autogenerated files....

(This used to be commit edb0e5df4c7053a7163d32bba7ecf893a67523ca)
author: Gerald Carter <jerry@samba.org> 2001-02-23 02:34:22 +0000
committer: Gerald Carter <jerry@samba.org> 2001-02-23 02:34:22 +0000
commit: 9a43d69ac4000d6b7b5a07089f22af4451ea4b31 (patch)
tree: 9dd715e19f12ceed27386156e764335705b605d6 /docs
parent: 837191626111e84c0fb27b5052d21ab29b6e41a6 (diff)
download: samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.tar.gz
samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.tar.bz2
samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.zip
6 files changed, 2221 insertions, 1279 deletions
diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html
index 68aab355ed..5e13ef3577 100644
--- a/docs/htmldocs/smbtar.1.html
+++ b/docs/htmldocs/smbtar.1.html
@@ -1,130 +1,352 @@
-
-
- 
-
-
-
-<html><head><title>smbtar (1)</title>
-
-<link rev="made" href="mailto:samba@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>smbtar (1)</h1>
-<h2>Samba</h2>
-<h2>23 Oct 1998</h2>
-
-
-    
-<p><a name="NAME"></a>
-<h2>NAME</h2>
-    smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-    
-<p><strong>smbtar</strong> <a href="smbtar.1.html#minuss">-s server</a> [<a href="smbtar.1.html#minusp">-p password</a>] [<a href="smbtar.1.html#minusx">-x service</a>] [<a href="smbtar.1.html#minusX">-X</a>] [<a href="smbtar.1.html#minusd">-d directory</a>] [<a href="smbtar.1.html#minusu">-u user</a>] [<a href="smbtar.1.html#minust">-t tape</a>] [<a href="smbtar.1.html#minusb">-b blocksize</a>] [<a href="smbtar.1.html#minusN">-N filename</a>] [<a href="smbtar.1.html#minusi">-i</a>] [<a href="smbtar.1.html#minusr">-r</a>] [<a href="smbtar.1.html#minusl">-l log level</a>] [<a href="smbtar.1.html#minusv">-v</a>] filenames
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-    
-<p>This program is part of the <strong>Samba</strong> suite.
-<p><strong>smbtar</strong> is a very small shell script on top of
-<a href="smbclient.1.html"><strong>smbclient</strong></a> which dumps SMB shares directly
-to tape.
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-    
-<p><dl>
-<p><a name="minuss"></a>
-<p></p><dt><strong><strong>-s server</strong></strong><dd> The SMB/CIFS server that the share resides upon.
-<p><a name="minusx"></a>
-<p></p><dt><strong><strong>-x service</strong></strong><dd> The share name on the server to connect
-to. The default is <code>backup</code>.
-<p><a name="minusX"></a>
-<p></p><dt><strong><strong>-X</strong></strong><dd> Exclude mode. Exclude filenames... from tar create or
-restore.
-<p><a name="minusd"></a>
-<p></p><dt><strong><strong>-d directory</strong></strong><dd> Change to initial <em>directory</em> before restoring
-/ backing up files.
-<p><a name="minusv"></a>
-<p></p><dt><strong><strong>-v</strong></strong><dd> Verbose mode.
-<p><a name="minusp"></a>
-<p></p><dt><strong><strong>-p password</strong></strong><dd> The password to use to access a share. Default:
-none
-<p><a name="minusu"></a>
-<p></p><dt><strong><strong>-u user</strong></strong><dd> The user id to connect as. Default: UNIX login name.
-<p><a name="minust"></a>
-<p></p><dt><strong><strong>-t tape</strong></strong><dd> Tape device. May be regular file or tape
-device. Default: <em>TAPE</em> environmental variable; if not set, a file
-called <code>tar.out</code>.
-<p><a name="minusb"></a>
-<p></p><dt><strong><strong>-b blocksize</strong></strong><dd> Blocking factor. Defaults to 20. See <strong>tar (1)</strong>
-for a fuller explanation.
-<p><a name="minusN"></a>
-<p></p><dt><strong><strong>-N filename</strong></strong><dd> Backup only files newer than filename. Could be
-used (for example) on a log file to implement incremental backups.
-<p><a name="minusi"></a>
-<p></p><dt><strong><strong>-i</strong></strong><dd> Incremental mode; tar files are only backed up if they
-have the archive bit set. The archive bit is reset after each file is
-read.
-<p><a name="minusr"></a>
-<p></p><dt><strong><strong>-r</strong></strong><dd> Restore. Files are restored to the share from the tar
-file.
-<p><a name="minusl"></a>
-<p></p><dt><strong><strong>-l log level</strong></strong><dd> Log (debug) level. Corresponds to the
-<a href="smbclient.1.html#minusd"><strong>-d</strong></a> flag of <a href="smbclient.1.html"><strong>smbclient
-(1)</strong></a>.
-<p></dl>
-<p><a name="ENVIRONMENTVARIABLES"></a>
-<h2>ENVIRONMENT VARIABLES</h2>
-    
-<p>The TAPE variable specifies the default tape device to write to. May
-be overridden with the <a href="smbtar.1.html#minust"><strong>-t</strong></a> option.
-<p><a name="BUGS"></a>
-<h2>BUGS</h2>
-    
-<p>The <strong>smbtar</strong> script has different options from ordinary tar and tar
-called from <a href="smbclient.1.html"><strong>smbclient</strong></a>.
-<p><a name="CAVEATS"></a>
-<h2>CAVEATS</h2>
-    
-<p>Sites that are more careful about security may not like the way the
-script handles PC passwords. Backup and restore work on entire shares,
-should work on file lists. <strong>smbtar</strong> works best with GNU tar and may
-not work well with other versions.
-<p><a name="VERSION"></a>
-<h2>VERSION</h2>
-    
-<p>This man page is correct for version 2.0 of the Samba suite.
-<p><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-    
-<p><a href="smbclient.1.html"><strong>smbclient (1)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf
-(5)</strong></a>
-<p><a name="DIAGNOSTICS"></a>
-<h2>DIAGNOSTICS</h2>
-    
-<p>See the <a href="smbclient.1.html#DIAGNOSTICS"><strong>DIAGNOSTICS</strong></a> section for
-the <a href="smbclient.1.html"><strong>smbclient</strong></a> command.
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-    
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell <a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p>Ricky Poulten <a href="mailto:poultenr@logica.co.uk"><em>poultenr@logica.co.uk</em></a> wrote the tar extension and
-this man page. The <strong>smbtar</strong> script was heavily rewritten and
-improved by Martin Kraemer <a href="mailto:Martin.Kraemer@mch.sni.de"><em>Martin.Kraemer@mch.sni.de</em></a>. Many
-thanks to everyone who suggested extensions, improvements, bug fixes,
-etc. The man page sources were converted to YODL format (another
-excellent piece of Open Source software available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison,
-<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>.
-<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-<p></body>
-</html>
+<HTML
+><HEAD
+><TITLE
+>smbtar</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBTAR"
+>smbtar</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbtar&nbsp;--&nbsp;shell script for backing up SMB/CIFS shares 
+	directly to UNIX tape drives</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbtar</B
+>  {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN26"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbtar</B
+> is a very small shell script on top 
+	of <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+> 
+	which dumps SMB shares directly to tape. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN34"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s server</DT
+><DD
+><P
+>The SMB/CIFS server that the share resides 
+		upon.</P
+></DD
+><DT
+>-x service</DT
+><DD
+><P
+>The share name on the server to connect to. 
+		The default is "backup".</P
+></DD
+><DT
+>-X</DT
+><DD
+><P
+>Exclude mode. Exclude filenames... from tar 
+		create or restore. </P
+></DD
+><DT
+>-d directory</DT
+><DD
+><P
+>Change to initial <TT
+CLASS="PARAMETER"
+><I
+>directory
+		</I
+></TT
+> before restoring / backing up files. </P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+>Verbose mode.</P
+></DD
+><DT
+>-p password</DT
+><DD
+><P
+>The password to use to access a share. 
+		Default: none </P
+></DD
+><DT
+>-u user</DT
+><DD
+><P
+>The user id to connect as. Default: 
+		UNIX login name. </P
+></DD
+><DT
+>-t tape</DT
+><DD
+><P
+>Tape device. May be regular file or tape 
+		device. Default: <TT
+CLASS="PARAMETER"
+><I
+>$TAPE</I
+></TT
+> environmental 
+		variable; if not set, a file called <TT
+CLASS="FILENAME"
+>tar.out
+		</TT
+>. </P
+></DD
+><DT
+>-b blocksize</DT
+><DD
+><P
+>Blocking factor. Defaults to 20. See
+		<B
+CLASS="COMMAND"
+>tar(1)</B
+> for a fuller explanation. </P
+></DD
+><DT
+>-N filename</DT
+><DD
+><P
+>Backup only files newer than filename. Could 
+		be used (for example) on a log file to implement incremental
+		backups. </P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Incremental mode; tar files are only backed 
+		up if they have the archive bit set. The archive bit is reset 
+		after each file is read. </P
+></DD
+><DT
+>-r</DT
+><DD
+><P
+>Restore. Files are restored to the share 
+		from the tar file. </P
+></DD
+><DT
+>-l log level</DT
+><DD
+><P
+>Log (debug) level. Corresponds to the 
+		<TT
+CLASS="PARAMETER"
+><I
+>-d</I
+></TT
+> flag of <B
+CLASS="COMMAND"
+>smbclient(1)
+		</B
+>. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN95"
+></A
+><H2
+>ENVIRONMENT VARIABLES</H2
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>$TAPE</I
+></TT
+> variable specifies the 
+	default tape device to write to. May be overridden
+	with the -t option. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN99"
+></A
+><H2
+>BUGS</H2
+><P
+>The <B
+CLASS="COMMAND"
+>smbtar</B
+> script has different 
+	options from ordinary tar and tar called from smbclient. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN103"
+></A
+><H2
+>CAVEATS</H2
+><P
+>Sites that are more careful about security may not like 
+	the way the script handles PC passwords. Backup and restore work 
+	on entire shares, should work on file lists. smbtar works best
+	with GNU tar and may not work well with other versions. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN106"
+></A
+><H2
+>DIAGNOSTICS</H2
+><P
+>See the <I
+CLASS="EMPHASIS"
+>DIAGNOSTICS</I
+> section for the 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+> 
+	</A
+> command.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN112"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN115"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>,
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN123"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+><A
+HREF="mailto:poultenr@logica.co.uk"
+TARGET="_top"
+>Ricky Poulten</A
+>  
+	wrote the tar extension and this man page. The <B
+CLASS="COMMAND"
+>smbtar</B
+> 
+	script was heavily rewritten and improved by <A
+HREF="mailto:Martin.Kraemer@mch.sni.de"
+TARGET="_top"
+>Martin Kraemer</A
+>. Many 
+	thanks to everyone who suggested extensions, improvements, bug 
+	fixes, etc. The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter.</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
index 12d83247fd..2c0d016399 100644
--- a/docs/htmldocs/swat.8.html
+++ b/docs/htmldocs/swat.8.html
@@ -1,148 +1,400 @@
-
-
- 
-
-
-
-<html><head><title>swat (8)</title>
-
-<link rev="made" href="mailto:samba@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>swat (8)</h1>
-<h2>Samba</h2>
-<h2>23 Oct 1998</h2>
-
-
-    
-<p><a name="NAME"></a>
-<h2>NAME</h2>
-    swat - Samba Web Administration Tool
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-    
-<p><strong>swat</strong> [<a href="swat.8.html#minuss">-s smb config file</a>] [<a href="swat.8.html#minusa">-a</a>]
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-    
-<p>This program is part of the <strong>Samba</strong> suite.
-<p><strong>swat</strong> allows a Samba administrator to configure the complex
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file via a Web browser. In
-addition, a swat configuration page has help links to all the
-configurable options in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file
-allowing an administrator to easily look up the effects of any change.
-<p><strong>swat</strong> is run from <strong>inetd</strong>
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-    
-<p><dl>
-<p><a name="minuss"></a>
-<p></p><dt><strong><strong>-s smb configuration file</strong></strong><dd> The default configuration file path is
-determined at compile time.
