also use \fBsecurity = share\fR if you 
+want to mainly setup shares without a password (guest shares). This 
+is commonly used for a shared printer server. It is more difficult 
+to setup guest shares with \fBsecurity = user\fR, see 
+the \fImap to guest\fR
+parameter for details.
+
+It is possible to use \fBsmbd\fR in a \fB hybrid mode\fR where it is offers both user and share 
+level security under different  \fINetBIOS aliases\fR. 
+
+The different settings will now be explained.
+
+\fBSECURITY = SHARE
+\fR
+When clients connect to a share level security server they 
+need not log onto the server with a valid username and password before 
+attempting to connect to a shared resource (although modern clients 
+such as Windows 95/98 and Windows NT will send a logon request with 
+a username but no password when talking to a \fBsecurity = share
+\fRserver). Instead, the clients send authentication information 
+(passwords) on a per-share basis, at the time they attempt to connect 
+to that share.
+
+Note that \fBsmbd\fR \fBALWAYS\fR 
+uses a valid UNIX user to act on behalf of the client, even in
+\fBsecurity = share\fR level security.
+
+As clients are not required to send a username to the server
+in share level security, \fBsmbd\fR uses several
+techniques to determine the correct UNIX user to use on behalf
+of the client.
+
+A list of possible UNIX usernames to match with the given
+client password is constructed using the following methods :
+.RS
+.TP 0.2i
+\(bu
+If the \fIguest 
+only\fR parameter is set, then all the other 
+stages are missed and only the  \fIguest account\fR username is checked.
+.TP 0.2i
+\(bu
+Is a username is sent with the share connection 
+request, then this username (after mapping - see \fIusername map\fR), 
+is added as a potential username.
+.TP 0.2i
+\(bu
+If the client did a previous \fBlogon
+\fRrequest (the SessionSetup SMB call) then the 
+username sent in this SMB will be added as a potential username.
+.TP 0.2i
+\(bu
+The name of the service the client requested is 
+added as a potential username.
+.TP 0.2i
+\(bu
+The NetBIOS name of the client is added to 
+the list as a potential username.
+.TP 0.2i
+\(bu
+Any users on the \fI user\fR list are added as potential usernames.
+.RE
+.PP
+If the \fIguest only\fR parameter is 
+not set, then this list is then tried with the supplied password. 
+The first user for whom the password matches will be used as the 
+UNIX user.
+.PP
+.PP
+If the \fIguest only\fR parameter is 
+set, or no username can be determined then if the share is marked 
+as available to the \fIguest account\fR, then this 
+guest user will be used, otherwise access is denied.
+.PP
+.PP
+Note that it can be \fBvery\fR confusing 
+in share-level security as to which UNIX username will eventually
+be used in granting access.
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
+\fBSECURITY = USER
+\fR.PP
+.PP
+This is the default security setting in Samba 2.2. 
+With user-level security a client must first "log-on" with a 
+valid username and password (which can be mapped using the \fIusername map\fR 
+parameter). Encrypted passwords (see the  \fIencrypted passwords\fR parameter) can also
+be used in this security mode. Parameters such as  \fIuser\fR and  \fIguest only\fR if set are then applied and 
+may change the UNIX user to use on this connection, but only after 
+the user has been successfully authenticated.
+.PP
+.PP
+\fBNote\fR that the name of the resource being 
+requested is \fBnot\fR sent to the server until after 
+the server has successfully authenticated the client. This is why 
+guest shares don't work in user level security without allowing 
+the server to automatically map unknown users into the \fIguest account\fR. 
+See the \fImap to guest\fR
+parameter for details on doing this.
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
+\fBSECURITY = SERVER
+\fR.PP
+.PP
+In this mode Samba will try to validate the username/password 
+by passing it to another SMB server, such as an NT box. If this 
+fails it will revert to \fBsecurity = user\fR, but note 
+that if encrypted passwords have been negotiated then Samba cannot 
+revert back to checking the UNIX password file, it must have a valid 
+\fIsmbpasswd\fR file to check users against. See the 
+documentation file in the \fIdocs/\fR directory 
+\fIENCRYPTION.txt\fR for details on how to set this 
+up.
+.PP
+.PP
+\fBNote\fR that from the client's point of 
+view \fBsecurity = server\fR is the same as \fB security = user\fR. It only affects how the server deals 
+with the authentication, it does not in any way affect what the 
+client sees.
+.PP
+.PP
+\fBNote\fR that the name of the resource being 
+requested is \fBnot\fR sent to the server until after 
+the server has successfully authenticated the client. This is why 
+guest shares don't work in user level security without allowing 
+the server to automatically map unknown users into the \fIguest account\fR. 
+See the \fImap to guest\fR
+parameter for details on doing this.
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
+See also the \fIpassword 
+server\fR parameter and the \fIencrypted passwords\fR
+parameter.
+.PP
+.PP
+\fBSECURITY = DOMAIN
+\fR.PP
+.PP
+This mode will only work correctly if smbpasswd(8) has been used to add this 
+machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR
+parameter to be set to yes. In this 
+mode Samba will try to validate the username/password by passing
+it to a Windows NT Primary or Backup Domain Controller, in exactly 
+the same way that a Windows NT Server would do.
+.PP
+.PP
+\fBNote\fR that a valid UNIX user must still 
+exist as well as the account on the Domain Controller to allow 
+Samba to have a valid UNIX account to map file access to.
+.PP
+.PP
+\fBNote\fR that from the client's point 
+of view \fBsecurity = domain\fR is the same as \fBsecurity = user
+\fR\&. It only affects how the server deals with the authentication, 
+it does not in any way affect what the client sees.
+.PP
+.PP
+\fBNote\fR that the name of the resource being 
+requested is \fBnot\fR sent to the server until after 
+the server has successfully authenticated the client. This is why 
+guest shares don't work in user level security without allowing 
+the server to automatically map unknown users into the \fIguest account\fR. 
+See the \fImap to guest\fR
+parameter for details on doing this.
+.PP
+.PP
+\fBBUG:\fR There is currently a bug in the 
+implementation of \fBsecurity = domain\fR with respect 
+to multi-byte character set usernames. The communication with a 
+Domain Controller must be done in UNICODE and Samba currently 
+does not widen multi-byte user names to UNICODE correctly, thus 
+a multi-byte username will not be recognized correctly at the 
+Domain Controller. This issue will be addressed in a future release.
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
+See also the \fIpassword 
+server\fR parameter and the \fIencrypted passwords\fR
+parameter.
+.PP
+.PP
+Default: \fBsecurity = USER\fR
+.PP
+.PP
+Example: \fBsecurity = DOMAIN\fR
+.PP
+.TP
+\fBsecurity mask (S)\fR
+This parameter controls what UNIX permission 
+bits can be modified when a Windows NT client is manipulating 
+the UNIX permission on a file using the native NT security 
+dialog box.
+
+This parameter is applied as a mask (AND'ed with) to 
+the changed permission bits, thus preventing any bits not in 
+this mask from being modified. Essentially, zero bits in this 
+mask may be treated as a set of bits the user is not allowed 
+to change.
+
+If not set explicitly this parameter is 0777, allowing
+a user to modify all the user/group/world permissions on a file.
+
+\fBNote\fR that users who can access the 
+Samba server through other means can easily bypass this 
+restriction, so it is primarily useful for standalone 
+"appliance" systems. Administrators of most normal systems will 
+probably want to leave it set to 0777.
+
+See also the  \fIforce directory security mode\fR, 
+\fIdirectory 
+security mask\fR,  \fIforce security mode\fR parameters.
+
+Default: \fBsecurity mask = 0777\fR
+
+Example: \fBsecurity mask = 0770\fR
+.TP
+\fBserver string (G)\fR
+This controls what string will show up in the 
+printer comment box in print manager and next to the IPC connection 
+in \fBnet view\fR. It can be any string that you wish 
+to show to your users.
+
+It also sets what will appear in browse lists next 
+to the machine name.
+
+A \fI%v\fR will be replaced with the Samba 
+version number.
+
+A \fI%h\fR will be replaced with the 
+hostname.
+
+Default: \fBserver string = Samba %v\fR
+
+Example: \fBserver string = University of GNUs Samba 
+Server\fR
+.TP
+\fBset directory (S)\fR
+If \fBset directory = no\fR, then 
+users of the service may not use the setdir command to change 
+directory.
+
+The \fBsetdir\fR command is only implemented 
+in the Digital Pathworks client. See the Pathworks documentation 
+for details.
+
+Default: \fBset directory = no\fR
+.TP
+\fBshare modes (S)\fR
+This enables or disables the honoring of 
+the \fIshare modes\fR during a file open. These 
+modes are used by clients to gain exclusive read or write access 
+to a file.
+
+These open modes are not directly supported by UNIX, so
+they are simulated using shared memory, or lock files if your 
+UNIX doesn't support shared memory (almost all do).
+
+The share modes that are enabled by this option are 
+DENY_DOS, DENY_ALL,
+DENY_READ, DENY_WRITE,
+DENY_NONE and DENY_FCB.
+
+This option gives full share compatibility and enabled 
+by default.
+
+You should \fBNEVER\fR turn this parameter 
+off as many Windows applications will break if you do so.
+
+Default: \fBshare modes = yes\fR
+.TP
+\fBshort preserve case (S)\fR
+This boolean parameter controls if new files 
+which conform to 8.3 syntax, that is all in upper case and of 
+suitable length, are created upper case, or if they are forced 
+to be the \fIdefault case
+\fR\&. This option can be use with \fBpreserve case = yes\fR
+to permit long filenames to retain their case, while short 
+names are lowered. 
+
+See the section on  NAME MANGLING.
+
+Default: \fBshort preserve case = yes\fR
+.TP
+\fBshow add printer wizard (G)\fR
+With the introduction of MS-RPC based printing support
+for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
+appear on Samba hosts in the share listing. Normally this folder will 
+contain an icon for the MS Add Printer Wizard (APW). However, it is 
+possible to disable this feature regardless of the level of privilege 
+of the connected user.
+
+Under normal circumstances, the Windows NT/2000 client will 
+open a handle on the printer server with OpenPrinterEx() asking for
+Administrator privileges. If the user does not have administrative
+access on the print server (i.e is not root or a member of the 
+\fIprinter admin\fR group), the OpenPrinterEx() 
+call fails and the client makes another open call with a request for 
+a lower privilege level. This should succeed, however the APW 
+icon will not be displayed.
+
+Disabling the \fIshow add printer wizard\fR
+parameter will always cause the OpenPrinterEx() on the server
+to fail. Thus the APW icon will never be displayed. \fB Note :\fRThis does not prevent the same user from having 
+administrative privilege on an individual printer.
+
+See also \fIaddprinter
+command\fR,  \fIdeleteprinter command\fR, \fIprinter admin\fR
+
+Default :\fBshow add printer wizard = yes\fR
+.TP
+\fBsmb passwd file (G)\fR
+This option sets the path to the encrypted 
+smbpasswd file. By default the path to the smbpasswd file 
+is compiled into Samba.
+
+Default: \fBsmb passwd file = ${prefix}/private/smbpasswd
+\fR
+Example: \fBsmb passwd file = /etc/samba/smbpasswd
+\fR.TP
+\fBsocket address (G)\fR
+This option allows you to control what 
+address Samba will listen for connections on. This is used to 
+support multiple virtual interfaces on the one server, each 
+with a different configuration.
+
+By default Samba will accept connections on any 
+address.
+
+Example: \fBsocket address = 192.168.2.20\fR
+.TP
+\fBsocket options (G)\fR
+This option allows you to set socket options 
+to be used when talking with the client.
+
+Socket options are controls on the networking layer 
+of the operating systems which allow the connection to be 
+tuned.
+
+This option will typically be used to tune your Samba 
+server for optimal performance for your local network. There is 
+no way that Samba can know what the optimal parameters are for 
+your net, so you must experiment and choose them yourself. We 
+strongly suggest you read the appropriate documentation for your 
+operating system first (perhaps \fBman setsockopt\fR 
+will help).
+
+You may find that on some systems Samba will say 
+"Unknown socket option" when you supply an option. This means you 
+either incorrectly typed it or you need to add an include file 
+to includes.h for your OS. If the latter is the case please 
+send the patch to  samba@samba.org <URL:mailto:samba@samba.org>.
+
+Any of the supported socket options may be combined 
+in any way you like, as long as your OS allows it.
+
+This is the list of socket options currently settable 
+using this option:
+.RS
+.TP 0.2i
+\(bu
+SO_KEEPALIVE
+.TP 0.2i
+\(bu
+SO_REUSEADDR
+.TP 0.2i
+\(bu
+SO_BROADCAST
+.TP 0.2i
+\(bu
+TCP_NODELAY
+.TP 0.2i
+\(bu
+IPTOS_LOWDELAY
+.TP 0.2i
+\(bu
+IPTOS_THROUGHPUT
+.TP 0.2i
+\(bu
+SO_SNDBUF *
+.TP 0.2i
+\(bu
+SO_RCVBUF *
+.TP 0.2i
+\(bu
+SO_SNDLOWAT *
+.TP 0.2i
+\(bu
+SO_RCVLOWAT *
+.RE
+.PP
+Those marked with a \fB'*'\fR take an integer 
+argument. The others can optionally take a 1 or 0 argument to enable 
+or disable the option, by default they will be enabled if you 
+don't specify 1 or 0.
+.PP
+.PP
+To specify an argument use the syntax SOME_OPTION = VALUE 
+for example \fBSO_SNDBUF = 8192\fR. Note that you must 
+not have any spaces before or after the = sign.
+.PP
+.PP
+If you are on a local network then a sensible option 
+might be
+.PP
+.PP
+\fBsocket options = IPTOS_LOWDELAY\fR
+.PP
+.PP
+If you have a local network then you could try:
+.PP
+.PP
+\fBsocket options = IPTOS_LOWDELAY TCP_NODELAY\fR
+.PP
+.PP
+If you are on a wide area network then perhaps try 
+setting IPTOS_THROUGHPUT. 
+.PP
+.PP
+Note that several of the options may cause your Samba 
+server to fail completely. Use these options with caution!
+.PP
+.PP
+Default: \fBsocket options = TCP_NODELAY\fR
+.PP
+.PP
+Example: \fBsocket options = IPTOS_LOWDELAY\fR
+.PP
+.TP
+\fBsource environment (G)\fR
+This parameter causes Samba to set environment 
+variables as per the content of the file named.
+
+If the value of this parameter starts with a "|" character 
+then Samba will treat that value as a pipe command to open and 
+will set the environment variables from the output of the pipe.
+
+The contents of the file or the output of the pipe should 
+be formatted as the output of the standard Unix \fBenv(1)
+\fRcommand. This is of the form :
+
+Example environment entry:
+
+\fBSAMBA_NETBIOS_NAME = myhostname\fR
+
+Default: \fBNo default value\fR
+
+Examples: \fBsource environment = |/etc/smb.conf.sh
+\fR
+Example: \fBsource environment = 
+/usr/local/smb_env_vars\fR
+.TP
+\fBssl (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable enables or disables the entire SSL mode. If 
+it is set to no, the SSL-enabled Samba behaves 
+exactly like the non-SSL Samba. If set to yes, 
+it depends on the variables \fI ssl hosts\fR and  \fIssl hosts resign\fR whether an SSL 
+connection will be required.
+
+Default: \fBssl = no\fR
+.TP
+\fBssl CA certDir (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable defines where to look up the Certification
+Authorities. The given directory should contain one file for 
+each CA that Samba will trust. The file name must be the hash 
+value over the "Distinguished Name" of the CA. How this directory 
+is set up is explained later in this document. All files within the 
+directory that don't fit into this naming scheme are ignored. You 
+don't need this variable if you don't verify client certificates.
+
+Default: \fBssl CA certDir = /usr/local/ssl/certs
+\fR.TP
+\fBssl CA certFile (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable is a second way to define the trusted CAs. 
+The certificates of the trusted CAs are collected in one big 
+file and this variable points to the file. You will probably 
+only use one of the two ways to define your CAs. The first choice is 
+preferable if you have many CAs or want to be flexible, the second 
+is preferable if you only have one CA and want to keep things 
+simple (you won't need to create the hashed file names). You 
+don't need this variable if you don't verify client certificates.
+
+Default: \fBssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
+\fR.TP
+\fBssl ciphers (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable defines the ciphers that should be offered 
+during SSL negotiation. You should not set this variable unless 
+you know what you are doing.
+.TP
+\fBssl client cert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+The certificate in this file is used by  \fBsmbclient(1)\fR if it exists. It's needed 
+if the server requires a client certificate.
+
+Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem
+\fR.TP
+\fBssl client key (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This is the private key for  \fBsmbclient(1)\fR It's only needed if the 
+client should have a certificate. 
+
+Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem
+\fR.TP
+\fBssl compatibility (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable defines whether OpenSSL should be configured 
+for bug compatibility with other SSL implementations. This is 
+probably not desirable because currently no clients with SSL 
+implementations other than OpenSSL exist.
+
+Default: \fBssl compatibility = no\fR
+.TP
+\fBssl egd socket (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This option is used to define the location of the communiation socket of 
+an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
+can be used instead of or together with the \fIssl entropy file\fR 
+directive. 255 bytes of entropy will be retrieved from the daemon.
+
+Default: \fBnone\fR
+.TP
+\fBssl entropy bytes (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This parameter is used to define the number of bytes which should 
+be read from the \fIssl entropy 
+file\fR If a -1 is specified, the entire file will
+be read.
+
+Default: \fBssl entropy bytes = 255\fR
+.TP
+\fBssl entropy file (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This parameter is used to specify a file from which processes will 
+read "random bytes" on startup. In order to seed the internal pseudo 
+random number generator, entropy must be provided. On system with a 
+\fI/dev/urandom\fR device file, the processes
+will retrieve its entropy from the kernel. On systems without kernel
+entropy support, a file can be supplied that will be read on startup
+and that will be used to seed the PRNG.
+
+Default: \fBnone\fR
+.TP
+\fBssl hosts (G)\fR
+See \fI ssl hosts resign\fR.
+.TP
+\fBssl hosts resign (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+These two variables define whether Samba will go 
+into SSL mode or not. If none of them is defined, Samba will 
+allow only SSL connections. If the  \fIssl hosts\fR variable lists
+hosts (by IP-address, IP-address range, net group or name), 
+only these hosts will be forced into SSL mode. If the \fI ssl hosts resign\fR variable lists hosts, only these 
+hosts will \fBNOT\fR be forced into SSL mode. The syntax for these two 
+variables is the same as for the \fI hosts allow\fR and  \fIhosts deny\fR pair of variables, only 
+that the subject of the decision is different: It's not the access 
+right but whether SSL is used or not. 
+
+The example below requires SSL connections from all hosts
+outside the local net (which is 192.168.*.*).
+
+Default: \fBssl hosts = <empty string>\fR
+
+\fBssl hosts resign = <empty string>\fR
+
+Example: \fBssl hosts resign = 192.168.\fR
+.TP
+\fBssl require clientcert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+If this variable is set to yes, the 
+server will not tolerate connections from clients that don't 
+have a valid certificate. The directory/file given in \fIssl CA certDir\fR
+and \fIssl CA certFile
+\fRwill be used to look up the CAs that issued 
+the client's certificate. If the certificate can't be verified 
+positively, the connection will be terminated. If this variable 
+is set to no, clients don't need certificates. 
+Contrary to web applications you really \fBshould\fR 
+require client certificates. In the web environment the client's 
+data is sensitive (credit card numbers) and the server must prove 
+to be trustworthy. In a file server environment the server's data 
+will be sensitive and the clients must prove to be trustworthy.
+
+Default: \fBssl require clientcert = no\fR
+.TP
+\fBssl require servercert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+If this variable is set to yes, the 
+\fBsmbclient(1)\fR
+ will request a certificate from the server. Same as 
+\fIssl require 
+clientcert\fR for the server.
+
+Default: \fBssl require servercert = no\fR
+.TP
+\fBssl server cert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This is the file containing the server's certificate. 
+The server \fBmust\fR have a certificate. The 
+file may also contain the server's private key. See later for 
+how certificates and private keys are created.
+
+Default: \fBssl server cert = <empty string>
+\fR.TP
+\fBssl server key (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This file contains the private key of the server. If 
+this variable is not defined, the key is looked up in the 
+certificate file (it may be appended to the certificate). 
+The server \fBmust\fR have a private key
+and the certificate \fBmust\fR 
+match this private key.
+
+Default: \fBssl server key = <empty string>
+\fR.TP
+\fBssl version (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This enumeration variable defines the versions of the 
+SSL protocol that will be used. ssl2or3 allows 
+dynamic negotiation of SSL v2 or v3, ssl2 results 
+in SSL v2, ssl3 results in SSL v3 and
+tls1 results in TLS v1. TLS (Transport Layer 
+Security) is the new standard for SSL.
+
+Default: \fBssl version = "ssl2or3"\fR
+.TP
+\fBstat cache (G)\fR
+This parameter determines if smbd(8) will use a cache in order to 
+speed up case insensitive name mappings. You should never need 
+to change this parameter.
+
+Default: \fBstat cache = yes\fR
+.TP
+\fBstat cache size (G)\fR
+This parameter determines the number of 
+entries in the \fIstat cache\fR. You should 
+never need to change this parameter.
+
+Default: \fBstat cache size = 50\fR
+.TP
+\fBstatus (G)\fR
+This enables or disables logging of connections 
+to a status file that smbstatus(1)
+can read.
+
+With this disabled \fBsmbstatus\fR won't be able
+to tell you what connections are active. You should never need to
+change this parameter.
+
+Default: \fBstatus = yes\fR
+.TP
+\fBstrict allocate (S)\fR
+This is a boolean that controls the handling of 
+disk space allocation in the server. When this is set to yes 
+the server will change from UNIX behaviour of not committing real
+disk storage blocks when a file is extended to the Windows behaviour
+of actually forcing the disk system to allocate real storage blocks
+when a file is created or extended to be a given size. In UNIX
+terminology this means that Samba will stop creating sparse files.
+This can be slow on some systems.
+
+When strict allocate is no the server does sparse
+disk block allocation when a file is extended.
+
+Setting this to yes can help Samba return
+out of quota messages on systems that are restricting the disk quota
+of users.
+
+Default: \fBstrict allocate = no\fR
+.TP
+\fBstrict locking (S)\fR
+This is a boolean that controls the handling of 
+file locking in the server. When this is set to yes 
+the server will check every read and write access for file locks, and 
+deny access if locks exist. This can be slow on some systems.
+
+When strict locking is no the server does file 
+lock checks only when the client explicitly asks for them.
+
+Well-behaved clients always ask for lock checks when it 
+is important, so in the vast majority of cases \fBstrict 
+locking = no\fR is preferable.
+
+Default: \fBstrict locking = no\fR
+.TP
+\fBstrict sync (S)\fR
+Many Windows applications (including the Windows 
+98 explorer shell) seem to confuse flushing buffer contents to 
+disk with doing a sync to disk. Under UNIX, a sync call forces 
+the process to be suspended until the kernel has ensured that 
+all outstanding data in kernel disk buffers has been safely stored 
+onto stable storage. This is very slow and should only be done 
+rarely. Setting this parameter to no (the 
+default) means that smbd ignores the Windows applications requests for
+a sync call. There is only a possibility of losing data if the
+operating system itself that Samba is running on crashes, so there is
+little danger in this default setting. In addition, this fixes many
+performance problems that people have reported with the new Windows98
+explorer shell file copies.
+
+See also the \fIsync 
+always>\fR parameter.
+
+Default: \fBstrict sync = no\fR
+.TP
+\fBstrip dot (G)\fR
+This parameter is now unused in Samba (2.2.5 and above).
+It used strip trailing dots off UNIX filenames but was not correctly implmented.
+In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+being returned to a client.
+
+Default: \fBstrip dot = no\fR
+.TP
+\fBsync always (S)\fR
+This is a boolean parameter that controls 
+whether writes will always be written to stable storage before 
+the write call returns. If this is no then the server will be 
+guided by the client's request in each write call (clients can 
+set a bit indicating that a particular write should be synchronous). 
+If this is yes then every write will be followed by a \fBfsync()
+\fRcall to ensure the data is written to disk. Note that 
+the \fIstrict sync\fR parameter must be set to
+yes in order for this parameter to have 
+any affect.
+
+See also the \fIstrict 
+sync\fR parameter.
+
+Default: \fBsync always = no\fR
+.TP
+\fBsyslog (G)\fR
+This parameter maps how Samba debug messages 
+are logged onto the system syslog logging levels. Samba debug 
+level zero maps onto syslog LOG_ERR, debug 
+level one maps onto LOG_WARNING, debug level 
+two maps onto LOG_NOTICE, debug level three 
+maps onto LOG_INFO. All higher levels are mapped to  LOG_DEBUG.
+
+This parameter sets the threshold for sending messages 
+to syslog. Only messages with debug level less than this value 
+will be sent to syslog.
+
+Default: \fBsyslog = 1\fR
+.TP
+\fBsyslog only (G)\fR
+If this parameter is set then Samba debug 
+messages are logged into the system syslog only, and not to 
+the debug log files.
+
+Default: \fBsyslog only = no\fR
+.TP
+\fBtemplate homedir (G)\fR
+When filling out the user information for a Windows NT 
+user, the winbindd(8) daemon 
+uses this parameter to fill in the home directory for that user. 
+If the string \fI%D\fR is present it is substituted 
+with the user's Windows NT domain name. If the string \fI%U
+\fRis present it is substituted with the user's Windows 
+NT user name.
+
+Default: \fBtemplate homedir = /home/%D/%U\fR
+.TP
+\fBtemplate shell (G)\fR
+When filling out the user information for a Windows NT 
+user, the winbindd(8) daemon 
+uses this parameter to fill in the login shell for that user.
+
+Default: \fBtemplate shell = /bin/false\fR
+.TP
+\fBtime offset (G)\fR
+This parameter is a setting in minutes to add 
+to the normal GMT to local time conversion. This is useful if 
+you are serving a lot of PCs that have incorrect daylight 
+saving time handling.
+
+Default: \fBtime offset = 0\fR
+
+Example: \fBtime offset = 60\fR
+.TP
+\fBtime server (G)\fR
+This parameter determines if  
+nmbd(8) advertises itself as a time server to Windows 
+clients.
+
+Default: \fBtime server = no\fR
+.TP
+\fBtimestamp logs (G)\fR
+Synonym for \fI debug timestamp\fR.
+.TP
+\fBtotal print jobs (G)\fR
+This parameter accepts an integer value which defines
+a limit on the maximum number of print jobs that will be accepted 
+system wide at any given time. If a print job is submitted
+by a client which will exceed this number, then smbd will return an 
+error indicating that no space is available on the server. The 
+default value of 0 means that no such limit exists. This parameter
+can be used to prevent a server from exceeding its capacity and is
+designed as a printing throttle. See also 
+\fImax print jobs\fR.
+
+Default: \fBtotal print jobs = 0\fR
+
+Example: \fBtotal print jobs = 5000\fR
+.TP
+\fBunix extensions(G)\fR
+This boolean parameter controls whether Samba 
+implments the CIFS UNIX extensions, as defined by HP. 
+These extensions enable Samba to better serve UNIX CIFS clients
+by supporting features such as symbolic links, hard links, etc...
+These extensions require a similarly enabled client, and are of
+no current use to Windows clients.
+
+Default: \fBunix extensions = no\fR
+.TP
+\fBunix password sync (G)\fR
+This boolean parameter controls whether Samba 
+attempts to synchronize the UNIX password with the SMB password 
+when the encrypted SMB password in the smbpasswd file is changed. 
+If this is set to yes the program specified in the \fIpasswd
+program\fRparameter is called \fBAS ROOT\fR - 
+to allow the new UNIX password to be set without access to the 
+old UNIX password (as the SMB password change code has no 
+access to the old password cleartext, only the new).
+
+See also \fIpasswd 
+program\fR, \fI passwd chat\fR.
+
+Default: \fBunix password sync = no\fR
+.TP
+\fBupdate encrypted (G)\fR
+This boolean parameter allows a user logging 
+on with a plaintext password to have their encrypted (hashed) 
+password in the smbpasswd file to be updated automatically as 
+they log on. This option allows a site to migrate from plaintext 
+password authentication (users authenticate with plaintext 
+password over the wire, and are checked against a UNIX account 
+database) to encrypted password authentication (the SMB 
+challenge/response authentication mechanism) without forcing
+all users to re-enter their passwords via smbpasswd at the time the
+change is made. This is a convenience option to allow the change over
+to encrypted passwords to be made over a longer period. Once all users
+have encrypted representations of their passwords in the smbpasswd
+file this parameter should be set to no.
+
+In order for this parameter to work correctly the \fIencrypt passwords\fR
+parameter must be set to no when
+this parameter is set to yes.
+
+Note that even when this parameter is set a user 
+authenticating to \fBsmbd\fR must still enter a valid 
+password in order to connect correctly, and to update their hashed 
+(smbpasswd) passwords.
+
+Default: \fBupdate encrypted = no\fR
+.TP
+\fBuse client driver (S)\fR
+This parameter applies only to Windows NT/2000
+clients. It has no affect on Windows 95/98/ME clients. When 
+serving a printer to Windows NT/2000 clients without first installing
+a valid printer driver on the Samba host, the client will be required
+to install a local printer driver. From this point on, the client
+will treat the print as a local printer and not a network printer 
+connection. This is much the same behavior that will occur
+when \fBdisable spoolss = yes\fR. 
+
+The differentiating 
+factor is that under normal circumstances, the NT/2000 client will 
+attempt to open the network printer using MS-RPC. The problem is that
+because the client considers the printer to be local, it will attempt
+to issue the OpenPrinterEx() call requesting access rights associated 
+with the logged on user. If the user possesses local administator rights
+but not root privilegde on the Samba host (often the case), the OpenPrinterEx()
+call will fail. The result is that the client will now display an "Access
+Denied; Unable to connect" message in the printer queue window (even though
+jobs may successfully be printed). 
+
+If this parameter is enabled for a printer, then any attempt
+to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
+to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx()
+call to succeed. \fBThis parameter MUST not be able enabled
+on a print share which has valid print driver installed on the Samba 
+server.\fR
+
+See also disable spoolss
+
+Default: \fBuse client driver = no\fR
+.TP
+\fBuse mmap (G)\fR
+This global parameter determines if the tdb internals of Samba can
+depend on mmap working correctly on the running system. Samba requires a coherent
+mmap/read-write system memory cache. Currently only HPUX does not have such a
+coherent cache, and so this parameter is set to no by
+default on HPUX. On all other systems this parameter should be left alone. This
+parameter is provided to help the Samba developers track down problems with
+the tdb internal code.
+
+Default: \fBuse mmap = yes\fR
+.TP
+\fBuse rhosts (G)\fR
+If this global parameter is yes, it specifies 
+that the UNIX user's \fI.rhosts\fR file in their home directory 
+will be read to find the names of hosts and users who will be allowed 
+access without specifying a password.
+
+\fBNOTE:\fR The use of \fIuse rhosts
+\fRcan be a major security hole. This is because you are 
+trusting the PC to supply the correct username. It is very easy to 
+get a PC to supply a false username. I recommend that the \fI use rhosts\fR option be only used if you really know what 
+you are doing.
+
+Default: \fBuse rhosts = no\fR
+.TP
+\fBuser (S)\fR
+Synonym for \fI username\fR.
+.TP
+\fBusers (S)\fR
+Synonym for \fI username\fR.
+.TP
+\fBusername (S)\fR
+Multiple users may be specified in a comma-delimited 
+list, in which case the supplied password will be tested against 
+each username in turn (left to right).
+
+The \fIusername\fR line is needed only when 
+the PC is unable to supply its own username. This is the case 
+for the COREPLUS protocol or where your users have different WfWg 
+usernames to UNIX usernames. In both these cases you may also be 
+better using the \\\\server\\share%user syntax instead.
+
+The \fIusername\fR line is not a great 
+solution in many cases as it means Samba will try to validate 
+the supplied password against each of the usernames in the 
+\fIusername\fR line in turn. This is slow and 
+a bad idea for lots of users in case of duplicate passwords. 
+You may get timeouts or security breaches using this parameter 
+unwisely.
+
+Samba relies on the underlying UNIX security. This 
+parameter does not restrict who can login, it just offers hints 
+to the Samba server as to what usernames might correspond to the 
+supplied password. Users can login as whoever they please and 
+they will be able to do no more damage than if they started a 
+telnet session. The daemon runs as the user that they log in as, 
+so they cannot do anything that user cannot do.
+
+To restrict a service to a particular set of users you 
+can use the \fIvalid users
+\fRparameter.
+
+If any of the usernames begin with a '@' then the name
+will be looked up first in the NIS netgroups list (if Samba 
+is compiled with netgroup support), followed by a lookup in 
+the UNIX groups database and will expand to a list of all users 
+in the group of that name.
+
+If any of the usernames begin with a '+' then the name 
+will be looked up only in the UNIX groups database and will 
+expand to a list of all users in the group of that name.
+
+If any of the usernames begin with a '&'then the name 
+will be looked up only in the NIS netgroups database (if Samba 
+is compiled with netgroup support) and will expand to a list 
+of all users in the netgroup group of that name.
+
+Note that searching though a groups database can take 
+quite some time, and some clients may time out during the 
+search.
+
+See the section NOTE ABOUT 
+USERNAME/PASSWORD VALIDATION for more information on how 
+this parameter determines access to the services.
+
+Default: \fBThe guest account if a guest service, 
+else <empty string>.\fR
+
+Examples:\fBusername = fred, mary, jack, jane, 
+@users, @pcgroup\fR
+.TP
+\fBusername level (G)\fR
+This option helps Samba to try and 'guess' at 
+the real UNIX username, as many DOS clients send an all-uppercase 
+username. By default Samba tries all lowercase, followed by the 
+username with the first letter capitalized, and fails if the 
+username is not found on the UNIX machine.
+
+If this parameter is set to non-zero the behavior changes. 
+This parameter is a number that specifies the number of uppercase
+combinations to try while trying to determine the UNIX user name. The
+higher the number the more combinations will be tried, but the slower
+the discovery of usernames will be. Use this parameter when you have
+strange usernames on your UNIX machine, such as AstrangeUser
+\&.
+
+Default: \fBusername level = 0\fR
+
+Example: \fBusername level = 5\fR
+.TP
+\fBusername map (G)\fR
+This option allows you to specify a file containing 
+a mapping of usernames from the clients to the server. This can be 
+used for several purposes. The most common is to map usernames 
+that users use on DOS or Windows machines to those that the UNIX 
+box uses. The other is to map multiple users to a single username 
+so that they can more easily share files.
+
+The map file is parsed line by line. Each line should 
+contain a single UNIX username on the left then a '=' followed 
+by a list of usernames on the right. The list of usernames on the 
+right may contain names of the form @group in which case they 
+will match any UNIX username in that group. The special client 
+name '*' is a wildcard and matches any name. Each line of the 
+map file may be up to 1023 characters long.
+
+The file is processed on each line by taking the 
+supplied username and comparing it with each username on the right 
+hand side of the '=' signs. If the supplied name matches any of 
+the names on the right hand side then it is replaced with the name 
+on the left. Processing then continues with the next line.
+
+If any line begins with a '#' or a ';' then it is 
+ignored
+
+If any line begins with an '!' then the processing 
+will stop after that line if a mapping was done by the line. 
+Otherwise mapping continues with every line being processed. 
+Using '!' is most useful when you have a wildcard mapping line 
+later in the file.
+
+For example to map from the name admin 
+or administrator to the UNIX name  root you would use:
+
+\fBroot = admin administrator\fR
+
+Or to map anyone in the UNIX group system 
+to the UNIX name sys you would use:
+
+\fBsys = @system\fR
+
+You can have as many mappings as you like in a username 
+map file.
+
+If your system supports the NIS NETGROUP option then 
+the netgroup database is checked before the \fI/etc/group
+\fRdatabase for matching groups.
+
+You can map Windows usernames that have spaces in them
+by using double quotes around the name. For example:
+
+\fBtridge = "Andrew Tridgell"\fR
+
+would map the windows username "Andrew Tridgell" to the 
+unix username "tridge".
+
+The following example would map mary and fred to the 
+unix user sys, and map the rest to guest. Note the use of the 
+\&'!' to tell Samba to stop processing if it gets a match on 
+that line.
+
+.sp
+.nf
+		!sys = mary fred
+		guest = *
+		
+.sp
+.fi
+
+Note that the remapping is applied to all occurrences 
+of usernames. Thus if you connect to \\\\server\\fred and  fred is remapped to mary then you 
+will actually be connecting to \\\\server\\mary and will need to 
+supply a password suitable for mary not 
+fred. The only exception to this is the 
+username passed to the \fI password server\fR (if you have one). The password 
+server will receive whatever username the client supplies without 
+modification.
+
+Also note that no reverse mapping is done. The main effect 
+this has is with printing. Users who have been mapped may have 
+trouble deleting print jobs as PrintManager under WfWg will think 
+they don't own the print job.
+
+Default: \fBno username map\fR
+
+Example: \fBusername map = /usr/local/samba/lib/users.map
+\fR.TP
+\fBuse sendfile (S)\fR
+If this parameter is yes, and Samba
+was built with the --with-sendfile-support option, and the underlying operating
+system supports sendfile system call, then some SMB read calls (mainly ReadAndX
+and ReadRaw) will use the more efficient sendfile system call for files that
+are exclusively oplocked. This may make more efficient use of the system CPU's
+and cause Samba to be faster. This is off by default as it's effects are unknown
+as yet.
+
+Default: \fBuse sendfile = no\fR
+.TP
+\fButmp (G)\fR
+This boolean parameter is only available if 
+Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to yes then Samba will attempt
+to add utmp or utmpx records (depending on the UNIX system) whenever a
+connection is made to a Samba server. Sites may use this to record the
+user connecting to a Samba share.
+
+See also the \fI utmp directory\fR parameter.
+
+Default: \fButmp = no\fR
+.TP
+\fButmp directory(G)\fR
+This parameter is only available if Samba has 
+been configured and compiled with the option \fB --with-utmp\fR. It specifies a directory pathname that is
+used to store the utmp or utmpx files (depending on the UNIX system) that
+record user connections to a Samba server. See also the  \fIutmp\fR parameter. By default this is 
+not set, meaning the system will use whatever utmp file the 
+native system is set to use (usually 
+\fI/var/run/utmp\fR on Linux).
+
+Default: \fBno utmp directory\fR
+.TP
+\fBvalid chars (G)\fR
+The option allows you to specify additional 
+characters that should be considered valid by the server in 
+filenames. This is particularly useful for national character 
+sets, such as adding u-umlaut or a-ring.
+
+The option takes a list of characters in either integer 
+or character form with spaces between them. If you give two 
+characters with a colon between them then it will be taken as 
+an lowercase:uppercase pair.
+
+If you have an editor capable of entering the characters 
+into the config file then it is probably easiest to use this 
+method. Otherwise you can specify the characters in octal, 
+decimal or hexadecimal form using the usual C notation.
+
+For example to add the single character 'Z' to the charset 
+(which is a pointless thing to do as it's already there) you could 
+do one of the following
+
+.sp
+.nf
+		valid chars = Z
+		valid chars = z:Z
+		valid chars = 0132:0172
+		
+.sp
+.fi
+
+The last two examples above actually add two characters, 
+and alter the uppercase and lowercase mappings appropriately.
+
+Note that you \fBMUST\fR specify this parameter 
+after the \fIclient code page\fR parameter if you 
+have both set. If \fIclient code page\fR is set after 
+the \fIvalid chars\fR parameter the \fIvalid 
+chars\fR settings will be overwritten.
+
+See also the \fIclient 
+code page\fR parameter.
+
+Default: \fBSamba defaults to using a reasonable set 
+of valid characters for English systems\fR
+
+Example: \fBvalid chars = 0345:0305 0366:0326 0344:0304
+\fR
+The above example allows filenames to have the Swedish 
+characters in them.
+
+\fBNOTE:\fR It is actually quite difficult to 
+correctly produce a \fIvalid chars\fR line for 
+a particular system. To automate the process tino@augsburg.net <URL:mailto:tino@augsburg.net> has written 
+a package called \fBvalidchars\fR which will automatically 
+produce a complete \fIvalid chars\fR line for
+a given client system. Look in the \fIexamples/validchars/
+\fRsubdirectory of your Samba source code distribution 
+for this package.
+.TP
+\fBvalid users (S)\fR
+This is a list of users that should be allowed 
+to login to this service. Names starting with '@', '+' and '&'
+are interpreted using the same rules as described in the 
+\fIinvalid users\fR parameter.
+
+If this is empty (the default) then any user can login. 
+If a username is in both this list and the \fIinvalid 
+users\fR list then access is denied for that user.
+
+The current servicename is substituted for \fI%S
+\fR\&. This is useful in the [homes] section.
+
+See also \fIinvalid users
+\fR
+Default: \fBNo valid users list (anyone can login)
+\fR
+Example: \fBvalid users = greg, @pcusers\fR
+.TP
+\fBveto files(S)\fR
+This is a list of files and directories that 
+are neither visible nor accessible. Each entry in the list must 
+be separated by a '/', which allows spaces to be included 
+in the entry. '*' and '?' can be used to specify multiple files 
+or directories as in DOS wildcards.
+
+Each entry must be a unix path, not a DOS path and 
+must \fBnot\fR include the unix directory 
+separator '/'.
+
+Note that the \fIcase sensitive\fR option 
+is applicable in vetoing files.
+
+One feature of the veto files parameter that it
+is important to be aware of is Samba's behaviour when
+trying to delete a directory. If a directory that is
+to be deleted contains nothing but veto files this
+deletion will \fBfail\fR unless you also set
+the \fIdelete veto files\fR parameter to
+\fIyes\fR.
+
+Setting this parameter will affect the performance 
+of Samba, as it will be forced to check all files and directories 
+for a match as they are scanned.
+
+See also \fIhide files
+\fRand \fI case sensitive\fR.
+
+Default: \fBNo files or directories are vetoed.
+\fR
+Examples:
+.sp
+.nf
+; Veto any files containing the word Security, 
+; any ending in .tmp, and any directory containing the
+; word root.
+veto files = /*Security*/*.tmp/*root*/
+
+; Veto the Apple specific files that a NetAtalk server
+; creates.
+veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
+.sp
+.fi
+.TP
+\fBveto oplock files (S)\fR
+This parameter is only valid when the \fIoplocks\fR
+parameter is turned on for a share. It allows the Samba administrator
+to selectively turn off the granting of oplocks on selected files that
+match a wildcarded list, similar to the wildcarded list used in the
+\fIveto files\fR 
+parameter.
+
+Default: \fBNo files are vetoed for oplock 
+grants\fR
+
+You might want to do this on files that you know will 
+be heavily contended for by clients. A good example of this 
+is in the NetBench SMB benchmark program, which causes heavy 
+client contention for files ending in \fI.SEM\fR. 
+To cause Samba not to grant oplocks on these files you would use 
+the line (either in the [global] section or in the section for 
+the particular NetBench share :
+
+Example: \fBveto oplock files = /*.SEM/
+\fR.TP
+\fBvfs object (S)\fR
+This parameter specifies a shared object file that 
+is used for Samba VFS I/O operations. By default, normal 
+disk I/O operations are used but these can be overloaded 
+with a VFS object. The Samba VFS layer is new to Samba 2.2 and 
+must be enabled at compile time with --with-vfs.
+
+Default : \fBno value\fR
+.TP
+\fBvfs options (S)\fR
+This parameter allows parameters to be passed 
+to the vfs layer at initialization time. The Samba VFS layer 
+is new to Samba 2.2 and must be enabled at compile time 
+with --with-vfs. See also \fI vfs object\fR.
+
+Default : \fBno value\fR
+.TP
+\fBvolume (S)\fR
+This allows you to override the volume label 
+returned for a share. Useful for CDROMs with installation programs 
+that insist on a particular volume label.
+
+Default: \fBthe name of the share\fR
+.TP
+\fBwide links (S)\fR
+This parameter controls whether or not links 
+in the UNIX file system may be followed by the server. Links 
+that point to areas within the directory tree exported by the 
+server are always allowed; this parameter controls access only 
+to areas that are outside the directory tree being exported.
+
+Note that setting this parameter can have a negative 
+effect on your server performance due to the extra system calls 
+that Samba has to do in order to perform the link checks.
+
+Default: \fBwide links = yes\fR
+.TP
+\fBwinbind cache time (G)\fR
+This parameter specifies the number of seconds the
+winbindd(8) daemon will cache 
+user and group information before querying a Windows NT server 
+again.
+
+Default: \fBwinbind cache type = 15\fR
+.TP
+\fBwinbind enum users (G)\fR
+On large installations using
+winbindd(8) it may be
+necessary to suppress the enumeration of users through the
+\fBsetpwent()\fR,
+\fBgetpwent()\fR and
+\fBendpwent()\fR group of system calls. If
+the \fIwinbind enum users\fR parameter is
+no, calls to the \fBgetpwent\fR system call
+will not return any data. 
+
+\fBWarning:\fR Turning off user
+enumeration may cause some programs to behave oddly. For
+example, the finger program relies on having access to the
+full user list when searching for matching
+usernames. 
+
+Default: \fBwinbind enum users = yes \fR
+.TP
+\fBwinbind enum groups (G)\fR
+On large installations using
+winbindd(8) it may be
+necessary to suppress the enumeration of groups through the
+\fBsetgrent()\fR,
+\fBgetgrent()\fR and
+\fBendgrent()\fR group of system calls. If
+the \fIwinbind enum groups\fR parameter is
+no, calls to the \fBgetgrent()\fR system
+call will not return any data. 
+
+\fBWarning:\fR Turning off group
+enumeration may cause some programs to behave oddly.
+
+Default: \fBwinbind enum groups = yes \fR
+.TP
+\fBwinbind gid (G)\fR
+The winbind gid parameter specifies the range of group 
+ids that are allocated by the  winbindd(8) daemon. This range of group ids should have no 
+existing local or NIS groups within it as strange conflicts can 
+occur otherwise.
+
+Default: \fBwinbind gid = <empty string>
+\fR
+Example: \fBwinbind gid = 10000-20000\fR
+.TP
+\fBwinbind separator (G)\fR
+This parameter allows an admin to define the character 
+used when listing a username of the form of \fIDOMAIN
+\fR\\\fIuser\fR. This parameter 
+is only applicable when using the \fIpam_winbind.so\fR
+and \fInss_winbind.so\fR modules for UNIX services.
+
+Please note that setting this parameter to + causes problems
+with group membership at least on glibc systems, as the character +
+is used as a special character for NIS in /etc/group.
+
+Default: \fBwinbind separator = '\\'\fR
+
+Example: \fBwinbind separator = +\fR
+.TP
+\fBwinbind uid (G)\fR
+The winbind gid parameter specifies the range of group 
+ids that are allocated by the  winbindd(8) daemon. This range of ids should have no 
+existing local or NIS users within it as strange conflicts can 
+occur otherwise.
+
+Default: \fBwinbind uid = <empty string>
+\fR
+Example: \fBwinbind uid = 10000-20000\fR
+.TP
+\fBwinbind use default domain\fR
+.TP
+\fBwinbind use default domain\fR
+This parameter specifies whether the  winbindd(8)
+daemon should operate on users without domain component in their username. 
+Users without a domain component are treated as is part of the winbindd server's 
+own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail 
+function in a way much closer to the way they would in a native unix system.
+
+Default: \fBwinbind use default domain = <no> 
+\fR
+Example: \fBwinbind use default domain = yes\fR
+.TP
+\fBwins hook (G)\fR
+When Samba is running as a WINS server this 
+allows you to call an external program for all changes to the 
+WINS database. The primary use for this option is to allow the 
+dynamic update of external name resolution databases such as 
+dynamic DNS.
+
+The wins hook parameter specifies the name of a script 
+or executable that will be called as follows:
+
+\fBwins_hook operation name nametype ttl IP_list
+\fR.RS
+.TP 0.2i
+\(bu
+The first argument is the operation and is one 
+of "add", "delete", or "refresh". In most cases the operation can 
+be ignored as the rest of the parameters provide sufficient 
+information. Note that "refresh" may sometimes be called when the 
+name has not previously been added, in that case it should be treated 
+as an add.
+.TP 0.2i
+\(bu
+The second argument is the NetBIOS name. If the 
+name is not a legal name then the wins hook is not called. 
+Legal names contain only letters, digits, hyphens, underscores 
+and periods.
+.TP 0.2i
+\(bu
+The third argument is the NetBIOS name 
+type as a 2 digit hexadecimal number. 
+.TP 0.2i
+\(bu
+The fourth argument is the TTL (time to live) 
+for the name in seconds.
+.TP 0.2i
+\(bu
+The fifth and subsequent arguments are the IP 
+addresses currently registered for that name. If this list is 
+empty then the name should be deleted.
+.RE
+.PP
+An example script that calls the BIND dynamic DNS update 
+program \fBnsupdate\fR is provided in the examples 
+directory of the Samba source code. 
+.PP
+.TP
+\fBwins proxy (G)\fR
+This is a boolean that controls if nmbd(8) will respond to broadcast name 
+queries on behalf of other hosts. You may need to set this 
+to yes for some older clients.
+
+Default: \fBwins proxy = no\fR
+.TP
+\fBwins server (G)\fR
+This specifies the IP address (or DNS name: IP 
+address for preference) of the WINS server that  nmbd(8) should register with. If you have a WINS server on 
+your network then you should set this to the WINS server's IP.
+
+You should point this at your WINS server if you have a
+multi-subnetted network.
+
+\fBNOTE\fR. You need to set up Samba to point 
+to a WINS server if you have multiple subnets and wish cross-subnet 
+browsing to work correctly.
+
+See the documentation file \fIBROWSING.txt\fR 
+in the docs/ directory of your Samba source distribution.
+
+Default: \fBnot enabled\fR
+
+Example: \fBwins server = 192.9.200.1\fR
+.TP
+\fBwins support (G)\fR
+This boolean controls if the  
+nmbd(8) process in Samba will act as a WINS server. You should 
+not set this to yes unless you have a multi-subnetted network and 
+you wish a particular \fBnmbd\fR to be your WINS server. 
+Note that you should \fBNEVER\fR set this to yes
+on more than one machine in your network.
+
+Default: \fBwins support = no\fR
+.TP
+\fBworkgroup (G)\fR
+This controls what workgroup your server will 
+appear to be in when queried by clients. Note that this parameter 
+also controls the Domain name used with the \fBsecurity = domain\fR
+setting.
+
+Default: \fBset at compile time to WORKGROUP\fR
+
+Example: \fBworkgroup = MYGROUP\fR
+.TP
+\fBwritable (S)\fR
+Synonym for \fI writeable\fR for people who can't spell :-).
+.TP
+\fBwrite cache size (S)\fR
+If this integer parameter is set to non-zero value,
+Samba will create an in-memory cache for each oplocked file 
+(it does \fBnot\fR do this for 
+non-oplocked files). All writes that the client does not request 
+to be flushed directly to disk will be stored in this cache if possible. 
+The cache is flushed onto disk when a write comes in whose offset 
+would not fit into the cache or when the file is closed by the client. 
+Reads for the file are also served from this cache if the data is stored 
+within it.
+
+This cache allows Samba to batch client writes into a more 
+efficient write size for RAID disks (i.e. writes may be tuned to 
+be the RAID stripe size) and can improve performance on systems 
+where the disk subsystem is a bottleneck but there is free 
+memory for userspace programs.
+
+The integer parameter specifies the size of this cache 
+(per oplocked file) in bytes.
+
+Default: \fBwrite cache size = 0\fR
+
+Example: \fBwrite cache size = 262144\fR
+
+for a 256k cache size per file.
+.TP
+\fBwrite list (S)\fR
+This is a list of users that are given read-write 
+access to a service. If the connecting user is in this list then 
+they will be given write access, no matter what the \fIread only\fR
+option is set to. The list can include group names using the 
+@group syntax.
+
+Note that if a user is in both the read list and the 
+write list then they will be given write access.
+
+See also the \fIread list
+\fRoption.
+
+Default: \fBwrite list = <empty string>
+\fR
+Example: \fBwrite list = admin, root, @staff
+\fR.TP
+\fBwrite ok (S)\fR
+Inverted synonym for \fI read only\fR.
+.TP
+\fBwrite raw (G)\fR
+This parameter controls whether or not the server 
+will support raw write SMB's when transferring data from clients. 
+You should never need to change this parameter.
+
+Default: \fBwrite raw = yes\fR
+.TP
+\fBwriteable (S)\fR
+Inverted synonym for \fI read only\fR.
+.SH "WARNINGS"
+.PP
+Although the configuration file permits service names 
+to contain spaces, your client software may not. Spaces will 
+be ignored in comparisons anyway, so it shouldn't be a 
+problem - but be aware of the possibility.
+.PP
+On a similar note, many clients - especially DOS clients - 
+limit service names to eight characters. smbd(8)
+ has no such limitation, but attempts to connect from such 
+clients will fail if they truncate the service names. For this reason 
+you should probably keep your service names down to eight characters 
+in length.
+.PP
+Use of the [homes] and [printers] special sections make life 
+for an administrator easy, but the various combinations of default 
+attributes can be tricky. Take extreme care when designing these 
+sections. In particular, ensure that the permissions on spool 
+directories are correct.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+samba(7)
+\fBsmbpasswd(8)\fR
+\fBswat(8)\fR
+\fBsmbd(8)\fR 
+\fBnmbd(8)\fR 
+\fBsmbclient(1)\fR 
+\fBnmblookup(1)\fR
+\fBtestparm(1)\fR 
+\fBtestprns(1)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
new file mode 100755
index 00000000000..f62c34265d8
--- /dev/null
+++ b/docs/manpages/smbcacls.1
@@ -0,0 +1,191 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBCACLS" "1" "19 November 2002" "" ""
+.SH NAME
+smbcacls \- Set or get ACLs on an NT file or directory names
+.SH SYNOPSIS
+.sp
+\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ]  [ \fB-A acls\fR ]  [ \fB-M acls\fR ]  [ \fB-D acls\fR ]  [ \fB-S acls\fR ]  [ \fB-C name\fR ]  [ \fB-G name\fR ]  [ \fB-n\fR ]  [ \fB-h\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+The \fBsmbcacls\fR program manipulates NT Access Control Lists 
+(ACLs) on SMB file shares. 
+.SH "OPTIONS"
+.PP
+The following options are available to the \fBsmbcacls\fR program. 
+The format of ACLs is described in the section ACL FORMAT 
+.TP
+\fB-A acls\fR
+Add the ACLs specified to the ACL list. Existing 
+access control entries are unchanged. 
+.TP
+\fB-M acls\fR
+Modify the mask value (permissions) for the ACLs 
+specified on the command line. An error will be printed for each 
+ACL specified that was not already present in the ACL list
+.TP
+\fB-D acls\fR
+Delete any ACLs specified on the command line. 
+An error will be printed for each ACL specified that was not 
+already present in the ACL list. 
+.TP
+\fB-S acls\fR
+This command sets the ACLs on the file with 
+only the ones specified on the command line. All other ACLs are 
+erased. Note that the ACL specified must contain at least a revision, 
+type, owner and group for the call to succeed. 
+.TP
+\fB-U username\fR
+Specifies a username used to connect to the 
+specified service. The username may be of the form "username" in 
+which case the user is prompted to enter in a password and the 
+workgroup specified in the \fIsmb.conf\fR file is 
+used, or "username%password" or "DOMAIN\\username%password" and the 
+password and workgroup names are used as provided. 
+.TP
+\fB-C name\fR
+The owner of a file or directory can be changed 
+to the name given using the \fI-C\fR option. 
+The name can be a sid in the form S-1-x-y-z or a name resolved 
+against the server specified in the first argument. 
+
+This command is a shortcut for -M OWNER:name. 
+.TP
+\fB-G name\fR
+The group owner of a file or directory can 
+be changed to the name given using the \fI-G\fR 
+option. The name can be a sid in the form S-1-x-y-z or a name 
+resolved against the server specified n the first argument.
+
+This command is a shortcut for -M GROUP:name.
+.TP
+\fB-n\fR
+This option displays all ACL information in numeric 
+format. The default is to convert SIDs to names and ACE types 
+and masks to a readable string format. 
+.TP
+\fB-h\fR
+Print usage information on the \fBsmbcacls
+\fRprogram.
+.SH "ACL FORMAT"
+.PP
+The format of an ACL is one or more ACL entries separated by 
+either commas or newlines. An ACL entry is one of the following: 
+.PP
+.sp
+.nf
+ 
+REVISION:<revision number>
+OWNER:<sid or name>
+GROUP:<sid or name>
+ACL:<sid or name>:<type>/<flags>/<mask>
+	
+.sp
+.fi
+.PP
+The revision of the ACL specifies the internal Windows 
+NT ACL revision for the security descriptor. 
+If not specified it defaults to 1. Using values other than 1 may 
+cause strange behaviour. 
+.PP
+The owner and group specify the owner and group sids for the 
+object. If a SID in the format CWS-1-x-y-z is specified this is used, 
+otherwise the name specified is resolved using the server on which 
+the file or directory resides. 
