Changeset 26 for trunk/samba/docs/htmldocs/manpages

Timestamp:

Apr 10, 2007, 5:27:38 AM (14 years ago)

Author:

Paul Smedley

Message:

Updated source to 3.0.25rc1

Location:

trunk/samba/docs/htmldocs/manpages

Files:

• index.html (modified) (1 diff)
• net.8.html (modified) (5 diffs)
• rpcclient.1.html (modified) (5 diffs)
• smb.conf.5.html (modified) (154 diffs)
• smbclient.1.html (modified) (7 diffs)
• smbcquotas.1.html (modified) (4 diffs)
• smbtree.1.html (modified) (2 diffs)
• vfs_recycle.8.html (modified) (1 diff)

trunk/samba/docs/htmldocs/manpages/index.html

@@ -68 +68 @@
 </p></dd><dt><span class="term"><a href="vfs_netatalk.8.html" target="_top">vfs_netatalk(8)</a></span></dt><dd><p>hide .AppleDouble files from CIFS clients
 </p></dd><dt><span class="term"><a href="vfs_prealloc.8.html" target="_top">vfs_prealloc(8)</a></span></dt><dd><p>preallocate matching files to a predetermined size
+</p></dd><dt><span class="term"><a href="vfs_readahead.8.html" target="_top">vfs_readahead(8)</a></span></dt><dd><p>pre-load the kernel buffer cache
 </p></dd><dt><span class="term"><a href="vfs_readonly.8.html" target="_top">vfs_readonly(8)</a></span></dt><dd><p>make a Samba share read only for a specified time period
 </p></dd><dt><span class="term"><a href="vfs_recycle.8.html" target="_top">vfs_recycle(8)</a></span></dt><dd><p>Samba VFS recycle bin

trunk/samba/docs/htmldocs/manpages/net.8.html

@@ -169 +169 @@
 DN standard LDAP DN, and the attributes are a list of LDAP fields 
 to show in the result. 
-</p><p>Example: <strong class="userinput"><code>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</code></strong></p></div><div class="refsect2" lang="en"><a name="id273042"></a><h3>ADS WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" lang="en"><a name="id273052"></a><h3>USERSHARE</h3><p>Starting with version 3.0.23, a Samba server now supports the ability for
+</p><p>Example: <strong class="userinput"><code>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</code></strong></p></div><div class="refsect2" lang="en"><a name="id273042"></a><h3>ADS WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" lang="en"><a name="id273052"></a><h3>SAM CREATEBUILTINGROUP &lt;NAME&gt;</h3><p>
+(Re)Create a BUILTIN group.
+Only a wellknown set of BUILTIN groups can be created with this command.
+This is the list of currently recognized group names: Administrators,
+Users, Guests, Power Users, Account Operators, Server Operators, Print
+Operators, Backup Operators, Replicator, RAS Servers, Pre-Windows 2000
+ompatible Access.
+
+This command requires a running Winbindd with idmap allocation properly
+configured. The group gid will be allocated out of the winbindd range.
+</p></div><div class="refsect2" lang="en"><a name="id273067"></a><h3>SAM CREATELOCALGROUP &lt;NAME&gt;</h3><p>
+Create a LOCAL group (also known as Alias).
+
+This command requires a running Winbindd with idmap allocation properly
+configured. The group gid will be allocated out of the winbindd range.
+</p></div><div class="refsect2" lang="en"><a name="id273078"></a><h3>SAM MAPUNIXGROUP &lt;NAME&gt;</h3><p>
+Map an existing Unix group and make it a Domain Group, the domain group
+will have the same name.
+</p></div><div class="refsect2" lang="en"><a name="id273089"></a><h3>SAM ADDMEM &lt;GROUP&gt; &lt;MEMBER&gt;</h3><p>
+Add a member to a Local group. The group can be specified only by name,
+the member can be specified by name or SID.
+</p></div><div class="refsect2" lang="en"><a name="id273101"></a><h3>SAM DELMEM  &lt;GROUP&gt; &lt;MEMBER&gt;</h3><p>
+Remove a member from a Local group. The group and the member must be
+specified by name.
+</p></div><div class="refsect2" lang="en"><a name="id273112"></a><h3>SAM LISTMEM &lt;GROUP&gt;</h3><p>
+List Local group members. The group must be specified by name.
+</p></div><div class="refsect2" lang="en"><a name="id273123"></a><h3>SAM LIST &lt;users|groups|localgroups|builtin|workstations&gt; [verbose]</h3><p>
+List the specified set of accounts by name. If verbose is specified,
+the rid and description is also provided for each account.
+</p></div><div class="refsect2" lang="en"><a name="id273135"></a><h3>SAM SHOW &lt;NAME&gt;</h3><p>
+Show the full DOMAIN\\NAME the SID and the type for the corrisponding
+account.
+</p></div><div class="refsect2" lang="en"><a name="id273145"></a><h3>SAM SET HOMEDIR &lt;NAME&gt; &lt;DIRECTORY&gt;</h3><p>
+Set the home directory for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273156"></a><h3>SAM SET PROFILEPATH &lt;NAME&gt; &lt;PATH&gt;</h3><p>
+Set the profile path for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273166"></a><h3>SAM SET COMMENT &lt;NAME&gt; &lt;COMMENT&gt;</h3><p>
+Set the comment for a user or group account.
+</p></div><div class="refsect2" lang="en"><a name="id273177"></a><h3>SAM SET FULLNAME &lt;NAME&gt; &lt;FULL NAME&gt;</h3><p>
+Set the full name for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273187"></a><h3>SAM SET LOGONSCRIPT &lt;NAME&gt; &lt;SCRIPT&gt;</h3><p>
+Set the logon script for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273198"></a><h3>SAM SET HOMEDRIVE &lt;NAME&gt; &lt;DRIVE&gt;</h3><p>
+Set the home drive for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273209"></a><h3>SAM SET WORKSTATIONS &lt;NAME&gt; &lt;WORKSTATIONS&gt;</h3><p>
+Set the workstations a user account is allowed to log in from.
+</p></div><div class="refsect2" lang="en"><a name="id273219"></a><h3>SAM SET DISABLE &lt;NAME&gt;</h3><p>
+Set the "disabled" flag for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273230"></a><h3>SAM SET PWNOTREQ &lt;NAME&gt;</h3><p>
+Set the "password not required" flag for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273241"></a><h3>SAM SET AUTOLOCK &lt;NAME&gt;</h3><p>
+Set the "autolock" flag for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273251"></a><h3>SAM SET PWNOEXP &lt;NAME&gt;</h3><p>
+Set the "password do not expire" flag for a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273262"></a><h3>SAM SET PWMUSTCHANGENOW &lt;NAME&gt; [yes|no]</h3><p>
+Set or unset the "password must change" flag fro a user account.
+</p></div><div class="refsect2" lang="en"><a name="id273273"></a><h3>SAM POLICY LIST</h3><p>
+List the avilable account policies.
+</p></div><div class="refsect2" lang="en"><a name="id273283"></a><h3>SAM POLICY SHOW &lt;account policy&gt;</h3><p>
+Show the account policy value.
+</p></div><div class="refsect2" lang="en"><a name="id273293"></a><h3>SAM POLICY SET &lt;account policy&gt; &lt;value&gt;</h3><p>
+Set a value for the account policy.
+Valid values can be: "forever", "never", "off", or a number.
+</p></div><div class="refsect2" lang="en"><a name="id273305"></a><h3>SAM PROVISION</h3><p>
+Only available if ldapsam:editposix is set and winbindd is running.
+Properly populates the ldap tree with the basic accounts (Administrator)
+and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree.
+</p></div><div class="refsect2" lang="en"><a name="id273316"></a><h3>USERSHARE</h3><p>Starting with version 3.0.23, a Samba server now supports the ability for
 non-root users to add user define shares to be exported using the "net usershare"
 commands.
@@ -198 +265 @@
 </p><table class="simplelist" border="0" summary="Simple list"><tr><td>net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.</td></tr><tr><td>net usershare delete sharename - to delete a user defined share.</td></tr><tr><td>net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.</td></tr><tr><td>net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.</td></tr></table><p>
 
-</p><div class="refsect3" lang="en"><a name="id273099"></a><h4>USERSHARE ADD <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> <em class="replaceable"><code>[comment]</code></em> <em class="replaceable"><code>[acl]</code></em> <em class="replaceable"><code>[guest_ok=[y|n]]</code></em></h4><p>
+</p><div class="refsect3" lang="en"><a name="id273363"></a><h4>USERSHARE ADD <em class="replaceable"><code>sharename</code></em> <em class="replaceable"><code>path</code></em> <em class="replaceable"><code>[comment]</code></em> <em class="replaceable"><code>[acl]</code></em> <em class="replaceable"><code>[guest_ok=[y|n]]</code></em></h4><p>
 Add or replace a new user defined share, with name "sharename".
 </p><p>
@@ -235 +302 @@
 at connect time so will see the change immediately, there is no need
 to restart smbd on adding, deleting or changing a user defined share.
-</div><div class="refsect3" lang="en"><a name="id273157"></a><h4>USERSHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>
+</div><div class="refsect3" lang="en"><a name="id273421"></a><h4>USERSHARE DELETE <em class="replaceable"><code>sharename</code></em></h4><p>
 Deletes the user defined share by name. The Samba smbd daemon
 immediately notices this change, although it will not disconnect
 any users currently connected to the deleted share.
-</p></div><div class="refsect3" lang="en"><a name="id273171"></a><h4>USERSHARE INFO <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>[wildcard sharename]</code></em></h4><p>
+</p></div><div class="refsect3" lang="en"><a name="id273435"></a><h4>USERSHARE INFO <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>[wildcard sharename]</code></em></h4><p>
 Get info on user defined shares owned by the current user matching the given pattern, or all users.
 </p><p>
@@ -258 +325 @@
 And is a list of the current settings of the user defined share that can be
 modified by the "net usershare add" command.
-</p></div><div class="refsect3" lang="en"><a name="id273199"></a><h4>USERSHARE LIST <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>wildcard sharename</code></em></h4><p>
+</p></div><div class="refsect3" lang="en"><a name="id273464"></a><h4>USERSHARE LIST <em class="replaceable"><code>[-l|--long]</code></em> <em class="replaceable"><code>wildcard sharename</code></em></h4><p>
 List all the user defined shares owned by the current user matching the given pattern, or all users.
 </p><p>
@@ -266 +333 @@
 If the '-l' or '--long' option is also given, it includes the names of user defined
 shares created by other users.
-</p></div></div><div class="refsect2" lang="en"><a name="id273224"></a><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" lang="en"><a name="id273235"></a><h2>VERSION</h2><p>This man page is complete for version 3.0 of the Samba 
-        suite.</p></div><div class="refsect1" lang="en"><a name="id273246"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
+</p></div></div><div class="refsect2" lang="en"><a name="id273488"></a><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" lang="en"><a name="id273499"></a><h2>VERSION</h2><p>This man page is complete for version 3.0 of the Samba 
+        suite.</p></div><div class="refsect1" lang="en"><a name="id273510"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
         were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar 