-<p>The file specified contains the configuration details required by the
-<a href="smbd.8.html"><strong>smbd</strong></a> server. This is the file that <strong>swat</strong> will
-modify. The information in this file includes server-specific
-information such as what printcap file to use, as well as descriptions
-of all the services that the server is to provide. See <a href="smb.conf.5.html">smb.conf
-(5)</a> for more information.
-<p><a name="minusa"></a>
-<p></p><dt><strong><strong>-a</strong></strong><dd> 
-<p>This option disables authentication and puts <strong>swat</strong> in demo mode. In
-that mode anyone will be able to modify the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file.
-<p>Do NOT enable this option on a production server.
-<p></dl>
-<p><a name="INSTALLATION"></a>
-<h2>INSTALLATION</h2>
-    
-<p>After you compile SWAT you need to run <code>"make install"</code> to install the
-swat binary and the various help files and images. A default install
-would put these in:
-<p><pre>
-
-/usr/local/samba/bin/swat
-/usr/local/samba/swat/images/*
-/usr/local/samba/swat/help/*
-
-</pre>
-
-<p><a name="INETD"></a>
-<h2>INETD INSTALLATION</h2>
-    
-<p>You need to edit your <code>/etc/inetd.conf</code> and <code>/etc/services</code> to
-enable <strong>SWAT</strong> to be launched via inetd. 
-<p>In <code>/etc/services</code> you need to add a line like this:
-<p><code>swat            901/tcp</code>
-<p>Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local <code>/etc/services</code> file.
-<p>the choice of port number isn't really important except that it should
-be less than 1024 and not currently used (using a number above 1024
-presents an obscure security hole depending on the implementation
-details of your <strong>inetd</strong> daemon).
-<p>In <code>/etc/inetd.conf</code> you should add a line like this:
-<p><code>swat    stream  tcp     nowait.400  root    /usr/local/samba/bin/swat swat</code>
-<p>One you have edited <code>/etc/services</code> and <code>/etc/inetd.conf</code> you need
-to send a HUP signal to inetd. To do this use <code>"kill -1 PID"</code> where
-PID is the process ID of the inetd daemon.
-<p><a name="LAUNCHING"></a>
-<h2>LAUNCHING</h2>
-    
-<p>To launch <strong>swat</strong> just run your favorite web browser and point it at
-<code>http://localhost:901/</code>.
-<p><strong>Note that you can attach to <strong>swat</strong> from any IP connected machine but
-connecting from a remote machine leaves your connection open to
-password sniffing as passwords will be sent in the clear over the
-wire.</strong>
-<p><h2>FILES</h2>
-    
-<p><strong>/etc/inetd.conf</strong>
-<p>This file must contain suitable startup information for the
-meta-daemon. 
-<p><strong>/etc/services</strong>
-<p>This file must contain a mapping of service name (e.g., swat) to
-service port (e.g., 901) and protocol type (e.g., tcp). 
-<p><strong>/usr/local/samba/lib/smb.conf</strong>
-<p>This is the default location of the <em>smb.conf</em> server configuration
-file that <strong>swat</strong> edits. Other common places that systems install
-this file are <em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>.
-<p>This file describes all the services the server is to make available
-to clients. See <strong>smb.conf (5)</strong> for more information.
-<p><a name="WARNINGS"></a>
-<h2>WARNINGS</h2>
-    
-<p><strong>swat</strong> will rewrite your <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. It
-will rearrange the entries and delete all comments,
-<a href="smb.conf.5.html#include"><strong>"include="</strong></a> and
-<a href="smb.conf.5.html#copy"><strong>"copy="</strong></a> options. If you have a
-carefully crafted <a href="smb.conf.5.html"><strong>smb.conf</strong></a> then back it up
-or don't use <strong>swat</strong>!
-<p><a name="VERSION"></a>
-<h2>VERSION</h2>
-    
-<p>This man page is correct for version 2.0 of the Samba suite.
-<p><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-    
-<p><strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>,
-<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>.
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-    
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell (samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p>The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison.
-<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>.
-<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-</body>
-</html>
+<HTML
+><HEAD
+><TITLE
+>swat</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SWAT"
+>swat</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>swat&nbsp;--&nbsp;Samba Web Administration Tool</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+>  [-s &lt;smb config file&gt;] [-a]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN13"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> allows a Samba administrator to 
+	configure the complex <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>	smb.conf(5)</TT
+></A
+> file via a Web browser. In addition, 
+	a <B
+CLASS="COMMAND"
+>swat</B
+> configuration page has help links 
+	to all the configurable options in the smb.conf file allowing an 
+	administrator to easily look up the effects of any change. </P
+><P
+>swat is run from inetd </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN23"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s smb configuration file</DT
+><DD
+><P
+>The default configuration file path is 
+		determined at compile time.  The file specified contains 
+		the configuration details required by the <B
+CLASS="COMMAND"
+>smbd
+		</B
+> server. This is the file that swat will modify. 
+		The information in this file includes server-specific 
+		information such as what printcap file to use, as well as 
+		descriptions of all the services that the server is to provide.
+		See <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for more information. 
+		</P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>This option disables authentication and puts 
+		swat in demo mode. In that mode anyone will be able to modify 
+		the smb.conf file. </P
+><P
+><I
+CLASS="EMPHASIS"
+>Do NOT enable this option on a production 
+		server. </I
+></P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN38"
+></A
+><H2
+>INSTALLATION</H2
+><P
+>After you compile SWAT you need to run <B
+CLASS="COMMAND"
+>make install
+	</B
+> to install the <B
+CLASS="COMMAND"
+>swat</B
+> binary
+	and the various help files and images. A default install would put 
+	these in: </P
+><P
+></P
+><UL
+><LI
+><P
+>/usr/local/samba/bin/swat</P
+></LI
+><LI
+><P
+>/usr/local/samba/swat/images/*</P
+></LI
+><LI
+><P
+>/usr/local/samba/swat/help/*</P
+></LI
+></UL
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN50"
+></A
+><H3
+>Inetd Installation</H3
+><P
+>You need to edit your <TT
+CLASS="FILENAME"
+>/etc/inetd.conf
+		</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>
+		to enable SWAT to be launched via inetd.</P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> you need to 
+		add a line like this: </P
+><P
+><B
+CLASS="COMMAND"
+>swat            901/tcp</B
+></P
+><P
+>Note for NIS/YP users - you may need to rebuild the 
+		NIS service maps rather than alter your local <TT
+CLASS="FILENAME"
+>		/etc/services</TT
+> file. </P
+><P
+>the choice of port number isn't really important 
+		except that it should be less than 1024 and not currently 
+		used (using a number above 1024 presents an obscure security 
+		hole depending on the implementation details of your 
+		<B
+CLASS="COMMAND"
+>inetd</B
+> daemon). </P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> you should 
+		add a line like this: </P
+><P
+><B
+CLASS="COMMAND"
+>swat    stream  tcp     nowait.400  root
+		/usr/local/samba/bin/swat swat</B
+></P
+><P
+>One you have edited <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> 
+		and <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> you need to send a 
+		HUP signal to inetd. To do this use <B
+CLASS="COMMAND"
+>kill -1 PID
+		</B
+> where PID is the process ID of the inetd daemon. </P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN71"
+></A
+><H3
+>Launching</H3
+><P
+>To launch swat just run your favorite web browser and 
+		point it at "http://localhost:901/".</P
+><P
+>Note that you can attach to swat from any IP connected 
+		machine but connecting from a remote machine leaves your 
+		connection open to password sniffing as passwords will be sent 
+		in the clear over the wire. </P
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN75"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+></DT
+><DD
+><P
+>This file must contain suitable startup 
+		information for the meta-daemon.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/services</TT
+></DT
+><DD
+><P
+>This file must contain a mapping of service name 
+		(e.g., swat) to service port (e.g., 901) and protocol type 
+		(e.g., tcp).  </P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/smb.conf</TT
+></DT
+><DD
+><P
+>This is the default location of the <TT
+CLASS="FILENAME"
+>smb.conf(5)
+		</TT
+> server configuration file that swat edits. Other 
+		common places that systems install this file are <TT
+CLASS="FILENAME"
+>		/usr/samba/lib/smb.conf</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/smb.conf
+		</TT
+>.  This file describes all the services the server 
+		is to make available to clients. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN96"
+></A
+><H2
+>WANRNIGS</H2
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> will rewrite your <TT
+CLASS="FILENAME"
+>smb.conf
+	</TT
+> file. It will rearrange the entries and delete all 
+	comments, <TT
+CLASS="PARAMETER"
+><I
+>include=</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>copy="
+	</I
+></TT
+> options. If you have a carefully crafted <TT
+CLASS="FILENAME"
+>	smb.conf</TT
+> then back it up or don't use swat! </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN104"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN107"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><B
+CLASS="COMMAND"
+>inetd(5)</B
+>,
+	<A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>, 
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN114"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at
+	<A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+>	ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html
index 2caa9ccf01..a98b7a2864 100644
--- a/docs/htmldocs/winbindd.8.html
+++ b/docs/htmldocs/winbindd.8.html
@@ -1,245 +1,594 @@
-
-
-
-
-
-<html><head><title>winbindd (8)</title>
-
-<link rev="made" href="mailto:samba-bugs@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>winbindd (8)</h1>
-<h2>Samba</h2>
-<h2>13 Jun 2000</h2>
-
-
-    
-<p><a name="NAME"></a>
-<h2>NAME</h2>
-    winbindd - Name Service Switch daemon for resolving names from NT servers
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-     
-<p><strong>winbindd</strong> [<a href="winbindd.8.html#minusd">-d debuglevel</a>] [<a href="winbindd.8.html#minusi">-i</a>]
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-    
-<p>This program is part of the <strong>Samba</strong> suite version 3.0 and describes
-functionality not yet implemented in the main version of Samba.
-<p><strong>winbindd</strong> is a daemon that provides a service for the Name Service
-Switch capability that is present in most modern C libraries.  The Name
-Service Switch allows user and system information to be obtained from
-different databases services such as NIS or DNS.  The exact behaviour can
-be configured throught the <code>/etc/nsswitch.conf</code> file.  Users and groups
-are allocated as they are resolved to a range of user and group ids
-specified by the administrator of the Samba system.  
-<p>The service provided by <strong>winbindd</strong> is called `winbind' and can be
-used to resolve user and group information from a Windows NT server.
-The service can also provide authentication services via an associated
-PAM module.
-<p>The following nsswitch databases are implemented by the <strong>winbindd</strong>
-service:
-<p><dl>
-<p><p></p><dt><strong>passwd</strong><dd>
-<p>User information traditionally stored in the <strong>passwd(5)</strong> file and used by
-<strong>getpwent(3)</strong> functions.
-<p><p></p><dt><strong>group</strong><dd>
-<p>Group information traditionally stored in the <strong>group(5)</strong> file and used by
-<strong>getgrent(3)</strong> functions.
-<p></dl>
-<p>For example, the following simple configuration in the
-<code>/etc/nsswitch.conf</code> file can be used to initially resolve user and group
-information from <code>/etc/passwd</code> and <code>/etc/group</code> and then from the
-Windows NT server.
-<p><pre>
-
-  passwd:         files winbind
-  group:          files winbind
-
-</pre>
-
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-    
-<p>The following options are available to the <strong>winbindd</strong> daemon:
-<p><dl>
-<p><a name="minusd"></a>
-<p></p><dt><strong><strong>-d debuglevel</strong></strong><dd>
-Sets the debuglevel to an integer between 0 and 100. 0 is for no debugging
-and 100 is for reams and reams. To submit a bug report to the Samba Team,
-use debug level 100 (see <strong>BUGS.txt</strong>).  
-<p><a name="minusi"></a>
-<p></p><dt><strong><strong>-i</strong></strong><dd>
-Tells <strong>winbindd</strong> to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of <strong>winbindd</strong> is
-required.
-<p></dl>
-<p><a name="NAMEANDIDRESOLUTION"></a>
-<h2>NAME AND ID RESOLUTION</h2>
-    
-<p>Users and groups on a Windows NT server are assigned a relative id (rid)
-which is unique for the domain when the user or group is created.  To
-convert the Windows NT user or group into a unix user or group, a mapping
-between rids and unix user and group ids is required.  This is one of the
-jobs that <strong>winbindd</strong> performs.
