more updates. Conversion almost done. 2 more man pages

(then all the ASCII stuff)
(This used to be commit 7247027e833616bfe9350253cc1e6cdb236b2cdf)

3 files changed, 639 insertions, 702 deletions

diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
index 9f5c00c6c4..fd8ca13591 100644
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@@ -1,192 +1,191 @@
-.TH "smbcacls " "1" "22 Dec 2000" "Samba" "SAMBA" 
-.PP 
-.SH "NAME" 
-smbcacls \- Set or get ACLs on an NT file or directory 
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBsmbcacls\fP //server/share filename [-U username]
-[-A acls] [-M acls] 
-[-D acls] [-S acls] 
-[-C name] [-G name]
-[-n] [-h]
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-The \fBsmbcacls\fP program manipulates NT Access Control Lists (ACLs) on
-SMB file shares\&.
-.PP 
-.SH "OPTIONS" 
-.PP 
-The following options are available to the \fBsmbcacls\fP program\&.  The
-format of ACLs is described in the section ACL FORMAT
-.PP 
-.IP 
-.IP "\fB-A acls\fP" 
-.IP 
-Add the ACLs specified to the ACL list\&.  Existing access control entries
-are unchanged\&.
-.IP 
-.IP "\fB-M acls\fP" 
-.IP 
-Modify the mask value (permissions) for the ACLs specified on the command
-line\&.  An error will be printed for each ACL specified that was not already
-present in the ACL list\&.
-.IP 
-.IP "\fB-D acls\fP" 
-.IP 
-Delete any ACLs specfied on the command line\&.  An error will be printed for
-each ACL specified that was not already present in the ACL list\&.
-.IP 
-.IP "\fB-S acls\fP" 
-.IP 
-This command sets the ACLs on the file with only the ones specified on the
-command line\&.  All other ACLs are erased\&.  Note that the ACL specified must
-contain at least a revision, type, owner and group for the call to succeed\&.
-.IP 
-.IP "\fB-U username\fP" 
-.IP 
-Specifies a username used to connect to the specified service\&.  The
-username may be of the form \f(CWusername\fP in which case the user is
-prompted to enter in a password and the workgroup specified in the
-\fBsmb\&.conf\fP file is used, or \f(CWusername%password\fP
-or \f(CWDOMAIN\eusername%password\fP and the password and workgroup names are
-used as provided\&.
-.IP 
-.IP "\fB-C name\fP" 
-.IP 
-The owner of a file or directory can be changed to the name given
-using the -C option\&.  The name can be a sid in the form \f(CWS-1-x-y-z\fP or a
-name resolved against the server specified in the first argument\&.
-.IP 
-This command is a shortcut for \f(CW-M OWNER:name\fP\&.
-.IP 
-.IP "\fB-G name\fP" 
-.IP 
-The group owner of a file or directory can be changed to the name given
-using the -G option\&.  The name can be a sid in the form \f(CWS-1-x-y-z\fP or a
-name resolved against the server specified in the first argument\&.
-.IP 
-This command is a shortcut for \f(CW-M GROUP:name\fP\&.
-.IP 
-.IP "\fB-n\fP" 
-.IP 
-This option displays all ACL information in numeric format\&.  The default is
-to convert SIDs to names and ACE types and masks to a readable string
-format\&. 
-.IP 
-.IP "\fB-h\fP" 
-.IP 
-Print usage information on the \fBsmbcacls\fP program
-.IP 
-.PP 
-.SH "ACL FORMAT" 
-.PP 
-The format of an ACL is one or more ACL entries separated by either 
-commas or newlines\&.  An ACL entry is one of the following:
-.PP 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBCACLS" "1" "22 February 2001" "" ""
+.SH NAME
+smbcacls \- Set or get ACLs on an NT file or directory names
+.SH SYNOPSIS
+.sp
+\fBnmblookup\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ]  [ \fB-A acls\fR ]  [ \fB-M acls\fR ]  [ \fB-D acls\fR ]  [ \fB-S acls\fR ]  [ \fB-C name\fR ]  [ \fB-G name\fR ]  [ \fB-n\fR ]  [ \fB-h\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba <URL:samba.7.html> suite.
+.PP
+The smbcacls program manipulates NT Access Control Lists 
+(ACLs) on SMB file shares. 
+.SH "OPTIONS"
+.PP
+The following options are available to the smbcacls program. 
+The format of ACLs is described in the section ACL FORMAT 
+.TP
+\fB-A acls\fR
+Add the ACLs specified to the ACL list. Existing 
+access control entries are unchanged. 
+.TP
+\fB-M acls\fR
+Modify the mask value (permissions) for the ACLs 
+specified on the command line. An error will be printed for each 
+ACL specified that was not already present in the ACL list
+.TP
+\fB-D acls\fR
+Delete any ACLs specfied on the command line. 
+An error will be printed for each ACL specified that was not 
+already present in the ACL list. 
+.TP
+\fB-S acls\fR
+This command sets the ACLs on the file with 
+only the ones specified on the command line. All other ACLs are 
+erased. Note that the ACL specified must contain at least a revision, 
+type, owner and group for the call to succeed. 
+.TP
+\fB-U username\fR
+Specifies a username used to connect to the 
+specified service. The username may be of the form "username" in 
+which case the user is prompted to enter in a password and the 
+workgroup specified in the \fIsmb.conf\fR file is 
+used, or "username%password" or "DOMAIN\\username%password" and the 
+password and workgroup names are used as provided. 
+.TP
+\fB-C name\fR
+The owner of a file or directory can be changed 
+to the name given using the \fI-C\fR option. 
+The name can be a sid in the form S-1-x-y-z or a name resolved 
+against the server specified in the first argument. 
 
-.nf 
+This command is a shortcut for -M OWNER:name. 
+.TP
+\fB-G name\fR
+The group owner of a file or directory can 
+be changed to the name given using the \fI-G\fR 
+option. The name can be a sid in the form S-1-x-y-z or a name 
+resolved against the server specified n the first argument.
+
+This command is a shortcut for -M GROUP:name.
+.TP
+\fB-n\fR
+This option displays all ACL information in numeric 
+format. The default is to convert SIDs to names and ACE types 
+and masks to a readable string format. 
+.TP
+\fB-h\fR
+Print usage information on the \fBsmbcacls
+\fRprogram.