trunk/samba/docs/htmldocs/manpages/rpcclient.1.html

@@ -44 +44 @@
 accessing a service that does not require a password. </p><p>Unless a password is specified on the command line or
 this parameter is specified, the client will request a
-password.</p></dd><dt><span class="term">-k</span></dt><dd><p>
+password.</p><p>If a password is specified on the command line and this
+option is also defined the password on the command line will
+be silently ingnored and no password will be used.</p></dd><dt><span class="term">-k</span></dt><dd><p>
 Try to authenticate with kerberos. Only useful in
 an Active Directory environment.
@@ -71 +73 @@
 it in directly. </p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
 the NetBIOS name that Samba uses for itself. This is identical
-to setting the <a class="indexterm" name="id271739"></a> parameter in the <code class="filename">smb.conf</code> file. 
+to setting the <a class="indexterm" name="id271744"></a> parameter in the <code class="filename">smb.conf</code> file. 
 However, a command
 line setting will take precedence over settings in
@@ -88 +90 @@
 the <code class="filename">smb.conf</code> manual page for the list of valid
 options. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271825"></a><h2>COMMANDS</h2><div class="refsect2" lang="en"><a name="id271830"></a><h3>LSARPC</h3><div class="variablelist"><dl><dt><span class="term">lsaquery</span></dt><dd><p>Query info policy</p></dd><dt><span class="term">lookupsids</span></dt><dd><p>Resolve a list 
+</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271829"></a><h2>COMMANDS</h2><div class="refsect2" lang="en"><a name="id271835"></a><h3>LSARPC</h3><div class="variablelist"><dl><dt><span class="term">lsaquery</span></dt><dd><p>Query info policy</p></dd><dt><span class="term">lookupsids</span></dt><dd><p>Resolve a list 
                 of SIDs to usernames.
                 </p></dd><dt><span class="term">lookupnames</span></dt><dd><p>Resolve a list 
                 of usernames to SIDs.
-                </p></dd><dt><span class="term">enumtrusts</span></dt><dd><p>Enumerate trusted domains</p></dd><dt><span class="term">enumprivs</span></dt><dd><p>Enumerate privileges</p></dd><dt><span class="term">getdispname</span></dt><dd><p>Get the privilege name</p></dd><dt><span class="term">lsaenumsid</span></dt><dd><p>Enumerate the LSA SIDS</p></dd><dt><span class="term">lsaenumprivsaccount</span></dt><dd><p>Enumerate the privileges of an SID</p></dd><dt><span class="term">lsaenumacctrights</span></dt><dd><p>Enumerate the rights of an SID</p></dd><dt><span class="term">lsaenumacctwithright</span></dt><dd><p>Enumerate accounts with a right</p></dd><dt><span class="term">lsaaddacctrights</span></dt><dd><p>Add rights to an account</p></dd><dt><span class="term">lsaremoveacctrights</span></dt><dd><p>Remove rights from an account</p></dd><dt><span class="term">lsalookupprivvalue</span></dt><dd><p>Get a privilege value given its name</p></dd><dt><span class="term">lsaquerysecobj</span></dt><dd><p>Query LSA security object</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id271954"></a><h3>LSARPC-DS</h3><div class="variablelist"><dl><dt><span class="term">dsroledominfo</span></dt><dd><p>Get Primary Domain Information</p></dd></dl></div><p> </p><p><span class="emphasis"><em>DFS</em></span></p><div class="variablelist"><dl><dt><span class="term">dfsexist</span></dt><dd><p>Query DFS support</p></dd><dt><span class="term">dfsadd</span></dt><dd><p>Add a DFS share</p></dd><dt><span class="term">dfsremove</span></dt><dd><p>Remove a DFS share</p></dd><dt><span class="term">dfsgetinfo</span></dt><dd><p>Query DFS share info</p></dd><dt><span class="term">dfsenum</span></dt><dd><p>Enumerate dfs shares</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272023"></a><h3>REG</h3><div class="variablelist"><dl><dt><span class="term">shutdown</span></dt><dd><p>Remote Shutdown</p></dd><dt><span class="term">abortshutdown</span></dt><dd><p>Abort Shutdown</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272049"></a><h3>SRVSVC</h3><div class="variablelist"><dl><dt><span class="term">srvinfo</span></dt><dd><p>Server query info</p></dd><dt><span class="term">netshareenum</span></dt><dd><p>Enumerate shares</p></dd><dt><span class="term">netfileenum</span></dt><dd><p>Enumerate open files</p></dd><dt><span class="term">netremotetod</span></dt><dd><p>Fetch remote time of day</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272091"></a><h3>SAMR</h3><div class="variablelist"><dl><dt><span class="term">queryuser</span></dt><dd><p>Query user info</p></dd><dt><span class="term">querygroup</span></dt><dd><p>Query group info</p></dd><dt><span class="term">queryusergroups</span></dt><dd><p>Query user groups</p></dd><dt><span class="term">querygroupmem</span></dt><dd><p>Query group membership</p></dd><dt><span class="term">queryaliasmem</span></dt><dd><p>Query alias membership</p></dd><dt><span class="term">querydispinfo</span></dt><dd><p>Query display info</p></dd><dt><span class="term">querydominfo</span></dt><dd><p>Query domain info</p></dd><dt><span class="term">enumdomusers</span></dt><dd><p>Enumerate domain users</p></dd><dt><span class="term">enumdomgroups</span></dt><dd><p>Enumerate domain groups</p></dd><dt><span class="term">enumalsgroups</span></dt><dd><p>Enumerate alias groups</p></dd><dt><span class="term">createdomuser</span></dt><dd><p>Create domain user</p></dd><dt><span class="term">samlookupnames</span></dt><dd><p>Look up names</p></dd><dt><span class="term">samlookuprids</span></dt><dd><p>Look up names</p></dd><dt><span class="term">deletedomuser</span></dt><dd><p>Delete domain user</p></dd><dt><span class="term">samquerysecobj</span></dt><dd><p>Query SAMR security object</p></dd><dt><span class="term">getdompwinfo</span></dt><dd><p>Retrieve domain password info</p></dd><dt><span class="term">lookupdomain</span></dt><dd><p>Look up domain</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272237"></a><h3>SPOOLSS</h3><div class="variablelist"><dl><dt><span class="term">adddriver &lt;arch&gt; &lt;config&gt; [&lt;version&gt;]</span></dt><dd><p>
+                </p></dd><dt><span class="term">enumtrusts</span></dt><dd><p>Enumerate trusted domains</p></dd><dt><span class="term">enumprivs</span></dt><dd><p>Enumerate privileges</p></dd><dt><span class="term">getdispname</span></dt><dd><p>Get the privilege name</p></dd><dt><span class="term">lsaenumsid</span></dt><dd><p>Enumerate the LSA SIDS</p></dd><dt><span class="term">lsaenumprivsaccount</span></dt><dd><p>Enumerate the privileges of an SID</p></dd><dt><span class="term">lsaenumacctrights</span></dt><dd><p>Enumerate the rights of an SID</p></dd><dt><span class="term">lsaenumacctwithright</span></dt><dd><p>Enumerate accounts with a right</p></dd><dt><span class="term">lsaaddacctrights</span></dt><dd><p>Add rights to an account</p></dd><dt><span class="term">lsaremoveacctrights</span></dt><dd><p>Remove rights from an account</p></dd><dt><span class="term">lsalookupprivvalue</span></dt><dd><p>Get a privilege value given its name</p></dd><dt><span class="term">lsaquerysecobj</span></dt><dd><p>Query LSA security object</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id271959"></a><h3>LSARPC-DS</h3><div class="variablelist"><dl><dt><span class="term">dsroledominfo</span></dt><dd><p>Get Primary Domain Information</p></dd></dl></div><p> </p><p><span class="emphasis"><em>DFS</em></span></p><div class="variablelist"><dl><dt><span class="term">dfsexist</span></dt><dd><p>Query DFS support</p></dd><dt><span class="term">dfsadd</span></dt><dd><p>Add a DFS share</p></dd><dt><span class="term">dfsremove</span></dt><dd><p>Remove a DFS share</p></dd><dt><span class="term">dfsgetinfo</span></dt><dd><p>Query DFS share info</p></dd><dt><span class="term">dfsenum</span></dt><dd><p>Enumerate dfs shares</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272028"></a><h3>REG</h3><div class="variablelist"><dl><dt><span class="term">shutdown</span></dt><dd><p>Remote Shutdown</p></dd><dt><span class="term">abortshutdown</span></dt><dd><p>Abort Shutdown</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272053"></a><h3>SRVSVC</h3><div class="variablelist"><dl><dt><span class="term">srvinfo</span></dt><dd><p>Server query info</p></dd><dt><span class="term">netshareenum</span></dt><dd><p>Enumerate shares</p></dd><dt><span class="term">netfileenum</span></dt><dd><p>Enumerate open files</p></dd><dt><span class="term">netremotetod</span></dt><dd><p>Fetch remote time of day</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272095"></a><h3>SAMR</h3><div class="variablelist"><dl><dt><span class="term">queryuser</span></dt><dd><p>Query user info</p></dd><dt><span class="term">querygroup</span></dt><dd><p>Query group info</p></dd><dt><span class="term">queryusergroups</span></dt><dd><p>Query user groups</p></dd><dt><span class="term">querygroupmem</span></dt><dd><p>Query group membership</p></dd><dt><span class="term">queryaliasmem</span></dt><dd><p>Query alias membership</p></dd><dt><span class="term">querydispinfo</span></dt><dd><p>Query display info</p></dd><dt><span class="term">querydominfo</span></dt><dd><p>Query domain info</p></dd><dt><span class="term">enumdomusers</span></dt><dd><p>Enumerate domain users</p></dd><dt><span class="term">enumdomgroups</span></dt><dd><p>Enumerate domain groups</p></dd><dt><span class="term">enumalsgroups</span></dt><dd><p>Enumerate alias groups</p></dd><dt><span class="term">createdomuser</span></dt><dd><p>Create domain user</p></dd><dt><span class="term">samlookupnames</span></dt><dd><p>Look up names</p></dd><dt><span class="term">samlookuprids</span></dt><dd><p>Look up names</p></dd><dt><span class="term">deletedomuser</span></dt><dd><p>Delete domain user</p></dd><dt><span class="term">samquerysecobj</span></dt><dd><p>Query SAMR security object</p></dd><dt><span class="term">getdompwinfo</span></dt><dd><p>Retrieve domain password info</p></dd><dt><span class="term">lookupdomain</span></dt><dd><p>Look up domain</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272241"></a><h3>SPOOLSS</h3><div class="variablelist"><dl><dt><span class="term">adddriver &lt;arch&gt; &lt;config&gt; [&lt;version&gt;]</span></dt><dd><p>
                 Execute an AddPrinterDriver() RPC to install the printer driver 
                 information on the server.  Note that the driver files should 
@@ -177 +179 @@
                 <span><strong class="command">enumdrivers</strong></span> commands for obtaining a list of
                 of installed printers and drivers.</p></dd><dt><span class="term">addform</span></dt><dd><p>Add form</p></dd><dt><span class="term">setform</span></dt><dd><p>Set form</p></dd><dt><span class="term">getform</span></dt><dd><p>Get form</p></dd><dt><span class="term">deleteform</span></dt><dd><p>Delete form</p></dd><dt><span class="term">enumforms</span></dt><dd><p>Enumerate form</p></dd><dt><span class="term">setprinter</span></dt><dd><p>Set printer comment</p></dd><dt><span class="term">setprinterdata</span></dt><dd><p>Set REG_SZ printer data</p></dd><dt><span class="term">setprintername &lt;printername&gt;
-                &lt;newprintername&gt;</span></dt><dd><p>Set printer name</p></dd><dt><span class="term">rffpcnex</span></dt><dd><p>Rffpcnex test</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272612"></a><h3>NETLOGON</h3><div class="variablelist"><dl><dt><span class="term">logonctrl2</span></dt><dd><p>Logon Control 2</p></dd><dt><span class="term">logonctrl</span></dt><dd><p>Logon Control</p></dd><dt><span class="term">samsync</span></dt><dd><p>Sam Synchronisation</p></dd><dt><span class="term">samdeltas</span></dt><dd><p>Query Sam Deltas</p></dd><dt><span class="term">samlogon</span></dt><dd><p>Sam Logon</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272673"></a><h3>GENERAL COMMANDS</h3><div class="variablelist"><dl><dt><span class="term">debuglevel</span></dt><dd><p>Set the current
+                &lt;newprintername&gt;</span></dt><dd><p>Set printer name</p></dd><dt><span class="term">rffpcnex</span></dt><dd><p>Rffpcnex test</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272617"></a><h3>NETLOGON</h3><div class="variablelist"><dl><dt><span class="term">logonctrl2</span></dt><dd><p>Logon Control 2</p></dd><dt><span class="term">logonctrl</span></dt><dd><p>Logon Control</p></dd><dt><span class="term">samsync</span></dt><dd><p>Sam Synchronisation</p></dd><dt><span class="term">samdeltas</span></dt><dd><p>Query Sam Deltas</p></dd><dt><span class="term">samlogon</span></dt><dd><p>Sam Logon</p></dd></dl></div></div><div class="refsect2" lang="en"><a name="id272677"></a><h3>GENERAL COMMANDS</h3><div class="variablelist"><dl><dt><span class="term">debuglevel</span></dt><dd><p>Set the current
                 debug level used to log information.</p></dd><dt><span class="term">help (?)</span></dt><dd><p>Print a listing of all 
                 known commands or extended help  on a particular command. 
                 </p></dd><dt><span class="term">quit (exit)</span></dt><dd><p>Exit <span><strong class="command">rpcclient
-                </strong></span>.</p></dd></dl></div></div></div><div class="refsect1" lang="en"><a name="id272714"></a><h2>BUGS</h2><p><span><strong class="command">rpcclient</strong></span> is designed as a developer testing tool 
+                </strong></span>.</p></dd></dl></div></div></div><div class="refsect1" lang="en"><a name="id272719"></a><h2>BUGS</h2><p><span><strong class="command">rpcclient</strong></span> is designed as a developer testing tool 
         and may not be robust in certain areas (such as command line parsing).  
         It has been known to  generate a core dump upon failures when invalid 
@@ -194 +196 @@
         the developers are sending reports to Microsoft,  and problems found 
         or reported to Microsoft are fixed in Service Packs,  which may 
-        result in incompatibilities.</p></div><div class="refsect1" lang="en"><a name="id272766"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba 
-        suite.</p></div><div class="refsect1" lang="en"><a name="id272776"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
+        result in incompatibilities.</p></div><div class="refsect1" lang="en"><a name="id272770"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba 
+        suite.</p></div><div class="refsect1" lang="en"><a name="id272781"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
         were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar 