+.PP
+ACLs specify permissions granted to the SID. This SID again 
+can be specified in CWS-1-x-y-z format or as a name in which case 
+it is resolved against the server on which the file or directory 
+resides. The type, flags and mask values determine the type of 
+access granted to the SID. 
+.PP
+The type can be either 0 or 1 corresponding to ALLOWED or 
+DENIED access to the SID. The flags values are generally
+zero for file ACLs and either 9 or 2 for directory ACLs. Some 
+common flags are: 
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_INHERIT_ONLY 0x8
+.PP
+At present flags can only be specified as decimal or 
+hexadecimal values.
+.PP
+.PP
+The mask is a value which expresses the access right 
+granted to the SID. It can be given as a decimal or hexadecimal value, 
+or by using one of the following text strings which map to the NT 
+file permissions of the same name. 
+.PP
+.TP 0.2i
+\(bu
+\fBR\fR - Allow read access 
+.TP 0.2i
+\(bu
+\fBW\fR - Allow write access
+.TP 0.2i
+\(bu
+\fBX\fR - Execute permission on the object
+.TP 0.2i
+\(bu
+\fBD\fR - Delete the object
+.TP 0.2i
+\(bu
+\fBP\fR - Change permissions
+.TP 0.2i
+\(bu
+\fBO\fR - Take ownership
+.PP
+The following combined permissions can be specified:
+.PP
+.TP 0.2i
+\(bu
+\fBREAD\fR - Equivalent to 'RX'
+permissions
+.TP 0.2i
+\(bu
+\fBCHANGE\fR - Equivalent to 'RXWD' permissions
+.TP 0.2i
+\(bu
+\fBFULL\fR - Equivalent to 'RWXDPO' 
+permissions
+.SH "EXIT STATUS"
+.PP
+The \fBsmbcacls\fR program sets the exit status 
+depending on the success or otherwise of the operations performed. 
+The exit status may be one of the following values. 
+.PP
+If the operation succeeded, smbcacls returns and exit 
+status of 0. If \fBsmbcacls\fR couldn't connect to the specified server, 
+or there was an error getting or setting the ACLs, an exit status 
+of 1 is returned. If there was an error parsing any command line 
+arguments, an exit status of 2 is returned. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+\fBsmbcacls\fR was written by Andrew Tridgell 
+and Tim Potter.
+.PP
+The conversion to DocBook for Samba 2.2 was done 
+by Gerald Carter
diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1
new file mode 100755
index 00000000000..298cfd223a6
--- /dev/null
+++ b/docs/manpages/smbclient.1
@@ -0,0 +1,812 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBCLIENT" "1" "19 November 2002" "" ""
+.SH NAME
+smbclient \- ftp-like client to access SMB/CIFS resources  on servers
+.SH SYNOPSIS
+.sp
+\fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ]  [ \fB-b <buffer size>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-D Directory\fR ]  [ \fB-U username\fR ]  [ \fB-W workgroup\fR ]  [ \fB-M <netbios name>\fR ]  [ \fB-m maxprotocol\fR ]  [ \fB-A authfile\fR ]  [ \fB-N\fR ]  [ \fB-l logfile\fR ]  [ \fB-L <netbios name>\fR ]  [ \fB-I destinationIP\fR ]  [ \fB-E <terminal code>\fR ]  [ \fB-c <command string>\fR ]  [ \fB-i scope\fR ]  [ \fB-O <socket options>\fR ]  [ \fB-p port\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-T<c|x>IXFqgbNan\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBsmbclient\fR is a client that can 
+\&'talk' to an SMB/CIFS server. It offers an interface
+similar to that of the ftp program (see \fBftp(1)\fR). 
+Operations include things like getting files from the server 
+to the local machine, putting files from the local machine to 
+the server, retrieving directory information from the server 
+and so on. 
+.SH "OPTIONS"
+.TP
+\fBservicename\fR
+servicename is the name of the service 
+you want to use on the server. A service name takes the form
+\fI//server/service\fR where \fIserver
+\fRis the NetBIOS name of the SMB/CIFS server 
+offering the desired service and \fIservice\fR 
+is the name of the service offered. Thus to connect to 
+the service "printer" on the SMB/CIFS server "smbserver",
+you would use the servicename \fI//smbserver/printer
+\fR
+Note that the server name required is NOT necessarily 
+the IP (DNS) host name of the server ! The name required is 
+a NetBIOS server name, which may or may not be the
+same as the IP hostname of the machine running the server.
+
+The server name is looked up according to either 
+the \fI-R\fR parameter to \fBsmbclient\fR or 
+using the name resolve order parameter in the \fIsmb.conf\fR file, 
+allowing an administrator to change the order and methods 
+by which server names are looked up. 
+.TP
+\fBpassword\fR
+The password required to access the specified 
+service on the specified server. If this parameter is 
+supplied, the \fI-N\fR option (suppress 
+password prompt) is assumed. 
+
+There is no default password. If no password is supplied 
+on the command line (either by using this parameter or adding 
+a password to the \fI-U\fR option (see 
+below)) and the \fI-N\fR option is not 
+specified, the client will prompt for a password, even if 
+the desired service does not require one. (If no password is 
+required, simply press ENTER to provide a null password.)
+
+Note: Some servers (including OS/2 and Windows for 
+Workgroups) insist on an uppercase password. Lowercase 
+or mixed case passwords may be rejected by these servers. 
+
+Be cautious about including passwords in scripts.
+.TP
+\fB-s smb.conf\fR
+Specifies the location of the all important 
+\fIsmb.conf\fR file. 
+.TP
+\fB-O socket options\fR
+TCP socket options to set on the client 
+socket. See the socket options parameter in the \fI smb.conf (5)\fR manpage for the list of valid 
+options. 
+.TP
+\fB-R <name resolve order>\fR
+This option is used by the programs in the Samba 
+suite to determine what naming services and in what order to resolve 
+host names to IP addresses. The option takes a space-separated 
+string of different name resolution options.
+
+The options are :"lmhosts", "host", "wins" and "bcast". They 
+cause names to be resolved as follows :
+.RS
+.TP 0.2i
+\(bu
+lmhosts : Lookup an IP 
+address in the Samba lmhosts file. If the line in lmhosts has 
+no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
+any name type matches for lookup.
+.TP 0.2i
+\(bu
+host : Do a standard host 
+name to IP address resolution, using the system \fI/etc/hosts
+\fR, NIS, or DNS lookups. This method of name resolution 
+is operating system dependent, for instance on IRIX or Solaris this 
+may be controlled by the \fI/etc/nsswitch.conf\fR 
+file). Note that this method is only used if the NetBIOS name 
+type being queried is the 0x20 (server) name type, otherwise 
+it is ignored.
+.TP 0.2i
+\(bu
+wins : Query a name with 
+the IP address listed in the \fIwins server\fR
+parameter. If no WINS server has
+been specified this method will be ignored.
+.TP 0.2i
+\(bu
+bcast : Do a broadcast on 
+each of the known local interfaces listed in the 
+\fIinterfaces\fR
+parameter. This is the least reliable of the name resolution 
+methods as it depends on the target host being on a locally 
+connected subnet.
+.RE
+.PP
+If this parameter is not set then the name resolve order 
+defined in the \fIsmb.conf\fR file parameter 
+(name resolve order) will be used. 
+.PP
+.PP
+The default order is lmhosts, host, wins, bcast and without 
+this parameter or any entry in the \fIname resolve order
+\fRparameter of the \fIsmb.conf\fR file the name resolution
+methods will be attempted in this order. 
+.PP
+.TP
+\fB-M NetBIOS name\fR
+This options allows you to send messages, using 
+the "WinPopup" protocol, to another computer. Once a connection is 
+established you then type your message, pressing ^D (control-D) to 
+end. 
+
+If the receiving computer is running WinPopup the user will 
+receive the message and probably a beep. If they are not running 
+WinPopup the message will be lost, and no error message will 
+occur. 
+
+The message is also automatically truncated if the message 
+is over 1600 bytes, as this is the limit of the protocol. 
+
+One useful trick is to cat the message through
+\fBsmbclient\fR. For example: \fB cat mymessage.txt | smbclient -M FRED \fR will 
+send the message in the file \fImymessage.txt\fR 
+to the machine FRED. 
+
+You may also find the \fI-U\fR and 
+\fI-I\fR options useful, as they allow you to 
+control the FROM and TO parts of the message. 
+
+See the message command parameter in the \fI smb.conf(5)\fR for a description of how to handle incoming 
+WinPopup messages in Samba. 
+
+\fBNote\fR: Copy WinPopup into the startup group 
+on your WfWg PCs if you want them to always be able to receive 
+messages. 
+.TP
+\fB-i scope\fR
+This specifies a NetBIOS scope that smbclient will 
+use to communicate with when generating NetBIOS names. For details 
+on the use of NetBIOS scopes, see \fIrfc1001.txt\fR 
+and \fIrfc1002.txt\fR.
+NetBIOS scopes are \fBvery\fR rarely used, only set 
+this parameter if you are the system administrator in charge of all 
+the NetBIOS systems you communicate with. 
+.TP
+\fB-N\fR
+If specified, this parameter suppresses the normal 
+password prompt from the client to the user. This is useful when 
+accessing a service that does not require a password. 
+
+Unless a password is specified on the command line or 
+this parameter is specified, the client will request a 
+password.
+.TP
+\fB-n NetBIOS name\fR
+By default, the client will use the local 
+machine's hostname (in uppercase) as its NetBIOS name. This parameter 
+allows you to override the host name and use whatever NetBIOS 
+name you wish. 
+.TP
+\fB-d debuglevel\fR
+\fIdebuglevel\fR is an integer from 0 to 10, or 
+the letter 'A'. 
+
+The default value if this parameter is not specified 
+is zero. 
+
+The higher this value, the more detail will be logged to 
+the log files about the activities of the 
+client. At level 0, only critical errors and serious warnings will 
+be logged. Level 1 is a reasonable level for day to day running - 
+it generates a small amount of information about operations 
+carried out. 
+
+Levels above 1 will generate considerable amounts of log 
+data, and should only be used when investigating a problem.
+Levels above 3 are designed for use only by developers and 
+generate HUGE amounts of log data, most of which is extremely 
+cryptic. If \fIdebuglevel\fR is set to the letter 'A', then \fBall
+\fRdebug messages will be printed. This setting
+is for developers only (and people who \fBreally\fR want 
+to know how the code works internally). 
+
+Note that specifying this parameter here will override
+the log level parameter in the \fIsmb.conf (5)\fR 
+file. 
+.TP
+\fB-p port\fR
+This number is the TCP port number that will be used 
+when making connections to the server. The standard (well-known)
+TCP port number for an SMB/CIFS server is 139, which is the 
+default. 
+.TP
+\fB-l logfilename\fR
+If specified, \fIlogfilename\fR specifies a base filename 
+into which operational data from the running client will be 
+logged. 
+
+The default base name is specified at compile time.
+
+The base name is used to generate actual log file names.
+For example, if the name specified was "log", the debug file 
+would be \fIlog.client\fR.
+
+The log file generated is never removed by the client. 
+.TP
+\fB-h\fR
+Print the usage message for the client. 
+.TP
+\fB-I IP-address\fR
+\fIIP address\fR is the address of the server to connect to. 
+It should be specified in standard "a.b.c.d" notation. 
+
+Normally the client would attempt to locate a named 
+SMB/CIFS server by looking it up via the NetBIOS name resolution 
+mechanism described above in the \fIname resolve order\fR 
+parameter above. Using this parameter will force the client
+to assume that the server is on the machine with the specified IP 
+address and the NetBIOS name component of the resource being 
+connected to will be ignored. 
+
+There is no default for this parameter. If not supplied, 
+it will be determined automatically by the client as described 
+above. 
+.TP
+\fB-E\fR
+This parameter causes the client to write messages 
+to the standard error stream (stderr) rather than to the standard 
+output stream. 
+
+By default, the client writes messages to standard output 
+- typically the user's tty. 
+.TP
+\fB-U username[%pass]\fR
+Sets the SMB username or username and password. 
+If %pass is not specified, The user will be prompted. The client 
+will first check the \fBUSER\fR environment variable, then the 
+\fBLOGNAME\fR variable and if either exists, the 
+string is uppercased. Anything in these variables following a '%' 
+sign will be treated as the password. If these environment 
+variables are not found, the username GUEST 
+is used. 
+
+If the password is not included in these environment
+variables (using the %pass syntax), \fBsmbclient\fR will look for 
+a \fBPASSWD\fR environment variable from which 
+to read the password. 
+
+A third option is to use a credentials file which 
+contains the plaintext of the domain name, username and password. This 
+option is mainly provided for scripts where the admin doesn't 
+wish to pass the credentials on the command line or via environment 
+variables. If this method is used, make certain that the permissions 
+on the file restrict access from unwanted users. See the 
+\fI-A\fR for more details. 
+
+Be cautious about including passwords in scripts or in 
+the \fBPASSWD\fR environment variable. Also, on 
+many systems the command line of a running process may be seen 
+via the \fBps\fR command to be safe always allow 
+\fBsmbclient\fR to prompt for a password and type 
+it in directly. 
+.TP
+\fB-A filename\fR
+This option allows 
+you to specify a file from which to read the username, domain name, and 
+password used in the connection. The format of the file is 
+
+.sp
+.nf
+username = <value> 
+password = <value>
+domain = <value>
+		
+.sp
+.fi
+
+If the domain parameter is missing the current workgroup name
+is used instead. Make certain that the permissions on the file restrict 
+access from unwanted users. 
+.TP
+\fB-L\fR
+This option allows you to look at what services 
+are available on a server. You use it as \fBsmbclient -L 
+host\fR and a list should appear. The \fI-I
+\fRoption may be useful if your NetBIOS names don't 
+match your TCP/IP DNS host names or if you are trying to reach a 
+host on another network. 
+.TP
+\fB-t terminal code\fR
+This option tells \fBsmbclient\fR how to interpret 
+filenames coming from the remote server. Usually Asian language 
+multibyte UNIX implementations use different character sets than 
+SMB/CIFS servers (\fBEUC\fR instead of \fB SJIS\fR for example). Setting this parameter will let 
+\fBsmbclient\fR convert between the UNIX filenames and 
+the SMB filenames correctly. This option has not been seriously tested 
+and may have some problems. 
+
+The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8,
+CWjunet, CWhex, CWcap. This is not a complete list, check the Samba 
+source code for the complete list. 
+.TP
+\fB-b buffersize\fR
+This option changes the transmit/send buffer 
+size when getting or putting a file from/to the server. The default 
+is 65520 bytes. Setting this value smaller (to 1200 bytes) has been 
+observed to speed up file transfers to and from a Win9x server. 
+.TP
+\fB-W WORKGROUP\fR
+Override the default workgroup (domain) specified
+in the workgroup parameter of the \fIsmb.conf\fR
+file for this connection. This may be needed to connect to some
+servers. 
+.TP
+\fB-T tar options\fR
+smbclient may be used to create \fBtar(1)
+\fRcompatible backups of all the files on an SMB/CIFS
+share. The secondary tar flags that can be given to this option 
+are : 
+.RS
+.TP 0.2i
+\(bu
+\fIc\fR - Create a tar file on UNIX. 
+Must be followed by the name of a tar file, tape device
+or "-" for standard output. If using standard output you must 
+turn the log level to its lowest value -d0 to avoid corrupting 
+your tar file. This flag is mutually exclusive with the 
+\fIx\fR flag. 
+.TP 0.2i
+\(bu
+\fIx\fR - Extract (restore) a local 
+tar file back to a share. Unless the -D option is given, the tar 
+files will be restored from the top level of the share. Must be 
+followed by the name of the tar file, device or "-" for standard 
+input. Mutually exclusive with the \fIc\fR flag. 
+Restored files have their creation times (mtime) set to the
+date saved in the tar file. Directories currently do not get 
+their creation dates restored properly. 
+.TP 0.2i
+\(bu
+\fII\fR - Include files and directories. 
+Is the default behavior when filenames are specified above. Causes 
+tar files to be included in an extract or create (and therefore 
+everything else to be excluded). See example below. Filename globbing 
+works in one of two ways. See r below. 
+.TP 0.2i
+\(bu
+\fIX\fR - Exclude files and directories. 
+Causes tar files to be excluded from an extract or create. See 
+example below. Filename globbing works in one of two ways now. 
+See \fIr\fR below. 
+.TP 0.2i
+\(bu
+\fIb\fR - Blocksize. Must be followed 
+by a valid (greater than zero) blocksize. Causes tar file to be 
+written out in blocksize*TBLOCK (usually 512 byte) blocks. 
+.TP 0.2i
+\(bu
+\fIg\fR - Incremental. Only back up 
+files that have the archive bit set. Useful only with the 
+\fIc\fR flag. 
+.TP 0.2i
+\(bu
+\fIq\fR - Quiet. Keeps tar from printing 
+diagnostics as it works. This is the same as tarmode quiet. 
+.TP 0.2i
+\(bu
+\fIr\fR - Regular expression include
+or exclude. Uses regular expression matching for 
+excluding or excluding files if compiled with HAVE_REGEX_H. 
+However this mode can be very slow. If not compiled with 
+HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. 
+.TP 0.2i
+\(bu
+\fIN\fR - Newer than. Must be followed 
+by the name of a file whose date is compared against files found 
+on the share during a create. Only files newer than the file 
+specified are backed up to the tar file. Useful only with the 
+\fIc\fR flag. 
+.TP 0.2i
+\(bu
+\fIa\fR - Set archive bit. Causes the 
+archive bit to be reset when a file is backed up. Useful with the 
+\fIg\fR and \fIc\fR flags. 
+.RE
+.PP
+\fBTar Long File Names\fR
+.PP
+.PP
+\fBsmbclient\fR's tar option now supports long 
+file names both on backup and restore. However, the full path 
+name of the file must be less than 1024 bytes. Also, when
+a tar archive is created, \fBsmbclient\fR's tar option places all 
+files in the archive with relative names, not absolute names. 
+.PP
+.PP
+\fBTar Filenames\fR
+.PP
+.PP
+All file names can be given as DOS path names (with '\\' 
+as the component separator) or as UNIX path names (with '/' as 
+the component separator). 
+.PP
+.PP
+\fBExamples\fR
+.PP
+.PP
+Restore from tar file \fIbackup.tar\fR into myshare on mypc 
+(no password on share). 
+.PP
+.PP
+\fBsmbclient //mypc/yshare "" -N -Tx backup.tar
+\fR.PP
+.PP
+Restore everything except \fIusers/docs\fR
+.PP
+.PP
+\fBsmbclient //mypc/myshare "" -N -TXx backup.tar 
+users/docs\fR
+.PP
+.PP
+Create a tar file of the files beneath \fI users/docs\fR. 
+.PP
+.PP
+\fBsmbclient //mypc/myshare "" -N -Tc
+backup.tar users/docs \fR
+.PP
+.PP
+Create the same tar file as above, but now use 
+a DOS path name. 
+.PP
+.PP
+\fBsmbclient //mypc/myshare "" -N -tc backup.tar 
+users\\edocs \fR
+.PP
+.PP
+Create a tar file of all the files and directories in 
+the share. 
+.PP
+.PP
+\fBsmbclient //mypc/myshare "" -N -Tc backup.tar *
+\fR.PP
+.TP
+\fB-D initial directory\fR
+Change to initial directory before starting. Probably 
+only of any use with the tar -T option. 
+.TP
+\fB-c command string\fR
+command string is a semicolon-separated list of 
+commands to be executed instead of prompting from stdin. \fI -N\fR is implied by \fI-c\fR.
+
+This is particularly useful in scripts and for printing stdin 
+to the server, e.g. \fB-c 'print -'\fR. 
+.SH "OPERATIONS"
+.PP
+Once the client is running, the user is presented with 
+a prompt : 
+.PP
+smb:\\> 
+.PP
+The backslash ("\\") indicates the current working directory 
+on the server, and will change if the current working directory 
+is changed. 
+.PP
+The prompt indicates that the client is ready and waiting to 
+carry out a user command. Each command is a single word, optionally 
+followed by parameters specific to that command. Command and parameters 
+are space-delimited unless these notes specifically
+state otherwise. All commands are case-insensitive. Parameters to 
+commands may or may not be case sensitive, depending on the command. 
+.PP
+You can specify file names which have spaces in them by quoting 
+the name with double quotes, for example "a long file name". 
+.PP
+Parameters shown in square brackets (e.g., "[parameter]") are 
+optional. If not given, the command will use suitable defaults. Parameters 
+shown in angle brackets (e.g., "<parameter>") are required.
+.PP
+Note that all commands operating on the server are actually 
+performed by issuing a request to the server. Thus the behavior may 
+vary from server to server, depending on how the server was implemented. 
+.PP
+The commands available are given here in alphabetical order. 
+.TP
+\fB? [command]\fR
+If \fIcommand\fR is specified, the ? command will display 
+a brief informative message about the specified command. If no 
+command is specified, a list of available commands will
+be displayed. 
+.TP
+\fB! [shell command]\fR
+If \fIshell command\fR is specified, the ! 
+command will execute a shell locally and run the specified shell 
+command. If no command is specified, a local shell will be run. 
+.TP
+\fBaltname file\fR
+The client will request that the server return
+the "alternate" name (the 8.3 name) for a file or directory.
+.TP
+\fBcancel jobid0 [jobid1] ... [jobidN]\fR
+The client will request that the server cancel
+the printjobs identified by the given numeric print job ids.
+.TP
+\fBchmod file mode in octal\fR
+This command depends on the server supporting the CIFS
+UNIX extensions and will fail if the server does not. The client requests that the server
+change the UNIX permissions to the given octal mode, in standard UNIX format.
+.TP
+\fBchown file uid gid\fR
+This command depends on the server supporting the CIFS
+UNIX extensions and will fail if the server does not. The client requests that the server
+change the UNIX user and group ownership to the given decimal values. Note there is
+currently no way to remotely look up the UNIX uid and gid values for a given name.
+This may be addressed in future versions of the CIFS UNIX extensions.
+.TP
+\fBcd [directory name]\fR
+If "directory name" is specified, the current 
+working directory on the server will be changed to the directory 
+specified. This operation will fail if for any reason the specified 
+directory is inaccessible. 
+
+If no directory name is specified, the current working 
+directory on the server will be reported. 
+.TP
+\fBdel <mask>\fR
+The client will request that the server attempt 
+to delete all files matching \fImask\fR from the current working 
+directory on the server. 
+.TP
+\fBdir <mask>\fR
+A list of the files matching \fImask\fR in the current 
+working directory on the server will be retrieved from the server 
+and displayed. 
+.TP
+\fBexit\fR
+Terminate the connection with the server and exit 
+from the program. 
+.TP
+\fBget <remote file name> [local file name]\fR
+Copy the file called \fIremote file name\fR from 
+the server to the machine running the client. If specified, name 
+the local copy \fIlocal file name\fR. Note that all transfers in 
+\fBsmbclient\fR are binary. See also the 
+lowercase command. 
+.TP
+\fBhelp [command]\fR
+See the ? command above. 
+.TP
+\fBlcd [directory name]\fR
+If \fIdirectory name\fR is specified, the current 
+working directory on the local machine will be changed to 
+the directory specified. This operation will fail if for any 
+reason the specified directory is inaccessible. 
+
+If no directory name is specified, the name of the 
+current working directory on the local machine will be reported. 
+.TP
+\fBlink source destination\fR
+This command depends on the server supporting the CIFS
+UNIX extensions and will fail if the server does not. The client requests that the server
+create a hard link between the source and destination files. The source file
+must not exist.
+.TP
+\fBlowercase\fR
+Toggle lowercasing of filenames for the get and 
+mget commands. 
+
+When lowercasing is toggled ON, local filenames are converted 
+to lowercase when using the get and mget commands. This is
+often useful when copying (say) MSDOS files from a server, because 
+lowercase filenames are the norm on UNIX systems. 
+.TP
+\fBls <mask>\fR
+See the dir command above. 
+.TP
+\fBmask <mask>\fR
+This command allows the user to set up a mask 
+which will be used during recursive operation of the mget and 
+mput commands. 
+
+The masks specified to the mget and mput commands act as 
+filters for directories rather than files when recursion is 
+toggled ON. 
+
+The mask specified with the mask command is necessary 
+to filter files within those directories. For example, if the
+mask specified in an mget command is "source*" and the mask 
+specified with the mask command is "*.c" and recursion is 
+toggled ON, the mget command will retrieve all files matching 
+"*.c" in all directories below and including all directories 
+matching "source*" in the current working directory. 
+
+Note that the value for mask defaults to blank (equivalent 
+to "*") and remains so until the mask command is used to change it. 
+It retains the most recently specified value indefinitely. To 
+avoid unexpected results it would be wise to change the value of 
+mask back to "*" after using the mget or mput commands. 
+.TP
+\fBmd <directory name>\fR
+See the mkdir command. 
+.TP
+\fBmget <mask>\fR
+Copy all files matching \fImask\fR from the server to 
+the machine running the client. 
+
+Note that \fImask\fR is interpreted differently during recursive 
+operation and non-recursive operation - refer to the recurse and 
+mask commands for more information. Note that all transfers in 
+\fBsmbclient\fR are binary. See also the lowercase command. 
+.TP
+\fBmkdir <directory name>\fR
+Create a new directory on the server (user access 
+privileges permitting) with the specified name. 
+.TP
+\fBmput <mask>\fR
+Copy all files matching \fImask\fR in the current working 
+directory on the local machine to the current working directory on 
+the server. 
+
+Note that \fImask\fR is interpreted differently during recursive 
+operation and non-recursive operation - refer to the recurse and mask 
+commands for more information. Note that all transfers in \fBsmbclient\fR 
+are binary. 
+.TP
+\fBprint <file name>\fR
+Print the specified file from the local machine 
+through a printable service on the server. 
+
+See also the printmode command.
+.TP
+\fBprintmode <graphics or text>\fR
+Set the print mode to suit either binary data 
+(such as graphical information) or text. Subsequent print
+commands will use the currently set print mode. 
+.TP
+\fBprompt\fR
+Toggle prompting for filenames during operation 
+of the mget and mput commands. 
+
+When toggled ON, the user will be prompted to confirm 
+the transfer of each file during these commands. When toggled 
+OFF, all specified files will be transferred without prompting. 
+.TP
+\fBput <local file name> [remote file name]\fR
+Copy the file called \fIlocal file name\fR from the 
+machine running the client to the server. If specified,
+name the remote copy \fIremote file name\fR. Note that all transfers 
+in \fBsmbclient\fR are binary. See also the lowercase command. 
+.TP
+\fBqueue\fR
+Displays the print queue, showing the job id, 
+name, size and current status. 
+.TP
+\fBquit\fR
+See the exit command. 
+.TP
+\fBrd <directory name>\fR
+See the rmdir command. 
+.TP
+\fBrecurse\fR
+Toggle directory recursion for the commands mget 
+and mput. 
+
+When toggled ON, these commands will process all directories 
+in the source directory (i.e., the directory they are copying
+from ) and will recurse into any that match the mask specified 
+to the command. Only files that match the mask specified using 
+the mask command will be retrieved. See also the mask command. 
+
+When recursion is toggled OFF, only files from the current 
+working directory on the source machine that match the mask specified 
+to the mget or mput commands will be copied, and any mask specified 
+using the mask command will be ignored. 
+.TP
+\fBrm <mask>\fR
+Remove all files matching \fImask\fR from the current 
+working directory on the server. 
+.TP
+\fBrmdir <directory name>\fR
+Remove the specified directory (user access 
+privileges permitting) from the server. 
+.TP
+\fBsetmode <filename> <perm=[+|\\-]rsha>\fR
+A version of the DOS attrib command to set 
+file permissions. For example: 
+
+\fBsetmode myfile +r \fR
+
+would make myfile read only. 
+.TP
+\fBsymlink source destination\fR
+This command depends on the server supporting the CIFS
+UNIX extensions and will fail if the server does not. The client requests that the server
+create a symbolic hard link between the source and destination files. The source file
+must not exist. Note that the server will not create a link to any path that lies 
+outside the currently connected share. This is enforced by the Samba server.
+.TP
+\fBtar <c|x>[IXbgNa]\fR
+Performs a tar operation - see the \fI-T
+\fRcommand line option above. Behavior may be affected 
+by the tarmode command (see below). Using g (incremental) and N 
+(newer) will affect tarmode settings. Note that using the "-" option 
+with tar x may not work - use the command line option instead. 
+.TP
+\fBblocksize <blocksize>\fR
+Blocksize. Must be followed by a valid (greater 
+than zero) blocksize. Causes tar file to be written out in 
+\fIblocksize\fR*TBLOCK (usually 512 byte) blocks. 
+.TP
+\fBtarmode <full|inc|reset|noreset>\fR
+Changes tar's behavior with regard to archive 
+bits. In full mode, tar will back up everything regardless of the 
+archive bit setting (this is the default mode). In incremental mode, 
+tar will only back up files with the archive bit set. In reset mode, 
+tar will reset the archive bit on all files it backs up (implies 
+read/write share). 
+.SH "NOTES"
+.PP
+Some servers are fussy about the case of supplied usernames, 
+passwords, share names (AKA service names) and machine names. 
+If you fail to connect try giving all parameters in uppercase. 
+.PP
+It is often necessary to use the -n option when connecting 
+to some types of servers. For example OS/2 LanManager insists 
+on a valid NetBIOS name being used, so you need to supply a valid 
+name that would be known to the server.
+.PP
+smbclient supports long file names where the server 
+supports the LANMAN2 protocol or above. 
+.SH "ENVIRONMENT VARIABLES"
+.PP
+The variable \fBUSER\fR may contain the 
+username of the person using the client. This information is 
+used only if the protocol level is high enough to support 
+session-level passwords.
+.PP
+The variable \fBPASSWD\fR may contain 
+the password of the person using the client. This information is 
+used only if the protocol level is high enough to support 
+session-level passwords. 
+.PP
+The variable \fBLIBSMB_PROG\fR may contain 
+the path, executed with system(), which the client should connect 
+to instead of connecting to a server. This functionality is primarily
+intended as a development aid, and works best when using a LMHOSTS 
+file
+.SH "INSTALLATION"
+.PP
+The location of the client program is a matter for 
+individual system administrators. The following are thus
+suggestions only. 
+.PP
+It is recommended that the smbclient software be installed
+in the \fI/usr/local/samba/bin/\fR or \fI /usr/samba/bin/\fR directory, this directory readable 
+by all, writeable only by root. The client program itself should 
+be executable by all. The client should \fBNOT\fR be 
+setuid or setgid! 
+.PP
+The client log files should be put in a directory readable 
+and writeable only by the user. 
+.PP
+To test the client, you will need to know the name of a 
+running SMB/CIFS server. It is possible to run \fBsmbd(8)
+\fRas an ordinary user - running that server as a daemon 
+on a user-accessible port (typically any port number over 1024)
+would provide a suitable test server. 
+.SH "DIAGNOSTICS"
+.PP
+Most diagnostics issued by the client are logged in a 
+specified log file. The log file name is specified at compile time, 
+but may be overridden on the command line. 
+.PP
+The number and nature of diagnostics available depends 
+on the debug level used by the client. If you have problems, 
+set the debug level to 3 and peruse the log files. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
new file mode 100755
index 00000000000..06bf845b1fb
--- /dev/null
+++ b/docs/manpages/smbcontrol.1
@@ -0,0 +1,129 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBCONTROL" "1" "19 November 2002" "" ""
+.SH NAME
+smbcontrol \- send messages to smbd, nmbd or winbindd processes
+.SH SYNOPSIS
+.sp
+\fBsmbcontrol\fR [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  \fB-i\fR
+.sp
+\fBsmbcontrol\fR [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  \fBdestination\fR \fBmessage-type\fR [ \fBparameter\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBsmbcontrol\fR is a very small program, which 
+sends messages to an smbd(8) 
+an nmbd(8)
+or a winbindd(8) 
+daemon running on the system.
+.SH "OPTIONS"
+.TP
+\fB-d <debuglevel>\fR
+debuglevel is an integer from 0 to 10.
+.TP
+\fB-s <smb.conf>\fR
+This parameter specifies the pathname to
+the Samba configuration file,  smb.conf(5) This file controls all aspects of
+the Samba setup on the machine.
+.TP
+\fB-i\fR
+Run interactively. Individual commands 
+of the form destination message-type parameters can be entered 
+on STDIN. An empty command line or a "q" will quit the 
+program.
+.TP
+\fBdestination\fR
+One of \fInmbd\fR
+\fIsmbd\fR or a process ID.
+
+The \fIsmbd\fR destination causes the 
+message to "broadcast" to all smbd daemons.
+
+The \fInmbd\fR destination causes the 
+message to be sent to the nmbd daemon specified in the 
+\fInmbd.pid\fR file.
+
+If a single process ID is given, the message is sent 
+to only that process.
+.TP
+\fBmessage-type\fR
+One of: close-share,
+debug, 
+force-election, ping
+, profile,  debuglevel, profilelevel, 
+or printer-notify.
+
+The close-share message-type sends a 
+message to smbd which will then close the client connections to
+the named share. Note that this doesn't affect client connections
+to any other shares. This message-type takes an argument of the
+share name for which client connections will be closed, or the
+"*" character which will close all currently open shares.
+This may be useful if you made changes to the access controls on the share.
+This message can only be sent to smbd.
+
+The debug message-type allows 
+the debug level to be set to the value specified by the 
+parameter. This can be sent to any of the destinations.
+
+The force-election message-type can only be 
+sent to the nmbd destination. This message 
+causes the \fBnmbd\fR daemon to force a new browse
+master election.
+
+The ping message-type sends the 
+number of "ping" messages specified by the parameter and waits 
+for the same number of reply "pong" messages. This can be sent to 
+any of the destinations.
+
+The profile message-type sends a 
+message to an smbd to change the profile settings based on the 
+parameter. The parameter can be "on" to turn on profile stats 
+collection, "off" to turn off profile stats collection, "count"
+to enable only collection of count stats (time stats are 
+disabled), and "flush" to zero the current profile stats. This can 
+be sent to any smbd or nmbd destinations.
+
+The debuglevel message-type sends 
+a "request debug level" message. The current debug level setting 
+is returned by a "debuglevel" message. This can be 
+sent to any of the destinations.
+
+The profilelevel message-type sends 
+a "request profile level" message. The current profile level 
+setting is returned by a "profilelevel" message. This can be sent 
+to any smbd or nmbd destinations.
+
+The printer-notify message-type sends a 
+message to smbd which in turn sends a printer notify message to 
+any Windows NT clients connected to a printer. This message-type 
+takes an argument of the printer name to send notify messages to. 
+This message can only be sent to smbd.
+.TP
+\fBparameters\fR
+any parameters required for the message-type
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBnmbd(8)\fR 
+and \fBsmbd(8)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
new file mode 100755
index 00000000000..6114b5b7cc7
--- /dev/null
+++ b/docs/manpages/smbd.8
@@ -0,0 +1,316 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBD" "8" "19 November 2002" "" ""
+.SH NAME
+smbd \- server to provide SMB/CIFS services to clients
+.SH SYNOPSIS
+.sp
+\fBsmbd\fR [ \fB-D\fR ]  [ \fB-a\fR ]  [ \fB-i\fR ]  [ \fB-o\fR ]  [ \fB-P\fR ]  [ \fB-h\fR ]  [ \fB-V\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-l <log directory>\fR ]  [ \fB-p <port number>\fR ]  [ \fB-O <socket option>\fR ]  [ \fB-s <configuration file>\fR ] 
+.SH "DESCRIPTION"
+.PP
+This program is part of the Samba suite.
+.PP
+\fBsmbd\fR is the server daemon that 
+provides filesharing and printing services to Windows clients. 
+The server provides filespace and printer services to
+clients using the SMB (or CIFS) protocol. This is compatible 
+with the LanManager protocol, and can service LanManager 
+clients. These include MSCLIENT 3.0 for DOS, Windows for 
+Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, 
+OS/2, DAVE for Macintosh, and smbfs for Linux.
+.PP
+An extensive description of the services that the 
+server can provide is given in the man page for the 
+configuration file controlling the attributes of those 
+services (see \fIsmb.conf(5)
+\fR This man page will not describe the 
+services, but will concentrate on the administrative aspects 
+of running the server.
+.PP
+Please note that there are significant security 
+implications to running this server, and the \fIsmb.conf(5)\fR 
+manpage should be regarded as mandatory reading before
+proceeding with installation.
+.PP
+A session is created whenever a client requests one. 
+Each client gets a copy of the server for each session. This 
+copy then services all connections made by the client during 
+that session. When all connections from its client are closed, 
+the copy of the server for that client terminates.
+.PP
+The configuration file, and any files that it includes, 
+are automatically reloaded every minute, if they change. You 
+can force a reload by sending a SIGHUP to the server. Reloading 
+the configuration file will not affect connections to any service 
+that is already established. Either the user will have to 
+disconnect from the service, or \fBsmbd\fR killed and restarted.
+.SH "OPTIONS"
+.TP
+\fB-D\fR
+If specified, this parameter causes 
+the server to operate as a daemon. That is, it detaches 
+itself and runs in the background, fielding requests 
+on the appropriate port. Operating the server as a
+daemon is the recommended way of running \fBsmbd\fR for 
+servers that provide more than casual use file and 
+print services. This switch is assumed if \fBsmbd
+\fRis executed on the command line of a shell.
+.TP
+\fB-a\fR
+If this parameter is specified, each new 
+connection will append log messages to the log file. 
+This is the default.
+.TP
+\fB-i\fR
+If this parameter is specified it causes the
+server to run "interactively", not as a daemon, even if the
+server is executed on the command line of a shell. Setting this
+parameter negates the implicit deamon mode when run from the
+command line.
+.TP
+\fB-o\fR
+If this parameter is specified, the 
+log files will be overwritten when opened. By default, 
+\fBsmbd\fR will append entries to the log 
+files.
+.TP
+\fB-P\fR
+Passive option. Causes \fBsmbd\fR not to 
+send any network traffic out. Used for debugging by 
+the developers only.
+.TP
+\fB-h\fR
+Prints the help information (usage) 
+for \fBsmbd\fR.
+.TP
+\fB-v\fR
+Prints the version number for 
+\fBsmbd\fR.
+.TP
+\fB-d <debug level>\fR
+\fIdebuglevel\fR is an integer 
+from 0 to 10. The default value if this parameter is 
+not specified is zero.
+
+The higher this value, the more detail will be 
+logged to the log files about the activities of the 
+server. At level 0, only critical errors and serious 
+warnings will be logged. Level 1 is a reasonable level for
+day to day running - it generates a small amount of
+information about operations carried out.
+
+Levels above 1 will generate considerable 
+amounts of log data, and should only be used when 
+investigating a problem. Levels above 3 are designed for 
+use only by developers and generate HUGE amounts of log
+data, most of which is extremely cryptic.
+
+Note that specifying this parameter here will 
+override the log
+level file.
+.TP
+\fB-l <log directory>\fR
+If specified,
+\fIlog directory\fR 
+specifies a log directory into which the "log.smbd" log
+file will be created for informational and debug 
+messages from the running server. The log 
+file generated is never removed by the server although 
+its size may be controlled by the max log size
+option in the \fI smb.conf(5)\fR file. \fBBeware:\fR
+If the directory specified does not exist, \fBsmbd\fR
+will log to the default debug log location defined at compile time.
+
+The default log directory is specified at
+compile time.
+.TP
+\fB-O <socket options>\fR
+See the socket options 
+parameter in the \fIsmb.conf(5)
+\fR file for details.
+.TP
+\fB-p <port number>\fR
+\fIport number\fR is a positive integer
+value. The default value if this parameter is not 
+specified is 139.
+
+This number is the port number that will be 
+used when making connections to the server from client 
+software. The standard (well-known) port number for the 
+SMB over TCP is 139, hence the default. If you wish to
+run the server as an ordinary user rather than
+as root, most systems will require you to use a port 
+number greater than 1024 - ask your system administrator 
+for help if you are in this situation.
+
+In order for the server to be useful by most 
+clients, should you configure it on a port other 
+than 139, you will require port redirection services 
+on port 139, details of which are outlined in rfc1002.txt 
+section 4.3.5.
+
+This parameter is not normally specified except 
+in the above situation.
+.TP
+\fB-s <configuration file>\fR
+The file specified contains the 
+configuration details required by the server. The 
+information in this file includes server-specific
+information such as what printcap file to use, as well 
+as descriptions of all the services that the server is 
+to provide. See \fI smb.conf(5)\fR for more information.
+The default configuration file name is determined at
+compile time.
+.SH "FILES"
+.TP
+\fB\fI/etc/inetd.conf\fB\fR
+If the server is to be run by the
+\fBinetd\fR meta-daemon, this file 
+must contain suitable startup information for the 
+meta-daemon. See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/etc/rc\fB\fR
+or whatever initialization script your
+system uses).
+
+If running the server as a daemon at startup,
+this file will need to contain an appropriate startup
+sequence for the server. See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/etc/services\fB\fR
+If running the server via the
+meta-daemon \fBinetd\fR, this file
+must contain a mapping of service name (e.g., netbios-ssn)
+to service port (e.g., 139) and protocol type (e.g., tcp).
+See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+This is the default location of the
+\fIsmb.conf\fR
+server configuration file. Other common places that systems
+install this file are \fI/usr/samba/lib/smb.conf\fR
+and \fI/etc/smb.conf\fR.
+
+This file describes all the services the server
+is to make available to clients. See  \fIsmb.conf(5)\fR for more information.
+.SH "LIMITATIONS"
+.PP
+On some systems \fBsmbd\fR cannot change uid back
+to root after a setuid() call. Such systems are called
+trapdoor uid systems. If you have such a system,
+you will be unable to connect from a client (such as a PC) as
+two different users at once. Attempts to connect the
+second user will result in access denied or 
+similar.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBPRINTER\fR
+If no printer name is specified to 
+printable services, most systems will use the value of 
+this variable (or lp if this variable is 
+not defined) as the name of the printer to use. This 
+is not specific to the server, however.
+.SH "PAM INTERACTION"
+.PP
+Samba uses PAM for authentication (when presented with a plaintext
+password), for account checking (is this account disabled?) and for
+session management. The degree too which samba supports PAM is restricted
+by the limitations of the SMB protocol and the
+obey pam restricions
+smb.conf paramater. When this is set, the following restrictions apply:
+.TP 0.2i
+\(bu
+\fBAccount Validation\fR: All acccesses to a 
+samba server are checked 
+against PAM to see if the account is vaild, not disabled and is permitted to 
+login at this time. This also applies to encrypted logins.
+.TP 0.2i
+\(bu
+\fBSession Management\fR: When not using share 
+level secuirty, users must pass PAM's session checks before access
+is granted. Note however, that this is bypassed in share level secuirty. 
+Note also that some older pam configuration files may need a line 
+added for session support. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite.
+.SH "TROUBLESHOOTING"
+.PP
+One of the common causes of difficulty when installing Samba and SWAT
+is the existsnece of some type of firewall or port filtering software
+on the Samba server. Make sure that the appropriate ports
+outlined in this man page are available on the server and are not currently
+being blocked by some type of security software such as iptables or
+"port sentry". For more troubleshooting information, refer to the additional
+documentation included in the Samba distribution.
+.PP
+Most diagnostics issued by the server are logged
+in a specified log file. The log file name is specified
+at compile time, but may be overridden on the command line.
+.PP
+The number and nature of diagnostics available depends
+on the debug level used by the server. If you have problems, set
+the debug level to 3 and peruse the log files.
+.PP
+Most messages are reasonably self-explanatory. Unfortunately,
+at the time this man page was created, there are too many diagnostics
+available in the source code to warrant describing each and every
+diagnostic. At this stage your best bet is still to grep the
+source code and inspect the conditions that gave rise to the
+diagnostics you are seeing.
+.SH "SIGNALS"
+.PP
+Sending the \fBsmbd\fR a SIGHUP will cause it to
+reload its \fIsmb.conf\fR configuration
+file within a short period of time.
+.PP
+To shut down a user's \fBsmbd\fR process it is recommended
+that \fBSIGKILL (-9)\fR \fBNOT\fR
+be used, except as a last resort, as this may leave the shared
+memory area in an inconsistent state. The safe way to terminate
+an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for
+it to die on its own.
+.PP
+The debug log level of \fBsmbd\fR may be raised
+or lowered using \fBsmbcontrol(1)
+\fR program (SIGUSR[1|2] signals are no longer used in
+Samba 2.2). This is to allow transient problems to be diagnosed,
+whilst still running at a normally low log level.
+.PP
+Note that as the signal handlers send a debug write, 
+they are not re-entrant in \fBsmbd\fR. This you should wait until 
+\fBsmbd\fR is in a state of waiting for an incoming SMB before 
+issuing them. It is possible to make the signal handlers safe 
+by un-blocking the signals before the select call and re-blocking 
+them after, however this would affect performance.
+.SH "SEE ALSO"
+.PP
+hosts_access(5), \fBinetd(8)\fR, 
+\fBnmbd(8)\fR 
+\fIsmb.conf(5)\fR
+ \fBsmbclient(1)
+\fR and the Internet RFC's
+\fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
+In addition the CIFS (formerly SMB) specification is available 
+as a link from the Web page  
+http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8
new file mode 100755
index 00000000000..4da76c737d6
--- /dev/null
+++ b/docs/manpages/smbmnt.8
@@ -0,0 +1,63 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBMNT" "8" "19 November 2002" "" ""
+.SH NAME
+smbmnt \- helper utility for mounting SMB filesystems
+.SH SYNOPSIS
+.sp
+\fBsmbmnt\fR \fBmount-point\fR [ \fB-s <share>\fR ]  [ \fB-r\fR ]  [ \fB-u <uid>\fR ]  [ \fB-g <gid>\fR ]  [ \fB-f <mask>\fR ]  [ \fB-d <mask>\fR ]  [ \fB-o <options>\fR ] 
+.SH "DESCRIPTION"
+.PP
+\fBsmbmnt\fR is a helper application used 
+by the smbmount program to do the actual mounting of SMB shares. 
+\fBsmbmnt\fR can be installed setuid root if you want
+normal users to be able to mount their SMB shares.
+.PP
+A setuid smbmnt will only allow mounts on directories owned
+by the user, and that the user has write permission on.
+.PP
+The \fBsmbmnt\fR program is normally invoked 
+by \fBsmbmount(8)\fR
+ It should not be invoked directly by users. 
+.PP
+smbmount searches the normal PATH for smbmnt. You must ensure
+that the smbmnt version in your path matches the smbmount used.
+.SH "OPTIONS"
+.TP
+\fB-r\fR
+mount the filesystem read-only 
+.TP
+\fB-u uid\fR
+specify the uid that the files will 
+be owned by 
+.TP
+\fB-g gid\fR
+specify the gid that the files will be 
+owned by 
+.TP
+\fB-f mask\fR
+specify the octal file mask applied
+.TP
+\fB-d mask\fR
+specify the octal directory mask 
+applied 
+.TP
+\fB-o options\fR
+list of options that are passed as-is to smbfs, if this
+command is run on a 2.4 or higher Linux kernel.
+.SH "AUTHOR"
+.PP
+Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+and others.
+.PP
+The current maintainer of smbfs and the userspace
+tools \fBsmbmount\fR, \fBsmbumount\fR,
+and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
+The SAMBA Mailing list <URL:mailto:samba@samba.org>
+is the preferred place to ask questions regarding these programs.
+.PP
+The conversion of this manpage for Samba 2.2 was performed 
+by Gerald Carter
diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8
new file mode 100755
index 00000000000..b195b80c733
--- /dev/null
+++ b/docs/manpages/smbmount.8
@@ -0,0 +1,216 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBMOUNT" "8" "19 November 2002" "" ""
+.SH NAME
+smbmount \- mount an smbfs filesystem
+.SH SYNOPSIS
+.sp
+\fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] 
+.SH "DESCRIPTION"
+.PP
+\fBsmbmount\fR mounts a Linux SMB filesystem. It 
+is usually invoked as \fBmount.smbfs\fR by
+the \fBmount(8)\fR command when using the 
+"-t smbfs" option. This command only works in Linux, and the kernel must
+support the smbfs filesystem. 
+.PP
+Options to \fBsmbmount\fR are specified as a comma-separated
+list of key=value pairs. It is possible to send options other
+than those listed here, assuming that smbfs supports them. If
+you get mount failures, check your kernel log for errors on
+unknown options.
+.PP
+\fBsmbmount\fR is a daemon. After mounting it keeps running until
+the mounted smbfs is umounted. It will log things that happen
+when in daemon mode using the "machine name" smbmount, so
+typically this output will end up in \fIlog.smbmount\fR. The
+\fBsmbmount\fR process may also be called mount.smbfs.
+.PP
+\fBNOTE:\fR \fBsmbmount\fR 
+calls \fBsmbmnt(8)\fR to do the actual mount. You 
+must make sure that \fBsmbmnt\fR is in the path so 
+that it can be found. 
+.SH "OPTIONS"
+.TP
+\fBusername=<arg>\fR
+specifies the username to connect as. If
+this is not given, then the environment variable \fB USER\fR is used. This option can also take the
+form "user%password" or "user/workgroup" or
+"user/workgroup%password" to allow the password and workgroup
+to be specified as part of the username.
+.TP
+\fBpassword=<arg>\fR
+specifies the SMB password. If this
+option is not given then the environment variable
+\fBPASSWD\fR is used. If it can find
+no password \fBsmbmount\fR will prompt
+for a passeword, unless the guest option is
+given. 
+
+Note that password which contain the arguement delimiter
+character (i.e. a comma ',') will failed to be parsed correctly
+on the command line. However, the same password defined
+in the PASSWD environment variable or a credentials file (see
+below) will be read correctly.
+.TP
+\fBcredentials=<filename>\fR
+specifies a file that contains a username
+and/or password. The format of the file is:
+
+.sp
+.nf
+		username = <value>
+		password = <value>
+		
+.sp
+.fi
+
+This is preferred over having passwords in plaintext in a
+shared file, such as \fI/etc/fstab\fR. Be sure to protect any
+credentials file properly.
+.TP
+\fBnetbiosname=<arg>\fR
+sets the source NetBIOS name. It defaults 
+to the local hostname. 
+.TP
+\fBuid=<arg>\fR
+sets the uid that will own all files on
+the mounted filesystem.
+It may be specified as either a username or a numeric uid.
+.TP
+\fBgid=<arg>\fR
+sets the gid that will own all files on
+the mounted filesystem.
+It may be specified as either a groupname or a numeric 
+gid. 
+.TP
+\fBport=<arg>\fR
+sets the remote SMB port number. The default 
+is 139. 
+.TP
+\fBfmask=<arg>\fR
+sets the file mask. This determines the 
+permissions that remote files have in the local filesystem. 
+The default is based on the current umask. 
+.TP
+\fBdmask=<arg>\fR
+sets the directory mask. This determines the 
+permissions that remote directories have in the local filesystem. 
+The default is based on the current umask. 
+.TP
+\fBdebug=<arg>\fR
+sets the debug level. This is useful for 
+tracking down SMB connection problems. A suggested value to
+start with is 4. If set too high there will be a lot of
+output, possibly hiding the useful output.
+.TP
+\fBip=<arg>\fR
+sets the destination host or IP address.
+.TP
+\fBworkgroup=<arg>\fR
+sets the workgroup on the destination 
+.TP
+\fBsockopt=<arg>\fR
+sets the TCP socket options. See the \fIsmb.conf
+\fR \fIsocket options\fR option.
+.TP
+\fBscope=<arg>\fR
+sets the NetBIOS scope 
+.TP
+\fBguest\fR
+don't prompt for a password 
+.TP
+\fBro\fR
+mount read-only 
+.TP
+\fBrw\fR
+mount read-write 
+.TP
+\fBiocharset=<arg>\fR
+sets the charset used by the Linux side for codepage
+to charset translations (NLS). Argument should be the
+name of a charset, like iso8859-1. (Note: only kernel
+2.4.0 or later)
+.TP
+\fBcodepage=<arg>\fR
+sets the codepage the server uses. See the iocharset
+option. Example value cp850. (Note: only kernel 2.4.0
+or later)
+.TP
+\fBttl=<arg>\fR
+how long a directory listing is cached in milliseconds
+(also affects visibility of file size and date
+changes). A higher value means that changes on the
+server take longer to be noticed but it can give
+better performance on large directories, especially
+over long distances. Default is 1000ms but something
+like 10000ms (10 seconds) is probably more reasonable
+in many cases.
+(Note: only kernel 2.4.2 or later)
+.SH "ENVIRONMENT VARIABLES"
+.PP
+The variable \fBUSER\fR may contain the username of the
+person using the client. This information is used only if the
+protocol level is high enough to support session-level
+passwords. The variable can be used to set both username and
+password by using the format username%password.
+.PP
+The variable \fBPASSWD\fR may contain the password of the
+person using the client. This information is used only if the
+protocol level is high enough to support session-level
+passwords.
+.PP
+The variable \fBPASSWD_FILE\fR may contain the pathname
+of a file to read the password from. A single line of input is
+read and used as the password.
+.SH "BUGS"
+.PP
+Passwords and other options containing , can not be handled.
+For passwords an alternative way of passing them is in a credentials
+file or in the PASSWD environment.
+.PP
+The credentials file does not handle usernames or passwords with
+leading space.
+.PP
+One smbfs bug is important enough to mention here, even if it
+is a bit misplaced:
+.TP 0.2i
+\(bu
+Mounts sometimes stop working. This is usually
+caused by smbmount terminating. Since smbfs needs smbmount to
+reconnect when the server disconnects, the mount will eventually go
+dead. An umount/mount normally fixes this. At least 2 ways to
+trigger this bug are known.
+.PP
+Note that the typical response to a bug report is suggestion
+to try the latest version first. So please try doing that first,
+and always include which versions you use of relevant software
+when reporting bugs (minimum: samba, kernel, distribution)
+.PP
+.SH "SEE ALSO"
+.PP
+Documentation/filesystems/smbfs.txt in the linux kernel
+source tree may contain additional options and information.
+.PP
+FreeBSD also has a smbfs, but it is not related to smbmount
+.PP
+For Solaris, HP-UX and others you may want to look at
+\fBsmbsh(1)\fR or at other
+solutions, such as sharity or perhaps replacing the SMB server with
+a NFS server.
+.SH "AUTHOR"
+.PP
+Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+and others.
+.PP
+The current maintainer of smbfs and the userspace
+tools \fBsmbmount\fR, \fBsmbumount\fR,
+and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
+The SAMBA Mailing list <URL:mailto:samba@samba.org>
+is the preferred place to ask questions regarding these programs.
+.PP
+The conversion of this manpage for Samba 2.2 was performed 
+by Gerald Carter
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
new file mode 100755
index 00000000000..474429c9a51
--- /dev/null
+++ b/docs/manpages/smbpasswd.5
@@ -0,0 +1,159 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBPASSWD" "5" "19 November 2002" "" ""
+.SH NAME
+smbpasswd \- The Samba encrypted password file
+.SH SYNOPSIS
+.PP
+\fIsmbpasswd\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+smbpasswd is the Samba encrypted password file. It contains 
+the username, Unix user id and the SMB hashed passwords of the 
+user, as well as account flag information and the time the 
+password was last changed. This file format has been evolving with 
+Samba and has had several different formats in the past. 
+.SH "FILE FORMAT"
+.PP
+The format of the smbpasswd file used by Samba 2.2 
+is very similar to the familiar Unix \fIpasswd(5)\fR 
+file. It is an ASCII file containing one line for each user. Each field 
+within each line is separated from the next by a colon. Any entry 
+beginning with '#' is ignored. The smbpasswd file contains the 
+following information for each user: 
+.TP
+\fBname\fR
+This is the user name. It must be a name that 
+already exists in the standard UNIX passwd file. 
+.TP
+\fBuid\fR
+This is the UNIX uid. It must match the uid
+field for the same user entry in the standard UNIX passwd file. 
+If this does not match then Samba will refuse to recognize 
+this smbpasswd file entry as being valid for a user. 
+.TP
+\fBLanman Password Hash\fR
+This is the LANMAN hash of the user's password, 
+encoded as 32 hex digits. The LANMAN hash is created by DES 
+encrypting a well known string with the user's password as the 
+DES key. This is the same password used by Windows 95/98 machines. 
+Note that this password hash is regarded as weak as it is
+vulnerable to dictionary attacks and if two users choose the 
+same password this entry will be identical (i.e. the password 
+is not "salted" as the UNIX password is). If the user has a 
+null password this field will contain the characters "NO PASSWORD" 
+as the start of the hex string. If the hex string is equal to 
+32 'X' characters then the user's account is marked as 
+disabled and the user will not be able to 
+log onto the Samba server. 
+
+\fBWARNING !!\fR Note that, due to 
+the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will 
+be able to impersonate the user on the network. For this
+reason these hashes are known as \fBplain text 
+equivalents\fR and must \fBNOT\fR be made 
+available to anyone but the root user. To protect these passwords 
+the smbpasswd file is placed in a directory with read and 
+traverse access only to the root user and the smbpasswd file 
+itself must be set to be read/write only by root, with no
+other access. 