-<p>As <strong>winbindd</strong> users and groups are resolved from a server, user and group
-ids are allocated from a specified range.  This is done on a first come,
-first served basis, although all existing users and groups will be mapped
-as soon as a client performs a user or group enumeration command.  The
-allocated unix ids are stored in a database file under the Samba lock
-directory and will be remembered.
-<p>WARNING: The rid to unix id database is the only location where the user
-and group mappings are stored by <strong>winbindd</strong>.  If this file is deleted or
-corrupted, there is no way for <strong>winbindd</strong> to determine which user and
-group ids correspond to Windows NT user and group rids.
-<p><a name="CONFIGURATION"></a>
-<h2>CONFIGURATION</h2>
-    
-<p>Configuration of the <strong>winbindd</strong> daemon is done through configuration
-parameters in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file.  All parameters
-should be specified in the [global] section of
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a>.
-<p><dl>
-<p><p></p><dt><strong>winbind separator</strong><dd>
-<p>The winbind separator option allows you to specify how NT domain names
-and user names are combined into unix user names when presented to
-users. By default winbind will use the traditional \ separator so
-that the unix user names look like DOMAIN\username. In some cases
-this separator character may cause problems as the \ character has
-special meaning in unix shells. In that case you can use the winbind
-separator option to specify an alternative sepataror character. Good
-alternatives may be / (although that conflicts with the unix directory
-separator) or a + character. The + character appears to be the best
-choice for 100% compatibility with existing unix utilities, but may be
-an aesthetically bad choice depending on your taste.
-<p><strong>Default:</strong>
-<code>     winbind separator = \</code>
-<p><strong>Example:</strong>
-<code>     winbind separator = +</code>
-<p><p></p><dt><strong>winbind uid</strong><dd>
-<p>The winbind uid parameter specifies the range of user ids that are
-allocated by the <strong>winbindd</strong> daemon.  This range of
-ids should have no existing local or nis users within it as strange
-conflicts can occur otherwise.
-<p><strong>Default:</strong>
-<code>     winbind uid = &lt;empty string&gt;</code>
-<p><strong>Example:</strong>
-<code>     winbind uid = 10000-20000</code>
-<p><p></p><dt><strong>winbind gid</strong><dd>
-<p>The winbind gid parameter specifies the range of group ids that are
-allocated by the <strong>winbindd</strong> daemon.  This range of group ids should have
-no existing local or nis groups within it as strange conflicts can occur
-otherwise.
-<p><strong>Default:</strong>
-<code>     winbind gid = &lt;empty string&gt;</code>
-<p><strong>Example:</strong>
-<code>     winbind gid = 10000-20000</code>
-<p><p></p><dt><strong>winbind cache time</strong><dd>
-<p>This parameter specifies the number of seconds the <strong>winbindd</strong> daemon will
-cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time <strong>winbindd</strong> will ask
-the domain controller for the sequence number of the servers account
-database. If the sequence number has not changed then the cached item is
-marked as valid for a further "winbind cache time" seconds.  Otherwise the
-item is fetched from the server. This means that as long as the account
-database is not actively changing <strong>winbindd</strong> will only have to send one
-sequence number query packet every "winbind cache time" seconds.
-<p><strong>Default:</strong>
-<code>     winbind cache time = 15</code>
-<p><p></p><dt><strong>winbind enum users</strong><dd>
-<p>On large installations it may be necessary to suppress the enumeration of
-users through the <code>setpwent</code>, <code>getpwent</code> and <code>endpwent</code> group of
-system calls.  If the <code>winbind enum users</code> parameter is false, calls to
-the <code>getpwent</code> system call will not return any data.
-<p>Warning: Turning off user enumeration may cause some programs to behave
-oddly.  For example, the finger program relies on having access to the full
-user list when searching for matching usernames.
-<p><strong>Default:</strong>
-<code>     winbind enum users = true</code>
-<p><p></p><dt><strong>winbind enum groups</strong><dd>
-<p>On large installations it may be necessary to suppress the enumeration of
-groups through the <code>setgrent</code>, <code>getgrent</code> and <code>endgrent</code> group of
-system calls.  If the <code>winbind enum groups</code> parameter is false, calls to
-the <code>getgrent</code> system call will not return any data.
-<p>Warning: Turning off group enumeration may cause some programs to behave
-oddly.
-<p><strong>Default:</strong>
-<code>     winbind enum groups = true</code>
-<p><p></p><dt><strong>template homedir</strong><dd>
-<p>When filling out the user information for a Windows NT user, the
-<strong>winbindd</strong> daemon uses this parameter to fill in the home directory for
-that user.  If the string <code>%D</code> is present it is substituted with the
-user's Windows NT domain name.  If the string <code>%U</code> is present it is
-substituted with the user's Windows NT user name.
-<p><strong>Default:</strong>
-<code>     template homedir = /home/%D/%U</code>
-<p><p></p><dt><strong>template shell</strong><dd>
-<p>When filling out the user information for a Windows NT user, the
-<strong>winbindd</strong> daemon uses this parameter to fill in the shell for that user.
-<p><strong>Default:</strong>
-<code>     template shell = /bin/false</code>
-<p></dl>
-<p><a name="EXAMPLESETUP"></a>
-<h2>EXAMPLE SETUP</h2>
-    
-<p>To setup <strong>winbindd</strong> for user and group lookups plus authentication from
-a domain controller use something like the following setup. This was
-tested on a RedHat 6.2 Linux box.
-<p>In <code>/etc/nsswitch.conf</code> put the following:
-<pre>
-
-   passwd:     files winbind
-   group:      files winbind
-
-</pre>
-
-<p>In <code>/etc/pam.d/*</code> replace the <code>auth</code> lines with something like this:
-<pre>
-
-	auth       required	/lib/security/pam_securetty.so
-	auth       required	/lib/security/pam_nologin.so
-	auth       sufficient	/lib/security/pam_winbind.so
-	auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
-
-</pre>
-
-<p>Note in particular the use of the <code>sufficient</code> keyword and the
-<code>use_first_pass</code> keyword.
-<p>Now replace the account lines with this:
-<pre>
-
-	account    required	/lib/security/pam_winbind.so
-
-</pre>
-
-<p>The next step is to join the domain. To do that use the samedit
-program like this:
-<pre>
-
-	samedit -S '*' -W DOMAIN -UAdministrator
-
-</pre>
-
-<p>The username after the -U can be any Domain user that has administrator 
-priviliges on the machine. Next from within samedit, run the command:
-<pre>
-
-	createuser MACHINE$ -j DOMAIN -L
-
-</pre>
-
-<p>This assumes your domain is called <code>DOMAIN</code> and your Samba workstation
-is called <code>MACHINE</code>.
-<p>Next copy <code>libnss_winbind.so.2</code> to <code>/lib</code> and <code>pam_winbind.so</code> to
-<code>/lib/security</code>.
-<p>Finally, setup a smb.conf containing directives like the following:
-<pre>
-
-  [global]
-        winbind separator = +
+<HTML
+><HEAD
+><TITLE
+>winbindd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="WINBINDD"
+>winbindd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>winbindd&nbsp;--&nbsp;Name Service Switch daemon for resolving names 
+	from NT servers</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+>  [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] {name}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN24"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+>	Samba</A
+> suite version 3.0 and describes functionality not 
+	yet implemented in the main version of Samba.</P
+><P
+><B
+CLASS="COMMAND"
+>winbindd</B
+> is a daemon that provides 
+	a service for the Name Service Switch capability that is present 
+	in most modern C libraries.  The Name Service Switch allows user 
+	and system information to be obtained from different databases 
+	services such as NIS or DNS.  The exact behaviour can be configured 
+	throught the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file.  
+	Users and groups are allocated as they are resolved to a range 
+	of user and group ids specified by the administrator of the 
+	Samba system.</P
+><P
+>The service provided by winbindd is called `winbind' and 
+	can be used to resolve user and group information from a 
+	Windows NT server. The service can also provide authentication
+	services via an associated PAM module. </P
+><P
+>The following nsswitch databases are implemented by 
+	the winbindd service: </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>passwd</DT
+><DD
+><P
+>User information traditionally stored in 
+		the <TT
+CLASS="FILENAME"
+>passwd(5)</TT
+> file and used by 
+		<B
+CLASS="COMMAND"
+>getpwent(3)</B
+> functions. </P
+></DD
+><DT
+>group</DT
+><DD
+><P
+>Group information traditionally stored in 
+		the <TT
+CLASS="FILENAME"
+>group(5)</TT
+> file and used by 		
+		<B
+CLASS="COMMAND"
+>getgrent(3)</B
+> functions. </P
+></DD
+></DL
+></DIV
+><P
+>For example, the following simple configuration in the
+	<TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file can be used to initially 
+	resolve user and group information from <TT
+CLASS="FILENAME"
+>/etc/passwd
+	</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/group</TT
+> and then from the 
+	Windows NT server. </P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>passwd:         files winbind
+group:          files winbind
+	</PRE
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN52"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-d debuglevel</DT
+><DD
+><P
+>Sets the debuglevel to an integer between 
+		0 and 100. 0 is for no debugging and 100 is for reams and 
+		reams. To submit a bug report to the Samba Team, use debug 
+		level 100 (see BUGS.txt).   </P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Tells <B
+CLASS="COMMAND"
+>winbindd</B
+> to not 
+		become a daemon and detach from the current terminal. This 
+		option is used by developers when interactive debugging 
+		of <B
+CLASS="COMMAND"
+>winbindd</B
+> is required. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN65"
+></A
+><H2
+>NAME AND ID RESOLUTION</H2
+><P
+>Users and groups on a Windows NT server are assigned 
+	a relative id (rid) which is unique for the domain when the 
+	user or group is created.  To convert the Windows NT user or group 
+	into a unix user or group, a mapping between rids and unix user 
+	and group ids is required.  This is one of the jobs that <B
+CLASS="COMMAND"
+>	winbindd</B
+> performs. </P
+><P
+>As winbindd users and groups are resolved from a server, user 
+	and group ids are allocated from a specified range.  This
+	is done on a first come, first served basis, although all existing 
+	users and groups will be mapped as soon as a client performs a user 
+	or group enumeration command.  The allocated unix ids are stored 
+	in a database file under the Samba lock directory and will be 
+	remembered. </P
+><P
+>WARNING: The rid to unix id database is the only location 
+	where the user and group mappings are stored by winbindd.  If this 
+	file is deleted or corrupted, there is no way for winbindd to 
+	determine which user and group ids correspond to Windows NT user 
+	and group rids. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN71"
+></A
+><H2
+>CONFIGURATION</H2
+><P
+>Configuration of the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+	is done through configuration parameters in the <TT
+CLASS="FILENAME"
+>smb.conf(5)
+	</TT
+> file.  All parameters should be specified in the 
+	[global] section of smb.conf. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>winbind separator</DT
+><DD
+><P
+>The winbind separator option allows you 
+		to specify how NT domain names and user names are combined 
+		into unix user names when presented to users. By default, 
+		<B
+CLASS="COMMAND"
+>winbindd</B
+> will use the traditional '\' 
+		separator so that the unix user names look like 
+		DOMAIN\username. In some cases this separator character may 
+		cause problems as the '\' character has special meaning in 
+		unix shells.  In that case you can use the winbind separator 
+		option to specify an alternative sepataror character. Good 
+		alternatives may be '/' (although that conflicts
+		with the unix directory separator) or a '+ 'character. 
+		The '+' character appears to be the best choice for 100% 
+		compatibility with existing unix utilities, but may be an 
+		aesthetically bad choice depending on your taste. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind separator = \ </B
+>
+		</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind separator = + </B
+></P
+></DD
+><DT
+>winbind uid</DT
+><DD
+><P
+>The winbind uid parameter specifies the 
+		range of user ids that are allocated by the winbindd daemon.  