trunk/samba/docs/htmldocs/manpages/smb.conf.5.html

@@ -384 +384 @@
         added to Samba's domain and a Unix account matching the machine's name appended with a "$" does not
         already exist.
-        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = 
+        </p><p>This option is very similar to the <a class="indexterm" name="id273163"></a>add user script, and likewise uses the %u
+        substitution for the account name.  Do not use the %m
+        substitution.  </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = 
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>add machine script</code></em> = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u
@@ -452 +454 @@
                         </p></li></ul></div><p>
         This parameter is only used for add file shares.  To add printer shares, 
-        see the <a class="indexterm" name="id273562"></a>addprinter command.
+        see the <a class="indexterm" name="id273574"></a>addprinter command.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add share command</code></em> = 
 </em></span>
@@ -469 +471 @@
         </p><p>
         In order to use this option, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> must <span class="emphasis"><em>NOT</em></span> be set to 
-        <a class="indexterm" name="id273651"></a>security = share and <a class="indexterm" name="id273658"></a>add user script 
+        <a class="indexterm" name="id229350"></a>security = share and <a class="indexterm" name="id229357"></a>add user script 
         must be set to a full pathname for a script that will create a UNIX user given one argument of 
         <em class="parameter"><code>%u</code></em>, which expands into the UNIX user name to create.
         </p><p>
         When the Windows user attempts to access the Samba server, at login (session setup in 
-        the SMB protocol) time, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> contacts the <a class="indexterm" name="id273684"></a>password server 
+        the SMB protocol) time, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> contacts the <a class="indexterm" name="id229383"></a>password server 
         and attempts to authenticate the given user with the given password. If the authentication 
         succeeds then <span><strong class="command">smbd</strong></span> attempts to find a UNIX user in the UNIX 
         password database to map the Windows user into. If this lookup fails, and 
-        <a class="indexterm" name="id273699"></a>add user script is set then <span><strong class="command">smbd</strong></span> will
+        <a class="indexterm" name="id229398"></a>add user script is set then <span><strong class="command">smbd</strong></span> will
         call the specified script <span class="emphasis"><em>AS ROOT</em></span>, expanding any 
         <em class="parameter"><code>%u</code></em> argument to be the user name to create.
@@ -486 +488 @@
         match existing Windows NT accounts.
         </p><p>
-        See also <a class="indexterm" name="id273737"></a>security, <a class="indexterm" name="id273744"></a>password server,
-        <a class="indexterm" name="id273751"></a>delete user script.
+        See also <a class="indexterm" name="id273817"></a>security, <a class="indexterm" name="id273824"></a>password server,
+        <a class="indexterm" name="id273831"></a>delete user script.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>add user script</code></em> = 
 </em></span>
@@ -508 +510 @@
     will do all file operations as the super-user (root).</p><p>You should use this option very carefully, as any user in 
     this list will be able to do anything they like on the share, 
-    irrespective of file permissions.</p><p>This parameter will not work with the <a class="indexterm" name="id273891"></a>security = share in
+    irrespective of file permissions.</p><p>This parameter will not work with the <a class="indexterm" name="id273971"></a>security = share in
     Samba 3.0.  This is by design.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>admin users</code></em> = 
 </em></span>
@@ -558 +560 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="ALLOWTRUSTEDDOMAINS"></a>allow trusted domains (G)</span></dt><dd><p>
-    This option only takes effect when the <a class="indexterm" name="id274144"></a>security option is set to 
+    This option only takes effect when the <a class="indexterm" name="id274224"></a>security option is set to 
     <code class="constant">server</code>,<code class="constant">domain</code> or <code class="constant">ads</code>.  
     If it is set to no, then attempts to connect to a resource from 
@@ -593 +595 @@
 </p></dd><dt><span class="term"><a name="AUTHMETHODS"></a>auth methods (G)</span></dt><dd><p>
     This option allows the administrator to chose what authentication methods <span><strong class="command">smbd</strong></span> 
-    will use when authenticating a user. This option defaults to sensible values based on <a class="indexterm" name="id274314"></a>security.  
+    will use when authenticating a user. This option defaults to sensible values based on <a class="indexterm" name="id274394"></a>security.  
     This should be considered a developer option and used only in rare circumstances.  In the majority (if not all) 
     of production servers, the default setting should be adequate.
@@ -621 +623 @@
         affects file service <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and name service <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> in a slightly different ways.</p><p>
         For name service it causes <span><strong class="command">nmbd</strong></span> to bind to ports 137 and 138 on the
-        interfaces listed in the <a class="indexterm" name="id274468"></a>interfaces parameter. <span><strong class="command">nmbd</strong></span>
+        interfaces listed in the <a class="indexterm" name="id274548"></a>interfaces parameter. <span><strong class="command">nmbd</strong></span>
         also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of
         reading broadcast messages.  If this option is not set then <span><strong class="command">nmbd</strong></span> will
-        service name requests on all of these sockets. If <a class="indexterm" name="id274489"></a>bind interfaces only is set then
+        service name requests on all of these sockets. If <a class="indexterm" name="id274569"></a>bind interfaces only is set then
         <span><strong class="command">nmbd</strong></span> will check the source address of any packets coming in on the
         broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the
-        <a class="indexterm" name="id274503"></a>interfaces parameter list.  As unicast packets are received on the other sockets it
+        <a class="indexterm" name="id274583"></a>interfaces parameter list.  As unicast packets are received on the other sockets it
         allows <span><strong class="command">nmbd</strong></span> to refuse to serve names to machines that send packets that
-        arrive through any interfaces not listed in the <a class="indexterm" name="id274518"></a>interfaces list.  IP Source address
+        arrive through any interfaces not listed in the <a class="indexterm" name="id274598"></a>interfaces list.  IP Source address
         spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for
         <span><strong class="command">nmbd</strong></span>.
         </p><p>
-        For file service it causes <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to bind only to the interface list given in the <a class="indexterm" name="id274544"></a>interfaces parameter. This restricts the networks that <span><strong class="command">smbd</strong></span> will
+        For file service it causes <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> to bind only to the interface list given in the <a class="indexterm" name="id274624"></a>interfaces parameter. This restricts the networks that <span><strong class="command">smbd</strong></span> will
         serve to packets coming in those interfaces.  Note that you should not use this parameter for machines that
         are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with
         non-permanent interfaces.
         </p><p>
-        If <a class="indexterm" name="id274562"></a>bind interfaces only is set then unless the network address
-        <span class="emphasis"><em>127.0.0.1</em></span> is added to the <a class="indexterm" name="id274574"></a>interfaces parameter list
+        If <a class="indexterm" name="id274642"></a>bind interfaces only is set then unless the network address
+        <span class="emphasis"><em>127.0.0.1</em></span> is added to the <a class="indexterm" name="id274654"></a>interfaces parameter list
         <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> and
         <a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a> may not work as
@@ -646 +648 @@
         To change a users SMB password, the <span><strong class="command">smbpasswd</strong></span> by default connects to the
         <span class="emphasis"><em>localhost - 127.0.0.1</em></span> address as an SMB client to issue the password change request. If
-        <a class="indexterm" name="id274611"></a>bind interfaces only is set then unless the network address
-        <span class="emphasis"><em>127.0.0.1</em></span> is added to the <a class="indexterm" name="id274622"></a>interfaces parameter list then <span><strong class="command"> smbpasswd</strong></span> will fail to connect in it's default mode.  <span><strong class="command">smbpasswd</strong></span> can be forced to use the primary IP interface of the local host by using
+        <a class="indexterm" name="id274691"></a>bind interfaces only is set then unless the network address
+        <span class="emphasis"><em>127.0.0.1</em></span> is added to the <a class="indexterm" name="id274702"></a>interfaces parameter list then <span><strong class="command"> smbpasswd</strong></span> will fail to connect in it's default mode.  <span><strong class="command">smbpasswd</strong></span> can be forced to use the primary IP interface of the local host by using
         its <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>    <em class="parameter"><code>-r <em class="replaceable"><code>remote machine</code></em></code></em> parameter, with <em class="replaceable"><code>remote
         machine</code></em> set to the IP name of the primary interface of the local host.
@@ -691 +693 @@
         this.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>browse list</code></em> = yes
 </em></span>
-</p></dd><dt><span class="term"><a name="CASESIGNAMES"></a>casesignames</span></dt><dd><p>This parameter is a synonym for case sensitive.</p></dd><dt><span class="term"><a name="CASESENSITIVE"></a>case sensitive (S)</span></dt><dd><p>See the discussion in the section <a class="indexterm" name="id275001"></a>name mangling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = no
+</p></dd><dt><span class="term"><a name="CASESIGNAMES"></a>casesignames</span></dt><dd><p>This parameter is a synonym for case sensitive.</p></dd><dt><span class="term"><a name="CASESENSITIVE"></a>case sensitive (S)</span></dt><dd><p>See the discussion in the section <a class="indexterm" name="id275081"></a>name mangling.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>case sensitive</code></em> = no
 </em></span>
 </p></dd><dt><span class="term"><a name="CHANGENOTIFY"></a>change notify (S)</span></dt><dd><p>This parameter specifies whether Samba should reply
@@ -766 +768 @@
 </p></dd><dt><span class="term"><a name="CLIENTSCHANNEL"></a>client schannel (G)</span></dt><dd><p>
     This controls whether the client offers or even demands the use of the netlogon schannel.
-    <a class="indexterm" name="id275474"></a>client schannel = no does not offer the schannel, 
-    <a class="indexterm" name="id275481"></a>client schannel = auto offers the schannel but does not
-    enforce it, and <a class="indexterm" name="id275489"></a>client schannel = yes denies access 
+    <a class="indexterm" name="id275554"></a>client schannel = no does not offer the schannel, 
+    <a class="indexterm" name="id275561"></a>client schannel = auto offers the schannel but does not
+    enforce it, and <a class="indexterm" name="id275569"></a>client schannel = yes denies access 
     if the server is not able to speak netlogon schannel. 
     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client schannel</code></em> = auto
@@ -792 +794 @@
         neighborhood or via <span><strong class="command">net view</strong></span> to list what shares 
         are available.</p><p>If you want to set the string that is displayed next to the 
-                machine name then see the <a class="indexterm" name="id275637"></a>server string parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = 
+                machine name then see the <a class="indexterm" name="id275717"></a>server string parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>comment</code></em> = 
 # No comment
 </em></span>
@@ -827 +829 @@
         </p><p>
         Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the
-        <a class="indexterm" name="id275845"></a>force create mode parameter which is set to 000 by default.
-        </p><p>
-        This parameter does not affect directory masks. See the parameter <a class="indexterm" name="id275856"></a>directory mask
+        <a class="indexterm" name="id275925"></a>force create mode parameter which is set to 000 by default.
+        </p><p>
+        This parameter does not affect directory masks. See the parameter <a class="indexterm" name="id275936"></a>directory mask
         for details.
         </p><p>
         Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the
-        administrator wishes to enforce a mask on access control lists also, they need to set the <a class="indexterm" name="id275868"></a>security mask.
+        administrator wishes to enforce a mask on access control lists also, they need to set the <a class="indexterm" name="id275948"></a>security mask.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>create mask</code></em> = 0744
 </em></span>
@@ -845 +847 @@
         </p><p>
         For example, shares containing roaming profiles can have offline caching disabled using 
-        <a class="indexterm" name="id275933"></a>csc policy = disable.
+        <a class="indexterm" name="id276013"></a>csc policy = disable.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>csc policy</code></em> = manual
 </em></span>
@@ -851 +853 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="CUPSOPTIONS"></a>cups options (S)</span></dt><dd><p>
-    This parameter is only applicable if <a class="indexterm" name="id275986"></a>printing is 
+    This parameter is only applicable if <a class="indexterm" name="id276066"></a>printing is 
     set to <code class="constant">cups</code>.  Its value is a free form string of options
     passed directly to the cups library.  
@@ -870 +872 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="CUPSSERVER"></a>cups server (G)</span></dt><dd><p>
-    This parameter is only applicable if <a class="indexterm" name="id276069"></a>printing is set to <code class="constant">cups</code>.
+    This parameter is only applicable if <a class="indexterm" name="id276149"></a>printing is set to <code class="constant">cups</code>.
     </p><p>
    If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is 
@@ -899 +901 @@
     boolean parameter adds microsecond resolution to the timestamp  message header when turned on.
     </p><p>
-    Note that the parameter <a class="indexterm" name="id276219"></a>debug timestamp must be on for this to have an effect.
+    Note that the parameter <a class="indexterm" name="id276299"></a>debug timestamp must be on for this to have an effect.
     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug hires timestamp</code></em> = no
 </em></span>
@@ -907 +909 @@
     logfile when turned on.
     </p><p>
-    Note that the parameter <a class="indexterm" name="id276272"></a>debug timestamp must be on for this to have an effect.
+    Note that the parameter <a class="indexterm" name="id276352"></a>debug timestamp must be on for this to have an effect.
     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug pid</code></em> = no
 </em></span>
 </p></dd><dt><span class="term"><a name="DEBUGPREFIXTIMESTAMP"></a>debug prefix timestamp (G)</span></dt><dd><p>
     With this option enabled, the timestamp message header is prefixed to the debug message without the
-    filename and function information that is included with the <a class="indexterm" name="id276315"></a>debug timestamp 
+    filename and function information that is included with the <a class="indexterm" name="id276395"></a>debug timestamp 
     parameter. This gives timestamps to the messages without adding an additional line.
     </p><p>
-    Note that this parameter overrides the <a class="indexterm" name="id276326"></a>debug timestamp parameter.
+    Note that this parameter overrides the <a class="indexterm" name="id276406"></a>debug timestamp parameter.
     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug prefix timestamp</code></em> = no
 </em></span>
 </p></dd><dt><span class="term"><a name="TIMESTAMPLOGS"></a>timestamp logs</span></dt><dd><p>This parameter is a synonym for debug timestamp.</p></dd><dt><span class="term"><a name="DEBUGTIMESTAMP"></a>debug timestamp (G)</span></dt><dd><p>
     Samba debug log messages are timestamped by default. If you are running at a high 
-    <a class="indexterm" name="id276388"></a>debug level these timestamps can be distracting. This 
+    <a class="indexterm" name="id276468"></a>debug level these timestamps can be distracting. This 
     boolean parameter allows timestamping to be turned off.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug timestamp</code></em> = yes
@@ -928 +930 @@
     current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
     </p><p>
-    Note that the parameter <a class="indexterm" name="id276434"></a>debug timestamp must be on for this to have an effect.
+    Note that the parameter <a class="indexterm" name="id276514"></a>debug timestamp must be on for this to have an effect.
     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>debug uid</code></em> = no
 </em></span>
-</p></dd><dt><span class="term"><a name="DEFAULTCASE"></a>default case (S)</span></dt><dd><p>See the section on <a class="indexterm" name="id276474"></a>name mangling.
-        Also note the <a class="indexterm" name="id276481"></a>short preserve case parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = lower
-</em></span>
-</p></dd><dt><span class="term"><a name="DEFAULTDEVMODE"></a>default devmode (S)</span></dt><dd><p>This parameter is only applicable to <a class="indexterm" name="id276522"></a>printable services.
+</p></dd><dt><span class="term"><a name="DEFAULTCASE"></a>default case (S)</span></dt><dd><p>See the section on <a class="indexterm" name="id276554"></a>name mangling.
+        Also note the <a class="indexterm" name="id276561"></a>short preserve case parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>default case</code></em> = lower
+</em></span>
+</p></dd><dt><span class="term"><a name="DEFAULTDEVMODE"></a>default devmode (S)</span></dt><dd><p>This parameter is only applicable to <a class="indexterm" name="id276602"></a>printable services.
     When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
     server has a Device Mode which defines things such as paper size and
@@ -963 +965 @@
         parameter is not given, attempting to connect to a nonexistent 
         service results in an error.</p><p>
-        Typically the default service would be a <a class="indexterm" name="id276633"></a>guest ok, <a class="indexterm" name="id276640"></a>read-only service.</p><p>Also note that the apparent service name will be changed to equal
+        Typically the default service would be a <a class="indexterm" name="id276708"></a>guest ok, <a class="indexterm" name="id276716"></a>read-only service.</p><p>Also note that the apparent service name will be changed to equal
         that of the requested service, this is very useful as it allows you to use macros like <em class="parameter"><code>%S</code></em> to make a wildcard service.
         </p><p>Note also that any "_" characters in the name of the service 
@@ -995 +997 @@
     DeletePrinter() RPC call.</p><p>For a Samba host this means that the printer must be 
     physically deleted from underlying printing system.  The 
-    <a class="indexterm" name="id276811"></a>deleteprinter command defines a script to be run which 
+    <a class="indexterm" name="id276886"></a>deleteprinter command defines a script to be run which 
     will perform the necessary operations for removing the printer
     from the print system and from <code class="filename">smb.conf</code>.
-    </p><p>The <a class="indexterm" name="id276828"></a>deleteprinter command is 
-    automatically called with only one parameter: <a class="indexterm" name="id276836"></a>printer name.
-        </p><p>Once the <a class="indexterm" name="id276846"></a>deleteprinter command has 
+    </p><p>The <a class="indexterm" name="id276904"></a>deleteprinter command is 
+    automatically called with only one parameter: <a class="indexterm" name="id276912"></a>printer name.
+        </p><p>Once the <a class="indexterm" name="id276922"></a>deleteprinter command has 
     been executed, <span><strong class="command">smbd</strong></span> will reparse the <code class="filename">
     smb.conf</code> to associated printer no longer exists.  
@@ -1030 +1032 @@
                         </p></li></ul></div><p>
         This parameter is only used to remove file shares.  To delete printer shares, 
-        see the <a class="indexterm" name="id277034"></a>deleteprinter command.
+        see the <a class="indexterm" name="id277110"></a>deleteprinter command.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete share command</code></em> = 
 </em></span>
@@ -1055 +1057 @@
 </p></dd><dt><span class="term"><a name="DELETEVETOFILES"></a>delete veto files (S)</span></dt><dd><p>This option is used when Samba is attempting to 
         delete a directory that contains one or more vetoed directories 
-        (see the <a class="indexterm" name="id277224"></a>veto files
+        (see the <a class="indexterm" name="id277300"></a>veto files
         option).  If this option is set to <code class="constant">no</code> (the default) then if a vetoed 
         directory contains any non-vetoed files or directories then the 
@@ -1063 +1065 @@
         serving systems such as NetAtalk which create meta-files within 
         directories you might normally veto DOS/Windows users from seeing 
-        (e.g. <code class="filename">.AppleDouble</code>)</p><p>Setting <a class="indexterm" name="id277254"></a>delete veto files = yes allows these 
+        (e.g. <code class="filename">.AppleDouble</code>)</p><p>Setting <a class="indexterm" name="id277330"></a>delete veto files = yes allows these 
         directories to be  transparently deleted when the parent directory 
         is deleted (so long as the user has permissions to do so).</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>delete veto files</code></em> = no
@@ -1075 +1077 @@
         This is a new parameter introduced in Samba version 3.0.21.  It specifies in seconds the time that smbd will
         cache the output of a disk free query. If set to zero (the default) no caching is done. This allows a heavily
-        loaded server to prevent rapid spawning of <a class="indexterm" name="id277309"></a>dfree command scripts increasing the load.
+        loaded server to prevent rapid spawning of <a class="indexterm" name="id277385"></a>dfree command scripts increasing the load.
         </p><p>
         By default this parameter is zero, meaning no caching will be done.
@@ -1091 +1093 @@
         </p><p>
         In Samba version 3.0.21 this parameter has been changed to be a per-share parameter, and in addition the
-        parameter <a class="indexterm" name="id277376"></a>dfree cache time was added to allow the output of this script to be cached
+        parameter <a class="indexterm" name="id277452"></a>dfree cache time was added to allow the output of this script to be cached
         for systems under heavy load.
         </p><p>
@@ -1129 +1131 @@
     and 'other' write bits from the UNIX mode, allowing only the 
     user who owns the directory to modify it.</p><p>Following this Samba will bit-wise 'OR' the UNIX mode 
-    created from this parameter with the value of the <a class="indexterm" name="id277504"></a>force directory mode parameter. 
+    created from this parameter with the value of the <a class="indexterm" name="id277580"></a>force directory mode parameter. 
     This parameter is set to 000 by default (i.e. no extra mode bits are added).</p><p>Note that this parameter does not apply to permissions
     set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
-    a mask on access control lists also, they need to set the <a class="indexterm" name="id277517"></a>directory security mask.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = 0755
+    a mask on access control lists also, they need to set the <a class="indexterm" name="id277593"></a>directory security mask.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = 0755
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>directory mask</code></em> = 0775
@@ -1141 +1143 @@
     box.</p><p>
         This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not
-        in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id277576"></a>force  directory security mode, which works similar like this one but uses logical OR instead of AND.
+        in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id277652"></a>force  directory security mode, which works similar like this one but uses logical OR instead of AND.
         Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.
         </p><p>If not set explicitly this parameter is set to 0777
@@ -1175 +1177 @@
         The default value is "LOCALE", which means automatically set, depending on the
         current locale. The value should generally be the same as the value of the parameter
-        <a class="indexterm" name="id277728"></a>unix charset.
+        <a class="indexterm" name="id277804"></a>unix charset.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>display charset</code></em> = "LOCALE" or "ASCII" (depending on the system)
 </em></span>
@@ -1207 +1209 @@
         If set to <code class="constant">yes</code>, the Samba server will
         provide the netlogon service for Windows 9X network logons for the
-        <a class="indexterm" name="id277888"></a>workgroup it is in.
+        <a class="indexterm" name="id277964"></a>workgroup it is in.
         This will also cause the Samba server to act as a domain
         controller for NT4 style domain services. For more details on
@@ -1218 +1220 @@
         WAN-wide browse list collation. Setting this option causes <span><strong class="command">nmbd</strong></span> to claim a
         special domain specific NetBIOS name that identifies it as a domain master browser for its given
-        <a class="indexterm" name="id277946"></a>workgroup. Local master browsers in the same <a class="indexterm" name="id277953"></a>workgroup on
+        <a class="indexterm" name="id278021"></a>workgroup. Local master browsers in the same <a class="indexterm" name="id278029"></a>workgroup on
         broadcast-isolated subnets will give this <span><strong class="command">nmbd</strong></span> their local browse lists,
         and then ask <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> for a
@@ -1225 +1227 @@
         broadcast-isolated subnet.
         </p><p>
-        Note that Windows NT Primary Domain Controllers expect to be able to claim this <a class="indexterm" name="id277981"></a>workgroup specific special NetBIOS name that identifies them as domain master browsers for that
-        <a class="indexterm" name="id277988"></a>workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting
+        Note that Windows NT Primary Domain Controllers expect to be able to claim this <a class="indexterm" name="id278056"></a>workgroup specific special NetBIOS name that identifies them as domain master browsers for that
+        <a class="indexterm" name="id278064"></a>workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting
         to do this). This means that if this parameter is set and <span><strong class="command">nmbd</strong></span> claims the
-        special name for a <a class="indexterm" name="id278003"></a>workgroup before a Windows NT PDC is able to do so then cross
+        special name for a <a class="indexterm" name="id278078"></a>workgroup before a Windows NT PDC is able to do so then cross
         subnet browsing will behave strangely and may fail.
         </p><p>
-        If <a class="indexterm" name="id278014"></a>domain logons = yes, then the default behavior is to enable the
-        <a class="indexterm" name="id278021"></a>domain master parameter.  If <a class="indexterm" name="id278029"></a>domain logons is not enabled (the
-        default setting), then neither will <a class="indexterm" name="id278036"></a>domain master be enabled by default.
-        </p><p>
-        When <a class="indexterm" name="id278047"></a>domain logons = Yes the default setting for this parameter is
-        Yes, with the result that Samba will be a PDC. If <a class="indexterm" name="id278055"></a>domain master = No,
+        If <a class="indexterm" name="id278090"></a>domain logons = yes, then the default behavior is to enable the
+        <a class="indexterm" name="id278097"></a>domain master parameter.  If <a class="indexterm" name="id278104"></a>domain logons is not enabled (the
+        default setting), then neither will <a class="indexterm" name="id278112"></a>domain master be enabled by default.
+        </p><p>
+        When <a class="indexterm" name="id278123"></a>domain logons = Yes the default setting for this parameter is
+        Yes, with the result that Samba will be a PDC. If <a class="indexterm" name="id278130"></a>domain master = No,
         Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>domain master</code></em> = auto
@@ -1342 +1344 @@
     <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> must either 
     have access to a local <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> file (see the <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a> program for information on how to set up 
-    and maintain this file), or set the <a class="indexterm" name="id229365"></a>security = [server|domain|ads] parameter which 
+    and maintain this file), or set the <a class="indexterm" name="id278606"></a>security = [server|domain|ads] parameter which 
     causes <span><strong class="command">smbd</strong></span> to authenticate against another 
         server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>encrypt passwords</code></em> = yes
@@ -1418 +1420 @@
         file open/close operations. This can give enormous performance benefits.
         </p><p>When you set <span><strong class="command">fake oplocks = yes</strong></span>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> will
-        always grant oplock requests no matter how many clients are using the file.</p><p>It is generally much better to use the real <a class="indexterm" name="id278900"></a>oplocks support rather 
+        always grant oplock requests no matter how many clients are using the file.</p><p>It is generally much better to use the real <a class="indexterm" name="id278911"></a>oplocks support rather 
         than this parameter.</p><p>If you enable this option on all read-only shares or 
         shares that you know will only be accessed from one client at a 
@@ -1468 +1470 @@
         </p><p>
         This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
-        mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279143"></a>directory security mask, which works in a similar manner to this one, but uses a logical AND instead
+        mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279154"></a>directory security mask, which works in a similar manner to this one, but uses a logical AND instead
         of an OR. 
         </p><p>
@@ -1502 +1504 @@
     primary group assigned to sys when accessing this Samba share. All
     other users will retain their ordinary primary group.</p><p>
-        If the <a class="indexterm" name="id279255"></a>force user parameter is also set the group specified in 
+        If the <a class="indexterm" name="id279266"></a>force user parameter is also set the group specified in 
     <em class="parameter"><code>force group</code></em> will override the primary group
     set in <em class="parameter"><code>force user</code></em>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>force group</code></em> = 
@@ -1536 +1538 @@
         </p><p>
         This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
-        mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279401"></a>security mask, which works similar like this one but uses logical AND instead of OR. 
+        mask that the user may have modified to be on.  Make sure not to mix up this parameter with <a class="indexterm" name="id279408"></a>security mask, which works similar like this one but uses logical AND instead of OR. 
         </p><p>
         Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file,
@@ -1604 +1606 @@
     caching algorithm will be used to reduce the time taken for getwd() 
     calls. This can have a significant impact on performance, especially 
-    when the <a class="indexterm" name="id279805"></a>wide smbconfoptions parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = yes
+    when the <a class="indexterm" name="id279813"></a>wide smbconfoptions parameter is set to <code class="constant">no</code>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>getwd cache</code></em> = yes
 </em></span>
 </p></dd><dt><span class="term"><a name="GUESTACCOUNT"></a>guest account (G)</span></dt><dd><p>This is a username which will be used for access 
-    to services which are specified as <a class="indexterm" name="id279850"></a>guest ok (see below). Whatever privileges this 
+    to services which are specified as <a class="indexterm" name="id279857"></a>guest ok (see below). Whatever privileges this 
     user has will be available to any client connecting to the guest service. 
     This user must exist in the password file, but does not require
@@ -1626 +1628 @@
 </p></dd><dt><span class="term"><a name="PUBLIC"></a>public</span></dt><dd><p>This parameter is a synonym for guest ok.</p></dd><dt><span class="term"><a name="GUESTOK"></a>guest ok (S)</span></dt><dd><p>If this parameter is <code class="constant">yes</code> for 
     a service, then no password is required to connect to the service. 
-    Privileges will be those of the <a class="indexterm" name="id279957"></a>guest account.</p><p>This paramater nullifies the benifits of setting
-    <a class="indexterm" name="id279968"></a>restrict anonymous = 2
-        </p><p>See the section below on <a class="indexterm" name="id279979"></a>security for more information about this option.
+    Privileges will be those of the <a class="indexterm" name="id279965"></a>guest account.</p><p>This paramater nullifies the benifits of setting
+    <a class="indexterm" name="id279976"></a>restrict anonymous = 2
+        </p><p>See the section below on <a class="indexterm" name="id279986"></a>security for more information about this option.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest ok</code></em> = no
 </em></span>
 </p></dd><dt><span class="term"><a name="ONLYGUEST"></a>only guest</span></dt><dd><p>This parameter is a synonym for guest only.</p></dd><dt><span class="term"><a name="GUESTONLY"></a>guest only (S)</span></dt><dd><p>If this parameter is <code class="constant">yes</code> for 
     a service, then only guest connections to the service are permitted. 
-    This parameter will have no effect if <a class="indexterm" name="id280044"></a>guest ok is not set for the service.</p><p>See the section below on <a class="indexterm" name="id280055"></a>security for more information about this option.
+    This parameter will have no effect if <a class="indexterm" name="id280052"></a>guest ok is not set for the service.</p><p>See the section below on <a class="indexterm" name="id280063"></a>security for more information about this option.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>guest only</code></em> = no
 </em></span>
@@ -1675 +1677 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="HOMEDIRMAP"></a>homedir map (G)</span></dt><dd><p>
-        If <a class="indexterm" name="id280303"></a>nis homedir is <code class="constant">yes</code>, and <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting         as a Win95/98 <em class="parameter"><code>logon server</code></em> 
+        If <a class="indexterm" name="id280310"></a>nis homedir is <code class="constant">yes</code>, and <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> is also acting         as a Win95/98 <em class="parameter"><code>logon server</code></em> 
         then this parameter specifies the NIS (or YP) map from which the server for the user's  home directory should be extracted.  
         At present, only the Sun auto.home map format is understood. The form of the map is:
@@ -1693 +1695 @@
         Dfs trees hosted on the server.
         </p><p>
-        See also the <a class="indexterm" name="id280400"></a>msdfs root share  level  parameter.  For more  information  on
+        See also the <a class="indexterm" name="id280408"></a>msdfs root share  level  parameter.  For more  information  on
         setting  up a Dfs tree on Samba, refer to the MSFDS chapter in the book Samba3-HOWTO.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>host msdfs</code></em> = yes
@@ -1705 +1707 @@
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>hostname lookups</code></em> = yes
 </em></span>
-</p></dd><dt><span class="term"><a name="ALLOWHOSTS"></a>allow hosts</span></dt><dd><p>This parameter is a synonym for hosts allow.</p></dd><dt><span class="term"><a name="HOSTSALLOW"></a>hosts allow (S)</span></dt><dd><p>A synonym for this parameter is <a class="indexterm" name="id280521"></a>allow hosts.</p><p>This parameter is a comma, space, or tab delimited 
+</p></dd><dt><span class="term"><a name="ALLOWHOSTS"></a>allow hosts</span></dt><dd><p>This parameter is a synonym for hosts allow.</p></dd><dt><span class="term"><a name="HOSTSALLOW"></a>hosts allow (S)</span></dt><dd><p>A synonym for this parameter is <a class="indexterm" name="id280528"></a>allow hosts.</p><p>This parameter is a comma, space, or tab delimited 
     set of hosts which are permitted to access a service.</p><p>If specified in the [global] section then it will
     apply to all services, regardless of whether the individual 
@@ -1715 +1717 @@
     page may not be present on your system, so a brief description will
     be given here also.</p><p>Note that the localhost address 127.0.0.1 will always 
-    be allowed access unless specifically denied by a <a class="indexterm" name="id280559"></a>hosts deny option.</p><p>You can also specify hosts by network/netmask pairs and 
+    be allowed access unless specifically denied by a <a class="indexterm" name="id280567"></a>hosts deny option.</p><p>You can also specify hosts by network/netmask pairs and 
     by netgroup names if your system supports netgroups. The 
     <span class="emphasis"><em>EXCEPT</em></span> keyword can also be used to limit a 
@@ -1732 +1734 @@
         In the event that it is necessary to deny all by default, use the keyword
         ALL (or the netmask <code class="literal">0.0.0.0/0</code>) and then explicitly specify
-        to the <a class="indexterm" name="id280736"></a>hosts allow = hosts allow parameter those hosts
+        to the <a class="indexterm" name="id280743"></a>hosts allow = hosts allow parameter those hosts
         that should be permitted access.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>hosts deny</code></em> = 
@@ -1742 +1744 @@
         The idmap alloc backend provides a plugin interface for Winbind to use
         when allocating Unix uids/gids for Windows SIDs.  This option is
-        to be used in conjunction with the <a class="indexterm" name="id280790"></a>idmap domains 
+        to be used in conjunction with the <a class="indexterm" name="id280797"></a>idmap domains 
         parameter and refers to the name of the idmap module which will provide
         the id allocation functionality.  Please refer to the man page 
@@ -1748 +1750 @@
         the allocation feature.  The most common plugins are the tdb (<a href="idmap_tdb.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_tdb</span>(8)</span></a>)
         and ldap (<a href="idmap_ldap.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_ldap</span>(8)</span></a>) libraries.
-        </p><p>Also refer to the <a class="indexterm" name="id280819"></a>idmap alloc config option.
+        </p><p>Also refer to the <a class="indexterm" name="id280826"></a>idmap alloc config option.
         </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap alloc backend</code></em> = tdb
 </em></span>
 </p></dd><dt><span class="term"><a name="IDMAPALLOCCONFIG"></a>idmap alloc config (G)</span></dt><dd><p>
         The idmap alloc config prefix provides a means of managing settings
-        for the backend defined by the <a class="indexterm" name="id280864"></a>idmap alloc backend 
+        for the backend defined by the <a class="indexterm" name="id280871"></a>idmap alloc backend 
         parameter.  Refer to the man page for each idmap plugin regarding
         specific configuration details.
@@ -1760 +1762 @@
         varying backends to store SID/uid/gid mapping tables.  This
         option is mutually exclusive with the newer and more flexible
-        <a class="indexterm" name="id280899"></a>idmap domains parameter.  The main difference
+        <a class="indexterm" name="id280906"></a>idmap domains parameter.  The main difference
         between the "idmap backend" and the "idmap domains"
         is that the former only allows on backend for all domains while the
@@ -1775 +1777 @@
 </p></dd><dt><span class="term"><a name="IDMAPCONFIG"></a>idmap config (G)</span></dt><dd><p>
         The idmap config prefix provides a means of managing each domain 
-        defined by the <a class="indexterm" name="id281011"></a>idmap domains option using Samba's
+        defined by the <a class="indexterm" name="id281018"></a>idmap domains option using Samba's
         parameteric option support.  The idmap config prefix should be 
         followed by the name of the domain, a colon, and a setting specific to 
@@ -1789 +1791 @@
                 </p></dd><dt><span class="term">readonly = [yes|no]</span></dt><dd><p>
                         Mark the domain as readonly which means that no attempts to
-                        allocate a uid or gid (by the <a class="indexterm" name="id281058"></a>idmap alloc     backend) for any user or group in that domain
+                        allocate a uid or gid (by the <a class="indexterm" name="id281066"></a>idmap alloc     backend) for any user or group in that domain
                         will be attempted.
                 </p></dd></dl></div><p>
@@ -1808 +1810 @@
         The idmap domains option defines a list of Windows domains which will each
         have a separately configured backend for managing Winbind's SID/uid/gid
-        tables.  This parameter is mutually exclusive with the older <a class="indexterm" name="id281126"></a>idmap backend option.
+        tables.  This parameter is mutually exclusive with the older <a class="indexterm" name="id281133"></a>idmap backend option.
         </p><p>
         Values consist of the short domain name for Winbind's primary or collection
@@ -1814 +1816 @@
         domain backend for any domain not explicitly listed.
         </p><p>
-        Refer to the <a class="indexterm" name="id281141"></a>idmap config for details about
+        Refer to the <a class="indexterm" name="id281149"></a>idmap config for details about
         managing the SID/uid/gid backend for each domain.
         </p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>idmap domains</code></em> = default AD CORP
@@ -1822 +1824 @@
         SIDs. This range of group ids should have no 
         existing local or NIS groups within it as strange conflicts can 
-        occur otherwise.</p><p>See also the <a class="indexterm" name="id281214"></a>idmap backend, <a class="indexterm" name="id281221"></a>idmap domains, and <a class="indexterm" name="id281228"></a>idmap config options.
+        occur otherwise.</p><p>See also the <a class="indexterm" name="id281221"></a>idmap backend, <a class="indexterm" name="id281228"></a>idmap domains, and <a class="indexterm" name="id281235"></a>idmap config options.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap gid</code></em> = 
 </em></span>
@@ -1835 +1837 @@
         allocated for use in mapping UNIX users to NT user SIDs. This 
         range of ids should have no existing local
-        or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="indexterm" name="id281340"></a>idmap backend, <a class="indexterm" name="id281347"></a>idmap domains, and <a class="indexterm" name="id281354"></a>idmap config options.
+        or NIS users within it as strange conflicts can occur otherwise.</p><p>See also the <a class="indexterm" name="id281348"></a>idmap backend, <a class="indexterm" name="id281355"></a>idmap domains, and <a class="indexterm" name="id281362"></a>idmap config options.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>idmap uid</code></em> = 
 </em></span>
@@ -1867 +1869 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="INHERITPERMISSIONS"></a>inherit permissions (S)</span></dt><dd><p>
-        The permissions on new files and directories are normally governed by <a class="indexterm" name="id281548"></a>create mask,
-        <a class="indexterm" name="id281555"></a>directory mask, <a class="indexterm" name="id281562"></a>force create mode and <a class="indexterm" name="id281570"></a>force directory mode but the boolean inherit permissions parameter overrides this.
+        The permissions on new files and directories are normally governed by <a class="indexterm" name="id281556"></a>create mask,
+        <a class="indexterm" name="id281563"></a>directory mask, <a class="indexterm" name="id281570"></a>force create mode and <a class="indexterm" name="id281577"></a>force directory mode but the boolean inherit permissions parameter overrides this.
         </p><p>New directories inherit the mode of the parent directory,
     including bits such as setgid.</p><p>
         New files inherit their read/write bits from the parent directory.  Their execute bits continue to be
-        determined by <a class="indexterm" name="id281586"></a>map archive, <a class="indexterm" name="id281593"></a>map hidden and <a class="indexterm" name="id281600"></a>map system as usual.
+        determined by <a class="indexterm" name="id281593"></a>map archive, <a class="indexterm" name="id281600"></a>map hidden and <a class="indexterm" name="id281607"></a>map system as usual.
         </p><p>Note that the setuid bit is <span class="emphasis"><em>never</em></span> set via 
     inheritance (the code explicitly prohibits this).</p><p>This can be particularly useful on large systems with 
@@ -1923 +1925 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="IPRINTSERVER"></a>iprint server (G)</span></dt><dd><p>
-    This parameter is only applicable if <a class="indexterm" name="id281833"></a>printing is set to <code class="constant">iprint</code>.
+    This parameter is only applicable if <a class="indexterm" name="id281841"></a>printing is set to <code class="constant">iprint</code>.
     </p><p>
    If set, this option overrides the ServerName option in the CUPS <code class="filename">client.conf</code>. This is 
@@ -1936 +1938 @@
     sent. Keepalive packets, if sent, allow the server to tell whether 
     a client is still present and responding.</p><p>Keepalives should, in general, not be needed if the socket 
-    has the SO_KEEPALIVE attribute set on it by default. (see <a class="indexterm" name="id281912"></a>socket options). 
+    has the SO_KEEPALIVE attribute set on it by default. (see <a class="indexterm" name="id281919"></a>socket options). 
 Basically you should only use this option if you strike difficulties.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>keepalive</code></em> = 300
 </em></span>
@@ -1948 +1950 @@
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>kernel change notify</code></em> = yes
 </em></span>
-</p></dd><dt><span class="term"><a name="KERNELOPLOCKS"></a>kernel oplocks (G)</span></dt><dd><p>For UNIXes that support kernel based <a class="indexterm" name="id282002"></a>oplocks
+</p></dd><dt><span class="term"><a name="KERNELOPLOCKS"></a>kernel oplocks (G)</span></dt><dd><p>For UNIXes that support kernel based <a class="indexterm" name="id282010"></a>oplocks
         (currently only IRIX and the Linux 2.4 kernel), this parameter 
         allows the use of them to be turned on or off.</p><p>Kernel oplocks support allows Samba <em class="parameter"><code>oplocks
@@ -1985 +1987 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="LDAPADMINDN"></a>ldap admin dn (G)</span></dt><dd><p>
-        The <a class="indexterm" name="id282195"></a>ldap admin dn defines the Distinguished  Name (DN) name used by Samba to contact
-        the ldap server when retreiving  user account information. The <a class="indexterm" name="id282203"></a>ldap admin dn is used
+        The <a class="indexterm" name="id282202"></a>ldap admin dn defines the Distinguished  Name (DN) name used by Samba to contact
+        the ldap server when retreiving  user account information. The <a class="indexterm" name="id282210"></a>ldap admin dn is used
         in conjunction with the admin dn password stored in the <code class="filename">private/secrets.tdb</code>
         file.  See the <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>
         man page for more information on how  to accomplish this.
         </p><p>
-        The <a class="indexterm" name="id282228"></a>ldap admin dn requires a fully specified DN. The <a class="indexterm" name="id282236"></a>ldap  suffix is not appended to the <a class="indexterm" name="id282243"></a>ldap admin dn.
+        The <a class="indexterm" name="id282236"></a>ldap admin dn requires a fully specified DN. The <a class="indexterm" name="id282243"></a>ldap  suffix is not appended to the <a class="indexterm" name="id282250"></a>ldap admin dn.
         </p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="LDAPDELETEDN"></a>ldap delete dn (G)</span></dt><dd><p> This parameter specifies whether a delete
         operation in the ldapsam deletes the complete entry or only the attributes
@@ -1999 +2001 @@
 </p></dd><dt><span class="term"><a name="LDAPGROUPSUFFIX"></a>ldap group suffix (G)</span></dt><dd><p>This parameter specifies the suffix that is 
         used for groups when these are added to the LDAP directory.
-        If this parameter is unset, the value of <a class="indexterm" name="id282311"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
-        <a class="indexterm" name="id282319"></a>ldap suffix string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = 
+        If this parameter is unset, the value of <a class="indexterm" name="id282318"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