+.TP
+\fBNT Password Hash\fR
+This is the Windows NT hash of the user's 
+password, encoded as 32 hex digits. The Windows NT hash is 
+created by taking the user's password as represented in 
+16-bit, little-endian UNICODE and then applying the MD4 
+(internet rfc1321) hashing algorithm to it. 
+
+This password hash is considered more secure than
+the LANMAN Password Hash as it preserves the case of the 
+password and uses a much higher quality hashing algorithm. 
+However, it is still the case that if two users choose the same 
+password this entry will be identical (i.e. the password is 
+not "salted" as the UNIX password is). 
+
+\fBWARNING !!\fR. Note that, due to 
+the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will 
+be able to impersonate the user on the network. For this
+reason these hashes are known as \fBplain text 
+equivalents\fR and must \fBNOT\fR be made 
+available to anyone but the root user. To protect these passwords 
+the smbpasswd file is placed in a directory with read and 
+traverse access only to the root user and the smbpasswd file 
+itself must be set to be read/write only by root, with no
+other access. 
+.TP
+\fBAccount Flags\fR
+This section contains flags that describe 
+the attributes of the users account. In the Samba 2.2 release 
+this field is bracketed by '[' and ']' characters and is always 
+13 characters in length (including the '[' and ']' characters).
+The contents of this field may be any of the characters.
+.RS
+.TP 0.2i
+\(bu
+\fBU\fR - This means 
+this is a "User" account, i.e. an ordinary user. Only User 
+and Workstation Trust accounts are currently supported 
+in the smbpasswd file. 
+.TP 0.2i
+\(bu
+\fBN\fR - This means the
+account has no password (the passwords in the fields LANMAN 
+Password Hash and NT Password Hash are ignored). Note that this 
+will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
+\fR config file. 
+.TP 0.2i
+\(bu
+\fBD\fR - This means the account 
+is disabled and no SMB/CIFS logins will be allowed for 
+this user. 
+.TP 0.2i
+\(bu
+\fBW\fR - This means this account 
+is a "Workstation Trust" account. This kind of account is used 
+in the Samba PDC code stream to allow Windows NT Workstations 
+and Servers to join a Domain hosted by a Samba PDC. 
+.RE
+.PP
+Other flags may be added as the code is extended in future.
+The rest of this field space is filled in with spaces. 
+.PP
+.TP
+\fBLast Change Time\fR
+This field consists of the time the account was 
+last modified. It consists of the characters 'LCT-' (standing for 
+"Last Change Time") followed by a numeric encoding of the UNIX time 
+in seconds since the epoch (1970) that the last change was made. 
+.PP
+All other colon separated fields are ignored at this time.
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbpasswd(8)\fR 
+samba(7) and
+the Internet RFC1321 for details on the MD4 algorithm.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
new file mode 100755
index 00000000000..064788cef5b
--- /dev/null
+++ b/docs/manpages/smbpasswd.8
@@ -0,0 +1,387 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBPASSWD" "8" "30 March 2003" "" ""
+.SH NAME
+smbpasswd \- change a user's SMB password
+.SH SYNOPSIS
+.PP
+When run by root:
+.sp
+\fBsmbpasswd\fR [ \fBoptions\fR ]  [ \fBusername\fR ]  [ \fBpassword\fR ] 
+.PP
+otherwise:
+.sp
+\fBsmbpasswd\fR [ \fBoptions\fR ]  [ \fBpassword\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+The smbpasswd program has several different 
+functions, depending on whether it is run by the \fBroot\fR 
+user or not. When run as a normal user it allows the user to change 
+the password used for their SMB sessions on any machines that store 
+SMB passwords. 
+.PP
+By default (when run with no arguments) it will attempt to 
+change the current user's SMB password on the local machine. This is 
+similar to the way the \fBpasswd(1)\fR program works. 
+\fBsmbpasswd\fR differs from how the passwd program works 
+however in that it is not \fBsetuid root\fR but works in 
+a client-server mode and communicates with a locally running
+\fBsmbd(8)\fR. As a consequence in order for this to 
+succeed the smbd daemon must be running on the local machine. On a 
+UNIX machine the encrypted SMB passwords are usually stored in 
+the \fIsmbpasswd(5)\fR file. 
+.PP
+When run by an ordinary user with no options. smbpasswd 
+will prompt them for their old SMB password and then ask them 
+for their new password twice, to ensure that the new password
+was typed correctly. No passwords will be echoed on the screen 
+whilst being typed. If you have a blank SMB password (specified by 
+the string "NO PASSWORD" in the smbpasswd file) then just press 
+the <Enter> key when asked for your old password. 
+.PP
+smbpasswd can also be used by a normal user to change their
+SMB password on remote machines, such as Windows NT Primary Domain 
+Controllers. See the (-r) and -U options below. 
+.PP
+When run by root, smbpasswd allows new users to be added 
+and deleted in the smbpasswd file, as well as allows changes to 
+the attributes of the user in this file to be made. When run by root, 
+\fBsmbpasswd\fR accesses the local smbpasswd file 
+directly, thus enabling changes to be made even if smbd is not 
+running. 
+.PP
+\fBsmbpasswd\fR can also be used to retrieve 
+the SIDs related to previous incarnations of this server on the
+same machine, as well as set the SID of this domain. This is needed
+in those cases when the admin changes the NetBIOS or DNS name of 
+the server without realizing that doing so will change the SID of
+the server as well. See the -W and -X options below. 
+.SH "OPTIONS"
+.TP
+\fB-L\fR
+Run the smbpasswd command in local mode. This 
+allows a non-root user to specify the root-only options. This 
+is used mostly in test environments where a non-root user needs
+to make changes to the local \fIsmbpasswd\fR file.
+The \fIsmbpasswd\fR file must have read/write 
+permissions for the user running the command.
+.TP
+\fB-h\fR
+This option prints the help string for 
+\fBsmbpasswd\fR. 
+.TP
+\fB-c smb.conf file\fR
+This option specifies that the configuration
+file specified should be used instead of the default value
+specified at compile time. 
+.TP
+\fB-D debuglevel\fR
+\fIdebuglevel\fR is an integer 
+from 0 to 10. The default value if this parameter is not specified 
+is zero. 
+
+The higher this value, the more detail will be logged to the 
+log files about the activities of smbpasswd. At level 0, only 
+critical errors and serious warnings will be logged. 
+
+Levels above 1 will generate considerable amounts of log 
+data, and should only be used when investigating a problem. Levels 
+above 3 are designed for use only by developers and generate
+HUGE amounts of log data, most of which is extremely cryptic. 
+.TP
+\fB-r remote machine name\fR
+This option allows a user to specify what machine 
+they wish to change their password on. Without this parameter 
+smbpasswd defaults to the local host. The \fIremote 
+machine name\fR is the NetBIOS name of the SMB/CIFS 
+server to contact to attempt the password change. This name is 
+resolved into an IP address using the standard name resolution 
+mechanism in all programs of the Samba suite. See the \fI-R 
+name resolve order\fR parameter for details on changing 
+this resolving mechanism. 
+
+The username whose password is changed is that of the 
+current UNIX logged on user. See the \fI-U username\fR
+parameter for details on changing the password for a different 
+username. 
+
+Note that if changing a Windows NT Domain password the 
+remote machine specified must be the Primary Domain Controller for 
+the domain (Backup Domain Controllers only have a read-only
+copy of the user account database and will not allow the password 
+change).
+
+\fBNote\fR that Windows 95/98 do not have 
+a real password database so it is not possible to change passwords 
+specifying a Win95/98 machine as remote machine target. 
+.TP
+\fB-s\fR
+This option causes smbpasswd to be silent (i.e. 
+not issue prompts) and to read its old and new passwords from 
+standard input, rather than from \fI/dev/tty\fR 
+(like the \fBpasswd(1)\fR program does). This option 
+is to aid people writing scripts to drive smbpasswd
+.TP
+\fB-S\fR
+This option causes \fBsmbpasswd\fR
+to query a domain controller of the domain specified 
+by the workgroup
+parameter in \fIsmb.conf\fR and store the
+domain SID in the \fIsecrets.tdb\fR file
+as its own machine SID. This is only useful when configuring
+a Samba PDC and Samba BDC, or when migrating from a Windows PDC
+to a Samba PDC. 
+
+The \fI-r\fR options can be used
+as well to indicate a specific domain controller which should
+be contacted. In this case, the domain SID obtained is the 
+one for the domain to which the remote machine belongs.
+.TP
+\fB-t\fR
+This option is used to force smbpasswd to 
+change the current password assigned to the machine trust account
+when operating in domain security mode. This is really meant to 
+be used on systems that only run \fBwinbindd\fR
+Under server installations, \fBsmbd\fR
+handle the password updates automatically.
+.TP
+\fB-T\fR
+The \fI-T\fR option may be used to
+force samba to use a previously created trust account by allowing
+the trust account hash to be set in the secrets database only. 
+This way, an application can change the trust account password
+and call "smbpasswd -T" so that Samba can continue to work.
+.TP
+\fB-U username[%pass]\fR
+This option may only be used in conjunction 
+with the \fI-r\fR option. When changing
+a password on a remote machine it allows the user to specify 
+the user name on that machine whose password will be changed. It 
+is present to allow users who have different user names on 
+different systems to change these passwords. The optional
+%pass may be used to specify to old password.
+
+In particular, this parameter specifies the username
+used to create the machine account when invoked with -j
+.TP
+\fB-W S-1-5-21-x-y-z\fR
+This option forces the SID S-1-5-21-x-y-z to
+be the server and domain SID for the current Samba server. It
+does this by updating the appropriate keys in the secrets
+file. 
+.TP
+\fB-X server|domain\fR
+This option allows the admin to retrieve the 
+SID associated with a former servername or domain name that
+this Samba server might have used. It does this by retrieving
+the appropriate entry from the secrets file.
+.TP
+\fBNOTE:\fR
+\fBThe following options are available only when the smbpasswd command is
+run as root or in local mode.\fR
+.TP
+\fB-a\fR
+This option specifies that the username 
+following should be added to the local smbpasswd file, with the 
+new password typed. This 
+option is ignored if the username specified already exists in 
+the smbpasswd file and it is treated like a regular change 
+password command. Note that the user to be added must already exist 
+in the system password file (usually \fI/etc/passwd\fR)
+else the request to add the user will fail. 
+.TP
+\fB-d\fR
+This option specifies that the username following 
+should be disabled in the local smbpasswd 
+file. This is done by writing a 'D' flag 
+into the account control space in the smbpasswd file. Once this 
+is done all attempts to authenticate via SMB using this username 
+will fail. 
+
+If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
+format) there is no space in the user's password entry to write
+this information and so the user is disabled by writing 'X' characters 
+into the password space in the smbpasswd file. See \fBsmbpasswd(5)
+\fRfor details on the 'old' and new password file formats.
+.TP
+\fB-e\fR
+This option specifies that the username following 
+should be enabled in the local smbpasswd file, 
+if the account was previously disabled. If the account was not 
+disabled this option has no effect. Once the account is enabled then 
+the user will be able to authenticate via SMB once again. 
+
+If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will prompt for a new password for this user, 
+otherwise the account will be enabled by removing the 'D'
+flag from account control space in the \fI smbpasswd\fR file. See \fBsmbpasswd (5)\fR for 
+details on the 'old' and new password file formats. 
+.TP
+\fB-m\fR
+This option tells smbpasswd that the account 
+being changed is a MACHINE account. Currently this is used 
+when Samba is being used as an NT Primary Domain Controller.
+.TP
+\fB-n\fR
+This option specifies that the username following 
+should have their password set to null (i.e. a blank password) in 
+the local smbpasswd file. This is done by writing the string "NO 
+PASSWORD" as the first part of the first password stored in the 
+smbpasswd file. 
+
+Note that to allow users to logon to a Samba server once 
+the password has been set to "NO PASSWORD" in the smbpasswd
+file the administrator must set the following parameter in the [global]
+section of the \fIsmb.conf\fR file : 
+
+\fBnull passwords = yes\fR
+.TP
+\fB-w password\fR
+This parameter is only available is Samba
+has been configured to use the experimental
+\fB--with-ldapsam\fR option. The \fI-w\fR 
+switch is used to specify the password to be used with the 
+\fIldap admin 
+dn\fR Note that the password is stored in
+the \fIprivate/secrets.tdb\fR and is keyed off 
+of the admin's DN. This means that if the value of \fIldap
+admin dn\fR ever changes, the password will need to be 
+manually updated as well.
+.TP
+\fB-x\fR
+This option specifies that the username 
+following should be deleted from the local smbpasswd file.
+.TP
+\fB-j DOMAIN\fR
+This option is used to add a Samba server 
+into a Windows NT Domain, as a Domain member capable of authenticating 
+user accounts to any Domain Controller in the same way as a Windows 
+NT Server. See the \fBsecurity = domain\fR option in 
+the \fIsmb.conf(5)\fR man page. 
+
+This command can work both with and without the -U parameter. 
+
+When invoked with -U, that username (and optional password) are
+used to contact the PDC (which must be specified with -r) to both
+create a machine account, and to set a password on it.
+
+Alternately, if -U is omitted, Samba will contact its PDC
+and attempt to change the password on a pre-existing account. 
+
+In order to be used in this way, the Administrator for 
+the Windows NT Domain must have used the program "Server Manager 
+for Domains" to add the primary NetBIOS name of the Samba server 
+as a member of the Domain. 
+
+After this has been done, to join the Domain invoke \fB smbpasswd\fR with this parameter. smbpasswd will then 
+look up the Primary Domain Controller for the Domain (found in 
+the \fIsmb.conf\fR file in the parameter 
+\fIpassword server\fR and change the machine account 
+password used to create the secure Domain communication. 
+
+Either way, this password is then stored by smbpasswd in a TDB, 
+writeable only by root, called \fIsecrets.tdb\fR 
+
+Once this operation has been performed the \fI smb.conf\fR file may be updated to set the \fB security = domain\fR option and all future logins
+to the Samba server will be authenticated to the Windows NT 
+PDC. 
+
+Note that even though the authentication is being 
+done to the PDC all users accessing the Samba server must still 
+have a valid UNIX account on that machine. 
+The \fBwinbindd(8)\fR daemon can be used
+to create UNIX accounts for NT users.
+.TP
+\fB-R name resolve order\fR
+This option allows the user of smbpasswd to determine 
+what name resolution services to use when looking up the NetBIOS
+name of the host being connected to. 
+
+The options are :"lmhosts", "host", "wins" and "bcast". They cause 
+names to be resolved as follows : 
+.RS
+.TP 0.2i
+\(bu
+lmhosts : Lookup an IP 
+address in the Samba lmhosts file. If the line in lmhosts has 
+no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
+any name type matches for lookup.
+.TP 0.2i
+\(bu
+host : Do a standard host 
+name to IP address resolution, using the system \fI/etc/hosts
+\fR, NIS, or DNS lookups. This method of name resolution 
+is operating system dependent. For instance, on IRIX or Solaris this 
+may be controlled by the \fI/etc/nsswitch.conf\fR 
+file). Note that this method is only used if the NetBIOS name 
+type being queried is the 0x20 (server) name type, otherwise 
+it is ignored.
+.TP 0.2i
+\(bu
+wins : Query a name with 
+the IP address listed in the \fIwins server\fR 
+parameter. If no WINS server has been specified this method 
+will be ignored.
+.TP 0.2i
+\(bu
+bcast : Do a broadcast on 
+each of the known local interfaces listed in the
+\fIinterfaces\fR parameter. This is the least 
+reliable of the name resolution methods as it depends on the 
+target host being on a locally connected subnet.
+.RE
+.PP
+The default order is \fBlmhosts, host, wins, bcast\fR 
+and without this parameter or any entry in the 
+\fIsmb.conf\fR file the name resolution methods will 
+be attempted in this order. 
+.PP
+.TP
+\fBusername\fR
+This specifies the username for all of the 
+\fBroot only\fR options to operate on. Only root 
+can specify this parameter as only root has the permission needed 
+to modify attributes directly in the local smbpasswd file. 
+.TP
+\fBpassword\fR
+This specifies the new password. If this parameter
+is specified you will not be prompted for the new password.
+.SH "NOTES"
+.PP
+Since \fBsmbpasswd\fR works in client-server 
+mode communicating with a local smbd for a non-root user then 
+the smbd daemon must be running for this to work. A common problem 
+is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a 
+\fIallow hosts\fR or \fIdeny hosts\fR 
+entry in the \fIsmb.conf\fR file and neglecting to 
+allow "localhost" access to the smbd. 
+.PP
+In addition, the smbpasswd command is only useful if Samba
+has been set up to use encrypted passwords. See the file 
+\fIENCRYPTION.txt\fR in the docs directory for details 
+on how to do this. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fIsmbpasswd(5)\fR 
+samba(7)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1
new file mode 100755
index 00000000000..bb3b30433f0
--- /dev/null
+++ b/docs/manpages/smbsh.1
@@ -0,0 +1,172 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBSH" "1" "19 November 2002" "" ""
+.SH NAME
+smbsh \- Allows access to Windows NT filesystem  using UNIX commands
+.SH SYNOPSIS
+.sp
+\fBsmbsh\fR [ \fB-W workgroup\fR ]  [ \fB-U username\fR ]  [ \fB-P prefix\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-l logfile\fR ]  [ \fB-L libdir\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBsmbsh\fR allows you to access an NT filesystem 
+using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a 
+shell that is dynamically linked in order for \fBsmbsh\fR 
+to work correctly.
+.SH "OPTIONS"
+.TP
+\fB-W WORKGROUP\fR
+Override the default workgroup specified in the 
+workgroup parameter of the \fIsmb.conf\fR file 
+for this session. This may be needed to connect to some 
+servers. 
+.TP
+\fB-U username[%pass]\fR
+Sets the SMB username or username and password.
+If this option is not specified, the user will be prompted for 
+both the username and the password. If %pass is not specified, 
+the user will be prompted for the password.
+.TP
+\fB-P prefix\fR
+This option allows
+the user to set the directory prefix for SMB access. The 
+default value if this option is not specified is 
+\fBsmb\fR.
+.TP
+\fB-R <name resolve order>\fR
+This option is used to determine what naming 
+services and in what order to resolve 
+host names to IP addresses. The option takes a space-separated 
+string of different name resolution options.
+
+The options are :"lmhosts", "host", "wins" and "bcast". 
+They cause names to be resolved as follows :
+.RS
+.TP 0.2i
+\(bu
+lmhosts : 
+Lookup an IP address in the Samba lmhosts file. If the 
+line in lmhosts has no name type attached to the 
+NetBIOS name 
+(see the lmhosts(5)
+for details) then any name type matches for lookup.
+.TP 0.2i
+\(bu
+host : 
+Do a standard host name to IP address resolution, using
+the system \fI/etc/hosts\fR, NIS, or DNS
+lookups. This method of name resolution is operating 
+system dependent, for instance on IRIX or Solaris this 
+may be controlled by the \fI/etc/nsswitch.conf
+\fRfile). Note that this method is only used 
+if the NetBIOS name type being queried is the 0x20 
+(server) name type, otherwise it is ignored.
+.TP 0.2i
+\(bu
+wins : 
+Query a name with the IP address listed in the 
+\fIwins server\fR parameter. If no 
+WINS server has been specified this method will be 
+ignored.
+.TP 0.2i
+\(bu
+bcast : 
+Do a broadcast on each of the known local interfaces 
+listed in the \fIinterfaces\fR
+parameter. This is the least reliable of the name 
+resolution methods as it depends on the target host 
+being on a locally connected subnet.
+.RE
+.PP
+If this parameter is not set then the name resolve order 
+defined in the \fIsmb.conf\fR file parameter 
+(name resolve order) will be used. 
+.PP
+.PP
+The default order is lmhosts, host, wins, bcast. Without 
+this parameter or any entry in the \fIname resolve order
+\fRparameter of the \fIsmb.conf\fR 
+file, the name resolution methods will be attempted in this 
+order. 
+.PP
+.TP
+\fB-d <debug level>\fR
+debug level is an integer from 0 to 10.
+
+The default value if this parameter is not specified
+is zero.
+
+The higher this value, the more detail will be logged
+about the activities of \fBnmblookup\fR. At level
+0, only critical errors and serious warnings will be logged.
+.TP
+\fB-l logfilename\fR
+If specified causes all debug messages to be
+written to the file specified by \fIlogfilename
+\fR\&. If not specified then all messages will be 
+written to\fIstderr\fR.
+.TP
+\fB-L libdir\fR
+This parameter specifies the location of the 
+shared libraries used by \fBsmbsh\fR. The default
+value is specified at compile time.
+.SH "EXAMPLES"
+.PP
+To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password 
+that authenticates you to the machine running the Windows NT 
+operating system.
+.PP
+.sp
+.nf
+	system% \fBsmbsh\fR
+	Username: \fBuser\fR
+	Password: \fBXXXXXXX\fR
+	
+.sp
+.fi
+.PP
+Any dynamically linked command you execute from 
+this shell will access the \fI/smb\fR directory 
+using the smb protocol. For example, the command \fBls /smb
+\fRwill show a list of workgroups. The command 
+\fBls /smb/MYGROUP \fR will show all the machines in 
+the workgroup MYGROUP. The command 
+\fBls /smb/MYGROUP/<machine-name>\fR will show the share 
+names for that machine. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to 
+edit files, and \fBrcp\fR to copy files.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "BUGS"
+.PP
+\fBsmbsh\fR works by intercepting the standard 
+libc calls with the dynamically loaded versions in \fI smbwrapper.o\fR. Not all calls have been "wrapped", so 
+some programs may not function correctly under \fBsmbsh
+\fR\&.
+.PP
+Programs which are not dynamically linked cannot make 
+use of \fBsmbsh\fR's functionality. Most versions 
+of UNIX have a \fBfile\fR command that will 
+describe how a program was linked.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR 
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
new file mode 100755
index 00000000000..f780874b309
--- /dev/null
+++ b/docs/manpages/smbspool.8
@@ -0,0 +1,102 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBSPOOL" "8" "19 November 2002" "" ""
+.SH NAME
+smbspool \- send print file to an SMB printer
+.SH SYNOPSIS
+.sp
+\fBsmbspool\fR [ \fBjob\fR ]  [ \fBuser\fR ]  [ \fBtitle\fR ]  [ \fBcopies\fR ]  [ \fBoptions\fR ]  [ \fBfilename\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+smbspool is a very small print spooling program that 
+sends a print file to an SMB printer. The command-line arguments 
+are position-dependent for compatibility with the Common UNIX 
+Printing System, but you can use smbspool with any printing system 
+or from a program or script.
+.PP
+\fBDEVICE URI\fR
+.PP
+smbspool specifies the destination using a Uniform Resource 
+Identifier ("URI") with a method of "smb". This string can take 
+a number of forms:
+.TP 0.2i
+\(bu
+smb://server/printer
+.TP 0.2i
+\(bu
+smb://workgroup/server/printer
+.TP 0.2i
+\(bu
+smb://username:password@server/printer
+.TP 0.2i
+\(bu
+smb://username:password@workgroup/server/printer
+.PP
+smbspool tries to get the URI from argv[0]. If argv[0] 
+contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable.
+.PP
+.PP
+Programs using the \fBexec(2)\fR functions can 
+pass the URI in argv[0], while shell scripts must set the 
+\fBDEVICE_URI\fR environment variable prior to
+running smbspool.
+.PP
+.SH "OPTIONS"
+.TP 0.2i
+\(bu
+The job argument (argv[1]) contains the 
+job ID number and is presently not used by smbspool.
+.TP 0.2i
+\(bu
+The user argument (argv[2]) contains the 
+print user's name and is presently not used by smbspool.
+.TP 0.2i
+\(bu
+The title argument (argv[3]) contains the 
+job title string and is passed as the remote file name 
+when sending the print job.
+.TP 0.2i
+\(bu
+The copies argument (argv[4]) contains 
+the number of copies to be printed of the named file. If 
+no filename is provided than this argument is not used by 
+smbspool.
+.TP 0.2i
+\(bu
+The options argument (argv[5]) contains 
+the print options in a single string and is presently 
+not used by smbspool.
+.TP 0.2i
+\(bu
+The filename argument (argv[6]) contains the 
+name of the file to print. If this argument is not specified 
+then the print file is read from the standard input.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR 
+and samba(7)
+.SH "AUTHOR"
+.PP
+\fBsmbspool\fR was written by Michael Sweet 
+at Easy Software Products.
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
new file mode 100755
index 00000000000..95356684915
--- /dev/null
+++ b/docs/manpages/smbstatus.1
@@ -0,0 +1,70 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBSTATUS" "1" "19 November 2002" "" ""
+.SH NAME
+smbstatus \- report on current Samba connections
+.SH SYNOPSIS
+.sp
+\fBsmbstatus\fR [ \fB-P\fR ]  [ \fB-b\fR ]  [ \fB-d\fR ]  [ \fB-L\fR ]  [ \fB-p\fR ]  [ \fB-S\fR ]  [ \fB-s <configuration file>\fR ]  [ \fB-u <username>\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBsmbstatus\fR is a very simple program to 
+list the current Samba connections.
+.SH "OPTIONS"
+.TP
+\fB-P\fR
+If samba has been compiled with the 
+profiling option, print only the contents of the profiling 
+shared memory area.
+.TP
+\fB-b\fR
+gives brief output.
+.TP
+\fB-d\fR
+gives verbose output.
+.TP
+\fB-L\fR
+causes smbstatus to only list locks.
+.TP
+\fB-p\fR
+print a list of  \fBsmbd(8)\fR processes and exit. 
+Useful for scripting.
+.TP
+\fB-S\fR
+causes smbstatus to only list shares.
+.TP
+\fB-s <configuration file>\fR
+The default configuration file name is
+determined at compile time. The file specified contains the
+configuration details required by the server. See \fIsmb.conf(5)\fR
+ for more information.
+.TP
+\fB-u <username>\fR
+selects information relevant to 
+\fIusername\fR only.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR and
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
new file mode 100755
index 00000000000..dd555895b84
--- /dev/null
+++ b/docs/manpages/smbtar.1
@@ -0,0 +1,120 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBTAR" "1" "19 November 2002" "" ""
+.SH NAME
+smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape drives
+.SH SYNOPSIS
+.sp
+\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ]  [ \fB-x services\fR ]  [ \fB-X\fR ]  [ \fB-d directory\fR ]  [ \fB-u user\fR ]  [ \fB-t tape\fR ]  [ \fB-t tape\fR ]  [ \fB-b blocksize\fR ]  [ \fB-N filename\fR ]  [ \fB-i\fR ]  [ \fB-r\fR ]  [ \fB-l loglevel\fR ]  [ \fB-v\fR ]  \fBfilenames\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBsmbtar\fR is a very small shell script on top 
+of \fBsmbclient(1)\fR 
+which dumps SMB shares directly to tape. 
+.SH "OPTIONS"
+.TP
+\fB-s server\fR
+The SMB/CIFS server that the share resides 
+upon.
+.TP
+\fB-x service\fR
+The share name on the server to connect to. 
+The default is "backup".
+.TP
+\fB-X\fR
+Exclude mode. Exclude filenames... from tar 
+create or restore. 
+.TP
+\fB-d directory\fR
+Change to initial \fIdirectory
+\fRbefore restoring / backing up files. 
+.TP
+\fB-v\fR
+Verbose mode.
+.TP
+\fB-p password\fR
+The password to use to access a share. 
+Default: none 
+.TP
+\fB-u user\fR
+The user id to connect as. Default: 
+UNIX login name. 
+.TP
+\fB-t tape\fR
+Tape device. May be regular file or tape 
+device. Default: \fI$TAPE\fR environmental 
+variable; if not set, a file called \fItar.out
+\fR\&. 
+.TP
+\fB-b blocksize\fR
+Blocking factor. Defaults to 20. See
+\fBtar(1)\fR for a fuller explanation. 
+.TP
+\fB-N filename\fR
+Backup only files newer than filename. Could 
+be used (for example) on a log file to implement incremental
+backups. 
+.TP
+\fB-i\fR
+Incremental mode; tar files are only backed 
+up if they have the archive bit set. The archive bit is reset 
+after each file is read. 
+.TP
+\fB-r\fR
+Restore. Files are restored to the share 
+from the tar file. 
+.TP
+\fB-l log level\fR
+Log (debug) level. Corresponds to the 
+\fI-d\fR flag of \fBsmbclient(1)
+\fR\&. 
+.SH "ENVIRONMENT VARIABLES"
+.PP
+The \fI$TAPE\fR variable specifies the 
+default tape device to write to. May be overridden
+with the -t option. 
+.SH "BUGS"
+.PP
+The \fBsmbtar\fR script has different 
+options from ordinary tar and tar called from smbclient. 
+.SH "CAVEATS"
+.PP
+Sites that are more careful about security may not like 
+the way the script handles PC passwords. Backup and restore work 
+on entire shares, should work on file lists. smbtar works best
+with GNU tar and may not work well with other versions. 
+.SH "DIAGNOSTICS"
+.PP
+See the \fBDIAGNOSTICS\fR section for the 
+\fBsmbclient(1)\fR 
+ command.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR 
+\fBsmbclient(1)\fR 
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+Ricky Poulten <URL:mailto:poultenr@logica.co.uk> 
+wrote the tar extension and this man page. The \fBsmbtar\fR 
+script was heavily rewritten and improved by Martin Kraemer <URL:mailto:Martin.Kraemer@mch.sni.de>. Many 
+thanks to everyone who suggested extensions, improvements, bug 
+fixes, etc. The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter.
diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8
new file mode 100755
index 00000000000..23e70e88259
--- /dev/null
+++ b/docs/manpages/smbumount.8
@@ -0,0 +1,42 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBUMOUNT" "8" "19 November 2002" "" ""
+.SH NAME
+smbumount \- smbfs umount for normal users
+.SH SYNOPSIS
+.sp
+\fBsmbumount\fR \fBmount-point\fR
+.SH "DESCRIPTION"
+.PP
+With this program, normal users can unmount smb-filesystems, 
+provided that it is suid root. \fBsmbumount\fR has 
+been written to give normal Linux users more control over their 
+resources. It is safe to install this program suid root, because only 
+the user who has mounted a filesystem is allowed to unmount it again. 
+For root it is not necessary to use smbumount. The normal umount 
+program works perfectly well, but it would certainly be problematic 
+to make umount setuid root.
+.SH "OPTIONS"
+.TP
+\fBmount-point\fR
+The directory to unmount.
+.SH "SEE ALSO"
+.PP
+\fBsmbmount(8)\fR
+
+.SH "AUTHOR"
+.PP
+Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+and others.
+.PP
+The current maintainer of smbfs and the userspace
+tools \fBsmbmount\fR, \fBsmbumount\fR,
+and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
+The SAMBA Mailing list <URL:mailto:samba@samba.org>
+is the preferred place to ask questions regarding these programs.
+.PP
+The conversion of this manpage for Samba 2.2 was performed 
+by Gerald Carter
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
new file mode 100755
index 00000000000..964ca3882b2
--- /dev/null
+++ b/docs/manpages/swat.8
@@ -0,0 +1,182 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SWAT" "8" "19 November 2002" "" ""
+.SH NAME
+swat \- Samba Web Administration Tool
+.SH SYNOPSIS
+.sp
+\fBswat\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBswat\fR allows a Samba administrator to 
+configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, 
+a \fBswat\fR configuration page has help links 
+to all the configurable options in the \fIsmb.conf\fR file allowing an 
+administrator to easily look up the effects of any change. 
+.PP
+\fBswat\fR is run from \fBinetd\fR 
+.SH "OPTIONS"
+.TP
+\fB-s smb configuration file\fR
+The default configuration file path is 
+determined at compile time. The file specified contains 
+the configuration details required by the \fBsmbd
+\fRserver. This is the file that \fBswat\fR will modify. 
+The information in this file includes server-specific 
+information such as what printcap file to use, as well as 
+descriptions of all the services that the server is to provide.
+See \fIsmb.conf\fR for more information. 
+.TP
+\fB-a\fR
+This option disables authentication and puts 
+\fBswat\fR in demo mode. In that mode anyone will be able to modify 
+the \fIsmb.conf\fR file. 
+
+\fBDo NOT enable this option on a production 
+server. \fR
+.SH "INSTALLATION"
+.PP
+After you compile SWAT you need to run \fBmake install
+\fRto install the \fBswat\fR binary
+and the various help files and images. A default install would put 
+these in: 
+.TP 0.2i
+\(bu
+/usr/local/samba/bin/swat
+.TP 0.2i
+\(bu
+/usr/local/samba/swat/images/*
+.TP 0.2i
+\(bu
+/usr/local/samba/swat/help/*
+.SS "INETD INSTALLATION"
+.PP
+You need to edit your \fI/etc/inetd.conf
+\fRand \fI/etc/services\fR
+to enable SWAT to be launched via \fBinetd\fR.
+.PP
+In \fI/etc/services\fR you need to 
+add a line like this: 
+.PP
+\fBswat 901/tcp\fR
+.PP
+Note for NIS/YP users - you may need to rebuild the 
+NIS service maps rather than alter your local \fI /etc/services\fR file. 
+.PP
+the choice of port number isn't really important 
+except that it should be less than 1024 and not currently 
+used (using a number above 1024 presents an obscure security 
+hole depending on the implementation details of your 
+\fBinetd\fR daemon). 
+.PP
+In \fI/etc/inetd.conf\fR you should 
+add a line like this: 
+.PP
+\fBswat stream tcp nowait.400 root
+/usr/local/samba/bin/swat swat\fR
+.PP
+One you have edited \fI/etc/services\fR 
+and \fI/etc/inetd.conf\fR you need to send a 
+HUP signal to inetd. To do this use \fBkill -1 PID
+\fRwhere PID is the process ID of the inetd daemon. 
+.SS "XINETD INSTALLATION"
+.PP
+Newer Linux systems ship with a more secure implementation
+of the inetd meta-daemon. The \fBxinetd\fR daemon
+can read configuration inf9ormation from a single file (i.e.
+\fI/etc/xinetd.conf\fR) or from a collection
+of service control files in the \fIxinetd.d/\fR directory.
+These directions assume the latter configuration.
+.PP
+The following file should be created as \fI/etc/xientd.d/swat\fR.
+It is then be neccessary cause the meta-daemon to reload its configuration files.
+Refer to the xinetd man page for details on how to accomplish this.
+.PP
+.sp
+.nf
+## /etc/xinetd.d/swat
+service swat
+{
+        port    = 901
+        socket_type     = stream
+        wait    = no
+        only_from = localhost
+        user    = root
+        server  = /usr/local/samba/bin/swat
+        log_on_failure  += USERID
+        disable =  No
+}
+.sp
+.fi
+.SS "LAUNCHING"
+.PP
+To launch SWAT just run your favorite web browser and 
+point it at "http://localhost:901/".
+.PP
+Note that you can attach to SWAT from any IP connected 
+machine but connecting from a remote machine leaves your 
+connection open to password sniffing as passwords will be sent 
+in the clear over the wire. 
+.SH "TROUBLESHOOTING"
+.PP
+One of the common causes of difficulty when installing Samba and SWAT
+is the existsnece of some type of firewall or port filtering software 
+on the Samba server. Make sure that the appropriate ports
+outlined in this man page are available on the server and are not currently 
+being blocked by some type of security software such as iptables or 
+"port sentry". For more troubleshooting information, refer to the additional 
+documentation included in the Samba distribution.
+.SH "FILES"
+.TP
+\fB\fI/etc/inetd.conf\fB\fR
+This file must contain suitable startup 
+information for the meta-daemon.
+.TP
+\fB\fI/etc/xinetd.d/swat\fB\fR
+This file must contain suitable startup 
+information for the \fBxinetd\fR meta-daemon.
+.TP
+\fB\fI/etc/services\fB\fR
+This file must contain a mapping of service name 
+(e.g., swat) to service port (e.g., 901) and protocol type 
+(e.g., tcp). 
+.TP
+\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+This is the default location of the \fIsmb.conf(5)
+\fRserver configuration file that swat edits. Other 
+common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf
+\fR\&. This file describes all the services the server 
+is to make available to clients. 
+.SH "WARNINGS"
+.PP
+\fBswat\fR will rewrite your \fIsmb.conf
+\fRfile. It will rearrange the entries and delete all 
+comments, \fIinclude=\fR and \fIcopy="
+\fRoptions. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBinetd(5)\fR,
+\fBsmbd(8)\fR 
+smb.conf(5) \fBxinetd(8)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1
new file mode 100755
index 00000000000..d53a6451d7b
--- /dev/null
+++ b/docs/manpages/testparm.1
@@ -0,0 +1,103 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "TESTPARM" "1" "19 November 2002" "" ""
+.SH NAME
+testparm \- check an smb.conf configuration file for  internal correctness
+.SH SYNOPSIS
+.sp
+\fBtestparm\fR [ \fB-s\fR ]  [ \fB-h\fR ]  [ \fB-x\fR ]  [ \fB-L <servername>\fR ]  \fBconfig filename\fR [ \fBhostname hostIP\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBtestparm\fR is a very simple test program 
+to check an \fBsmbd\fR configuration file for 
+internal correctness. If this program reports no problems, you 
+can use the configuration file with confidence that \fBsmbd
+\fRwill successfully load the configuration file.
+.PP
+Note that this is \fBNOT\fR a guarantee that 
+the services specified in the configuration file will be 
+available or will operate as expected. 
+.PP
+If the optional host name and host IP address are 
+specified on the command line, this test program will run through 
+the service entries reporting whether the specified host
+has access to each service. 
+.PP
+If \fBtestparm\fR finds an error in the \fI smb.conf\fR file it returns an exit code of 1 to the calling 
+program, else it returns an exit code of 0. This allows shell scripts 
+to test the output from \fBtestparm\fR.
+.SH "OPTIONS"
+.TP
+\fB-s\fR
+Without this option, \fBtestparm\fR 
+will prompt for a carriage return after printing the service 
+names and before dumping the service definitions.
+.TP
+\fB-h\fR
+Print usage message 
+.TP
+\fB-x\fR
+Print only parameters that have non-default values
+.TP
+\fB-L servername\fR
+Sets the value of the %L macro to \fIservername\fR.
+This is useful for testing include files specified with the 
+%L macro. 
+.TP
+\fBconfigfilename\fR
+This is the name of the configuration file 
+to check. If this parameter is not present then the 
+default \fIsmb.conf\fR file will be checked. 
+.TP
+\fBhostname\fR
+If this parameter and the following are 
+specified, then \fBtestparm\fR will examine the \fIhosts
+allow\fR and \fIhosts deny\fR 
+parameters in the \fIsmb.conf\fR file to 
+determine if the hostname with this IP address would be
+allowed access to the \fBsmbd\fR server. If 
+this parameter is supplied, the hostIP parameter must also
+be supplied.
+.TP
+\fBhostIP\fR
+This is the IP address of the host specified 
+in the previous parameter. This address must be supplied 
+if the hostname parameter is supplied. 
+.SH "FILES"
+.TP
+\fB\fIsmb.conf\fB\fR
+This is usually the name of the configuration 
+file used by \fBsmbd\fR. 
+.SH "DIAGNOSTICS"
+.PP
+The program will issue a message saying whether the 
+configuration file loaded OK or not. This message may be preceded by 
+errors and warnings if the file did not load. If the file was 
+loaded OK, the program then dumps all known service details 
+to stdout. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fIsmb.conf(5)\fR 
+\fBsmbd(8)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1
new file mode 100755
index 00000000000..6e2fb3390d9
--- /dev/null
+++ b/docs/manpages/testprns.1
@@ -0,0 +1,90 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "TESTPRNS" "1" "19 November 2002" "" ""
+.SH NAME
+testprns \- check printer name for validity with smbd
+.SH SYNOPSIS
+.sp
+\fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+\fBtestprns\fR is a very simple test program 
+to determine whether a given printer name is valid for use in 
+a service to be provided by \fB smbd(8)\fR 
+.PP
+"Valid" in this context means "can be found in the 
+printcap specified". This program is very stupid - so stupid in 
+fact that it would be wisest to always specify the printcap file 
+to use. 
+.SH "OPTIONS"
+.TP
+\fBprintername\fR
+The printer name to validate.
+
+Printer names are taken from the first field in each 
+record in the printcap file, single printer names and sets 
+of aliases separated by vertical bars ("|") are recognized. 
+Note that no validation or checking of the printcap syntax is 
+done beyond that required to extract the printer name. It may
+be that the print spooling system is more forgiving or less 
+forgiving than \fBtestprns\fR. However, if 
+\fBtestprns\fR finds the printer then 
+\fBsmbd\fR should do so as well. 
+.TP
+\fBprintcapname\fR
+This is the name of the printcap file within
+which to search for the given printer name. 
+
+If no printcap name is specified \fBtestprns
+\fRwill attempt to scan the printcap file name 
+specified at compile time. 
+.SH "FILES"
+.TP
+\fB\fI/etc/printcap\fB\fR
+This is usually the default printcap 
+file to scan. See \fIprintcap (5)\fR. 
+.SH "DIAGNOSTICS"
+.PP
+If a printer is found to be valid, the message 
+"Printer name <printername> is valid" will be 
+displayed. 
+.PP
+If a printer is found to be invalid, the message
+"Printer name <printername> is not valid" will be 
+displayed. 
+.PP
+All messages that would normally be logged during
+operation of the Samba daemons are logged by this program to the 
+file \fItest.log\fR in the current directory. The
+program runs at debuglevel 3, so quite extensive logging 
+information is written. The log should be checked carefully 
+for errors and warnings. 
+.PP
+Other messages are self-explanatory. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fIprintcap(5)\fR, 
+\fBsmbd(8)\fR 
+\fBsmbclient(1)\fR
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
new file mode 100755
index 00000000000..b4c6ed9be4d
--- /dev/null
+++ b/docs/manpages/wbinfo.1
@@ -0,0 +1,138 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WBINFO" "1" "19 November 2002" "" ""
+.SH NAME
+wbinfo \- Query information from winbind daemon
+.SH SYNOPSIS
+.sp
+\fBwbinfo\fR [ \fB-u\fR ]  [ \fB-g\fR ]  [ \fB-h name\fR ]  [ \fB-i ip\fR ]  [ \fB-n name\fR ]  [ \fB-s sid\fR ]  [ \fB-U uid\fR ]  [ \fB-G gid\fR ]  [ \fB-S sid\fR ]  [ \fB-Y sid\fR ]  [ \fB-t\fR ]  [ \fB-m\fR ]  [ \fB-r user\fR ]  [ \fB-a user%password\fR ]  [ \fB-A user%password\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba suite.
+.PP
+The \fBwbinfo\fR program queries and returns information 
+created and used by the \fB winbindd(8)\fR daemon. 
+.PP
+The \fBwinbindd(8)\fR daemon must be configured 
+and running for the \fBwbinfo\fR program to be able 
+to return information.
+.SH "OPTIONS"
+.TP
+\fB-u\fR
+This option will list all users available 
+in the Windows NT domain for which the \fBwinbindd(8)
+\fRdaemon is operating in. Users in all trusted domains 
+will also be listed. Note that this operation does not assign 
+user ids to any users that have not already been seen by 
+\fBwinbindd(8)\fR.
+.TP
+\fB-g\fR
+This option will list all groups available 
+in the Windows NT domain for which the \fBwinbindd(8)
+\fRdaemon is operating in. Groups in all trusted domains
+will also be listed. Note that this operation does not assign 
+group ids to any groups that have not already been seen by
+\fBwinbindd(8)\fR. 
+.TP
+\fB-h name\fR
+The \fI-h\fR option 
+queries \fBwinbindd(8)\fR to query the WINS
+server for the IP address associated with the NetBIOS name
+specified by the \fIname\fR parameter.
+.TP
+\fB-i ip\fR
+The \fI-i\fR option 
+queries \fBwinbindd(8)\fR to send a node status
+request to get the NetBIOS name associated with the IP address
+specified by the \fIip\fR parameter.
+.TP
+\fB-n name\fR
+The \fI-n\fR option 
+queries \fBwinbindd(8)\fR for the SID 
+associated with the name specified. Domain names can be specified 
+before the user name by using the winbind separator character. 
+For example CWDOM1/Administrator refers to the Administrator
+user in the domain CWDOM1. If no domain is specified then the 
+domain used is the one specified in the \fIsmb.conf\fR
+\fIworkgroup\fR parameter. 
+.TP
+\fB-s sid\fR
+Use \fI-s\fR to resolve
+a SID to a name. This is the inverse of the \fI-n
+\fRoption above. SIDs must be specified as ASCII strings 
+in the traditional Microsoft format. For example,
+S-1-5-21-1455342024-3071081365-2475485837-500. 
+.TP
+\fB-U uid\fR
+Try to convert a UNIX user id to a Windows NT 
+SID. If the uid specified does not refer to one within
+the winbind uid range then the operation will fail. 
+.TP
+\fB-G gid\fR
+Try to convert a UNIX group id to a Windows 
+NT SID. If the gid specified does not refer to one within 
+the winbind gid range then the operation will fail. 
+.TP
+\fB-S sid\fR
+Convert a SID to a UNIX user id. If the SID 
+does not correspond to a UNIX user mapped by \fB winbindd(8)\fR then the operation will fail. 
+.TP
+\fB-Y sid\fR
+Convert a SID to a UNIX group id. If the SID 
+does not correspond to a UNIX group mapped by \fB winbindd(8)\fR then the operation will fail. 
+.TP
+\fB-t\fR
+Verify that the workstation trust account 
+created when the Samba server is added to the Windows NT
+domain is working. 
+.TP
+\fB-m\fR
+Produce a list of domains trusted by the 
+Windows NT server \fBwinbindd(8)\fR contacts 
+when resolving names. This list does not include the Windows 
+NT domain the server is a Primary Domain Controller for.
+.TP
+\fB-r username\fR
+Try to obtain the list of UNIX group ids
+to which the user belongs. This only works for users
+defined on a Domain Controller.
+.TP
+\fB-a username%password\fR
+Attempt to authenticate a user via winbindd. 
+This checks both authenticaion methods and reports its results.
+.TP
+\fB-A username%password\fR
+Store username and password used by winbindd 
+during session setup to a domain controller. This enables
+winbindd to operate in a Windows 2000 domain with Restrict
+Anonymous turned on (a.k.a. Permissions compatiable with
+Windows 2000 servers only).
+.SH "EXIT STATUS"
+.PP
+The wbinfo program returns 0 if the operation 
+succeeded, or 1 if the operation failed. If the \fBwinbindd(8)
+\fRdaemon is not working \fBwbinfo\fR will always return 
+failure. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBwinbindd(8)\fR
+
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+\fBwbinfo\fR and \fBwinbindd\fR
+were written by Tim Potter.
+.PP
+The conversion to DocBook for Samba 2.2 was done 
+by Gerald Carter
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
new file mode 100755
index 00000000000..e1ce2baebb5
--- /dev/null
+++ b/docs/manpages/winbindd.8
@@ -0,0 +1,393 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WINBINDD" "8" "19 November 2002" "" ""
+.SH NAME
+winbindd \- Name Service Switch daemon for resolving names  from NT servers
+.SH SYNOPSIS
+.sp
+\fBwinbindd\fR [ \fB-i\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ] 
+.SH "DESCRIPTION"
+.PP
+This program is part of the  Samba suite.
+.PP
+\fBwinbindd\fR is a daemon that provides 
+a service for the Name Service Switch capability that is present 
+in most modern C libraries. The Name Service Switch allows user 
+and system information to be obtained from different databases 
+services such as NIS or DNS. The exact behaviour can be configured 
+throught the \fI/etc/nsswitch.conf\fR file. 
+Users and groups are allocated as they are resolved to a range 
+of user and group ids specified by the administrator of the 
+Samba system.
+.PP
+The service provided by \fBwinbindd\fR is called `winbind' and 
+can be used to resolve user and group information from a 
+Windows NT server. The service can also provide authentication
+services via an associated PAM module. 
+.PP
+The \fIpam_winbind\fR module in the 2.2.2 release only 
+supports the \fIauth\fR and \fIaccount\fR 
+module-types. The latter is simply
+performs a getpwnam() to verify that the system can obtain a uid for the
+user. If the \fIlibnss_winbind\fR library has been correctly 
+installed, this should always suceed.
+.PP
+The following nsswitch databases are implemented by 
+the winbindd service: 
+.TP
+\fBhosts\fR
+User information traditionally stored in 
+the \fIhosts(5)\fR file and used by 
+\fBgethostbyname(3)\fR functions. Names are
+resolved through the WINS server or by broadcast.
+.TP
+\fBpasswd\fR
+User information traditionally stored in 
+the \fIpasswd(5)\fR file and used by 
+\fBgetpwent(3)\fR functions. 
+.TP
+\fBgroup\fR
+Group information traditionally stored in 
+the \fIgroup(5)\fR file and used by 
+\fBgetgrent(3)\fR functions. 
+.PP
+For example, the following simple configuration in the
+\fI/etc/nsswitch.conf\fR file can be used to initially 
+resolve user and group information from \fI/etc/passwd
+\fRand \fI/etc/group\fR and then from the 
+Windows NT server. 
+.PP
+.PP
+.sp
+.nf
+passwd:         files winbind
+group:          files winbind
+	
+.sp
+.fi
+.PP
+.PP
+The following simple configuration in the
+\fI/etc/nsswitch.conf\fR file can be used to initially
+resolve hostnames from \fI/etc/hosts\fR and then from the
+WINS server.
+.PP
+.SH "OPTIONS"
+.TP
+\fB-d debuglevel\fR
+Sets the debuglevel to an integer between 
+0 and 100. 0 is for no debugging and 100 is for reams and 
+reams. To submit a bug report to the Samba Team, use debug 
+level 100 (see BUGS.txt). 
+.TP
+\fB-i\fR
+Tells \fBwinbindd\fR to not 
+become a daemon and detach from the current terminal. This 
+option is used by developers when interactive debugging 
+of \fBwinbindd\fR is required. 
+.SH "NAME AND ID RESOLUTION"
+.PP
+Users and groups on a Windows NT server are assigned 
+a relative id (rid) which is unique for the domain when the 
+user or group is created. To convert the Windows NT user or group 
+into a unix user or group, a mapping between rids and unix user 
+and group ids is required. This is one of the jobs that \fB winbindd\fR performs. 
+.PP
+As winbindd users and groups are resolved from a server, user 
+and group ids are allocated from a specified range. This
+is done on a first come, first served basis, although all existing 
+users and groups will be mapped as soon as a client performs a user 
+or group enumeration command. The allocated unix ids are stored 
+in a database file under the Samba lock directory and will be 
+remembered. 
+.PP
+WARNING: The rid to unix id database is the only location 
+where the user and group mappings are stored by winbindd. If this 
+file is deleted or corrupted, there is no way for winbindd to 
+determine which user and group ids correspond to Windows NT user 
+and group rids. 
+.SH "CONFIGURATION"
+.PP
+Configuration of the \fBwinbindd\fR daemon 
+is done through configuration parameters in the \fIsmb.conf(5)
+\fRfile. All parameters should be specified in the 
+[global] section of smb.conf. 
+.TP
+\fBwinbind separator\fR
+The winbind separator option allows you 
+to specify how NT domain names and user names are combined 
+into unix user names when presented to users. By default, 
+\fBwinbindd\fR will use the traditional '\\' 
+separator so that the unix user names look like 
+DOMAIN\\username. In some cases this separator character may 
+cause problems as the '\\' character has special meaning in 
+unix shells. In that case you can use the winbind separator 
+option to specify an alternative separator character. Good 
+alternatives may be '/' (although that conflicts
+with the unix directory separator) or a '+ 'character. 
+The '+' character appears to be the best choice for 100% 
+compatibility with existing unix utilities, but may be an 
+aesthetically bad choice depending on your taste. 
+
+Default: \fBwinbind separator = \\ \fR
+
+Example: \fBwinbind separator = + \fR
+.TP
+\fBwinbind uid\fR
+The winbind uid parameter specifies the 
+range of user ids that are allocated by the winbindd daemon. 
+This range of ids should have no existing local or NIS users 
+within it as strange conflicts can occur otherwise. 
+
+Default: \fBwinbind uid = <empty string> 
+\fR
+Example: \fBwinbind uid = 10000-20000\fR
+.TP
+\fBwinbind gid\fR
+The winbind gid parameter specifies the 
+range of group ids that are allocated by the winbindd daemon. 
+This range of group ids should have no existing local or NIS 
+groups within it as strange conflicts can occur otherwise.
+
+Default: \fBwinbind gid = <empty string>
+\fR
+Example: \fBwinbind gid = 10000-20000
+\fR.TP
+\fBwinbind cache time\fR
+This parameter specifies the number of 
+seconds the winbindd daemon will cache user and group information 
+before querying a Windows NT server again. When a item in the 
+cache is older than this time winbindd will ask the domain 
+controller for the sequence number of the server's account database. 
+If the sequence number has not changed then the cached item is 
+marked as valid for a further \fIwinbind cache time
+\fRseconds. Otherwise the item is fetched from the 
+server. This means that as long as the account database is not 
+actively changing winbindd will only have to send one sequence 
+number query packet every \fIwinbind cache time
+\fRseconds. 
+
+Default: \fBwinbind cache time = 15\fR
+.TP
+\fBwinbind enum users\fR
+On large installations it may be necessary 
+to suppress the enumeration of users through the \fB setpwent()\fR, \fBgetpwent()\fR and 
+\fBendpwent()\fR group of system calls. If 
+the \fIwinbind enum users\fR parameter is false, 
+calls to the \fBgetpwent\fR system call will not 
+return any data. 
+
+\fBWarning:\fR Turning off user enumeration 
+may cause some programs to behave oddly. For example, the \fBfinger\fR 
+program relies on having access to the full user list when 
+searching for matching usernames. 
+
+Default: \fBwinbind enum users = yes \fR
+.TP
+\fBwinbind enum groups\fR
+On large installations it may be necessary 
+to suppress the enumeration of groups through the \fB setgrent()\fR, \fBgetgrent()\fR and 
+\fBendgrent()\fR group of system calls. If 
+the \fIwinbind enum groups\fR parameter is 
+false, calls to the \fBgetgrent()\fR system 
+call will not return any data. 
+
+\fBWarning:\fR Turning off group 
+enumeration may cause some programs to behave oddly. 
+
+Default: \fBwinbind enum groups = no \fR
+.TP
+\fBtemplate homedir\fR
+When filling out the user information 
+for a Windows NT user, the \fBwinbindd\fR daemon 
+uses this parameter to fill in the home directory for that user. 
+If the string \fI%D\fR is present it is 
+substituted with the user's Windows NT domain name. If the 
+string \fI%U\fR is present it is substituted
+with the user's Windows NT user name. 
+
+Default: \fBtemplate homedir = /home/%D/%U \fR
+.TP
+\fBtemplate shell\fR
+When filling out the user information for 
+a Windows NT user, the \fBwinbindd\fR daemon 
+uses this parameter to fill in the shell for that user. 
+
+Default: \fBtemplate shell = /bin/false \fR
+.SH "EXAMPLE SETUP"
+.PP
+To setup winbindd for user and group lookups plus 
+authentication from a domain controller use something like the 
+following setup. This was tested on a RedHat 6.2 Linux box. 
+.PP
+In \fI/etc/nsswitch.conf\fR put the 
+following:
+.PP
+.sp
+.nf
+passwd:     files winbind
+group:      files winbind
+	
+.sp
+.fi
+.PP
+In \fI/etc/pam.d/*\fR replace the 
+\fIauth\fR lines with something like this: 
+.PP
+.sp
+.nf
+auth       required	/lib/security/pam_securetty.so
+auth       required	/lib/security/pam_nologin.so
+auth       sufficient	/lib/security/pam_winbind.so
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+	
+.sp
+.fi
+.PP
+Note in particular the use of the \fIsufficient\fR 
+keyword and the \fIuse_first_pass\fR keyword. 
+.PP
+Now replace the account lines with this: 
+.PP
+\fBaccount required /lib/security/pam_winbind.so
+\fR.PP
+The next step is to join the domain. To do that use the 
+\fBsmbpasswd\fR program like this: 
+.PP
+\fBsmbpasswd -j DOMAIN -r PDC -U
+Administrator\fR
+.PP
+The username after the \fI-U\fR can be any
+Domain user that has administrator privileges on the machine.
+Substitute your domain name for "DOMAIN" and the name of your PDC
+for "PDC".
+.PP
+Next copy \fIlibnss_winbind.so\fR to 
+\fI/lib\fR and \fIpam_winbind.so\fR
+to \fI/lib/security\fR. A symbolic link needs to be
+made from \fI/lib/libnss_winbind.so\fR to
+\fI/lib/libnss_winbind.so.2\fR. If you are using an
+older version of glibc then the target of the link should be
+\fI/lib/libnss_winbind.so.1\fR.
+.PP
+Finally, setup a \fIsmb.conf\fR containing directives like the 
+following: 
+.PP
+.sp
+.nf
+[global]
+	winbind separator = +
+        winbind cache time = 10
+        template shell = /bin/bash
+        template homedir = /home/%D/%U
+        winbind uid = 10000-20000
+        winbind gid = 10000-20000
+        workgroup = DOMAIN
+        security = domain
+        password server = *
+	
+.sp
+.fi
+.PP
+Now start winbindd and you should find that your user and 
+group database is expanded to include your NT users and groups, 
+and that you can login to your unix box as a domain user, using 
+the DOMAIN+user syntax for the username. You may wish to use the 
+commands \fBgetent passwd\fR and \fBgetent group
+\fRto confirm the correct operation of winbindd.