+.SH "ACL FORMAT"
+.PP
+The format of an ACL is one or more ACL entries separated by 
+either commas or newlines. An ACL entry is one of the following: 
+.PP
+.sp
+.nf
  
 REVISION:<revision number>
 OWNER:<sid or name>
 GROUP:<sid or name>
 ACL:<sid or name>:<type>/<flags>/<mask>
-.fi 
- 
-
-.PP 
-The revision of the ACL specifies the internal Windows NT ACL revision for
-the security descriptor\&.  If not specified it defaults to 1\&.  Using values
-other than 1 may cause strange behaviour\&.
-.PP 
-The owner and group specify the owner and group sids for the object\&.  If a
-SID in the format \f(CWS-1-x-y-z\fP is specified this is used, otherwise
-the name specified is resolved using the server on which the file or
-directory resides\&.
-.PP 
-ACLs specify permissions granted to the SID\&.  This SID again can be
-specified in \f(CWS-1-x-y-z\fP format or as a name in which case it is resolved
-against the server on which the file or directory resides\&.  The type, flags
-and mask values determine the type of access granted to the SID\&.
-.PP 
-The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to
-the SID\&.  The flags values are generally zero for file ACLs and either 9 or
-2 for directory ACLs\&.  Some common flags are:
-.PP 
-
-.nf 
- 
-#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1
-#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
-#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8
-.fi 
- 
-
-.PP 
-At present flags can only be specified as decimal or hexadecimal values\&. 
-.PP 
-The mask is a value which expresses the access right granted to the SID\&.
-It can be given as a decimal or hexadecimal value, or by using one of the
-following text strings which map to the NT file permissions of the same
-name\&.
-.PP 
-.IP 
-.IP "" 
-\f(CWR\fP 	Allow read access
-.IP 
-.IP "" 
-\f(CWW\fP 	Allow write access
-.IP 
-.IP "" 
-\f(CWX\fP 	Execute permission on the object
-.IP 
-.IP "" 
-\f(CWD\fP 	Delete the object
-.IP 
-.IP "" 
-\f(CWP\fP 	Change permissions
-.IP 
-.IP "" 
-\f(CWO\fP	Take ownership
-.IP 
-.PP 
+	
+.sp
+.fi
+.PP
+The revision of the ACL specifies the internal Windows 
+NT ACL revision for the security descriptor. 
+If not specified it defaults to 1. Using values other than 1 may 
+cause strange behaviour. 
+.PP
+The owner and group specify the owner and group sids for the 
+object. If a SID in the format CWS-1-x-y-z is specified this is used, 
+otherwise the name specified is resolved using the server on which 
+the file or directory resides. 
+.PP
+ACLs specify permissions granted to the SID. This SID again 
+can be specified in CWS-1-x-y-z format or as a name in which case 
+it is resolved against the server on which the file or directory 
+resides. The type, flags and mask values determine the type of 
+access granted to the SID. 
+.PP
+The type can be either 0 or 1 corresponding to ALLOWED or 
+DENIED access to the SID. The flags values are generally
+zero for file ACLs and either 9 or 2 for directory ACLs. Some 
+common flags are: 
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
+.TP 0.2i
+\(bu
+#define SEC_ACE_FLAG_INHERIT_ONLY 0x8
+.PP
+At present flags can only be specified as decimal or 
+hexadecimal values.
+.PP
+.PP
+The mask is a value which expresses the access right 
+granted to the SID. It can be given as a decimal or hexadecimal value, 
+or by using one of the following text strings which map to the NT 
+file permissions of the same name. 
+.PP
+.TP 0.2i
+\(bu
+\fBR\fR - Allow read access 
+.TP 0.2i
+\(bu
+\fBW\fR - Allow write access
+.TP 0.2i
+\(bu
+\fBX\fR - Execute permission on the object
+.TP 0.2i
+\(bu
+\fBD\fR - Delete the object
+.TP 0.2i
+\(bu
+\fBP\fR - Change permissions
+.TP 0.2i
+\(bu
+\fBO\fR - Take ownership
+.PP
 The following combined permissions can be specified:
-.PP 
-.IP 
-.IP "" 
-\f(CWREAD\fP	 
-.IP 
-Equivalent to \f(CWRX\fP permissions
-.IP 
-.IP "" 
-\f(CWCHANGE\fP 
-.IP 
-Equivalent to \f(CWRXWD\fP permissions
-.IP 
-.IP "" 
-\f(CWFULL\fP   
-.IP 
-Equivalent to \f(CWRWXDPO\fP permissions
-.IP 
-.PP 
-.SH "EXIT STATUS" 
-.PP 
-The \fBsmbcacls\fP program sets the exit status depending on the success or
-otherwise of the operations performed\&.  The exit status may be one of the
-following values\&.
-.PP 
-If the operation succeded, \fBsmbcacls\fP returns and exit status of 0\&.  If
-\fBsmbcacls\fP couldn\'t connect to the specified server, or there was an
-error getting or setting the ACLs, an exit status of 1 is returned\&.  If
-there was an error parsing any command line arguments, an exit status of 2
-is returned\&.
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
-Source project\&.
-.PP 
-\fBsmbcacls\fP was written by Andrew Tridgell and Tim Potter\&.
+.PP
+.TP 0.2i
+\(bu
+\fBREAD\fR - Equivalent to 'RX'
+permissions
+.TP 0.2i
+\(bu
+\fBCHANGE\fR - Equivalent to 'RXWD' permissions
+.TP 0.2i
+\(bu
+\fBFULL\fR - Equivalent to 'RWXDPO' 
+permissions
+.SH "EXIT STATUS"
+.PP
+The \fBsmbcacls\fR program sets the exit status 
+depending on the success or otherwise of the operations performed. 
+The exit status may be one of the following values. 
+.PP
+If the operation succeded, smbcacls returns and exit 
+status of 0. If smbcacls couldn't connect to the specified server, 
+or there was an error getting or setting the ACLs, an exit status 
+of 1 is returned. If there was an error parsing any command line 
+arguments, an exit status of 2 is returned. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+\fBsmbcacls\fR was written by Andrew Tridgell 
+and Tim Potter.