+        <a class="indexterm" name="id282326"></a>ldap suffix string so use a partial DN.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = 
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>ldap group suffix</code></em> = ou=Groups
@@ -2006 +2008 @@
 </p></dd><dt><span class="term"><a name="LDAPIDMAPSUFFIX"></a>ldap idmap suffix (G)</span></dt><dd><p>
         This parameters specifies the suffix that is used when storing idmap mappings. If this parameter 
-        is unset, the value of <a class="indexterm" name="id282372"></a>ldap suffix will be used instead.  The suffix 
-        string is pre-pended to the <a class="indexterm" name="id282379"></a>ldap suffix string so use a partial DN.
+        is unset, the value of <a class="indexterm" name="id282379"></a>ldap suffix will be used instead.  The suffix 
+        string is pre-pended to the <a class="indexterm" name="id282387"></a>ldap suffix string so use a partial DN.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap idmap suffix</code></em> = 
 </em></span>
@@ -2014 +2016 @@
 </p></dd><dt><span class="term"><a name="LDAPMACHINESUFFIX"></a>ldap machine suffix (G)</span></dt><dd><p>
         It specifies where machines should be added to the ldap tree.  If this parameter is unset, the value of
-        <a class="indexterm" name="id282432"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
-        <a class="indexterm" name="id282439"></a>ldap suffix string so use a partial DN.
+        <a class="indexterm" name="id282439"></a>ldap suffix will be used instead.  The suffix string is pre-pended to the
+        <a class="indexterm" name="id282447"></a>ldap suffix string so use a partial DN.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap machine suffix</code></em> = 
 </em></span>
@@ -2025 +2027 @@
         change via SAMBA.  
         </p><p>
-        The <a class="indexterm" name="id282496"></a>ldap passwd sync can be set to one of three values: 
+        The <a class="indexterm" name="id282504"></a>ldap passwd sync can be set to one of three values: 
         </p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Yes</code></em>  =  Try 
                         to update the LDAP, NT and LM passwords and update the pwdLastSet time.</p></li><li><p><em class="parameter"><code>No</code></em> = Update NT and 
@@ -2043 +2045 @@
         The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap replication sleep</code></em> = 1000
+</em></span>
+</p></dd><dt><span class="term"><a name="LDAPSAM:EDITPOSIX"></a>ldapsam:editposix (G)</span></dt><dd><p>
+        Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller
+        eliminating the need to set up custom scripts to add and manage the posix users and groups. This option
+        will instead directly manipulate the ldap tree to create, remove and modify user and group entries.
+        This option also requires a running winbindd as it is used to allocate new uids/gids on user/group
+        creation. The allocation range must be therefore configured.
+        </p><p>
+        To use this option, a basic ldap tree must be provided and the ldap suffix parameters must be properly
+        configured. On virgin servers the default users and groups (Administrator, Guest, Domain Users,
+        Domain Admins, Domain Guests) can be precreated with the command <span><strong class="command">net sam
+        provision</strong></span>. To run this command the ldap server must be running, Winindd must be running and
+        the smb.conf ldap options must be properly configured.
+
+        The tipical ldap setup used with the <a class="indexterm" name="id282650"></a>ldapsam:trusted = yes option
+        is usually sufficient to use <a class="indexterm" name="id282658"></a>ldapsam:editposix = yes as well.
+        </p><p>
+        An example configuration can be the following:
+
+        </p><pre class="programlisting">
+        encrypt passwords = true
+        passdb backend = ldapsam
+
+        ldapsam:trusted=yes
+        ldapsam:editposix=yes
+
+        ldap admin dn = cn=admin,dc=samba,dc=org
+        ldap delete dn = yes
+        ldap group suffix = ou=groups
+        ldap idmap suffix = ou=idmap
+        ldap machine suffix = ou=computers
+        ldap user suffix = ou=users
+        ldap suffix = dc=samba,dc=org
+
+        idmap backend = ldap:"ldap://localhost"
+
+        idmap uid = 5000-50000
+        idmap gid = 5000-50000
+        </pre><p>
+
+        This configuration assume the ldap server have been loaded with a base tree like described
+        in the following ldif:
+
+        </p><pre class="programlisting">
+        dn: dc=samba,dc=org
+        objectClass: top
+        objectClass: dcObject
+        objectClass: organization
+        o: samba.org
+        dc: samba
+
+        dn: cn=admin,dc=samba,dc=org
+        objectClass: simpleSecurityObject
+        objectClass: organizationalRole
+        cn: admin
+        description: LDAP administrator
+        userPassword: secret
+
+        dn: ou=users,dc=samba,dc=org
+        objectClass: top
+        objectClass: organizationalUnit
+        ou: users
+
+        dn: ou=groups,dc=samba,dc=org
+        objectClass: top
+        objectClass: organizationalUnit
+        ou: groups
+
+        dn: ou=idmap,dc=samba,dc=org
+        objectClass: top
+        objectClass: organizationalUnit
+        ou: idmap
+
+        dn: ou=computers,dc=samba,dc=org
+        objectClass: top
+        objectClass: organizationalUnit
+        ou: computers
+        </pre><p>
+        </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldapsam:editposix</code></em> = no
 </em></span>
 </p></dd><dt><span class="term"><a name="LDAPSAM:TRUSTED"></a>ldapsam:trusted (G)</span></dt><dd><p>
@@ -2052 +2133 @@
         are used to deal with user and group attributes lack such optimization.
         </p><p>
-        To make Samba scale well in large environments, the <a class="indexterm" name="id282636"></a>ldapsam:trusted = yes
+        To make Samba scale well in large environments, the <a class="indexterm" name="id282732"></a>ldapsam:trusted = yes
         option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the
         standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are 
         stored together with the POSIX data in the same LDAP object. If these assumptions are met, 
-        <a class="indexterm" name="id282646"></a>ldapsam:trusted = yes can be activated and Samba can bypass the 
+        <a class="indexterm" name="id282742"></a>ldapsam:trusted = yes can be activated and Samba can bypass the 
         NSS system to query user group memberships. Optimized LDAP queries can greatly speed up domain logon and 
         administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries 
@@ -2067 +2148 @@
         Samba's previous SSL support which was enabled by specifying the 
         <span><strong class="command">--with-ssl</strong></span> option to the <code class="filename">configure</code> 
-        script.</p><p>The <a class="indexterm" name="id282709"></a>ldap ssl can be set to one of three values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never 
+        script.</p><p>The <a class="indexterm" name="id282805"></a>ldap ssl can be set to one of three values:</p><div class="itemizedlist"><ul type="disc"><li><p><em class="parameter"><code>Off</code></em> = Never 
                         use SSL when querying the directory.</p></li><li><p><em class="parameter"><code>Start_tls</code></em> = Use 
                         the LDAPv3 StartTLS extended operation (RFC2830) for 
@@ -2073 +2154 @@
                         on the ldaps port when contacting the <em class="parameter"><code>ldap server</code></em>. Only available when the 
                         backwards-compatiblity <span><strong class="command">--with-ldapsam</strong></span> option is specified
-                to configure. See <a class="indexterm" name="id282765"></a>passdb backend</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = start_tls
+                to configure. See <a class="indexterm" name="id282861"></a>passdb backend</p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap ssl</code></em> = start_tls
 </em></span>
 </p></dd><dt><span class="term"><a name="LDAPSUFFIX"></a>ldap suffix (G)</span></dt><dd><p>Specifies the base for all ldap suffixes and for storing the sambaDomain object.</p><p>
-        The ldap suffix will be appended to the values specified for the <a class="indexterm" name="id282812"></a>ldap user suffix,
-        <a class="indexterm" name="id282819"></a>ldap group suffix, <a class="indexterm" name="id282826"></a>ldap machine suffix, and the
-        <a class="indexterm" name="id282833"></a>ldap idmap suffix. Each of these should be given only a DN relative to the
-        <a class="indexterm" name="id282841"></a>ldap suffix.
+        The ldap suffix will be appended to the values specified for the <a class="indexterm" name="id282907"></a>ldap user suffix,
+        <a class="indexterm" name="id282914"></a>ldap group suffix, <a class="indexterm" name="id282922"></a>ldap machine suffix, and the
+        <a class="indexterm" name="id282929"></a>ldap idmap suffix. Each of these should be given only a DN relative to the
+        <a class="indexterm" name="id282936"></a>ldap suffix.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap suffix</code></em> = 
 </em></span>
@@ -2092 +2173 @@
 </p></dd><dt><span class="term"><a name="LDAPUSERSUFFIX"></a>ldap user suffix (G)</span></dt><dd><p>
         This parameter specifies where users are added to the tree. If this parameter is unset, 
-        the value of <a class="indexterm" name="id282931"></a>ldap suffix will be used instead.  The suffix 
-        string is pre-pended to the  <a class="indexterm" name="id282938"></a>ldap suffix string so use a partial DN.
+        the value of <a class="indexterm" name="id283024"></a>ldap suffix will be used instead.  The suffix 
+        string is pre-pended to the  <a class="indexterm" name="id283031"></a>ldap suffix string so use a partial DN.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>ldap user suffix</code></em> = 
 </em></span>
@@ -2112 +2193 @@
         delete any read-ahead caches.</p><p>It is recommended that this parameter be turned on to
         speed access to shared executables.</p><p>For more discussions on level2 oplocks see the CIFS spec.</p><p>
-        Currently, if <a class="indexterm" name="id283016"></a>kernel oplocks are supported then
+        Currently, if <a class="indexterm" name="id283109"></a>kernel oplocks are supported then
         level2 oplocks are not granted (even if this parameter is set to
-        <code class="constant">yes</code>).  Note also, the <a class="indexterm" name="id283027"></a>oplocks
+        <code class="constant">yes</code>).  Note also, the <a class="indexterm" name="id283120"></a>oplocks
         parameter must be set to <code class="constant">yes</code> on this share in order for 
         this parameter to have any effect.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>level2 oplocks</code></em> = yes
@@ -2126 +2207 @@
         broadcasts. If set to <code class="constant">yes</code> Samba will produce 
         Lanman announce broadcasts at a frequency set by the parameter 
-        <a class="indexterm" name="id283103"></a>lm interval. If set to <code class="constant">auto</code> 
+        <a class="indexterm" name="id283196"></a>lm interval. If set to <code class="constant">auto</code> 
         Samba will not send Lanman announce broadcasts by default but will 
         listen for them. If it hears such a broadcast on the wire it will 
         then start sending them at a frequency set by the parameter 
-        <a class="indexterm" name="id283115"></a>lm interval.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = auto
+        <a class="indexterm" name="id283208"></a>lm interval.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = auto
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>lm announce</code></em> = yes
@@ -2136 +2217 @@
 </p></dd><dt><span class="term"><a name="LMINTERVAL"></a>lm interval (G)</span></dt><dd><p>If Samba is set to produce Lanman announce 
         broadcasts needed by OS/2 clients (see the 
-                <a class="indexterm" name="id283167"></a>lm announce parameter) then this 
+                <a class="indexterm" name="id283260"></a>lm announce parameter) then this 
         parameter defines the frequency in seconds with which they will be 
         made.  If this is set to zero then no Lanman announcements will be 
-        made despite the setting of the <a class="indexterm" name="id283176"></a>lm announce 
+        made despite the setting of the <a class="indexterm" name="id283269"></a>lm announce 
         parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lm interval</code></em> = 60
 </em></span>
@@ -2146 +2227 @@
 </p></dd><dt><span class="term"><a name="LOADPRINTERS"></a>load printers (G)</span></dt><dd><p>A boolean variable that controls whether all 
     printers in the printcap will be loaded for browsing by default. 
-    See the <a class="indexterm" name="id283229"></a>printers section for 
+    See the <a class="indexterm" name="id283322"></a>printers section for 
     more details.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>load printers</code></em> = yes
 </em></span>
@@ -2161 +2242 @@
 </p></dd><dt><span class="term"><a name="LOCKDIR"></a>lock dir</span></dt><dd><p>This parameter is a synonym for lock directory.</p></dd><dt><span class="term"><a name="LOCKDIRECTORY"></a>lock directory (G)</span></dt><dd><p>This option specifies the directory where lock 
         files will be placed.  The lock files are used to implement the 
-        <a class="indexterm" name="id283380"></a>max connections option.
+        <a class="indexterm" name="id283473"></a>max connections option.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock directory</code></em> = ${prefix}/var/locks
 </em></span>
@@ -2178 +2259 @@
         You should never need to set this parameter.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="LOCKSPINCOUNT"></a>lock spin count (G)</span></dt><dd><p>This parameter has been made inoperative in Samba 3.0.24.
         The functionality it contolled is now controlled by the parameter
-        <a class="indexterm" name="id283500"></a>lock spin time.
+        <a class="indexterm" name="id283593"></a>lock spin time.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin count</code></em> = 0
 </em></span>
@@ -2185 +2266 @@
         be granted. This parameter has changed in default
         value from Samba 3.0.23 from 10 to 200. The associated
-        <a class="indexterm" name="id283542"></a>lock spin count parameter is
+        <a class="indexterm" name="id283635"></a>lock spin count parameter is
         no longer used in Samba 3.0.24. You should not need
         to change the value of this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lock spin time</code></em> = 200
@@ -2206 +2287 @@
 </p></dd><dt><span class="term"><a name="LOGONDRIVE"></a>logon drive (G)</span></dt><dd><p>
         This parameter specifies the local path to which the home directory will be
-        connected (see <a class="indexterm" name="id283696"></a>logon home) and is only used by NT
+        connected (see <a class="indexterm" name="id283789"></a>logon home) and is only used by NT
         Workstations.
         </p><p>
@@ -2233 +2314 @@
         <span><strong class="command">net use /home</strong></span> but use the whole string when dealing with profiles.
         </p><p>
-        Note that in prior versions of Samba, the <a class="indexterm" name="id283804"></a>logon path was returned rather than 
+        Note that in prior versions of Samba, the <a class="indexterm" name="id283897"></a>logon path was returned rather than 
         <em class="parameter"><code>logon home</code></em>.  This broke <span><strong class="command">net use /home</strong></span> 
         but allowed profiles outside the home directory. The current implementation is correct, and can be used for 
         profiles if you use the above trick.
         </p><p>
-        Disable this feature by setting <a class="indexterm" name="id283828"></a>logon home = "" - using the empty string.
+        Disable this feature by setting <a class="indexterm" name="id283921"></a>logon home = "" - using the empty string.
         </p><p>
         This option is only useful if Samba is set up as a logon server.
@@ -2249 +2330 @@
         stored.  Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
         profiles.  To find out how to handle roaming profiles for Win 9X system, see the
-        <a class="indexterm" name="id283886"></a>logon home parameter.
+        <a class="indexterm" name="id283979"></a>logon home parameter.
         </p><p>
         This option takes the standard substitutions, allowing you to have separate logon scripts for each user or
@@ -2278 +2359 @@
         </p></div><p>Note that this option is only useful if Samba is set up as a domain controller.</p><p>
         Disable the use of roaming profiles by setting the value of this parameter to the empty string. For
-        example, <a class="indexterm" name="id283964"></a>logon path = "". Take note that even if the default setting
+        example, <a class="indexterm" name="id284057"></a>logon path = "". Take note that even if the default setting
         in the smb.conf file is the empty string, any value specified in the user account settings in the passdb
         backend will over-ride the effect of setting this parameter to null. Disabling of all roaming profile use
@@ -2295 +2376 @@
         </p><p>
         The script must be a relative path to the <em class="parameter"><code>[netlogon]</code></em> service.  If the [netlogon]
-        service specifies a <a class="indexterm" name="id284040"></a>path of <code class="filename">/usr/local/samba/netlogon</code>, and <a class="indexterm" name="id284054"></a>logon  script = STARTUP.BAT, then the file that will be downloaded is:
+        service specifies a <a class="indexterm" name="id284133"></a>path of <code class="filename">/usr/local/samba/netlogon</code>, and <a class="indexterm" name="id284146"></a>logon  script = STARTUP.BAT, then the file that will be downloaded is:
 </p><pre class="programlisting">
         /usr/local/samba/netlogon/STARTUP.BAT
@@ -2335 +2416 @@
     in the lppause command as the PATH may not be available to the server.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lppause command</code></em> = 
 # Currently no default value is given to 
-    this string, unless the value of the <a class="indexterm" name="id284207"></a>printing 
+    this string, unless the value of the <a class="indexterm" name="id284300"></a>printing 
     parameter is <code class="constant">SYSV</code>, in which case the default is : 
     <span><strong class="command">lp -i %p-%j -H hold</strong></span> or if the value of the 
@@ -2383 +2464 @@
     printing or spooling a specific print job.</p><p>This command should be a program or script which takes 
     a printer name and job number to resume the print job. See 
-    also the <a class="indexterm" name="id284484"></a>lppause command parameter.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name 
+    also the <a class="indexterm" name="id284576"></a>lppause command parameter.</p><p>If a <em class="parameter"><code>%p</code></em> is given then the printer name 
     is put in its place. A <em class="parameter"><code>%j</code></em> is replaced with 
     the job number (an integer).</p><p>Note that it is good practice to include the absolute path 
     in the <em class="parameter"><code>lpresume command</code></em> as the PATH may not 
-    be available to the server.</p><p>See also the <a class="indexterm" name="id284520"></a>printing parameter.</p><p>Default: Currently no default value is given 
+    be available to the server.</p><p>See also the <a class="indexterm" name="id284613"></a>printing parameter.</p><p>Default: Currently no default value is given 
     to this string, unless the value of the <em class="parameter"><code>printing</code></em> 
     parameter is <code class="constant">SYSV</code>, in which case the default is :</p><p><span><strong class="command">lp -i %p-%j -H resume</strong></span></p><p>or if the value of the <em class="parameter"><code>printing</code></em> parameter 
@@ -2410 +2491 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="MACHINEPASSWORDTIMEOUT"></a>machine password timeout (G)</span></dt><dd><p>
-        If a Samba server is a member of a Windows NT Domain (see the <a class="indexterm" name="id284676"></a>security = domain parameter) then periodically a running smbd process will try and change
+        If a Samba server is a member of a Windows NT Domain (see the <a class="indexterm" name="id284769"></a>security = domain parameter) then periodically a running smbd process will try and change
         the MACHINE ACCOUNT PASSWORD stored in the TDB called <code class="filename">private/secrets.tdb
         </code>.  This parameter specifies how often this password will be changed, in seconds. The default is one
@@ -2416 +2497 @@
         </p><p>
         See also <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>,
-        and the <a class="indexterm" name="id284702"></a>security = domain parameter.
+        and the <a class="indexterm" name="id284795"></a>security = domain parameter.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>machine password timeout</code></em> = 604800
 </em></span>
 </p></dd><dt><span class="term"><a name="MAGICOUTPUT"></a>magic output (S)</span></dt><dd><p>
         This parameter specifies the name of a file which will contain output created by a magic script (see the 
-        <a class="indexterm" name="id284743"></a>magic script parameter below).
+        <a class="indexterm" name="id284836"></a>magic script parameter below).
         </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If two clients use the same <em class="parameter"><code>magic script
         </code></em> in the same directory the output file content is undefined.
@@ -2434 +2515 @@
         completion assuming that the user has the appropriate level 
         of privilege and the file permissions allow the deletion.</p><p>If the script generates output, output will be sent to 
-        the file specified by the <a class="indexterm" name="id284817"></a>magic output
+        the file specified by the <a class="indexterm" name="id284910"></a>magic output
         parameter (see above).</p><p>Note that some shells are unable to interpret scripts 
         containing CR/LF instead of CR as 
@@ -2455 +2536 @@
         you would use:
         </p><p>
-        <a class="indexterm" name="id284921"></a>mangled map = (*.html *.htm).
+        <a class="indexterm" name="id285014"></a>mangled map = (*.html *.htm).
         </p><p>
         One very useful case is to remove the annoying <code class="filename">;1</code> off 
@@ -2467 +2548 @@
 </p></dd><dt><span class="term"><a name="MANGLEDNAMES"></a>mangled names (S)</span></dt><dd><p>This controls whether non-DOS names under UNIX 
         should be mapped to DOS-compatible names ("mangled") and made visible, 
-        or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="indexterm" name="id284988"></a>name mangling for 
+        or whether non-DOS names should simply be ignored.</p><p>See the section on <a class="indexterm" name="id285081"></a>name mangling for 
         details on how to control the mangling process.</p><p>If mangling is used then the mangling algorithm is as follows:</p><div class="itemizedlist"><ul type="disc"><li><p>The first (up to) five alphanumeric characters 
                         before the rightmost dot of the filename are preserved, forced 
@@ -2477 +2558 @@
                         only if it contains any upper case characters or is longer than three
                         characters.</p><p>Note that the character to use may be specified using 
-                                the <a class="indexterm" name="id285022"></a>mangling char
+                                the <a class="indexterm" name="id285115"></a>mangling char
                         option, if you don't like '~'.</p></li><li><p>Files whose UNIX name begins with a dot will be 
                         presented as DOS hidden files. The mangled name will be created as 
@@ -2501 +2582 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="MANGLINGCHAR"></a>mangling char (S)</span></dt><dd><p>This controls what character is used as 
-        the <span class="emphasis"><em>magic</em></span> character in <a class="indexterm" name="id285143"></a>name mangling. The 
+        the <span class="emphasis"><em>magic</em></span> character in <a class="indexterm" name="id285236"></a>name mangling. The 
         default is a '~' but this may interfere with some software. Use this option to set 
         it to whatever you prefer. This is effective only when mangling method is hash.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>mangling char</code></em> = ~
@@ -2534 +2615 @@
         be quite annoying for shared source code, documents, etc...
         </p><p>
-        Note that this requires the <a class="indexterm" name="id285296"></a>create mask        parameter to be set such that owner 
+        Note that this requires the <a class="indexterm" name="id285393"></a>create mask        parameter to be set such that owner 
         execute bit is not masked out (i.e. it must include 100). See the parameter 
-        <a class="indexterm" name="id285304"></a>create mask for details.
+        <a class="indexterm" name="id285401"></a>create mask for details.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map archive</code></em> = yes
 </em></span>
@@ -2542 +2623 @@
         This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.
         </p><p>