+.SH "NOTES"
+.PP
+The following notes are useful when configuring and 
+running \fBwinbindd\fR: 
+.PP
+\fBnmbd\fR must be running on the local machine 
+for \fBwinbindd\fR to work. \fBwinbindd\fR
+queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between 
+servers, it must be sent a SIGHUP signal. 
+.PP
+Client processes resolving names through the \fBwinbindd\fR
+nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR. If this variable contains a comma separated
+list of Windows NT domain names, then winbindd will only resolve users
+and groups within those Windows NT domains. 
+.PP
+PAM is really easy to misconfigure. Make sure you know what 
+you are doing when modifying PAM configuration files. It is possible 
+to set up PAM such that you can no longer log into your system. 
+.PP
+If more than one UNIX machine is running \fBwinbindd\fR, 
+then in general the user and groups ids allocated by winbindd will not 
+be the same. The user and group ids will only be valid for the local 
+machine.
+.PP
+If the the Windows NT RID to UNIX user and group id mapping 
+file is damaged or destroyed then the mappings will be lost. 
+.SH "SIGNALS"
+.PP
+The following signals can be used to manipulate the 
+\fBwinbindd\fR daemon. 
+.TP
+\fBSIGHUP\fR
+Reload the \fIsmb.conf(5)\fR
+file and apply any parameter changes to the running 
+version of winbindd. This signal also clears any cached 
+user and group information. The list of other domains trusted 
+by winbindd is also reloaded. 
+.TP
+\fBSIGUSR1\fR
+The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind 
+log file including information about the number of user and 
+group ids allocated by \fBwinbindd\fR.
+
+Log files are stored in the filename specified by the 
+log file parameter.
+.SH "FILES"
+.TP
+\fB\fI/etc/nsswitch.conf(5)\fB\fR
+Name service switch configuration file.
+.TP
+\fB/tmp/.winbindd/pipe\fR
+The UNIX pipe over which clients communicate with 
+the \fBwinbindd\fR program. For security reasons, the 
+winbind client will only attempt to connect to the winbindd daemon 
+if both the \fI/tmp/.winbindd\fR directory
+and \fI/tmp/.winbindd/pipe\fR file are owned by 
+root. 
+.TP
+\fB/lib/libnss_winbind.so.X\fR
+Implementation of name service switch library.
+.TP
+\fB$LOCKDIR/winbindd_idmap.tdb\fR
+Storage for the Windows NT rid to UNIX user/group 
+id mapping. The lock directory is specified when Samba is initially 
+compiled using the \fI--with-lockdir\fR option.
+This directory is by default \fI/usr/local/samba/var/locks
+\fR\&. 
+.TP
+\fB$LOCKDIR/winbindd_cache.tdb\fR
+Storage for cached user and group information.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fInsswitch.conf(5)\fR,
+samba(7)
+wbinfo(1)
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+\fBwbinfo\fR and \fBwinbindd\fR
+were written by Tim Potter.
+.PP
+The conversion to DocBook for Samba 2.2 was done 
+by Gerald Carter
diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt
new file mode 100755
index 00000000000..55125b7bad5
--- /dev/null
+++ b/docs/textdocs/Application_Serving.txt
@@ -0,0 +1,59 @@
+!==
+!== Application_Serving.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributed:	January 7, 1997
+Updated:	March 24, 1998
+Contributor:	John H Terpstra <samba@samba.org>
+		Copyright (C) 1997 - John H Terpstra
+Status:		Current
+
+Subject: Using a Samba share as an administrative share for MS Office, etc.
+==============================================================================
+
+Problem:
+========
+Microsoft Office products can be installed as an administrative installation
+from which the application can either be run off the administratively installed
+product that resides on a shared resource, or from which that product can be
+installed onto workstation clients.
+
+The general mechanism for implementing an adminstrative installation involves
+running:
+	X:\setup /A, where X is the drive letter of either CDROM or floppy
+
+This installation process will NOT install the product for use per se, but
+rather results in unpacking of the compressed distribution files into a target
+shared folder. For this process you need write privilidge to the share and it
+is desirable to enable file locking and share mode operation during this
+process.
+
+Subsequent installation of MS Office from this share will FAIL unless certain
+precautions are taken. This failure will be caused by share mode operation
+which will prevent the MS Office installation process from re-opening various
+dynamic link library files and will cause sporadic file not found problems.
+
+Solution:
+=========
+1. As soon as the administrative installation (unpacking) has completed
+	set the following parameters on the share containing it:
+	[MSOP95]
+		path = /where_you_put_it
+		comment = Your comment
+		volume = "The_CD_ROM_Label"
+		read only = yes
+		available = yes
+		share modes = no
+		locking = no
+		browseable = yes
+		public = yes
+
+2. Now you are ready to run the setup program from the Microsoft Windows
+workstation as follows:-
+	\\"Server_Name"\MSOP95\msoffice\setup
+
+MS Office Sharing - Please note:
+================================
+
+Workgroup Templates should be stored on an ordinary writable or read-only share
+but USER templates MUST be stored on a writable share _OR_ on the users' local
+machine.
diff --git a/docs/textdocs/BROWSING-Config.txt b/docs/textdocs/BROWSING-Config.txt
new file mode 100755
index 00000000000..26f55dc4c38
--- /dev/null
+++ b/docs/textdocs/BROWSING-Config.txt
@@ -0,0 +1,218 @@
+!==
+!== BROWSING-Config.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Date:		July 5, 1998
+Contributor:	John H Terpstra <jht@samba.org>
+
+Subject:	Cross Subnet Browsing / Cross Workgroup Browsing
+===============================================================================
+
+OVERVIEW:
+=========
+
+This document should be read in conjunction with BROWSING.txt and may
+be taken as the fast track guide to implementing browsing across subnets
+and / or across workgroups (or domains). WINS is the best tool for resolution
+of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling
+except by way of name to address mapping.
+
+
+DISCUSSION:
+===========
+
+Firstly, all MS Windows networking is based on SMB (Server Message
+Block) based messaging. SMB messaging is implemented using NetBIOS. Samba
+implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can
+do likewise. NetBIOS based networking uses broadcast messaging to affect
+browse list management. When running NetBIOS over TCP/IP this uses UDP
+based messaging. UDP messages can be broadcast or unicast.
+
+Normally, only unicast UDP messaging can be forwarded by routers. The
+"remote announce" parameter to smb.conf helps to project browse announcements
+to remote network segments via unicast UDP. Similarly, the "remote browse sync"
+parameter of smb.conf implements browse list collation using unicast UDP.
+
+Secondly, in those networks where Samba is the only SMB server technology
+wherever possible nmbd should be configured on one (1) machine as the WINS
+server. This makes it easy to manage the browsing environment. If each network
+segment is configured with it's own Samba WINS server, then the only way to
+get cross segment browsing to work is by using the "remote announce" and
+the "remote browse sync" parameters to your smb.conf file.
+
+If only one WINS server is used then the use of the "remote announce" and the
+"remote browse sync" parameters should NOT be necessary.
+
+Samba WINS does not support MS-WINS replication. This means that when setting up
+Samba as a WINS server there must only be one nmbd configured as a WINS server
+on the network. Some sites have used multiple Samba WINS servers for redundancy
+(one server per subnet) and then used "remote browse sync" and "remote announce"
+to affect browse list collation across all segments. Note that this means
+clients will only resolve local names, and must be configured to use DNS to
+resolve names on other subnets in order to resolve the IP addresses of the
+servers they can see on other subnets. This setup is not recommended, but is
+mentioned as a practical consideration (ie: an 'if all else fails' scenario).
+
+Lastly, take note that browse lists are a collection of unreliable broadcast
+messages that are repeated at intervals of not more than 15 minutes. This means
+that it will take time to establish a browse list and it can take up to 45
+minutes to stabilise, particularly across network segments.
+
+
+A) Use of the "Remote Announce" parameter
+------------------------------------------
+The "remote announce" parameter of smb.conf can be used to forcibly ensure
+that all the NetBIOS names on a network get announced to a remote network.
+The syntax of the "remote announce" parameter is:
+
+	remote announce = a.b.c.d [e.f.g.h] ...
+_or_
+	remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...
+
+where:
+	a.b.c.d:	is either the LMB (Local Master Browser) IP address
+	e.f.g.h:	or the broadcst address of the remote network.
+			ie: the LMB is at 192.168.1.10, or the address
+			could be given as 192.168.1.255 where the netmask
+			is assumed to be 24 bits (255.255.255.0).
+			When the remote announcement is made to the broadcast
+			address of the remote network every host will receive
+			our announcements. This is noisy and therefore
+			undesirable but may be necessary if we do NOT know
+			the IP address of the remote LMB.
+
+	WORKGROUP:	is optional and can be either our own workgroup
+			or that of the remote network. If you use the
+			workgroup name of the remote network then our
+			NetBIOS machine names will end up looking like
+			they belong to that workgroup, this may cause
+			name resolution problems and should be avoided.
+
+
+B) Use of the "Remote Browse Sync" parameter
+--------------------------------------------
+
+The "remote browse sync" parameter of smb.conf is used to announce to
+another LMB that it must synchronise it's NetBIOS name list with our
+Samba LMB. It works ONLY if the Samba server that has this option is
+simultaneously the LMB on it's network segment.
+
+The syntax of the "remote browse  sync" parameter is:
+
+	remote browse sync = a.b.c.d
+
+where:
+	a.b.c.d:	is either the IP address of the remote LMB or else
+			is the network broadcast address of the remote segment.
+
+
+C) Use of WINS
+--------------
+
+Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
+recommended. Every NetBIOS machine registers it's name together with a
+name_type value for each of of several types of service it has available.
+eg: It registers it's name directly as a unique (the type 0x03) name.
+It also registers it's name if it is running the lanmanager compatible
+server service (used to make shares and printers available to other users)
+by registering the server (the type 0x20) name.
+
+All NetBIOS names are up to 15 characters in length. The name_type variable
+is added to the end of the name - thus creating a 16 character name. Any
+name that is shorter than 15 characters is padded with spaces to the 15th
+character. ie: All NetBIOS names are 16 characters long (including the
+name_type information).
+
+WINS can store these 16 character names as they get registered. A client
+that wants to log onto the network can ask the WINS server for a list
+of all names that have registered the NetLogon service name_type. This saves
+broadcast traffic and greatly expedites logon processing. Since broadcast
+name resolution can not be used across network segments this type of
+information can only be provided via WINS _or_ via statically configured
+"lmhosts" files that must reside on all clients in the absence of WINS.
+
+WINS also serves the purpose of forcing browse list synchronisation by all
+LMB's. LMB's must synchronise their browse list with the DMB (domain master
+browser) and WINS helps the LMB to identify it's DMB. By definition this
+will work only within a single workgroup. Note that the domain master browser
+has NOTHING to do with what is referred to as an MS Windows NT Domain. The
+later is a reference to a security environment while the DMB refers to the
+master controller for browse list information only.
+
+Use of WINS will work correctly only if EVERY client TCP/IP protocol stack
+has been configured to use the WINS server/s. Any client that has not been
+configured to use the WINS server will continue to use only broadcast based
+name registration so that WINS may NEVER get to know about it. In any case,
+machines that have not registered with a WINS server will fail name to address
+lookup attempts by other clients and will therefore cause workstation access
+errors.
+
+To configure Samba as a WINS server just add "wins support = yes" to the
+smb.conf file [globals] section.
+
+To configure Samba to register with a WINS server just add
+"wins server = a.b.c.d" to your smb.conf file [globals] section.
+
+DO NOT EVER use both "wins support = yes" together with "wins server = a.b.c.d"
+particularly not using it's own IP address.
+
+
+D) Do NOT use more than one (1) protocol on MS Windows machines
+---------------------------------------------------------------
+
+A very common cause of browsing problems results from installing more than
+one protocol on an MS Windows machine.
+
+Every NetBIOS machine take part in a process of electing the LMB (and DMB)
+every 15 minutes. A set of election criteria is used to determine the order
+of precidence for winning this election process. A machine running Samba or
+Windows NT will be biased so that the most suitable machine will predictably
+win and thus retain it's role.
+
+The election process is "fought out" so to speak over every NetBIOS network
+interface. In the case of a Windows 9x machine that has both TCP/IP and IPX
+installed and has NetBIOS enabled over both protocols the election will be
+decided over both protocols. As often happens, if the Windows 9x machine is
+the only one with both protocols then the LMB may be won on the NetBIOS
+interface over the IPX protocol. Samba will then lose the LMB role as Windows
+9x will insist it knows who the LMB is. Samba will then cease to function
+as an LMB and thus browse list operation on all TCP/IP only machines will
+fail.
+
+The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!
+
+
+E) Name Resolution Order
+========================
+
+Resolution of NetBIOS names to IP addresses can take place using a number
+of methods. The only ones that can provide NetBIOS name_type information
+are:
+	WINS:		the best tool!
+	LMHOSTS:	is static and hard to maintain.
+	Broadcast:	uses UDP and can not resolve names across
+			remote segments.
+
+Alternative means of name resolution includes:
+	/etc/hosts:	is static, hard to maintain, and lacks name_type info.
+	DNS:		is a good choice but lacks essential name_type info.
+
+Many sites want to restrict DNS lookups and want to avoid broadcast name
+resolution traffic. The "name resolve order" parameter is of great help here.
+The syntax of the "name resolve order" parameter is:
+
+	name resolve order = wins lmhosts bcast host
+_or_
+	name resolve order = wins lmhosts  	(eliminates bcast and host)
+
+the default is:
+	name  resolve order = host lmhost wins bcast
+
+where:
+	"host" refers the the native methods used by the Unix system
+	to implement the gethostbyname() function call. This is normally
+	controlled by:
+		/etc/host.conf
+		/etc/nsswitch.conf
+		/etc/resolv.conf
+
+===============================================================================
diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt
new file mode 100755
index 00000000000..af57e4d5c39
--- /dev/null
+++ b/docs/textdocs/BROWSING.txt
@@ -0,0 +1,562 @@
+!==
+!== BROWSING.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Author/s:	Many (Thanks to Luke, Jeremy, Andrew, etc.)
+Updated:	July 5, 1998
+Status:		Current - For VERY Advanced Users ONLY
+
+Summary: This describes how to configure Samba for improved browsing.
+=====================================================================
+
+OVERVIEW:
+=========
+
+SMB networking provides a mechanism by which clients can access a list
+of machines in a network, a so-called "browse list".  This list
+contains machines that are ready to offer file and/or print services
+to other machines within the network. Thus it does not include
+machines which aren't currently able to do server tasks.  The browse
+list is heavily used by all SMB clients.  Configuration of SMB
+browsing has been problematic for some Samba users, hence this
+document.
+
+Browsing will NOT work if name resolution from NetBIOS names to IP
+addresses does not function correctly. Use of a WINS server is highly
+recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
+WINS allows remote segment clients to obtain NetBIOS name_type information
+that can NOT be provided by any other means of name resolution.
+
+=====================================================================
+
+BROWSING
+========
+Samba now fully supports browsing.  The browsing is supported by nmbd
+and is also controlled by options in the smb.conf file (see smb.conf(5)).
+
+Samba can act as a local browse master for a workgroup and the ability
+for samba to support domain logons and scripts is now available.  See
+DOMAIN.txt for more information on domain logons.
+
+Samba can also act as a domain master browser for a workgroup.  This
+means that it will collate lists from local browse masters into a
+wide area network server list.  In order for browse clients to
+resolve the names they may find in this list, it is recommended that
+both samba and your clients use a WINS server.
+
+Note that you should NOT set Samba to be the domain master for a
+workgroup that has the same name as an NT Domain: on each wide area
+network, you must only ever have one domain master browser per workgroup,
+regardless of whether it is NT, Samba or any other type of domain master
+that is providing this service.
+
+[Note that nmbd can be configured as a WINS server, but it is not
+necessary to specifically use samba as your WINS server.  NTAS can
+be configured as your WINS server.  In a mixed NT server and
+samba environment on a Wide Area Network, it is recommended that
+you use the NT server's WINS server capabilities.  In a samba-only
+environment, it is recommended that you use one and only one nmbd
+as your WINS server].
+
+To get browsing to work you need to run nmbd as usual, but will need
+to use the "workgroup" option in smb.conf to control what workgroup
+Samba becomes a part of.
+
+Samba also has a useful option for a Samba server to offer itself for
+browsing on another subnet.  It is recommended that this option is only
+used for 'unusual' purposes: announcements over the internet, for
+example.  See "remote announce" in the smb.conf man page.  
+
+If something doesn't work then hopefully the log.nmb file will help
+you track down the problem.  Try a debug level of 2 or 3 for finding
+problems. Also note that the current browse list usually gets stored
+in text form in a file called browse.dat.
+
+Note that if it doesn't work for you, then you should still be able to
+type the server name as \\SERVER in filemanager then hit enter and
+filemanager should display the list of available shares.
+
+Some people find browsing fails because they don't have the global
+"guest account" set to a valid account.  Remember that the IPC$
+connection that lists the shares is done as guest, and thus you must
+have a valid guest account.
+
+Also, a lot of people are getting bitten by the problem of too many
+parameters on the command line of nmbd in inetd.conf.  This trick is to
+not use spaces between the option and the parameter (eg: -d2 instead
+of -d 2), and to not use the -B and -N options.  New versions of nmbd
+are now far more likely to correctly find your broadcast and network
+address, so in most cases these aren't needed.
+
+The other big problem people have is that their broadcast address,
+netmask or IP address is wrong (specified with the "interfaces" option
+in smb.conf)
+
+
+BROWSING ACROSS SUBNETS
+=======================
+
+With the release of Samba 1.9.17(alpha1 and above) Samba has been
+updated to enable it to support the replication of browse lists
+across subnet boundaries.  New code and options have been added to
+achieve this.  This section describes how to set this feature up
+in different settings.
+
+To see browse lists that span TCP/IP subnets (ie.  networks separated
+by routers that don't pass broadcast traffic) you must set up at least
+one WINS server.  The WINS server acts as a DNS for NetBIOS names, allowing
+NetBIOS name to IP address translation to be done by doing a direct
+query of the WINS server.  This is done via a directed UDP packet on
+port 137 to the WINS server machine.  The reason for a WINS server is
+that by default, all NetBIOS name to IP address translation is done
+by broadcasts from the querying machine.  This means that machines
+on one subnet will not be able to resolve the names of machines on
+another subnet without using a WINS server.
+
+Remember, for browsing across subnets to work correctly, all machines,
+be they Windows 95, Windows NT, or Samba servers must have the IP address
+of a WINS server given to them by a DHCP server, or by manual configuration 
+(for Win95 and WinNT, this is in the TCP/IP Properties, under Network 
+settings) for Samba this is in the smb.conf file.
+
+How does cross subnet browsing work ?
+=====================================
+
+Cross subnet browsing is a complicated dance, containing multiple
+moving parts.  It has taken Microsoft several years to get the code
+that achieves this correct, and Samba lags behind in some areas.
+However, with the 1.9.17 release, Samba is capable of cross subnet
+browsing when configured correctly.
+
+Consider a network set up as follows :
+
+                                   (DMB)
+             N1_A      N1_B        N1_C       N1_D        N1_E
+              |          |           |          |           |
+          -------------------------------------------------------
+            |          subnet 1                       |
+          +---+                                      +---+
+          |R1 | Router 1                  Router 2   |R2 |
+          +---+                                      +---+
+            |                                          |
+            |  subnet 2              subnet 3          |
+  --------------------------       ------------------------------------
+  |     |     |      |               |        |         |           |
+ N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
+                    (WINS)
+
+Consisting of 3 subnets (1, 2, 3) conneted by two routers
+(R1, R2) - these do not pass broadcasts.  Subnet 1 has 5 machines
+on it, subnet 2 has 4 machines, subnet 3 has 4 machines.  Assume
+for the moment that all these machines are configured to be in the
+same workgroup (for simplicities sake).  Machine N1_C on subnet 1
+is configured as Domain Master Browser (ie.  it will collate the
+browse lists for the workgroup).  Machine N2_D is configured as
+WINS server and all the other machines are configured to register
+their NetBIOS names with it.
+
+As all these machines are booted up, elections for master browsers
+will take place on each of the three subnets.  Assume that machine
+N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
+subnet 3 - these machines are known as local master browsers for
+their particular subnet.  N1_C has an advantage in winning as the
+local master browser on subnet 1 as it is set up as Domain Master
+Browser.
+
+On each of the three networks, machines that are configured to 
+offer sharing services will broadcast that they are offering
+these services.  The local master browser on each subnet will
+receive these broadcasts and keep a record of the fact that
+the machine is offering a service.  This list of records is
+the basis of the browse list.  For this case, assume that
+all the machines are configured to offer services so all machines
+will be on the browse list.
+
+For each network, the local master browser on that network is
+considered 'authoritative' for all the names it receives via
+local broadcast.  This is because a machine seen by the local
+master browser via a local broadcast must be on the same 
+network as the local master browser and thus is a 'trusted'
+and 'verifiable' resource.  Machines on other networks that
+the local master browsers learn about when collating their
+browse lists have not been directly seen - these records are
+called 'non-authoritative'.
+
+At this point the browse lists look as follows (these are 
+the machines you would see in your network neighborhood if
+you looked in it on a particular network right now).
+
+Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+
+Note that at this point all the subnets are separate, no
+machine is seen across any of the subnets.
+
+Now examine subnet 2.  As soon as N2_B has become the local
+master browser it looks for a Domain master browser to synchronize
+its browse list with.  It does this by querying the WINS server
+(N2_D) for the IP address associated with the NetBIOS name 
+WORKGROUP<1B>.  This name was registerd by the Domain master
+browser (N1_C) with the WINS server as soon as it was booted.
+
+Once N2_B knows the address of the Domain master browser it
+tells it that is the local master browser for subnet 2 by
+sending a MasterAnnouncement packet as a UDP port 138 packet.
+It then synchronizes with it by doing a NetServerEnum2 call.  This
+tells the Domain Master Browser to send it all the server
+names it knows about.  Once the domain master browser receives
+the MasterAnnouncement packet it schedules a synchronization
+request to the sender of that packet.  After both synchronizations
+are done the browse lists look like :
+
+Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+
+Servers with a (*) after them are non-authoritative names.
+
+At this point users looking in their network neighborhood on
+subnets 1 or 2 will see all the servers on both, users on
+subnet 3 will still only see the servers on their own subnet.
+
+The same sequence of events that occured for N2_B now occurs
+for the local master browser on subnet 3 (N3_D).  When it
+synchronizes browse lists with the domain master browser (N1_A)
+it gets both the server entries on subnet 1, and those on
+subnet 2.  After N3_D has synchronized with N1_C and vica-versa
+the browse lists look like.
+
+Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Servers with a (*) after them are non-authoritative names.
+
+At this point users looking in their network neighborhood on
+subnets 1 or 3 will see all the servers on all sunbets, users on
+subnet 2 will still only see the servers on subnets 1 and 2, but not 3.
+
+Finally, the local master browser for subnet 2 (N2_B) will sync again
+with the domain master browser (N1_C) and will recieve the missing
+server entries.  Finally - and as a steady state (if no machines
+are removed or shut off) the browse lists will look like :
+
+Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Servers with a (*) after them are non-authoritative names.
+
+Synchronizations between the domain master browser and local
+master browsers will continue to occur, but this should be a
+steady state situation.
+
+If either router R1 or R2 fails the following will occur:
+
+1) Names of computers on each side of the inaccessible network fragments
+will be maintained for as long as 36 minutes, in the network neighbourhood
+lists.
+
+2) Attempts to connect to these inaccessible computers will fail, but the
+names will not be removed from the network neighbourhood lists.
+
+3) If one of the fragments is cut off from the WINS server, it will only
+be able to access servers on its local subnet, by using subnet-isolated
+broadcast NetBIOS name resolution.  The effects are similar to that of
+losing access to a DNS server.
+
+Setting up a WINS server
+========================
+
+Either a Samba machine or a Windows NT Server machine may be set up
+as a WINS server.  To set a Samba machine to be a WINS server you must
+add the following option to the smb.conf file on the selected machine :
+in the [globals] section add the line 
+
+        wins support = yes
+
+Versions of Samba previous to 1.9.17 had this parameter default to
+yes.  If you have any older versions of Samba on your network it is
+strongly suggested you upgrade to 1.9.17 or above, or at the very
+least set the parameter to 'no' on all these machines.
+
+Machines with "wins support = yes" will keep a list of all NetBIOS
+names registered with them, acting as a DNS for NetBIOS names.
+
+You should set up only ONE wins server.  Do NOT set the
+"wins support = yes" option on more than one Samba server.
+
+To set up a Windows NT Server as a WINS server you need to set up
+the WINS service - see your NT documentation for details.  Note that
+Windows NT WINS Servers can replicate to each other, allowing more
+than one to be set up in a complex subnet environment.  As Microsoft
+refuse to document these replication protocols Samba cannot currently
+participate in these replications.  It is possible in the future that
+a Samba->Samba WINS replication protocol may be defined, in which
+case more than one Samba machine could be set up as a WINS server
+but currently only one Samba server should have the "wins support = yes"
+parameter set.
+
+After the WINS server has been configured you must ensure that all
+machines participating on the network are configured with the address
+of this WINS server.  If your WINS server is a Samba machine, fill in
+the Samba machine IP address in the "Primary WINS Server" field of
+the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs
+in Windows 95 or Windows NT.  To tell a Samba server the IP address
+of the WINS server add the following line to the [global] section of
+all smb.conf files :
+
+        wins server = <name or IP address>
+
+where <name or IP address> is either the DNS name of the WINS server
+machine or its IP address.
+
+Note that this line MUST NOT BE SET in the smb.conf file of the Samba
+server acting as the WINS server itself.  If you set both the
+"wins support = yes" option and the "wins server = <name>" option then
+nmbd will fail to start.
+
+There are two possible scenarios for setting up cross subnet browsing.
+The first details setting up cross subnet browsing on a network containing
+Windows 95, Samba and Windows NT machines that are not configured as
+part of a Windows NT Domain.  The second details setting up cross subnet
+browsing on networks that contain NT Domains.
+
+Setting up Browsing in a WORKGROUP
+==================================
+
+To set up cross subnet browsing on a network containing machines
+in up to be in a WORKGROUP, not an NT Domain you need to set up one
+Samba server to be the Domain Master Browser (note that this is *NOT*
+the same as a Primary Domain Controller, although in an NT Domain the
+same machine plays both roles).  The role of a Domain master browser is
+to collate the browse lists from local master browsers on all the
+subnets that have a machine participating in the workgroup.  Without
+one machine configured as a domain master browser each subnet would
+be an isolated workgroup, unable to see any machines on any other
+subnet.  It is the presense of a domain master browser that makes
+cross subnet browsing possible for a workgroup.
+
+In an WORKGROUP environment the domain master browser must be a
+Samba server, and there must only be one domain master browser per
+workgroup name.  To set up a Samba server as a domain master browser,
+set the following option in the [global] section of the smb.conf file :
+
+        domain master = yes
+
+The domain master browser should also preferrably be the local master
+browser for its own subnet.  In order to achieve this set the following
+options in the [global] section of the smb.conf file :
+
+        domain master = yes
+        local master = yes
+        preferred master = yes
+        os level = 65
+
+The domain master browser may be the same machine as the WINS
+server, if you require.
+
+Next, you should ensure that each of the subnets contains a
+machine that can act as a local master browser for the
+workgroup.  Any NT machine should be able to do this, as will
+Windows 95 machines (although these tend to get rebooted more
+often, so it's not such a good idea to use these).  To make a 
+Samba server a local master browser set the following
+options in the [global] section of the smb.conf file :
+
+        domain master = no
+        local master = yes
+        preferred master = yes
+        os level = 65
+
+Do not do this for more than one Samba server on each subnet,
+or they will war with each other over which is to be the local
+master browser.
+
+The "local master" parameter allows Samba to act as a local master
+browser.  The "preferred master" causes nmbd to force a browser
+election on startup and the "os level" parameter sets Samba high
+enough so that it should win any browser elections.
+
+If you have an NT machine on the subnet that you wish to
+be the local master browser then you can disable Samba from
+becoming a local master browser by setting the following
+options in the [global] section of the smb.conf file :
+
+        domain master = no
+        local master = no
+        preferred master = no
+        os level = 0
+
+Setting up Browsing in a DOMAIN
+===============================
+
+If you are adding Samba servers to a Windows NT Domain then
+you must not set up a Samba server as a domain master browser.
+By default, a Windows NT Primary Domain Controller for a Domain
+name is also the Domain master browser for that name, and many
+things will break if a Samba server registers the Domain master
+browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC.
+
+For subnets other than the one containing the Windows NT PDC
+you may set up Samba servers as local master browsers as
+described.  To make a Samba server a local master browser set 
+the following options in the [global] section of the smb.conf 
+file :
+
+        domain master = no
+        local master = yes
+        preferred master = yes
+        os level = 65
+
+If you wish to have a Samba server fight the election with machines
+on the same subnet you may set the "os level" parameter to lower
+levels.  By doing this you can tune the order of machines that
+will become local master browsers if they are running.  For
+more details on this see the section "FORCING SAMBA TO BE THE MASTER"
+below.
+
+If you have Windows NT machines that are members of the domain
+on all subnets, and you are sure they will always be running then
+you can disable Samba from taking part in browser elections and
+ever becoming a local master browser by setting following options 
+in the [global] section of the smb.conf file :
+ 
+        domain master = no
+        local master = no
+        preferred master = no
+        os level = 0
+
+FORCING SAMBA TO BE THE MASTER
+==============================
+
+Who becomes the "master browser" is determined by an election process
+using broadcasts.  Each election packet contains a number of parameters
+which determine what precedence (bias) a host should have in the
+election.  By default Samba uses a very low precedence and thus loses
+elections to just about anyone else.
+
+If you want Samba to win elections then just set the "os level" global
+option in smb.conf to a higher number.  It defaults to 0.  Using 34
+would make it win all elections over every other system (except other
+samba systems!)
+
+A "os level" of 2 would make it beat WfWg and Win95, but not NTAS.  A
+NTAS domain controller uses level 32.
+
+The maximum os level is 255
+
+If you want samba to force an election on startup, then set the
+"preferred master" global option in smb.conf to "yes".  Samba will
+then have a slight advantage over other potential master browsers
+that are not preferred master browsers.  Use this parameter with
+care, as if you have two hosts (whether they are windows 95 or NT or
+samba) on the same local subnet both set with "preferred master" to
+"yes", then periodically and continually they will force an election
+in order to become the local master browser.
+
+If you want samba to be a "domain master browser", then it is
+recommended that you also set "preferred master" to "yes", because
+samba will not become a domain master browser for the whole of your
+LAN or WAN if it is not also a local master browser on its own
+broadcast isolated subnet.
+
+It is possible to configure two samba servers to attempt to become
+the domain master browser for a domain.  The first server that comes
+up will be the domain master browser.  All other samba servers will
+attempt to become the domain master browser every 5 minutes.  They
+will find that another samba server is already the domain master
+browser and will fail.  This provides automatic redundancy, should
+the current domain master browser fail.
+ 
+
+MAKING SAMBA THE DOMAIN MASTER
+==============================
+
+The domain master is responsible for collating the browse lists of
+multiple subnets so that browsing can occur between subnets.  You can
+make samba act as the domain master by setting "domain master = yes"
+in smb.conf.  By default it will not be a domain master.
+
+Note that you should NOT set Samba to be the domain master for a
+workgroup that has the same name as an NT Domain.
+
+When samba is the domain master and the master browser it will listen
+for master announcements (made roughly every twelve minutes) from local
+master browsers on other subnets and then contact them to synchronise
+browse lists.
+
+If you want samba to be the domain master then I suggest you also set
+the "os level" high enough to make sure it wins elections, and set
+"preferred master" to "yes", to get samba to force an election on
+startup.
+
+Note that all your servers (including samba) and clients should be
+using a WINS server to resolve NetBIOS names.  If your clients are only
+using broadcasting to resolve NetBIOS names, then two things will occur:
+
+a) your local master browsers will be unable to find a domain master
+   browser, as it will only be looking on the local subnet.
+
+b) if a client happens to get hold of a domain-wide browse list, and
+   a user attempts to access a host in that list, it will be unable to
+   resolve the NetBIOS name of that host.
+
+If, however, both samba and your clients are using a WINS server, then:
+
+a) your local master browsers will contact the WINS server and, as long as
+   samba has registered that it is a domain master browser with the WINS
+   server, your local master browser will receive samba's ip address
+   as its domain master browser.
+
+b) when a client receives a domain-wide browse list, and a user attempts
+   to access a host in that list, it will contact the WINS server to
+   resolve the NetBIOS name of that host.  as long as that host has
+   registered its NetBIOS name with the same WINS server, the user will
+   be able to see that host.  
+
+NOTE ABOUT BROADCAST ADDRESSES
+==============================
+
+If your network uses a "0" based broadcast address (for example if it
+ends in a 0) then you will strike problems.  Windows for Workgroups
+does not seem to support a 0's broadcast and you will probably find
+that browsing and name lookups won't work.
+
+
+MULTIPLE INTERFACES
+===================
+
+Samba now supports machines with multiple network interfaces.  If you
+have multiple interfaces then you will need to use the "interfaces"
+option in smb.conf to configure them.  See smb.conf(5) for details.
+
diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt
new file mode 100755
index 00000000000..8dd6b0200f4
--- /dev/null
+++ b/docs/textdocs/BUGS.txt
@@ -0,0 +1,138 @@
+!==
+!== BUGS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Samba Team
+Updated:	June 27, 1997
+
+Subject: This file describes how to report Samba bugs. 
+============================================================================
+
+>> The email address for bug reports is samba@samba.org <<
+
+Please take the time to read this file before you submit a bug
+report. Also, please see if it has changed between releases, as we
+may be changing the bug reporting mechanism at some time.
+
+Please also do as much as you can yourself to help track down the
+bug. Samba is maintained by a dedicated group of people who volunteer
+their time, skills and efforts. We receive far more mail about it than
+we can possibly answer, so you have a much higher chance of an answer
+and a fix if you send us a "developer friendly" bug report that lets
+us fix it fast. 
+
+Do not assume that if you post the bug to the comp.protocols.smb
+newsgroup or the mailing list that we will read it. If you suspect that your 
+problem is not a bug but a configuration problem then it is better to send 
+it to the Samba mailing list, as there are (at last count) 5000 other users on
+that list that may be able to help you.
+
+You may also like to look though the recent mailing list archives,
+which are conveniently accessible on the Samba web pages
+at http://samba.org/samba/ 
+
+
+GENERAL INFO
+------------
+
+Before submitting a bug report check your config for silly
+errors. Look in your log files for obvious messages that tell you that
+you've misconfigured something and run testparm to test your config
+file for correct syntax.
+
+Have you run through DIAGNOSIS.txt? This is very important.
+
+If you include part of a log file with your bug report then be sure to
+annotate it with exactly what you were doing on the client at the
+time, and exactly what the results were.
+
+
+DEBUG LEVELS
+------------
+
+If the bug has anything to do with Samba behaving incorrectly as a
+server (like refusing to open a file) then the log files will probably
+be very useful. Depending on the problem a log level of between 3 and
+10 showing the problem may be appropriate. A higher level givesmore
+detail, but may use too much disk space.
+
+To set the debug level use "log level =" in your smb.conf. You may
+also find it useful to set the log level higher for just one machine
+and keep separate logs for each machine. To do this use:
+
+log level = 10
+log file = /usr/local/samba/lib/log.%m
+include = /usr/local/samba/lib/smb.conf.%m
+
+then create a file "/usr/local/samba/lib/smb.conf.machine" where
+"machine" is the name of the client you wish to debug. In that file
+put any smb.conf commands you want, for example "log level=" may be
+useful. This also allows you to experiment with different security
+systems, protocol levels etc on just one machine.
+
+The smb.conf entry "log level =" is synonymous with the entry
+"debuglevel =" that has been used in older versions of Samba and
+is being retained for backwards compatibility of smb.conf files.
+
+As the "log level =" value is increased you will record a significantly
+increasing level of debugging information. For most debugging operations
+you may not need a setting higher than 3. Nearly all bugs can be tracked
+at a setting of 10, but be prepared for a VERY large volume of log data.
+
+
+INTERNAL ERRORs
+---------------
+
+If you get a "INTERNAL ERROR" message in your log files it means that
+Samba got an unexpected signal while running. It is probably a
+segmentation fault and almost certainly means a bug in Samba (unless
+you have faulty hardware or system software)
+
+If the message came from smbd then it will probably be accompanied by
+a message which details the last SMB message received by smbd. This
+info is often very useful in tracking down the problem so please
+include it in your bug report.
+
+You should also detail how to reproduce the problem, if
+possible. Please make this reasonably detailed.
+
+You may also find that a core file appeared in a "corefiles"
+subdirectory of the directory where you keep your samba log
+files. This file is the most useful tool for tracking down the bug. To
+use it you do this:
+
+gdb smbd core
+
+adding appropriate paths to smbd and core so gdb can find them. If you
+don't have gdb then try "dbx". Then within the debugger use the
+command "where" to give a stack trace of where the problem
+occurred. Include this in your mail.
+
+If you known any assembly language then do a "disass" of the routine
+where the problem occurred (if its in a library routine then
+disassemble the routine that called it) and try to work out exactly
+where the problem is by looking at the surrounding code. Even if you
+don't know assembly then incuding this info in the bug report can be
+useful. 
+
+
+ATTACHING TO A RUNNING PROCESS
+------------------------------
+
+Unfortunately some unixes (in particular some recent linux kernels)
+refuse to dump a core file if the task has changed uid (which smbd
+does often). To debug with this sort of system you could try to attach
+to the running process using "gdb smbd PID" where you get PID from
+smbstatus. Then use "c" to continue and try to cause the core dump
+using the client. The debugger should catch the fault and tell you
+where it occurred.
+
+
+PATCHES
+-------
+
+The best sort of bug report is one that includes a fix! If you send us
+patches please use "diff -u" format if your version of diff supports
+it, otherwise use "diff -c4". Make sure your do the diff against a
+clean version of the source and let me know exactly what version you
+used. 
+
diff --git a/docs/textdocs/CUPS-PrintingInfo.txt b/docs/textdocs/CUPS-PrintingInfo.txt
new file mode 100755
index 00000000000..bbe14f33e8f
--- /dev/null
+++ b/docs/textdocs/CUPS-PrintingInfo.txt
@@ -0,0 +1,589 @@
+Date: Sun, 22 Sep 2002 15:38:02 +0200
+From: "Kurt Pfeifle" <kpfeifle@danka.de>
+Reply-To: kpfeifle@danka.de
+Organization: Danka Deutschland GmbH
+To: samba@lists.samba.org
+Subject: CUPS filtering mechanism explained, was: [cups raw mode, was Re: [Samba] unlink data file in cups_job_submit]
+
+Paul Janzen wrote on Samba digest:
+
+ > Message: 7
+ > To: Gerald Carter <jerry@samba.org>
+ > Cc: samba@lists.samba.org
+ > From: Paul Janzen <pcj@samba.sez.to>
+ > Subject: cups raw mode, was Re: [Samba] unlink data file in cups_job_submit
+ > Date: 21 Sep 2002 12:09:23 -0700
+ >
+ >
+ > Gerald Carter <jerry@samba.org> writes:
+ >
+ >  > Looks right to me  [:-)] Applying it now.  Thanks.  I've been meaning to
+ >  > track this one down.
+ >
+ >
+ > Thanks!
+ >
+ > While we are on the subject...  [:-)]
+ >
+ > If I am using native printer drivers on Windows clients, I would like
+ > the "raw" option to get propagated to CUPS.  Otherwise cups does not
+ > pass the data on to the printer.
+
+Paul,
+
+I see you know about what you call the "raw data passthrough feature".
+I guess you mean the lines in "/etc/cups/mime.types" and
+"/etc/cups/mime.convs" which need to be uncommented to allow "raw"
+printing ?
+
+Here is some clarification (likely not very useful for you, but
+possibly for some other readers of the Samba list):
+
+###  If you have "printing = cups" and "printcap = cups" enabled,
+---  everything is handled by Samba accessing the CUPS API. (And any
+      "print command" directive in Samba will be ignored.) If the CUPS
+      API is not available (because Samba might not be compiled against
+libcups), it automatically maps to the "System V" command set, with
+"-oraw" enabled automatically.
+
+ > (If I enable cups's application/
+ > octet-stream raw-data passthrough feature, both cupsomatic and the
+ > Windows driver add PJL headers and footers, which is not what I want
+ > either.)
+
+###  According to my experience, cupsomatic on the Samba/CUPS server
+---  does *not* add any features if a file is really printed "raw".
+      However, if you have loaded the driver for the Windows client
+from the CUPS server, using the "cupsaddsmb" utility, and if this
+driver is one using a "Foomatic" PPD, the PJL header in question is
+already added on the Windows client, at the time when the driver
+initially generated the PostScript data -- and CUPS in true "-oraw"
+manner doesn't remove this PJL header and passes the file "as is"
+to its printer communication backend.
+
+NOTE,  please, that the editing in the "mime.convs" and the
+-----  "mime.types" file does not *enforce* "raw" printing, it
+        only *allows* it. Any file arriving from Windows is
+"auto-typed" by CUPS, which might consecutively lead to its
+treatment by various filters automatically (depending on the
+actual outcome of the auto-typing and the configuration of the
+printqueue in question):
+
+     --> Files generated by PCL drivers and destined to PCL
+         printers get auto-typed "application/octet-stream"
+         and are indeed printed "raw". Also, unknown file
+         types are getting tagged as "application/octet-stream".
+
+     --> Files generated by a PostScript driver (and destined
+         for any target printer type) are auto-typed. Depending
+         on the driver, the discovered MIME type may be
+
+           * application/postscript or
+           * application/vnd.cups-postscript
+
+"application/postscript" goes first thru the "pstops" filter
+    (where also the page counting and accounting takes place
+    currently), and the outcome will be of MIME type
+    "application/vnd.cups-postscript". The pstopsfilter reads and
+    uses information from the PPD and inserts user-provided options
+    into the PostScript file. As a consequence, the filtered file
+    will possibly have the PJL header you don't want.
+
+"application/postscript" will be all files with a ".ps", ".ai",
+    ".eps" suffix or which have as their first character string one
+    of "%!" or "<04>%".
+
+"application/vnd.cups-postscript" will be those files which do both,
+    first...
+    ...carry a string "LANGUAGE=POSTSCRIPT" (or similar variations
+       with different capitalization) amongst the first 512 bytes,
+       *plus*...
+    ...contain the "PJL super escape code" amongst the first 128
+       bytes ("<1B>%-12345X"). Very likely, most PostScript files
+       generated on Windows using a CUPS- or other PPD, will have
+       to be auto-typed as "vnd.cups-postscript".
+    Probably a file produced with a "Generic PostScript driver"
+    will be just "application/postscript" (have not checked).
+
+Once the file is in "application/vnd.cups-postscript" format,
+either "pstoraster" or "cupsomatic" will take over (depending
+on the printer configuration, as determined by the PPD in use).
+
+NOTE:  a printer queue with *no* PPD associated to it is a "raw"
+-----  printer and all files will go directly there as received
+        by the spooler; the exeption are file types
+"application/octet-stream" which need the mentioned "passthrough
+feature" enabled. "Raw" queues don't do any filtering at all, they
+hand the file directly to the CUPS backend. This backend is
+responsible for the sending of the data to the device (as visible
+in the "device URI" notation as lpd://, socket://, smb://, ipp://,
+http://, parallel:/, serial:/, usb:/ etc.)
+
+NOTE,  please, also the following fact: "cupsomatic"/Foomatic are
+-----  *not* native CUPS drivers and they don't ship with CUPS.
+        They are a Third Party add-on, developed at Linuxprinting.org.
+As such, they are a brilliant hack to make all models (driven by
+Ghostscript drivers/filters in traditional spoolers) also work via
+CUPS, with the same (good or bad!) quality as in these other
+spoolers. "cupsomatic" is only a vehicle to execute a ghostscript
+commandline at that stage in the CUPS filtering chain,  where
+"normally" the native CUPS "pstoraster" filter would kick in.
+cupsomatic by-passes pstoraster, "kidnaps" the printfile from CUPS
+away and re-directs it to go through Ghostscipt. CUPS accepts this,
+because the associated CUPS-O-Matic-/Foomatic-PPD carries a line
+reading
+
+   *cupsFilter:  "application/vnd.cups-postscript 0 cupsomatic"
+
+This line persuades CUPS to hand the file to cupsomatic, once it
+has successfully converted it to the MIME type
+"application/vnd.cups-postscript". This conversion will not
+happen for Jobs arriving from Windows which are autotyped
+"application/octet-stream", with the according changes in
+"/etc/cups/mime.types" in place.
+
+See small drawings at the end...
+
+I am not a programmer, so please correct me if I am wrong.
+
+ > With traditional lpr, you can just add "-oraw" to the "print command"
+ > line in smb.conf.  With cups, you don't have that alternative.
+
+You *do* have it, I think.
+
+But you need to disable the settings "printing = cups" and "printcap =
+= cups" and use "printing = bsd" and "printcap = /etc/printcap"
+instead. [Additionally, you will probably have to enable and configure
+the CUPS mini-LPD daemon ("cups-lpd") run from inetd... but I have not
+checked, so take this item with a grain of salt and a proper dose of
+caution, please.]
+
+ > The result is that to support both unix printing and native-driver
+ > Windows printing from CUPS, you have to have two logical printers per
+ > physical printer: one ("cooked") for Unix clients and one ("raw") for
+ > Samba to use.
+
+Yes, that is one current workaround, if you don't want the auto-typing
+of CUPS influencing Samba/Windows client PostScript jobs.
+
+CUPS is widely configurable and flexible, even regarding its filtering
+mechanism. Another workaround in some situations would be to have
+lines in "/etc/cups/mime.types" saying
+
+   application/postscript           application/vnd.cups-raw  0  -
+   application/vnd.cups-postscript  application/vnd.cups-raw  0  -
+
+This would prevent all Postscript files to be filtered (or rather, they
+will go thru the virtual "nullfilter" denoted with "-". (This could only
+be useful for PS printers, or if you want to print PS code on non-PS
+printers   ;-)
+
+A single line of
+
+   */*           application/vnd.cups-raw  0  -
+
+would effectively send *all* files towards the backend immediately
+(good luck!)
+
+Last, you could have the following (without the need for a Samba
+patch):
+
+   application/vnd.cups-postscript  application/vnd.cups-raw  0  my_PJL_stripping_filter
+
+You'd need to write a "my_PJL_stripping_filter" (could be a shellscript)
+which parses the PostScript and removes the undesired PJL. This would
+need to conform to CUPS filter design (mainly, receive and pass the
+parameters printername, job-id, username, jobtitle, copies, printoptions
+and possibly the filename). It would just go as world executably into
+"/usr/lib/cups/filters/" and work from there, called by cups if it
+encounters a MIME type "application/vnd.cups-postscript"
+
+ > The attached patch allows you to specify an option string for cups
+ > printers in smb.conf.
+
+I think your patch is in any case very useful (if it works as
+advertised  ;-).  It is the most generic, simple and flexible
+approach to complement CUPS.
+
+ > So, if you want to use native Windows drivers,
+ > all you need is
+ >
+ >         cups printer options = raw
+ >
+ > in smb.conf.  You can add any other options that cups and the printer
+ > understand.
+
+Now this last sentence makes me very curious. Do you mean you can add
+*multiple* options to this directive? Which syntax would be required
+for this ?  (Some CUPS options are specified by an "-o option=value"
+pair on the commandline, some are single values, like the "-o raw"
+one...)
+
+I am thinking on one specific usage now:
+
+-----------------------------------------------------------------------
+-> passing any available IPP job attribute to the printer / the spooler
+-----------------------------------------------------------------------
+
+For example, CUPS can handle "-o job-hold-until=indefinite". This
+keeps the job in the queue "on hold". It will only be printed upon
+manual release by the printer operator. This is a requirement in
+many "central reproduction departments", where a few operators
+manage the jobs of hundreds of users on some big machine, where no
+user is allowed to have direct access. (The operators often need to
+load the proper paper type before running the 10.000 page job
+requested by marketing for the mailing, etc.).
+
+A lot more useful applications come to mind, if I could pass
+"any other options that cups and the printer understand" via
+the smb.conf directive!!
+
+Thanks a lot!
+
+Cheers,
+Kurt
+
+P.S.: List, please give me some feedback, if you think this type of
+       explanation could be useful in the Samba HOWTO Collection. In
+       that case, I'll try to write it up in a nicer form.
+
+
+#########################################################################
+#
+# CUPS in and of itself has this (general) filter chain (CAPITAL
+# letters are FILE-FORMATS or MIME types, other are filters (this is
+# true for pre-1.1.15 of pre-4.3 versions of CUPS and ESP PrintPro):
+#
+# <SOMETHNG>-FILEFORMAT
+#      |
+#      |
+#      V
+#     <something>tops
+#      |
+#      |
+#      V
+# APPLICATION/POSTSCRIPT
+#      |
+#      |
+#      V
+#     pstops
+#      |
+#      |
+#      V
+# APPLICATION/VND.CUPS-POSTSCRIPT
+#      |
+#      |
+#      V
+#     pstoraster   # as shipped with CUPS, independent from any Ghostscipt
+#      |           # installation on the system
+#      |  (= "postscipt interpreter")
+#      |
+#      V
+# APPLICATION/VND.CUPS-RASTER
+#      |
+#      |
+#      V
+#     rasterto<something>  (f.e. Gimp-Print filters may be plugged in here)
+#      |   (= "raster driver")
+#      |
+#      V
+# SOMETHING-DEVICE-SPECIFIC
+#      |
+#      |
+#      V
+#     backend
+#
+#
+# ESP PrintPro has some enhanced "rasterto<something>" filters as compared to
+# CUPS, and also a somewhat improved "pstoraster" filter.
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+#       CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#
+#########################################################################
+#
+# This is how "cupsomatic" comes into play:
+# =========================================
+#
+# <SOMETHNG>-FILEFORMAT
+#      |
+#      |
+#      V
+#    <something>tops
+#      |
+#      |
+#      V
+# APPLICATION/POSTSCRIPT
+#      |
+#      |
+#      V
+#    pstops
+#      |
+#      |
+#      V
+# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+
+#      |                                          |
+#      |                                          V
+#      V                                         cupsomatic
+#    pstoraster                                  (constructs complicated
+#      |  (= "postscipt interpreter")            Ghostscript commandline
+#      |                                         to let the file be
+#      V                                         processed by a
+# APPLICATION/VND.CUPS-RASTER                    "-sDEVICE=<s.th.>"
+#      |                                         call...)
+#      |                                          |
+#      V                                          |
+#    rasterto<something>                          V
+#      |    (= "raster driver")     +-------------------------+
+#      |                            | Ghostscript at work.... |
+#      V                            |                         |
+# SOMETHING-DEVICE-SPECIFIC         *-------------------------+
+#      |                                          |
+#      |                                          |
+#      V                                          |
+#    backend <------------------------------------+
+#      |
+#      |
+#      V
+#    THE PRINTER
+#
+#
+#
+# Note, that cupsomatic "kidnaps" the printfile after the
+# "APPLICATION/VND.CUPS-POSTSCRPT" stage and deviates it through
+# the CUPS-external, systemwide Ghostscript installation, bypassing the
+# "pstoraster" filter (therefor also bypassing the CUPS-raster-drivers
+# "rasterto<something>", and hands the rasterized file directly to the CUPS
+# backend...
+#
+# cupsomatic is not made by the CUPS developers. It is an independent
+# contribution to printing development, made by people from
+# Linuxprinting.org. (see also http://www.cups.org/cups-help.html)
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+#       CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#
+#########################################################################
+#
+# And this is how it works for ESP PrintPro from 4.3:
+# ===================================================
+#
+# <SOMETHNG>-FILEFORMAT
+#      |
+#      |
+#      V
+#     <something>tops
+#      |
+#      |
+#      V
+# APPLICATION/POSTSCRIPT
+#      |
+#      |
+#      V
+#     pstops
+#      |
+#      |
+#      V
+# APPLICATION/VND.CUPS-POSTSCRIPT
+#      |
+#      |
+#      V
+#     gsrip
+#      |  (= "postscipt interpreter")
+#      |
+#      V
+# APPLICATION/VND.CUPS-RASTER
+#      |
+#      |
+#      V
+#     rasterto<something>  (f.e. Gimp-Print filters may be plugged in here)
+#      |   (= "raster driver")
+#      |
+#      V
+# SOMETHING-DEVICE-SPECIFIC
+#      |
+#      |
+#      V
+#     backend
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+#       CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#
+#########################################################################
+#
+# This is how "cupsomatic" would come into play with ESP PrintPro:
+# ================================================================
+#
+#
+# <SOMETHNG>-FILEFORMAT
+#      |
+#      |
+#      V
+#    <something>tops
+#      |
+#      |
+#      V
+# APPLICATION/POSTSCRIPT
+#      |
+#      |
+#      V
+#    pstops
+#      |
+#      |
+#      V
+# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+
+#      |                                          |
+#      |                                          V
+#      V                                         cupsomatic
+#    gsrip                                       (constructs complicated
+#      |  (= "postscipt interpreter")            Ghostscript commandline
+#      |                                         to let the file be
+#      V                                         processed by a
+# APPLICATION/VND.CUPS-RASTER                    "-sDEVICE=<s.th.>"
+#      |                                         call...)
+#      |                                          |
+#      V                                          |
+#    rasterto<something>                          V
+#      |   (= "raster driver")      +-------------------------+
+#      |                            | Ghostscript at work.... |
+#      V                            |                         |
+# SOMETHING-DEVICE-SPECIFIC         *-------------------------+
+#      |                                          |
+#      |                                          |
+#      V                                          |
+#    backend <------------------------------------+
+#      |
+#      |
+#      V
+#    THE PRINTER
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+#       CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#########################################################################
+#
+# And this is how it works for CUPS from 1.1.15:
+# ==============================================
+#
+# <SOMETHNG>-FILEFORMAT
+#      |
+#      |
+#      V
+#     <something>tops
+#      |
+#      |
+#      V
+# APPLICATION/POSTSCRIPT
+#      |
+#      |
+#      V
+#     pstops
+#      |
+#      |
+#      V
+# APPLICATION/VND.CUPS-POSTSCRIPT-----+
+#                                     |
+#                  +------------------v------------------------------+
+#                  | Ghostscript                                     |
+#                  | at work...                                      |
+#                  | (with                                           |
+#                  | "-sDEVICE=cups")                                |
+#                  |                                                 |
+#                  |         (= "postscipt interpreter")             |
+#                  |                                                 |
+#                  +------------------v------------------------------+
+#                                     |
+#                                     |
+# APPLICATION/VND.CUPS-RASTER <-------+
+#      |
+#      |
+#      V
+#     rasterto<something>
+#      |   (= "raster driver")
+#      |
+#      V
+# SOMETHING-DEVICE-SPECIFIC
+#      |
+#      |
+#      V
+#     backend
+#
+#
+# NOTE: since version 1.1.15 CUPS "outsourced" the pstoraster process to
+#       Ghostscript. GNU Ghostscript needs to be patched to handle the
+#       CUPS requirement; ESP Ghostscript has this builtin. In any case,
+#       "gs -h" needs to show up a "cups" device. pstoraster is now a
+#       calling an appropriate "gs -sDEVICE=cups..." commandline to do
+#       the job. It will output "application/vnd.cup-raster", which will
+#       be finally processed by a CUPS raster driver "rasterto<something>"
+#       Note the difference to "cupsomatic", which will *not* output
+#       CUPS-raster, but a final version of the printfile, ready to be
+#       sent to the printer. cupsomatic also doesn't use the "cups"
+#       devicemode in Ghostscript, but one of the classical devicemodes....
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+#       CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+#########################################################################
+#
+# And this is how it works for CUPS from 1.1.15, with cupsomatic included:
+# ========================================================================
+#
+# <SOMETHNG>-FILEFORMAT
+#      |
+#      |
+#      V
+#     <something>tops
+#      |
+#      |
+#      V
+# APPLICATION/POSTSCRIPT
+#      |
+#      |
+#      V
+#     pstops
+#      |
+#      |
+#      V
+# APPLICATION/VND.CUPS-POSTSCRIPT-----+
+#                                     |
+#                  +------------------v------------------------------+
+#                  | Ghostscript        . Ghostscript at work....    |
+#                  | at work...         . (with "-sDEVICE=           |
+#                  | (with              .            <s.th.>"        |
+#                  | "-sDEVICE=cups")   .                            |
+#                  |                    .                            |
+#                  | (CUPS standard)    .      (cupsomatic)          |
+#                  |                    .                            |
+#                  |          (= "postscript interpreter")           |
+#                  |                    .                            |
+#                  +------------------v--------------v---------------+
+#                                     |              |
+#                                     |              |
+# APPLICATION/VND.CUPS-RASTER <-------+              |
+#      |                                             |
+#      |                                             |
+#      V                                             |
+#     rasterto<something>                            |
+#      |   (= "raster driver")                       |
+#      |                                             |
+#      V                                             |
+# SOMETHING-DEVICE-SPECIFIC <------------------------+
+#      |
+#      |
+#      V
+#     backend
+#
+#
+# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to
+#       CUPS and ESP PrintPro plug-in where rasterto<something> is noted.