+		This range of ids should have no existing local or nis users 
+		within it as strange conflicts can occur otherwise. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind uid = &lt;empty string&gt; 
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind uid = 10000-20000</B
+></P
+></DD
+><DT
+>winbind gid</DT
+><DD
+><P
+>The winbind gid parameter specifies the 
+		range of group ids that are allocated by the winbindd daemon.  
+		This range of group ids should have no existing local or nis 
+		groups within it as strange conflicts can occur otherwise.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind gid = &lt;empty string&gt;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind gid = 10000-20000
+		</B
+> </P
+></DD
+><DT
+>winbind cache time</DT
+><DD
+><P
+>This parameter specifies the number of 
+		seconds the winbindd daemon will cache user and group information 
+		before querying a Windows NT server again. When a item in the 
+		cache is older than this time winbindd will ask the domain 
+		controller for the sequence number of the servers account database. 
+		If the sequence number has not changed then the cached item is 
+		marked as valid for a further <TT
+CLASS="PARAMETER"
+><I
+>winbind cache time
+		</I
+></TT
+> seconds.  Otherwise the item is fetched from the 
+		server. This means that as long as the account database is not 
+		actively changing winbindd will only have to send one sequence 
+		number query packet every <TT
+CLASS="PARAMETER"
+><I
+>winbind cache time
+		</I
+></TT
+> seconds. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind cache time = 15</B
+>
+		</P
+></DD
+><DT
+>winbind enum users</DT
+><DD
+><P
+>On large installations it may be necessary 
+		to suppress the enumeration of users through the <B
+CLASS="COMMAND"
+>		setpwent()</B
+>, <B
+CLASS="COMMAND"
+>getpwent()</B
+> and 
+		<B
+CLASS="COMMAND"
+>endpwent()</B
+> group of system calls.  If 
+		the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum users</I
+></TT
+> parameter is false, 
+		calls to the <B
+CLASS="COMMAND"
+>getpwent</B
+> system call will not 
+		return any data. </P
+><P
+><I
+CLASS="EMPHASIS"
+>Warning:</I
+> Turning off user enumeration 
+		may cause some programs to behave oddly.  For example, the finger 
+		program relies on having access to the full user list when 
+		searching  for matching usernames. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum users = yes </B
+></P
+></DD
+><DT
+>winbind enum groups</DT
+><DD
+><P
+>On large installations it may be necessary 
+		to suppress the enumeration of groups through the <B
+CLASS="COMMAND"
+>		setgrent()</B
+>, <B
+CLASS="COMMAND"
+>getgrent()</B
+> and 
+		<B
+CLASS="COMMAND"
+>endgrent()</B
+> group of system calls.  If 
+		the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum groups</I
+></TT
+> parameter is 
+		false, calls to the <B
+CLASS="COMMAND"
+>getgrent()</B
+> system 
+		call will not return any data. </P
+><P
+><I
+CLASS="EMPHASIS"
+>Warning:</I
+> Turning off group 
+		enumeration may cause some programs to behave oddly. 
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum groups = no </B
+>
+		</P
+></DD
+><DT
+>template homedir</DT
+><DD
+><P
+>When filling out the user information 
+		for a Windows NT user, the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+		uses this parameter to fill in the home directory for that user.  
+		If the string <TT
+CLASS="PARAMETER"
+><I
+>%D</I
+></TT
+> is present it is 
+		substituted with the user's Windows NT domain name.  If the 
+		string <TT
+CLASS="PARAMETER"
+><I
+>%U</I
+></TT
+> is present it is substituted
+		with the user's Windows NT user name. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template homedir = /home/%D/%U </B
+>
+		</P
+></DD
+><DT
+>template shell</DT
+><DD
+><P
+>When filling out the user information for 
+ 		a Windows NT user, the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+		uses this parameter to fill in the shell for that user. 
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template shell = /bin/false </B
+>
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN152"
+></A
+><H2
+>EXAMPLE SETUP</H2
+><P
+>To setup winbindd for user and group lookups plus 
+	authentication from a domain controller use something like the 
+	following setup. This was tested on a RedHat 6.2 Linux box. </P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> put the 
+	following:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>passwd:     files winbind
+group:      files winbind
+	</PRE
+></P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/pam.d/*</TT
+> replace the 
+	<TT
+CLASS="PARAMETER"
+><I
+>auth</I
+></TT
+> lines with something like this: </P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>auth       required	/lib/security/pam_securetty.so
+auth       required	/lib/security/pam_nologin.so
+auth       sufficient	/lib/security/pam_winbind.so
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+	</PRE
+></P
+><P
+>Note in particular the use of the <TT
+CLASS="PARAMETER"
+><I
+>sufficient</I
+></TT
+> 
+	keyword and the <TT
+CLASS="PARAMETER"
+><I
+>use_first_pass</I
+></TT
+> keyword. </P
+><P
+>Now replace the account lines with this: </P
+><P
+><B
+CLASS="COMMAND"
+>account    required	/lib/security/pam_winbind.so
+	</B
+></P
+><P
+>The next step is to join the domain. To do that use the 
+	<B
+CLASS="COMMAND"
+>samedit</B
+> program like this:  </P
+><P
+><B
+CLASS="COMMAND"
+>samedit -S '*' -W DOMAIN -UAdministrator</B
+></P
+><P
+>The username after the <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> can be any Domain 
+	user that has administrator priviliges on the machine. Next from 
+	within <B
+CLASS="COMMAND"
+>samedit</B
+>, run the command: </P
+><P
+><B
+CLASS="COMMAND"
+>createuser MACHINE$ -j DOMAIN -L</B
+></P
+><P
+>This assumes your domain is called "DOMAIN" and your Samba 
+	workstation is called "MACHINE". </P
+><P
+>Next copy <TT
+CLASS="FILENAME"
+>libnss_winbind.so.2</TT
+> to 
+	<TT
+CLASS="FILENAME"
+>/lib</TT
+> and <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+>
+	to <TT
+CLASS="FILENAME"
+>/lib/security</TT
+>.</P
+><P
+>Finally, setup a smb.conf containing directives like the 
+	following:  </P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+	winbind separator = +
         winbind cache time = 10
         template shell = /bin/bash
         template homedir = /home/%D/%U
@@ -248,95 +597,272 @@ is called <code>MACHINE</code>.
         workgroup = DOMAIN
         security = domain
         password server = *
-
-</pre>
-
-<p>Now start <strong>winbindd</strong> and you should find that your user and group
-database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the <code>DOMAIN+user</code>
-syntax for the username. You may wish to use the commands "getent
-passwd" and "getent group" to confirm the correct operation of
-<strong>winbindd</strong>. 
-<p><a name="NOTES"></a>
-<h2>NOTES</h2>
-    
-<p>The following notes are useful when configuring and running <strong>winbindd</strong>:
-<p><dl>
-<p><p></p><dt><strong></strong><dd>
-<a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
-<strong>winbindd</strong> to work.
-<p><p></p><dt><strong></strong><dd>
-<strong>winbindd</strong> queries the list of trusted domains for the Windows NT server
-on startup and when a SIGHUP is received.  Thus, for a running <strong>winbindd</strong>
-to become aware of new trust relationships between servers, it must be sent
-a SIGHUP signal.
-<p><p></p><dt><strong></strong><dd> 
-Client processes resolving names through the <strong>winbindd</strong> nsswitch module
-read an environment variable named <code>WINBINDD_DOMAIN</code>.  If this variable
-contains a comma separated list of Windows NT domain names, then <strong>winbindd</strong>
-will only resolve users and groups within those Windows NT domains.
-<p><p></p><dt><strong></strong><dd>
-PAM is really easy to misconfigure.  Make sure you know what you are doing
-when modifying PAM configuration files.  It is possible to set up PAM
-such that you can no longer log into your system.
-<p><p></p><dt><strong></strong><dd>
-If more than one UNIX machine is running <strong>winbindd</strong>, then in general the
-user and groups ids allocated by <strong>winbindd</strong> will not be the same.  The
-user and group ids will only be valid for the local machine.  
-<p><p></p><dt><strong></strong><dd>
-If the the Windows NT RID to UNIX user and group id mapping file
-is damaged or destroyed then the mappings will be lost.
-<p></dl>
-<p><a name="SIGNALS"></a>
-<h2>SIGNALS</h2>
-    
-<p>The following signals can be used to manipulate the <strong>winbindd</strong> daemon.
-<p><dl>
-<p><p></p><dt><strong><code>SIGHUP</code></strong><dd>
-<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running
-version of <strong>winbindd</strong>.  This signal also clears any cached user and group
-information.  The list of other domains trusted by <strong>winbindd</strong> is also
-reloaded. 
-<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd>
-<p>The <code>SIGUSR1</code> signal will cause <strong>winbindd</strong> to write status information
-to the winbind log file including information about the number of user and
-group ids allocated by <strong>winbindd</strong>.
-<p>Log files are stored in the filename specified by the <strong>log file</strong> parameter.
-<p></dl>
-<p><a name="FILES"></a>
-<h2>FILES</h2>
-    
-<p>The following files are relevant to the operation of the <strong>winbindd</strong>
-daemon.
-<p><dl>
-<p><p></p><dt><strong>/etc/nsswitch.conf(5)</strong><dd>
-<p>Name service switch configuration file.
-<p><p></p><dt><strong>/tmp/.winbindd/pipe</strong><dd>
-<p>The UNIX pipe over which clients communicate with the <strong>winbindd</strong> program.
-For security reasons, the winbind client will only attempt to connect to the
-<strong>winbindd</strong> daemon if both the <code>/tmp/.winbindd</code> directory and
-<code>/tmp/.winbindd/pipe</code> file are owned by root.
-<p><p></p><dt><strong>/lib/libnss_winbind.so.X</strong><dd>
-<p>Implementation of name service switch library. 
-<p><p></p><dt><strong>$LOCKDIR/winbindd_idmap.tdb</strong><dd>
-<p>Storage for the Windows NT rid to UNIX user/group id mapping.  The lock
-directory is specified when Samba is initially compiled using the
-<code>--with-lockdir</code> option.  This directory is by default
-<code>/usr/local/samba/var/locks</code>.
-<p><p></p><dt><strong>$LOCKDIR/winbindd_cache.tdb</strong><dd>
-<p>Storage for cached user and group information.
-<p></dl>
-<p><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-    
-<p><a href="samba.7.html"><strong>samba(7)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf(5)</strong></a>, 
-<strong>nsswitch.conf(5)</strong>, <a href="wbinfo.1.html"><strong>wbinfo(1)</strong></a>
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-    
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell. Samba is now developed by the Samba Team as an Open
-Source project.
-<p><strong>winbindd</strong> was written by Tim Potter.