+.PP
+The conversion to DocBook for Samba 2.2 was done 
+by Gerald Carter
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index bc87d134d2..fef3713425 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -1,214 +1,159 @@
-.TH "smbpasswd " "5" "23 Oct 1998" "Samba" "SAMBA" 
-.PP 
-.SH "NAME" 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBPASSWD" "5" "22 February 2001" "" ""
+.SH NAME
 smbpasswd \- The Samba encrypted password file
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-smbpasswd is the \fBSamba\fP encrypted password file\&.
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This file is part of the \fBSamba\fP suite\&.
-.PP 
-smbpasswd is the \fBSamba\fP encrypted password file\&. It contains
-the username, Unix user id and the SMB hashed passwords of the
-user, as well as account flag information and the time the password
-was last changed\&. This file format has been evolving with Samba
-and has had several different formats in the past\&.
-.PP 
-.SH "FILE FORMAT" 
-.PP 
-The format of the smbpasswd file used by Samba 2\&.0 is very similar to
-the familiar Unix \fBpasswd (5)\fP file\&. It is an ASCII file containing
-one line for each user\&. Each field within each line is separated from
-the next by a colon\&. Any entry beginning with # is ignored\&. The
-smbpasswd file contains the following information for each user:
-.PP 
-.IP 
-.IP "\fBname\fP" 
-.br 
-.br 
-.IP 
-This is the user name\&. It must be a name that already exists
-in the standard UNIX passwd file\&.
-.IP 
-.IP "\fBuid\fP" 
-.br 
-.br 
-.IP 
-This is the UNIX uid\&. It must match the uid field for the same
-user entry in the standard UNIX passwd file\&. If this does not
-match then Samba will refuse to recognize this \fBsmbpasswd\fP file entry
-as being valid for a user\&.
-.IP 
-.IP "\fBLanman Password Hash\fP" 
-.br 
-.br 
-.IP 
-This is the \fILANMAN\fP hash of the users password, encoded as 32 hex
-digits\&. The \fILANMAN\fP hash is created by DES encrypting a well known
-string with the users password as the DES key\&. This is the same
-password used by Windows 95/98 machines\&. Note that this password hash
-is regarded as weak as it is vulnerable to dictionary attacks and if
-two users choose the same password this entry will be identical (i\&.e\&.
-the password is not \fI"salted"\fP as the UNIX password is)\&. If the
-user has a null password this field will contain the characters
-\f(CW"NO PASSWORD"\fP as the start of the hex string\&. If the hex string
-is equal to 32 \f(CW\'X\'\fP characters then the users account is marked as
-\fIdisabled\fP and the user will not be able to log onto the Samba
-server\&.
-.IP 
-\fIWARNING !!\fP\&. Note that, due to the challenge-response nature of the
-SMB/CIFS authentication protocol, anyone with a knowledge of this
-password hash will be able to impersonate the user on the network\&.
-For this reason these hashes are known as \fI"plain text equivalent"\fP
-and must \fINOT\fP be made available to anyone but the root user\&. To
-protect these passwords the \fBsmbpasswd\fP file is placed in a
-directory with read and traverse access only to the root user and the
-\fBsmbpasswd\fP file itself must be set to be read/write only by root,
-with no other access\&.
-.IP 
-.IP "\fBNT Password Hash\fP" 
-.br 
-.br 
-.IP 
-This is the \fIWindows NT\fP hash of the users password, encoded as 32
-hex digits\&. The \fIWindows NT\fP hash is created by taking the users
-password as represented in 16-bit, little-endian UNICODE and then
-applying the \fIMD4\fP (internet rfc1321) hashing algorithm to it\&.
-.IP 
-This password hash is considered more secure than the \fBLanman
-Password Hash\fP as it preserves the case of the
-password and uses a much higher quality hashing algorithm\&. However, it
-is still the case that if two users choose the same password this
-entry will be identical (i\&.e\&. the password is not \fI"salted"\fP as the
-UNIX password is)\&.
-.IP 
-\fIWARNING !!\fP\&. Note that, due to the challenge-response nature of the
-SMB/CIFS authentication protocol, anyone with a knowledge of this
-password hash will be able to impersonate the user on the network\&.
-For this reason these hashes are known as \fI"plain text equivalent"\fP
-and must \fINOT\fP be made available to anyone but the root user\&. To
-protect these passwords the \fBsmbpasswd\fP file is placed in a
-directory with read and traverse access only to the root user and the
-\fBsmbpasswd\fP file itself must be set to be read/write only by root,
-with no other access\&.
-.IP 
-.IP "\fBAccount Flags\fP" 
-.br 
-.br 
-.IP 
-This section contains flags that describe the attributes of the users
-account\&. In the \fBSamba2\&.0\fP release this field is bracketed by \f(CW\'[\'\fP
-and \f(CW\']\'\fP characters and is always 13 characters in length (including
-the \f(CW\'[\'\fP and \f(CW\']\'\fP characters)\&. The contents of this field may be
-any of the characters\&.
-.IP 
-.IP 
-.IP o 
-\fB\'U\'\fP This means this is a \fI"User"\fP account, i\&.e\&. an ordinary
-user\&. Only \fBUser\fP and \fBWorkstation Trust\fP accounts are
-currently supported in the \fBsmbpasswd\fP file\&.
-.IP 
-.IP o 
-\fB\'N\'\fP This means the account has \fIno\fP password (the passwords
-in the fields \fBLanman Password Hash\fP and
-\fBNT Password Hash\fP are ignored)\&. Note that this
-will only allow users to log on with no password if the 
-\fBnull passwords\fP parameter is set
-in the \fBsmb\&.conf (5)\fP config file\&.
-.IP 
-.IP o 
-\fB\'D\'\fP This means the account is disabled and no SMB/CIFS logins 
-will be	allowed for this user\&.
-.IP 
-.IP o 
-\fB\'W\'\fP This means this account is a \fI"Workstation Trust"\fP account\&.
-This kind of account is used in the Samba PDC code stream to allow Windows
-NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
-.IP 
-.IP 
-Other flags may be added as the code is extended in future\&. The rest of
-this field space is filled in with spaces\&.
-.IP 
-.IP "\fBLast Change Time\fP" 
-.br 
-.br 
-.IP 
-This field consists of the time the account was last modified\&. It consists of
-the characters \f(CWLCT-\fP (standing for \fI"Last Change Time"\fP) followed by a numeric
-encoding of the UNIX time in seconds since the epoch (1970) that the last change
-was made\&.