-        Note that this requires the <a class="indexterm" name="id285349"></a>create mask to be set such that the world execute 
-        bit is not masked out (i.e. it must include 001). See the parameter <a class="indexterm" name="id285357"></a>create mask 
+        Note that this requires the <a class="indexterm" name="id285446"></a>create mask to be set such that the world execute 
+        bit is not masked out (i.e. it must include 001). See the parameter <a class="indexterm" name="id285454"></a>create mask 
         for details.
         </p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="MAPREADONLY"></a>map read only (S)</span></dt><dd><p>
@@ -2549 +2630 @@
         </p><p>
         This parameter can take three different values, which tell <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> how to display the read only attribute on files, where either
-        <a class="indexterm" name="id285402"></a>store dos attributes is set to <code class="constant">No</code>, or no extended attribute is
-        present. If <a class="indexterm" name="id285413"></a>store dos attributes is set to <code class="constant">yes</code> then this
+        <a class="indexterm" name="id285500"></a>store dos attributes is set to <code class="constant">No</code>, or no extended attribute is
+        present. If <a class="indexterm" name="id285511"></a>store dos attributes is set to <code class="constant">yes</code> then this
         parameter is <span class="emphasis"><em>ignored</em></span>. This is a new parameter introduced in Samba version 3.0.21.
         </p><p>The three settings are :</p><div class="itemizedlist"><ul type="disc"><li><p>
@@ -2563 +2644 @@
                 </p></li><li><p>
                 <code class="constant">No</code> - The read only DOS attribute is unaffected by permissions, and can only be set by
-                the <a class="indexterm" name="id285470"></a>store dos attributes method. This may be useful for exporting mounted CDs.
+                the <a class="indexterm" name="id285568"></a>store dos attributes method. This may be useful for exporting mounted CDs.
                 </p></li></ul></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>map read only</code></em> = yes
 </em></span>
@@ -2569 +2650 @@
         This controls whether DOS style system files should be mapped to the UNIX group execute bit.
         </p><p>
-        Note that this requires the <a class="indexterm" name="id285516"></a>create mask        to be set such that the group 
+        Note that this requires the <a class="indexterm" name="id285613"></a>create mask        to be set such that the group 
         execute bit is not masked out (i.e. it must include 010). See the parameter 
-        <a class="indexterm" name="id285524"></a>create mask for details.
+        <a class="indexterm" name="id285621"></a>create mask for details.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>map system</code></em> = no
 </em></span>
-</p></dd><dt><span class="term"><a name="MAPTOGUEST"></a>map to guest (G)</span></dt><dd><p>This parameter is only useful in <a class="indexterm" name="id285564"></a>SECURITY = 
+</p></dd><dt><span class="term"><a name="MAPTOGUEST"></a>map to guest (G)</span></dt><dd><p>This parameter is only useful in <a class="indexterm" name="id285661"></a>SECURITY = 
     security modes other than <em class="parameter"><code>security = share</code></em> 
     - i.e. <code class="constant">user</code>, <code class="constant">server</code>, 
@@ -2584 +2665 @@
             logins with an invalid password are rejected, unless the username 
             does not exist, in which case it is treated as a guest login and 
-            mapped into the <a class="indexterm" name="id285625"></a>guest account.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins 
+            mapped into the <a class="indexterm" name="id285723"></a>guest account.</p></li><li><p><code class="constant">Bad Password</code> - Means user logins 
             with an invalid password are treated as a guest login and mapped 
-            into the <a class="indexterm" name="id285642"></a>guest account. Note that 
+            into the <a class="indexterm" name="id285740"></a>guest account. Note that 
             this can cause problems as it means that any user incorrectly typing 
             their password will be silently logged on as "guest" - and 
@@ -2616 +2697 @@
     will be refused if this number of connections to the service are already open. A value 
     of zero mean an unlimited number of connections may be made.</p><p>Record lock files are used to implement this feature. The lock files will be stored in 
-    the directory specified by the <a class="indexterm" name="id285760"></a>lock directory option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = 0
+    the directory specified by the <a class="indexterm" name="id285862"></a>lock directory option.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = 0
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>max connections</code></em> = 10
@@ -2707 +2788 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="MAXWINSTTL"></a>max wins ttl (G)</span></dt><dd><p>This option tells <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> when acting as a WINS server
-        (<a class="indexterm" name="id286427"></a>wins support = yes) what the maximum
+        (<a class="indexterm" name="id286529"></a>wins support = yes) what the maximum
     'time to live' of NetBIOS names that <span><strong class="command">nmbd</strong></span> 
     will grant will be (in seconds). You should never need to change this
@@ -2768 +2849 @@
 </p></dd><dt><span class="term"><a name="MINPROTOCOL"></a>min protocol (G)</span></dt><dd><p>The value of the parameter (a string) is the 
     lowest SMB protocol dialect than Samba will support.  Please refer
-    to the <a class="indexterm" name="id286749"></a>max protocol
+    to the <a class="indexterm" name="id286852"></a>max protocol
     parameter for a list of valid protocol names and a brief description
     of each.  You may also wish to refer to the C source code in
     <code class="filename">source/smbd/negprot.c</code> for a listing of known protocol
     dialects supported by clients.</p><p>If you are viewing this parameter as a security measure, you should
-    also refer to the <a class="indexterm" name="id286768"></a>lanman auth parameter.  Otherwise, you should never need 
+    also refer to the <a class="indexterm" name="id286871"></a>lanman auth parameter.  Otherwise, you should never need 
     to change this parameter.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>min protocol</code></em> = CORE
 </em></span>
@@ -2779 +2860 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="MINWINSTTL"></a>min wins ttl (G)</span></dt><dd><p>This option tells <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>
-    when acting as a WINS server (<a class="indexterm" name="id286828"></a>wins support = yes) what the minimum 'time to live' 
+    when acting as a WINS server (<a class="indexterm" name="id286931"></a>wins support = yes) what the minimum 'time to live' 
     of NetBIOS names that <span><strong class="command">nmbd</strong></span> will grant will be (in 
     seconds). You should never need to change this parameter.  The default 
@@ -2789 +2870 @@
         this share, they are redirected to the proxied share using
         the SMB-Dfs protocol.</p><p>Only Dfs roots can act as proxy shares. Take a look at the
-        <a class="indexterm" name="id286882"></a>msdfs root and <a class="indexterm" name="id286889"></a>host msdfs
+        <a class="indexterm" name="id286985"></a>msdfs root and <a class="indexterm" name="id286992"></a>host msdfs
         options to find out how to set up a Dfs root share.</p><p><span class="emphasis"><em>No default</em></span></p><p>Example: <span class="emphasis"><em><em class="parameter"><code>msdfs proxy</code></em> = \\otherserver\someshare
 </em></span>
@@ -2825 +2906 @@
                 _ldap._tcp.domain.
         </p></li><li><p><code class="constant">wins</code> : Query a name with 
-            the IP address listed in the <a class="indexterm" name="id287080"></a>WINSSERVER parameter.  If no WINS server has
+            the IP address listed in the <a class="indexterm" name="id287183"></a>WINSSERVER parameter.  If no WINS server has
             been specified this method will be ignored.</p></li><li><p><code class="constant">bcast</code> : Do a broadcast on 
-            each of the known local interfaces listed in the <a class="indexterm" name="id287097"></a>interfaces 
+            each of the known local interfaces listed in the <a class="indexterm" name="id287200"></a>interfaces 
             parameter. This is the least reliable of the name resolution 
             methods as it depends on the target host being on a locally 
@@ -2879 +2960 @@
         server. When Samba is returning the home share to the client, it 
         will consult the NIS map specified in
-        <a class="indexterm" name="id287347"></a>homedir map and return the server 
+        <a class="indexterm" name="id287449"></a>homedir map and return the server 
         listed there.</p><p>Note that for this option to work there must be a working 
         NIS system and the Samba server with this option must also 
@@ -2918 +2999 @@
     default behavior is to use PAM for clear text authentication only
     and to ignore any account or session management.  Note that Samba
-    always ignores PAM for authentication in the case of <a class="indexterm" name="id287633"></a>encrypt passwords = yes.  The reason 
+    always ignores PAM for authentication in the case of <a class="indexterm" name="id287735"></a>encrypt passwords = yes.  The reason 
     is that PAM modules cannot support the challenge/response
     authentication mechanism needed in the presence of SMB password encryption.
@@ -2929 +3010 @@
     this parameter will force the server to only use the login 
     names from the <em class="parameter"><code>user</code></em> list and is only really
-    useful in <a class="indexterm" name="id287689"></a>security = share level security.</p><p>Note that this also means Samba won't try to deduce 
+    useful in <a class="indexterm" name="id287791"></a>security = share level security.</p><p>Note that this also means Samba won't try to deduce 
     usernames from the service name. This can be annoying for 
     the [homes] section. To get around this you could use <span><strong class="command">user =
@@ -2977 +3058 @@
         </p><p>
         Oplocks may be selectively turned off on certain files with a share. See 
-        the <a class="indexterm" name="id287934"></a>veto oplock files parameter. On some systems 
+        the <a class="indexterm" name="id288040"></a>veto oplock files parameter. On some systems 
         oplocks are recognized by the underlying operating system. This 
         allows data synchronization between all access to oplocked files, 
         whether it be via Samba or NFS or a local UNIX process. See the 
-        <a class="indexterm" name="id287943"></a>kernel oplocks parameter for details.
+        <a class="indexterm" name="id288049"></a>kernel oplocks parameter for details.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>oplocks</code></em> = yes
 </em></span>
@@ -2996 +3077 @@
 </p></dd><dt><span class="term"><a name="OSLEVEL"></a>os level (G)</span></dt><dd><p>
         This integer value controls what level Samba advertises itself as for browse elections. The value of this
-        parameter determines whether <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="indexterm" name="id288046"></a>workgroup in the local broadcast area.
+        parameter determines whether <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> has a chance of becoming a local master browser for the <a class="indexterm" name="id288153"></a>workgroup in the local broadcast area.
 </p><p><span class="emphasis"><em>
         Note :</em></span>By default, Samba will win a local master browsing election over all Microsoft operating
@@ -3011 +3092 @@
     flag for Samba.  If enabled, then PAM will be used for password
     changes when requested by an SMB client instead of the program listed in 
-    <a class="indexterm" name="id288111"></a>passwd program. 
+    <a class="indexterm" name="id288217"></a>passwd program. 
     It should be possible to enable this without changing your 
-    <a class="indexterm" name="id288118"></a>passwd chat parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = no
+    <a class="indexterm" name="id288224"></a>passwd chat parameter for most setups.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>pam password change</code></em> = no
 </em></span>
 </p></dd><dt><span class="term"><a name="PANICACTION"></a>panic action (G)</span></dt><dd><p>This is a Samba developer option that allows a 
@@ -3039 +3120 @@
                 </p></li><li><p><span><strong class="command">tdbsam</strong></span> - The TDB based password storage
                 backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-                in the <a class="indexterm" name="id288295"></a>private dir directory.</p></li><li><p><span><strong class="command">ldapsam</strong></span> - The LDAP based passdb 
+                in the <a class="indexterm" name="id288401"></a>private dir directory.</p></li><li><p><span><strong class="command">ldapsam</strong></span> - The LDAP based passdb 
                 backend.  Takes an LDAP URL as an optional argument (defaults to 
                 <span><strong class="command">ldap://localhost</strong></span>)</p><p>LDAP connections should be secured where possible.  This may be done using either
-                Start-TLS (see <a class="indexterm" name="id288325"></a>ldap ssl) or by
+                Start-TLS (see <a class="indexterm" name="id288431"></a>ldap ssl) or by
                 specifying <em class="parameter"><code>ldaps://</code></em> in
                 the URL argument. </p><p>Multiple servers may also be specified in double-quotes, if your
@@ -3069 +3150 @@
     strings passed to and received from the passwd chat are printed 
     in the <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> log with a 
-    <a class="indexterm" name="id288435"></a>debug level 
+    <a class="indexterm" name="id288541"></a>debug level 
     of 100. This is a dangerous option as it will allow plaintext passwords 
     to be seen in the <span><strong class="command">smbd</strong></span> log. It is available to help 
@@ -3075 +3156 @@
     when calling the <em class="parameter"><code>passwd program</code></em> and should 
     be turned off after this has been done. This option has no effect if the 
-    <a class="indexterm" name="id288462"></a>pam password change
+    <a class="indexterm" name="id288568"></a>pam password change
         paramter is set. This parameter is off by default.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>passwd chat debug</code></em> = no
 </em></span>
@@ -3087 +3168 @@
     program to change the user's password. The string describes a 
     sequence of response-receive pairs that <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> uses to determine what to send to the 
-    <a class="indexterm" name="id288559"></a>passwd program and what to expect back. If the expected output is not 
+    <a class="indexterm" name="id288665"></a>passwd program and what to expect back. If the expected output is not 
     received then the password is not changed.</p><p>This chat sequence is often quite site specific, depending 
     on what local methods are used for password control (such as NIS 
-    etc).</p><p>Note that this parameter only is only used if the <a class="indexterm" name="id288575"></a>unix password sync parameter is set  to <code class="constant">yes</code>. This sequence is 
+    etc).</p><p>Note that this parameter only is only used if the <a class="indexterm" name="id288681"></a>unix password sync parameter is set  to <code class="constant">yes</code>. This sequence is 
     then called <span class="emphasis"><em>AS ROOT</em></span> when the SMB password  in the 
     smbpasswd file is being changed, without access to the old password
     cleartext. This means that root must be able to reset the user's password without
     knowing the text of the previous password. In the presence of
-    NIS/YP,  this means that the <a class="indexterm" name="id288592"></a>passwd program must
+    NIS/YP,  this means that the <a class="indexterm" name="id288698"></a>passwd program must
     be executed on the NIS master.
     </p><p>The string can contain the macro <em class="parameter"><code>%n</code></em> which is substituted 
@@ -3104 +3185 @@
     in them into a single string.</p><p>If the send string in any part of the chat sequence  is a full
     stop ".",  then no string is sent. Similarly,  if the
-    expect string is a full stop then no string is expected.</p><p>If the <a class="indexterm" name="id288620"></a>pam password change parameter is set to <code class="constant">yes</code>, the
+    expect string is a full stop then no string is expected.</p><p>If the <a class="indexterm" name="id288726"></a>pam password change parameter is set to <code class="constant">yes</code>, the
         chat pairs may be matched in any order, and success is determined by the PAM result, not any particular
         output. The \n macro is ignored for PAM conversions.
@@ -3150 +3231 @@
     made - the password as is and the password in all-lower case.</p><p>This parameter is used only when using plain-text passwords. It is
     not at all used when encrypted passwords as in use (that is the default
-    since samba-3.0.0). Use this only when <a class="indexterm" name="id288846"></a>encrypt passwords = No.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = 0
+    since samba-3.0.0). Use this only when <a class="indexterm" name="id288953"></a>encrypt passwords = No.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = 0
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>password level</code></em> = 4
@@ -3166 +3247 @@
     have no effect on password servers for Windows NT 4.0 domains or netbios 
     connections.</p><p>If parameter is a name, it is looked up using the 
-    parameter <a class="indexterm" name="id288918"></a>name resolve order and so may resolved
+    parameter <a class="indexterm" name="id289024"></a>name resolve order and so may resolved
     by any method and order described in that parameter.</p><p>The password server must be a machine capable of using 
     the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
@@ -3228 +3309 @@
         will be replaced by the NetBIOS name of the machine they are 
         connecting from. These replacements are very useful for setting 
-        up pseudo home directories for users.</p><p>Note that this path will be based on <a class="indexterm" name="id289202"></a>root dir
+        up pseudo home directories for users.</p><p>Note that this path will be based on <a class="indexterm" name="id289308"></a>root dir
          if one was specified.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>path</code></em> = 
 </em></span>
@@ -3256 +3337 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="PREEXECCLOSE"></a>preexec close (S)</span></dt><dd><p>
-        This boolean option controls whether a non-zero return code from <a class="indexterm" name="id289400"></a>preexec 
+        This boolean option controls whether a non-zero return code from <a class="indexterm" name="id289506"></a>preexec 
         should close the service being connected to.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec close</code></em> = no
@@ -3267 +3348 @@
         /usr/local/samba/bin/smbclient -M %m -I %I' &amp; </strong></span>
         </p><p>Of course, this could get annoying after a while :-)</p><p>
-        See also <a class="indexterm" name="id289484"></a>preexec close and <a class="indexterm" name="id289491"></a>postexec.
+        See also <a class="indexterm" name="id289590"></a>preexec close and <a class="indexterm" name="id289597"></a>postexec.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preexec</code></em> = 
 </em></span>
@@ -3277 +3358 @@
         If this is set to <code class="constant">yes</code>, on startup, <span><strong class="command">nmbd</strong></span> will force
         an election, and it will have a slight advantage in winning the election.  It is recommended that this
-        parameter is used in conjunction with <a class="indexterm" name="id289588"></a>domain master = yes, so that
+        parameter is used in conjunction with <a class="indexterm" name="id289694"></a>domain master = yes, so that
         <span><strong class="command">nmbd</strong></span> can guarantee becoming a domain master.
         </p><p>
@@ -3297 +3378 @@
         visible.</p><p>
         Note that if you just want all printers in your 
-        printcap file loaded then the <a class="indexterm" name="id289713"></a>load printers
+        printcap file loaded then the <a class="indexterm" name="id289819"></a>load printers
          option is easier.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>preload</code></em> = 
@@ -3305 +3386 @@
 </p></dd><dt><span class="term"><a name="PRESERVECASE"></a>preserve case (S)</span></dt><dd><p>
         This controls if new filenames are created with the case that the client passes, or if 
-        they are forced to be the <a class="indexterm" name="id289765"></a>default case.
+        they are forced to be the <a class="indexterm" name="id289871"></a>default case.
         </p><p>
         See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a> for a fuller discussion.
@@ -3314 +3395 @@
     specified for the service. </p><p>Note that a printable service will ALWAYS allow writing 
     to the service path (user privileges permitting) via the spooling 
-    of print data. The <a class="indexterm" name="id289950"></a>read only parameter controls only non-printing access to 
+    of print data. The <a class="indexterm" name="id290056"></a>read only parameter controls only non-printing access to 
     the resource.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printable</code></em> = no
 </em></span>
@@ -3332 +3413 @@
         </p><p>
         To use the CUPS printing interface set <span><strong class="command">printcap name = cups </strong></span>. This should
-        be supplemented by an addtional setting <a class="indexterm" name="id290088"></a>printing = cups in the [global]
+        be supplemented by an addtional setting <a class="indexterm" name="id290194"></a>printing = cups in the [global]
         section.  <span><strong class="command">printcap name = cups</strong></span> will use the  "dummy" printcap
         created by CUPS, as specified in your CUPS configuration file.
@@ -3385 +3466 @@
     be created but not processed and (most importantly) not removed.</p><p>Note that printing may fail on some UNIXes from the 
     <code class="constant">nobody</code> account. If this happens then create 
-    an alternative guest account that can print and set the <a class="indexterm" name="id290300"></a>guest account 
+    an alternative guest account that can print and set the <a class="indexterm" name="id290406"></a>guest account 
     in the [global] section.</p><p>You can form quite complex print commands by realizing 
     that they are just passed to a shell. For example the following 
@@ -3392 +3473 @@
     /tmp/print.log; lpr -P %p %s; rm %s</strong></span></p><p>You may have to vary this command considerably depending 
     on how you normally print files on your system. The default for 
-    the parameter varies depending on the setting of the <a class="indexterm" name="id290326"></a>printing
+    the parameter varies depending on the setting of the <a class="indexterm" name="id290432"></a>printing
         parameter.</p><p>Default: For <span><strong class="command">printing = BSD, AIX, QNX, LPRNG 
     or PLP :</strong></span></p><p><span><strong class="command">print command = lpr -r -P%p %s</strong></span></p><p>For <span><strong class="command">printing = SYSV or HPUX :</strong></span></p><p><span><strong class="command">print command = lp -c -d%p %s; rm %s</strong></span></p><p>For <span><strong class="command">printing = SOFTQ :</strong></span></p><p><span><strong class="command">print command = lp -d%p -s %s; rm %s</strong></span></p><p>For printing = CUPS :   If SAMBA is compiled against
-    libcups, then <a class="indexterm" name="id290382"></a>printcap = cups 
+    libcups, then <a class="indexterm" name="id290488"></a>printcap = cups 
     uses the CUPS API to
     submit jobs, etc.  Otherwise it maps to the System V
@@ -3427 +3508 @@
         does not have its own printer name specified.
         </p><p>
-        The default value of the <a class="indexterm" name="id290524"></a>printer name may be <code class="literal">lp</code> on many
+        The default value of the <a class="indexterm" name="id290630"></a>printer name may be <code class="literal">lp</code> on many
         systems.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>printer name</code></em> = none
@@ -3500 +3581 @@
     executed on the server host in order to resume the printer queue. It 
     is the command to undo the behavior that is caused by the 
-    previous parameter (<a class="indexterm" name="id290915"></a>queuepause command).</p><p>This command should be a program or script which takes 
+    previous parameter (<a class="indexterm" name="id291021"></a>queuepause command).</p><p>This command should be a program or script which takes 
     a printer name as its only parameter and resumes the printer queue, 
     such that queued jobs are resubmitted to the printer.</p><p>This command is not supported by Windows for Workgroups, 
@@ -3520 +3601 @@
 </p></dd><dt><span class="term"><a name="READLIST"></a>read list (S)</span></dt><dd><p>
