being a responsible developer for a change. Make sure to

update the docs wrt to the recent code changes.

Can someone regenerate these in the SAMBA_3_0 tree please?
Thanks.
(This used to be commit ba448e6eb866d70daf5fe629c0f1c8c5afb1d312)

4 files changed, 42 insertions, 35 deletions

diff --git a/docs/docbook/smbdotconf/base/adsserver.xml b/docs/docbook/smbdotconf/base/adsserver.xml
deleted file mode 100644
index 4dd2a4b635..0000000000
--- a/docs/docbook/smbdotconf/base/adsserver.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<samba:parameter name="ads server"
-                 context="G"
-                 basic="1" advanced="1" wizard="1" developer="1"
-                 xmlns:samba="http://samba.org/common">
-<listitem>
-        <para>If this option is specified, samba does not try to figure out what
-        ads server to use itself, but uses the specified ads server. Either one
-        DNS name or IP address can be used.</para>
-        
-        <para>Default: <command moreinfo="none">ads server = </command></para>
-        
-        <para>Example: <command moreinfo="none">ads server = 192.168.1.2</command></para>
-</listitem>
-
-</samba:parameter>
diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml
index c029dcd181..777fc2268e 100644
--- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml
+++ b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml
@@ -5,7 +5,8 @@
 <listitem>
     <para>This option is used by the programs in the Samba 
     suite to determine what naming services to use and in what order 
-    to resolve host names to IP addresses. The option takes a space 
+    to resolve host names to IP addresses. Its main purpose to is to
+    control how netbios name resolution is performed.  The option takes a space 
     separated string of name resolution options.</para>
 
     <para>The options are: &quot;lmhosts&quot;, &quot;host&quot;,
@@ -16,7 +17,8 @@
 	<listitem>
 	    <para><constant>lmhosts</constant> : Lookup an IP 
 	    address in the Samba lmhosts file. If the line in lmhosts has 
-	    no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
+	    no name type attached to the NetBIOS name (see the <ulink 
+            url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
 	    any name type matches for lookup.</para>
 	</listitem>
 
@@ -26,9 +28,10 @@
 	    </filename>, NIS, or DNS lookups. This method of name resolution 
 	    is operating system depended for instance on IRIX or Solaris this 
 	    may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename> 
-	    file.  Note that this method is only used if the NetBIOS name 
-	    type being queried is the 0x20 (server) name type, otherwise 
-	    it is ignored.</para>
+	    file.  Note that this method is used only if the NetBIOS name 
+	    type being queried is the 0x20 (server) name type or 0x1c (domain controllers). 
+            The latter case is only useful for active directory domains and results in a DNS
+            query for the SRV RR entry matching _ldap._tcp.domain.</para>
 	</listitem>
 
 	<listitem>
@@ -59,6 +62,9 @@
     it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para>
 
     <para><command moreinfo="none">name resolve order = wins bcast</command></para>
+
+    <para>DC lookups will still be done via DNS, but fallbacks to netbios names will
+    not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</para>
     
 </listitem>
 </samba:parameter>
diff --git a/docs/docbook/smbdotconf/security/authmethods.xml b/docs/docbook/smbdotconf/security/authmethods.xml
index 0b7965d55b..7c0f5a71e1 100644
--- a/docs/docbook/smbdotconf/security/authmethods.xml
+++ b/docs/docbook/smbdotconf/security/authmethods.xml
@@ -6,14 +6,24 @@
     <para>This option allows the administrator to chose what
     authentication methods <command moreinfo="none">smbd</command> will use when authenticating
     a user.  This option defaults to sensible values based on <link linkend="SECURITY">
-    <parameter moreinfo="none">security</parameter></link>.</para>
+    <parameter moreinfo="none">security</parameter></link>.  This should be considered
+    a developer option and used only in rare circumstances.  In the majority (if not all)
+    of production servers, the default setting should be adequate.</para>
 
     <para>Each entry in the list attempts to authenticate the user in turn, until
     the user authenticates.  In practice only one method will ever actually 
     be able to complete the authentication.
     </para>
 
