docs: Remove references to security=share and security=server from the smb.conf docs

8 files changed, 12 insertions, 83 deletions

diff --git a/docs-xml/smbdotconf/security/adminusers.xml b/docs-xml/smbdotconf/security/adminusers.xml
index d8f14b6d74..30adea9d97 100644
--- a/docs-xml/smbdotconf/security/adminusers.xml
+++ b/docs-xml/smbdotconf/security/adminusers.xml
@@ -11,9 +11,6 @@
     this list will be able to do anything they like on the share, 
     irrespective of file permissions.</para>
 
-    <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
-    Samba 3.0.  This is by design.</para>
-
 </description>
 
 <value type="default"/>
diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml
index 1a631fd098..fdf0cfd43e 100644
--- a/docs-xml/smbdotconf/security/encryptpasswords.xml
+++ b/docs-xml/smbdotconf/security/encryptpasswords.xml
@@ -32,7 +32,7 @@
     have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
     <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
     <manvolnum>8</manvolnum></citerefentry> program for information on how to set up 
-    and maintain this file), or set the <smbconfoption name="security">[server|domain|ads]</smbconfoption> parameter which 
+    and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which
     causes <command moreinfo="none">smbd</command> to authenticate against another 
 	server.</para>
 </description>
diff --git a/docs-xml/smbdotconf/security/maptoguest.xml b/docs-xml/smbdotconf/security/maptoguest.xml
index 0f680ae71c..09017bcb10 100644
--- a/docs-xml/smbdotconf/security/maptoguest.xml
+++ b/docs-xml/smbdotconf/security/maptoguest.xml
@@ -4,11 +4,6 @@
                  advanced="1" developer="1"
 		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>This parameter is only useful in <smbconfoption name="SECURITY">
-    security</smbconfoption> modes other than <parameter moreinfo="none">security = share</parameter> 
-    and <parameter moreinfo="none">security = server</parameter>
-    - i.e. <constant>user</constant>, and <constant>domain</constant>.</para>
-
     <para>This parameter can take four different values, which tell
     <citerefentry><refentrytitle>smbd</refentrytitle>
     <manvolnum>8</manvolnum></citerefentry> what to do with user 
@@ -55,20 +50,11 @@
     </itemizedlist>
 
     <para>Note that this parameter is needed to set up &quot;Guest&quot; 
-    share services when using <parameter moreinfo="none">security</parameter> modes other than 
-    share and server. This is because in these modes the name of the resource being
+    share services. This is because in these modes the name of the resource being
     requested is <emphasis>not</emphasis> sent to the server until after 
     the server has successfully authenticated the client so the server 
     cannot make authentication decisions at the correct time (connection 
-    to the share) for &quot;Guest&quot; shares. This parameter is not useful with
-    <parameter moreinfo="none">security = server</parameter> as in this security mode
-    no information is returned about whether a user logon failed due to
-    a bad username or bad password, the same error is returned from a modern server
-    in both cases.</para>
-
-    <para>For people familiar with the older Samba releases, this 
-    parameter maps to the old compile-time setting of the <constant>
-		GUEST_SESSSETUP</constant> value in local.h.</para>
+    to the share) for &quot;Guest&quot; shares. </para>
 </description>
 
 <value type="default">Never</value>
diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml
index ad242c4a41..18baa9bdbc 100644
--- a/docs-xml/smbdotconf/security/passwordserver.xml
+++ b/docs-xml/smbdotconf/security/passwordserver.xml
@@ -4,17 +4,16 @@
                  advanced="1" wizard="1" developer="1"
 		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>By specifying the name of another SMB server 
-    or Active Directory domain controller with this option, 
-    and using <command moreinfo="none">security = [ads|domain|server]</command> 
+    <para>By specifying the name of a domain controller with this option,
+    and using <command moreinfo="none">security = [ads|domain]</command>
     it is possible to get Samba
     to do all its username/password validation using a specific remote server.</para>
 
-    <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
-    <constant>domain</constant> or <constant>ads</constant>, then this option 
+    <para>Ideally, this option
     <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba 
     to determine the best DC to contact dynamically, just as all other hosts in an 
-    AD domain do.  This allows the domain to be maintained without modification to 
+    AD domain do.  This allows the domain to be maintained (addition
+    and removal of domain controllers) without modification to
     the smb.conf file.  The cryptographic protection on the authenticated RPC calls
     used to verify passwords ensures that this default is safe.</para>
 
@@ -39,50 +38,6 @@
     parameter <smbconfoption name="name resolve order"/> and so may resolved
     by any method and order described in that parameter.</para>
 