-.IP 
-.IP "\fBFollowing fields\fP" 
-.br 
-.br 
-.IP 
-All other colon separated fields are ignored at this time\&.
-.IP 
-.PP 
-.SH "NOTES" 
-.PP 
-In previous versions of Samba (notably the 1\&.9\&.18 series) this file
-did not contain the \fBAccount Flags\fP or 
-\fBLast Change Time\fP fields\&. The Samba 2\&.0
-code will read and write these older password files but will not be able to
-modify the old entries to add the new fields\&. New entries added with
-\fBsmbpasswd (8)\fP will contain the new fields
-in the added accounts however\&. Thus an older \fBsmbpasswd\fP file used
-with Samba 2\&.0 may end up with some accounts containing the new fields
-and some not\&.
-.PP 
-In order to convert from an old-style \fBsmbpasswd\fP file to a new
-style, run the script \fBconvert_smbpasswd\fP, installed in the
-Samba \f(CWbin/\fP directory (the same place that the \fBsmbd\fP
-and \fBnmbd\fP binaries are installed) as follows:
-.PP 
+.SH SYNOPSIS
+.PP
+\fIsmbpasswd\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba <URL:samba.7.html> suite.
+.PP
+smbpasswd is the Samba encrypted password file. It contains 
+the username, Unix user id and the SMB hashed passwords of the 
+user, as well as account flag information and the time the 
+password was last changed. This file format has been evolving with 
+Samba and has had several different formats in the past. 
+.SH "FILE FORMAT"
+.PP
+The format of the smbpasswd file used by Samba 2.2 
+is very similar to the familiar Unix \fIpasswd(5)\fR 
+file. It is an ASCII file containing one line for each user. Each field 
+ithin each line is separated from the next by a colon. Any entry 
+beginning with '#' is ignored. The smbpasswd file contains the 
+following information for each user: 
+.TP
+\fBname\fR
+This is the user name. It must be a name that 
+already exists in the standard UNIX passwd file. 
+.TP
+\fBuid\fR
+This is the UNIX uid. It must match the uid
+field for the same user entry in the standard UNIX passwd file. 
+If this does not match then Samba will refuse to recognize 
+this smbpasswd file entry as being valid for a user. 
+.TP
+\fBLanman Password Hash\fR
+This is the LANMAN hash of the users password, 
+encoded as 32 hex digits. The LANMAN hash is created by DES 
+encrypting a well known string with the users password as the 
+DES key. This is the same password used by Windows 95/98 machines. 
+Note that this password hash is regarded as weak as it is
+vulnerable to dictionary attacks and if two users choose the 
+same password this entry will be identical (i.e. the password 
+is not "salted" as the UNIX password is). If the user has a 
+null password this field will contain the characters "NO PASSWORD" 
+as the start of the hex string. If the hex string is equal to 
+32 'X' characters then the users account is marked as 
+disabled and the user will not be able to 
+log onto the Samba server. 
 
-.nf 
- 
+\fBWARNING !!\fR Note that, due to 
+the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will 
+be able to impersonate the user on the network. For this
+reason these hashes are known as \fBplain text 
+equivalents\fR and must \fBNOT\fR be made 
+available to anyone but the root user. To protect these passwords 
+the smbpasswd file is placed in a directory with read and 
+traverse access only to the root user and the smbpasswd file 
+itself must be set to be read/write only by root, with no
+other access. 
+.TP
+\fBNT Password Hash\fR
+This is the Windows NT hash of the users 
+password, encoded as 32 hex digits. The Windows NT hash is 
+created by taking the users password as represented in 
+16-bit, little-endian UNICODE and then applying the MD4 
+(internet rfc1321) hashing algorithm to it. 
 
+This password hash is considered more secure than
+the Lanman Password Hash as it preserves the case of the 
+password and uses a much higher quality hashing algorithm. 
+However, it is still the case that if two users choose the same 
+password this entry will be identical (i.e. the password is 
+not "salted" as the UNIX password is). 
 
-    cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file
-
-
-.fi 
- 
-
-.PP 
-The \fBconvert_smbpasswd\fP script reads from stdin and writes to stdout
-so as not to overwrite any files by accident\&.
-.PP 
-Once this script has been run, check the contents of the new smbpasswd
-file to ensure that it has not been damaged by the conversion script
-(which uses \fBawk\fP), and then replace the \f(CW<old smbpasswd file>\fP
-with the \f(CW<new smbpasswd file>\fP\&.
-.PP 
-.SH "VERSION" 
-.PP 
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP 
-.SH "SEE ALSO" 
-.PP 
-\fBsmbpasswd (8)\fP, \fBsamba
-(7)\fP, and the Internet RFC1321 for details on the MD4
-algorithm\&.
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba\&.org\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP 
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP) 
-and updated for the Samba2\&.0 release by Jeremy
-Allison, samba@samba\&.org\&.
-.PP 
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+\fBWARNING !!\fR. Note that, due to 
+the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will 
+be able to impersonate the user on the network. For this
+reason these hashes are known as \fBplain text 
+equivalents\fR and must \fBNOT\fR be made 
+available to anyone but the root user. To protect these passwords 
+the smbpasswd file is placed in a directory with read and 
+traverse access only to the root user and the smbpasswd file 
+itself must be set to be read/write only by root, with no
+other access. 
+.TP
+\fBAccount Flags\fR
+This section contains flags that describe 
+the attributes of the users account. In the Samba 2.2 release 
+this field is bracketed by '[' and ']' characters and is always 
+13 characters in length (including the '[' and ']' characters).
+The contents of this field may be any of the characters.
+.RS
+.TP 0.2i
+\(bu
+\fBU\fR - This means 
+this is a "User" account, i.e. an ordinary user. Only User 
+and Workstation Trust accounts are currently supported 
+in the smbpasswd file. 
+.TP 0.2i
+\(bu
+\fBN\fR - This means the
+account has no password (the passwords in the fields Lanman 
+Password Hash and NT Password Hash are ignored). Note that this 
+will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
+\fR <URL:smb.conf.5.html#NULLPASSWORDS> config file. 