+#
+##########################################################################
+
+I hope this helps more people understand how CUPS works and how they
+can possibly tweak it to their needs.
+
+
diff --git a/docs/textdocs/DHCP-Server-Configuration.txt b/docs/textdocs/DHCP-Server-Configuration.txt
new file mode 100755
index 00000000000..82b54c2f5df
--- /dev/null
+++ b/docs/textdocs/DHCP-Server-Configuration.txt
@@ -0,0 +1,243 @@
+!==
+!== DHCP-Server-Configuration.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Subject:	DHCP Server Configuration for SMB Clients
+Date:		March 1, 1998
+Updated:        May 15, 2001
+Contributor:	John H Terpstra <jht@samba.org>
+Support:	This is an unsupported document. Refer to documentation that is
+		supplied with the ISC DHCP Server. Do NOT email the contributor
+		for ANY assistance.
+===============================================================================
+
+Background:
+===========
+
+We wish to help those folks who wish to use the ISC DHCP Server and provide
+sample configuration settings. Most operating systems today come ship with
+the ISC DHCP Server. ISC DHCP is available from:
+		ftp://ftp.isc.org/isc/dhcp
+
+Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows
+NT/2000) will lead to problems with browsing and with general network
+operation. Windows 9X/ME users often report problems where the TCP/IP and related
+network settings will inadvertantly become reset at machine start-up resulting
+in loss of configuration settings. This results in increased maintenance
+overheads as well as serious user frustration.
+
+In recent times users on one mailing list incorrectly attributed the cause of
+network operating problems to incorrect configuration of Samba.
+
+One user insisted that the only way to provent Windows95 from periodically
+performing a full system reset and hardware detection process on start-up was
+to install the NetBEUI protocol in addition to TCP/IP. This assertion is not
+correct.
+
+In the first place, there is NO need for NetBEUI. All Microsoft Windows clients
+natively run NetBIOS over TCP/IP, and that is the only protocol that is
+recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will
+cause problems with browse list operation on most networks. Even Windows NT
+networks experience these problems when incorrectly configured Windows95
+systems share the same name space. It is important that only those protocols
+that are strictly needed for site specific reasons should EVER be installed.
+
+Secondly, and totally against common opinion, DHCP is NOT an evil design but is
+an extension of the BOOTP protocol that has been in use in Unix environments
+for many years without any of the melt-down problems that some sensationalists
+would have us believe can be experienced with DHCP. In fact, DHCP in covered by
+rfc1541 and is a very safe method of keeping an MS Windows desktop environment
+under control and for ensuring stable network operation.
+
+Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95
+store all network configuration settings a registry. There are a few reports
+from MS Windows network administrators that warrant mention here. It would appear
+that when one sets certain MS TCP/IP protocol settings (either directly or via
+DHCP) that these do get written to the registry. Even though a subsequent
+change of setting may occur the old value may persist in the registry. This
+has been known to create serious networking problems.
+
+An example of this occurs when a manual TCP/IP environment is configured to
+include a NetBIOS Scope. In this event, when the administrator then changes the
+configuration of the MS TCP/IP protocol stack, without first deleting the
+current settings, by simply checking the box to configure the MS TCP/IP stack
+via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be
+applied to the resulting DHCP offered settings UNLESS the DHCP server also sets
+a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS
+Scope from your DHCP server. The can be done in the dhcpd.conf file with the
+parameter:
+         option netbios-scope "";
+
+While it is true that the Microsoft DHCP server that comes with Windows NT
+Server provides only a sub-set of rfc1533 functionality this is hardly an issue
+in those sites that already have a large investment and commitment to Unix
+systems and technologies. The current state of the art of the DHCP Server
+specification in covered in rfc2132.
+
+This document aims to provide enough background information so that the
+majority of site can without too much hardship get the Internet Software
+Consortium's (ISC) DHCP Server into operation. The key benefits of using DHCP
+includes:
+
+1) Automated IP Address space management and maximised re-use of available IP
+Addresses,
+
+2) Automated control of MS Windows client TCP/IP network configuration,
+
+3) Automatic recovery from start-up and run-time problems with Windows95.
+
+
+
+Client Configuration for SMB Networking:
+========================================
+SMB network clients need to be configured so that all standard TCP/IP name to
+address resolution works correctly. Once this has been achieved the SMB
+environment provides additional tools and services that act as helper agents in
+the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One
+such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it
+in their Windows NT Server implementation WINS (Windows Internet Name Server).
+
+A client needs to be configured so that it has a unique Machine (Computer)
+Name.
+
+This can be done, but needs a few NT registry hacks and you need to be able to
+speak UNICODE, which is of course no problem for a True Wizzard(tm) :)
+Instructions on how to do this (including a small util for less capable
+Wizzards) can be found at
+
+	http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html
+
+
+All remaining TCP/IP networking parameters can be assigned via DHCP. These include:
+
+a) IP Address,
+b) Netmask,
+c) Gateway (Router) Address,
+d) DNS Domain Name,
+e) DNS Server addresses,
+f) WINS (NBNS) Server addresses,
+g) IP Forwarding,
+h) Timezone offset,
+i) Node Type,
+j) NetBIOS Scope
+
+Other assignments can be made from a DHCP server too, but the above cover the
+major needs.
+
+Note: IF ever an entry has has been made to the NetBIOS Scope field of the
+TCP/IP configuration panel on an MS Windows machine, and it has then been
+committed, then that setting may become persistent. In such a c ase it is better
+to configure the DHCP server with a NetBIOS Scope consisting of an empty string
+(ie: A NULL scope).
+
+
+DHCP Server Installation:
+=========================
+It is assumed that you will have obtained a copy of the GPL'd ISC DHCP server
+source files from ftp://ftp.isc.org/isc/dhcp, it is also assumed that you have
+compiled the sources and have installed the binary files.
+
+The following simply serves to provide sample configuration files to enable
+dhcpd to operate. The sample files assume that your site is configured to use
+private IP network address space using the Class B range of 172.16.1.0 -
+172.16.1.255 and is using a netmask of 255.255.255.0 (ie:24 bits). It is
+assumed that your router to the outside world is at 172.16.1.254 and that your
+Internet Domain Name is bestnet.com.au. The IP Address range 172.16.1.100 to
+172.16.1.240 has been set aside as your dynamically allocated range. In
+addition, bestnet.com.au have two print servers that need to obtain settings
+via BOOTP. The machine linux.bestnet.com.au has IP address 172.16.1.1 and is
+you primary Samba server with WINS support enabled by adding the parameter to
+the /etc/smb.conf file: [globals] wins support = yes. The dhcp lease time will
+be set to 20 hours.
+
+Configuration Files:
+====================
+Before dhcpd will run you need to install a file that speifies the
+configuration settings, and another that holds the database of issued IP
+addresses. On many systems these are stored in the /etc directory on the Unix
+system.
+
+Example /etc/dhcpd.conf:
+========================
+server-identifier linux.bestnet.com.au;
+
+subnet 172.16.1.0 netmask 255.255.255.0 {
+	range 172.16.1.100 172.16.1.240;
+	default-lease-time 72000;
+	max-lease-time 144000;
+	option subnet-mask 255.255.255.0;
+	option broadcast-address 172.16.1.255;
+	option routers 172.16.1.254;
+	option domain-name-servers 172.16.1.1, 172.16.1.2;
+	option domain-name "bestnet.com.au";
+	option time-offset 39600;
+	option ip-forwarding off;
+	option netbios-name-servers 172.16.0.1, 172.16.0.1;
+	option netbios-dd-server 172.16.0.1;
+	option netbios-node-type 8;
+        option netbios-scope "";
+}
+
+; Note: The above netbios-scope is purposely an empty (NULL) string.
+
+group {
+	next-server 172.16.1.10;
+	option subnet-mask 255.255.255.0;
+	option domain-name "bestnet.com.au";
+	option domain-name-servers 172.16.1.1, 172.16.0.2;
+	option netbios-name-servers 172.16.0.1, 172.16.0.1;
+	option netbios-dd-server 172.16.0.1;
+	option netbios-node-type 8;
+        option netbios-scope "SomeCrazyScope";
+	option routers 172.16.1.240;
+	option time-offset 39600;
+	host lexmark1 {
+		hardware ethernet 06:07:08:09:0a:0b;
+		fixed-address 172.16.1.245;
+	}
+	host epson4 {
+		hardware ethernet 01:02:03:04:05:06;
+		fixed-address 172.16.1.242;
+	}
+}
+
+
+Creating the /etc/dhcpd.leases file:
+====================================
+At a Unix shell create an empty dhcpd.leases file in the /etc directory.
+You can do this by typing:	cp /dev/null /etc/dhcpd.leases
+
+
+Setting up a route table for all-ones addresses:
+================================================
+Quoting from the README file that comes with the ISC DHCPD Server:
+
+                              BROADCAST
+
+In order for dhcpd to work correctly with picky DHCP clients (e.g.,
+Windows 95), it must be able to send packets with an IP destination
+address of 255.255.255.255.  Unfortunately, Linux insists on changing
+255.255.255.255 into the local subnet broadcast address (here, that's
+192.5.5.223).  This results in a DHCP protocol violation, and while
+many DHCP clients don't notice the problem, some (e.g., all Microsoft
+DHCP clients) do.  Clients that have this problem will appear not to
+see DHCPOFFER messages from the server.
+
+It is possible to work around this problem on some versions of Linux
+by creating a host route from your network interface address to
+255.255.255.255.   The command you need to use to do this on Linux
+varies from version to version.   The easiest version is:
+
+	route add -host 255.255.255.255 dev eth0
+
+On some older Linux systems, you will get an error if you try to do
+this.   On those systems, try adding the following entry to your
+/etc/hosts file:
+
+255.255.255.255	all-ones
+
+Then, try:
+
+	route add -host all-ones dev eth0
+
+
+For more information please refer to the ISC DHCPD Server documentation.
diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt
new file mode 100755
index 00000000000..5ca1743a23a
--- /dev/null
+++ b/docs/textdocs/DIAGNOSIS.txt
@@ -0,0 +1,324 @@
+!==
+!== DIAGNOSIS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell
+Updated:	November 1, 1999
+
+Subject:	DIAGNOSING YOUR SAMBA SERVER
+===========================================================================
+
+This file contains a list of tests you can perform to validate your
+Samba server. It also tells you what the likely cause of the problem
+is if it fails any one of these steps. If it passes all these tests
+then it is probably working fine.
+
+You should do ALL the tests, in the order shown. I have tried to
+carefully choose them so later tests only use capabilities verified in
+the earlier tests.
+
+If you send me an email saying "it doesn't work" and you have not
+followed this test procedure then you should not be surprised if I
+ignore your email.
+
+
+ASSUMPTIONS
+-----------
+
+In all of the tests I assume you have a Samba server called BIGSERVER
+and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
+PC is running windows for workgroups with a recent copy of the
+microsoft tcp/ip stack. Alternatively, your PC may be running Windows
+95 or Windows NT (Workstation or Server).
+
+The procedure is similar for other types of clients.
+
+I also assume you know the name of an available share in your
+smb.conf. I will assume this share is called "tmp". You can add a
+"tmp" share like by adding the following to smb.conf:
+
+[tmp]
+ comment = temporary files 
+ path = /tmp
+ read only = yes
+
+
+THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
+COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS
+
+Please pay attention to the error messages you receive. If any error message
+reports that your server is being unfriendly you should first check that you
+IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
+file points to name servers that really do exist.
+
+Also, if you do not have DNS server access for name resolution please check
+that the settings for your smb.conf file results in "dns proxy = no". The
+best way to check this is with "testparm smb.conf"
+
+
+TEST 1:
+-------
+
+In the directory in which you store your smb.conf file, run the command
+"testparm smb.conf". If it reports any errors then your smb.conf
+configuration file is faulty.
+
+Note:	Your smb.conf file may be located in: /etc
+	Or in:   /usr/local/samba/lib
+
+
+TEST 2:
+-------
+
+run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
+the unix box. If you don't get a valid response then your TCP/IP
+software is not correctly installed. 
+
+Note that you will need to start a "dos prompt" window on the PC to
+run ping.
+
+If you get a message saying "host not found" or similar then your DNS
+software or /etc/hosts file is not correctly setup. It is possible to
+run samba without DNS entries for the server and client, but I assume
+you do have correct entries for the remainder of these tests. 
+
+Another reason why ping might fail is if your host is running firewall 
+software. You will need to relax the rules to let in the workstation
+in question, perhaps by allowing access from another subnet (on Linux
+this is done via the ipfwadm program.)
+
+
+TEST 3:
+-------
+
+Run the command "smbclient -L BIGSERVER" on the unix box. You
+should get a list of available shares back. 
+
+If you get a error message containing the string "Bad password" then
+you probably have either an incorrect "hosts allow", "hosts deny" or
+"valid users" line in your smb.conf, or your guest account is not
+valid. Check what your guest account is using "testparm" and
+temporarily remove any "hosts allow", "hosts deny", "valid users" or
+"invalid users" lines.
+
+If you get a "connection refused" response then the smbd server may
+not be running. If you installed it in inetd.conf then you probably edited
+that file incorrectly. If you installed it as a daemon then check that
+it is running, and check that the netbios-ssn port is in a LISTEN
+state using "netstat -a".
+
+If you get a "session request failed" then the server refused the
+connection. If it says "Your server software is being unfriendly" then
+its probably because you have invalid command line parameters to smbd,
+or a similar fatal problem with the initial startup of smbd. Also
+check your config file (smb.conf) for syntax errors with "testparm"
+and that the various directories where samba keeps its log and lock
+files exist.
+
+There are a number of reasons for which smbd may refuse or decline
+a session request. The most common of these involve one or more of
+the following smb.conf file entries:
+	hosts deny = ALL
+	hosts allow = xxx.xxx.xxx.xxx/yy
+	bind interfaces only = Yes
+
+In the above, no allowance has been made for any session requests that
+will automatically translate to the loopback adaptor address 127.0.0.1.
+To solve this problem change these lines to:
+	hosts deny = ALL
+	hosts allow = xxx.xxx.xxx.xxx/yy 127.
+Do NOT use the "bind interfaces only" parameter where you may wish to
+use the samba password change facility, or where smbclient may need to
+access local service for name resolution or for local resource
+connections. (Note: the "bind interfaces only" parameter deficiency
+where it will not allow connections to the loopback address will be
+fixed soon).
+
+Another common cause of these two errors is having something already running 
+on port 139, such as Samba (ie: smbd is running from inetd already) or
+something like Digital's Pathworks. Check your inetd.conf file before trying
+to start smbd as a daemon, it can avoid a lot of frustration!
+
+And yet another possible cause for failure of TEST 3 is when the subnet mask
+and / or broadcast address settings are incorrect. Please check that the
+network interface IP Address / Broadcast Address / Subnet Mask settings are
+correct and that Samba has correctly noted these in the log.nmb file.
+
+TEST 4:
+-------
+
+Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
+IP address of your Samba server back.
+
+If you don't then nmbd is incorrectly installed. Check your inetd.conf
+if you run it from there, or that the daemon is running and listening
+to udp port 137.
+
+One common problem is that many inetd implementations can't take many
+parameters on the command line. If this is the case then create a
+one-line script that contains the right parameters and run that from
+inetd.
+
+
+TEST 5:
+-------
+
+run the command "nmblookup -B ACLIENT '*'"
+
+You should get the PCs IP address back. If you don't then the client
+software on the PC isn't installed correctly, or isn't started, or you
+got the name of the PC wrong. 
+
+If ACLIENT doesn't resolve via DNS then use the IP address of the
+client in the above test.
+
+
+TEST 6:
+-------
+
+Run the command "nmblookup -d 2 '*'"
+
+This time we are trying the same as the previous test but are trying
+it via a broadcast to the default broadcast address. A number of
+Netbios/TCPIP hosts on the network should respond, although Samba may
+not catch all of the responses in the short time it listens. You
+should see "got a positive name query response" messages from several
+hosts. 
+
+If this doesn't give a similar result to the previous test then
+nmblookup isn't correctly getting your broadcast address through its
+automatic mechanism. In this case you should experiment use the
+"interfaces" option in smb.conf to manually configure your IP
+address, broadcast and netmask. 
+
+If your PC and server aren't on the same subnet then you will need to
+use the -B option to set the broadcast address to the that of the PCs
+subnet.
+
+This test will probably fail if your subnet mask and broadcast address are
+not correct. (Refer to TEST 3 notes above).
+
+TEST 7:
+-------
+
+Run the command "smbclient //BIGSERVER/TMP". You should then be
+prompted for a password. You should use the password of the account
+you are logged into the unix box with. If you want to test with
+another account then add the -U <accountname> option to the end of
+the command line.  eg: smbclient //bigserver/tmp -Ujohndoe
+
+Note: It is possible to specify the password along with the username
+as follows:
+	smbclient //bigserver/tmp -Ujohndoe%secret
+
+Once you enter the password you should get the "smb>" prompt. If you
+don't then look at the error message. If it says "invalid network
+name" then the service "tmp" is not correctly setup in your smb.conf.
+
+If it says "bad password" then the likely causes are:
+
+- you have shadow passords (or some other password system) but didn't
+compile in support for them in smbd
+- your "valid users" configuration is incorrect
+- you have a mixed case password and you haven't enabled the "password
+level" option at a high enough level
+- the "path =" line in smb.conf is incorrect. Check it with testparm
+- you enabled password encryption but didn't create the SMB encrypted
+password file
+
+Once connected you should be able to use the commands "dir" "get"
+"put" etc. Type "help <command>" for instructions. You should
+especially check that the amount of free disk space shown is correct
+when you type "dir".
+
+
+TEST 8:
+-------
+
+On the PC type the command "net view \\BIGSERVER". You will need to do
+this from within a "dos prompt" window. You should get back a list of
+available shares on the server.
+
+If you get a "network name not found" or similar error then netbios
+name resolution is not working. This is usually caused by a problem in
+nmbd. To overcome it you could do one of the following (you only need
+to choose one of them):
+
+- fixup the nmbd installation
+- add the IP address of BIGSERVER to the "wins server" box in the
+advanced tcp/ip setup on the PC.
+- enable windows name resolution via DNS in the advanced section of
+the tcp/ip setup
+- add BIGSERVER to your lmhosts file on the PC.
+
+If you get a "invalid network name" or "bad password error" then the
+same fixes apply as they did for the "smbclient -L" test above. In
+particular, make sure your "hosts allow" line is correct (see the man
+pages)
+
+Also, do not overlook that fact that when the workstation requests the
+connection to the samba server it will attempt to connect using the 
+name with which you logged onto your Windows machine. You need to make
+sure that an account exists on your Samba server with that exact same
+name and password.
+
+If you get "specified computer is not receiving requests" or similar
+it probably means that the host is not contactable via tcp services.
+Check to see if the host is running tcp wrappers, and if so add an entry in
+the hosts.allow file for your client (or subnet, etc.)
+
+
+TEST 9:
+--------
+
+Run the command "net use x: \\BIGSERVER\TMP". You should be prompted
+for a password then you should get a "command completed successfully"
+message. If not then your PC software is incorrectly installed or your
+smb.conf is incorrect. make sure your "hosts allow" and other config
+lines in smb.conf are correct.
+
+It's also possible that the server can't work out what user name to
+connect you as. To see if this is the problem add the line "user =
+USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
+username corresponding to the password you typed. If you find this
+fixes things you may need the username mapping option.
+
+TEST 10:
+--------
+
+Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name
+of the workgroup that your Samba server and Windows PCs belong to. You
+should get back the IP address of the master browser for that
+workgroup.
+
+If you don't then the election process has failed. Wait a minute to
+see if it is just being slow then try again. If it still fails after
+that then look at the browsing options you have set in smb.conf. Make
+sure you have "preferred master = yes" to ensure that an election is
+held at startup.
+
+TEST 11:
+--------
+
+From file manager try to browse the server. Your samba server should
+appear in the browse list of your local workgroup (or the one you
+specified in smb.conf). You should be able to double click on the name
+of the server and get a list of shares. If you get a "invalid
+password" error when you do then you are probably running WinNT and it
+is refusing to browse a server that has no encrypted password
+capability and is in user level security mode. In this case either set
+"security = server" AND "password server = Windows_NT_Machine" in your
+smb.conf file, or enable encrypted passwords AFTER compiling in support
+for encrypted passwords (refer to the Makefile).
+
+
+Still having troubles?
+----------------------
+
+Try the mailing list or newsgroup, or use the tcpdump-smb utility to
+sniff the problem. The official samba mailing list can be reached at
+samba@samba.org. To find out more about samba and how to
+subscribe to the mailing list check out the samba web page at
+              http://samba.org/samba
+
+Also look at the other docs in the Samba package!
+
diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt
new file mode 100755
index 00000000000..fed77b939b4
--- /dev/null
+++ b/docs/textdocs/DNIX.txt
@@ -0,0 +1,72 @@
+!==
+!== DNIX.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+DNIX has a problem with seteuid() and setegid(). These routines are
+needed for Samba to work correctly, but they were left out of the DNIX
+C library for some reason.
+
+For this reason Samba by default defines the macro NO_EID in the DNIX
+section of includes.h. This works around the problem in a limited way,
+but it is far from ideal, some things still won't work right.
+
+To fix the problem properly you need to assemble the following two
+functions and then either add them to your C library or link them into
+Samba.
+
+put this in the file setegid.s:
+
+        .globl  _setegid
+_setegid:
+        moveq   #47,d0
+        movl    #100,a0
+        moveq   #1,d1
+        movl    4(sp),a1
+        trap    #9
+        bccs    1$
+        jmp     cerror
+1$:
+        clrl    d0
+        rts
+
+
+put this in the file seteuid.s:
+
+        .globl  _seteuid
+_seteuid:
+        moveq   #47,d0
+        movl    #100,a0
+        moveq   #0,d1
+        movl    4(sp),a1
+        trap    #9
+        bccs    1$
+        jmp     cerror
+1$:
+        clrl    d0
+        rts
+
+after creating the above files you then assemble them using
+
+as seteuid.s
+as setegid.s
+
+that should produce the files seteuid.o and setegid.o
+
+then you need to add these to the LIBSM line in the DNIX section of
+the Samba Makefile. Your LIBSM line will then look something like this:
+
+LIBSM = setegid.o seteuid.o -ln
+
+You should then remove the line:
+
+#define NO_EID
+
+from the DNIX section of includes.h
+
+Then recompile and try it out!
+
+Note that this file was derived from an email from Peter Olsson
+<pol@leissner.se>. I don't have DNIX myself, so you're probably better
+off contacting Peter if you have problems.
+
+Andrew
+
diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt
new file mode 100755
index 00000000000..eb4e5f58a1a
--- /dev/null
+++ b/docs/textdocs/Faxing.txt
@@ -0,0 +1,223 @@
+!==
+!== Faxing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:    Gerhard Zuber <zuber@berlin.snafu.de>
+Date:			August 5th 1997.
+Status:			Current
+
+Subject:        F A X I N G   with  S A M B A
+==========================================================================
+
+This text describes how to turn your SAMBA-server into a fax-server
+for any environment, especially for Windows.
+   Author: Gerhard Zuber <zuber@berlin.snafu.de>
+   Version: 1.4
+   Date: 04. Aug. 1997
+
+Requirements:
+   UNIX box (Linux preferred) with SAMBA and a faxmodem
+   ghostscript package
+   mgetty+sendfax package
+   pbm package (portable bitmap tools)
+
+FTP sites:
+   sunsite.unc.edu:/pub/Linux/system/Serial/mgetty+sendfax*
+   tsx-11.mit.edu:/pub/linux/sources/sbin/mgetty+sendfax
+   ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/mgetty1.1.6-May05.tar.gz
+
+   pbm10dec91.tgz
+   ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/pbm10dec91.tgz
+   sunsite.unc.edu: ..../apps/graphics/convert/pbmplus-10dec91-bin.tar.gz
+   ftp.gwdg.de/pub/linux/grafik/pbmplus.src.tar.Z (this is 10dec91 source)
+                 or ???   pbm10dec91.tgz pbmplus10dec91.tgz
+
+
+making mgetty+sendfax running:
+==============================
+
+   go to source tree: /usr/src/mgetty+sendfax
+   cp policy.h-dist policy.h
+
+   change your settings: valid tty ports, modem initstring, Station-Id
+
+#define MODEM_INIT_STRING       "AT &F S0=0 &D3 &K3 &C1\\\\N2"
+
+#define FAX_STATION_ID  "49 30 12345678"
+
+#define FAX_MODEM_TTYS  "ttyS1:ttyS2:ttyS3"
+
+   Modem initstring is for rockwell based modems
+   if you want to use mgetty+sendfax as PPP-dialin-server,
+   define AUTO_PPP in Makefile:
+
+CFLAGS=-O2 -Wall -pipe -DAUTO_PPP
+
+   compile it and install the package.
+   edit your /etc/inittab and let mgetty running on your preferred
+   ports:
+
+s3:45:respawn:/usr/local/sbin/mgetty ttyS2 vt100
+
+   now issue a
+      kill -HUP 1
+   and enjoy with the lightning LEDs on your modem
+   your now are ready to receive faxes !
+
+
+   if you want a PPP dialin-server, edit 
+      /usr/local/etc/mgetty+sendfax/login.config
+
+/AutoPPP/ -     ppp     /usr/sbin/pppd auth debug passive modem 
+
+
+   Note: this package automatically decides between a fax call and
+         a modem call. In case of modem call you get a login prompt !
+
+Tools for printing faxes:
+=========================
+
+   your incomed faxes are in:
+    /var/spool/fax/incoming
+
+   print it with:
+
+     for i in *
+     do
+     g3cat $i | g3tolj | lpr -P hp
+     done
+
+   in case of low resolution use instead:
+
+     g3cat $i | g3tolj -aspect 2 | lpr -P hp
+
+
+   g3cat is in the tools-section, g3tolj is in the contrib-section
+   for printing to HP lasers.
+
+   If you want to produce files for displaying and printing with Windows, use
+   some tools from the pbm-package like follow
+
+     g3cat $i | g3topbm - |  ppmtopcx - >$i.pcx  
+
+   and view it with your favourite Windows tool (maybe paintbrush)
+
+
+Now making the fax-server:
+===========================
+
+    fetch the file
+       mgetty+sendfax/frontends/winword/faxfilter
+
+    and place it in
+
+      /usr/local/etc/mgetty+sendfax/
+
+    prepare your faxspool file as mentioned in this file
+    edit fax/faxspool.in and reinstall or change the final
+    /usr/local/bin/faxspool too.
+
+            if [ "$user" = "root" -o "$user" = "fax" -o \
+                 "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ]
+
+    find the first line and change the second.
+
+    make sure you have pbmtext (from the pbm-package). This is
+    needed for creating the small header line on each page.
+    Notes on pbmplus:
+    Some peoples had problems with precompiled binaries (especially
+    at linux) with a shared lib libgr.so.x.x. The better way is
+    to fetch the source and compile it. One needs only pbmtext for
+    generating the small line on top of each page /faxheader). Install
+    only the individual programs you need. If you install the full
+    package then install pbmplus first and then mgetty+sendfax, because
+    this package has some changed programs by itself (but not pbmtext).
+
+    make sure your ghostscript is functional. You need fonts !
+    I prefer these from the OS/2 disks
+
+    prepare your faxheader
+      /usr/local/etc/mgetty+sendfax/faxheader
+
+    edit your /etc/printcap file:
+
+# FAX 
+lp3|fax:\
+        :lp=/dev/null:\
+        :sd=/usr/spool/lp3:\
+        :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\
+        :lf=/usr/spool/lp3/fax-log:
+
+
+
+
+    edit your /usr/local/samba/lib/smb.conf
+
+    so you have a smb based printer named "fax"
+
+
+The final step:
+===============
+
+    Now you have a printer called "fax" which can be used via
+    TCP/IP-printing (lpd-system) or via SAMBA (windows printing).
+
+    On every system you are able to produce postscript-files you
+    are ready to fax.
+
+    On Windows 3.1 95 and NT:
+
+    Install a printer wich produces postscript output,
+       e.g.  apple laserwriter
+
+    connect the "fax" to your printer 
+
+
+    Now write your first fax. Use your favourite wordprocessor,
+    write, winword, notepad or whatever you want, and start
+    with the headerpage.
+
+    Usually each fax has a header page. It carries your name,
+    your address, your phone/fax-number.
+
+    It carries also the recipient, his address and his *** fax
+    number ***. Now here is the trick:
+
+    Use the text:
+       Fax-Nr: 123456789
+    as the recipients fax-number. Make sure this text does not
+    occur in regular text ! Make sure this text is not broken
+    by formatting information, e.g. format it as a single entity.
+    (Windows Write and Win95 Wordpad are functional, maybe newer
+    versions of Winword are breaking formatting information).
+
+    The trick is that postscript output is human readable and
+    the faxfilter program scans the text for this pattern and
+    uses the found number as the fax-destination-number.
+
+    Now print your fax through the fax-printer and it will be
+    queued for later transmission. Use faxrunq for sending the
+    queue out.
+
+    Notes of SAMBA smb.conf:
+    Simply use fall through from the samba printer to the unix
+    printer. Sample:
+
+
+ printcap name = /etc/printcap
+ print command = /usr/bin/lpr -r -P %p %s
+ lpq command = /usr/bin/lpq -P %p
+ lprm command = /usr/bin/lprm -P %p %j
+
+
+[fax]
+    comment = FAX (mgetty+sendfax)
+    path = /tmp
+    printable = yes
+    public = yes
+    writable = no
+    create mode = 0700
+    browseable = yes
+    guest ok = no
+
+
+
diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt
new file mode 100755
index 00000000000..afa5f8f4542
--- /dev/null
+++ b/docs/textdocs/GOTCHAS.txt
@@ -0,0 +1,71 @@
+!==
+!== GOTCHAS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+This file lists Gotchas to watch out for:
+=========================================================================
+Item Number:	1.0
+Description:	Problem Detecting Interfaces
+Symptom:	Workstations do NOT see Samba server in Browse List
+OS:		RedHat - Rembrandt Beta 2
+Platform:	Intel
+Date:		August 16, 1996
+Submitted By:	John H Terpstra 
+Details:
+	By default RedHat Rembrandt-II during installation adds an
+	entry to /etc/hosts as follows:-
+		127.0.0.1 loopback "hostname"."domainname"
+
+	This causes Samba to loop back onto the loopback interface.
+	The result is that Samba fails to communicate correctly with
+	the world and therefor may fail to correctly negotiate who
+	is the master browse list holder and who is the master browser.
+
+Corrective Action:	Delete the entry after the word loopback
+	in the line starting 127.0.0.1
+=========================================================================
+Item Number:	2.0
+Description:	Problems with MS Windows NT Server network logon service
+Symptom:	Loss of Domain Logon Services and failed Windows NT / 95
+		logon attempts.
+OS:		All Unix systems with Windows NT Domain Control environments.
+Platform:	All
+Date:		February 1, 1997
+Submitted By:	John H Terpstra 
+Details:
+	Samba is configured for Domain logon control in a network
+	where a Windows NT Domain Primary Controller is running.
+
+	Case 1:
+		The Windows NT Server is shut down, then restarted. Then
+		the Samba server is reconfigured so that it NO LONGER offers
+		Domain logon services. Windows NT and 95 workstations can no
+		longer log onto the domain. Ouch!!!
+
+	Case 2:
+		The Windows NT Server which is running the Network logon
+		Service is shut down and restarted while Samba is a domain
+		controller offering the Domain LogOn service. Windows NT
+		Workstation and Server can no longer log onto the network.
+
+	Cause:
+		Windows NT checks at start up to see if any domain logon
+		controllers are already running within the domain. It finds
+		Samba claiming to offer the service and therefore does NOT
+		start its Network Logon Service.
+
+		Windows NT needs the Windows NT network logon service to gain
+		from its Domain controller's SAM database the security
+		identifier for the user loging on.
+
+Work-around:	Stop the Samba nmbd and smbd processes, then on the Windows
+		NT Primary Domain Controller start the Network Logon Service.
+		Now restart the Samba nmbd and smbd services.
+
+		Better still: DO NOT CONFIGURE SAMBA AS THE NETWORK LOGON
+		SERVER, DO NOT SET SAMBA TO BE THE DOMAIN MASTER, DO NOT
+		SET SAMBA TO OS LEVEL GREATER THAN 0.
+
+		ie: Let Windows NT Server be the Domain Logon server, the
+		domain master browser and do NOT interfere with any aspect
+		of Microsoft Windows NT Domain Control.
+=========================================================================
diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt
new file mode 100755
index 00000000000..5b0854b36e5
--- /dev/null
+++ b/docs/textdocs/HINTS.txt
@@ -0,0 +1,212 @@
+!==
+!== HINTS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Many
+Updated:	Not for a long time!
+
+Subject:	A collection of hints
+Status:		May be useful information but NOT current
+===============================================================================
+
+Here are some random hints that you may find useful. These really
+should be incorporated in the main docs someday.
+
+
+----------------------
+HINT: Always test your smb.conf with testparm before using it
+
+If your smb.conf file is invalid then samba will fail to load. Run
+testparm over it before you install it just to make sure there aren't
+any basic syntax or logical errors.
+
+
+----------------------
+HINT: Try printing with smbclient first
+
+If you have problems printing, test with smbclient first. Just connect using 
+"smbclient '\\server\printer' -P" and use the "print" command.
+
+Once this works, you know that Samba is setup correctly for printing,
+and you should be able to get it to work from your PCs.
+
+This particularly helps in getting the "print command" right.
+
+
+----------------------
+HINT: Mount cdroms with conv=binary
+
+Some OSes (notably Linux) default to auto detection of file type on
+cdroms and do cr/lf translation. This is a very bad idea when use with
+Samba. It causes all sorts of stuff ups.
+
+To overcome this problem use conv=binary when mounting the cdrom
+before exporting it with Samba.
+
+
+----------------------
+HINT: Convert between unix and dos text formats
+
+Jim barry has written an excellent drag-and-drop cr/lf converter for
+windows. Just drag your file onto the icon and it converts the file.
+
+Get it from
+ftp://samba.org/pub/samba/contributed/fixcrlf.zip
+
+---------------------- 
+HINT: Use the "username map" option
+
+If the usernames used on your PCs don't match those used on the unix
+server then you will find the "username map" option useful.
+
+-----------------------
+HINT: Use "security = user" in [global]
+
+If you have the same usernames on the unix box and the PCs or have
+mapped them with the "username map" option then choose "security =
+user" in the [global] section of smb.conf.
+
+This will mean your password is checked only when you first connect,
+and subsequent connections to printers, disks etc will go more
+smoothly and much faster.
+
+The main problem with "security = user" if you use WfWg is that you
+will ONLY be able to connect as the username that you log into WfWg
+with. This is because WfWg silently ignores the password field in the
+connect drive dialog box if the server is in user security mode.
+
+------------------------
+HINT: Make your printers not "guest ok"
+
+If your printers are not "guest ok" and you are using "security =
+user" and have matching unix and PC usernames then you will attach to
+the printer without trouble as your own username. This will mean you
+will be able to delete print jobs (in 1.8.06 and above) and printer
+accounting will be possible.
+
+
+-----------------------
+HINT: Use a sensible "guest" account
+
+Even if all your services are not available to "guest" you will need a
+guest account. This is because the browsing is done as guest. In many
+cases setting "guest account = ftp" will do the trick. Using the
+default guest account or "guest account = nobody" will give problems on
+many unixes. If in doubt create another account with minimal
+privilages and use it instead. Your users don't need to know the
+password of the guest account.
+
+
+-----------------------
+HINT: Use the latest TCP/IP stack from microsoft if you use Windows
+for workgroups.
+
+The early TCP/IP stacks had lots of bugs.
+
+Microsoft has released an incremental upgrade to their TCP/IP 32-Bit
+VxD drivers.  The latest release can be found on their ftp site at
+ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe.
+There is an update.txt file there that describes the problems that were
+fixed.  New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386,
+WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE.
+
+
+-----------------------
+HINT: nmbd can act as a "WINS" server
+
+By default SMB clients use broadcasts to find shares. Recent clients
+(such as WfWg) can use a "wins" server instead, whcih reduces your
+broadcast traffic and allows you to find names across routers.
+
+Just point your WfWg, Win95 and NT clients at the Samba box in the WINS option.
+
+Note: nmbd does not support all WINS operations. Anyone out there have
+a spec they could send me?
+
+-----------------------
+HINT: you may need to delete your .pwl files when you change password.
+
+WfWg does a lousy job with passwords. I find that if I change my
+password on either the unix box or the PC the safest thing to do is to
+delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.
+
+If you don't do this you may find that WfWg remembers and uses the old
+password, even if you told it a new one.
+
+Often WfWg will totally ignore a password you give it in a dialog box.
+
+----------------------
+HINT: Using MS Access
+
+Here are some notes on running MS-Access on a Samba drive from Stefan 
+Kjellberg <stefank@esi.com.au>
+
+1. Opening a database in 'exclusive' mode does NOT work. Samba ignores
+   r/w/share modes on file open.
+
+2. Make sure that you open the database as 'shared' and to 'lock modified
+   records'
+
+3. Of course locking must be enabled for the particular share (smb.conf)
+
+
+---------------------
+HINT: password cacheing in WfWg
+
+Here is a hint from michael@ecel.uwa.edu.au (Michael Simmons):
+
+In case people where not aware. There is a program call admincfg.exe
+on the last disk (disk 8) of the WFW 3.11 disk set.  To install it
+type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon
+for it via the "Progam Manager" "New" Menu.  This program allows you
+to control how WFW handles passwords.  ie disable Password Caching etc
+for use with "security = user"
+
+
+--------------------
+HINT: file descriptor limits
+
+If you have problems with the limits on the number of open files you
+can edit local.h to fix it.
+
+--------------------
+HINT: HPUX initgroups() problem
+
+here is a hint from Frank Wales [frank@arcglade.demon.co.uk]:
+
+HP's implementation of supplementary groups is, er, non-standard (for
+hysterical reasons).  There are two group files, /etc/group and
+/etc/logingroup; the system maps UIDs to numbers using the former, but
+initgroups() reads the latter.  Most system admins who know the ropes
+symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons
+too stupid to go into here).  initgroups() will complain if one of the
+groups you're in in /etc/logingroup has what it considers to be an invalid
+ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think)
+60000 currently on HP-UX.  This precludes -2 and 65534, the usual 'nobody'
+GIDs.
+
+Perhaps you could suggest to users that, if they encounter this problem,
+they make sure that the programs that are failing to initgroups() be
+run as users not in any groups with GIDs outside the allowed range.
+
+This is documented in the HP manual pages under setgroups(2) and passwd(4).
+
+
+---------------------
+HINT: Patch your SCO system
+
+If you run SCO Unix then you may need to get important TCP/IP patches
+for Samba to work correctly. Try 
+
+Paul_Davis@mindlink.bc.ca writes:
+
+  I was having problems with Accpac using 1.9.02 on SCO Unix.  One
+  posting function reported corrupted data.  After installing uod385a,
+  the problem went away (a restore from backup and then another
+  run-thru).
+
+  It appears that the uod385a update for SCO may be fairly important for
+  a lot of different DOS and Windows software under Samba.
+
+  uod385a can be found at ftp.sco.com /SLS/uod385a.Z and uod385a.ltr.Z.
+
+
diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar
new file mode 100755
index 00000000000..413f54d3c65
--- /dev/null
+++ b/docs/textdocs/INSTALL.sambatar
@@ -0,0 +1,33 @@
+Contributor:	Ricky Poulten <poultenr@logica.co.uk>
+Date:		Unknown
+Status:		Current
+
+Subject:	Using smbtar
+=============================================================================
+
+Please see the readme and the man page for general info.
+
+1) Follow the samba installation instructions.
+
+2) If all goes well, test it out by creating a share on your PC (called
+backup for example) then doing something like,
+
+  ./smbtar -s mypc -t /dev/rmt/0ubn -x backup
+
+substituting whatever your tape drive is for the -t option, or set your
+tape environmental variable.
+
+If all does not go well, feel free to mail the author (poultenr@logica.co.uk)
+about bug reports / help / money / pizza / etc.
+
+3) Read the man page and the NOTES file for more information
+
+4) Work smbtar into your usual nightly backup scheme (presuming you
+have one :-}).
+
+
+NOTE:
+
+If you have problems with smbtar then it's probably best to contact the
+author Ricky Poulten (poultenr@logica.co.uk).
+
diff --git a/docs/textdocs/Imprints.txt b/docs/textdocs/Imprints.txt
new file mode 100755
index 00000000000..025381166b1
--- /dev/null
+++ b/docs/textdocs/Imprints.txt
@@ -0,0 +1,50 @@
+!==
+!== Imprints.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+==================================================================
+
+
+Imprints (Installation Manager of Printer driver 
+Retreival and Installation for Samba) is a project to 
+implement a UNIX equivalent of the Windows NT APW.    
+It has been taken on in part by the Samba Team, VA Linux 
+Systems and Hewlett-Packard.   The Imprints toolset seeks 
+to provide central repository for users and administrators 
+to locate, download, and install all variations Window 
+95/98/NT printer drivers on Samba print servers.  
+
+The server portion of Imprints is composed of a database 
+server which contains information and locations of various 
+printer driver packages.  This server can be queried over 
+standard HTTP get requests and should therefore be available 
+to most administrators behind firewalls.  The server's 
+database consists of records containing data  about each 
+known printer driver package.  For example, each driver 
+record contains a URL from which the Imprints installation 
+client can download the package as well as a public key which 
+can be used to verify the package's integrity.
+
+Once downloaded, the installation client will attempt to 
+install the printer driver on the defined remote server 
+using the username and password provided by the administrator.  
+If the username/password pair can be authenticated by the 
+remote server (and has the appropriate authorization), then 
+the printer driver(s) is (are) installed and the new Printer 
+is created. 
+
+From Samba's point of view, the process of creating a new 
+printer via the Imprints installation client is identical to 
+that of using the Windows NT APW.  In fact, Imprints utilizes 
+Samba's rpcclient and smbclient tools to issue the same MS-RPC 
+and file copy operations as an NT client.  This means that 
+Imprints can also be used to install printers on remote Windows 
+NT print servers.
+
+For more information on Imprints, visit the project homepage 
+at 
+
+        http://imprints.sourceforge.net/.
+
+
+
+
diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt
new file mode 100755
index 00000000000..c6b35811643
--- /dev/null
+++ b/docs/textdocs/Macintosh_Clients.txt
@@ -0,0 +1,26 @@
+!==
+!== Macintosh_Clients.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+> Are there any Macintosh clients for Samba?
+
+Yes. Thursby now have a CIFS Client / Server called DAVE - see
+http://www.thursby.com/
+
+They test it against Windows 95, Windows NT and samba for
+compatibility issues.  At the time of writing, DAVE was at version
+1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
+the Thursby web site (the speed of finder copies has been greatly
+enhanced, and there are bug-fixes included).
+
+Alternatives - There are two free implementations of AppleTalk for
+several kinds of UNIX machnes, and several more commercial ones.
+These products allow you to run file services and print services
+natively to Macintosh users, with no additional support required on
+the Macintosh.  The two free omplementations are Netatalk,
+http://www.umich.edu/~rsug/netatalk/, and CAP,
+http://www.cs.mu.oz.au/appletalk/atalk.html.  What Samba offers MS
+Windows users, these packages offer to Macs.  For more info on these
+packages, Samba, and Linux (and other UNIX-based systems) see
+http://www.eats.com/linux_mac_win.html
+
+
diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt
new file mode 100755
index 00000000000..866ec82a727
--- /dev/null
+++ b/docs/textdocs/NetBIOS.txt
@@ -0,0 +1,155 @@
+!==
+!== NetBIOS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:    lkcl - samba@samba.org
+                Copyright 1997  Luke Kenneth Casson Leighton 
+Date:           March 1997
+Status:         Current
+Updated:        12jun97
+
+Subject:	Definition of NetBIOS Protocol and Name Resolution Modes
+=============================================================================
+
+=======
+NETBIOS
+=======
+
+NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX.
+Samba only uses NetBIOS over TCP/IP.  For details on the TCP/IP NetBIOS 
+Session Service NetBIOS Datagram Service, and NetBIOS Names, see
+rfc1001.txt and rfc1002.txt.
+
+NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
+datagrams to be sent out over the 'wire' embedded within LLC frames.
+NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
+is preferable NOT to install NetBEUI if it can be avoided.
+
+IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
+preferable NOT to install the IPX/SPX transport unless you are using Novell
+servers.  At the very least, it is recommended that you do not install
+'NetBIOS over IPX/SPX'.
+
+[When installing Windows 95, you will find that NetBEUI and IPX/SPX are
+installed as the default protocols.  This is because they are the simplest
+to manage: no Windows 95 user-configuration is required].
+
+
+NetBIOS applications (such as samba) offer their services (for example,
+SMB file and print sharing) on a NetBIOS name.  They must claim this name
+on the network before doing so.  The NetBIOS session service will then
+accept connections on the application's behalf (on the NetBIOS name
+claimed by the application).  A NetBIOS session between the application
+and the client can then commence.
+
+NetBIOS names consist of 15 characters plus a 'type' character.  This is
+similar, in concept, to an IP address and a TCP port number, respectively.
+A NetBIOS-aware application on a host will offer different services under
+different NetBIOS name types, just as a host will offer different TCP/IP
+services on different port numbers.
+
+NetBIOS names must be claimed on a network, and must be defended.  The use
+of NetBIOS names is most suitable on a single subnet; a Local Area Network
+or a Wide Area Network.
+
+NetBIOS names are either UNIQUE or GROUP.  Only one application can claim a
+UNIQUE NetBIOS name on a network.
+
+There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.
+
+
+=================
+BROADCAST NetBIOS
+=================
+
+Clients can claim names, and therefore offer services on successfully claimed
+names, on their broadcast-isolated subnet.  One way to get NetBIOS services
+(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
+SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
+your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
+
+This, however, is not recommended.  If you have a large LAN or WAN, you will
+find that some of your hosts spend 95 percent of their time dealing with
+broadcast traffic.  [If you have IPX/SPX on your LAN or WAN, you will find
+that this is already happening: a packet analyzer will show, roughly
+every twelve minutes, great swathes of broadcast traffic!].
+
+
+============
+NBNS NetBIOS
+============
+
+rfc1001.txt describes, amongst other things, the implementation and use
+of, a 'NetBIOS Name Service'.  NT/AS offers 'Windows Internet Name Service'
+which is fully rfc1001/2 compliant, but has had to take specific action
+with certain NetBIOS names in order to make it useful.  (for example, it
+deals with the registration of <1c> <1d> <1e> names all in different ways.
+I recommend the reading of the Microsoft WINS Server Help files for full
+details).
+
+Samba also offers WINS server capabilities.  Samba does not interact
+with NT/AS (WINS replication), so if you have a mixed NT server and
+Samba server environment, it is recommended that you use the NT server's
+WINS capabilities, instead of samba's WINS server capabilities.
+
+The use of a WINS server cuts down on broadcast network traffic for
+NetBIOS name resolution.  It has the effect of pulling all the broadcast
+isolated subnets together into a single NetBIOS scope, across your LAN
+or WAN, while avoiding the use of TCP/IP broadcast packets.
+
+When you have a WINS server on your LAN, WINS clients will be able to
+contact the WINS server to resolve NetBIOS names.  Note that only those
+WINS clients that have registered with the same WINS server will be
+visible.  The WINS server _can_ have static NetBIOS entries added to its
+database (usually for security reasons you might want to consider putting
+your domain controllers or other important servers as static entries,
+but you should not rely on this as your sole means of security), but for
+the most part, NetBIOS names are registered dynamically.
+
+[It is important to mention that samba's browsing capabilities (as a WINS
+client) must have access to a WINS server.  if you are using samba also
+as a WINS server, then it will have a direct short-cut into the WINS
+database.
+
+This provides some confusion for lots of people, and is worth mentioning
+here:  a Browse Server is NOT a WINS Server, even if these services are
+implemented in the same application.  A Browse Server _needs_ a WINS server
+because a Browse Server is a WINS client, which is _not_ the same thing].
+
+Clients can claim names, and therefore offer services on successfully claimed
+names, on their broadcast-isolated subnet.  One way to get NetBIOS services
+(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
+SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make
+your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
+You will find, however, if you do this on a large LAN or a WAN, that your
+network is completely swamped by NetBIOS and browsing packets, which is why
+WINS was developed to minimise the necessity of broadcast traffic.
+
+WINS Clients therefore claim names from the WINS server.  If the WINS
+server allows them to register a name, the client's NetBIOS session service
+can then offer services on this name.  Other WINS clients will then
+contact the WINS server to resolve a NetBIOS name.
+
+
+=======================
+Samba WINS Capabilities
+=======================
+
+To configure samba as a WINS server, you must add "wins support = yes" to
+the [global] section of your smb.conf file.  This will enable WINS server
+capabilities in nmbd.
+
+To configure samba as a WINS client, you must add "wins server = x.x.x.x"
+to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP
+address of your WINS server.  The browsing capabilities in nmbd will then
+register (and resolve) WAN-wide NetBIOS names with this WINS server.
+
+Note that if samba has "wins support = yes", then the browsing capabilities
+will _not_ use the "wins server" option to resolve NetBIOS names: it will
+go directly to the internal WINS database for NetBIOS name resolution.  It
+is therefore invalid to have both "wins support = yes" and
+"wins server = x.x.x.x".  Note, in particular, that if you configure the
+"wins server" parameter to be the ip address of your samba server itself
+(as might one intuitively think), that you will run into difficulties.
+Do not use both parameters!
+
+
diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt
new file mode 100755
index 00000000000..69fec36f08b
--- /dev/null
+++ b/docs/textdocs/PROFILES.txt
@@ -0,0 +1,388 @@
+!==
+!== PROFILES.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributors:	Bruce Cook <BC3-AU@bigfoot.com>
+		Copyright (C) 1998 Bruce Cook
+
+		John Terpstra <samba@samba.org>
+		Copyright (C) 1998 John H. Terpstra
+
+		Wolfgang Ratzka <ratzka@hrz.uni-marburg.de>
+		Copyright (C) 1998 Wolfgang Ratzka
+
+Created:	April 11, 1998
+Updated:	April 11, 1998
+
+Subject:	User Profiles
+===========================================================================
+
+From BC3-AU@bigfoot.com Sat Apr 11 13:36:05 1998
+Date: Sat, 11 Apr 1998 17:13:49 +1000
+From: Bruce Cook <BC3-AU@bigfoot.com>
+To: Multiple recipients of list <samba-ntdom@samba.org>
+Subject: RE: A question about NT Domains
+
+Luke Kenneth Casson Leighton writes:
+ > On Fri, 10 Apr 1998, Jean-Francois Micouleau wrote:
+ > 
+ > > On Fri, 10 Apr 1998, Luke Kenneth Casson Leighton wrote:
+ > > 
+ > > > ah, then i need to explain better.  two or more users have identical
+ > > > profiles.  say only one user installs a program which adds additional keys
+ > > > into the registry.  those keys, as i understand it, will *not* be removed
+ > > > from HKEY_LOCAL_USER when subsequent users log in.
+ > > 
+ > > under W95 or NT ?
+ > 
+ > my experience is with Win95, but i expect the same for NT, and have been
+ > told that it is so by someone who runs NT admin training courses.
+ >  
+ > > and why do you want to have one profile shared between multiples users ?
+ > 
+ > you don't.  how did you get that impression?  i said multiple users with
+ > identical profiles, not multiple users sharing one profile.
+
+In my experience with both Win95 and NT, is that the HKEY_LOCAL_USER information
+is stored in USER.dat or NTuser.DAT for NT.  ALL of this branch is in this file
+and there is no overlap between any two users (Unless you have '95 set up
+to use a single common profile).
+
+[** lkcl: see jht's message for conditions under which an overlap can occur **]
+
+The HKEY_LOCAL_MACHINE branch is machine based, and shared by all users of that
+machine.
+
+
+[And now for a whole stack of caveats]
+
+1. User start menu paths are not stored in the registry (obviously) they're
+   a directory structure that located by settings in HKEY_LOCAL_USER.
+
+   If you want start menues / desktop / favorites to be individual to a user
+   you must set up your user registry so these can be located individually.
+   The easiest tool to manage this is the policy editor.
+   
+2. When you log onto 'Doze 95, it has to find the user registry.
+
+
+   If you have specified a common profile, a "default user" USER.DAT is used.
+
+   If you have specified individualised profiles, then USER.DAT will be found
+   by the following formula:
+
+	1. if NET USE x: /HOME was used at startup, try for x:\USER.DAT (where
+	   x: is any drive letter from A to Z.
+	   if no USER.DAT is found go to step 3
+
+	2. if no home is specified in a mapping,
+	   ...\windows\profiles\username\USER.DAT is used. If no USER.DAT exists
+	   go to step 3.
+
+	3. If neither of the previous two found a USER.DAT, then it will use
+	   a prototype USER.DAT which it will later save to the above specified
+	   path when the user logs out.
+
+	   The interesting thing here is that the prototype USER.DAT used here
+	   is actually a copy of the last USER.DAT used on this machine.  (This
+	   may be the effect that the original poster is seeing)
+
+	4. As discussed above the start menu and desktop are specified in the
+	   registry contained within USER.DAT.  When a new USER.DAT is created
+	   from a prototype, new directories are created for the start menu and
+	   desktop ACCORDING TO HOW THE COPIED PROTOTYPE DEFINES THEM.
+
+	   So if the prototype USER.DAT says that start menu is in H:\Start Menu
+	   but programs folder is C:\windows\start menu\programs, then the
+	   H:\start menu will be created, and the existing machine programs
+	   folder used.
+
+	   This means that is is important when creating roving profiles to get
+	   your prototype USER.DAT and general user directory structure set up
+	   exactly as you want it, and then make a copy of it that you know will
+	   be safe from modification.  When creating a new user you then copy
+	   this prototype into the new user area, so that the new user doesn't
+	   just inherit what the previous user had.
+
+
+3. When you log onto 'Doze NT, it has to find the user registry.
+
+
+   NT is easier to see what's going on, but follows much the same rules as
+   '95.  The big difference being that 'NT gets its profile location from
+   the login server when it's logged in. (On an NT system have a look at user
+   manager/user/profile - you will see that you can specify the user profile
+   path) Under NT3.51 this profile path was a path to NTuser.DAT, on 4.0 this
+   seems to be a path to a directory structure (haven't played with many NT4
+   servers)
+
+   I'm not sure how this works in samba, as I haven't yet tried the NT_DOM stuff
+   yet (Luke: I assume you have a keyword for this?)
+
+[lkcl: nt workstations should look in exactly the same places for things on
+       samba or other SMB servers as they do on an NT server, as long as that
+       SMB server looks like NT.  if anyone finds that something fails, alert
+       us on samba@samba.org and we'll look into it].
+
+   When an NT system find a user without a NTuser.DAT, it copies from a
+   prototype that it stores especially for this purpose, so while unlike '95
+   the user doesn't get whatever happened last on the machine, the user will
+   get a fairly minimalist configuration.
+
+[[jht:
+When a Win95 machine logs onto a Windows NT Domain the Win95 machine looks
+for the presence of a file called Config.Pol in the following location:
+	\\"Authenticating Server"\NETLOGON
+It reads this file and uses it to ammend both the desktop environment as well
+as the file %WinDir%\Profiles\%USERNAME%\User.DAT. As with Windows NT, on log
+out this file gets written back to the profile server into the %USERNAME%
+directory in the profile share.
+
+It is thus possible to share a common desktop profile between Windows NT and
+Windows 9x.
+:jht]]
+
+
+4. There are a *LOT* of reasons that the 'doze machine might not find USER.DAT
+   and therefore default to a prototype.
+
+	1. Can't execute logon script & therefore no /HOME mapping (Most common)
+	   .Make sure the script exists
+	   .that you have your logon script set right
+	   .Netlogon share must exist
+	   .Protection/ownership of the script and share
+
+	2. no /HOME mapping in the logon script
+
+	3. no home path specified in /etc/smb.conf (Or no home mapping set
+	   up for that user in NT's user manager)
+
+	4. Protection/ownership of the user directory
+
+	5. protection/ownership of USER.DAT
+
+	6. basic networking problems
+	   .Is the networking available (Test it by manually mapping
+		to both the user share and netlogon share)
+	   .Was the networking working during logon ?
+
+	7. Has it defaulted to a prototype, and then had you map the home
+	   directory afterwards ? - This will result in the bad prototype
+	   being written into the users home, and them being stuck with it,
+	   (Just replace USER.DAT again)
+
+
+5. Interesting NOTE
+
+	When '95 is performing the logon script, the HKEY_LOCAL_USERS has
+	NOT been mapped from the USER.DAT. What has been mapped at this stage
+	is the prototype registry (last one used).