-</body>
-</html>
+	</PRE
+></P
+><P
+>Now start winbindd and you should find that your user and 
+	group database is expanded to include your NT users and groups, 
+	and that you can login to your unix box as a domain user, using 
+	the DOMAIN+user syntax for the username. You may wish to use the 
+	commands <B
+CLASS="COMMAND"
+>getent passwd</B
+> and <B
+CLASS="COMMAND"
+>getent group
+	</B
+> to confirm the correct operation of winbindd.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN191"
+></A
+><H2
+>Notes</H2
+><P
+>The following notes are useful when configuring and 
+	running <B
+CLASS="COMMAND"
+>winbindd</B
+>: </P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> must be running on the local machine 
+	for <B
+CLASS="COMMAND"
+>winbindd</B
+> to work. <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	queries the list of trusted domains for the Windows NT server
+	on startup and when a SIGHUP is received.  Thus, for a running <B
+CLASS="COMMAND"
+>	winbindd</B
+> to become aware of new trust relationships between 
+	servers, it must be sent a SIGHUP signal. </P
+><P
+>Client processes resolving names through the <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	nsswitch module read an environment variable named <TT
+CLASS="PARAMETER"
+><I
+>	$WINBINDD_DOMAIN</I
+></TT
+>.  If this variable contains a comma separated
+	list of Windows NT domain names, then winbindd will only resolve users
+	and groups within those Windows NT domains. </P
+><P
+>PAM is really easy to misconfigure.  Make sure you know what 
+	you are doing when modifying PAM configuration files.  It is possible 
+	to set up PAM such that you can no longer log into your system. </P
+><P
+>If more than one UNIX machine is running <B
+CLASS="COMMAND"
+>winbindd</B
+>, 
+	then in general the user and groups ids allocated by winbindd will not 
+	be the same.  The user and group ids will only be valid for the local 
+	machine.</P
+><P
+>If the the Windows NT RID to UNIX user and group id mapping 
+	file is damaged or destroyed then the mappings will be lost. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN207"
+></A
+><H2
+>Signals</H2
+><P
+>The following signals can be used to manipulate the 
+	<B
+CLASS="COMMAND"
+>winbindd</B
+> daemon. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>SIGHUP</DT
+><DD
+><P
+>Reload the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+		file and apply any parameter changes to the running 
+		version of winbindd.  This signal also clears any cached 
+		user and group information.  The list of other domains trusted 
+		by winbindd is also reloaded.  </P
+></DD
+><DT
+>SIGUSR1</DT
+><DD
+><P
+>The SIGUSR1 signal will cause <B
+CLASS="COMMAND"
+>		winbindd</B
+> to write status information to the winbind 
+		log file including information about the number of user and 
+		group ids allocated by <B
+CLASS="COMMAND"
+>winbindd</B
+>.</P
+><P
+>Log files are stored in the filename specified by the 
+		log file parameter.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN224"
+></A
+><H2
+>Files</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf(5)</TT
+></DT
+><DD
+><P
+>Name service switch configuration file.</P
+></DD
+><DT
+>/tmp/.winbindd/pipe</DT
+><DD
+><P
+>The UNIX pipe over which clients communicate with 
+		the <B
+CLASS="COMMAND"
+>winbindd</B
+> program.  For security reasons, the 
+		winbind client will only attempt to connect to the winbindd daemon 
+		if both the <TT
+CLASS="FILENAME"
+>/tmp/.winbindd</TT
+> directory
+		and <TT
+CLASS="FILENAME"
+>/tmp/.winbindd/pipe</TT
+> file are owned by 
+		root. </P
+></DD
+><DT
+>/lib/libnss_winbind.so.X</DT
+><DD
+><P
+>Implementation of name service switch library.
+		</P
+></DD
+><DT
+>$LOCKDIR/winbindd_idmap.tdb</DT
+><DD
+><P
+>Storage for the Windows NT rid to UNIX user/group 
+		id mapping.  The lock directory is specified when Samba is initially 
+		compiled using the <TT
+CLASS="FILENAME"
+>--with-lockdir</TT
+> option.  
+		This directory is by default <TT
+CLASS="FILENAME"
+>/usr/local/samba/var/locks
+		</TT
+>. </P
+></DD
+><DT
+>$LOCKDIR/winbindd_cache.tdb</DT
+><DD
+><P
+>Storage for cached user and group information.
+		</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN253"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of 
+	the Samba suite.  winbindd is however not available in
+	stable release of Samba as of yet.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN256"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><TT
+CLASS="FILENAME"
+>nsswitch.conf(5)</TT
+>,
+	<A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>,
+	<A
+HREF="wbinfo.1.html"
+TARGET="_top"
+>wbinfo(1)</A
+>,
+	<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN263"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</P
+><P
+><B
+CLASS="COMMAND"
+>wbinfo</B
+> and <B
+CLASS="COMMAND"
+>winbindd</B
+>
+	were written by Tim Potter.</P
+><P
+>The conversion to DocBook for Samba 2.2 was done 
+	by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
+\ No newline at end of file
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
index f7979b76b1..ab9f95fcbe 100644
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@@ -1,125 +1,120 @@
-.TH "smbtar " "1" "23 Oct 1998" "Samba" "SAMBA" 
-.PP 
-.SH "NAME" 
-smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBsmbtar\fP -s server [-p password] [-x service] [-X] [-d directory] [-u user] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l log level] [-v] filenames
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This program is part of the \fBSamba\fP suite\&.
-.PP 
-\fBsmbtar\fP is a very small shell script on top of
-\fBsmbclient\fP which dumps SMB shares directly
-to tape\&.
-.PP 
-.SH "OPTIONS" 
-.PP 
-.IP 
-.IP "\fB-s server\fP" 
-The SMB/CIFS server that the share resides upon\&.
-.IP 
-.IP "\fB-x service\fP" 
-The share name on the server to connect
-to\&. The default is \f(CWbackup\fP\&.
-.IP 
-.IP "\fB-X\fP" 
-Exclude mode\&. Exclude filenames\&.\&.\&. from tar create or
-restore\&.
-.IP 
-.IP "\fB-d directory\fP" 
-Change to initial \fIdirectory\fP before restoring
-/ backing up files\&.
-.IP 
-.IP "\fB-v\fP" 
-Verbose mode\&.
-.IP 
-.IP "\fB-p password\fP" 
-The password to use to access a share\&. Default:
-none
-.IP 
-.IP "\fB-u user\fP" 
-The user id to connect as\&. Default: UNIX login name\&.
-.IP 
-.IP "\fB-t tape\fP" 
-Tape device\&. May be regular file or tape
-device\&. Default: \fITAPE\fP environmental variable; if not set, a file
-called \f(CWtar\&.out\fP\&.
-.IP 
-.IP "\fB-b blocksize\fP" 
-Blocking factor\&. Defaults to 20\&. See \fBtar (1)\fP
-for a fuller explanation\&.
-.IP 
-.IP "\fB-N filename\fP" 
-Backup only files newer than filename\&. Could be
-used (for example) on a log file to implement incremental backups\&.
-.IP 
-.IP "\fB-i\fP" 
-Incremental mode; tar files are only backed up if they
-have the archive bit set\&. The archive bit is reset after each file is
-read\&.
-.IP 
-.IP "\fB-r\fP" 
-Restore\&. Files are restored to the share from the tar
-file\&.
-.IP 
-.IP "\fB-l log level\fP" 
-Log (debug) level\&. Corresponds to the
-\fB-d\fP flag of \fBsmbclient
-(1)\fP\&.
-.IP 
-.PP 
-.SH "ENVIRONMENT VARIABLES" 
-.PP 
-The TAPE variable specifies the default tape device to write to\&. May
-be overridden with the \fB-t\fP option\&.
-.PP 
-.SH "BUGS" 
-.PP 
-The \fBsmbtar\fP script has different options from ordinary tar and tar
-called from \fBsmbclient\fP\&.
-.PP 
-.SH "CAVEATS" 
-.PP 
-Sites that are more careful about security may not like the way the
-script handles PC passwords\&. Backup and restore work on entire shares,
-should work on file lists\&. \fBsmbtar\fP works best with GNU tar and may
-not work well with other versions\&.
-.PP 
-.SH "VERSION" 
-.PP 
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP 
-.SH "SEE ALSO" 
-.PP 
-\fBsmbclient (1)\fP, \fBsmb\&.conf
-(5)\fP
-.PP 
-.SH "DIAGNOSTICS" 
-.PP 
-See the \fBDIAGNOSTICS\fP section for
-the \fBsmbclient\fP command\&.
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba\&.org\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP 
-Ricky Poulten poultenr@logica\&.co\&.uk wrote the tar extension and
-this man page\&. The \fBsmbtar\fP script was heavily rewritten and
-improved by Martin Kraemer Martin\&.Kraemer@mch\&.sni\&.de\&. Many
-thanks to everyone who suggested extensions, improvements, bug fixes,
-etc\&. The man page sources were converted to YODL format (another
-excellent piece of Open Source software available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison,
-samba@samba\&.org\&.
-.PP 
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
-.PP 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBTAR" "1" "22 February 2001" "" ""
+.SH NAME
+smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape drives
+.SH SYNOPSIS
+.sp
+\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ]  [ \fB-x services\fR ]  [ \fB-X\fR ]  [ \fB-d directory\fR ]  [ \fB-u user\fR ]  [ \fB-t tape\fR ]  [ \fB-t tape\fR ]  [ \fB-b blocksize\fR ]  [ \fB-N filename\fR ]  [ \fB-i\fR ]  [ \fB-r\fR ]  [ \fB-l loglevel\fR ]  [ \fB-v\fR ]  \fBfilenames\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba <URL:samba.7.html> suite.
+.PP
+\fBsmbtar\fR is a very small shell script on top 
+of \fBsmbclient(1)\fR <URL:smbclient.1.html> 
+which dumps SMB shares directly to tape. 
+.SH "OPTIONS"
+.TP
+\fB-s server\fR
+The SMB/CIFS server that the share resides 
+upon.
+.TP
+\fB-x service\fR
+The share name on the server to connect to. 
+The default is "backup".
+.TP
+\fB-X\fR
+Exclude mode. Exclude filenames... from tar 
+create or restore. 
+.TP
+\fB-d directory\fR
+Change to initial \fIdirectory
+\fRbefore restoring / backing up files. 
+.TP
+\fB-v\fR
+Verbose mode.
+.TP
+\fB-p password\fR
+The password to use to access a share. 
+Default: none 
+.TP
+\fB-u user\fR
+The user id to connect as. Default: 
+UNIX login name. 
+.TP
+\fB-t tape\fR
+Tape device. May be regular file or tape 
+device. Default: \fI$TAPE\fR environmental 
+variable; if not set, a file called \fItar.out
+\fR\&. 
+.TP
+\fB-b blocksize\fR
+Blocking factor. Defaults to 20. See
+\fBtar(1)\fR for a fuller explanation. 
+.TP
+\fB-N filename\fR
+Backup only files newer than filename. Could 
+be used (for example) on a log file to implement incremental
+backups. 
+.TP
+\fB-i\fR
+Incremental mode; tar files are only backed 
+up if they have the archive bit set. The archive bit is reset 
+after each file is read. 
+.TP
+\fB-r\fR
+Restore. Files are restored to the share 
+from the tar file. 
+.TP
+\fB-l log level\fR
+Log (debug) level. Corresponds to the 
+\fI-d\fR flag of \fBsmbclient(1)
+\fR\&. 
+.SH "ENVIRONMENT VARIABLES"
+.PP
+The \fI$TAPE\fR variable specifies the 
+default tape device to write to. May be overridden
+with the -t option. 
+.SH "BUGS"
+.PP
+The \fBsmbtar\fR script has different 
+options from ordinary tar and tar called from smbclient. 
+.SH "CAVEATS"
+.PP
+Sites that are more careful about security may not like 
+the way the script handles PC passwords. Backup and restore work 
+on entire shares, should work on file lists. smbtar works best
+with GNU tar and may not work well with other versions. 
+.SH "DIAGNOSTICS"
+.PP
+See the \fBDIAGNOSTICS\fR section for the 
+\fBsmbclient(1)\fR 
+ <URL:smbclient.1.html> command.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR <URL:smbd.8.html>, 
+\fBsmbclient(1)\fR <URL:smbclient.1.html>, 
+smb.conf(5) <URL:smb.conf.5.html>,
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+Ricky Poulten <URL:mailto:poultenr@logica.co.uk> 
+wrote the tar extension and this man page. The \fBsmbtar\fR 
+script was heavily rewritten and improved by Martin Kraemer <URL:mailto:Martin.Kraemer@mch.sni.de>. Many 
+thanks to everyone who suggested extensions, improvements, bug 
+fixes, etc. The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter.
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index 3fc450f385..5e6b8a57d8 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -1,153 +1,140 @@
-.TH "swat " "8" "23 Oct 1998" "Samba" "SAMBA" 
-.PP 
-.SH "NAME" 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SWAT" "8" "22 February 2001" "" ""
+.SH NAME
 swat \- Samba Web Administration Tool
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBswat\fP [-s smb config file] [-a]
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This program is part of the \fBSamba\fP suite\&.
-.PP 
-\fBswat\fP allows a Samba administrator to configure the complex
-\fBsmb\&.conf\fP file via a Web browser\&. In
-addition, a swat configuration page has help links to all the
-configurable options in the \fBsmb\&.conf\fP file
-allowing an administrator to easily look up the effects of any change\&.
-.PP 
-\fBswat\fP is run from \fBinetd\fP
-.PP 
-.SH "OPTIONS" 
-.PP 
-.IP 
-.IP "\fB-s smb configuration file\fP" 
-The default configuration file path is
-determined at compile time\&.