+    <para>Possible options include <constant>guest</constant> (anonymous access), 
+    <constant>sam</constant> (lookups in local list of accounts based on netbios 
+    name or domain name), <constant>winbind</constant> (relay authentication requests
+    for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd 
+    method of authentication for remote domain users; deprecated in favour of winbind method), 
+    <constant>trustdomain</constant> (authenticate trusted users by contacting the 
+    remote DC directly from smbd; deprecated in favour of winbind method).</para>
+
     <para>Default: <command moreinfo="none">auth methods = &lt;empty string&gt;</command></para>
-    <para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para>
+    <para>Example: <command moreinfo="none">auth methods = guest sam winbind</command></para>
 </listitem>
 </samba:parameter>
diff --git a/docs/docbook/smbdotconf/security/passwordserver.xml b/docs/docbook/smbdotconf/security/passwordserver.xml
index e40ff32b75..f854027041 100644
--- a/docs/docbook/smbdotconf/security/passwordserver.xml
+++ b/docs/docbook/smbdotconf/security/passwordserver.xml
@@ -3,18 +3,22 @@
                  advanced="1" wizard="1" developer="1"
 		 xmlns:samba="http://samba.org/common">
 <listitem>
-    <para>By specifying the name of another SMB server (such 
-    as a WinNT box) with this option, and using <command moreinfo="none">security = domain
-    </command> or <command moreinfo="none">security = server</command> you can get Samba 
-    to do all its username/password validation via a remote server.</para>
+    <para>By specifying the name of another SMB server 
+    or Active Directory domain controller with this option, 
+    and using <command moreinfo="none">security = [ads|domain|server]</command> 
+    it is possible to get Samba to 
+    to do all its username/password validation using a specific remote server.</para>
 
-    <para>This option sets the name of the password server to use. 
-    It must be a NetBIOS name, so if the machine's NetBIOS name is 
-    different from its Internet name then you may have to add its NetBIOS 
-    name to the lmhosts  file which is stored in the same directory 
-    as the <filename moreinfo="none">smb.conf</filename> file.</para>
+    <para>This option sets the name or IP address of the password server to use. 
+    New syntax has been added to support defining the port to use when connecting 
+    to the server the case of an ADS realm.  To define a port other than the
+    default LDAP port of 389, add the port number using a colon after the 
+    name or IP address (e.g. 192.168.1.100:389).  If you do not specify a port,
+    Samba will use the standard LDAP port of tcp/389.  Note that port numbers
+    have no effect on password servers for Windows NT 4.0 domains or netbios 
+    connections.</para>
 
-    <para>The name of the password server is looked up using the 
+    <para>If parameter is a name, it is looked up using the 
     parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name 
     resolve order</parameter></link> and so may resolved
     by any method and order described in that parameter.</para>
@@ -38,14 +42,14 @@
     trust your clients, and you had better restrict them with hosts allow!</para>
 
     <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
-    <constant>domain</constant>, then the list of machines in this 
+    <constant>domain</constant> or <constant>ads</constant>, then the list of machines in this 
     option must be a list of Primary or Backup Domain controllers for the
     Domain or the character '*', as the Samba server is effectively
     in that domain, and will use cryptographically authenticated RPC calls
     to authenticate the user logging on. The advantage of using <command moreinfo="none">
     security = domain</command> is that if you list several hosts in the 
     <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
-    </command> will try each in turn till it finds one that responds. This 
+    </command> will try each in turn till it finds one that responds.  This
     is useful in case your primary server goes down.</para>
 
     <para>If the <parameter moreinfo="none">password server</parameter> option is set 
@@ -55,7 +59,7 @@
     and then contacting each server returned in the list of IP 
     addresses from the name resolution source. </para>
 
-    <para>If the list of servers contains both names and the '*'
+    <para>If the list of servers contains both names/IP's and the '*'
     character, the list is treated as a list of preferred 
     domain controllers, but an auto lookup of all remaining DC's
     will be added to the list as well.  Samba will not attempt to optimize 
@@ -93,6 +97,8 @@
     
     <para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, *</command></para>
     
+    <para>Example: <command moreinfo="none">password server = windc.mydomain.com:389 192.168.1.101 *</command></para>
+
     <para>Example: <command moreinfo="none">password server = *</command></para>
 </listitem>
 </samba:parameter>