+
+	I assume the reason for this is that '95 is waiting for the logon
+	script to complete so that it can identify where the user's home
+	directory is.
+
+	If at this point you attempt to do anything that uses the USER registry,
+	(installing something for example or reading something from the user
+	registry) you will actually be operating on the machine stored prototype
+	profile not the user profile.  This means that nothing will realy
+	happen to the user setup (No menu items, no settings etc).
+
+	To get around this you can name a process in the "run once" entries in
+	the HKEY_LOCAL_MACHINE branch, and these "run once" processes will be
+	executed once the USER.DAT is loaded, and all the user directories are
+	accessible.
+
+
+To sum up:
+
+	NET USE H: /HOME
+	is the key to getting your user profiles loaded from a server.
+	NET USE H: \\server\homes
+	Won't get it right without a lot of stuffing about.
+	 
+	Windoze '95 goes through a lot to bring you your user profile and
+	if anything goes wrong during this process, it will drop back to
+	using whatever profile was last used on the machine.
+	 
+
+From samba@aquasoft.com.au Sat Apr 11 13:48:54 1998
+Date: Sat, 11 Apr 1998 09:34:08 +1000
+From: Samba Bugs <samba@aquasoft.com.au>
+To: Multiple recipients of list <samba-ntdom@samba.org>
+Subject: Re: A question about NT Domains
+
+Just for the sake of completeness I thought I'd add a bit to this.
+Let's be clear about which files affect registry changes (or contents).
+
+Under NT, open a command prompt interface:
+cd %SystemRoot%\System32\config
+dir
+
+The standard registry files are:
+	Default	- all component default settings
+	System - all HKLM\System entries
+	Software - all HKLM\Software entries
+	Security - Domain/Machine releated User Rights & Privs.
+	SAM - the Security Access Manager database (ie:Passwords etc.)
+
+[[jht:
+The SAM and Security files are the only files that get synchronised between
+Windows NT Domain Controllers.
+:jht]]
+
+These are used by EVERYTHING!!
+
+When a user logs in the following files get checked:
+	1) \\"Authenticating Server"\NETLOGON\NTConfig.Pol
+	2) %SystemRoot%\Profiles\Policies\NTConfig.Pol
+		this one is a copy of the last NTConfig.Pol downloaded
+		from (1) above - if available.
+	3) %SystemRoot%\Policies\%UserName%\NTUser.DAT
+
+[[jht:
+The System Policy Editor on Windows NT can be used to create both the
+Windows 95 "Config.Pol" file, as well as the Windows NT "NTConfig.Pol"
+file. To create the Windows 95 policy file you MUST load the Windows 95
+policy template BEFORE creating the Config.Pol file.
+:jht]]
+
+The later, is first obtained from a profile server if the User_Init_Info
+passed from the Domain Logon Server specifies use of a roaming profile.
+If item (3) does NOT exist and/or NO default profile is available one gets
+created from the system default settings PLUS the last loaded file at item
+(2) above.
+ 
+The HKCU is always unique to the currently logged in user, BUT if the
+currently logged in user is using a shared profile that has NOT been made
+exclusive then on logout  the HKCU will be written over the top of the
+source files. That is why Mandatory profiles are essential when sharing a
+roaming profile.
+
+On Sat, 11 Apr 1998, Wolfgang Ratzka wrote:
+
+> Luke Kenneth Casson Leighton wrote:
+> 
+> > my experience is with Win95, but i expect the same for NT, and have been
+> > told that it is so by someone who runs NT admin training courses.
+> 
+> On NT it is quite definitely not so. HKCU will always be loaded completely from
+> the user's NTuser.dat file and unloaded again after logout.
+> In fact HKCU is not a proper registry hive but a symbolic reference to the subkey of
+> HKEY_USERS that corresponds to the current user. If more than one user 
+> is active on an NT machine (on plain vanilla NT this *is* possible if you have
+> services running as a non-system user; on WinFrame or Hydra multiple users
+> can be logged in) you will see several subkeys of HKU that correspond to
+> the active users and don't interfere with each other.
+> 
+> Of course some settings that a user can change do not go into the HKCU hive
+> but into HKLM, most notably the screen resolution and the number of colours
+> (you can use policies to prevent user's from changing these).
+> Some applications put information that should go into HKCU into HKLM instead.
+> (Hall of Shame: Netscape Communicator, Microsoft Office 97 [User dictionaries!]...).
+> Others just use plain good old INI files in their program directory or even 
+> in \WINNT\SYSTEM32. Those changes will not be user specific but machine 
+> specific and those programs will cause trouble, when one tries to run them
+> on WinFrame or Hydra... :-).
+> 
+> Summarizing:
+> 
+> Q: Will the next user inherit a previous user's additions
+>    to the HKCU registry hive?
+> A: Quite definitely not.
+
+Correct.
+
+> 
+> Q: Can a user foul up the configuration for the next user?
+> A: Quite definitely yes!
+
+See above. Yes, but not if correctly configured.
+
+> 
+> Q: Is this discussion out of place on the samba-ntdom list?
+> A: Errr....
+
+Errr... Really? I think it is. Do we, or do we not, want to help people to
+gain stable and dependable use of samba?
+
+> -- 
+> Wolfgang Ratzka (dialing in from home)
+
+Cheers,
+John H Terpstra (Also from home!!!!)
+
+=============================================================================
+Further notes by Bruce Cook
+
+Date: Sun, 12 Apr 1998 14:12:22 +1000
+From: Bruce Cook <BC3-AU@bigfoot.com>
+Subject: Re: Win95 / NT Profiles (was: RE: A question about NT Domains)
+
+Ah yes I knew there was something I forgot.
+here it is for completeness.
+
+=============================================================================
+
+When a user logs into a specific machine for the first time, they will be
+told that they've never logged into the machine, and would they like to
+store the user setting for future use.
+
+If the user answers NO, they will be nagged about this every time they
+log into the machine until they say YES. (How about it MS, could we
+possible do something about this feature?)
+
+When the user answers YES, thereafter upon logging out of the machine,
+a copy of the user's profile is also written onto the machines local disk
+for later use.
+
+When a user logs into a machine where his/her profile has previously been
+saved, a comparison is made between the date of the profile copy kept on
+the machine, and the date of the profile stored on the server.  In theory
+the server date should be later or the same.
+
+If the local machine date is later than the server date, the client
+machine will tell you the the settings on the local machine are more
+recent than those of the server, and would you like to user them instead.
+
+This occurs for a couple of reasons:
+	1. Server not available when the user logs out
+	2. Date mismatch between the server and the client
+	   (I always use NET TIME \\server /SET /YES in my logon scripts)
+
+
+Logging in with NO server available.
+
+In some cases a client will want to log into a network with no server
+available. (Portables away from the office, or a dead server)
+
+This can only happen if the administrator has NOT set the machine to
+give access only upon password verification from the server.
+(If the admin has done this, it can be circumvented by restarting
+ the machine in safe mode, and running poledit, or regedit and
+ disabling that feature)
+
+If you are able to log in while the server is unavailable, you have
+two choices
+	1. Log in as a user that previously stored a profile
+	   (The password won't have to match unless the machine
+	    is set up to store passwords)
+
+	2. log in as the default user (bit the cancel button or escape key)
+
+If you choose to use your profile stored on the local machine, there are
+several things you should be wary of:
+	1. the profile stored on the machine will be a copy of the last
+	   profile used when you logged into THAT machine.  You may get
+	   quite an old profile.
+	2. When you log out, that local profile is garunteed to be later
+	   than the one on the server, and if the server is available, or
+	   you later log into that machine when the server is available
+	   you could overwrite the good server profile with a bogus profile.
+
+
+Technique note:
+	I set portable computers up so that they don't use roaming profiles,
+	rather they have a single profile kept on the machine.  This means
+	that a user has the same desktop look an feel regardless of where
+	they are.   This follows the philosophy that laptops tend to be used
+	by only one person.	
diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt
new file mode 100755
index 00000000000..1f5407eec81
--- /dev/null
+++ b/docs/textdocs/Passwords.txt
@@ -0,0 +1,49 @@
+!==
+!== Passwords.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Unknown
+Date:		Updated April 19th 1999.
+Status:		Current
+
+Subject:	NOTE ABOUT PASSWORDS
+=============================================================================
+
+Unix systems use a wide variety of methods for checking the validity
+of a password. This is primarily controlled with the Makefile defines
+mentioned in the Makefile.
+
+Also note that some clients (notably WfWg) uppercase the password
+before sending it. The server tries the password as it receives it and
+also after lowercasing it.
+
+The Samba server can also be configured to try different
+upper/lowercase combinations. This is controlled by the [global]
+parameter "password level". A level of N means to try all combinations
+up to N uppercase characters in the password. A high value can chew a
+fair bit of CPU time and can lower the security of your system. Do not
+use this options unless you really need it - the time taken for
+password checking can become so high that clients time out. 
+
+If you do use the "password level" option then you might like to use
+-DUFC_CRYPT in your Makefile. On some machine this makes password
+checking _much_ faster. This is also useful if you use the @group
+syntax in the user= option.
+
+If your site uses AFS (the Andrew File System), you can use the AFS section
+in the Makefile.  This will first attempt to authenticate a username and
+password to AFS.  If that succeeds, then the associated AFS rights will be
+granted.  Otherwise, the password checking routine falls back to whatever
+Unix password checking method you are using.  Note that the AFS code is
+only written and tested for AFS 3.3 and later.
+
+
+SECURITY = SERVER or DOMAIN
+===========================
+
+Samba can use a remote server to do its username/password
+validation. This allows you to have one central machine (for example a
+NT box) control the passwords for the Unix box.
+
+See the section on "security =" in smb.conf(5) for details.
+
+
diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt
new file mode 100755
index 00000000000..bdd4cbd59c2
--- /dev/null
+++ b/docs/textdocs/Printing.txt
@@ -0,0 +1,258 @@
+!==
+!== Printing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Unknown <samba@samba.org>
+Revised by:	Patrick Powell <papowell@lprng.org>
+Date:		August 11, 2000
+Status:		Current
+
+Subject:	Dubugging Printing Problems
+=============================================================================
+
+This is a short description of how to debug printing problems with
+Samba. This describes how to debug problems with printing from a SMB
+client to a Samba server, not the other way around. For the reverse
+see the examples/printing directory.
+
+Please send enhancements to this file to samba@samba.org
+
+Ok, so you want to print to a Samba server from your PC. The first
+thing you need to understand is that Samba does not actually do any
+printing itself, it just acts as a middleman between your PC client
+and your Unix printing subsystem. Samba receives the file from the PC
+then passes the file to a external "print command". What print command
+you use is up to you.
+
+The whole things is controlled using options in smb.conf. The most
+relevant options (which you should look up in the smb.conf man page)
+are:
+      [global]
+        print command     - send a file to a spooler
+        lpq command       - get spool queue status
+        lprm command      - remove a job
+      [printers]
+        path = /var/spool/lpd/samba
+
+The following are nice to know about:
+
+        queuepause command   - stop a printer or print queue
+        queueresume command  - start a printer or print queue
+
+Example:
+        print command = /usr/bin/lpr -r -P%p %s
+        lpq command   = /usr/bin/lpq    -P%p %s
+        lprm command  = /usr/bin/lprm   -P%p %j
+        queuepause command = /usr/sbin/lpc -P%p stop
+        queueresume command = /usr/sbin/lpc -P%p start
+
+Samba should set reasonable defaults for these depending on your
+system type, but it isn't clairvoyant. It is not uncommon that you
+have to tweak these for local conditions.  The commands should
+always have fully specified pathnames,  as the smdb may not have
+the correct PATH values.
+
+When you send a job to Samba to be printed,  it will make a temporary
+copy of it in the directory specified in the [printers] section.
+and it should be periodically cleaned out.  The lpr -r option
+requests that the temporary copy be removed after printing; If
+printing fails then you might find leftover files in this directory,
+and it should be periodically cleaned out.  Samba used the lpq
+command to determine the "job number" assigned to your print job
+by the spooler.
+
+The %<letter> are "macros" that get dynamically replaced with appropriate
+values when they are used. The %s gets replaced with the name of the spool
+file that Samba creates and the %p gets replaced with the name of the
+printer. The %j gets replaced with the "job number" which comes from
+the lpq output.
+
+DEBUGGING PRINTER PROBLEMS
+
+One way to debug printing problems is to start by replacing these
+command with shell scripts that record the arguments and the contents
+of the print file. A simple example of this kind of things might
+be:
+
+	print command = /tmp/saveprint %p %s
+
+    #!/bin/saveprint
+    # we make sure that we are the right user
+    /usr/bin/id -p >/tmp/tmp.print
+    # we run the command and save the error messages
+    # replace the command with the one appropriate for your system
+    /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print
+
+Then you print a file and try removing it.  You may find that the
+print queue needs to be stopped in order to see the queue status
+and remove the job:
+
+h4: {42} % echo hi >/tmp/hi
+h4: {43} % smbclient //localhost/lw4
+added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
+Password: 
+Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
+smb: \> print /tmp/hi
+putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
+smb: \> queue
+1049     3            hi-17534
+smb: \> cancel 1049
+Error cancelling job 1049 : code 0
+smb: \> cancel 1049
+Job 1049 cancelled
+smb: \> queue
+smb: \> exit
+
+The 'code 0' indicates that the job was removed.  The comment
+by the  smbclient is a bit misleading on this.
+You can observe the command output and then and look at the
+/tmp/tmp.print file to see what the results are.  You can quickly
+find out if the problem is with your printing system.  Often people
+have problems with their /etc/printcap file or permissions on
+various print queues.
+
+WHAT PRINTERS DO I HAVE
+
+You can use the 'testprns' program to check to see if the printer
+name you are using is recognized by Samba.  For example,  you can
+use:
+
+    testprns printer /etc/printcap
+
+Samba can get its printcap information from a file or from a program.
+You can try the following to see the format of the extracted
+information:
+
+    testprns -a printer /etc/printcap
+
+    testprns -a printer '|/bin/cat printcap'
+
+SETTING UP PRINTCAP AND PRINT SERVERS
+
+You may need to set up some printcaps for your Samba system to use.
+It is strongly recommended that you use the facilities provided by
+the print spooler to set up queues and printcap information.
+
+Samba requires either a printcap or program to deliver printcap
+information.  This printcap information has the format:
+
+  name|alias1|alias2...:option=value:...
+
+For almost all printing systems, the printer 'name' must be composed
+only of alphanumeric or underscore '_' characters.  Some systems also
+allow hyphens ('-') as well.  An alias is an alternative name for the
+printer,  and an alias with a space in it is used as a 'comment'
+about the printer.  The printcap format optionally uses a \ at the end of lines
+to extend the printcap to multiple lines.
+
+
+Here are some examples of printcap files:
+
+pr              just printer name
+pr|alias        printer name and alias
+pr|My Printer   printer name, alias used as comment
+pr:sh:\        Same as pr:sh:cm= testing
+  :cm= \ 
+  testing
+pr:sh           Same as pr:sh:cm= testing
+  :cm= testing
+
+Samba reads the printcap information when first started.  If you make
+changes in the printcap information, then you must do the following:
+
+a)  make sure that the print spooler is aware of these changes.
+    The LPRng system uses the 'lpc reread' command to do this.
+
+b)  make sure that the spool queues, etc., exist and have the
+    correct permissions.  The LPRng system uses the 'checkpc -f'
+    command to do this.
+
+c)  You now should send a SIGHUP signal to the smbd server to have
+    it reread the printcap information.
+
+JOB SENT, NO OUTPUT
+
+This is the most frustrating part of printing.  You may have sent the
+job,  verified that the job was forwarded,  set up a wrapper around
+the command to send the file,  but there was no output from the printer.
+
+First,  check to make sure that the job REALLY is getting to the
+right print queue.  If you are using a BSD or LPRng print spooler,
+you can temporarily stop the printing of jobs.  Jobs can still be
+submitted, but they will not be printed.  Use:
+
+  lpc -Pprinter stop
+
+Now submit a print job and then use 'lpq -Pprinter' to see if the
+job is in the print queue.  If it is not in the print queue then
+you will have to find out why it is not being accepted for printing.
+
+Next, you may want to check to see what the format of the job really
+was.  With the assistance of the system administrator you can view
+the submitted jobs files.  You may be surprised to find that these
+are not in what you would expect to call a printable format.
+You can use the UNIX 'file' utitily to determine what the job
+format actually is:
+
+    cd /var/spool/lpd/printer   # spool directory of print jobs
+    ls                          # find job files
+    file dfA001myhost
+
+You should make sure that your printer supports this format OR that
+your system administrator has installed a 'print filter' that will
+convert the file to a format appropriate for your printer.
+
+JOB SENT, STRANGE OUTPUT
+
+Once you have the job printing, you can then start worrying about
+making it print nicely.
+
+The most common problem is extra pages of output: banner pages
+OR blank pages at the end.
+
+If you are getting banner pages,  check and make sure that the
+printcap option or printer option is configured for no banners.
+If you have a printcap,  this is the :sh (suppress header or banner
+page) option.  You should have the following in your printer.
+
+   printer: ... :sh
+
+If you have this option and are still getting banner pages,  there
+is a strong chance that your printer is generating them for you
+automatically.  You should make sure that banner printing is disabled
+for the printer.  This usually requires using the printer setup software
+or procedures supplied by the printer manufacturer.
+
+If you get an extra page of output,  this could be due to problems
+with your job format,  or if you are generating PostScript jobs,
+incorrect setting on your printer driver on the MicroSoft client.
+For example, under Win95 there is a option:
+
+  Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|
+
+that allows you to choose if a Ctrl-D is appended to all jobs.
+This is a very bad thing to do, as most spooling systems will
+automatically add a ^D to the end of the job if it is detected as
+PostScript.  The multiple ^D may cause an additional page of output.
+
+RAW POSTSCRIPT PRINTED
+
+This is a problem that is usually caused by either the print spooling
+system putting information at the start of the print job that makes
+the printer think the job is a text file, or your printer simply
+does not support PostScript.  You may need to enable 'Automatic
+Format Detection' on your printer.
+
+ADVANCED PRINTING
+
+Note that you can do some pretty magic things by using your
+imagination with the "print command" option and some shell scripts.
+Doing print accounting is easy by passing the %U option to a print
+command shell script. You could even make the print command detect
+the type of output and its size and send it to an appropriate
+printer.
+
+DEBUGGING
+
+If the above debug tips don't help, then maybe you need to bring in
+the bug guns, system tracing. See Tracing.txt in this directory.
+-----------------------------------------------------------------------------
diff --git a/docs/textdocs/README.DCEDFS b/docs/textdocs/README.DCEDFS
new file mode 100755
index 00000000000..da9bb2197da
--- /dev/null
+++ b/docs/textdocs/README.DCEDFS
@@ -0,0 +1,78 @@
+Contributor:	Jim Doyle <doyle@oec.com>
+Date:		06-02-95
+Status:		Current but needs updating
+
+Subject:	Basic DCE/DFS Support for SAMBA 1.9.13
+=============================================================================
+
+Functionality:
+--------------
+	
+	Per-instance authentication for DCE/DFS.
+ 
+Missing Functionality in this Implementation:
+---------------------------------------------
+
+	* No automatic refresh of credentials
+
+	  To do so would not be that hard.. One could simply
+	  stash the clear-text key in memory, spawn a key management
+	  thread to wake up right before credentials expire and
+	  refresh the login context.
+
+	* No UNIX Signals support (SIGCLD, SIGPIPE, SIGHUP, SIGBUS, SIGSEGV)
+
+
+	  There is no support for signal processing in Samba daemons
+	  that need to authenticate with DCE. The explanation for this
+	  is that the smbd is linked against thread-safe libraries in
+	  order to be able to use DCE authentication mechanisms. 
+	  Because smbd uses signal() and fork(), it represents the
+	  worst case scenario for DCE portability. In order
+	  to properly support signals in a forked server environment,
+	  some rework of smbd is needed in order to properly
+	  construct, shutdown and reconstruct asynchronous signal
+	  handling threads and synchronous signal traps across the
+	  parent and child. I have not had contiguous time to work
+	  on it, I expect it to be a weeks worth of work to cleanly
+	  integrate thread-safe signal handing into the code and 
+	  test it. Until I can get to this task, I will leave it up
+	  to someone adventurous enough to engineer it and negotiate
+	  with Andrew to integrate the changes into the mainline branch.
+
+	  The lack of full signal support means that you cannot
+	  rely upon SIGHUP-ing the parent daemon to refresh
+          the configuration data. Likewise, you cannot take advantage
+	  of the builtin SIGBUS/SIGSEGV traps to diagnose failures.
+	  You will have to halt Samba in order to make changes
+	  and then have them take effect.
+
+	  The SMBD server as it stands is suitable to use if you
+	  already have experience with configuring and running
+	  SAMBA.
+
+Tested Platforms:
+-----------------
+
+		HP-UX 9.05 / HP-UX DCE 1.2.1
+		AIX 3.2.5  / AIX DCE/6000 1.3
+		DEC OSF-1 3.0 / DEC DCE 1.3
+
+Building:
+---------
+
+	- Uncomment the the appropriate block in the Makefile
+	  for the platform you wish to build on.
+
+	- Samples of Samba server configuration files for our
+	  DFS environment are included in samples.dcedfs/
+
+
+
+Bugs, Suggestions, etc..
+--------------------------
+
+	Please post them to the mailing list. 
+	That way I will see them and they will become part of 
+	the archives so others can share the knowledge.
+
diff --git a/docs/textdocs/README.NOW b/docs/textdocs/README.NOW
new file mode 100755
index 00000000000..1184a9d057f
--- /dev/null
+++ b/docs/textdocs/README.NOW
@@ -0,0 +1,8 @@
+The files in the directory have either yet to
+converted into SGML/DocBook format or are outdated.
+To create ASCII versions of the documentation
+in the ../htmldocs/ directory, run
+
+	$ lynx -dump file.html > file.txt
+
+
diff --git a/docs/textdocs/README.jis b/docs/textdocs/README.jis
new file mode 100755
index 00000000000..50ff0cced74
--- /dev/null
+++ b/docs/textdocs/README.jis
@@ -0,0 +1,149 @@
+$B!|(B samba $BF|K\8lBP1~$K$D$$$F(B
+
+1. $BL\E*(B
+
+  $BF|K\8lBP1~$O!"(B
+
+    (1) MS-Windows $B>e$G!"4A;z%U%!%$%kL>$r$I$&$7$F$b07$&I,MW$N$"$k%"%W%j%1!<%7%g%s$,$A$c(B
+        $B$s$HF0:n$9$k!#Nc$($P!"(BMS-WORD 5 $B$J$I$O!"%$%s%9%H!<%k;~$K4A;z$N%U%!%$%kL>$r>!<j(B
+        $B$K$D$1$F$7$^$$$^$9!#$3$&$$$C$?>l9g$K$A$c$s$HBP1~$G$-$k$h$&$K$9$k!#(B
+
+    (2) UNIX $B$O!":G6a$G$O$[$H$s$I$N$b$N$,(B 8 bits $B$N%U%!%$%kL>$r%5%]!<%H$7$F$$$^$9$,!"(B
+        $BCf$K$O!"$3$l$r%5%]!<%H$7$F$$$J$$$b$N$b$"$j$^$9!#$3$N$h$&$J>l9g$G$b!"(B(1)$B$NL\E*(B
+        $B$,K~B-$G$-$k$h$&$K$9$k!#(B
+
+  $B$rL\E*$H$7$F$$$^$9!#$=$N$?$a!"F|K\8lBP1~$O!"I,MW:G>.8B$7$+9T$J$C$F$*$j$^$;$s!#(B
+
+  $BF|K\8lBP1~$7$?(B samba $B$rMxMQ$9$k$?$a$K$O!"%3%s%Q%$%k$9$k;~$K!"I,$:!"(BKANJI $B$NDj5A$rDI(B
+  $B2C$7$F$/$@$5$$!#$3$N%*%W%7%g%s$r;XDj$7$F$$$J$$>l9g$O!"F|K\8l$N%U%!%$%kL>$r@5$7$/07(B
+  $B$&$3$H$O$G$-$^$;$s!#!J%3%s%Q%$%k$K$D$$$F$O!"2<5-(B 3. $B$r;2>H$7$F2<$5$$!K(B
+
+2. $BMxMQJ}K!(B
+
+(1) $BDI2C$7$?%Q%i%a!<%?(B
+
+  smb.conf $B%U%!%$%k$N(B global $B%;%/%7%g%s$K0J2<$N%Q%i%a!<%?$r@_Dj$G$-$k$h$&$K$7$^$7$?!#(B
+
+    [global]
+     ....
+     coding system = <$B%3!<%I7O(B>
+
+  $B$3$3$G;XDj$5$l$?%3!<%I7O$,(B UNIX $B>e$N%U%!%$%k%7%9%F%`$N%U%!%$%kL>$N%3!<%I$K$J$j$^$9!#(B
+  $B@_Dj$G$-$k$b$N$O!"<!$N$h$&$K$J$C$F$$$^$9!#(B
+
+    sjis:  SHIFT JIS (MS $B4A;z%3!<%I(B) 
+    euc:   EUC $B%3!<%I(B
+    hex:  7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$G$9!#Nc$($P!"(B
+	  '$B%*%U%#%9(B' $B$H$$$&L>A0$O!"(B':83:49:83:74:83:42:83:58' $B$N$h$&$K!"(B':' $B$N8e$K#27e(B
+          $B$N(B16$B?J?t$rB3$1$k7A<0$K$J$j$^$9!#(B
+	  $B$3$3$G!"(B':' $B$rB>$NJ8;z$KJQ99$7$?$$>l9g$O!"(Bhex $B$N8e$m$K$=$NJ8;z$r;XDj$7$^$9!#(B
+          $BNc$($P!"(B@$B$rJQ$o$j$K;H$$$?$$>l9g$O!"(B'hex@'$B$N$h$&$K;XDj$7$^$9!#(B
+    cap:  7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$H$$$&E@$G$O(B
+          hex$B$HF1MM$G$9$,!"(BCAP (The Columbia AppleTalk Package)$B$H8_49@-$r;}$DJQ49(B
+          $BJ}<0$H$J$C$F$$$^$9!#(Bhex$B$H$N0c$$$O(B0x80$B0J>e$N%3!<%I$N$_(B':80'$B$N$h$&$KJQ49(B
+          $B$5$l!"$=$NB>$O(BASCII$B%3!<%I$G8=$5$l$^$9!#(B
+          $BNc$($P!"(B'$B%*%U%#%9(B'$B$H$$$&L>A0$O!"(B':83I:83t:83B:83X'$B$H$J$j$^$9!#(B
+
+    JIS $B%3!<%I$K$D$$$F$O!"0J2<$NI=$r;2>H$7$F2<$5$$!#(B
+    $B(#(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(!(!(!(!(!($(B
+    $B(";XDj(B  $B("4A;z3+;O("4A;z=*N;("%+%J3+;O("%+%J=*N;("1Q?t3+;O("Hw9M(B              $B("(B
+    $B('(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(!(!(!(!(!()(B
+    $B("(Bjis7  $B("(B\E$B    $B("(B\E(J    $B("(B0x0e    $B("(B0x0f    $B("(B\E(J    $B("(Bjis 7$BC10LId9f(B     $B("(B
+    $B("(Bjunet $B("(B\E$B    $B("(B\E(J    $B("(B\E(I    $B("(B\E(J    $B("(B\E(J    $B("(B7bits $B%3!<%I(B      $B("(B
+    $B("(Bjis8  $B("(B\E$B    $B("(B\E(J    $B("(B--      $B("(B--      $B("(B\E(J    $B("(Bjis 8$BC10LId9f(B     $B("(B
+    $B("(Bj7bb  $B("(B\E$B    $B("(B\E(B    $B("(B0x0e    $B("(B0x0f    $B("(B\E(B    $B("(B                  $B("(B
+    $B("(Bj7bj  $B("(B\E$B    $B("(B\E(J    $B("(B0x0e    $B("(B0x0f    $B("(B\E(J    $B("(Bjis7$B$HF1$8(B        $B("(B
+    $B("(Bj7bh  $B("(B\E$B    $B("(B\E(H    $B("(B0x0e    $B("(B0x0f    $B("(B\E(H    $B("(B                  $B("(B
+    $B("(Bj7@b  $B("(B\E$@    $B("(B\E(B    $B("(B0x0e    $B("(B0x0f    $B("(B\E(B    $B("(B                  $B("(B
+    $B("(Bj7@j  $B("(B\E$@    $B("(B\E(J    $B("(B0x0e    $B("(B0x0f    $B("(B\E(J    $B("(B                  $B("(B
+    $B("(Bj7@h  $B("(B\E$@    $B("(B\E(H    $B("(B0x0e    $B("(B0x0f    $B("(B\E(H    $B("(B                  $B("(B
+    $B("(Bj8bb  $B("(B\E$B    $B("(B\E(B    $B("(B--      $B("(B--      $B("(B\E(B    $B("(B                  $B("(B
+    $B("(Bj8bj  $B("(B\E$B    $B("(B\E(J    $B("(B--      $B("(B--      $B("(B\E(J    $B("(Bjis8$B$HF1$8(B        $B("(B
+    $B("(Bj8bh  $B("(B\E$B    $B("(B\E(H    $B("(B--      $B("(B--      $B("(B\E(H    $B("(B                  $B("(B
+    $B("(Bj8@b  $B("(B\E@@    $B("(B\E(B    $B("(B--      $B("(B--      $B("(B\E(B    $B("(B                  $B("(B
+    $B("(Bj8@j  $B("(B\E$@    $B("(B\E(J    $B("(B--      $B("(B--      $B("(B\E(J    $B("(B                  $B("(B
+    $B("(Bj8@h  $B("(B\E$@    $B("(B\E(H    $B("(B--      $B("(B--      $B("(B\E(H    $B("(B                  $B("(B
+    $B("(Bjubb  $B("(B\E$B    $B("(B\E(B    $B("(B\E(I    $B("(B\E(B    $B("(B\E(B    $B("(B                  $B("(B
+    $B("(Bjubj  $B("(B\E$B    $B("(B\E(J    $B("(B\E(I    $B("(B\E(J    $B("(B\E(J    $B("(Bjunet$B$HF1$8(B       $B("(B
+    $B("(Bjubh  $B("(B\E$B    $B("(B\E(H    $B("(B\E(I    $B("(B\E(H    $B("(B\E(H    $B("(B                  $B("(B
+    $B("(Bju@b  $B("(B\E$@    $B("(B\E(B    $B("(B\E(I    $B("(B\E(B    $B("(B\E(B    $B("(B                  $B("(B
+    $B("(Bju@j  $B("(B\E$@    $B("(B\E(J    $B("(B\E(I    $B("(B\E(J    $B("(B\E(J    $B("(B                  $B("(B
+    $B("(Bju@h  $B("(B\E$@    $B("(B\E(H    $B("(B\E(I    $B("(B\E(H    $B("(B\E(H    $B("(B                  $B("(B
+    $B(&(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(!(!(!(!(!(%(B
+    
+    $B$$$:$l$N>l9g$b!"$9$G$KB8:_$7$F$$$kL>A0$KBP$7$F$O!"4A;z$N3+;O=*N;%7!<%1%s%9$O!"0J2<(B
+    $B$N$b$N$rG'<1$7$^$9!#(B
+	 $B4A;z$N;O$^$j(B: \E$B  $B$+(B  \E$@
+         $B4A;z$N=*$j(B:  \E(J  $B$+(B \E(B $B$+(B \E(H
+    
+(2) smbclient $B$N%*%W%7%g%s(B
+
+  $B%/%i%$%"%s%H%W%m%0%i%`$G$b!"4A;z$d2>L>$r4^$s$@%U%!%$%k$r07$($k$h$&$K!"<!$N%*%W%7%g%s(B
+  $B$rDI2C$7$^$7$?!#(B
+
+    -t <$B%?!<%_%J%k%3!<%I7O(B>
+
+  $B$3$3$G!"(B<$B%?!<%_%J%k%3!<%I7O(B>$B$K;XDj$G$-$k$b$N$O!">e$N(B<$B%3!<%I7O(B>$B$HF1$8$b$N$G$9!#(B
+
+(3) $B%G%U%)%k%H(B
+
+  $B%G%U%)%k%H$N%3!<%I7O$O!"%3%s%Q%$%k;~$K7h$^$j$^$9!#(B
+
+3. $B%3%s%Q%$%k;~$N@_Dj(B
+
+  Makefile $B$K@_Dj$9$k9`L\$r0J2<$K<($7$^$9!#(B
+
+(1) KANJI $B%U%i%0(B
+
+  $B%3%s%Q%$%k%*%W%7%g%s$K(B -DKANJI=\"$B%3!<%I7O(B\" $B$r;XDj$7$^$9!#$3$N%3!<%I7O$O(B 2. $B$G;X(B
+  $BDj$9$k$b$N$HF1$8$G$9!#Nc$($P!"(B-DKANJI=\"euc\" $B$r(BFLAGSM $B$K@_Dj$9$k$H(B UNIX $B>e$N%U%!(B
+  $B%$%kL>$O!"(BEUC $B%3!<%I$K$J$j$^$9!#$3$3$G;XDj$7$?%3!<%I7O$O!"%5!<%P5Z$S%/%i%$%"%s%H(B
+  $B%W%m%0%i%`$N%G%U%)%k%H$KCM$J$j$^$9!#(B
+
+  $B>0!"%*%W%7%g%sCf$N(B \ $B$d(B " $B$bK:$l$:$K;XDj$7$F2<$5$$!#(B
+
+3. $B@)8B;v9`(B
+
+(1) $B4A;z%3!<%I(B
+  smbd $B$rF0:n$5$;$k%[%9%H$N(B UNIX $B$,%5%]!<%H$7$F$$$J$$4A;z%3!<%I$O!"MxMQ$G$-$J$$$3$H$,(B
+  $B$"$j$^$9!#JQ$JF0:n$r$9$k$h$&$J$i(B hex $B$N;XDj$r$9$k$N$,NI$$$G$7$g$&!#(B
+
+(2) smbclient $B%3%^%s%I(B
+  $B%7%U%H%3!<%I$J$I$N4X78$G!"4A;z$d2>L>$r4^$s$@%U%!%$%kL>$N(B ls $B$NI=<($,Mp$l$k$3$H$,$"$j(B
+  $B$^$9!#(B
+
+(3) $B%o%$%k%I%+!<%I$K$D$$$F(B
+  $B$A$c$s$H$7$?%9%Z%C%/$,$h$/$o$+$i$J$+$C$?$N$G$9$,!"0l1~!"(BDOS/V $B$NF0:n$HF1$8F0:n$r9T$J(B
+  $B$&$h$&$K$J$C$F$$$^$9!#(B
+
+(4) $B%m%s%0%U%!%$%kL>$K$D$$$F(B
+  Windows NT/95 $B$G$O!"%m%s%0%U%!%$%kL>$,07$($^$9!#%m%s%0%U%!%$%kL>$r(B 8.3 $B%U%)!<%^%C%H(B
+  $B$G07$&$?$a$K!"(Bmangling $B$7$F$$$^$9$,!"$3$NJ}K!$O!"(BNT $B$d(B 95 $B$,9T$J$C$F$$$k(B mangling $B$H(B
+  $B$O0[$J$j$^$9$N$GCm0U$7$F2<$5$$!#(B
+
+4. $B>c32Ey$N%l%]!<%H$K$D$$$F(B
+
+  $BF|K\8l$N%U%!%$%kL>$K4X$7$F!"J8;z2=$1Ey$N>c32$,$"$l$P!";d$K%l%]!<%H$7$FD:$1$l$P9,$$$G(B
+$B$9!#$?$@$7!"%*%j%8%J%k$+$i$NLdBjE@$d<ALd$K$D$$$F$O!"%*%j%8%J%k$N:n<T$XD>@\Ld$$9g$o$;$k(B
+$B$+!"$b$7$/$O%a!<%j%s%0%j%9%H$J$I$X%l%]!<%H$9$k$h$&$K$7$F2<$5$$!#(B
+
+$B%l%]!<%H$5$l$k>l9g!"MxMQ$5$l$F$$$k4D6-(B(UNIX $B5Z$S(B PC $BB&$N(BOS$B$J$I(B)$B$H$G$-$^$7$?$i@_Dj%U%!(B
+$B%$%k$d%m%0$J$I$rE:IU$7$FD:$1$k$H9,$$$G$9!#(B
+
+5. $B$=$NB>(B
+
+  $B%3!<%IJQ49$O0J2<$NJ}!9$,:n$i$l$?%W%m%0%i%`$rMxMQ$7$F$$$^$9!#(B
+
+  hex $B7A<0(B       $BBgLZ!wBgDM!&C^GH(B <ohki@gssm.otsuka.tsukuba.ac.jp>$B;a(B
+  cap $B7A<0(B       $BI%ED(B $BF;O:(B (michiro@po.iijnet.or.jp)(michiro@dms.toppan.co.jp)$B;a(B
+
+  $B$=$NB>!"$?$/$5$s$NJ}!9$+$i$$$m$$$m$H8f65<($$$?$@$-$"$j$,$H$&$4$6$$$^$7$?!#:#8e$H$b$h(B
+$B$m$7$/$*4j$$CW$7$^$9!#(B
+
+1994$BG/(B10$B7n(B28$BF|(B $BBh#1HG(B
+1995$BG/(B 8$B7n(B16$BF|(B $BBh#2HG(B
+1995$BG/(B11$B7n(B24$BF|(B $BBh#3HG(B
+1996$BG/(B 5$B7n(B13$BF|(B $BBh#4HG(B
+
+$BF#ED(B $B?r(B  fujita@ainix.isac.co.jp
+
diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar
new file mode 100755
index 00000000000..af7250c2a49
--- /dev/null
+++ b/docs/textdocs/README.sambatar
@@ -0,0 +1,23 @@
+Contributor/s:	Martin.Kraemer <Martin.Kraemer@mch.sni.de>
+                and Ricky Poulten (ricky@logcam.co.uk)
+Date:		Unknown - circa 1994
+Status:		Obsoleted - smbtar has been a stable part of Samba
+		since samba-1.9.13
+
+Subject:	Sambatar (now smbtar)
+=============================================================================
+
+This is version 1.4 of my small extension to samba that allows PC shares
+to be backed up directly to a UNIX tape. It only has been tested under
+Solaris 2.3, Linux 1.1.59 and DG/UX 5.4r3.10 with version 1.9.13 of samba.
+
+See the file INSTALL for installation instructions, and
+the man page and NOTES file for some basic usage. Please let me know if you
+have any problems getting it to work under your flavour of Unix.
+
+This is only (yet another) intermediate version of sambatar.
+This version also comes with an extra gift, zen.bas, written in
+microsoft qbasic by a colleague. It is (apparently) based on a 70s
+British sci-fi series known as Blake's 7. If you have any questions
+about this program, or any suggestions (e.g. what about servillan.bas
+?), feel free to mail the author (of zen.bas) greenm@lilhd.logica.com.
diff --git a/docs/textdocs/Recent-FAQs.txt b/docs/textdocs/Recent-FAQs.txt
new file mode 100755
index 00000000000..6e614abed1a
--- /dev/null
+++ b/docs/textdocs/Recent-FAQs.txt
@@ -0,0 +1,289 @@
+!==
+!== Recent-FAQs.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Samba-bugs@samba.org
+Date:		July 5, 1998
+Status:		Current
+
+=============================================================================
+Subject: Recent FAQ answers to common questions / problems
+=============================================================================
+Contents:	NetWkstaUserLogon
+		Not listening for calling name
+		System Error 1240
+		Trapdoor UID
+		User Access Control
+		Using NT to Browse Samba Shares
+		setup.exe and 16 bit programs
+		smbclient -N
+
+NetWkstaUserLogon
+=================
+FAQ answer about the new password server code:
+
+In 1.9.18 you can disable the NetWkstaUserLogon call at compile time
+in local.h and from 1.9.18p3 you can now disable it from an option in
+your smb.conf.
+
+The password server behaviour changed because we discovered that bugs
+in some NT servers allowed anyone to login with no password if they
+chose an account name that did not exist on the password server. The 
+NT password server was saying "yes, it's OK to login" even when the 
+account didn't exist at all! Adding the NetWkstaUserLogon call fixed 
+the problem, and follows the "recommended" method that MS have 
+recently documented for pass through authentication.
+
+The problem now is that some NT servers (in particular NT
+workstation?) don't support the NetWkstaUserLogon call. The call also
+doesn't work for accounts in trust relationships.
+
+The eventual solution for this will be to replace the password server
+code in Samba with NT domain code as that is developed. For now you 
+have the choice of compiling Samba either with or without the 
+NetWkstaUserLogon call in the password server code.
+
+In 1.9.18p3 the following was added (copied from the 1.9.18p3 release
+notes):
+
+In the [global] section of smb.conf :
+
+networkstation user login
+
+This code (submitted by Rob Nielsen) allows the code many people 
+were having problems with that queries an NT password server to 
+be turned off at runtime rather than compile time. Please see the 
+documentation in the smb.conf manual page for details. This is a 
+security option - it must only be turned off after checks have been
+made to ensure that your NT password server does not suffer from the
+bug this code was meant to protect against !
+
+In 1.9.18 you can enable/disable this call in local.h. In 1.9.17p5
+you could apply the following patch. Applying this patch will make
+the password server code behave like the code in earlier versions
+of Samba. If you do this then please ensure that you test to see
+that users are prevented from logging in if they give a bogus 
+username/password. You may have a NT server that is affected by the
+bug that this code is designed to avoid.
+
+
+--- password.c	1997/10/21 10:09:28	1.25.2.4
++++ password.c	1997/12/31 06:43:06
+@@ -1619,6 +1619,7 @@
+ 	}
+ 
+ 
++#if 0
+ 	if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
+ 		DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
+ 		cli_tdis(&cli);
+@@ -1638,6 +1639,7 @@
+ 		cli_tdis(&cli);
+ 		return False;
+ 	}
++#endif
+ 
+ 	DEBUG(3,("password server %s accepted the password\n", cli.desthost));
+===============================================================================
+
+Not listening for calling name
+==============================
+
+> Session request failed (131,129) with myname=HOBBES destname=CALVIN
+> Not listening for calling name
+
+If you get this when talking to a Samba box then it means that your
+global "hosts allow" or "hosts deny" settings are causing the Samba 
+server to refuse the connection. 
+
+Look carefully at your "hosts allow" and "hosts deny" lines in the
+global section of smb.conf. 
+
+It can also be a problem with reverse DNS lookups not functioning 
+correctly, leading to the remote host identity not being able to
+be confirmed, but that is less likely.
+===============================================================================
+
+System Error 1240
+=================
+System error 1240 means that the client is refusing to talk
+to a non-encrypting server. Microsoft changed WinNT in service
+pack 3 to refuse to connect to servers that do not support
+SMB password encryption.
+
+There are two main solutions:
+
+1) enable SMB password encryption in Samba. See ENCRYPTION.txt in the 
+Samba docs
+
+2) disable this new behaviour in NT. See WinNT.txt in the 
+Samba docs
+===============================================================================
+
+Trapdoor UID
+============
+> Log message "you appear to have a trapdoor uid system" 
+
+This can have several causes. It might be because you are using a uid
+or gid of 65535 or -1. This is a VERY bad idea, and is a big security
+hole. Check carefully in your /etc/passwd file and make sure that no
+user has uid 65535 or -1. Especially check the "nobody" user, as many
+broken systems are shipped with nobody setup with a uid of 65535.
+
+It might also mean that your OS has a trapdoor uid/gid system :-)
+
+This means that once a process changes effective uid from root to
+another user it can't go back to root. Unfortunately Samba relies on
+being able to change effective uid from root to non-root and back
+again to implement its security policy. If your OS has a trapdoor uid
+system this won't work, and several things in Samba may break. Less
+things will break if you use user or server level security instead of
+the default share level security, but you may still strike
+problems.
+
+The problems don't give rise to any security holes, so don't panic,
+but it does mean some of Samba's capabilities will be unavailable.
+In particular you will not be able to connect to the Samba server as
+two different uids at once. This may happen if you try to print as a
+"guest" while accessing a share as a normal user. It may also affect
+your ability to list the available shares as this is normally done as
+the guest user.
+
+Complain to your OS vendor and ask them to fix their system.
+
+Note: the reason why 65535 is a VERY bad choice of uid and gid is that
+it casts to -1 as a uid, and the setreuid() system call ignores (with
+no error) uid changes to -1. This means any daemon attempting to run
+as uid 65535 will actually run as root. This is not good!
+===============================================================================
+
+User Access Control
+===================
+> In windows when i set up a share in "user mode" i get the message:
+>  "You cannot view the list of users at this time. Please try again later."
+> 
+> I know you have lists of users for access and aliasing purposes, but i
+> have read nothing to support the idea that these lists control the Domain
+> Users List...
+
+Samba does NOT at this time support user mode access control for Window 9x
+of for NT. This is a priority item and requires full implementation of the NT SMB 
+protocol calls. Samba-1.9.19 will go into alpha in about 2 months time and will
+have a more full implementation of the NT SMB protocols to support Domain Client
+interoperability. When we can see that this has been succesful we wil then implement
+the NT SMB Server components. This will probably be released as Samba-2.0
+
+Samba-1.9.18p5 is scheduled to go out within 14 days. This will close off the 1.9.18
+branch and then opens the way to progress 1.9.19.
+
+I hope this answers your concerns adequately.
+===============================================================================
+
+Using NT to Browse Samba Shares
+===============================
+> WIN-NT workstations (nt4.0, service pack 3) 
+> samba with
+>   security = user
+>   encrypt passwords = yes
+>   guest account = guest
+> 
+> start the explorer on a win-nt workstation and select network. I find
+> my unix server running samba, but I can not see the list of shares 
+> unless I am  a user, who is known in the smbpasswd of the unix machine.
+> The guest account "guest" exists on my unix machine. For testing I even
+> made him a regular user with a password.
+>
+> With my network monitor I can see, that the win-nt workstation uses the
+> current login, to connect to IPC$ on the samba server 
+> (for example "administrator"), not the guest account.
+
+This is exactly how Windows NT works. You MUST have a valid account on the Windows
+NT box you are trying to see the resource list on. If your currently logged in
+account details do NOT match an account on the NT machine you are trying to access
+then you will be presented with a logon box for that machine. When you enter the
+name of an account on that machine / domain, together with a valid password then
+the resource list is made available. If the account details are not correct then
+no resource list is shown.
+
+Samba follows the behaviour of Windows NT exactly.
+
+Warning:Warning:Warning:
+========================
+Samba can be compiled with the GUEST_SESSION_SETUP option at 0,1 or 2.
+The default is 0. If this is set to 1 or 2 then Windows NT machines that DO NOT
+have an account on the Samba server will see the resource list. The down side of this
+is that legitimate users may then be refused access to their legitimate resources.
+Setting this option creates serious security holes. DO NOT DO IT. Samba has the
+value of this option set at 0 - NOT WITHOUT REASON!!!!
+
+******> Warning:Warning:Warning: ****> Do not tamper with this setting!!!
+===============================================================================
+
+setup.exe and 16 bit programs
+=============================
+Running 16 bit programs from Windows NT on a Samba mapped drive
+---------------------------------------------------------------
+
+The Windows NT redirector has a bug when running against a 
+Samba or Windows 95 mapped drive and attempting to run a
+16 bit executable.
+
+The problem occurs when the pathname to a 16 bit executable
+contains a non 8.3 filename complient directory component,
+Windows NT will fail to load the program and complain it
+cannot find the path to the program.
+
+It can be verified that this is a bug in Windows NT and
+not Samba as the same problem can be reproduced exactly
+when attempting to run the same program with the same
+pathname from a Windows 95 server (ie. the problem still
+exists even with no Samba server involved).
+
+Microsoft have been made aware of this problem, it is
+unknown if they regard it as serious enough to provide
+a fix for this.
+
+One of the reasons this problem is reported frequently
+is that InstallShield setup.exe executables are frequently
+written as 16 bit programs, and so hit this problem.
+
+As a workaround, you may create (on a Samba server at
+least) a symbolic link with an 8.3 complient name to 
+the non 8.3 complient directory name, and then the 16
+bit program will run. Alternatively, use the 8.3
+complient mangled name to specify the path to run
+the binary.
+
+This will be fixed when Samba adds the NT-specific
+SMB calls (currently targeted for the next major
+Samba release), as once the NT SMB calls are used
+this problem no longer occurs (which is why the
+problem doesn't occur when running against a drive
+mapped to a Windows NT server).
+
+Regards,
+
+	Jeremy Allison.
+	Samba Team.
+===============================================================================
+
+smbclient -N
+============
+> When getting the list of shares available on a host using the command
+>   smbclient -N -L <server>
+> the program always prompts for the password if the server is a Samba server.
+> It also ignores the "-N" argument when querying some (but not all) of our
+> NT servers.
+
+No, it does not ignore -N, it is just that your server rejected the 
+null password in the connection, so smbclient prompts for a password
+to try again.
+
+To get the behaviour that you probably want use 
+	smbclient -L host -U%
+
+this will set both the username and password to null, which is
+an anonymous login for SMB. Using -N would only set the password
+to null, and this is not accepted as an anonymous login for most
+SMB servers.
+===============================================================================
+
diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt
new file mode 100755
index 00000000000..aea9fd77db7
--- /dev/null
+++ b/docs/textdocs/RoutedNetworks.txt
@@ -0,0 +1,66 @@
+!==
+!== RoutedNetworks.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+#NOFNR Flag in LMHosts to Communicate Across Routers
+
+  Last reviewed: May 5, 1997 
+  Article ID: Q103765 
+  The information in this article applies to: 
+
+       Microsoft Windows NT operating system version 3.1 
+       Microsoft Windows NT Advanced Server version 3.1 
+
+  SUMMARY
+
+  Some of the LAN Manager for UNIX and Pathworks servers may have
+problems in communicating across routers with
+  Windows NT workstations. The use of #NOFNR flag in the LMHosts
+file solves the problem. 
+
+  MORE INFORMATION
+
+  When you are communicating with a server across a router in a IP
+routed environment, the LMHosts file is used to
+  resolve Workstation name-to-IP address mapping. The LMHosts
+entry for a remote machine name provides the IP
+  address for the remote machine. In Lan Manager 2.x, providing
+the LMHosts entry eliminates the need to do a Name
+  Query broadcast to the local domain and instead a TCP session is
+established with the remote machine. Windows NT
+  performs the same function in a different way. 
+
+  When an LMHosts entry exists for a remote server, Windows NT
+will not send a Name Query broadcast to the local
+  subnet and instead send a directed Name Query to the remote
+server. If the remote server does not respond to the Name
+  Query, further communications (TCP SYN, and so on) will not take
+place. This was done to eliminate the performance
+  issues when trying to connect to a remote machine when it was
+not available (down). 
+
+  Some of the older LAN Manager for UNIX and DEC Pathworks servers
+do not respond to directed Name Queries sent
+  by Windows NT. In that case, the users will see an error 53
+(Path not found), even though they have specified the
+  LMHosts entries correctly. A new LMHosts flag #NOFNR was added
+to solve this problem. By specifying the
+  #NOFNR flag on the same line where the name resolution
+information for the server is provided, the directed Name
+  Query can be avoided. For example: 
+
+     130.20.1.1   mylmxserver   #PRE  #NOFNR
+
+
+  Note that this will only apply to mylmxserver and not to any
+other entries in the LMHosts file. To set
+  a global flag, an entry could be added in the registry. To
+completely remove any directed Name
+  Queries sent from a Windows NT machine, create the following
+value in
+ 
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbt\Parameters: 
+
+     NoDirectedFNR   REG_DWORD   1
+
+
+  This will cause the directed Name Queries to not go out for any
diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt
new file mode 100755
index 00000000000..9d10d6b233e
--- /dev/null
+++ b/docs/textdocs/SCO.txt
@@ -0,0 +1,22 @@
+!==
+!== SCO.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Geza Makay <makayg@math.u-szeged.hu>
+Date:		Unknown
+Status:		Obsolete - Dates to SCO Unix v3.2.4 approx.
+
+Subject:	TCP/IP Bug in SCO Unix
+============================================================================
+
+There is an annoying TCPIP bug in SCO Unix. This causes corruption when
+transferring files with Samba.
+
+Geza Makay (makayg@math.u-szeged.hu) sends this information:
+
+The patch you need is UOD385 Connection Drivers SLS. It is available from
+SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).
+
+You do not need anything else but the above patch. It installs in seconds,
+and corrected the Excel problem. We also had some other minor problems (not
+only with Samba) that disappeared by installing this patch.
+
diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes
new file mode 100755
index 00000000000..679d776f56c
--- /dev/null
+++ b/docs/textdocs/SMBTAR.notes
@@ -0,0 +1,46 @@
+Contributor:	Unknown
+Date:		1994
+Status:		Mostly Current - refer man page
+
+Subject:	Smbtar
+============================================================================
+
+Intro
+-----
+
+sambatar is just a small extension to the smbclient program distributed with
+samba. A basic front end shell script, smbtar, is provided as an interface
+to the smbclient extensions.
+
+Extensions
+----------
+
+This release adds the following extensions to smbclient,
+
+tar [c|x] filename
+  creates or restores from a tar file. The tar file may be a tape
+or a unix tar file. tar's behaviour is modified with the newer and tarmode
+commands.
+
+tarmode [full|inc|reset|noreset]
+  With no arguments, tarmode prints the current tar mode (by default full,
+noreset). In full mode, every file is backed up during a tar command.
+In incremental, only files with the dos archive bit set are backed up.
+The archive bit is reset if in reset mode, or left untouched if in noreset.
+In reset mode, the share has to be writable, which makes sambatar even
+less secure. An alternative might be to use tarmode inc noreset which
+would implement an "expanding incremental" backup (which some may prefer
+anyway).
+
+setmode <setmode string> filename
+  This is a "freebie" - nothing really to do with sambatar. This 
+is a crude attrib like command (only the other way around). Setmode string
+is a combination of +-rhsa. So for example -rh would reset the read only
+bit on filename.
+
+newer filename
+  This is in fact part of the 1.9.13 samba distribution, but comes
+into its own with sambatar. This causes tar (or get, mget, etc) to
+only copy files newer than the specified file name. Could be used
+against the previous nights (or whatever) log file to implement incremental
+backups.
diff --git a/docs/textdocs/Samba-OpenSSL.txt b/docs/textdocs/Samba-OpenSSL.txt
new file mode 100755
index 00000000000..44a5fee96e2
--- /dev/null
+++ b/docs/textdocs/Samba-OpenSSL.txt
@@ -0,0 +1,408 @@
+!==
+!== SSLeay.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor: Christian Starkjohann <cs@obdev.at>
+Date:        May 29, 1998
+Status:      
+
+Comment: Updated by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+Date:	 July 16, 2001
+
+Subject:     Compiling and using samba with SSL support
+============================================================================
+
+What is SSL and SSLeay/OpenSSL?
+===============================
+SSL (Secure Socket Layer) is a protocol for encrypted and authenticated data
+transport. It is used by secure web servers for shopping malls, telebanking
+and things like that.
+
+SSLeay is a free implementation of the SSL protocol. The successor of it is
+OpenSSL, available from
+
+    http://www.openssl.org/
+
+The current version while these lines are written is 0.9.6b. In some countries
+encryption is plagued by legal problems, even though things have relaxed a
+lot in the last years.
+
+To compile samba with SSL support, you must first compile and install OpenSSL.
+At least version 0.9.5 of OpenSSL is required. Version 0.9.6b is the latest
+version and is strongly recommended.
+OpenSSL consists of a library (which can be linked to other applications like
+samba) and several utility programs needed for key generation, certification
+etc. OpenSSL installs to /usr/local/ssl/ by default.
+
+
+Compiling samba with OpenSSL
+============================
+1. Get and install OpenSSL. The rest of this documentation assumes that you
+   have installed it at the default location, which is /usr/local/ssl/.
+2. Call "configure" with the "--with-ssl" flag. If OpenSSL is not installed in
+   the default directory, you can use the "--with-sslinc" and "--with-ssllib"
+   flags to specify the location.
+3. Compile and install as usual.
+
+
+Configuring SSL in samba
+========================
+Before you configure SSL, you should know the basics of cryptography and how
+SSL relates to all of this. A basic introduction can be found further down in
+this document. The following variables in the "[global]" section of the
+configuration file are used to configure SSL:
+
+ssl                     = yes
+   This variable enables or disables the entire SSL mode. If it is set to
+   "no", the SSL enabled samba behaves exactly like the non-SSL samba. If set
+   to "yes", it depends on the variables "ssl hosts" and "ssl hosts resign"
+   whether an SSL connection will be required.
+ssl hosts               = 
+ssl hosts resign        = 192.168.