-.IP 
-The file specified contains the configuration details required by the
-\fBsmbd\fP server\&. This is the file that \fBswat\fP will
-modify\&. The information in this file includes server-specific
-information such as what printcap file to use, as well as descriptions
-of all the services that the server is to provide\&. See smb\&.conf
-(5) for more information\&.
-.IP 
-.IP "\fB-a\fP" 
-.IP 
-This option disables authentication and puts \fBswat\fP in demo mode\&. In
-that mode anyone will be able to modify the
-\fBsmb\&.conf\fP file\&.
-.IP 
-Do NOT enable this option on a production server\&.
-.IP 
-.PP 
-.SH "INSTALLATION" 
-.PP 
-After you compile SWAT you need to run \f(CW"make install"\fP to install the
-swat binary and the various help files and images\&. A default install
-would put these in:
-.PP 
-
-.nf 
- 
+.SH SYNOPSIS
+.sp
+\fBnmblookup\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba <URL:samba.7.html> suite.
+.PP
+\fBswat\fR allows a Samba administrator to 
+configure the complex \fI smb.conf(5)\fR <URL:smb.conf.5.html> file via a Web browser. In addition, 
+a \fBswat\fR configuration page has help links 
+to all the configurable options in the smb.conf file allowing an 
+administrator to easily look up the effects of any change. 
+.PP
+swat is run from inetd 
+.SH "OPTIONS"
+.TP
+\fB-s smb configuration file\fR
+The default configuration file path is 
+determined at compile time. The file specified contains 
+the configuration details required by the \fBsmbd
+\fRserver. This is the file that swat will modify. 
+The information in this file includes server-specific 
+information such as what printcap file to use, as well as 
+descriptions of all the services that the server is to provide.
+See \fIsmb.conf\fR for more information. 
+.TP
+\fB-a\fR
+This option disables authentication and puts 
+swat in demo mode. In that mode anyone will be able to modify 
+the smb.conf file. 
 
+\fBDo NOT enable this option on a production 
+server. \fR
+.SH "INSTALLATION"
+.PP
+After you compile SWAT you need to run \fBmake install
+\fRto install the \fBswat\fR binary
+and the various help files and images. A default install would put 
+these in: 
+.TP 0.2i
+\(bu
 /usr/local/samba/bin/swat
+.TP 0.2i
+\(bu
 /usr/local/samba/swat/images/*
+.TP 0.2i
+\(bu
 /usr/local/samba/swat/help/*
-
-.fi 
- 
-
-.PP 
-.SH "INETD INSTALLATION" 
-.PP 
-You need to edit your \f(CW/etc/inetd\&.conf\fP and \f(CW/etc/services\fP to
-enable \fBSWAT\fP to be launched via inetd\&. 
-.PP 
-In \f(CW/etc/services\fP you need to add a line like this:
-.PP 
-\f(CWswat            901/tcp\fP
-.PP 
-Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local \f(CW/etc/services\fP file\&.
-.PP 
-the choice of port number isn\'t really important except that it should
-be less than 1024 and not currently used (using a number above 1024
-presents an obscure security hole depending on the implementation
-details of your \fBinetd\fP daemon)\&.
-.PP 
-In \f(CW/etc/inetd\&.conf\fP you should add a line like this:
-.PP 
-\f(CWswat    stream  tcp     nowait\&.400  root    /usr/local/samba/bin/swat swat\fP
-.PP 
-One you have edited \f(CW/etc/services\fP and \f(CW/etc/inetd\&.conf\fP you need
-to send a HUP signal to inetd\&. To do this use \f(CW"kill -1 PID"\fP where
-PID is the process ID of the inetd daemon\&.
-.PP 
-.SH "LAUNCHING" 
-.PP 
-To launch \fBswat\fP just run your favorite web browser and point it at
-\f(CWhttp://localhost:901/\fP\&.
-.PP 
-\fBNote that you can attach to \fBswat\fP from any IP connected machine but
-connecting from a remote machine leaves your connection open to
-password sniffing as passwords will be sent in the clear over the
-wire\&.\fP
-.PP 
-.SH "FILES" 
-.PP 
-\fB/etc/inetd\&.conf\fP
-.PP 
-This file must contain suitable startup information for the
-meta-daemon\&. 
-.PP 
-\fB/etc/services\fP
-.PP 
-This file must contain a mapping of service name (e\&.g\&., swat) to
-service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&. 
-.PP 
-\fB/usr/local/samba/lib/smb\&.conf\fP
-.PP 
-This is the default location of the \fIsmb\&.conf\fP server configuration
-file that \fBswat\fP edits\&. Other common places that systems install
-this file are \fI/usr/samba/lib/smb\&.conf\fP and \fI/etc/smb\&.conf\fP\&.
-.PP 
-This file describes all the services the server is to make available
-to clients\&. See \fBsmb\&.conf (5)\fP for more information\&.
-.PP 
-.SH "WARNINGS" 
-.PP 
-\fBswat\fP will rewrite your \fBsmb\&.conf\fP file\&. It
-will rearrange the entries and delete all comments,
-\fB"include="\fP and
-\fB"copy="\fP options\&. If you have a
-carefully crafted \fBsmb\&.conf\fP then back it up
-or don\'t use \fBswat\fP!
-.PP 
-.SH "VERSION" 
-.PP 
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP 
-.SH "SEE ALSO" 
-.PP 
-\fBinetd (8)\fP, \fBnmbd (8)\fP,
-\fBsmb\&.conf (5)\fP\&.
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell (samba@samba\&.org)\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP 
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&.
-samba@samba\&.org\&.
-.PP 
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+.SS "INETD INSTALLATION"
+.PP
+You need to edit your \fI/etc/inetd.conf
+\fRand \fI/etc/services\fR
+to enable SWAT to be launched via inetd.
+.PP
+In \fI/etc/services\fR you need to 
+add a line like this: 
+.PP
+\fBswat 901/tcp\fR
+.PP
+Note for NIS/YP users - you may need to rebuild the 
+NIS service maps rather than alter your local \fI /etc/services\fR file. 
+.PP
+the choice of port number isn't really important 
+except that it should be less than 1024 and not currently 
+used (using a number above 1024 presents an obscure security 
+hole depending on the implementation details of your 
+\fBinetd\fR daemon). 
+.PP
+In \fI/etc/inetd.conf\fR you should 
+add a line like this: 
+.PP
+\fBswat stream tcp nowait.400 root
+/usr/local/samba/bin/swat swat\fR
+.PP
+One you have edited \fI/etc/services\fR 
+and \fI/etc/inetd.conf\fR you need to send a 
+HUP signal to inetd. To do this use \fBkill -1 PID
+\fRwhere PID is the process ID of the inetd daemon. 
+.SS "LAUNCHING"
+.PP
+To launch swat just run your favorite web browser and 
+point it at "http://localhost:901/".
+.PP
+Note that you can attach to swat from any IP connected 
+machine but connecting from a remote machine leaves your 
+connection open to password sniffing as passwords will be sent 
+in the clear over the wire. 
+.SH "FILES"
+.TP
+\fB\fI/etc/inetd.conf\fB\fR
+This file must contain suitable startup 
+information for the meta-daemon.
+.TP
+\fB\fI/etc/services\fB\fR
+This file must contain a mapping of service name 
+(e.g., swat) to service port (e.g., 901) and protocol type 
+(e.g., tcp). 
+.TP
+\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+This is the default location of the \fIsmb.conf(5)
+\fRserver configuration file that swat edits. Other 
+common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf
+\fR\&. This file describes all the services the server 
+is to make available to clients. 
+.SH "WANRNIGS"
+.PP
+\fBswat\fR will rewrite your \fIsmb.conf
+\fRfile. It will rearrange the entries and delete all 
+comments, \fIinclude=\fR and \fIcopy="
+\fRoptions. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBinetd(5)\fR,
+\fBsmbd(8)\fR <URL:smbd.8.html>, 
+smb.conf(5) <URL:smb.conf.5.html>
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index 6f76699e3f..efdaf76bd8 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -1,296 +1,266 @@
-.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA" 
-.PP 
-.SH "NAME" 
-winbindd \- Name Service Switch daemon for resolving names from NT servers
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBwinbindd\fP [-d debuglevel] [-i]
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This program is part of the \fBSamba\fP suite version 3\&.0 and describes
-functionality not yet implemented in the main version of Samba\&.
-.PP 
-\fBwinbindd\fP is a daemon that provides a service for the Name Service
-Switch capability that is present in most modern C libraries\&.  The Name
-Service Switch allows user and system information to be obtained from
-different databases services such as NIS or DNS\&.  The exact behaviour can
-be configured throught the \f(CW/etc/nsswitch\&.conf\fP file\&.  Users and groups
-are allocated as they are resolved to a range of user and group ids
-specified by the administrator of the Samba system\&.  
-.PP 
-The service provided by \fBwinbindd\fP is called `winbind\' and can be
-used to resolve user and group information from a Windows NT server\&.
-The service can also provide authentication services via an associated
-PAM module\&.
-.PP 
-The following nsswitch databases are implemented by the \fBwinbindd\fP
-service:
-.PP 
-.IP 
-.IP "passwd" 
-.IP 
-User information traditionally stored in the \fBpasswd(5)\fP file and used by
-\fBgetpwent(3)\fP functions\&.
-.IP 
-.IP "group" 
-.IP 
-Group information traditionally stored in the \fBgroup(5)\fP file and used by
-\fBgetgrent(3)\fP functions\&.
-.IP 
-.PP 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WINBINDD" "8" "22 February 2001" "" ""
+.SH NAME
+winbindd \- Name Service Switch daemon for resolving names  from NT servers
+.SH SYNOPSIS
+.sp
+\fBnmblookup\fR [ \fB-d debuglevel\fR ]  [ \fB-i\fR ]  [ \fB-S\fR ]  [ \fB-r\fR ]  [ \fB-A\fR ]  [ \fB-h\fR ]  [ \fB-B <broadcast address>\fR ]  [ \fB-U <unicast address>\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-i <NetBIOS scope>\fR ]  [ \fB-T\fR ]  \fBname\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the  Samba <URL:samba.7.html> suite version 3.0 and describes functionality not 
+yet implemented in the main version of Samba.
+.PP
+\fBwinbindd\fR is a daemon that provides 
+a service for the Name Service Switch capability that is present 
+in most modern C libraries. The Name Service Switch allows user 
+and system information to be obtained from different databases 
+services such as NIS or DNS. The exact behaviour can be configured 
+throught the \fI/etc/nsswitch.conf\fR file. 
+Users and groups are allocated as they are resolved to a range 
+of user and group ids specified by the administrator of the 
+Samba system.
+.PP
+The service provided by winbindd is called `winbind' and 
+can be used to resolve user and group information from a 
+Windows NT server. The service can also provide authentication
+services via an associated PAM module. 
+.PP
+The following nsswitch databases are implemented by 
+the winbindd service: 
+.TP
+\fBpasswd\fR
+User information traditionally stored in 
+the \fIpasswd(5)\fR file and used by 
+\fBgetpwent(3)\fR functions. 
+.TP
+\fBgroup\fR
+Group information traditionally stored in 
+the \fIgroup(5)\fR file and used by 
+\fBgetgrent(3)\fR functions. 
+.PP
 For example, the following simple configuration in the
-\f(CW/etc/nsswitch\&.conf\fP file can be used to initially resolve user and group
-information from \f(CW/etc/passwd\fP and \f(CW/etc/group\fP and then from the
-Windows NT server\&.
-.PP 
+\fI/etc/nsswitch.conf\fR file can be used to initially 
+resolve user and group information from \fI/etc/passwd
+\fRand \fI/etc/group\fR and then from the 
+Windows NT server. 
+.PP
+.PP
+.sp
+.nf
+passwd:         files winbind
+group:          files winbind
+	
+.sp
+.fi
+.PP
+.SH "OPTIONS"
+.TP
+\fB-d debuglevel\fR
+Sets the debuglevel to an integer between 
+0 and 100. 0 is for no debugging and 100 is for reams and 
+reams. To submit a bug report to the Samba Team, use debug 
+level 100 (see BUGS.txt). 