         This is a list of users that are given read-only access to a service. If the connecting user is in this list
-        then they will not be given write access, no matter what the <a class="indexterm" name="id291037"></a>read only option is set
-        to. The list can include group names using the syntax described in the <a class="indexterm" name="id291045"></a>invalid users
+        then they will not be given write access, no matter what the <a class="indexterm" name="id291144"></a>read only option is set
+        to. The list can include group names using the syntax described in the <a class="indexterm" name="id291151"></a>invalid users
         parameter.
-        </p><p>This parameter will not work with the <a class="indexterm" name="id291056"></a>security = share in 
+        </p><p>This parameter will not work with the <a class="indexterm" name="id291162"></a>security = share in 
     Samba 3.0.  This is by design.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = 
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>read list</code></em> = mary, @students
 </em></span>
-</p></dd><dt><span class="term"><a name="READONLY"></a>read only (S)</span></dt><dd><p>An inverted synonym is <a class="indexterm" name="id291107"></a>writeable.</p><p>If this parameter is <code class="constant">yes</code>, then users 
+</p></dd><dt><span class="term"><a name="READONLY"></a>read only (S)</span></dt><dd><p>An inverted synonym is <a class="indexterm" name="id291214"></a>writeable.</p><p>If this parameter is <code class="constant">yes</code>, then users 
     of a service may not create or modify files in the service's 
     directory.</p><p>Note that a printable service (<span><strong class="command">printable = yes</strong></span>)
@@ -3564 +3645 @@
         the above line would cause <span><strong class="command">nmbd</strong></span> to announce itself 
         to the two given IP addresses using the given workgroup names. If you leave out the 
-        workgroup name then the one given in the <a class="indexterm" name="id291305"></a>workgroup parameter 
+        workgroup name then the one given in the <a class="indexterm" name="id291412"></a>workgroup parameter 
         is used instead.
         </p><p>
@@ -3601 +3682 @@
         is in fact the browse master on its segment.
         </p><p>
-        The <a class="indexterm" name="id291402"></a>remote browse sync may be used on networks
+        The <a class="indexterm" name="id291509"></a>remote browse sync may be used on networks
         where there is no WINS server, and may be used on disjoint networks where
         each network has its own WINS server.
@@ -3663 +3744 @@
         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
     The security advantage of using restrict anonymous = 2 is removed
-    by setting <a class="indexterm" name="id291576"></a>guest ok = yes on any share.
+    by setting <a class="indexterm" name="id291682"></a>guest ok = yes on any share.
         </p></div><p>Default: <span class="emphasis"><em><em class="parameter"><code>restrict anonymous</code></em> = 0
 </em></span>
@@ -3673 +3754 @@
     parts of the filesystem, or attempts to use ".." in file names 
     to access other directories (depending on the setting of the
-        <a class="indexterm" name="id291669"></a>wide smbconfoptions parameter).
+        <a class="indexterm" name="id291776"></a>wide smbconfoptions parameter).
     </p><p>Adding a <em class="parameter"><code>root directory</code></em> entry other 
     than "/" adds an extra level of security, but at a price. It 
@@ -3709 +3790 @@
         </p><p>
         This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not
-        in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id291883"></a>force  security mode, which works in a manner similar to this one but uses a logical OR instead of an AND. 
+        in this mask from being modified.  Make sure not to mix up this parameter with <a class="indexterm" name="id291989"></a>force  security mode, which works in a manner similar to this one but uses a logical OR instead of an AND. 
         </p><p>
         Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.
@@ -3746 +3827 @@
     is commonly used for a shared printer server. It is more difficult 
     to setup guest shares with <span><strong class="command">security = user</strong></span>, see 
-    the <a class="indexterm" name="id292056"></a>map to guestparameter for details.</p><p>It is possible to use <span><strong class="command">smbd</strong></span> in a <span class="emphasis"><em>
+    the <a class="indexterm" name="id292166"></a>map to guestparameter for details.</p><p>It is possible to use <span><strong class="command">smbd</strong></span> in a <span class="emphasis"><em>
     hybrid mode</em></span> where it is offers both user and share 
-    level security under different <a class="indexterm" name="id292077"></a>NetBIOS aliases. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they 
+    level security under different <a class="indexterm" name="id292187"></a>NetBIOS aliases. </p><p>The different settings will now be explained.</p><p><a name="SECURITYEQUALSSHARE"></a><span class="emphasis"><em>SECURITY = SHARE</em></span></p><p>When clients connect to a share level security server they 
     need not log onto the server with a valid username and password before 
     attempting to connect to a shared resource (although modern clients 
@@ -3761 +3842 @@
     techniques to determine the correct UNIX user to use on behalf
     of the client.</p><p>A list of possible UNIX usernames to match with the given
-    client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="indexterm" name="id292153"></a>guest only parameter is set, then all the other 
-            stages are missed and only the <a class="indexterm" name="id292160"></a>guest account username is checked.
+    client password is constructed using the following methods :</p><div class="itemizedlist"><ul type="disc"><li><p>If the <a class="indexterm" name="id292262"></a>guest only parameter is set, then all the other 
+            stages are missed and only the <a class="indexterm" name="id292270"></a>guest account username is checked.
             </p></li><li><p>Is a username is sent with the share connection 
-            request, then this username (after mapping - see <a class="indexterm" name="id292175"></a>username map), 
+            request, then this username (after mapping - see <a class="indexterm" name="id292284"></a>username map), 
             is added as a potential username.
             </p></li><li><p>If the client did a previous <span class="emphasis"><em>logon
@@ -3773 +3854 @@
             </p></li><li><p>The NetBIOS name of the client is added to 
             the list as a potential username.
-            </p></li><li><p>Any users on the <a class="indexterm" name="id292215"></a>user list are added as potential usernames.
+            </p></li><li><p>Any users on the <a class="indexterm" name="id292325"></a>user list are added as potential usernames.
             </p></li></ul></div><p>If the <em class="parameter"><code>guest only</code></em> parameter is 
     not set, then this list is then tried with the supplied password. 
@@ -3785 +3866 @@
     NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSUSER"></a><span class="emphasis"><em>SECURITY = USER</em></span></p><p>This is the default security setting in Samba 3.0. 
     With user-level security a client must first "log-on" with a 
-    valid username and password (which can be mapped using the <a class="indexterm" name="id292284"></a>username map 
-    parameter). Encrypted passwords (see the <a class="indexterm" name="id292292"></a>encrypted passwords parameter) can also
-    be used in this security mode. Parameters such as <a class="indexterm" name="id292300"></a>user and <a class="indexterm" name="id292307"></a>guest only if set      are then applied and 
+    valid username and password (which can be mapped using the <a class="indexterm" name="id292394"></a>username map 
+    parameter). Encrypted passwords (see the <a class="indexterm" name="id292402"></a>encrypted passwords parameter) can also
+    be used in this security mode. Parameters such as <a class="indexterm" name="id292409"></a>user and <a class="indexterm" name="id292416"></a>guest only if set      are then applied and 
     may change the UNIX user to use on this connection, but only after 
     the user has been successfully authenticated.</p><p><span class="emphasis"><em>Note</em></span> that the name of the resource being 
@@ -3793 +3874 @@
     the server has successfully authenticated the client. This is why 
     guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <a class="indexterm" name="id292326"></a>guest account. 
-    See the <a class="indexterm" name="id292334"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this
-    machine into a Windows NT Domain. It expects the <a class="indexterm" name="id292372"></a>encrypted passwords
+    the server to automatically map unknown users into the <a class="indexterm" name="id292436"></a>guest account. 
+    See the <a class="indexterm" name="id292443"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p><a name="SECURITYEQUALSDOMAIN"></a><span class="emphasis"><em>SECURITY = DOMAIN</em></span></p><p>This mode will only work correctly if <a href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a> has been used to add this
+    machine into a Windows NT Domain. It expects the <a class="indexterm" name="id292482"></a>encrypted passwords
         parameter to be set to <code class="constant">yes</code>. In this 
     mode Samba will try to validate the username/password by passing
@@ -3809 +3890 @@
     the server has successfully authenticated the client. This is why 
     guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <a class="indexterm" name="id292422"></a>guest account. 
-    See the <a class="indexterm" name="id292429"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
-    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292450"></a>password server parameter and
-         the <a class="indexterm" name="id292458"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>
+    the server to automatically map unknown users into the <a class="indexterm" name="id292532"></a>guest account. 
+    See the <a class="indexterm" name="id292539"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
+    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292560"></a>password server parameter and
+         the <a class="indexterm" name="id292567"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSSERVER"></a><span class="emphasis"><em>SECURITY = SERVER</em></span></p><p>
         In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
         NT box. If this fails it will revert to <span><strong class="command">security = user</strong></span>. It expects the
-        <a class="indexterm" name="id292484"></a>encrypted passwords parameter to be set to <code class="constant">yes</code>, unless the remote
+        <a class="indexterm" name="id292594"></a>encrypted passwords parameter to be set to <code class="constant">yes</code>, unless the remote
         server does not support them.  However note that if encrypted passwords have been negotiated then Samba cannot
         revert back to checking the UNIX password file, it must have a valid <code class="filename">smbpasswd</code> file to check users against. See the chapter about the User Database in
@@ -3835 +3916 @@
     the server has successfully authenticated the client. This is why 
     guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <a class="indexterm" name="id292542"></a>guest account. 
-    See the <a class="indexterm" name="id292549"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
-    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292570"></a>password server parameter and the 
-        <a class="indexterm" name="id292577"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSADS"></a><span class="emphasis"><em>SECURITY = ADS</em></span></p><p>In this mode, Samba will act as a domain member in an ADS realm. To operate 
+    the server to automatically map unknown users into the <a class="indexterm" name="id292651"></a>guest account. 
+    See the <a class="indexterm" name="id292658"></a>map to guest parameter for details on doing this.</p><p>See also the section <a href="#VALIDATIONSECT" title="NOTE ABOUT USERNAME/PASSWORD VALIDATION">
+    NOTE ABOUT USERNAME/PASSWORD VALIDATION</a>.</p><p>See also the <a class="indexterm" name="id292680"></a>password server parameter and the 
+        <a class="indexterm" name="id292687"></a>encrypted passwords parameter.</p><p><a name="SECURITYEQUALSADS"></a><span class="emphasis"><em>SECURITY = ADS</em></span></p><p>In this mode, Samba will act as a domain member in an ADS realm. To operate 
                 in this mode, the machine running Samba will need to have Kerberos installed 
                 and configured and Samba will need to be joined to the ADS realm using the 
@@ -3848 +3929 @@
 </p></dd><dt><span class="term"><a name="SERVERSCHANNEL"></a>server schannel (G)</span></dt><dd><p>
         This controls whether the server offers or even demands the use of the netlogon schannel.
-        <a class="indexterm" name="id292653"></a>server schannel = no does not offer the schannel, <a class="indexterm" name="id292660"></a>server schannel = auto offers the schannel but does not enforce it, and <a class="indexterm" name="id292668"></a>server schannel = yes denies access if the client is not able to speak netlogon schannel.
+        <a class="indexterm" name="id292762"></a>server schannel = no does not offer the schannel, <a class="indexterm" name="id292770"></a>server schannel = auto offers the schannel but does not enforce it, and <a class="indexterm" name="id292777"></a>server schannel = yes denies access if the client is not able to speak netlogon schannel.
         This is only the case for Windows NT4 before SP4.
         </p><p>
@@ -3921 +4002 @@
 </p></dd><dt><span class="term"><a name="SHORTPRESERVECASE"></a>short preserve case (S)</span></dt><dd><p>
         This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of
-        suitable length, are created upper case, or if they are forced to be the <a class="indexterm" name="id293202"></a>default case.
-        This  option can be use with <a class="indexterm" name="id293209"></a>preserve case = yes to permit long filenames
+        suitable length, are created upper case, or if they are forced to be the <a class="indexterm" name="id293312"></a>default case.
+        This  option can be use with <a class="indexterm" name="id293319"></a>preserve case = yes to permit long filenames
         to retain their case, while short names are lowered.
         </p><p>See the section on <a href="#NAMEMANGLINGSECT" title="NAME MANGLING">NAME MANGLING</a>.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>short preserve case</code></em> = yes
@@ -4022 +4103 @@
         If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or
         READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
-        as occurs with <a class="indexterm" name="id293812"></a>map hidden and <a class="indexterm" name="id293818"></a>map readonly).  When set, DOS
+        as occurs with <a class="indexterm" name="id293921"></a>map hidden and <a class="indexterm" name="id293928"></a>map readonly).  When set, DOS
         attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or
-        directory.  For no other mapping to occur as a fall-back, the parameters <a class="indexterm" name="id293827"></a>map hidden,
-        <a class="indexterm" name="id293834"></a>map system, <a class="indexterm" name="id293841"></a>map archive and <a class="indexterm" name="id293848"></a>map  readonly must be set to off.  This parameter writes the DOS attributes as a string into the extended
+        directory.  For no other mapping to occur as a fall-back, the parameters <a class="indexterm" name="id293937"></a>map hidden,
+        <a class="indexterm" name="id293944"></a>map system, <a class="indexterm" name="id293951"></a>map archive and <a class="indexterm" name="id293958"></a>map  readonly must be set to off.  This parameter writes the DOS attributes as a string into the extended
         attribute named "user.DOSATTRIB". This extended attribute is explicitly hidden from smbd clients requesting an
         EA list. On Linux the filesystem must have been mounted with the mount option user_xattr in order for
@@ -4167 +4248 @@
         in the smbpasswd file this parameter should be set to <code class="constant">no</code>.
         </p><p>
-        In order for this parameter to be operative the <a class="indexterm" name="id294608"></a>encrypt passwords parameter must 
-    be set to <code class="constant">no</code>. The default value of <a class="indexterm" name="id294618"></a>encrypt  passwords = Yes. Note: This must be set to <code class="constant">no</code> for this <a class="indexterm" name="id294629"></a>update encrypted to work.
+        In order for this parameter to be operative the <a class="indexterm" name="id294717"></a>encrypt passwords parameter must 
+    be set to <code class="constant">no</code>. The default value of <a class="indexterm" name="id294728"></a>encrypt  passwords = Yes. Note: This must be set to <code class="constant">no</code> for this <a class="indexterm" name="id294739"></a>update encrypted to work.
         </p><p>
         Note that even when this parameter is set a user authenticating to <span><strong class="command">smbd</strong></span>
@@ -4237 +4318 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="USERNAMEMAPSCRIPT"></a>username map script (G)</span></dt><dd><p>This script is a mutually exclusive alternative to the 
-        <a class="indexterm" name="id294901"></a>username map parameter.  This parameter 
+        <a class="indexterm" name="id295014"></a>username map parameter.  This parameter 
         specifies and external program or script that must accept a single 
         command line option (the username transmitted in the authentication
@@ -4303 +4384 @@
         <code class="constant">fred</code> is remapped to <code class="constant">mary</code> then you will actually be connecting to
         \\server\mary and will need to supply a password suitable for <code class="constant">mary</code> not
-        <code class="constant">fred</code>. The only exception to this is the username passed to the <a class="indexterm" name="id295094"></a>password server (if you have one). The password server will receive whatever username the client
+        <code class="constant">fred</code>. The only exception to this is the username passed to the <a class="indexterm" name="id295207"></a>password server (if you have one). The password server will receive whatever username the client
         supplies without  modification.
     </p><p>
@@ -4349 +4430 @@
     telnet session. The daemon runs as the user that they log in as, 
     so they cannot do anything that user cannot do.</p><p>To restrict a service to a particular set of users you 
-    can use the <a class="indexterm" name="id295255"></a>valid users parameter.</p><p>If any of the usernames begin with a '@' then the name 
+    can use the <a class="indexterm" name="id295368"></a>valid users parameter.</p><p>If any of the usernames begin with a '@' then the name 
     will be looked up first in the NIS netgroups list (if Samba 
     is compiled with netgroup support), followed by a lookup in 
@@ -4531 +4612 @@
         unix directory  separator '/'.
         </p><p>
-        Note that the <a class="indexterm" name="id295996"></a>case sensitive option is applicable in vetoing files.
+        Note that the <a class="indexterm" name="id296109"></a>case sensitive option is applicable in vetoing files.
         </p><p>
         One feature of the veto files parameter that it is important to be aware of is Samba's behaviour when
         trying to delete a directory. If a directory that is to be deleted contains nothing but veto files this
-        deletion will <span class="emphasis"><em>fail</em></span> unless you also set the <a class="indexterm" name="id296012"></a>delete veto files 
+        deletion will <span class="emphasis"><em>fail</em></span> unless you also set the <a class="indexterm" name="id296126"></a>delete veto files 
         parameter to <em class="parameter"><code>yes</code></em>.
         </p><p>
@@ -4555 +4636 @@
 </em></span>
 </p></dd><dt><span class="term"><a name="VETOOPLOCKFILES"></a>veto oplock files (S)</span></dt><dd><p>
-        This parameter is only valid when the <a class="indexterm" name="id296075"></a>oplocks
+        This parameter is only valid when the <a class="indexterm" name="id296189"></a>oplocks
         parameter is turned on for a share. It allows the Samba administrator
         to selectively turn off the granting of oplocks on selected files that
         match a wildcarded list, similar to the wildcarded list used in the
-        <a class="indexterm" name="id296084"></a>veto files parameter.
+        <a class="indexterm" name="id296197"></a>veto files parameter.
         </p><p>
         You might want to do this on files that you know will be heavily contended 
@@ -4600 +4681 @@
         again.</p><p>
         This does not apply to authentication requests, these are always 
-        evaluated in real time unless the <a class="indexterm" name="id296302"></a>winbind   offline logon option has been enabled.
+        evaluated in real time unless the <a class="indexterm" name="id296416"></a>winbind   offline logon option has been enabled.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind cache time</code></em> = 300
 </em></span>
@@ -4697 +4778 @@
         </p><p>
         This parameter is not deprecated in favor of the newer idmap_nss backend.
-        Refer to the <a class="indexterm" name="id296873"></a>idmap domains smb.conf option and
+        Refer to the <a class="indexterm" name="id296986"></a>idmap domains smb.conf option and
         the <a href="idmap_nss.8.html"><span class="citerefentry"><span class="refentrytitle">idmap_nss</span>(8)</span></a> man page for more information.
         </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>winbind trusted domains only</code></em> = no
@@ -4764 +4845 @@
         appear to be in when queried by clients. Note that this parameter 
         also controls the Domain name used with 
-        the <a class="indexterm" name="id297262"></a>security = domain
+        the <a class="indexterm" name="id297376"></a>security = domain
                 setting.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = WORKGROUP
 </em></span>
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>workgroup</code></em> = MYGROUP
 </em></span>
-</p></dd><dt><span class="term"><a name="WRITABLE"></a>writable</span></dt><dd><p>This parameter is a synonym for writeable.</p></dd><dt><span class="term"><a name="WRITEABLE"></a>writeable (S)</span></dt><dd><p>Inverted synonym for <a class="indexterm" name="id297335"></a>read only.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="WRITECACHESIZE"></a>write cache size (S)</span></dt><dd><p>If this integer parameter is set to non-zero value,
+</p></dd><dt><span class="term"><a name="WRITABLE"></a>writable</span></dt><dd><p>This parameter is a synonym for writeable.</p></dd><dt><span class="term"><a name="WRITEABLE"></a>writeable (S)</span></dt><dd><p>Inverted synonym for <a class="indexterm" name="id297449"></a>read only.</p><p><span class="emphasis"><em>No default</em></span></p></dd><dt><span class="term"><a name="WRITECACHESIZE"></a>write cache size (S)</span></dt><dd><p>If this integer parameter is set to non-zero value,
     Samba will create an in-memory cache for each oplocked file 
     (it does <span class="emphasis"><em>not</em></span> do this for 
@@ -4790 +4871 @@
     This is a list of users that are given read-write access to a service. If the 
     connecting user is in this list then they will be given write access, no matter 
-    what the <a class="indexterm" name="id297432"></a>read only option is set to. The list can 
+    what the <a class="indexterm" name="id297549"></a>read only option is set to. The list can 
     include group names using the @group syntax.
     </p><p>
@@ -4797 +4878 @@
     </p><p>
     By design, this parameter will not work with the 
-    <a class="indexterm" name="id297448"></a>security = share in Samba 3.0.
+    <a class="indexterm" name="id297565"></a>security = share in Samba 3.0.
     </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>write list</code></em> = 
 </em></span>
@@ -4818 +4899 @@
 </p><p>Example: <span class="emphasis"><em><em class="parameter"><code>wtmp directory</code></em> = /var/log/wtmp
 </em></span>
-</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id297581"></a><h2>WARNINGS</h2><p>
+</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id297698"></a><h2>WARNINGS</h2><p>
         Although the configuration file permits service names to contain spaces, your client software may not.
         Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
@@ -4831 +4912 @@
         care when designing these sections. In particular, ensure that the permissions on spool directories are
         correct.
-        </p></div><div class="refsect1" lang="en"><a name="id297624"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id297635"></a><h2>SEE ALSO</h2><p>
-        <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id297714"></a><h2>AUTHOR</h2><p>
+        </p></div><div class="refsect1" lang="en"><a name="id297741"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id297752"></a><h2>SEE ALSO</h2><p>
+        <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" lang="en"><a name="id297831"></a><h2>AUTHOR</h2><p>
         The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