+   These two variables define whether samba will go into SSL mode or not. If
+   none of them is defined, samba will allow only SSL connections. If the
+   "ssl hosts" variable lists hosts (by IP-address, IP-address range, net
+   group or name), only these hosts will be forced into SSL mode. If the
+   "ssl hosts resign" variable lists hosts, only these hosts will NOT be
+   forced into SSL mode. The syntax for these two variables is the same as
+   for the "hosts allow" and "hosts deny" pair of variables, only that the
+   subject of the decision is different: It's not the access right but
+   whether SSL is used or not. See the man page of smb.conf (section about
+   "allow hosts") for details. The above example requires SSL connections
+   from all hosts outside the local net (which is 192.168.*.*).
+ssl CA certDir          = /usr/local/ssl/certs
+   This variable defines where to look up the Certification Autorities. The
+   given directory should contain one file for each CA that samba will trust.
+   The file name must be the hash value over the "Distinguished Name" of the
+   CA. How this directory is set up is explained later in this document. All
+   files within the directory that don't fit into this naming scheme are
+   ignored. You don't need this variable if you don't verify client
+   certificates.
+ssl CA certFile         = /usr/local/ssl/certs/trustedCAs.pem
+   This variable is a second way to define the trusted CAs. The certificates
+   of the trusted CAs are collected in one big file and this variable points
+   to the file. You will probably only use one of the two ways to define your
+   CAs. The first choice is preferable if you have many CAs or want to be
+   flexible, the second is perferable if you only have one CA and want to
+   keep things simple (you won't need to create the hashed file names). You
+   don't need this variable if you don't verify client certificates.
+ssl server cert         = /usr/local/ssl/certs/samba.pem
+   This is the file containing the server's certificate. The server _must_
+   have a certificate. The file may also contain the server's private key.
+   See later for how certificates and private keys are created.
+ssl server key          = /usr/local/ssl/private/samba.pem
+   This file contains the private key of the server. If this variable is not
+   defined, the key is looked up in the certificate file (it may be appended
+   to the certificate). The server _must_ have a private key and the
+   certificate _must_ match this private key.
+ssl client cert         = /usr/local/ssl/certs/smbclient.pem
+   The certificate in this file is used by smbclient if it exists. It's needed
+   if the server requires a client certificate.
+ssl client key          = /usr/local/ssl/private/smbclient.pem
+   This is the private key for smbclient. It's only needed if the client
+   should have a certificate.
+ssl require clientcert  = yes
+   If this variable is set to "yes", the server will not tolerate connections
+   from clients that don't have a valid certificate. The directory/file
+   given in "ssl CA certDir" and "ssl CA certFile" will be used to look up
+   the CAs that issued the client's certificate. If the certificate can't be
+   verified positively, the connection will be terminated.
+   If this variable is set to "no", clients don't need certificates. Contrary
+   to web applications you really _should_ require client certificates. In
+   the web environment the client's data is sensitive (credit card numbers)
+   and the server must prove to be trustworthy. In a file server environment
+   the server's data will be sensitive and the clients must prove to be
+   trustworthy.
+ssl require servercert  = yes
+   If this variable is set to "yes", the smbclient will request a certificate
+   from the server. Same as "ssl require clientcert" for the server.
+ssl ciphers             = ???
+   This variable defines the ciphers that should be offered during SSL
+   negotiation. You should not set this variable unless you know what you do.
+ssl version             = ssl2or3
+   This enumeration variable defines the versions of the SSL protocol that
+   will be used. "ssl2or3" allows dynamic negotiation of SSL v2 or v3, "ssl2"
+   results SSL v2, "ssl3" results in SSL v3 and "tls1" results in TLS v1. TLS
+   (Transport Layer Security) is the (proposed?) new standard for SSL. The
+   default value is "ssl2or3".
+ssl compatibility       = no
+   This variable defines whether SSLeay should be configured for bug
+   compatibility with other SSL implementations. This is probably not
+   desirable because currently no clients with SSL implementations other than
+   SSLeay exist.
+ssl entropy file        =
+   Specifies a file from which processes will read "random bytes" on startup.
+   In order to seed the internal pseudo random number generator, entropy
+   must be provided. On system with a /dev/urandom device file, the processes
+   will retrieve its entropy from the kernel. On systems without kernel
+   entropy support, a file can be supplied that will be read on startup
+   and that will be used to seed the PRNG.
+ssl entropy bytes	= 256
+   Number of bytes that will be read from entropy file. If -1 is given, the
+   complete file will be read.
+ssl egd socket		=
+   Location of the communiation socket of an EGD or PRNGD daemon, from which
+   entropy can be retrieved. This option can be used instead of or together
+   with the "ssl entropy file" directive. 255bytes of entropy will be
+   retrieved from the daemon.
+
+
+Running samba with OpenSSL
+==========================
+Samba is started as usual. The daemon will ask for the private key's pass
+phrase before it goes to background if the private key has been encrypted.
+If you start smbd from inetd, this won't work. Therefore you must not encrypt
+your private key if you run smbd from inetd.
+
+Windows clients will try to connect to the SSL enabled samba daemon and they
+will fail. This can fill your log with failed SSL negotiation messages. To
+avoid this, you can either not run nmbd (if all clients use DNS to look up
+the server), which will leave the Windows machine unaware of the server, or
+list all (local) Windows machines in the "ssl hosts resign" variable.
+
+
+About certificates
+==================
+Secure samba servers will not be set up for public use as it is the case with
+secure web servers. Most installations will probably use it for distributed
+offices that use parts of the internet for their intranet, for access to a
+web server that's physically hosted by the provider or simply for teleworking.
+All these applications work with a known group of users that can easily agree
+on a certification authority. The CA can be operated by the company and the
+policy for issuing certificates can be determined by the company. If samba is
+configured to verify client certificates, it (currently) only verifies
+whether a valid certificate exists. It does not verify any of the data within
+the certificate (although it prints some of the data to the log file).
+
+
+Which clients are available that support SSL?
+=============================================
+Currently there are only smbclient which is part of the samba package and
+Sharity. Shariy versions newer than 0.14 in the beta branch and 1.01 in the
+main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client
+implementation for Unix. It is a commercial product, but it is available in
+source code and the demo-mode allows access to the first three layers of the
+mounted directory hierarchy. Licenses for universities and students are free.
+Sharity is available at
+
+    http://www.obdev.at/Products/Sharity.html
+
+
+
+###########################################################################
+Basics about Cryptography and SSL(eay)
+###########################################################################
+
+There are many good introductions to cryptography. I assume that the reader
+is familiar with the words "encryption", "digital signature" and RSA. If you
+don't know these terms, please read the cryptography FAQ part 6 and 7, which
+is posted to the usenet newsgroup sci.crypt. It is also available from
+
+    ftp://rtfm.mit.edu/pub/usenet/news.answers/cryptography-faq
+and
+    http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq
+
+I'll concentrate on the questions specific to SSL and samba here.
+
+
+What is a certificate?
+======================
+A certificate is issued by an issuer, usually a "Certification Authority"
+(CA), who confirms something by issuing the certificate. The subject of this
+confirmation depends on the CA's policy. CAs for secure web servers (used for
+shopping malls etc.) usually only attest that the given public key belongs the
+the given domain name. Company-wide CAs might attest that you are an employee
+of the company, that you have permissions to use a server or whatever.
+
+
+What is an X.509 certificate technically?
+=========================================
+Technically, the certificate is a block of data signed by the certificate
+issuer (the CA). The relevant fields are:
+   - unique identifier (name) of the certificate issuer
+   - time range during that the certificate is valid
+   - unique identifier (name) of the certified subject
+   - public key of the certified subject
+   - the issuer's signature over all of the above
+If this certificate should be verified, the verifier must have a table of the
+names and public keys of trusted CAs. For simplicity, these tables are lists
+of certificates issued by the respective CAs for themselves (self-signed
+certificates).
+
+
+What are the implications of this certificate structure?
+========================================================
+  - Because the certificate contains the subject's public key, the
+    certificate and the private key together are all that's needed to encrypt
+    and decrypt.
+  - To verify certificates, you need the certificates of all CAs you trust.
+  - The simplest form of a dummy-certificate is one that's signed by the
+    subject itself.
+  - A CA is needed. The client can't simply issue local certificates for
+    servers it trusts because the server determines which certificate it
+    presents.
+
+
+
+###########################################################################
+Setting up files and directories for OpenSSL
+###########################################################################
+
+The first thing you should do is to change your PATH environment variable to
+include the bin directory of OpenSSL. E.g.:
+
+    PATH=$PATH:/usr/local/ssl/bin   
+
+If your system's kernel supports a /dev/urandom device, all OpenSSL operations
+will automatically retrieve its entropy from it. If your system does not
+support /dev/urandom, you may install an EGD/PRNGD daemon for entropy
+supply or can generate seed from reading files (that should contain information
+unpredictable/unknown to attackers). Use the "-rand" option to the openssl
+commands to specify the entropy source (if /dev/urandom is not available).
+
+OpenSSL additionally keeps random seed in the $HOME/.rnd file. You can
+initialize this file using:
+    
+    openssl rand -rand /tmp/rfile.txt > $HOME/.rnd
+    rm -f /tmp/rfile.txt	# nobody must know!!
+
+or
+
+    openssl rand -rand /path/to/egd-socket > $HOME/.rnd
+
+How to create a keypair
+=======================
+This is done with 'genrsa' for RSA keys and 'gendsa' for DSA keys. For an RSA
+key with 1024 bits which is written to the file "key.pem" type:
+
+    openssl genrsa -des3 -rand /path/to/source 1024 > key.pem
+
+You will be asked for a pass phrase to protect this key. If you don't want to
+protect your private key with a pass phrase, just omit the parameter "-des3".
+If you want a different key size, replace the parameter "1024". You really
+should use a pass phrase.
+
+If you want to remove the pass phrase from a key use:
+
+    openssl rsa -in key.pem -out newkey.pem
+
+And to add or change a pass phrase:
+
+    openssl rsa -des3 -in key.pem -out newkey.pem
+
+
+How to create a dummy certificate
+=================================
+If you still have your keypair in the file "key.pem", the command
+
+    openssl req -new -x509 -key key.pem -out cert.pem
+
+will write a self-signed dummy certificate to the file "cert.pem". This can
+be used for testing or if only encryption and no certification is needed.
+Please bear in mind that encryption without authentication (certification)
+can never be secure. It's open to (at least) "man-in-the-middle" attacks.
+
+
+How to create a certificate signing request
+===========================================
+You must not simply send your keypair to the CA for signing because it
+contains the private key which _must_ be kept secret. A signing request
+consists of your public key and some additional information you want to have
+bound to that key by the certificate. If you operate a secure web server,
+this additional information will (among other things) contain the URL of
+your server in the field "Common Name". The certificate signing request is
+created from the keypair with the following command (assuming that the key
+pair is still in "key.pem"):
+
+    openssl req -new -key key.pem -out csr.pem
+
+This command will ask you for the information which must be included in the
+certificate and will write the signing request to the file "csr.pem". This
+signing request is all the CA needs for signing, at least technically. Most
+CAs will demand bureaucratic material and money, too.
+
+
+How to set up a Certification Authority (CA)
+============================================
+Being a certification authority requires a database that holds the CA's
+keypair, the CA's certificate, a list of all signed certificates and other
+information. This database is kept in a directory hierarchy below a
+configurable starting point. The starting point must be configured in the
+ssleay.conf file. This file is at /usr/local/ssl/lib/ssleay.conf if you have
+not changed the default installation path.
+
+The first thing you should do is to edit this file according to your needs.
+Let's  assume that you want to hold the CA's database at the directory
+"/usr/local/ssl/CA". Change the variable "dir" in section "CA_default" to
+this path. You may also want to edit the default settings for some variables,
+but the values given should be OK. This path is also contained in the shell
+script CA.sh, which should be at "/usr/local/ssl/bin/CA.sh". Change the path
+in the shell script:
+
+    CATOP=/usr/local/ssl/CA
+    CAKEY=./cakey.pem           # relative to $CATOP/
+    CACERT=./cacert.pem         # relative to $CATOP/private/
+
+Then create the directory "/usr/local/ssl/CA" and make it writable for the
+user that operates the CA. You should also initialize SSLeay as CA user (set
+up the random number generator). Now you should call the shell script CA.sh
+to set up the initial database:
+
+    CA.sh -newca
+
+This command will ask you whether you want to use an existing certificate or
+create one. Just press enter to create a new key pair and certificate. You
+will be asked the usual questions for certificates: the country, state, city,
+"Common Name", etc. Enter the appropriate values for the CA. When CA.sh
+finishes, it has set up a bunch of directories and files. A CA must publish
+it's certificate, which is in the file "/usr/local/ssl/CA/cacert.pem".
+
+
+How to sign a certificate request
+=================================
+After setting up the CA stuff, you can start signing certificate requests.
+Make sure that the SSLeay utilities know where the configuration file is.
+The default is compiled in, if you don't use the default location, add the
+parameter "-config <cfg-file>". Make also sure that the configuration file
+contains the correct path to the CA database. If all this is set up properly,
+you can sign the request in the file "csr.pem" with the command:
+
+    openssl ca -policy policy_anything -days 365 -infiles csr.pem >cert.pem
+
+The resulting certificate (and additional information) will be in "cert.pem".
+If you want the certificate to be valid for a period different from 365 days,
+simply change the "-days" parameter.
+
+
+How to install a new CA certificate
+===================================
+Whereever a certificate must be checked, the CA's certificate must be
+available. Let's take the common case where the client verifies the server's
+certificate. The case where the server verfies the client's certificate works
+the same way. The client receives the server's certificate, which contains
+the "Distinguished Name" of the CA. To verify whether the signature in this
+certificate is OK, it must look up the public key of that CA. Therefore each
+client must hold a database of CAs, indexed by CA name. This database is best
+kept in a directory where each file contains the certificate of one CA and is
+named after the hashvalue (checksum) of the CA's name. This section describes
+how such a database is managed technically. Whether or not to install (and
+thereby trust) a CA is a totally different matter.
+
+The client must know the directory of the CA database. This can be configured.
+There may also be a configuration option to set up a CA database file which
+contains all CA certs in one file. Let's assume that the CA database is kept
+in the directory "/usr/local/ssl/certs". The following example assumes that
+the CA's certificate is in the file "cacert.pem" and the CA is known as
+"myCA". To install the certificate, do the following:
+
+    cp cacert.pem /usr/local/ssl/cers/myCA.pem
+    cd /usr/local/ssl/certs
+    ln -s myCA.pem `openssl x509 -noout -hash < myCA.pem`.0
+
+The last command creates a link from the hashed name to the real file.
+
+From now on all certificates signed by the myCA authority will be accepted by
+clients that use the directory "/usr/local/ssl/certs/" as their CA certificate
+database.
+
+
+
diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt
new file mode 100755
index 00000000000..325376ac250
--- /dev/null
+++ b/docs/textdocs/Speed.txt
@@ -0,0 +1,341 @@
+!==
+!== Speed.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+
+Subject:	Samba performance issues
+============================================================================
+
+This file tries to outline the ways to improve the speed of a Samba server.
+
+COMPARISONS
+-----------
+
+The Samba server uses TCP to talk to the client. Thus if you are
+trying to see if it performs well you should really compare it to
+programs that use the same protocol. The most readily available
+programs for file transfer that use TCP are ftp or another TCP based
+SMB server.
+
+If you want to test against something like a NT or WfWg server then
+you will have to disable all but TCP on either the client or
+server. Otherwise you may well be using a totally different protocol
+(such as Netbeui) and comparisons may not be valid.
+
+Generally you should find that Samba performs similarly to ftp at raw
+transfer speed. It should perform quite a bit faster than NFS,
+although this very much depends on your system.
+
+Several people have done comparisons between Samba and Novell, NFS or
+WinNT. In some cases Samba performed the best, in others the worst. I
+suspect the biggest factor is not Samba vs some other system but the
+hardware and drivers used on the various systems. Given similar
+hardware Samba should certainly be competitive in speed with other
+systems.
+
+
+OPLOCKS
+-------
+
+Oplocks are the way that SMB clients get permission from a server to
+locally cache file operations. If a server grants an oplock
+(opportunistic lock) then the client is free to assume that it is the
+only one accessing the file and it will agressively cache file
+data. With some oplock types the client may even cache file open/close
+operations. This can give enormous performance benefits.
+
+With the release of Samba 1.9.18 we now correctly support opportunistic 
+locks. This is turned on by default, and can be turned off on a share-
+by-share basis by setting the parameter :
+
+oplocks = False
+
+We recommend that you leave oplocks on however, as current benchmark
+tests with NetBench seem to give approximately a 30% improvement in
+speed with them on. This is on average however, and the actual 
+improvement seen can be orders of magnitude greater, depending on
+what the client redirector is doing.
+
+Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
+option has been left in the code for backwards compatibility reasons
+but it's use is now deprecated. A short summary of what the old
+code did follows.
+
+LEVEL2 OPLOCKS
+--------------
+
+With Samba 2.0.5 a new capability - level2 (read only) oplocks is
+supported (although the option is off by default - see the smb.conf
+man page for details). Turning on level2 oplocks (on a share-by-share basis)
+by setting the parameter :
+
+level2 oplocks = true 
+
+should speed concurrent access to files that are not commonly written
+to, such as application serving shares (ie. shares that contain common
+.EXE files - such as a Microsoft Office share) as it allows clients to
+read-ahread cache copies of these files.
+
+Old 'fake oplocks' option - deprecated.
+---------------------------------------
+
+Samba can also fake oplocks, by granting a oplock whenever a client 
+asks for one. This is controlled using the smb.conf option "fake 
+oplocks". If you set "fake oplocks = yes" then you are telling the 
+client that it may agressively cache the file data for all opens.
+
+Enabling 'fake oplocks' on all read-only shares or shares that you know
+will only be accessed from one client at a time you will see a big
+performance improvement on many operations. If you enable this option
+on shares where multiple clients may be accessing the files read-write
+at the same time you can get data corruption.
+
+SOCKET OPTIONS
+--------------
+
+There are a number of socket options that can greatly affect the
+performance of a TCP based server like Samba.
+
+The socket options that Samba uses are settable both on the command
+line with the -O option, or in the smb.conf file.
+
+The "socket options" section of the smb.conf manual page describes how
+to set these and gives recommendations.
+
+Getting the socket options right can make a big difference to your
+performance, but getting them wrong can degrade it by just as
+much. The correct settings are very dependent on your local network.
+
+The socket option TCP_NODELAY is the one that seems to make the
+biggest single difference for most networks. Many people report that
+adding "socket options = TCP_NODELAY" doubles the read performance of
+a Samba drive. The best explanation I have seen for this is that the
+Microsoft TCP/IP stack is slow in sending tcp ACKs.
+
+
+READ SIZE
+---------
+
+The option "read size" affects the overlap of disk reads/writes with
+network reads/writes. If the amount of data being transferred in
+several of the SMB commands (currently SMBwrite, SMBwriteX and
+SMBreadbraw) is larger than this value then the server begins writing
+the data before it has received the whole packet from the network, or
+in the case of SMBreadbraw, it begins writing to the network before
+all the data has been read from disk.
+
+This overlapping works best when the speeds of disk and network access
+are similar, having very little effect when the speed of one is much
+greater than the other.
+
+The default value is 16384, but very little experimentation has been
+done yet to determine the optimal value, and it is likely that the best
+value will vary greatly between systems anyway. A value over 65536 is
+pointless and will cause you to allocate memory unnecessarily.
+
+
+MAX XMIT
+--------
+
+At startup the client and server negotiate a "maximum transmit" size,
+which limits the size of nearly all SMB commands. You can set the
+maximum size that Samba will negotiate using the "max xmit = " option
+in smb.conf. Note that this is the maximum size of SMB request that 
+Samba will accept, but not the maximum size that the *client* will accept.
+The client maximum receive size is sent to Samba by the client and Samba
+honours this limit.
+
+It defaults to 65536 bytes (the maximum), but it is possible that some
+clients may perform better with a smaller transmit unit. Trying values
+of less than 2048 is likely to cause severe problems.
+
+In most cases the default is the best option.
+
+
+LOCKING
+-------
+
+By default Samba does not implement strict locking on each read/write
+call (although it did in previous versions). If you enable strict
+locking (using "strict locking = yes") then you may find that you
+suffer a severe performance hit on some systems.
+
+The performance hit will probably be greater on NFS mounted
+filesystems, but could be quite high even on local disks.
+
+
+SHARE MODES
+-----------
+
+Some people find that opening files is very slow. This is often
+because of the "share modes" code needed to fully implement the dos
+share modes stuff. You can disable this code using "share modes =
+no". This will gain you a lot in opening and closing files but will
+mean that (in some cases) the system won't force a second user of a
+file to open the file read-only if the first has it open
+read-write. For many applications that do their own locking this
+doesn't matter, but for some it may. Most Windows applications
+depend heavily on "share modes" working correctly and it is
+recommended that the Samba share mode support be left at the
+default of "on".
+
+The share mode code in Samba has been re-written in the 1.9.17
+release following tests with the Ziff-Davis NetBench PC Benchmarking
+tool. It is now believed that Samba 1.9.17 implements share modes
+similarly to Windows NT.
+
+NOTE: In the most recent versions of Samba there is an option to use
+shared memory via mmap() to implement the share modes. This makes
+things much faster. See the Makefile for how to enable this.
+
+
+LOG LEVEL
+---------
+
+If you set the log level (also known as "debug level") higher than 2
+then you may suffer a large drop in performance. This is because the
+server flushes the log file after each operation, which can be very
+expensive. 
+
+
+WIDE LINKS
+----------
+
+The "wide links" option is now enabled by default, but if you disable
+it (for better security) then you may suffer a performance hit in
+resolving filenames. The performance loss is lessened if you have
+"getwd cache = yes", which is now the default.
+
+
+READ RAW
+--------
+
+The "read raw" operation is designed to be an optimised, low-latency
+file read operation. A server may choose to not support it,
+however. and Samba makes support for "read raw" optional, with it
+being enabled by default.
+
+In some cases clients don't handle "read raw" very well and actually
+get lower performance using it than they get using the conventional
+read operations. 
+
+So you might like to try "read raw = no" and see what happens on your
+network. It might lower, raise or not affect your performance. Only
+testing can really tell.
+
+
+WRITE RAW
+---------
+
+The "write raw" operation is designed to be an optimised, low-latency
+file write operation. A server may choose to not support it,
+however. and Samba makes support for "write raw" optional, with it
+being enabled by default.
+
+Some machines may find "write raw" slower than normal write, in which
+case you may wish to change this option.
+
+READ PREDICTION
+---------------
+
+Samba can do read prediction on some of the SMB commands. Read
+prediction means that Samba reads some extra data on the last file it
+read while waiting for the next SMB command to arrive. It can then
+respond more quickly when the next read request arrives.
+
+This is disabled by default. You can enable it by using "read
+prediction = yes".
+
+Note that read prediction is only used on files that were opened read
+only.
+
+Read prediction should particularly help for those silly clients (such
+as "Write" under NT) which do lots of very small reads on a file.
+
+Samba will not read ahead more data than the amount specified in the
+"read size" option. It always reads ahead on 1k block boundaries.
+
+
+MEMORY MAPPING
+--------------
+
+Samba supports reading files via memory mapping them. One some
+machines this can give a large boost to performance, on others it
+makes not difference at all, and on some it may reduce performance.
+
+To enable you you have to recompile Samba with the -DUSE_MMAP option
+on the FLAGS line of the Makefile.
+
+Note that memory mapping is only used on files opened read only, and
+is not used by the "read raw" operation. Thus you may find memory
+mapping is more effective if you disable "read raw" using "read raw =
+no".
+
+
+SLOW CLIENTS
+------------
+
+One person has reported that setting the protocol to COREPLUS rather
+than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).
+
+I suspect that his PC's (386sx16 based) were asking for more data than
+they could chew. I suspect a similar speed could be had by setting
+"read raw = no" and "max xmit = 2048", instead of changing the
+protocol. Lowering the "read size" might also help.
+
+
+SLOW LOGINS
+-----------
+
+Slow logins are almost always due to the password checking time. Using
+the lowest practical "password level" will improve things a lot. You
+could also enable the "UFC crypt" option in the Makefile.
+
+CLIENT TUNING
+-------------
+
+Often a speed problem can be traced to the client. The client (for
+example Windows for Workgroups) can often be tuned for better TCP
+performance.
+
+See your client docs for details. In particular, I have heard rumours
+that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
+large impact on performance.
+
+Also note that some people have found that setting DefaultRcvWindow in
+the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
+big improvement. I don't know why.
+
+My own experience wth DefaultRcvWindow is that I get much better
+performance with a large value (16384 or larger). Other people have
+reported that anything over 3072 slows things down enourmously. One
+person even reported a speed drop of a factor of 30 when he went from
+3072 to 8192. I don't know why.
+
+It probably depends a lot on your hardware, and the type of unix box
+you have at the other end of the link.
+
+
+MY RESULTS
+----------
+
+Some people want to see real numbers in a document like this, so here
+they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
+tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
+Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to
+set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
+server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
+Elite-16 card. You can see my server config in the examples/tridge/
+subdirectory of the distribution.
+
+I get 490k/s on reading a 8Mb file with copy.
+I get 441k/s writing the same file to the samba server.
+
+Of course, there's a lot more to benchmarks than 2 raw throughput
+figures, but it gives you a ballpark figure.
+
+I've also tested Win95 and WinNT, and found WinNT gave me the best
+speed as a samba client. The fastest client of all (for me) is
+smbclient running on another linux box. Maybe I'll add those results
+here someday ...
+
+
diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt
new file mode 100755
index 00000000000..cbdce761de5
--- /dev/null
+++ b/docs/textdocs/Speed2.txt
@@ -0,0 +1,60 @@
+!==
+!== Speed2.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Paul Cochrane <paulc@dth.scot.nhs.uk>
+Organization: 	Dundee Limb Fitting Centre
+Date:		Fri, 10 Apr 1998
+Subject: 	Samba SPEED.TXT comment
+=============================================================================
+
+This might be relevant to Client Tuning. I have been trying various methods
+of getting win95 to talk to Samba quicker. The results I have come up with
+are:
+
+1. Install the W2setup.exe file from www.microsoft.com. This is an 
+update for the winsock stack and utilities which improve performance.
+
+2. Configure the win95 TCPIP registry settings to give better 
+perfomance. I use a program called MTUSPEED.exe which I got off the 
+net. There are various other utilities of this type freely available. 
+The setting which give the best performance for me are:
+
+(a) MaxMTU                  Remove
+(b) RWIN                    Remove
+(c) MTUAutoDiscover         Disable
+(d) MTUBlackHoleDetect      Disable
+(e) Time To Live            Enabled
+(f) Time To Live - HOPS     32
+(g) NDI Cache Size          0
+
+3. I tried virtually all of the items mentioned in the document and 
+the only one which made a difference to me was the socket options. It 
+turned out I was better off without any!!!!! 
+
+In terms of overall speed of transfer, between various win95 clients 
+and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
+drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.
+
+The figures are:          Put              Get 
+P166 client 3Com card:    420-440kB/s      500-520kB/s
+P100 client 3Com card:    390-410kB/s      490-510kB/s
+DX4-75 client NE2000:     370-380kB/s      330-350kB/s
+
+I based these test on transfer two files a 4.5MB text file and a 15MB 
+textfile. The results arn't bad considering the hardware Samba is 
+running on. It's a crap machine!!!!
+
+The updates mentioned in 1 and 2 brought up the transfer rates from 
+just over 100kB/s in some clients.
+
+A new client is a P333 connected via a 100MB/s card and hub. The 
+transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
+on get.
+
+Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
+upwards). I suppose there is more going on in the samba protocol, but 
+if it could get up to the rate of FTP the perfomance would be quite 
+staggering.
+
+Paul Cochrane
+
diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt
new file mode 100755
index 00000000000..96d863d0742
--- /dev/null
+++ b/docs/textdocs/Tracing.txt
@@ -0,0 +1,96 @@
+!==
+!== Tracing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell <samba@samba.org>
+Date:		Old
+Status:		Questionable
+
+Subject:	How to trace samba system calls for debugging purposes
+=============================================================================
+
+This file describes how to do a system call trace on Samba to work out
+what its doing wrong. This is not for the faint of heart, but if you
+are reading this then you are probably desperate.
+
+Actually its not as bad as the the above makes it sound, just don't
+expect the output to be very pretty :-)
+
+Ok, down to business. One of the big advantages of unix systems is
+that they nearly all come with a system trace utility that allows you
+to monitor all system calls that a program is making. This is
+extremely using for debugging and also helps when trying to work out
+why something is slower than you expect. You can use system tracing
+without any special compilation options. 
+
+The system trace utility is called different things on different
+systems. On Linux systems its called strace. Under SunOS 4 its called
+trace. Under SVR4 style systems (including solaris) its called
+truss. Under many BSD systems its called ktrace. 
+
+The first thing you should do is read the man page for your native
+system call tracer. In the discussion below I'll assume its called
+strace as strace is the only portable system tracer (its available for
+free for many unix types) and its also got some of the nicest
+features.
+
+Next, try using strace on some simple commands. For example, "strace
+ls" or "strace echo hello".
+
+You'll notice that it produces a LOT of output. It is showing you the
+arguments to every system call that the program makes and the
+result. Very little happens in a program without a system call so you
+get lots of output. You'll also find that it produces a lot of
+"preamble" stuff showing the loading of shared libraries etc. Ignore
+this (unless its going wrong!)
+
+For example, the only line that really matters in the "strace echo
+hello" output is:
+
+write(1, "hello\n", 6)                  = 6
+
+all the rest is just setting up to run the program.
+
+Ok, now you're famialiar with strace. To use it on Samba you need to
+strace the running smbd daemon. The way I tend ot use it is to first
+login from my Windows PC to the Samba server, then use smbstatus to
+find which process ID that client is attached to, then as root I do
+"strace -p PID" to attach to that process. I normally redirect the
+stderr output from this command to a file for later perusal. For
+example, if I'm using a csh style shell:
+
+  strace -f -p 3872 >& strace.out
+
+or with a sh style shell:
+
+  strace -f -p 3872 > strace.out 2>&1
+
+Note the "-f" option. This is only available on some systems, and
+allows you to trace not just the current process, but any children it
+forks. This is great for finding printing problems caused by the
+"print command" being wrong.
+
+Once you are attached you then can do whatever it is on the client
+that is causing problems and you will capture all the system calls
+that smbd makes. 
+
+So how do you interpret the results? Generally I search thorugh the
+output for strings that I know will appear when the problem
+happens. For example, if I am having touble with permissions on a file
+I would search for that files name in the strace output and look at
+the surrounding lines. Another trick is to match up file descriptor
+numbers and "follow" what happens to an open file until it is closed.
+
+Beyond this you will have to use your initiative. To give you an idea
+of wehat you are looking for here is a piece of strace output that
+shows that /dev/null is not world writeable, which causes printing to
+fail with Samba:
+
+[pid 28268] open("/dev/null", O_RDWR)   = -1 EACCES (Permission denied)
+[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied)
+
+the process is trying to first open /dev/null read-write then
+read-only. Both fail. This means /dev/null has incorrect permissions.
+
+Have fun!
+
+(please send updates/fixes to this file to samba@samba.org)
diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt
new file mode 100755
index 00000000000..5c6d5b8c813
--- /dev/null
+++ b/docs/textdocs/UNIX-SMB.txt
@@ -0,0 +1,234 @@
+!==
+!== UNIX-SMB.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell <samba@samba.org>
+Date:		April 1995
+
+Subject:	Discussion of NetBIOS in a Unix World
+============================================================================
+
+This is a short document that describes some of the issues that
+confront a SMB implementation on unix, and how Samba copes with
+them. They may help people who are looking at unix<->PC
+interoperability.
+
+It was written to help out a person who was writing a paper on unix to
+PC connectivity.
+
+
+Usernames
+=========
+
+The SMB protocol has only a loose username concept. Early SMB
+protocols (such as CORE and COREPLUS) have no username concept at
+all. Even in later protocols clients often attempt operations
+(particularly printer operations) without first validating a username
+on the server.
+
+Unix security is based around username/password pairs. A unix box
+should not allow clients to do any substantive operation without some
+sort of validation. 
+
+The problem mostly manifests itself when the unix server is in "share
+level" security mode. This is the default mode as the alternative
+"user level" security mode usually forces a client to connect to the
+server as the same user for each connected share, which is
+inconvenient in many sites.
+
+In "share level" security the client normally gives a username in the
+"session setup" protocol, but does not supply an accompanying
+password. The client then connects to resources using the "tree
+connect" protocol, and supplies a password. The problem is that the
+user on the PC types the username and the password in different
+contexts, unaware that they need to go together to give access to the
+server. The username is normally the one the user typed in when they
+"logged onto" the PC (this assumes Windows for Workgroups). The
+password is the one they chose when connecting to the disk or printer.
+
+The user often chooses a totally different username for their login as
+for the drive connection. Often they also want to access different
+drives as different usernames. The unix server needs some way of
+divining the correct username to combine with each password.
+
+Samba tries to avoid this problem using several methods. These succeed
+in the vast majority of cases. The methods include username maps, the
+service%user syntax, the saving of session setup usernames for later
+validation and the derivation of the username from the service name
+(either directly or via the user= option).
+
+File Ownership
+==============
+
+The commonly used SMB protocols have no way of saying "you can't do
+that because you don't own the file". They have, in fact, no concept
+of file ownership at all.
+
+This brings up all sorts of interesting problems. For example, when
+you copy a file to a unix drive, and the file is world writeable but
+owned by another user the file will transfer correctly but will
+receive the wrong date. This is because the utime() call under unix
+only succeeds for the owner of the file, or root, even if the file is
+world writeable. For security reasons Samba does all file operations
+as the validated user, not root, so the utime() fails. This can stuff
+up shared development diectories as programs like "make" will not get
+file time comparisons right.
+
+There are several possible solutions to this problem, including
+username mapping, and forcing a specific username for particular
+shares.
+
+Passwords
+=========
+
+Many SMB clients uppercase passwords before sending them. I have no
+idea why they do this. Interestingly WfWg uppercases the password only
+if the server is running a protocol greater than COREPLUS, so
+obviously it isn't just the data entry routines that are to blame.
+
+Unix passwords are case sensitive. So if users use mixed case
+passwords they are in trouble.
+
+Samba can try to cope with this by either using the "password level"
+option which causes Samba to try the offered password with up to the
+specified number of case changes, or by using the "password server"
+option which allows Samba to do its validation via another machine
+(typically a WinNT server).
+
+Samba supports the password encryption method used by SMB
+clients. Note that the use of password encryption in Microsoft
+networking leads to password hashes that are "plain text equivalent".
+This means that it is *VERY* important to ensure that the Samba
+smbpasswd file containing these password hashes is only readable
+by the root user. See the documentation ENCRYPTION.txt for more
+details.
+
+
+Locking
+=======
+
+The locking calls available under a DOS/Windows environment are much
+richer than those available in unix. This means a unix server (like
+Samba) choosing to use the standard fcntl() based unix locking calls
+to implement SMB locking has to improvise a bit.
+
+One major problem is that dos locks can be in a 32 bit (unsigned)
+range. Unix locking calls are 32 bits, but are signed, giving only a 31
+bit range. Unfortunately OLE2 clients use the top bit to select a
+locking range used for OLE semaphores.
+
+To work around this problem Samba compresses the 32 bit range into 31
+bits by appropriate bit shifting. This seems to work but is not
+ideal. In a future version a separate SMB lockd may be added to cope
+with the problem.
+
+It also doesn't help that many unix lockd daemons are very buggy and
+crash at the slightest provocation. They normally go mostly unused in
+a unix environment because few unix programs use byte range
+locking. The stress of huge numbers of lock requests from dos/windows
+clients can kill the daemon on some systems.
+
+The second major problem is the "opportunistic locking" requested by
+some clients. If a client requests opportunistic locking then it is
+asking the server to notify it if anyone else tries to do something on
+the same file, at which time the client will say if it is willing to
+give up its lock. Unix has no simple way of implementing
+opportunistic locking, and currently Samba has no support for it.
+
+Deny Modes
+==========
+
+When a SMB client opens a file it asks for a particular "deny mode" to
+be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE,
+DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be
+allowed by anyone else who tries to use the file at the same time. If
+DENY_READ is placed on the file, for example, then any attempt to open
+the file for reading should fail.
+
+Unix has no equivalent notion. To implement this Samba uses either lock
+files based on the files inode and placed in a separate lock
+directory or a shared memory implementation. The lock file method 
+is clumsy and consumes processing and file resources,
+the shared memory implementation is vastly prefered and is turned on
+by default for those systems that support it.
+
+Trapdoor UIDs
+=============
+
+A SMB session can run with several uids on the one socket. This
+happens when a user connects to two shares with different
+usernames. To cope with this the unix server needs to switch uids
+within the one process. On some unixes (such as SCO) this is not
+possible. This means that on those unixes the client is restricted to
+a single uid.
+
+Note that you can also get the "trapdoor uid" message for other
+reasons. Please see the FAQ for details.
+
+Port numbers
+============
+
+There is a convention that clients on sockets use high "unprivilaged"
+port numbers (>1000) and connect to servers on low "privilaged" port
+numbers. This is enforced in Unix as non-root users can't open a
+socket for listening on port numbers less than 1000.
+
+Most PC based SMB clients (such as WfWg and WinNT) don't follow this
+convention completely. The main culprit is the netbios nameserving on
+udp port 137. Name query requests come from a source port of 137. This
+is a problem when you combine it with the common firewalling technique
+of not allowing incoming packets on low port numbers. This means that
+these clients can't query a netbios nameserver on the other side of a
+low port based firewall.
+
+The problem is more severe with netbios node status queries. I've
+found that WfWg, Win95 and WinNT3.5 all respond to netbios node status
+queries on port 137 no matter what the source port was in the
+request. This works between machines that are both using port 137, but
+it means it's not possible for a unix user to do a node status request
+to any of these OSes unless they are running as root. The answer comes
+back, but it goes to port 137 which the unix user can't listen
+on. Interestingly WinNT3.1 got this right - it sends node status
+responses back to the source port in the request.
+
+
+Protocol Complexity
+===================
+
+There are many "protocol levels" in the SMB protocol. It seems that
+each time new functionality was added to a Microsoft operating system,
+they added the equivalent functions in a new protocol level of the SMB
+protocol to "externalise" the new capabilities.
+
+This means the protocol is very "rich", offering many ways of doing
+each file operation. This means SMB servers need to be complex and
+large. It also means it is very difficult to make them bug free. It is
+not just Samba that suffers from this problem, other servers such as
+WinNT don't support every variation of every call and it has almost
+certainly been a headache for MS developers to support the myriad of
+SMB calls that are available.
+
+There are about 65 "top level" operations in the SMB protocol (things
+like SMBread and SMBwrite). Some of these include hundreds of
+sub-functions (SMBtrans has at least 120 sub-functions, like
+DosPrintQAdd and NetSessionEnum). All of them take several options
+that can change the way they work. Many take dozens of possible
+"information levels" that change the structures that need to be
+returned. Samba supports all but 2 of the "top level" functions. It
+supports only 8 (so far) of the SMBtrans sub-functions. Even NT
+doesn't support them all.
+
+Samba currently supports up to the "NT LM 0.12" protocol, which is the
+one preferred by Win95 and WinNT3.5. Luckily this protocol level has a
+"capabilities" field which specifies which super-duper new-fangled
+options the server suports. This helps to make the implementation of
+this protocol level much easier.
+
+There is also a problem with the SMB specications. SMB is a X/Open
+spec, but the X/Open book is far from ideal, and fails to cover many
+important issues, leaving much to the imagination. Microsoft recently
+renamed the SMB protocol CIFS (Common Internet File System) and have 
+published new specifications. These are far superior to the old 
+X/Open documents but there are still undocumented calls and features. 
+This specification is actively being worked on by a CIFS developers 
+mailing list hosted by Microsft.
+
diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt
new file mode 100755
index 00000000000..a979dc5a497
--- /dev/null
+++ b/docs/textdocs/UNIX_SECURITY.txt
@@ -0,0 +1,57 @@
+!==
+!== UNIX_SECURITY.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	John H Terpstra <jht@samba.org>
+Date:		July 5, 1998
+Status:		Current
+
+Subject:	SETTING UNIX FILE SYSTEM SECURITY
+===============================================================================
+The following excerpt from a bug report demonstrates the need to
+understand Unix file system security and to manage it correctly.
+
+Quote:
+======
+> We are unable to keep individual users from mapping to any other user's
+> home directory once they have supplied a valid password! They only need
+> to enter their own password. I have not found *any* method that I can
+> use to configure samba to enforce that only a user may map their own
+> home directory.
+> 
+> User xyzzy can map his home directory. Once mapped user xyzzy can also map
+> *anyone* elses home directory!
+
+ANSWER:
+=======
+This is not a security flaw, it is by design. Samba allows
+users to have *exactly* the same access to the UNIX filesystem
+as they would if they were logged onto the UNIX box, except
+that it only allows such views onto the file system as are
+allowed by the defined shares.
+
+This means that if your UNIX home directories are set up
+such that one user can happily cd into another users
+directory and do an ls, the UNIX security solution is to 
+change the UNIX file permissions on the users home directories
+such that the cd and ls would be denied.
+
+Samba tries very hard not to second guess the UNIX administrators
+security policies, and trusts the UNIX admin to set
+the policies and permissions he or she desires.
+
+Samba does allow the setup you require when you have set the
+"only user = yes" option on the share, is that you have not set the
+valid users list for the share.
+
+Note that only user works in conjunction with the users= list,
+so to get the behavior you require, add the line :
+
+users = %S
+
+this is equivalent to:
+
+valid users = %S
+
+to the definition of the [homes] share, as recommended in
+the smb.conf man page.
+
diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt
new file mode 100755
index 00000000000..911fddf427a
--- /dev/null
+++ b/docs/textdocs/Win95.txt
@@ -0,0 +1,77 @@
+!==
+!== Win95.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Copyright (C) 1997 - Samba-Team
+Contributed Date:	August 20, 1997
+Last Update:		August 20, 1997
+
+Subject:	Windows 95 and Samba Interoperability
+===============================================================================
+
+Password Handling:
+------------------
+Microsoft periodically release updates to all their operating systems. Some of
+these are welcomed while others cause us to change the way we do things. Few
+people like change, particularly if the change is unexpected. The best advice
+always is to read the documentation provided BEFORE applying an update.
+
+One of the recent Win95 updates (VRDRUPD.EXE) disables plain text (also called
+clear text) password authentication. The effects of this updates are desirable
+where MS Windows NT is providing the password authentication service. This
+update is most undesirable where Samba must provide the authentication service
+unless Samba has been specifically configured to use encrypted passwords _AND_
+has been linked with the libdes library.
+
+If the above conditions have not been complied with, and you are using Samba,
+then Windows 95 clients will NOT be able to authenticate to a Samba server.
+
+To re-enable plain text password capabilities AFTER applying this update
+you must create a new value in the Windows 95 registry.
+
+Either foillow the following procedure or just double click on the
+file Win95_PlainPassword.reg for an easier way to do this.
+
+Procedure:
+1)	Launch the Registry Editor as follows:
+	Click on:	/Start/Run
+	Type "regedit" and press enter.
+
+2)	Double click on:	HKEY_LOCAL_MACHINE
+
+3)	Locate the following Key:
+	/HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP
+
+4)	From the menu bar select Edit/New/DWORD Value
+
+5)	Rename the entry from "New Value #1" to:
+		EnablePlainTextPassword
+
+6)	Press Enter, then double click on the new entry.
+	A dialog box will pop up and enable you to set a value.
+	You must set this value to 1.
+
+-------------------------------------------------------------------------------
+
+Windows 95 Updates:
+-------------------
+When using Windows 95 OEM SR2 the following updates are recommended where Samba
+is being used. Please NOTE that the above change will affect you once these
+updates  have been installed.
+
+There are more updates than the ones mentioned here. You are referred to the
+Microsoft Web site for all currently available updates to your specific version
+of Windows 95.
+
+Kernel Update:	KRNLUPD.EXE
+Ping Fix:	PINGUPD.EXE
+RPC Update:	RPCRTUPD.EXE
+TCP/IP Update:	VIPUPD.EXE
+Redirector Update:	VRDRUPD.EXE
+
+Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
+fix may stop your machine from hanging for an extended period when exiting
+OutLook and you may also notice a significant speedup when accessing network
+neighborhood services.
+
+-------------------------------------------------------------------------------
+The above password information was provided by: Jochen Huppertz <jhu@nrh.de>
diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt
new file mode 100755
index 00000000000..c7d41a4114a
--- /dev/null
+++ b/docs/textdocs/WinNT.txt
@@ -0,0 +1,107 @@
+!==
+!== WinNT.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributors:	Various
+		Password Section - Copyright (C) 1997 - John H Terpstra
+		Printing Section - Copyright (C) 1997 - Matthew Harrell
+		Priting Info     - Copyright (C) 1997 - Frank Varnavas
+Updated:	October 16, 1997
+Status:		Current
+
+Subject:	Samba and Windows NT Password Handling
+=============================================================================
+
+There are some particular issues with Samba and Windows NT.
+
+Passwords:
+==========
+One of the most annoying problems with WinNT is that NT refuses to
+connect to a server that is in user level security mode and that
+doesn't support password encryption unless it first prompts the user
+for a password.
+
+This means even if you have the same password on the NT box and the
+Samba server you will get prompted for a password. Entering the
+correct password will get you connected only if Windows NT can
+communicate with Samba using a compatible mode of password security.
+
+All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate
+plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed
+this default behaviour so it now will only handle encrypted passwords.
+The following registry entry change will re-enable clear text password
+handling:
+
+Run regedt32.exe and locate the hive key entry:
+HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\
+
+Add the following value:
+	EnablePlainTextPassword:REG_DWORD=1
+
+Alternatively, use the NT4_PlainPassword.reg file in this directory (either
+by double clicking on it, or running regedt32.exe and selecting "Import 
+Registry File" from the "Registry" Menu).
+
+The other major ramification of this feature of NT is that it can't
+browse a user level non-encrypted server unless it already has a
+connection open. This is because there is no spot for a password
+prompt in the browser window. It works fine if you already have a
+drive mounted (for example, one auto mounted on startup).
+=====================================================================
+
+Printing:
+=========
+When you mount a printer using the print manager in NT you may find
+the following info from Matthew Harrell <harrell@leech.nrl.navy.mil>
+useful:
+
+------------
+        I noticed in your change-log you noted that some people were
+still unable to use print manager under NT.  If this is the same problem
+that I encountered, it's caused by the length of time it takes NT to
+determine if the printer is ready.
+
+The problem occurs when you double-click on a printer to connect it to
+the NT machine.  Because it's unable to determine if the printer is ready
+in the short span of time it has, it assumes it isn't and gives some
+strange error about not having enough resources (I forget what the error
+is).  A solution to this that seems to work fine for us is to click
+once on the printer, look at the bottom of the window and wait until
+it says it's ready, then click on "OK".
+
+By the way, this problem probably occurs in our group because the
+Samba server doesn't actually have the printers - it queues them to
+remote printers either on other machines or using their own network
+cards.  Because of this "middle layer", it takes an extra amount of
+time for the NT machine to get verification that the printer queue
+actually exists.
+
+I hope this helped in some way...
+
+=====================================================================
+Printing Info:
+--------------
+
+From: Frank Varnavas <varnavas@ny.ubs.com>
+Subject: RE: Samba as a print server
+
+When an NT client attempts to connect  to a printer  on a non-NT print
+server the attempt is failed with an error, something like:
+
+   "You have insufficient access to your computer to perform the
+    operation because a driver needs to be installed"
+
+This is  because  domain users  must  have 'Power User'  status on the
+desktop to connect to printers on a non-NT print server.
+
+This  error  occurs regardless of  whether  the driver  in question is
+already installed or not.  What it really means is  that the server is
+a non-NT  server  and the client does  not  have permission to  create
+printers  locally.   Apparently when a   connection to a  non-NT print
+server is made the printer is defined  locally.  Such an action can be
+performed   by  either a   local    administrator  or  a Power   User.
+Unfortunately there is no way to limit the powers of a Power User, nor
+is there any way to grant the Printer Creation right to another group.
+
+This permission policy is documented in PSS database WINNT, ID Q101874
+
+Frank Varnavas (varnavas@ny.ubs.com)
diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt
new file mode 100755
index 00000000000..91d032b1695
--- /dev/null
+++ b/docs/textdocs/cifsntdomain.txt
@@ -0,0 +1,1501 @@
+!==
+!== cifsntdomain.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+NT Domain Authentication
+------------------------
+
+Authors:	- Luke Kenneth Casson Leighton (lkcl@switchboard.net)
+--------	- Paul Ashton                  (paul@argo.demon.co.uk)
+		- Duncan Stansfield            (duncans@sco.com)
+
+		  Copyright (C) 1997 Luke Kenneth Casson Leighton
+		  Copyright (C) 1997 Paul Ashton
+		  Copyright (C) 1997 Duncan Stansfield
+
+Version:	0.024 (01Nov97)
+--------
+
+Distribution:	Unlimited and encouraged, for the purposes of implementation
+-------------	and comments.  Feedback welcomed by the authors.
+
+Liability:	Absolutely none accepted implicitly or explicitly, direct
+----------	or consequentially, for use, abuse, misuse, lack of use,
+		misunderstandings, mistakes, omissions, mis-information for
+		anything in or not in, related to or not related to, or
+		pertaining to this document, or anything else that a lawyer
+		can think of or not think of.
+
+Warning:	Please bear in mind that an incorrect implementation of this
+--------	protocol can cause NT workstation to fail irrevocably, for
+		which the authors accept no liability (see above).  Please
+		contact your vendor if you have any problems.
+
+Sources:	- Packet Traces from Netmonitor (Service Pack 1 and above)
+--------	- Paul Ashton and Luke Leighton's other "NT Domain" doc.
+		- CIFS documentation - cifs6.txt
+		- CIFS documentation - cifsrap2.txt
+
+Original:	http://mailhost.cb1.com/~lkcl/cifsntdomain.txt.
+---------	(Controlled copy maintained by lkcl@switchboard.net)
+
+Credits:	- Paul Ashton: loads of work with Net Monitor; 
+--------	  understanding the NT authentication system;
+		  reference implementation of the NT domain support on which
+		  this document is originally based.
+		- Duncan Stansfield: low-level analysis of MSRPC Pipes.
+		- Linus Nordberg: producing c-code from Paul's crypto spec.
+		- Windows Sourcer development team
+
+
+Contents:
+---------
+
+   1) Introduction
+
+   2) Structures and notes
+
+      2.1) Notes
+      2.3) Enumerations
+      2.3) Structures
+
+   3) Transact Named Pipe Header/Tail
+
+      3.1) MSRPC Pipes
+      3.2) Header
+      3.3) Tail
+
+   4) NTLSA Transact Named Pipe
+
+      4.1) LSA Open Policy
+      4.2) LSA Query Info Policy
+      4.3) LSA Enumerate Trusted Domains
+      4.4) LSA Open Secret
+      4.5) LSA Close
+      4.6) LSA Lookup SIDS
+      4.7) LSA Lookup Names
+
+   5) NETLOGON rpc Transact Named Pipe
+
+      5.1) LSA Request Challenge
+      5.2) LSA Authenticate 2
+      5.3) LSA Server Password Set
+      5.4) LSA SAM Logon
+      5.5) LSA SAM Logoff
+
+   6) \\MAILSLOT\NET\NTLOGON
+
+      6.1) Query for PDC
+      6.2) SAM Logon
+
+   7) SRVSVC Transact Named Pipe
+
+      7.1) Net Share Enum
+      7.2) Net Server Get Info
+
+
+Appendix:
+---------
+
+   A1) Cryptographic side of NT Domain Authentication
+   
+       A1.1) Definitions
+       A1.2) Protocol
+       A1.3) Comments
+
+   A2) SIDs and RIDs
+
+       A2.1) Well-known SIDs
+
+             A2.1.1) Universal well-known SIDs
+             A2.1.2) NT well-known SIDs
+
+       A2.2) Well-known RIDS
+      
+             A2.2.1) Well-known RID users
+             A2.2.2) Well-known RID groups
+             A2.2.3) Well-known RID aliases
+
+
+
+1) Introduction
+---------------
+
+
+This document contains information to provide an NT workstation with login
+services, without the need for an NT server.
+
+It should be possible to select a domain instead of a workgroup (in the NT
+workstation's TCP/IP settings) and after the obligatory reboot, type in a
+username, password, select a domain and successfully log in.  I would
+appreciate any feedback on your experiences with this process, and any
+comments, corrections and additions to this document.
+
+
+The packets described here can be easily derived from (and are probably
+better understood using) Netmon.exe.  You will need to use the version
+of Netmon that matches your system, in order to correctly decode the
+NETLOGON, lsarpc and srvsvc Transact pipes.  This document is derived from
+NT Service Pack 1 and its corresponding version of Netmon.  It is intended
+that an annotated packet trace be produced, which will likely be more
+instructive than this document.
+
+Also needed, to fully implement NT Domain Login Services, is the 
+document describing the cryptographic part of the NT authentication.
+This document is available from comp.protocols.smb; from the ntsecurity.net
+digest and from the samba digest, amongst other sources.
+
+A copy is available from:
+
+http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708&L=ntbugtraq&O=A&P=2935
+http://mailhost.cb1.com/~lkcl/crypt.html
+
+
+A c-code implementation, provided by Linus Nordberg <linus@incolumitas.se>
+of this protocol is available from:
+
+http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html
+http://mailhost.cb1.com/~lkcl/crypt.txt
+
+
+Also used to provide debugging information is the Check Build version of
+NT workstation, and enabling full debugging in NETLOGON.  This is
+achieved by setting the following REG_SZ registry key to 0x1ffffff:
+
+HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
+
+- Incorrect direct editing of the registry can cause your machine to fail.
+  Then again, so can incorrect implementation of this protocol.
+  See "Liability:" above.
+
+
+Bear in mind that each packet over-the-wire will have its origin in an
+API call.  Therefore, there are likely to be structures, enumerations
+and defines that are usefully documented elsewhere.
+
+
+This document is by no means complete or authoritative.  Missing sections
+include, but are not limited to:
+
+- the meaning (and use by NT) of SIDs and RIDs.
+
+- mappings of RIDs to usernames (and vice-versa).
+
+- what a User ID is and what a Group ID is.
+
+- the exact meaning/definition of various magic constants or enumerations.
+
+- the reply error code and use of that error code when a workstation
+  becomes a member of a domain (to be described later).  Failure to
+  return this error code will make the workstation report that it is
+  already a member of the domain.
+
+- the cryptographic side of the NetrServerPasswordSet command, which would
+  allow the workstation to change its password.  This password is used to
+  generate the long-term session key.  [It is possible to reject this
+  command, and keep the default workstation password].
+   
+
+2) Notes and Structures
+-----------------------
+
+
+2.1) Notes
+----------
+
+- In the SMB Transact pipes, some "Structures", described here, appear to be
+  4-byte aligned with the SMB header, at their start.  Exactly which
+  "Structures" need aligning is not precisely known or documented.
+
+- In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be
+  2-byte aligned with the start of the mailslot, at their start.
+
+- Domain SID is of the format S-revision-version-auth1-auth2...authN.
+  e.g S-1-5-123-456-789-123-456.  the 5 could be a sub-revision.
+
+- any undocumented buffer pointers must be non-zero if the string buffer it
+  refers to contains characters.  exactly what value they should be is unknown.
+  0x0000 0002 seems to do the trick to indicate that the buffer exists.  a
+  NULL buffer pointer indicates that the string buffer is of zero length.
+  If the buffer pointer is NULL, then it is suspected that the structure it
+  refers to is NOT put into (or taken out of) the SMB data stream.  This is
+  empirically derived from, for example, the LSA SAM Logon response packet,
+  where if the buffer pointer is NULL, the user information is not inserted
+  into the data stream.  Exactly what happens with an array of buffer pointers
+  is not known, although an educated guess can be made.
+
+- an array of structures (a container) appears to have a count and a pointer.
+  if the count is zero, the pointer is also zero.  no further data is put
+  into or taken out of the SMB data stream.  if the count is non-zero, then
+  the pointer is also non-zero.  immediately following the pointer is the
+  count again, followed by an array of container sub-structures.  the count
+  appears a third time after the last sub-structure.
+
+  
+2.2) Enumerations
+-----------------
+
+- MSRPC Header type.  command number in the msrpc packet header
+
+    MSRPC_Request:   0x00
+    MSRPC_Response:  0x02
+    MSRPC_Bind:      0x0B
+    MSRPC_BindAck:   0x0C
+
+- MSRPC Packet info.  the meaning of these flags is undocumented
+
+    FirstFrag:     0x01 
+    LastFrag:      0x02 
+    NotaFrag:      0x04  
+    RecRespond:    0x08  
+    NoMultiplex:   0x10  
+    NotForIdemp:   0x20  
+    NotforBcast:   0x40  
+    NoUuid:        0x80 
+
+
+2.3) Structures
+---------------
+
+- sizeof VOID* is 32 bits.
+
+- sizeof char is 8 bits.
+
+- UTIME is 32 bits, indicating time in seconds since 01jan1970.  documented
+  in cifs6.txt (section 3.5 page, page 30).