+.TP 0.2i
+\(bu
+\fBD\fR - This means the account 
+is disabled and no SMB/CIFS logins will be allowed for 
+this user. 
+.TP 0.2i
+\(bu
+\fBW\fR - This means this account 
+is a "Workstation Trust" account. This kind of account is used 
+in the Samba PDC code stream to allow Windows NT Workstations 
+and Servers to join a Domain hosted by a Samba PDC. 
+.RE
+.PP
+Other flags may be added as the code is extended in future.
+The rest of this field space is filled in with spaces. 
+.PP
+.TP
+\fBLast Change Time\fR
+This field consists of the time the account was 
+last modified. It consists of the characters 'LCT-' (standing for 
+"Last Change Time") followed by a numeric encoding of the UNIX time 
+in seconds since the epoch (1970) that the last change was made. 
+.PP
+All other colon separated fields are ignored at this time.
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbpasswd(8)\fR <URL:smbpasswd.8.html>, 
+samba(7) <URL:samba.7.html>, and
+the Internet RFC1321 for details on the MD4 algorithm.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index be70fad031..3c134913a9 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -1,308 +1,301 @@
-.TH "smbpasswd " "8" "23 Oct 1998" "Samba" "SAMBA" 
-.PP 
-.SH "NAME" 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBPASSWD" "8" "22 February 2001" "" ""
+.SH NAME
 smbpasswd \- change a users SMB password
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBsmbpasswd\fP [-a] [-x] [-d] [-e] [-D debug level] [-n] [-r remote_machine] [-R name resolve order] [-m] [-j DOMAIN] [-U username] [-h] [-s] username
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This program is part of the \fBSamba\fP suite\&.
-.PP 
-The \fBsmbpasswd\fP program has several different functions, depending
-on whether it is run by the \fIroot\fP user or not\&. When run as a normal
-user it allows the user to change the password used for their SMB
-sessions on any machines that store SMB passwords\&.
-.PP 
-By default (when run with no arguments) it will attempt to change the
-current users SMB password on the local machine\&. This is similar to
-the way the \fBpasswd (1)\fP program works\&. \fBsmbpasswd\fP differs from how
-the \fBpasswd\fP program works however in that it is not \fIsetuid root\fP
-but works in a client-server mode and communicates with a locally
-running \fBsmbd\fP\&. As a consequence in order for this
-to succeed the \fBsmbd\fP daemon must be running on
-the local machine\&. On a UNIX machine the encrypted SMB passwords are
-usually stored in the \fBsmbpasswd (5)\fP file\&.
-.PP 
-When run by an ordinary user with no options\&. \fBsmbpasswd\fP will
-prompt them for their old smb password and then ask them for their new
-password twice, to ensure that the new password was typed
-correctly\&. No passwords will be echoed on the screen whilst being
-typed\&. If you have a blank smb password (specified by the string "NO
-PASSWORD" in the \fBsmbpasswd\fP file) then just
-press the <Enter> key when asked for your old password\&.
-.PP 
-\fBsmbpasswd\fP can also be used by a normal user to change their SMB
-password on remote machines, such as Windows NT Primary Domain
-Controllers\&. See the (\fB-r\fP) and
-\fB-U\fP options below\&.
-.PP 
-When run by root, \fBsmbpasswd\fP allows new users to be added and
-deleted in the \fBsmbpasswd\fP file, as well as
-allows changes to the attributes of the user in this file to be made\&. When
-run by root, \fBsmbpasswd\fP accesses the local
-\fBsmbpasswd\fP file directly, thus enabling
-changes to be made even if \fBsmbd\fP is not running\&.
-.PP 
-.SH "OPTIONS" 
-.PP 
-.IP 
-.IP "\fB-a\fP" 
-This option specifies that the username following should
-be added to the local \fBsmbpasswd\fP file, with
-the new password typed (type <Enter> for the old password)\&. This
-option is ignored if the username following already exists in the
-\fBsmbpasswd\fP file and it is treated like a
-regular change password command\&. Note that the user to be added
-\fBmust\fP already exist in the system password file (usually /etc/passwd)
-else the request to add the user will fail\&.
-.IP 
-This option is only available when running \fBsmbpasswd\fP as
-root\&.
-.IP 
-.IP "\fB-x\fP" 
-This option specifies that the username following should
-be deleted from the local \fBsmbpasswd\fP file\&.
-.IP 
-This option is only available when running \fBsmbpasswd\fP as
-root\&.
-.IP 
-.IP "\fB-d\fP" 
-This option specifies that the username following should be
-\fIdisabled\fP in the local \fBsmbpasswd\fP file\&.
-This is done by writing a \fI\'D\'\fP flag into the account control space
-in the \fBsmbpasswd\fP file\&. Once this is done
-all attempts to authenticate via SMB using this username will fail\&.
-.IP 
-If the \fBsmbpasswd\fP file is in the \'old\'
-format (pre-Samba 2\&.0 format) there is no space in the users password
-entry to write this information and so the user is disabled by writing
-\'X\' characters into the password space in the
-\fBsmbpasswd\fP file\&. See \fBsmbpasswd
-(5)\fP for details on the \'old\' and new password file
-formats\&.
-.IP 
-This option is only available when running \fBsmbpasswd\fP as root\&.
-.IP 
-.IP "\fB-e\fP" 
-This option specifies that the username following should be
-\fIenabled\fP in the local \fBsmbpasswd\fP file,
-if the account was previously disabled\&. If the account was not
-disabled this option has no effect\&. Once the account is enabled
-then the user will be able to authenticate via SMB once again\&.
-.IP 
-If the smbpasswd file is in the \'old\' format then \fBsmbpasswd\fP will
-prompt for a new password for this user, otherwise the account will be
-enabled by removing the \fI\'D\'\fP flag from account control space in the
-\fBsmbpasswd\fP file\&. See \fBsmbpasswd
-(5)\fP for details on the \'old\' and new password file
-formats\&.
-.IP 
-This option is only available when running \fBsmbpasswd\fP as root\&.
-.IP 
-.IP "\fB-D debuglevel\fP" 
-debuglevel is an integer from 0
-to 10\&.  The default value if this parameter is not specified is zero\&.
-.IP 
-The higher this value, the more detail will be logged to the log files
-about the activities of smbpasswd\&. At level 0, only critical errors
-and serious warnings will be logged\&.