+.TP
+\fB-i\fR
+Tells \fBwinbindd\fR to not 
+become a daemon and detach from the current terminal. This 
+option is used by developers when interactive debugging 
+of \fBwinbindd\fR is required. 
+.SH "NAME AND ID RESOLUTION"
+.PP
+Users and groups on a Windows NT server are assigned 
+a relative id (rid) which is unique for the domain when the 
+user or group is created. To convert the Windows NT user or group 
+into a unix user or group, a mapping between rids and unix user 
+and group ids is required. This is one of the jobs that \fB winbindd\fR performs. 
+.PP
+As winbindd users and groups are resolved from a server, user 
+and group ids are allocated from a specified range. This
+is done on a first come, first served basis, although all existing 
+users and groups will be mapped as soon as a client performs a user 
+or group enumeration command. The allocated unix ids are stored 
+in a database file under the Samba lock directory and will be 
+remembered. 
+.PP
+WARNING: The rid to unix id database is the only location 
+where the user and group mappings are stored by winbindd. If this 
+file is deleted or corrupted, there is no way for winbindd to 
+determine which user and group ids correspond to Windows NT user 
+and group rids. 
+.SH "CONFIGURATION"
+.PP
+Configuration of the \fBwinbindd\fR daemon 
+is done through configuration parameters in the \fIsmb.conf(5)
+\fRfile. All parameters should be specified in the 
+[global] section of smb.conf. 
+.TP
+\fBwinbind separator\fR
+The winbind separator option allows you 
+to specify how NT domain names and user names are combined 
+into unix user names when presented to users. By default, 
+\fBwinbindd\fR will use the traditional '\\' 
+separator so that the unix user names look like 
+DOMAIN\\username. In some cases this separator character may 
+cause problems as the '\\' character has special meaning in 
+unix shells. In that case you can use the winbind separator 
+option to specify an alternative sepataror character. Good 
+alternatives may be '/' (although that conflicts
+with the unix directory separator) or a '+ 'character. 
+The '+' character appears to be the best choice for 100% 
+compatibility with existing unix utilities, but may be an 
+aesthetically bad choice depending on your taste. 
 
-.nf 
- 
+Default: \fBwinbind separator = \\ \fR
 
-  passwd:         files winbind
-  group:          files winbind
+Example: \fBwinbind separator = + \fR
+.TP
+\fBwinbind uid\fR
+The winbind uid parameter specifies the 
+range of user ids that are allocated by the winbindd daemon. 
+This range of ids should have no existing local or nis users 
+within it as strange conflicts can occur otherwise. 
 
-.fi 
- 
+Default: \fBwinbind uid = <empty string> 
+\fR
+Example: \fBwinbind uid = 10000-20000\fR
+.TP
+\fBwinbind gid\fR
+The winbind gid parameter specifies the 
+range of group ids that are allocated by the winbindd daemon. 
+This range of group ids should have no existing local or nis 
+groups within it as strange conflicts can occur otherwise.
 
-.PP 
-.SH "OPTIONS" 
-.PP 
-The following options are available to the \fBwinbindd\fP daemon:
-.PP 
-.IP 
-.IP "\fB-d debuglevel\fP" 
-Sets the debuglevel to an integer between 0 and 100\&. 0 is for no debugging
-and 100 is for reams and reams\&. To submit a bug report to the Samba Team,
-use debug level 100 (see \fBBUGS\&.txt\fP)\&.  
-.IP 
-.IP "\fB-i\fP" 
-Tells \fBwinbindd\fP to not become a daemon and detach from the current terminal\&.
-This option is used by developers when interactive debugging of \fBwinbindd\fP is
-required\&.
-.IP 
-.PP 
-.SH "NAME AND ID RESOLUTION" 
-.PP 
-Users and groups on a Windows NT server are assigned a relative id (rid)
-which is unique for the domain when the user or group is created\&.  To
-convert the Windows NT user or group into a unix user or group, a mapping
-between rids and unix user and group ids is required\&.  This is one of the
-jobs that \fBwinbindd\fP performs\&.
-.PP 
-As \fBwinbindd\fP users and groups are resolved from a server, user and group
-ids are allocated from a specified range\&.  This is done on a first come,
-first served basis, although all existing users and groups will be mapped
-as soon as a client performs a user or group enumeration command\&.  The
-allocated unix ids are stored in a database file under the Samba lock
-directory and will be remembered\&.
-.PP 
-WARNING: The rid to unix id database is the only location where the user
-and group mappings are stored by \fBwinbindd\fP\&.  If this file is deleted or
-corrupted, there is no way for \fBwinbindd\fP to determine which user and
-group ids correspond to Windows NT user and group rids\&.
-.PP 
-.SH "CONFIGURATION" 
-.PP 
-Configuration of the \fBwinbindd\fP daemon is done through configuration
-parameters in the \fBsmb\&.conf\fP file\&.  All parameters
-should be specified in the [global] section of
-\fBsmb\&.conf\fP\&.
-.PP 
-.IP 
-.IP "winbind separator" 
-.IP 
-The winbind separator option allows you to specify how NT domain names
-and user names are combined into unix user names when presented to
-users\&. By default winbind will use the traditional \e separator so
-that the unix user names look like DOMAIN\eusername\&. In some cases
-this separator character may cause problems as the \e character has
-special meaning in unix shells\&. In that case you can use the winbind
-separator option to specify an alternative sepataror character\&. Good
-alternatives may be / (although that conflicts with the unix directory
-separator) or a + character\&. The + character appears to be the best
-choice for 100% compatibility with existing unix utilities, but may be
-an aesthetically bad choice depending on your taste\&.
-.IP 
-\fBDefault:\fP
-\f(CW     winbind separator = \e\fP
-.IP 
-\fBExample:\fP
-\f(CW     winbind separator = +\fP
-.IP 
-.IP "winbind uid" 
-.IP 
-The winbind uid parameter specifies the range of user ids that are
-allocated by the \fBwinbindd\fP daemon\&.  This range of
-ids should have no existing local or nis users within it as strange
-conflicts can occur otherwise\&.
-.IP 
-\fBDefault:\fP
-\f(CW     winbind uid = <empty string>\fP
-.IP 
-\fBExample:\fP
-\f(CW     winbind uid = 10000-20000\fP
-.IP 
-.IP "winbind gid" 
-.IP 
-The winbind gid parameter specifies the range of group ids that are
-allocated by the \fBwinbindd\fP daemon\&.  This range of group ids should have
-no existing local or nis groups within it as strange conflicts can occur
-otherwise\&.
-.IP 
-\fBDefault:\fP
-\f(CW     winbind gid = <empty string>\fP
-.IP 
-\fBExample:\fP
-\f(CW     winbind gid = 10000-20000\fP
-.IP 
-.IP "winbind cache time" 
-.IP 
-This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
-cache user and group information before querying a Windows NT server
-again\&. When a item in the cache is older than this time \fBwinbindd\fP will ask
-the domain controller for the sequence number of the servers account
-database\&. If the sequence number has not changed then the cached item is
-marked as valid for a further "winbind cache time" seconds\&.  Otherwise the
-item is fetched from the server\&. This means that as long as the account
-database is not actively changing \fBwinbindd\fP will only have to send one
-sequence number query packet every "winbind cache time" seconds\&.
-.IP 
-\fBDefault:\fP
-\f(CW     winbind cache time = 15\fP
-.IP 
-.IP "winbind enum users" 
-.IP 
-On large installations it may be necessary to suppress the enumeration of
-users through the \f(CWsetpwent\fP, \f(CWgetpwent\fP and \f(CWendpwent\fP group of
-system calls\&.  If the \f(CWwinbind enum users\fP parameter is false, calls to
-the \f(CWgetpwent\fP system call will not return any data\&.
-.IP 
-Warning: Turning off user enumeration may cause some programs to behave
-oddly\&.  For example, the finger program relies on having access to the full
-user list when searching for matching usernames\&.
-.IP 
-\fBDefault:\fP
-\f(CW     winbind enum users = true\fP
-.IP 
-.IP "winbind enum groups" 
-.IP 
-On large installations it may be necessary to suppress the enumeration of
-groups through the \f(CWsetgrent\fP, \f(CWgetgrent\fP and \f(CWendgrent\fP group of
-system calls\&.  If the \f(CWwinbind enum groups\fP parameter is false, calls to
-the \f(CWgetgrent\fP system call will not return any data\&.
-.IP 
-Warning: Turning off group enumeration may cause some programs to behave
-oddly\&.
-.IP 
-\fBDefault:\fP
-\f(CW     winbind enum groups = true\fP
-.IP 
-.IP "template homedir" 
-.IP 
-When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in the home directory for
-that user\&.  If the string \f(CW%D\fP is present it is substituted with the
-user\'s Windows NT domain name\&.  If the string \f(CW%U\fP is present it is
-substituted with the user\'s Windows NT user name\&.
-.IP 
-\fBDefault:\fP
-\f(CW     template homedir = /home/%D/%U\fP
-.IP 
-.IP "template shell" 
-.IP 
-When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&.
-.IP 
-\fBDefault:\fP
-\f(CW     template shell = /bin/false\fP
-.IP 
-.PP 
-.SH "EXAMPLE SETUP" 
-.PP 
-To setup \fBwinbindd\fP for user and group lookups plus authentication from
-a domain controller use something like the following setup\&. This was
-tested on a RedHat 6\&.2 Linux box\&.
-.PP 
-In \f(CW/etc/nsswitch\&.conf\fP put the following:
+Default: \fBwinbind gid = <empty string>
+\fR
+Example: \fBwinbind gid = 10000-20000
+\fR.TP
+\fBwinbind cache time\fR
+This parameter specifies the number of 
+seconds the winbindd daemon will cache user and group information 
+before querying a Windows NT server again. When a item in the 
+cache is older than this time winbindd will ask the domain 
+controller for the sequence number of the servers account database. 
+If the sequence number has not changed then the cached item is 
+marked as valid for a further \fIwinbind cache time
+\fRseconds. Otherwise the item is fetched from the 
+server. This means that as long as the account database is not 
+actively changing winbindd will only have to send one sequence 
+number query packet every \fIwinbind cache time
+\fRseconds. 
 
-.nf 
- 
+Default: \fBwinbind cache time = 15\fR
+.TP
+\fBwinbind enum users\fR
+On large installations it may be necessary 
+to suppress the enumeration of users through the \fB setpwent()\fR, \fBgetpwent()\fR and 
+\fBendpwent()\fR group of system calls. If 
+the \fIwinbind enum users\fR parameter is false, 
+calls to the \fBgetpwent\fR system call will not 
+return any data. 
 
-   passwd:     files winbind
-   group:      files winbind
+\fBWarning:\fR Turning off user enumeration 
+may cause some programs to behave oddly. For example, the finger 
+program relies on having access to the full user list when 
+searching for matching usernames. 
 
-.fi 
- 
+Default: \fBwinbind enum users = yes \fR
+.TP
+\fBwinbind enum groups\fR
+On large installations it may be necessary 
+to suppress the enumeration of groups through the \fB setgrent()\fR, \fBgetgrent()\fR and 
+\fBendgrent()\fR group of system calls. If 
+the \fIwinbind enum groups\fR parameter is 
+false, calls to the \fBgetgrent()\fR system 
+call will not return any data. 
 
-.PP 
-In \f(CW/etc/pam\&.d/*\fP replace the \f(CWauth\fP lines with something like this:
+\fBWarning:\fR Turning off group 
+enumeration may cause some programs to behave oddly. 
 
-.nf 
- 
+Default: \fBwinbind enum groups = no \fR
+.TP
+\fBtemplate homedir\fR
+When filling out the user information 
+for a Windows NT user, the \fBwinbindd\fR daemon 
+uses this parameter to fill in the home directory for that user. 
+If the string \fI%D\fR is present it is 
+substituted with the user's Windows NT domain name. If the 
+string \fI%U\fR is present it is substituted
+with the user's Windows NT user name. 