trunk/samba/docs/htmldocs/manpages/smbclient.1.html

@@ -148 +148 @@
 accessing a service that does not require a password. </p><p>Unless a password is specified on the command line or
 this parameter is specified, the client will request a
-password.</p></dd><dt><span class="term">-k</span></dt><dd><p>
+password.</p><p>If a password is specified on the command line and this
+option is also defined the password on the command line will
+be silently ingnored and no password will be used.</p></dd><dt><span class="term">-k</span></dt><dd><p>
 Try to authenticate with kerberos. Only useful in
 an Active Directory environment.
@@ -175 +177 @@
 it in directly. </p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
 the NetBIOS name that Samba uses for itself. This is identical
-to setting the <a class="indexterm" name="id272379"></a> parameter in the <code class="filename">smb.conf</code> file. 
+to setting the <a class="indexterm" name="id272383"></a> parameter in the <code class="filename">smb.conf</code> file. 
 However, a command
 line setting will take precedence over settings in
@@ -260 +262 @@
                 commands to be executed instead of prompting from stdin. <em class="parameter"><code>
                 -N</code></em> is implied by <em class="parameter"><code>-c</code></em>.</p><p>This is particularly useful in scripts and for printing stdin 
-                to the server, e.g. <span><strong class="command">-c 'print -'</strong></span>. </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272823"></a><h2>OPERATIONS</h2><p>Once the client is running, the user is presented with 
+                to the server, e.g. <span><strong class="command">-c 'print -'</strong></span>. </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id272828"></a><h2>OPERATIONS</h2><p>Once the client is running, the user is presented with 
         a prompt : </p><p><code class="prompt">smb:\&gt; </code></p><p>The backslash ("\\") indicates the current working directory 
         on the server, and will change if the current working directory 
@@ -395 +397 @@
                 tar will only back up files with the archive bit set. In reset mode, 
                 tar will reset the archive bit on all files it backs up (implies 
-                read/write share). </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id273496"></a><h2>NOTES</h2><p>Some servers are fussy about the case of supplied usernames, 
+                read/write share). </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id273570"></a><h2>NOTES</h2><p>Some servers are fussy about the case of supplied usernames, 
         passwords, share names (AKA service names) and machine names. 
         If you fail to connect try giving all parameters in uppercase. 
@@ -402 +404 @@
         on a valid NetBIOS name being used, so you need to supply a valid 
         name that would be known to the server.</p><p>smbclient supports long file names where the server 
-        supports the LANMAN2 protocol or above. </p></div><div class="refsect1" lang="en"><a name="id273518"></a><h2>ENVIRONMENT VARIABLES</h2><p>The variable <code class="envar">USER</code> may contain the 
+        supports the LANMAN2 protocol or above. </p></div><div class="refsect1" lang="en"><a name="id273591"></a><h2>ENVIRONMENT VARIABLES</h2><p>The variable <code class="envar">USER</code> may contain the 
         username of the person  using the client. This information is 
         used only if the protocol  level is high enough to support 
@@ -412 +414 @@
         to instead of connecting to a server.  This functionality is primarily
         intended as a development aid, and works best when using a LMHOSTS 
-        file</p></div><div class="refsect1" lang="en"><a name="id273550"></a><h2>INSTALLATION</h2><p>The location of the client program is a matter for 
+        file</p></div><div class="refsect1" lang="en"><a name="id273624"></a><h2>INSTALLATION</h2><p>The location of the client program is a matter for 
         individual system administrators. The following are thus
         suggestions only. </p><p>It is recommended that the smbclient software be installed
@@ -423 +425 @@
         running SMB/CIFS server. It is possible to run <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> as an ordinary user - running that server as a daemon 
         on a user-accessible port (typically any port number over 1024)
-        would provide a suitable test server. </p></div><div class="refsect1" lang="en"><a name="id273600"></a><h2>DIAGNOSTICS</h2><p>Most diagnostics issued by the client are logged in a 
+        would provide a suitable test server. </p></div><div class="refsect1" lang="en"><a name="id273673"></a><h2>DIAGNOSTICS</h2><p>Most diagnostics issued by the client are logged in a 
         specified log file. The log file name is specified at compile time, 
         but may be overridden on the command line. </p><p>The number and nature of diagnostics available depends 
         on the debug level used by the client. If you have problems, 
-        set the debug level to 3 and peruse the log files. </p></div><div class="refsect1" lang="en"><a name="id273616"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id273626"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
+        set the debug level to 3 and peruse the log files. </p></div><div class="refsect1" lang="en"><a name="id273689"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id273700"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
         were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar 

trunk/samba/docs/htmldocs/manpages/smbcquotas.1.html

@@ -36 +36 @@
 accessing a service that does not require a password. </p><p>Unless a password is specified on the command line or
 this parameter is specified, the client will request a
-password.</p></dd><dt><span class="term">-k</span></dt><dd><p>
+password.</p><p>If a password is specified on the command line and this
+option is also defined the password on the command line will
+be silently ingnored and no password will be used.</p></dd><dt><span class="term">-k</span></dt><dd><p>
 Try to authenticate with kerberos. Only useful in
 an Active Directory environment.
@@ -61 +63 @@
 via the <span><strong class="command">ps</strong></span> command.  To be safe always allow
 <span><strong class="command">rpcclient</strong></span> to prompt for a password and type
-it in directly. </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271788"></a><h2>QUOTA_SET_COMAND</h2><p>The format of an the QUOTA_SET_COMMAND is an operation
+it in directly. </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271793"></a><h2>QUOTA_SET_COMAND</h2><p>The format of an the QUOTA_SET_COMMAND is an operation
         name followed by a set of parameters specific to that operation.
         </p><p>To set user quotas for the user specified by -u or for the
@@ -73 +75 @@
         </p><p><strong class="userinput"><code>
         FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT
-        </code></strong></p><p>All limits are specified as a number of bytes.</p></div><div class="refsect1" lang="en"><a name="id271836"></a><h2>EXIT STATUS</h2><p>The <span><strong class="command">smbcquotas</strong></span> program sets the exit status
+        </code></strong></p><p>All limits are specified as a number of bytes.</p></div><div class="refsect1" lang="en"><a name="id271841"></a><h2>EXIT STATUS</h2><p>The <span><strong class="command">smbcquotas</strong></span> program sets the exit status
         depending on the success or otherwise of the operations performed.
         The exit status may be one of the following values. </p><p>If the operation succeeded, smbcquotas returns an exit
@@ -79 +81 @@
         or when there was an error getting or setting the quota(s), an exit status
         of 1 is returned.  If there was an error parsing any command line
-        arguments, an exit status of 2 is returned. </p></div><div class="refsect1" lang="en"><a name="id271865"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id271875"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
+        arguments, an exit status of 2 is returned. </p></div><div class="refsect1" lang="en"><a name="id271870"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id271880"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
         were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar

trunk/samba/docs/htmldocs/manpages/smbtree.1.html

@@ -40 +40 @@
 accessing a service that does not require a password. </p><p>Unless a password is specified on the command line or
 this parameter is specified, the client will request a
-password.</p></dd><dt><span class="term">-k</span></dt><dd><p>
+password.</p><p>If a password is specified on the command line and this
+option is also defined the password on the command line will
+be silently ingnored and no password will be used.</p></dd><dt><span class="term">-k</span></dt><dd><p>
 Try to authenticate with kerberos. Only useful in
 an Active Directory environment.
@@ -66 +68 @@
 <span><strong class="command">rpcclient</strong></span> to prompt for a password and type
 it in directly. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id230536"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba 
-        suite.</p></div><div class="refsect1" lang="en"><a name="id230546"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
+</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id230540"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba 
+        suite.</p></div><div class="refsect1" lang="en"><a name="id230550"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
         were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar 

trunk/samba/docs/htmldocs/manpages/vfs_recycle.8.html

@@ -41 +41 @@
                 </p></dd><dt><span class="term">recycle:exclude = LIST</span></dt><dd><p>List of files that should not be put into the
                 repository when deleted, but deleted in the normal way.
+                Wildcards such as * and ? are supported.
                 </p></dd><dt><span class="term">recycle:exclude_dir = LIST</span></dt><dd><p>List of directories whose files should not be put
                 into the repository when deleted, but deleted in the
-                normal way.
+                normal way. Wildcards such as * and ? are supported.
                 </p></dd><dt><span class="term">recycle:noversions = LIST</span></dt><dd><p>Specifies a list of paths (wildcards such as *
                 and ? are supported) for which no versioning should
                 be used. Only useful when recycle:versions is enabled.
-                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id231520"></a><h2>EXAMPLES</h2><p>Log operations on all shares using the LOCAL1 facility
+                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id231521"></a><h2>EXAMPLES</h2><p>Log operations on all shares using the LOCAL1 facility
         and NOTICE priority:</p><pre class="programlisting">
         <em class="parameter"><code>[global]</code></em>
-        <a class="indexterm" name="id231539"></a>vfs objects = recycle
-        <a class="indexterm" name="id230493"></a>recycle:facility = LOCAL1
-        <a class="indexterm" name="id230500"></a>recycle:priority = NOTICE
+        <a class="indexterm" name="id231540"></a>vfs objects = recycle
+        <a class="indexterm" name="id230494"></a>recycle:facility = LOCAL1
+        <a class="indexterm" name="id230501"></a>recycle:priority = NOTICE
 </pre></div><div class="refsect1" lang="en"><a name="id230510"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
-        </p></div><div class="refsect1" lang="en"><a name="id230520"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
+        </p></div><div class="refsect1" lang="en"><a name="id230521"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
         were created by Andrew Tridgell. Samba is now developed
         by the Samba Team as an Open Source project similar