-.IP 
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem\&. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic\&.
-.IP 
-.IP "\fB-n\fP" 
-This option specifies that the username following should
-have their password set to null (i\&.e\&. a blank password) in the local
-\fBsmbpasswd\fP file\&. This is done by writing the
-string "NO PASSWORD" as the first part of the first password stored in
-the \fBsmbpasswd\fP file\&.
-.IP 
-Note that to allow users to logon to a Samba server once the password
-has been set to "NO PASSWORD" in the
-\fBsmbpasswd\fP file the administrator must set
-the following parameter in the [global] section of the
-\fBsmb\&.conf\fP file :
-.IP 
-null passwords = true
-.IP 
-This option is only available when running \fBsmbpasswd\fP as root\&.
-.IP 
-.IP "\fB-r remote machine name\fP" 
-This option allows a
-user to specify what machine they wish to change their password
-on\&. Without this parameter \fBsmbpasswd\fP defaults to the local
-host\&. The \fI"remote machine name"\fP is the NetBIOS name of the
-SMB/CIFS server to contact to attempt the password change\&. This name
-is resolved into an IP address using the standard name resolution
-mechanism in all programs of the \fBSamba\fP
-suite\&. See the \fB-R name resolve order\fP parameter for details on changing this resolving
-mechanism\&.
-.IP 
-The username whose password is changed is that of the current UNIX
-logged on user\&. See the \fB-U username\fP
-parameter for details on changing the password for a different
-username\&.
-.IP 
-Note that if changing a Windows NT Domain password the remote machine
-specified must be the Primary Domain Controller for the domain (Backup
-Domain Controllers only have a read-only copy of the user account
-database and will not allow the password change)\&.
-.IP 
-\fINote\fP that Windows 95/98 do not have a real password database
-so it is not possible to change passwords specifying a Win95/98 
-machine as remote machine target\&.
-.IP 
-.IP "\fB-R name resolve order\fP" 
-This option allows the user of
-smbclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to\&.
-.IP 
-The options are :"lmhosts", "host",
-"wins" and "bcast"\&. They cause names to be
-resolved as follows :
-.IP 
-.IP 
-.IP o 
-\fBlmhosts\fP : Lookup an IP address in the Samba lmhosts file\&.
-.IP 
-.IP o 
-\fBhost\fP : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups\&. This method of name
-resolution is operating system dependent\&. For instance on IRIX or
-Solaris, this may be controlled by the \fI/etc/nsswitch\&.conf\fP file)\&.
-.IP 
-.IP o 
-\fBwins\fP : Query a name with the IP address listed in the 
-\fBwins server\fP parameter in the 
-\fBsmb\&.conf file\fP\&. If 
-no WINS server has been specified this method will be ignored\&.
-.IP 
-.IP o 
-\fBbcast\fP : Do a broadcast on each of the known local interfaces
-listed in the \fBinterfaces\fP parameter
-in the smb\&.conf file\&. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet\&.
-.IP 
-.IP 
-If this parameter is not set then the name resolve order defined
-in the \fBsmb\&.conf\fP file parameter 
-\fBname resolve order\fP
-will be used\&.
-.IP 
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the \fBsmb\&.conf\fP 
-file the name resolution methods will be attempted in this order\&.
-.IP 
-.IP "\fB-m\fP" 
-This option tells \fBsmbpasswd\fP that the account being
-changed is a \fIMACHINE\fP account\&. Currently this is used when Samba is
-being used as an NT Primary Domain Controller\&. PDC support is not a
-supported feature in Samba2\&.0 but will become supported in a later
-release\&. If you wish to know more about using Samba as an NT PDC then
-please subscribe to the mailing list
-samba-ntdom@samba\&.org\&.
-.IP 
-This option is only available when running \fBsmbpasswd\fP as root\&.
-.IP 
-.IP "\fB-j DOMAIN\fP" 
-This option is used to add a Samba server into a
-Windows NT Domain, as a Domain member capable of authenticating user
-accounts to any Domain Controller in the same way as a Windows NT
-Server\&. See the \fBsecurity=domain\fP
-option in the \fBsmb\&.conf (5)\fP man page\&.
-.IP 
-In order to be used in this way, the Administrator for the Windows
-NT Domain must have used the program \fI"Server Manager for Domains"\fP
-to add the primary NetBIOS name of 
-the Samba server as a member of the Domain\&.
-.IP 
-After this has been done, to join the Domain invoke \fBsmbpasswd\fP with
-this parameter\&. \fBsmbpasswd\fP will then look up the Primary Domain
-Controller for the Domain (found in the
-\fBsmb\&.conf\fP file in the parameter
-\fBpassword server\fP and change
-the machine account password used to create the secure Domain
-communication\&.  This password is then stored by \fBsmbpasswd\fP in a
-file, read only by root, called \f(CW<Domain>\&.<Machine>\&.mac\fP where
-\f(CW<Domain>\fP is the name of the Domain we are joining and \f(CW<Machine>\fP
-is the primary NetBIOS name of the machine we are running on\&.
-.IP 
-Once this operation has been performed the
-\fBsmb\&.conf\fP file may be updated to set the
-\fBsecurity=domain\fP option and all
-future logins to the Samba server will be authenticated to the Windows
-NT PDC\&.
-.IP 
-Note that even though the authentication is being done to the PDC all
-users accessing the Samba server must still have a valid UNIX account
-on that machine\&.
-.IP 
-This option is only available when running \fBsmbpasswd\fP as root\&.
-.IP 
-.IP "\fB-U username\fP" 
-This option may only be used in
-conjunction with the \fB-r\fP
-option\&. When changing a password on a remote machine it allows the
-user to specify the user name on that machine whose password will be
-changed\&. It is present to allow users who have different user names on
-different systems to change these passwords\&.
-.IP 
-.IP "\fB-h\fP" 
-This option prints the help string for \fBsmbpasswd\fP, 
-selecting the correct one for running as root or as an ordinary user\&.