 
-	auth       required	/lib/security/pam_securetty\&.so
-	auth       required	/lib/security/pam_nologin\&.so
-	auth       sufficient	/lib/security/pam_winbind\&.so
-	auth       required     /lib/security/pam_pwdb\&.so use_first_pass shadow nullok
+Default: \fBtemplate homedir = /home/%D/%U \fR
+.TP
+\fBtemplate shell\fR
+When filling out the user information for 
+a Windows NT user, the \fBwinbindd\fR daemon 
+uses this parameter to fill in the shell for that user. 
 
-.fi 
- 
-
-.PP 
-Note in particular the use of the \f(CWsufficient\fP keyword and the
-\f(CWuse_first_pass\fP keyword\&.
-.PP 
-Now replace the account lines with this:
-
-.nf 
- 
-
-	account    required	/lib/security/pam_winbind\&.so
-
-.fi 
- 
-
-.PP 
-The next step is to join the domain\&. To do that use the samedit
-program like this:
-
-.nf 
- 
-
-	samedit -S \'*\' -W DOMAIN -UAdministrator
-
-.fi 
- 
-
-.PP 
-The username after the -U can be any Domain user that has administrator 
-priviliges on the machine\&. Next from within samedit, run the command:
-
-.nf 
- 
-
-	createuser MACHINE$ -j DOMAIN -L
-
-.fi 
- 
-
-.PP 
-This assumes your domain is called \f(CWDOMAIN\fP and your Samba workstation
-is called \f(CWMACHINE\fP\&.
-.PP 
-Next copy \f(CWlibnss_winbind\&.so\&.2\fP to \f(CW/lib\fP and \f(CWpam_winbind\&.so\fP to
-\f(CW/lib/security\fP\&.
-.PP 
-Finally, setup a smb\&.conf containing directives like the following:
-
-.nf 
- 
-
-  [global]
-        winbind separator = +
+Default: \fBtemplate shell = /bin/false \fR
+.SH "EXAMPLE SETUP"
+.PP
+To setup winbindd for user and group lookups plus 
+authentication from a domain controller use something like the 
+following setup. This was tested on a RedHat 6.2 Linux box. 
+.PP
+In \fI/etc/nsswitch.conf\fR put the 
+following:
+.PP
+.sp
+.nf
+passwd:     files winbind
+group:      files winbind
+	
+.sp
+.fi
+.PP
+In \fI/etc/pam.d/*\fR replace the 
+\fIauth\fR lines with something like this: 
+.PP
+.sp
+.nf
+auth       required	/lib/security/pam_securetty.so
+auth       required	/lib/security/pam_nologin.so
+auth       sufficient	/lib/security/pam_winbind.so
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+	
+.sp
+.fi
+.PP
+Note in particular the use of the \fIsufficient\fR 
+keyword and the \fIuse_first_pass\fR keyword. 
+.PP
+Now replace the account lines with this: 
+.PP
+\fBaccount required /lib/security/pam_winbind.so
+\fR.PP
+The next step is to join the domain. To do that use the 
+\fBsamedit\fR program like this: 
+.PP
+\fBsamedit -S '*' -W DOMAIN -UAdministrator\fR
+.PP
+The username after the \fI-U\fR can be any Domain 
+user that has administrator priviliges on the machine. Next from 
+within \fBsamedit\fR, run the command: 
+.PP
+\fBcreateuser MACHINE$ -j DOMAIN -L\fR
+.PP
+This assumes your domain is called "DOMAIN" and your Samba 
+workstation is called "MACHINE". 
+.PP
+Next copy \fIlibnss_winbind.so.2\fR to 
+\fI/lib\fR and \fIpam_winbind.so\fR
+to \fI/lib/security\fR.
+.PP
+Finally, setup a smb.conf containing directives like the 
+following: 
+.PP
+.sp
+.nf
+[global]
+	winbind separator = +
         winbind cache time = 10
         template shell = /bin/bash
         template homedir = /home/%D/%U
@@ -299,117 +269,107 @@ Finally, setup a smb\&.conf containing directives like the following:
         workgroup = DOMAIN
         security = domain
         password server = *
+	
+.sp
+.fi
+.PP
+Now start winbindd and you should find that your user and 
+group database is expanded to include your NT users and groups, 
+and that you can login to your unix box as a domain user, using 
+the DOMAIN+user syntax for the username. You may wish to use the 
+commands \fBgetent passwd\fR and \fBgetent group
+\fRto confirm the correct operation of winbindd.
+.SH "NOTES"
+.PP
+The following notes are useful when configuring and 
+running \fBwinbindd\fR: 
+.PP
+\fBnmbd\fR must be running on the local machine 
+for \fBwinbindd\fR to work. \fBwinbindd\fR
+queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between 
+servers, it must be sent a SIGHUP signal. 
+.PP
+Client processes resolving names through the \fBwinbindd\fR
+nsswitch module read an environment variable named \fI $WINBINDD_DOMAIN\fR. If this variable contains a comma separated
+list of Windows NT domain names, then winbindd will only resolve users
+and groups within those Windows NT domains. 
+.PP
+PAM is really easy to misconfigure. Make sure you know what 
+you are doing when modifying PAM configuration files. It is possible 
+to set up PAM such that you can no longer log into your system. 
+.PP
+If more than one UNIX machine is running \fBwinbindd\fR, 
+then in general the user and groups ids allocated by winbindd will not 
+be the same. The user and group ids will only be valid for the local 
+machine.
+.PP
+If the the Windows NT RID to UNIX user and group id mapping 
+file is damaged or destroyed then the mappings will be lost. 
+.SH "SIGNALS"
+.PP
+The following signals can be used to manipulate the 
+\fBwinbindd\fR daemon. 
+.TP
+\fBSIGHUP\fR
+Reload the \fIsmb.conf(5)\fR
+file and apply any parameter changes to the running 
+version of winbindd. This signal also clears any cached 
+user and group information. The list of other domains trusted 
+by winbindd is also reloaded. 
+.TP
+\fBSIGUSR1\fR
+The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind 
+log file including information about the number of user and 
+group ids allocated by \fBwinbindd\fR.
 
-.fi 
- 
-
-.PP 
-Now start \fBwinbindd\fP and you should find that your user and group
-database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the \f(CWDOMAIN+user\fP
-syntax for the username\&. You may wish to use the commands "getent
-passwd" and "getent group" to confirm the correct operation of
-\fBwinbindd\fP\&. 
-.PP 
-.SH "NOTES" 
-.PP 
-The following notes are useful when configuring and running \fBwinbindd\fP:
-.PP 
-.IP 
-.IP "" 
-\fBnmbd\fP must be running on the local machine for
-\fBwinbindd\fP to work\&.
-.IP 
-.IP "" 
-\fBwinbindd\fP queries the list of trusted domains for the Windows NT server
-on startup and when a SIGHUP is received\&.  Thus, for a running \fBwinbindd\fP
-to become aware of new trust relationships between servers, it must be sent
-a SIGHUP signal\&.
-.IP 
-.IP "" 
-Client processes resolving names through the \fBwinbindd\fP nsswitch module
-read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&.  If this variable
-contains a comma separated list of Windows NT domain names, then \fBwinbindd\fP
-will only resolve users and groups within those Windows NT domains\&.
-.IP 
-.IP "" 
-PAM is really easy to misconfigure\&.  Make sure you know what you are doing
-when modifying PAM configuration files\&.  It is possible to set up PAM
-such that you can no longer log into your system\&.
-.IP 
-.IP "" 
-If more than one UNIX machine is running \fBwinbindd\fP, then in general the
-user and groups ids allocated by \fBwinbindd\fP will not be the same\&.  The
-user and group ids will only be valid for the local machine\&.  
-.IP 
-.IP "" 
-If the the Windows NT RID to UNIX user and group id mapping file
-is damaged or destroyed then the mappings will be lost\&.
-.IP 
-.PP 
-.SH "SIGNALS" 
-.PP 
-The following signals can be used to manipulate the \fBwinbindd\fP daemon\&.
-.PP 
-.IP 
-.IP "\f(CWSIGHUP\fP" 
-.IP 
-Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
-version of \fBwinbindd\fP\&.  This signal also clears any cached user and group
-information\&.  The list of other domains trusted by \fBwinbindd\fP is also
-reloaded\&. 
-.IP 
-.IP "\f(CWSIGUSR1\fP" 
-.IP 
-The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information
-to the winbind log file including information about the number of user and
-group ids allocated by \fBwinbindd\fP\&.
-.IP 
-Log files are stored in the filename specified by the \fBlog file\fP parameter\&.
-.IP 
-.PP 
-.SH "FILES" 
-.PP 
-The following files are relevant to the operation of the \fBwinbindd\fP
-daemon\&.
-.PP 
-.IP 
-.IP "/etc/nsswitch\&.conf(5)" 
-.IP 
-Name service switch configuration file\&.
-.IP 
-.IP "/tmp/\&.winbindd/pipe" 
-.IP 
-The UNIX pipe over which clients communicate with the \fBwinbindd\fP program\&.
-For security reasons, the winbind client will only attempt to connect to the
-\fBwinbindd\fP daemon if both the \f(CW/tmp/\&.winbindd\fP directory and
-\f(CW/tmp/\&.winbindd/pipe\fP file are owned by root\&.
-.IP 
-.IP "/lib/libnss_winbind\&.so\&.X" 
-.IP 
-Implementation of name service switch library\&. 
-.IP 
-.IP "$LOCKDIR/winbindd_idmap\&.tdb" 
-.IP 
-Storage for the Windows NT rid to UNIX user/group id mapping\&.  The lock
-directory is specified when Samba is initially compiled using the
-\f(CW--with-lockdir\fP option\&.  This directory is by default
-\f(CW/usr/local/samba/var/locks\fP\&.
-.IP 
-.IP "$LOCKDIR/winbindd_cache\&.tdb" 
-.IP 
-Storage for cached user and group information\&.
-.IP 
-.PP 
-.SH "SEE ALSO" 
-.PP 
-\fBsamba(7)\fP, \fBsmb\&.conf(5)\fP, 
-\fBnsswitch\&.conf(5)\fP, \fBwbinfo(1)\fP
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
-Source project\&.
-.PP 
-\fBwinbindd\fP was written by Tim Potter\&.
+Log files are stored in the filename specified by the 
+log file parameter.
+.SH "FILES"
+.TP
+\fB\fI/etc/nsswitch.conf(5)\fB\fR
+Name service switch configuration file.
+.TP
+\fB/tmp/.winbindd/pipe\fR
+The UNIX pipe over which clients communicate with 
+the \fBwinbindd\fR program. For security reasons, the 
+winbind client will only attempt to connect to the winbindd daemon 
+if both the \fI/tmp/.winbindd\fR directory
+and \fI/tmp/.winbindd/pipe\fR file are owned by 
+root. 
+.TP
+\fB/lib/libnss_winbind.so.X\fR
+Implementation of name service switch library.
+.TP
+\fB$LOCKDIR/winbindd_idmap.tdb\fR
+Storage for the Windows NT rid to UNIX user/group 
+id mapping. The lock directory is specified when Samba is initially 
+compiled using the \fI--with-lockdir\fR option. 
+This directory is by default \fI/usr/local/samba/var/locks
+\fR\&. 
+.TP
+\fB$LOCKDIR/winbindd_cache.tdb\fR
+Storage for cached user and group information.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite. winbindd is however not available in
+stable release of Samba as of yet.
+.SH "SEE ALSO"
+.PP
+\fInsswitch.conf(5)\fR,
+samba(7) <URL:samba.7.html>,
+wbinfo(1) <URL:wbinfo.1.html>,
+smb.conf(5) <URL:smb.conf.5.html>
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+\fBwbinfo\fR and \fBwinbindd\fR
+were written by Tim Potter.
+.PP
+The conversion to DocBook for Samba 2.2 was done 
+by Gerald Carter
author	Gerald Carter <jerry@samba.org>	2001-02-23 02:34:22 +0000
committer	Gerald Carter <jerry@samba.org>	2001-02-23 02:34:22 +0000
commit	9a43d69ac4000d6b7b5a07089f22af4451ea4b31 (patch)
tree	9dd715e19f12ceed27386156e764335705b605d6 /docs
parent	837191626111e84c0fb27b5052d21ab29b6e41a6 (diff)
download	samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.tar.gz samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.tar.bz2 samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.zip