+
+- NTTIME is 64 bits.  documented in cifs6.txt (section 3.5 page, page 30).
+
+- DOM_SID (domain SID structure) :
+
+        UINT32             num of sub-authorities in domain SID
+        UINT8              SID revision number
+        UINT8              num of sub-authorities in domain SID
+        UINT8[6]           6 bytes for domain SID - Identifier Authority.
+        UINT16[n_subauths] domain SID sub-authorities
+
+  Note: the domain SID is documented elsewhere.
+
+- STR (string) :
+
+        char[]             null-terminated string of ascii characters.
+
+- UNIHDR (unicode string header) :
+
+        UINT16             length of unicode string
+        UINT16             max length of unicode string
+        UINT32             4 - undocumented.
+   
+- UNIHDR2 (unicode string header plus buffer pointer) :
+
+        UNIHDR             unicode string header
+        VOID*              undocumented buffer pointer
+
+- UNISTR (unicode string) :
+
+        UINT16[]           null-terminated string of unicode characters.
+
+- NAME (length-indicated unicode string) :
+
+        UINT32             length of unicode string
+        UINT16[]           null-terminated string of unicode characters.
+
+- UNISTR2 (aligned unicode string) :
+
+        UINT8[]            padding to get unicode string 4-byte aligned
+                           with the start of the SMB header.
+        UINT32             max length of unicode string
+        UINT32             0 - undocumented
+        UINT32             length of unicode string
+        UINT16[]           string of uncode characters.
+
+- OBJ_ATTR (object attributes) :
+
+        UINT32             0x18 - length (in bytes) including the length field.
+        VOID*              0 - root directory (pointer)
+        VOID*              0 - object name (pointer)
+        UINT32             0 - attributes (undocumented)
+        VOID*              0 - security descriptior (pointer)
+        UINT32             0 - security quality of service
+        
+- POL_HND (LSA policy handle) :
+
+    char[20]           policy handle
+
+- DOM_SID2 (domain SID structure, SIDS stored in unicode) :
+
+        UINT32             5 - SID type
+        UINT32             0 - undocumented
+        UNIHDR2            domain SID unicode string header
+        UNISTR             domain SID unicode string
+
+  Note:	there is a conflict between the unicode string header and the
+	unicode string itself as to which to use to indicate string
+	length.  this will need to be resolved.
+
+  Note:	the SID type indicates, for example, an alias; a well-known group etc.
+	this is documented somewhere.
+
+- DOM_RID (domain RID structure) :
+
+        UINT32             5 - well-known SID.  1 - user SID (see ShowACLs)
+        UINT32             5 - undocumented
+        UINT32             domain RID 
+        UINT32             0 - domain index out of above reference domains
+        
+
+- LOG_INFO (server, account, client structure) :
+
+  Note:	logon server name starts with two '\' characters and is upper case.
+
+  Note:	account name is the logon client name from the LSA Request Challenge,
+	with a $ on the end of it, in upper case.
+
+        VOID*       undocumented buffer pointer
+        UNISTR2     logon server unicode string
+        UNISTR2     account name unicode string
+        UINT16      sec_chan - security channel type
+        UNISTR2     logon client machine unicode string
+
+- CLNT_SRV (server, client names structure) :
+
+  Note:	logon server name starts with two '\' characters and is upper case.
+
+        VOID*       undocumented buffer pointer
+        UNISTR2     logon server unicode string
+        VOID*       undocumented buffer pointer
+        UNISTR2     logon client machine unicode string
+
+- CREDS (credentials + time stamp)
+
+        char[8]     credentials
+        UTIME       time stamp
+    
+- CLNT_INFO2 (server, client structure, client credentials) :
+
+  Note: whenever this structure appears in a request, you must take a copy
+	of the client-calculated credentials received, because they will be
+	used in subsequent credential checks.  the presumed intention is to
+	maintain an authenticated request/response trail.
+        
+        CLNT_SRV     client and server names
+        UINT8[]      ???? padding, for 4-byte alignment with SMB header.
+        VOID*        pointer to client credentials.
+        CREDS        client-calculated credentials + client time
+
+- CLNT_INFO (server, account, client structure, client credentials) :
+
+  Note: whenever this structure appears in a request, you must take a copy
+	of the client-calculated credentials received, because they will be
+	used in subsequent credential checks.  the presumed intention is to
+	maintain an authenticated request/response trail.
+        
+        LOG_INFO    logon account info
+        CREDS       client-calculated credentials + client time
+
+- ID_INFO_1 (id info structure, auth level 1) :
+
+    VOID*         ptr_id_info_1
+    UNIHDR        domain name unicode header
+    UINT32        param control
+    UINT64        logon ID
+    UNIHDR        user name unicode header
+    UNIHDR        workgroup name unicode header
+    char[16]      arc4 LM OWF Password
+    char[16]      arc4 NT OWF Password
+    UNISTR2       domain name unicode string
+    UNISTR2       user name unicode string
+    UNISTR2       workstation name unicode string
+
+- SAM_INFO (sam logon/logoff id info structure) :
+
+  Note: presumably, the return credentials is supposedly for the server to
+        verify that the credential chain hasn't been compromised.
+
+        CLNT_INFO2  client identification/authentication info
+        VOID*       pointer to return credentials.
+        CRED        return credentials - ignored.
+        UINT16      logon level
+        UINT16      switch value
+
+        switch (switch_value)
+        case 1:
+        {
+            ID_INFO_1     id_info_1;
+        }
+
+- GID (group id info) :
+
+        UINT32      group id
+        UINT32      user attributes (only used by NT 3.1 and 3.51)
+
+- DOM_REF (domain reference info) :
+
+        VOID*                    undocumented buffer pointer.
+        UINT32                   num referenced domains?
+        VOID*                    undocumented domain name buffer pointer.
+        UINT32                   32 - max number of entries
+        UINT32                   4 - num referenced domains?
+
+        UNIHDR2                  domain name unicode string header
+        UNIHDR2[num_ref_doms-1]  referenced domain unicode string headers
+
+        UNISTR                   domain name unicode string
+        DOM_SID[num_ref_doms]    referenced domain SIDs
+
+- DOM_INFO (domain info, levels 3 and 5 are the same)) :
+
+        UINT8[]     ??? padding to get 4-byte alignment with start of SMB header
+        UINT16      domain name string length * 2
+        UINT16      domain name string length * 2
+        VOID*       undocumented domain name string buffer pointer
+        VOID*       undocumented domain SID string buffer pointer
+        UNISTR2     domain name (unicode string)
+        DOM_SID     domain SID
+
+- USER_INFO (user logon info) :
+
+    Note: it would be nice to know what the 16 byte user session key is for.
+
+        NTTIME            logon time
+        NTTIME            logoff time
+        NTTIME            kickoff time
+        NTTIME            password last set time
+        NTTIME            password can change time
+        NTTIME            password must change time
+
+        UNIHDR            username unicode string header
+        UNIHDR            user's full name unicode string header
+        UNIHDR            logon script unicode string header
+        UNIHDR            profile path unicode string header
+        UNIHDR            home directory unicode string header
+        UNIHDR            home directory drive unicode string header
+
+        UINT16            logon count
+        UINT16            bad password count
+
+        UINT32            User ID
+        UINT32            Group ID
+        UINT32            num groups
+        VOID*             undocumented buffer pointer to groups.
+
+        UINT32            user flags
+        char[16]          user session key
+
+        UNIHDR            logon server unicode string header
+        UNIHDR            logon domain unicode string header
+        VOID*             undocumented logon domain id pointer
+        char[40]          40 undocumented padding bytes.  future expansion?
+
+        UINT32            0 - num_other_sids?
+        VOID*             NULL - undocumented pointer to other domain SIDs.
+        
+        UNISTR2           username unicode string
+        UNISTR2           user's full name unicode string
+        UNISTR2           logon script unicode string
+        UNISTR2           profile path unicode string
+        UNISTR2           home directory unicode string
+        UNISTR2           home directory drive unicode string
+
+        UINT32            num groups
+        GID[num_groups]   group info
+
+        UNISTR2           logon server unicode string
+        UNISTR2           logon domain unicode string
+
+        DOM_SID           domain SID
+        DOM_SID[num_sids] other domain SIDs?
+
+- SH_INFO_1_PTR (pointers to level 1 share info strings):
+
+Note:	see cifsrap2.txt section5, page 10.
+
+	0 for shi1_type indicates a  Disk.
+	1 for shi1_type indicates a  Print Queue.
+	2 for shi1_type indicates a  Device.
+	3 for shi1_type indicates an IPC pipe.
+	0x8000 0000 (top bit set in shi1_type) indicates a hidden share.
+
+        VOID*        shi1_netname - pointer to net name
+        UINT32       shi1_type    - type of share.  0 - undocumented.
+        VOID*        shi1_remark  - pointer to comment.
+
+- SH_INFO_1_STR (level 1 share info strings) :
+
+        UNISTR2      shi1_netname - unicode string of net name
+        UNISTR2      shi1_remark  - unicode string of comment.
+
+- SHARE_INFO_1_CTR :
+
+    share container with 0 entries:
+
+        UINT32        0 - EntriesRead
+        UINT32        0 - Buffer
+
+    share container with > 0 entries:
+
+        UINT32                      EntriesRead
+        UINT32                      non-zero - Buffer
+        UINT32                      EntriesRead
+
+        SH_INFO_1_PTR[EntriesRead]  share entry pointers
+        SH_INFO_1_STR[EntriesRead]  share entry strings
+
+        UINT8[]                     padding to get unicode string 4-byte
+                                    aligned with start of the SMB header.
+        UINT32                      EntriesRead
+    	UINT32                      0 - padding
+
+- SERVER_INFO_101 :
+
+Note:	see cifs6.txt section 6.4 - the fields described therein will be
+	of assistance here.  for example, the type listed below is the
+	same as fServerType, which is described in 6.4.1.
+
+	SV_TYPE_WORKSTATION        0x00000001  All workstations
+	SV_TYPE_SERVER             0x00000002  All servers
+	SV_TYPE_SQLSERVER          0x00000004  Any server running with SQL
+	                                       server
+	SV_TYPE_DOMAIN_CTRL        0x00000008  Primary domain controller
+	SV_TYPE_DOMAIN_BAKCTRL     0x00000010  Backup domain controller
+	SV_TYPE_TIME_SOURCE        0x00000020  Server running the timesource
+					       service
+	SV_TYPE_AFP                0x00000040  Apple File Protocol servers
+	SV_TYPE_NOVELL             0x00000080  Novell servers
+	SV_TYPE_DOMAIN_MEMBER      0x00000100  Domain Member
+	SV_TYPE_PRINTQ_SERVER      0x00000200  Server sharing print queue
+	SV_TYPE_DIALIN_SERVER      0x00000400  Server running dialin service.
+	SV_TYPE_XENIX_SERVER       0x00000800  Xenix server
+	SV_TYPE_NT                 0x00001000  NT server
+	SV_TYPE_WFW                0x00002000  Server running Windows for
+
+	SV_TYPE_SERVER_NT          0x00008000  Windows NT non DC server
+	SV_TYPE_POTENTIAL_BROWSER  0x00010000  Server that can run the browser
+	                                       service
+	SV_TYPE_BACKUP_BROWSER     0x00020000  Backup browser server
+	SV_TYPE_MASTER_BROWSER     0x00040000  Master browser server
+	SV_TYPE_DOMAIN_MASTER      0x00080000  Domain Master Browser server
+	SV_TYPE_LOCAL_LIST_ONLY    0x40000000  Enumerate only entries marked
+	                                       "local"
+	SV_TYPE_DOMAIN_ENUM        0x80000000  Enumerate Domains. The pszServer
+	                                       and pszDomain parameters must be
+	                                       NULL.
+
+        UINT32        500 - platform_id
+        VOID*         pointer to name
+        UINT32        5 - major version
+        UINT32        4 - minor version
+        UINT32        type (SV_TYPE_... bit field)
+        VOID*         pointer to comment
+
+        UNISTR2       sv101_name - unicode string of server name
+        UNISTR2       sv_101_comment  - unicode string of server comment.
+
+        UINT8[]       padding to get unicode string 4-byte
+                      aligned with start of the SMB header.
+
+
+
+3) MSRPC over Transact Named Pipe
+---------------------------------
+
+For details on the SMB Transact Named Pipe, see cifs6.txt
+
+
+3.1) MSRPC Pipes
+----------------
+
+The MSRPC is conducted over an SMB Transact Pipe with a name of "\PIPE\".
+You must first obtain a 16 bit file handle, by sending a SMBopenX with the
+pipe name "\PIPE\srvsvc" for example.  You can then perform an SMB Trans,
+and must carry out an SMBclose on the file handle once you are finished.
+
+Trans Requests must be sent with two setup UINT16s, no UINT16 params (none
+known about), and UINT8 data parameters sufficient to contain the MSRPC
+header, and MSRPC data.  The first UINT16 setup parameter must be either
+0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle
+state.  The second UINT16 parameter must be the file handle for the pipe,
+obtained above.
+
+The Data section for an API Command of 0x0026 (RPC pipe) in the Trans
+Request is the RPC Header, followed by the RPC Data.  The Data section for
+an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes.  The
+only value seen for these two bytes is 0x00 0x43.
+
+
+MSRPC Responses are sent as response data inside standard SMB Trans
+responses, with the MSRPC Header, MSRPC Data and MSRPC tail.
+
+
+It is suspected that the Trans Requests will need to be at least 2-byte
+aligned (probably 4-byte).  This is standard practice for SMBs.  It is also
+independent of the observed 4-byte alignments with the start of the MSRPC
+header, including the 4-byte alignment between the MSRPC header and the
+MSRPC data.
+
+
+First, an SMBtconX connection is made to the IPC$ share.  The connection
+must be made using encrypted passwords, not clear-text.  Then, an SMBopenX
+is made on the pipe.  Then, a Set Named Pipe Handle State must be sent,
+after which the pipe is ready to accept API commands.  Lastly, and SMBclose
+is sent.
+
+
+To be resolved:
+
+    lkcl/01nov97 there appear to be two additional bytes after the null-
+    terminated \PIPE\ name for the RPC pipe.  Values seen so far are
+    listed below:
+
+        initial SMBopenX request:         RPC API command 0x26 params:
+
+        "\\PIPE\\lsarpc"                  0x65 0x63; 0x72 0x70; 0x44 0x65;
+        "\\PIPE\\srvsvc"                  0x73 0x76; 0x4E 0x00; 0x5C 0x43;
+
+
+3.2) Header
+-----------
+
+[section to be rewritten, following receipt of work by Duncan Stansfield]
+
+
+Interesting note: if you set packed data representation to 0x0100 0000
+then all 4-byte and 2-byte word ordering is turned around!
+
+The start of each of the NTLSA and NETLOGON named pipes begins with:
+
+00  UINT8         5 - RPC major version
+01  UINT8         0 - RPC minor version
+02  UINT8         2 - RPC response packet
+03  UINT8         3 - (FirstFrag bit-wise or with LastFrag)
+04  UINT32        0x1000 0000 - packed data representation
+08  UINT16        fragment length - data size (bytes) inc header and tail.
+0A  UINT16        0 - authentication length 
+0C  UINT32        call identifier.  matches 12th UINT32 of incoming RPC data.
+10  UINT32        allocation hint - data size (bytes) minus header and tail.
+14  UINT16        0 - presentation context identifier
+16  UINT8         0 - cancel count
+17  UINT8         in replies: 0 - reserved; in requests: opnum - see #defines.
+18  ......        start of data (goes on for allocation_hint bytes)
+
+
+RPC_Packet for request, response, bind and bind acknowledgement.
+{
+  
+  UINT8 versionmaj        # reply same as request (0x05)
+  UINT8 versionmin        # reply same as request (0x00)
+  UINT8 type              # one of the MSRPC_Type enums
+  UINT8 flags             # reply same as request (0x00 for Bind, 0x03 for Request)
+  UINT32 representation   # reply same as request (0x00000010)
+  UINT16 fraglength       # the length of the data section of the SMB trans packet
+  UINT16 authlength       
+  UINT32 callid           # call identifier. (e.g. 0x00149594)
+
+  * stub USE TvPacket     # the remainder of the packet depending on the "type"
+}
+
+
+# the interfaces are numbered. as yet I haven't seen more than one interface
+# used on the same pipe name
+# srvsvc
+#   abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003)
+#   transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002)
+RPC_Iface RW
+{
+  UINT8 byte[16]    # 16 bytes of number
+  UINT32 version    # the interface number
+}
+
+
+# the remainder of the packet after the header if "type" was Bind
+# in the response header, "type" should be BindAck
+RPC_ReqBind RW
+{
+  UINT16 maxtsize       # maximum transmission fragment size (0x1630)
+  UINT16 maxrsize       # max receive fragment size (0x1630)
+  UINT32 assocgid       # associated group id (0x0)
+  UINT32 numelements    # the number of elements (0x1)
+  UINT16 contextid      # presentation context identifier (0x0)
+  UINT8 numsyntaxes     # the number of syntaxes (has always been 1?)(0x1)
+  UINT8[]               # 4-byte alignment padding, against SMB header
+
+  * abstractint USE RPC_Iface # num and vers. of interface client is using
+  * transferint USE RPC_Iface # num and vers. of interface to use for replies
+}
+
+
+RPC_Address RW
+{
+  UINT16 length        # length of the string including null terminator
+  * port USE string    # the string above in single byte, null terminated form
+}
+
+
+# the response to place after the header in the reply packet
+RPC_ResBind RW
+{
+  UINT16 maxtsize                   # same as request
+  UINT16 maxrsize                   # same as request
+  UINT32 assocgid                   # zero
+
+  * secondaddr USE RPC_Address     # the address string, as described earlier
+
+  UINT8[]                           # 4-byte alignment padding, against SMB header
+
+  UINT8 numresults                  # the number of results (0x01)
+
+  UINT8[]                           # 4-byte alignment padding, against SMB header
+  UINT16 result                     # result (0x00 = accept)
+  UINT16 reason                     # reason (0x00 = no reason specified)
+
+  * transfersyntax USE RPC_Iface   # the transfer syntax from the request
+}
+
+
+# the remainder of the packet after the header for every other other
+# request
+RPC_ReqNorm RW
+{
+  UINT32 allochint         # the size of the stub data in bytes
+  UINT16 prescontext       # presentation context identifier (0x0)
+  UINT16 opnum             # operation number (0x15)
+
+  * stub USE TvPacket      # a packet dependent on the pipe name
+                           # (probably the interface) and the op number)
+}
+
+
+# response to a request
+RPC_ResNorm RW
+{
+  UINT32 allochint         # size of the stub data in bytes
+  UINT16 prescontext       # presentation context identifier (same as request)
+  UINT8 cancelcount        # cancel count? (0x0)
+  UINT8 reserved           # 0 - one byte padding
+
+  * stub USE TvPacket      # the remainder of the reply
+}
+
+
+3.3) Tail
+---------
+
+The end of each of the NTLSA and NETLOGON named pipes ends with:
+
+    ......        end of data
+    UINT32        return code
+
+
+
+3.4 RPC Bind / Bind Ack
+-----------------------
+
+RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc)
+with a "transfer syntax" (see RPC_Iface structure).  The purpose for doing
+this is unknown.
+
+Note:	The RPC_ResBind SMB Transact request is sent with two uint16 setup
+	parameters.  The first is 0x0026; the second is the file handle
+	returned by the SMBopenX Transact response.
+
+Note:	The RPC_ResBind members maxtsize, maxrsize and assocgid are the
+	same in the response as the same members in the RPC_ReqBind.  The
+	RPC_ResBind member transfersyntax is the same in the response as
+	the
+
+Note:	The RPC_ResBind response member secondaddr contains the name
+	of what is presumed to be the service behind the RPC pipe.  The
+	mapping identified so far is:
+
+		initial SMBopenX request:          RPC_ResBind response:
+
+		"\\PIPE\\srvsvc"                   "\\PIPE\\ntsvcs"
+		"\\PIPE\\samr"                     "\\PIPE\\lsass"
+		"\\PIPE\\lsarpc"                   "\\PIPE\\lsass"
+		"\\PIPE\\wkssvc"                   "\\PIPE\\wksvcs"
+		"\\PIPE\\NETLOGON"                 "\\PIPE\\NETLOGON"
+
+Note:	The RPC_Packet fraglength member in both the Bind Request and Bind
+	Acknowledgment must contain the length of the entire RPC data,
+	including the RPC_Packet header.  
+
+Request:
+
+    RPC_Packet
+    RPC_ReqBind
+
+Response:
+
+    RPC_Packet
+    RPC_ResBind
+
+
+
+4) NTLSA Transact Named Pipe
+----------------------------
+        
+The sequence of actions taken on this pipe are:
+
+- Establish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.
+- Open an RPC Pipe with the name "\\PIPE\\lsarpc".  Store the file handle.
+- Using the file handle, send a Set Named Pipe Handle state to 0x4300.
+- Send an LSA Open Policy request.  Store the Policy Handle.
+- Using the Policy Handle, send LSA Query Info Policy requests, etc.
+- Using the Policy Handle, send an LSA Close.
+- Close the IPC$ share.
+
+
+Defines for this pipe, identifying the query are:
+
+- LSA Open Policy:               0x2c
+- LSA Query Info Policy:         0x07
+- LSA Enumerate Trusted Domains: 0x0d
+- LSA Open Secret:               0xff
+- LSA Lookup SIDs:               0xfe
+- LSA Lookup Names:              0xfd
+- LSA Close:                     0x00
+
+
+4.1) LSA Open Policy
+--------------------
+
+Note:	The policy handle can be anything you like.
+
+Request:
+
+	VOID*     buffer pointer
+    UNISTR2   server name - unicode string starting with two '\'s
+    OBJ_ATTR  object attributes
+    UINT32    1 - desired access
+
+Response:
+
+    POL_HND   LSA policy handle
+
+    return    0 - indicates success
+
+
+4.2) LSA Query Info Policy
+--------------------------
+
+Note:	The info class in response must be the same as that in the request.
+
+Request:
+
+    POL_HND   LSA policy handle
+    UINT16    info class (also a policy handle?)
+
+Response:
+
+    VOID*     undocumented buffer pointer
+    UINT16    info class (same as info class in request).
+    
+    switch (info class)
+    case 3:
+    case 5:
+    {
+        DOM_INFO domain info, levels 3 and 5 (are the same).
+    }
+
+    return    0 - indicates success
+
+
+4.3) LSA Enumerate Trusted Domains
+----------------------------------
+
+Request:
+
+    no extra data
+
+Response:
+
+    UINT32     0 - enumeration context
+    UINT32     0 - entries read
+    UINT32     0 - trust information
+
+    return     0x8000 001a - "no trusted domains" success code
+
+
+4.4) LSA Open Secret
+--------------------
+
+Request:
+
+    no extra data
+
+Response:
+
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+
+    return    0x0C00 0034 - "no such secret" success code
+
+
+4.5) LSA Close
+--------------
+
+Request:
+
+    POL_HND   policy handle to be closed
+
+Response:
+
+    POL_HND   0s - closed policy handle (all zeros)
+
+    return    0 - indicates success
+
+
+4.6) LSA Lookup SIDS
+--------------------
+
+Note:	num_entries in response must be same as num_entries in request.
+
+Request:
+
+    POL_HND            LSA policy handle
+    UINT32             num_entries
+    VOID*              undocumented domain SID buffer pointer
+    VOID*              undocumented domain name buffer pointer
+    VOID*[num_entries] undocumented domain SID pointers to be looked up.
+    DOM_SID[num_entries] domain SIDs to be looked up.
+    char[16]           completely undocumented 16 bytes.
+
+Response:
+
+    DOM_REF               domain reference response
+
+    UINT32                num_entries (listed above)
+    VOID*                 undocumented buffer pointer
+
+    UINT32                num_entries (listed above)
+    DOM_SID2[num_entries] domain SIDs (from Request, listed above).
+
+    UINT32                num_entries (listed above)
+
+    return                0 - indicates success
+
+
+4.7) LSA Lookup Names
+---------------------
+
+Note:	num_entries in response must be same as num_entries in request.
+
+Request:
+
+    POL_HND            LSA policy handle
+    UINT32             num_entries
+    UINT32             num_entries
+    VOID*              undocumented domain SID buffer pointer
+    VOID*              undocumented domain name buffer pointer
+    NAME[num_entries]  names to be looked up.
+    char[]             undocumented bytes - falsely translated SID structure?
+
+Response:
+
+    DOM_REF               domain reference response
+
+    UINT32                num_entries (listed above)
+    VOID*                 undocumented buffer pointer
+
+    UINT32                num_entries (listed above)
+    DOM_RID[num_entries]  domain SIDs (from Request, listed above).
+
+    UINT32                num_entries (listed above)
+
+    return                0 - indicates success
+
+
+
+5) NETLOGON rpc Transact Named Pipe
+-----------------------------------
+
+The sequence of actions taken on this pipe are:
+
+- Establish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.
+- Open an RPC Pipe with the name "\\PIPE\\NETLOGON".  Store the file handle.
+- Using the file handle, send a Set Named Pipe Handle state to 0x4300.
+- Create Client Challenge. Send LSA Request Challenge.  Store Server Challenge.
+- Calculate Session Key.  Send an LSA Auth 2 Challenge.  Store Auth2 Challenge.
+- Calc/Verify Client Creds.  Send LSA Srv PW Set.  Calc/Verify Server Creds.
+- Calc/Verify Client Creds.  Send LSA SAM Logon .  Calc/Verify Server Creds.
+- Calc/Verify Client Creds.  Send LSA SAM Logoff.  Calc/Verify Server Creds.
+- Close the IPC$ share.
+
+
+Defines for this pipe, identifying the query are:
+
+- LSA Request Challenge:         0x04
+- LSA Server Password Set:       0x06
+- LSA SAM Logon:                 0x02
+- LSA SAM Logoff:                0x03
+- LSA Auth 2:                    0x0f
+- LSA Logon Control:             0x0e
+
+
+5.1) LSA Request Challenge
+--------------------------
+
+Note:	logon server name starts with two '\' characters and is upper case.
+
+Note:	logon client is the machine, not the user.
+
+Note:	the initial LanManager password hash, against which the challenge
+	is issued, is the machine name itself (lower case).  there will be
+	calls issued (LSA Server Password Set) which will change this, later.
+	refusing these calls allows you to always deal with the same password
+	(i.e the LM# of the machine name in lower case).
+
+Request:
+
+    VOID*       undocumented buffer pointer
+    UNISTR2     logon server unicode string
+    UNISTR2     logon client unicode string
+    char[8]     client challenge
+
+Response:
+
+    char[8]     server challenge
+
+    return    0 - indicates success
+
+
+
+5.2) LSA Authenticate 2
+-----------------------
+
+Note:	in between request and response, calculate the client credentials,
+	and check them against the client-calculated credentials (this
+	process uses the previously received client credentials).
+
+Note:	neg_flags in the response is the same as that in the request.
+
+Note:	you must take a copy of the client-calculated credentials received
+	here, because they will be used in subsequent authentication packets.
+
+Request:
+
+    LOG_INFO    client identification info
+
+    char[8]     client-calculated credentials
+    UINT8[]     padding to 4-byte align with start of SMB header.
+    UINT32      neg_flags - negotiated flags (usual value is 0x0000 01ff)
+
+Response:
+
+    char[8]     server credentials.
+    UINT32      neg_flags - same as neg_flags in request.
+
+    return    0 - indicates success.  failure value unknown.
+
+
+5.3) LSA Server Password Set
+----------------------------
+
+Note:	the new password is suspected to be a DES encryption using the old
+	password to generate the key.
+
+Note:	in between request and response, calculate the client credentials,
+	and check them against the client-calculated credentials (this
+	process uses the previously received client credentials).
+
+Note:	the server credentials are constructed from the client-calculated
+	credentials and the client time + 1 second.
+
+Note:	you must take a copy of the client-calculated credentials received
+	here, because they will be used in subsequent authentication packets.
+
+Request:
+
+    CLNT_INFO   client identification/authentication info
+    char[]      new password - undocumented.
+    
+Response:
+
+    CREDS       server credentials.  server time stamp appears to be ignored.
+
+    return    0 - indicates success; 0xC000 006a indicates failure
+
+
+5.4) LSA SAM Logon
+------------------
+
+Note:	valid_user is True iff the username and password hash are valid for
+	the requested domain.
+
+Request:
+
+    SAM_INFO    sam_id structure
+
+Response:
+
+    VOID*       undocumented buffer pointer
+    CREDS       server credentials.  server time stamp appears to be ignored.
+    
+    if (valid_user)
+    {
+		UINT16      3 - switch value indicating USER_INFO structure.
+        VOID*     non-zero - pointer to USER_INFO structure
+        USER_INFO user logon information
+
+        UINT32    1 - Authoritative response; 0 - Non-Auth?
+
+        return    0 - indicates success
+    }
+    else
+    {
+		UINT16    0 - switch value.  value to indicate no user presumed.
+        VOID*     0x0000 0000 - indicates no USER_INFO structure.
+
+        UINT32    1 - Authoritative response; 0 - Non-Auth?
+
+        return    0xC000 0064 - NT_STATUS_NO_SUCH_USER.
+    }
+
+
+5.5) LSA SAM Logoff
+--------------------
+
+Note:	presumably, the SAM_INFO structure is validated, and a (currently
+	undocumented) error code returned if the Logoff is invalid.
+
+Request:
+
+    SAM_INFO    sam_id structure
+
+Response:
+
+    VOID*       undocumented buffer pointer
+    CREDS       server credentials.  server time stamp appears to be ignored.
+
+    return      0 - indicates success.  undocumented failure indication.
+
+
+6) \\MAILSLOT\NET\NTLOGON
+-------------------------
+
+Note:	mailslots will contain a response mailslot, to which the response
+	should be sent.  the target NetBIOS name is REQUEST_NAME<20>, where
+	REQUEST_NAME is the name of the machine that sent the request.
+
+
+6.1) Query for PDC
+------------------
+
+Note:	NTversion, LMNTtoken, LM20token in response are the same as those
+	given in the request.
+
+Request:
+
+    UINT16         0x0007 - Query for PDC
+    STR            machine name
+    STR            response mailslot
+    UINT8[]        padding to 2-byte align with start of mailslot.
+    UNISTR         machine name
+    UINT32         NTversion
+    UINT16         LMNTtoken
+    UINT16         LM20token
+
+Response:
+
+    UINT16         0x000A - Respose to Query for PDC
+    STR            machine name (in uppercase)
+    UINT8[]        padding to 2-byte align with start of mailslot.
+    UNISTR         machine name
+    UNISTR         domain name
+    UINT32         NTversion (same as received in request)
+    UINT16         LMNTtoken (same as received in request)
+    UINT16         LM20token (same as received in request)
+
+
+6.2) SAM Logon
+--------------
+
+Note:	machine name in response is preceded by two '\' characters.
+
+Note:	NTversion, LMNTtoken, LM20token in response are the same as those
+	given in the request.
+
+Note:	user name in the response is presumably the same as that in the request.
+
+Request:
+
+    UINT16         0x0012 - SAM Logon
+    UINT16         request count
+    UNISTR         machine name
+    UNISTR         user name
+    STR            response mailslot
+    UINT32         alloweable account
+    UINT32         domain SID size
+    char[sid_size] domain SID, of sid_size bytes.
+    UINT8[]        ???? padding to 4? 2? -byte align with start of mailslot.
+    UINT32         NTversion
+    UINT16         LMNTtoken
+    UINT16         LM20token
+    
+Response:
+
+    UINT16         0x0013 - Response to SAM Logon
+    UNISTR         machine name
+    UNISTR         user name - workstation trust account
+    UNISTR         domain name 
+    UINT32         NTversion
+    UINT16         LMNTtoken
+    UINT16         LM20token
+
+
+
+7) SRVSVC Transact Named Pipe
+-----------------------------
+
+
+Defines for this pipe, identifying the query are:
+
+- Net Share Enum :              0x0f
+- Net Server Get Info :         0x15
+
+
+7.1) Net Share Enum
+------------------
+
+Note:	share level and switch value in the response are presumably the 
+	same as those in the request.
+
+Note:	cifsrap2.txt (section 5) may be of limited assistance here.
+
+Request:
+
+    VOID*             pointer (to server name?)
+	UNISTR2           server name
+
+    UINT8[]           padding to get unicode string 4-byte aligned
+                      with the start of the SMB header.
+
+    UINT32            share level
+    UINT32            switch value
+
+    VOID*             pointer to SHARE_INFO_1_CTR
+    SHARE_INFO_1_CTR  share info with 0 entries
+
+    UINT32            preferred maximum length (0xffff ffff)
+
+Response:
+
+    UINT32            share level
+    UINT32            switch value
+
+    VOID*             pointer to SHARE_INFO_1_CTR
+    SHARE_INFO_1_CTR  share info (only added if share info ptr is non-zero)
+
+    return            0 - indicates success
+
+
+7.2) Net Server Get Info
+------------------
+
+Note:	level is the same value as in the request.
+
+Request:
+
+	UNISTR2           server name
+    UINT32            switch level
+
+Response:
+
+    UINT32            switch level
+    VOID*             pointer to SERVER_INFO_101
+
+    SERVER_INFO_101   server info (only added if server info ptr is non-zero)
+
+    return            0 - indicates success
+
+
+
+Appendix
+--------
+
+A1) Cryptographic side of NT Domain Authentication
+--------------------------------------------------
+
+
+A1.1) Definitions
+-----------------
+
+Add(A1,A2): Intel byte ordered addition of corresponding 4 byte words
+in arrays A1 and A2
+
+E(K,D): DES ECB encryption of 8 byte data D using 7 byte key K
+
+lmowf(): Lan man hash
+
+ntowf(): NT hash
+
+PW: md4(machine_password) == md4(lsadump $machine.acc) ==
+pwdump(machine$) (initially) == md4(lmowf(unicode(machine)))
+
+ARC4(K,Lk,D,Ld): ARC4 encryption of data D of length Ld with key K of
+length Lk
+
+v[m..n(,l)]: subset of v from bytes m to n, optionally padded with
+zeroes to length l
+
+Cred(K,D): E(K[7..7,7],E(K[0..6],D)) computes a credential
+
+Time(): 4 byte current time
+
+Cc,Cs: 8 byte client and server challenges Rc,Rs: 8 byte client and
+server credentials
+
+
+A1.2) Protocol
+--------------
+
+C->S ReqChal,Cc S->C Cs
+
+C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))
+
+C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs),
+assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs))
+
+On joining the domain the client will optionally attempt to change its
+password and the domain controller may refuse to update it depending
+on registry settings. This will also occur weekly afterwards.
+
+C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc,
+arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
+assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
+S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'
+
+User: U with password P wishes to login to the domain (incidental data
+such as workstation and domain omitted)
+
+C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U,
+arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
+assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
+Ts = Time()
+
+S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C:
+assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1)
+
+
+A1.3) Comments
+--------------
+
+On first joining the domain the session key could be computed by
+anyone listening in on the network as the machine password has a well
+known value. Until the machine is rebooted it will use this session
+key to encrypt NT and LM one way functions of passwords which are
+password equivalents. Any user who logs in before the machine has been
+rebooted a second time will have their password equivalent exposed. Of
+course the new machine password is exposed at this time anyway.
+
+None of the returned user info such as logon script, profile path and
+SIDs *appear* to be protected by anything other than the TCP checksum.
+
+The server time stamps appear to be ignored.
+
+The client sends a ReturnAuthenticator in the SamLogon request which I
+can't find a use for.  However its time is used as the timestamp
+returned by the server.
+
+The password OWFs should NOT be sent over the network reversibly
+encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server
+computing the same function using the owf values in the SAM.
+
+
+A2) SIDs and RIDs
+-----------------
+
+SIDs and RIDs are well documented elsewhere.
+
+A SID is an NT Security ID (see DOM_SID structure).  They are of the form:
+
+	S-revision-NN-SubAuth1-SubAuth2-SubAuth3... 
+	S-revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3...
+
+currently, the SID revision is 1.
+The Sub-Authorities are known as Relative IDs (RIDs).
+
+
+A2.1) Well-known SIDs
+---------------------
+
+
+A2.1.1) Universal well-known SIDs
+---------------------------------
+
+	Null SID                     S-1-0-0
+	World                        S-1-1-0
+	Local                        S-1-2-0
+	Creator Owner ID             S-1-3-0
+	Creator Group ID             S-1-3-1
+	Creator Owner Server ID      S-1-3-2
+	Creator Group Server ID      S-1-3-3
+	
+	(Non-unique IDs)             S-1-4
+
+
+A2.1.2) NT well-known SIDs
+--------------------------
+
+	NT Authority          S-1-5
+	Dialup                S-1-5-1
+
+	Network               S-1-5-2
+	Batch                 S-1-5-3
+	Interactive           S-1-5-4
+	Service               S-1-5-6
+	AnonymousLogon        S-1-5-7       (aka null logon session)
+	Proxy                 S-1-5-8
+	ServerLogon           S-1-5-8       (aka domain controller account)
+	
+	(Logon IDs)           S-1-5-5-X-Y
+	
+	(NT non-unique IDs)   S-1-5-0x15-...
+	
+	(Built-in domain)     s-1-5-0x20
+	
+
+
+A2.2) Well-known RIDS
+---------------------
+
+A RID is a sub-authority value, as part of either a SID, or in the case
+of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1
+structure, in the LSA SAM Logon response.
+
+
+A2.2.1) Well-known RID users
+----------------------------
+
+	DOMAIN_USER_RID_ADMIN          0x0000 01F4
+	DOMAIN_USER_RID_GUEST          0x0000 01F5
+
+
+
+A2.2.2) Well-known RID groups
+----------------------------
+
+	DOMAIN_GROUP_RID_ADMINS        0x0000 0200
+	DOMAIN_GROUP_RID_USERS         0x0000 0201
+	DOMAIN_GROUP_RID_GUESTS        0x0000 0202
+
+
+
+A2.2.3) Well-known RID aliases
+------------------------------
+
+	DOMAIN_ALIAS_RID_ADMINS        0x0000 0220
+	DOMAIN_ALIAS_RID_USERS         0x0000 0221
+	DOMAIN_ALIAS_RID_GUESTS        0x0000 0222
+	DOMAIN_ALIAS_RID_POWER_USERS   0x0000 0223
+
+	DOMAIN_ALIAS_RID_ACCOUNT_OPS   0x0000 0224
+	DOMAIN_ALIAS_RID_SYSTEM_OPS    0x0000 0225
+	DOMAIN_ALIAS_RID_PRINT_OPS     0x0000 0226
+	DOMAIN_ALIAS_RID_BACKUP_OPS    0x0000 0227
+
+	DOMAIN_ALIAS_RID_REPLICATOR    0x0000 0228
+
+
diff --git a/docs/textdocs/outdated/NTDOMAIN.txt b/docs/textdocs/outdated/NTDOMAIN.txt
new file mode 100755
index 00000000000..20510519462
--- /dev/null
+++ b/docs/textdocs/outdated/NTDOMAIN.txt
@@ -0,0 +1,51 @@
+!==
+!== NTDOMAIN.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Luke Kenneth Casson Leighton (samba@samba.org)
+		Copyright (C) 1997 Luke Kenneth Casson Leighton
+Created:	October 20, 1997
+Updated:	February 25, 1999 (Jerry Carter)
+
+Subject:	NT Domain Logons
+===========================================================================
+
+As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations,
+without the need, use or intervention of NT Server.  This document describes
+how to set this up.  Over the continued development of the 1.9.18alpha
+series, this process (and therefore this document) should become simpler.
+
+One useful thing to do is to get this version of Samba up and running
+with Win95 profiles, as you would for the current stable version of
+Samba (currently at 1.9.17p4), and is fully documented.  You will need
+to set up encrypted passwords.  Even if you don't have any Win95 machines,
+using your Samba Server to store the profile for one of your NT Workstation
+users is a good test that you have 1.9.18alpha1 correctly configured *prior*
+to attempting NT Domain Logons.
+
+The support is still experimental, so should be used at your own risk.
+
+NT is not as robust as you might have been led to believe: during the
+development of the Domain Logon Support, one person reported having to
+reinstall NT from scratch: their workstation had become totally unuseable.
+
+[further reports on ntsec@iss.net by independent administrators showing
+ similar symptoms lead us to believe that the SAM database file may be
+ corruptible.  this _is_ recoverable (or, at least the machine is accessible),
+ by deleting the SAM file, under which circumstances all user account details
+ are lost, but at least the Administrator can log in with a blank password.
+ this is *not* possible except if the NT system is installed in a FAT
+ partition.]
+
+This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest.
+
+==========================================================================
+Please note that Samba 2.0 does not **officially** support domain logons
+for Windows NT clients.  Of course, domain logon support for Windows 9x
+clients is complete and official.  These are two different issues.
+
+Samba's capability to act as a Primary Domain Controller for Windows NT
+domains is not advertised as it is not completed yet.  For more information 
+regarding how to obtain the latest development (HEAD branch) source code
+and what features are available, please refer to the NT Domain FAQ on-line
+at the Samba web site under the documentation page.
+
diff --git a/docs/textdocs/outdated/PRINTER_DRIVER.txt b/docs/textdocs/outdated/PRINTER_DRIVER.txt
new file mode 100755
index 00000000000..c8bfd7c7a4d
--- /dev/null
+++ b/docs/textdocs/outdated/PRINTER_DRIVER.txt
@@ -0,0 +1,240 @@
+!==
+!== PRINTER_DRIVER.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+==========================================================================
+	Supporting the famous PRINTER$ share
+ 
+ 	Jean-Francois.Micouleau@utc.fr, 10/26/97
+	modified by herb@sgi.com 1/2/98
+
+===========================================================================
+
+Disclaimer:
+
+	This ONLY works with Windows 95
+	It does NOT work with Windows NT 4
+
+
+Goal:
+
+	When you click on a samba shared printer, you can now install the driver
+	automatically onto the Windows 95 machine, as you would from an NT server.
+	
+How To:
+
+	It's a three step config.
+	
+	First, create a new directory, where you will put the driver files, and
+	make a share in smb.conf pointing to it.
+
+	Example:
+	
+		[printer$]
+   		  path=/usr/local/samba/printer
+   		  public=yes
+   		  writable=no
+   		  browseable=yes
+
+	Second, you have to build the list of drivers required for a specific
+	printer. This is the most complicated thing to do. Get the files
+	'msprint.inf' and 'msprint2.inf' from Windows 95, the easiest way is to
+	grab them from a working Windows 95 computer. They are usually located
+	in 'c:\windows\inf'. Look in them for the printer you have. Run the new
+	program 'make_printerdef' with the file name and the printer name as
+	parameters. If you have drivers for an unsupported or updated printer,
+	first install these drivers on an Windows 95 system. There will be a
+	file created in your inf directory named 'oem?.inf' (where the ? is some
+	number). Use this file instead of msprint.inf.
+
+	Example: (from the /usr/local/samba/lib directory)
+		
+	make_printerdef msprint.inf "Apple LaserWriter" >> printers.def
+	 
+	The program will print out a list of required files to stderr.
+	Copy all the files listed into the directory you created in step 1.
+	If you have "preserve case = yes" make sure your files names match
+	EXACTLY the names listed.
+	
+	Third, you need to add 2 new parameters in smb.conf. One is in the
+	[global] section, called 'printer driver file' pointing to the printer
+	description file you just created, and the other in each printer share,
+	called 'printer driver location' pointing to where the client will get 
+	the drivers. Don't forget to set correctly the printer driver parameter
+	to the Windows printer name.
+
+	Example:
+	
+		[global]
+  		  printer driver file=/usr/local/samba/lib/printers.def
+
+		[lp]
+		   comment = My old printer laser
+		   browseable = yes
+		   printable = yes
+		   public = yes
+		   writable = no
+		   create mode = 0700
+		   printer driver=Apple LaserWriter
+		   printer driver location=\\%h\PRINTER$
+
+	%h will expand to the computer name, and PRINTER$ is the name of the
+	share created in step one.
+	
+	
+If it doesn't work for you, don't send flame ! It worked for me. In case of
+trouble don't hesitate to send me a mail with your smb.conf file and 
+printers.def
+
+
+*******  added by herb@sgi.com
+
+For those of you who like to know the details, and in case I have guessed
+wrong on some of the fields - The following is the format of the entries 
+in the printers.def file: (entries are 1 single line - they are split here 
+for readability)
+
+<Long Printer Name>:<Driver File Name>:<Data File Name>:<Help File Name>:
+<Language Monitor Name>:<Default Data Type>:<Comma Separated list of Files>
+
+The <Help File Name> and the <Language Monitor Name> can be empty.
+If no <Driver File Name> or <Data File Name> are specified in the inf file,
+these will default to the section name for the printer.
+
+The following is an excerpt from the MSPRINT2.INF file on a WIN95 machine.
+I have deleted all but the entries relating to installing a driver for the
+"QMS ColorScript 100 Model 30" printer. Using this "file" I'll try to 
+explain how the printers.def file is created.
+
+make_printerdef is run with the first argument being the name of this
+file (MSPRINT2.INF in this case) and the second argument being the
+name of the printer ("QMS ColorScript 100 Model 30" in this case).
+
+The printer name is first found in the "Model section" to obtain the
+name of the "Installer Section" (this is the name after the equal sign).
+We ignore the alternate name.
+
+The "Installer Section" contains entries for "CopyFiles" and "DataSection".
+The "CopyFiles" line gives a list of all the required files for this
+printer. If the name begins with an @ it is the name of a file (after
+you strip off the @), otherwise it is the name of a "Copy Section" which
+in turn is a list of files required. This printer has one file listed
+"QCS30503.SPD" and two sections "COLOR_QMS_100_30" and "PSCRIPT". The
+"COLOR_QMS_100_30" section is listed in the "[DestinationDirs]" as 
+having a value of 23. This means that all files listed in this section
+should go into the "color" subdirectory. The list of files to copy for
+this printer is thus:
+
+QCS30503.SPD,color\QMS10030.ICM,PSCRIPT.DRV,PSCRIPT.HLP,PSCRIPT.INI,
+TESTPS.TXT,APPLE380.SPD,FONTS.MFM,ICONLIB.DLL,PSMON.DLL
+
+From the "Data Section" we obtain values for "DriverFile", "HelpFile",
+and "LanguageMonitor". The % around the value for "LanguageMonitor"
+indicates that it is a string that can be localized so its actual value
+is obtained from the "[Strings]" section. The "Data Section" could also
+have contained an entry for "DefaultDataType".
+
+Using the information we have obtained we can now construct the entry
+for the printers.def file.
+
+<Long Printer Name>     -> QMS ColorScript 100 Model 30  (name given
+				on the command line)
+<Driver File Name>      -> PSCRIPT.DRV  (given in Data Section)
+<Data File Name>        -> QCS30503.SPD (defaults to Install Section name)
+<Help File Name>        -> PSCRIPT.HLP  (given in Data Section)
+<Language Monitor Name> -> PostScript Language Monitor  (given in Data Section)
+<Default Data Type>     -> RAW (default if not specified)
+
+
+So.... the enty (actually one line but split here for readability) would
+be:
+
+QMS ColorScript 100 Model 30:PSCRIPT.DRV:QCS30503.SPD:
+PSCRIPT.HLP:PostScript Language Monitor:RAW:
+QCS30503.SPD,color\QMS10030.ICM,PSCRIPT.DRV,PSCRIPT.HLP,PSCRIPT.INI,
+TESTPS.TXT,APPLE380.SPD,FONTS.MFM,ICONLIB.DLL,PSMON.DLL
+
+---------------------- Info from MSPRINT2.INF ------------------------
+;
+; The Manufacturer section lists all of the manufacturers that we will
+; display in the Dialog box
+
+[Manufacturer]
+"QMS"
+
+
+;
+; Model sections. Each section here corresponds with an entry listed in the
+; [Manufacturer] section, above. The models will be displayed in the order
+; that they appear in the INF file.
+;
+; Each model lists a variation of its own name as a compatible ID. This
+; is done primarily as an optimization during upgrade.
+;
+[QMS]
+"QMS ColorScript 100 Model 30"    = QCS30503.SPD,QMS_ColorScript_100_Model_30
+
+
+;
+; Installer Sections
+;
+; These sections control file installation, and reference all files that
+; need to be copied. The section name will be assumed to be the driver
+; file, unless there is an explicit DriverFile section listed.
+;
+[QCS30503.SPD]
+CopyFiles=@QCS30503.SPD,COLOR_QMS_100_30,PSCRIPT
+DataSection=PSCRIPT_DATA
+
+; Copy Sections
+;
+; Lists of files that are actually copied. These sections are referenced
+; from the installer sections, above. Only create a section if it contains
+; two or more files (if we only copy a single file, identify it in the
+; installer section, using the @filename notation) or if it's a color
+; profile (since the DestinationDirs can only handle sections, and not
+; individual files).
+;
+[COLOR_QMS_100_30]
+QMS10030.ICM
+
+[PSCRIPT]
+PSCRIPT.DRV
+PSCRIPT.HLP
+PSCRIPT.INI
+TESTPS.TXT
+APPLE380.SPD
+FONTS.MFM
+ICONLIB.DLL
+PSMON.DLL
+
+
+;
+; Data Sections
+;
+; These sections contain data that is shared between devices.
+;
+[PSCRIPT_DATA]
+DriverFile=PSCRIPT.DRV
+HelpFile=PSCRIPT.HLP
+LanguageMonitor=%PS_MONITOR%
+
+
+;
+; Color profiles go to the colors directory. All other files go to the
+; system directory
+;
+
+[DestinationDirs]
+DefaultDestDir=11
+COLOR_QMS_100_30=23
+COLOR_TEKTRONIX_200I=23
+COLOR_TEKTRONIX_III_PXI=23
+
+
+;
+; Localizable Strings
+;
+[Strings]
+MS="Microsoft"
+PS_MONITOR="PostScript Language Monitor,PSMON.DLL"
+
diff --git a/docs/textdocs/outdated/PROJECTS b/docs/textdocs/outdated/PROJECTS
new file mode 100755
index 00000000000..b962b503f2e
--- /dev/null
+++ b/docs/textdocs/outdated/PROJECTS
@@ -0,0 +1,88 @@
+                 Samba Projects Directory
+                 ========================
+
+
+>>>>> NOTE: THIS FILE IS NOW VERY OUT OF DATE <<<<<
+
+
+This is a list of who's working on what in Samba. It's not guaranteed
+to be uptodate or accurate but I hope it will help us getting
+coordinated.
+
+If you are working on something to do with Samba and you aren't here
+then please let me know! Also, if you are listed below and you have
+any corrections or updates then please let me know.
+
+Email contact:
+samba@samba.org
+
+========================================================================
+Documentation and FAQ
+
+Docs and FAQ files for the Samba suite of software.
+
+Contact samba@samba.org with the diffs. These are urgently 
+required. 
+
+The FAQ is being added to on an ad hoc basis, see the web pages for info.
+
+Mark Preston was working on a set of formatted docs for Samba. Is this
+still happening? Contact mpreston@sghms.ac.uk
+
+Status last updated 2nd October 1996
+========================================================================
+
+========================================================================
+Netbeui support
+
+This aimed to produce patches so that Samba can be used with clients
+that do not have TCP/IP. It will try to remain as portable as possible.
+Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and
+although a lot of people have expressed interest nobody has come forward
+to do it. The Novell port (see Samba web pages) includes NetBEUI 
+functionality in a proprietrary library which should still be helpful as 
+we have the interfaces. Alan Cox (a.cox@li.org) has the information 
+required to write the state machine if someone is going to do the work.
+
+Status last updated 2nd October 1996
+========================================================================
+
+========================================================================
+Smbfs
+
+A mountable smb filesystem for Linux using the userfs userspace filesystem
+
+Contact lendecke@namu01.gwdg.de (Volker Lendecke)
+
+This works really well, and is measurably more efficient than commercial
+client software. It is now part of the Linux kernel. Long filename support
+is in use.
+
+Status last updated June 1997
+========================================================================
+
+========================================================================
+Admin Tool
+
+Aims to produce a nice smb.conf editor and other useful tools for
+administering a Samba system.
+
+Contact: Steve Brown (steve@unicorn.dungeon.com)
+
+In the design phase.
+
+Status last updated 4th September 1994
+========================================================================
+
+
+========================================================================
+Lanman Client.
+
+Contact: john@amanda.xs4all.nl (John Stewart)
+
+Aims to produce a reliable LANMAN Client implementation for LINUX,
+and possibly other variations of UNIX. Project ably started by
+Tor Lillqvist; tml@hemuli.tte.vtt.fi
+
+Status last updated 17th January 1995
+========================================================================
diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt
new file mode 100755
index 00000000000..dad4bd78314
--- /dev/null
+++ b/docs/textdocs/security_level.txt
@@ -0,0 +1,103 @@
+!==
+!== security_level.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell
+Updated:	June 27, 1997
+Status:		Current
+
+Subject:	Description of SMB security levels.
+===========================================================================
+
+Samba supports the following options to the global smb.conf parameter
+"security =":
+	share, user, server
+
+Note: Samba-2.0.0 now adds the "domain" security mode. Please refer to
+the smb.conf man page for usage information and to the document
+docs/textdocs/DOMAIN_MEMBER.txt for further background details.
+
+Of the above, "security = server" means that Samba reports to clients that
+it is running in "user mode" but actually passes off all authentication
+requests to another "user mode" server. This requires an additional
+parameter "password server =" that points to the real authentication server.
+That real authentication server can be another Samba server or can be a
+Windows NT server, the later natively capable of encrypted password support.
+
+Below is a more complete description of security levels.
+===========================================================================
+
+A SMB server tells the client at startup what "security level" it is
+running. There are two options "share level" and "user level". Which
+of these two the client receives affects the way the client then tries
+to authenticate itself. It does not directly affect (to any great
+extent) the way the Samba server does security. I know this is
+strange, but it fits in with the client/server approach of SMB. In SMB
+everything is initiated and controlled by the client, and the server
+can only tell the client what is available and whether an action is
+allowed. 
+
+I'll describe user level security first, as its simpler. In user level
+security the client will send a "session setup" command directly after
+the protocol negotiation. This contains a username and password. The
+server can either accept or reject that username/password
+combination. Note that at this stage the server has no idea what
+share the client will eventually try to connect to, so it can't base
+the "accept/reject" on anything other than:
+
+- the username/password
+- the machine that the client is coming from
+
+If the server accepts the username/password then the client expects to
+be able to mount any share (using a "tree connection") without
+specifying a password. It expects that all access rights will be as
+the username/password specified in the "session setup". 
+
+It is also possible for a client to send multiple "session setup"
+requests. When the server responds it gives the client a "uid" to use
+as an authentication tag for that username/password. The client can
+maintain multiple authentication contexts in this way (WinDD is an
+example of an application that does this)
+
+
+Ok, now for share level security. In share level security the client
+authenticates itself separately for each share. It will send a
+password along with each "tree connection" (share mount). It does not
+explicitly send a username with this operation. The client is
+expecting a password to be associated with each share, independent of
+the user. This means that samba has to work out what username the
+client probably wants to use. It is never explicitly sent the
+username. Some commercial SMB servers such as NT actually associate
+passwords directly with shares in share level security, but samba
+always uses the unix authentication scheme where it is a
+username/password that is authenticated, not a "share/password".
+
+Many clients send a "session setup" even if the server is in share
+level security. They normally send a valid username but no
+password. Samba records this username in a list of "possible
+usernames". When the client then does a "tree connection" it also adds
+to this list the name of the share they try to connect to (useful for
+home directories) and any users listed in the "user =" smb.conf
+line. The password is then checked in turn against these "possible
+usernames". If a match is found then the client is authenticated as
+that user.
+
+Finally "server level" security. In server level security the samba
+server reports to the client that it is in user level security. The
+client then does a "session setup" as described earlier. The samba
+server takes the username/password that the client sends and attempts
+to login to the "password server" by sending exactly the same
+username/password that it got from the client. If that server is in
+user level security and accepts the password then samba accepts the
+clients connection. This allows the samba server to use another SMB
+server as the "password server". 
+
+You should also note that at the very start of all this, where the
+server tells the client what security level it is in, it also tells
+the client if it supports encryption. If it does then it supplies the
+client with a random "cryptkey". The client will then send all
+passwords in encrypted form. You have to compile samba with encryption
+enabled to support this feature, and you have to maintain a separate
+smbpasswd file with SMB style encrypted passwords. It is
+cryptographically impossible to translate from unix style encryption
+to SMB style encryption, although there are some fairly simple management
+schemes by which the two could be kept in sync.
diff --git a/docs/yodldocs/README-NOW b/docs/yodldocs/README-NOW
new file mode 100755
index 00000000000..592d38c1351
--- /dev/null
+++ b/docs/yodldocs/README-NOW
@@ -0,0 +1,14 @@
+!==
+!== Notice of change of documentation format
+!==
+
+Samba is no longer using yodl as the source markup
+language for our documentation.  As of release 2.2.0,
+we are using DocBook V4.1 exclusively (assuming you are not
+counting the ASCII files yet to be converted).
+
+Please see ../docbook/docbook.txt for more information
+on this.
+
+jerry carter
+SAMBA Team