-.IP 
-.IP "\fB-s\fP" 
-This option causes \fBsmbpasswd\fP to be silent (i\&.e\&. not
-issue prompts) and to read it\'s old and new passwords from standard 
-input, rather than from \f(CW/dev/tty\fP (like the \fBpasswd (1)\fP program
-does)\&. This option is to aid people writing scripts to drive \fBsmbpasswd\fP
-.IP 
-.IP "\fBusername\fP" 
-This specifies the username for all of the \fIroot
-only\fP options to operate on\&. Only root can specify this parameter as
-only root has the permission needed to modify attributes directly
-in the local \fBsmbpasswd\fP file\&.
-.IP 
-.SH "NOTES" 
-.IP 
-Since \fBsmbpasswd\fP works in client-server mode communicating with a
-local \fBsmbd\fP for a non-root user then the \fBsmbd\fP
-daemon must be running for this to work\&. A common problem is to add a
-restriction to the hosts that may access the \fBsmbd\fP running on the
-local machine by specifying a \fB"allow
-hosts"\fP or \fB"deny
-hosts"\fP entry in the
-\fBsmb\&.conf\fP file and neglecting to allow
-\fI"localhost"\fP access to the \fBsmbd\fP\&.
-.IP 
-In addition, the \fBsmbpasswd\fP command is only useful if \fBSamba\fP has
-been set up to use encrypted passwords\&. See the file \fBENCRYPTION\&.txt\fP
-in the docs directory for details on how to do this\&.
-.IP 
-.SH "VERSION" 
-.IP 
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.IP 
-.SH "AUTHOR" 
-.IP 
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba\&.org\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.IP 
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&.
-samba@samba\&.org\&.
-.IP 
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+.SH SYNOPSIS
+.sp
+\fBsmbpasswd\fR [ \fB-a\fR ]  [ \fB-x\fR ]  [ \fB-d\fR ]  [ \fB-e\fR ]  [ \fB-D debuglevel\fR ]  [ \fB-n\fR ]  [ \fB-r <remote machine>\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-m\fR ]  [ \fB-j DOMAIN\fR ]  [ \fB-U username\fR ]  [ \fB-h\fR ]  [ \fB-s\fR ]  [ \fBusername\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba <URL:samba.7.html> suite.
+.PP
+The smbpasswd program has several different 
+functions, depending on whether it is run by the \fBroot\fR 
+user or not. When run as a normal user it allows the user to change 
+the password used for their SMB sessions on any machines that store 
+SMB passwords. 
+.PP
+By default (when run with no arguments) it will attempt to 
+change the current users SMB password on the local machine. This is 
+similar to the way the \fBpasswd(1)\fR program works. 
+\fBsmbpasswd\fR differs from how the passwd program works 
+however in that it is not \fBsetuid root\fR but works in 
+a client-server mode and communicates with a locally running
+\fBsmbd(8)\fR. As a consequence in order for this to 
+succeed the smbd daemon must be running on the local machine. On a 
+UNIX machine the encrypted SMB passwords are usually stored in 
+the \fIsmbpasswd(5)\fR file. 
+.PP
+When run by an ordinary user with no options. smbpasswd 
+will prompt them for their old smb password and then ask them 
+for their new password twice, to ensure that the new password
+was typed correctly. No passwords will be echoed on the screen 
+whilst being typed. If you have a blank smb password (specified by 
+the string "NO PASSWORD" in the smbpasswd file) then just press 
+the <Enter> key when asked for your old password. 
+.PP
+smbpasswd can also be used by a normal user to change their
+SMB password on remote machines, such as Windows NT Primary Domain 
+Controllers. See the (-r) and -U options below. 
+.PP
+When run by root, smbpasswd allows new users to be added 
+and deleted in the smbpasswd file, as well as allows changes to 
+the attributes of the user in this file to be made. When run by root, 
+\fBsmbpasswd\fR accesses the local smbpasswd file 
+directly, thus enabling changes to be made even if smbd is not 
+running. 
+.SH "OPTIONS"
+.TP
+\fB-a\fR
+This option specifies that the username 
+following should be added to the local smbpasswd file, with the 
+new password typed (type <Enter> for the old password). This 
+option is ignored if the username following already exists in 
+the smbpasswd file and it is treated like a regular change 
+password command. Note that the user to be added must already exist 
+in the system password file (usually \fI/etc/passwd\fR)
+else the request to add the user will fail. 
+
+This option is only available when running smbpasswd 
+as root. 
+.TP
+\fB-x\fR
+This option specifies that the username 
+following should be deleted from the local smbpasswd file.
+
+This option is only available when running smbpasswd as 
+root.
+.TP
+\fB-d\fR
+This option specifies that the username following 
+should be disabled in the local smbpasswd 
+file. This is done by writing a 'D' flag 
+into the account control space in the smbpasswd file. Once this 
+is done all attempts to authenticate via SMB using this username 
+will fail. 
+
+If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
+format) there is no space in the users password entry to write
+this information and so the user is disabled by writing 'X' characters 
+into the password space in the smbpasswd file. See \fBsmbpasswd(5)
+\fRfor details on the 'old' and new password file formats.
+
+This option is only available when running smbpasswd as 
+root.
+.TP
+\fB-e\fR
+This option specifies that the username following 
+should be enabled in the local smbpasswd file, 
+if the account was previously disabled. If the account was not 
+disabled this option has no effect. Once the account is enabled then 
+the user will be able to authenticate via SMB once again. 
+
+If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will prompt for a new password for this user, 
+otherwise the account will be enabled by removing the 'D'
+flag from account control space in the \fI smbpasswd\fR file. See \fBsmbpasswd (5)\fR for 
+details on the 'old' and new password file formats. 
+
+This option is only available when running smbpasswd as root. 
+.TP
+\fB-D debuglevel\fR
+\fIdebuglevel\fR is an integer 
+from 0 to 10. The default value if this parameter is not specified 
+is zero. 
+
+The higher this value, the more detail will be logged to the 
+log files about the activities of smbpasswd. At level 0, only 
+critical errors and serious warnings will be logged. 
+
+Levels above 1 will generate considerable amounts of log 
+data, and should only be used when investigating a problem. Levels 
+above 3 are designed for use only by developers and generate
+HUGE amounts of log data, most of which is extremely cryptic. 
+.TP
+\fB-n\fR
+This option specifies that the username following 
+should have their password set to null (i.e. a blank password) in 
+the local smbpasswd file. This is done by writing the string "NO 
+PASSWORD" as the first part of the first password stored in the 
+smbpasswd file. 