-    <para>If the <parameter moreinfo="none">security</parameter> parameter is 
-    set to <constant>server</constant>, these additional restrictions apply:</para>
-
-    <itemizedlist>
-	<listitem>
-	    <para>You may list several password servers in 
-	    the <parameter moreinfo="none">password server</parameter> parameter, however if an 
-	    <command moreinfo="none">smbd</command> makes a connection to a password server, 
-	    and then the password server fails, no more users will be able 
-	    to be authenticated from this <command moreinfo="none">smbd</command>.  This is a 
-	    restriction of the SMB/CIFS protocol when in <command moreinfo="none">security = server
-	    </command> mode and cannot be fixed in Samba.</para>
-	</listitem>
-	    
-	<listitem>
-	    <para>You will have to ensure that your users 
-	    are able to login from the Samba server, as when in <command moreinfo="none">
-	    security = server</command>  mode the network logon will appear to 
-	    come from the Samba server rather than from the users workstation.</para>
-	</listitem>
-
-	<listitem>
-	    <para>The client must not select NTLMv2 authentication.</para>
-	</listitem>
-
-	<listitem>
-	  <para>The password server must be a machine capable of using 
-	  the &quot;LM1.2X002&quot; or the &quot;NT LM 0.12&quot; protocol, and it must be in 
-	  user level security mode.</para>
-	</listitem>
-
-	<listitem>
-	  <para>Using a password server  means your UNIX box (running
-	  Samba) is only as secure as (a host masquerading as) your password server. <emphasis>DO NOT
-	  CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</emphasis>.
-	  </para>
-	</listitem>
-		
-	<listitem>
-	  <para>Never point a Samba server at itself for password serving.
-	  This will cause a loop and could lock up your Samba  server!</para>
-	</listitem>
-
-    </itemizedlist>
 </description>
 
 <related>security</related>
diff --git a/docs-xml/smbdotconf/security/readlist.xml b/docs-xml/smbdotconf/security/readlist.xml
index df6b4f129b..c874fef456 100644
--- a/docs-xml/smbdotconf/security/readlist.xml
+++ b/docs-xml/smbdotconf/security/readlist.xml
@@ -9,11 +9,7 @@
 	to. The list can include group names using the syntax described in the <smbconfoption name="invalid users"/>
 	parameter.
 	</para>
-  
-    <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in 
-    Samba 3.0.  This is by design.</para>
 </description>
-
 <related>write list</related>
 <related>invalid users</related>
 
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 453de94620..406089f2da 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -16,7 +16,7 @@
 
     <para>The alternatives are
     <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
-    </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = server</command>, which is deprecated.</para>
+    </command>, which support joining Samba to a Windows domain</para>
 
     <para>You should use <command moreinfo="none">security = user</command> and 
     <smbconfoption name="map to guest"/> if you 
diff --git a/docs-xml/smbdotconf/security/usernamemap.xml b/docs-xml/smbdotconf/security/usernamemap.xml
index fec7375f7f..21098fa463 100644
--- a/docs-xml/smbdotconf/security/usernamemap.xml
+++ b/docs-xml/smbdotconf/security/usernamemap.xml
@@ -12,7 +12,7 @@
 	</para>
 
     <para>
-	Please note that for user or share mode security, the username map is applied prior to validating the user
+	Please note that for user mode security, the username map is applied prior to validating the user
 	credentials.  Domain member servers (domain or ads) apply the username map after the user has been
 	successfully authenticated by the domain controller and require fully qualified entries in the map table (e.g.
 	biddle = <literal>DOMAIN\foo</literal>).
@@ -84,8 +84,8 @@ guest = *
 	Note that the remapping is applied to all occurrences of usernames.  Thus if you connect to \\server\fred and
 	<constant>fred</constant> is remapped to <constant>mary</constant> then you will actually be connecting to
 	\\server\mary and will need to supply a password suitable for <constant>mary</constant> not
-	<constant>fred</constant>. The only exception to this is the username passed to the <smbconfoption
-	name="password server"/> (if you have one). The password server will receive whatever username the client
+	<constant>fred</constant>. The only exception to this is the
+	username passed to a Domain Controller (if you have one). The DC will receive whatever username the client
 	supplies without  modification.
     </para>
 
diff --git a/docs-xml/smbdotconf/security/writelist.xml b/docs-xml/smbdotconf/security/writelist.xml
index 60db3f19f0..c17db81743 100644
--- a/docs-xml/smbdotconf/security/writelist.xml
+++ b/docs-xml/smbdotconf/security/writelist.xml
@@ -15,11 +15,6 @@
     given write access.
     </para>
 
-    <para>
-    By design, this parameter will not work with the 
-    <smbconfoption name="security">share</smbconfoption> in Samba 3.0.
-    </para>
-
 </description>
 
 <related>read list</related>