+
+Note that to allow users to logon to a Samba server once 
+the password has been set to "NO PASSWORD" in the smbpasswd
+file the administrator must set the following parameter in the [global]
+section of the \fIsmb.conf\fR file : 
+
+\fBnull passwords = yes\fR
+
+This option is only available when running smbpasswd as 
+root.
+.TP
+\fB-r remote machine name\fR
+This option allows a user to specify what machine 
+they wish to change their password on. Without this parameter 
+smbpasswd defaults to the local host. The \fIremote 
+machine name\fR is the NetBIOS name of the SMB/CIFS 
+server to contact to attempt the password change. This name is 
+resolved into an IP address using the standard name resolution 
+mechanism in all programs of the Samba suite. See the \fI-R 
+name resolve order\fR parameter for details on changing 
+this resolving mechanism. 
+
+The username whose password is changed is that of the 
+current UNIX logged on user. See the \fI-U username\fR
+parameter for details on changing the password for a different 
+username. 
+
+Note that if changing a Windows NT Domain password the 
+remote machine specified must be the Primary Domain Controller for 
+the domain (Backup Domain Controllers only have a read-only
+copy of the user account database and will not allow the password 
+change).
+
+\fBNote\fR that Windows 95/98 do not have 
+a real password database so it is not possible to change passwords 
+specifying a Win95/98 machine as remote machine target. 
+.TP
+\fB-R name resolve order\fR
+This option allows the user of smbclient to determine 
+what name resolution services to use when looking up the NetBIOS
+name of the host being connected to. 
+
+The options are :"lmhosts", "host", "wins" and "bcast". They cause 
+names to be resolved as follows : 
+.RS
+.TP 0.2i
+\(bu
+lmhosts : Lookup an IP 
+address in the Samba lmhosts file. If the line in lmhosts has 
+no name type attached to the NetBIOS name (see the lmhosts(5) <URL:lmhosts.5.html> for details) then
+any name type matches for lookup.
+.TP 0.2i
+\(bu
+host : Do a standard host 
+name to IP address resolution, using the system \fI/etc/hosts
+\fR, NIS, or DNS lookups. This method of name resolution 
+is operating system depended for instance on IRIX or Solaris this 
+may be controlled by the \fI/etc/nsswitch.conf\fR 
+file). Note that this method is only used if the NetBIOS name 
+type being queried is the 0x20 (server) name type, otherwise 
+it is ignored.
+.TP 0.2i
+\(bu
+wins : Query a name with 
+the IP address listed in the \fIwins server\fR 
+parameter. If no WINS server has been specified this method 
+will be ignored.
+.TP 0.2i
+\(bu
+bcast : Do a broadcast on 
+each of the known local interfaces listed in the
+\fIinterfaces\fR parameter. This is the least 
+reliable of the name resolution methods as it depends on the 
+target host being on a locally connected subnet.
+.RE
+.PP
+The default order is \fBlmhosts, host, wins, bcast\fR 
+and without this parameter or any entry in the 
+\fIsmb.conf\fR file the name resolution methods will 
+be attempted in this order. 
+.PP
+.TP
+\fB-m\fR
+This option tells smbpasswd that the account 
+being changed is a MACHINE account. Currently this is used 
+when Samba is being used as an NT Primary Domain Controller.
+
+This option is only available when running smbpasswd as root. 
+.TP
+\fB-j DOMAIN\fR
+This option is used to add a Samba server 
+into a Windows NT Domain, as a Domain member capable of authenticating 
+user accounts to any Domain Controller in the same way as a Windows 
+NT Server. See the \fBsecurity = domain\fR option in 
+the \fIsmb.conf(5)\fR man page. 
+
+In order to be used in this way, the Administrator for 
+the Windows NT Domain must have used the program "Server Manager 
+for Domains" to add the primary NetBIOS name of the Samba server 
+as a member of the Domain. 
+
+After this has been done, to join the Domain invoke \fB smbpasswd\fR with this parameter. smbpasswd will then 
+look up the Primary Domain Controller for the Domain (found in 
+the \fIsmb.conf\fR file in the parameter 
+\fIpassword server\fR and change the machine account 
+password used to create the secure Domain communication. This 
+password is then stored by smbpasswd in a TDB, writeable only by root, 
+called \fIsecrets.tdb\fR 
+
+Once this operation has been performed the \fI smb.conf\fR file may be updated to set the \fB security = domain\fR option and all future logins
+to the Samba server will be authenticated to the Windows NT 
+PDC. 
+
+Note that even though the authentication is being 
+done to the PDC all users accessing the Samba server must still 
+have a valid UNIX account on that machine. 
+
+This option is only available when running smbpasswd as root. 
+.TP
+\fB-U username\fR
+This option may only be used in conjunction 
+with the \fI-r\fR option. When changing
+a password on a remote machine it allows the user to specify 
+the user name on that machine whose password will be changed. It 
+is present to allow users who have different user names on 
+different systems to change these passwords. 
+.TP
+\fB-h\fR
+This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root 
+or as an ordinary user. 
+.TP
+\fB-s\fR
+This option causes smbpasswd to be silent (i.e. 
+not issue prompts) and to read it's old and new passwords from 
+standard input, rather than from \fI/dev/tty\fR 
+(like the \fBpasswd(1)\fR program does). This option 
+is to aid people writing scripts to drive smbpasswd
+.TP
+\fBusername\fR
+This specifies the username for all of the 
+\fBroot only\fR options to operate on. Only root 
+can specify this parameter as only root has the permission needed 
+to modify attributes directly in the local smbpasswd file. 
+.SH "NOTES"
+.PP
+Since \fBsmbpasswd\fR works in client-server 
+mode communicating with a local smbd for a non-root user then 
+the smbd daemon must be running for this to work. A common problem 
+is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a 
+\fIallow hosts\fR or \fIdeny hosts\fR 
+entry in the \fIsmb.conf\fR file and neglecting to 
+allow "localhost" access to the smbd. 
+.PP
+In addition, the smbpasswd command is only useful if Samba
+has been set up to use encrypted passwords. See the file 
+\fIENCRYPTION.txt\fR in the docs directory for details 
+on how to do this. 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fIsmbpasswd(5)\fR <URL:smbpasswd.5.html>, 
+samba(7) <URL:samba.7.html>
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter