summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/manpages-3/winbindd.8.xml25
-rw-r--r--docs/smbdotconf/base/bindinterfacesonly.xml99
-rw-r--r--docs/smbdotconf/filename/manglingchar.xml2
-rw-r--r--docs/smbdotconf/locking/fakeoplocks.xml3
-rw-r--r--docs/smbdotconf/locking/kerneloplocks.xml3
-rw-r--r--docs/smbdotconf/locking/level2oplocks.xml10
-rw-r--r--docs/smbdotconf/locking/lockspintime.xml3
-rw-r--r--docs/smbdotconf/locking/oplocks.xml3
-rw-r--r--docs/smbdotconf/logging/debughirestimestamp.xml4
-rw-r--r--docs/smbdotconf/logging/debugpid.xml3
-rw-r--r--docs/smbdotconf/logging/debugtimestamp.xml3
-rw-r--r--docs/smbdotconf/logging/debuguid.xml3
-rw-r--r--docs/smbdotconf/logon/abortshutdownscript.xml3
-rw-r--r--docs/smbdotconf/logon/adduserscript.xml9
-rw-r--r--docs/smbdotconf/logon/domainlogons.xml3
-rw-r--r--docs/smbdotconf/logon/logondrive.xml3
-rw-r--r--docs/smbdotconf/logon/logonhome.xml3
-rw-r--r--docs/smbdotconf/logon/logonpath.xml3
-rw-r--r--docs/smbdotconf/logon/logonscript.xml17
-rw-r--r--docs/smbdotconf/misc/addsharecommand.xml3
-rw-r--r--docs/smbdotconf/misc/defaultservice.xml14
-rw-r--r--docs/smbdotconf/misc/deletesharecommand.xml3
-rw-r--r--docs/smbdotconf/misc/homedirmap.xml4
-rw-r--r--docs/smbdotconf/misc/lockdirectory.xml4
-rw-r--r--docs/smbdotconf/misc/magicoutput.xml7
-rw-r--r--docs/smbdotconf/misc/magicscript.xml4
-rw-r--r--docs/smbdotconf/misc/nishomedir.xml4
-rw-r--r--docs/smbdotconf/misc/preexec.xml11
-rw-r--r--docs/smbdotconf/misc/preexecclose.xml3
-rw-r--r--docs/smbdotconf/misc/preload.xml8
-rw-r--r--docs/smbdotconf/misc/remoteannounce.xml5
-rw-r--r--docs/smbdotconf/printing/cupsoptions.xml4
-rw-r--r--docs/smbdotconf/printing/cupsserver.xml4
-rw-r--r--docs/smbdotconf/printing/defaultdevmode.xml2
-rw-r--r--docs/smbdotconf/printing/deleteprintercommand.xml12
-rw-r--r--docs/smbdotconf/printing/loadprinters.xml2
-rw-r--r--docs/smbdotconf/printing/lpresumecommand.xml6
-rw-r--r--docs/smbdotconf/printing/os2drivermap.xml2
-rw-r--r--docs/smbdotconf/printing/printable.xml3
-rw-r--r--docs/smbdotconf/printing/printcapname.xml2
-rw-r--r--docs/smbdotconf/printing/printcommand.xml9
-rw-r--r--docs/smbdotconf/printing/printername.xml20
-rw-r--r--docs/smbdotconf/printing/queueresumecommand.xml3
-rw-r--r--docs/smbdotconf/protocol/maxwinsttl.xml4
-rw-r--r--docs/smbdotconf/protocol/minprotocol.xml5
-rw-r--r--docs/smbdotconf/protocol/minwinsttl.xml3
-rw-r--r--docs/smbdotconf/protocol/nameresolveorder.xml10
-rw-r--r--docs/smbdotconf/security/adminusers.xml3
-rw-r--r--docs/smbdotconf/security/allowtrusteddomains.xml4
-rw-r--r--docs/smbdotconf/security/authmethods.xml12
-rw-r--r--docs/smbdotconf/security/createmask.xml9
-rw-r--r--docs/smbdotconf/security/directorymask.xml6
-rw-r--r--docs/smbdotconf/security/encryptpasswords.xml2
-rw-r--r--docs/smbdotconf/security/forcegroup.xml4
-rw-r--r--docs/smbdotconf/security/guestaccount.xml3
-rw-r--r--docs/smbdotconf/security/guestok.xml10
-rw-r--r--docs/smbdotconf/security/guestonly.xml6
-rw-r--r--docs/smbdotconf/security/hostsallow.xml3
-rw-r--r--docs/smbdotconf/security/hostsequiv.xml3
-rw-r--r--docs/smbdotconf/security/inheritpermissions.xml24
-rw-r--r--docs/smbdotconf/security/maptoguest.xml9
-rw-r--r--docs/smbdotconf/security/obeypamrestrictions.xml4
-rw-r--r--docs/smbdotconf/security/onlyuser.xml3
-rw-r--r--docs/smbdotconf/security/pampasswordchange.xml5
-rw-r--r--docs/smbdotconf/security/passdbbackend.xml5
-rw-r--r--docs/smbdotconf/security/passwdchat.xml17
-rw-r--r--docs/smbdotconf/security/passwdchatdebug.xml4
-rw-r--r--docs/smbdotconf/security/passwordlevel.xml3
-rw-r--r--docs/smbdotconf/security/passwordserver.xml3
-rw-r--r--docs/smbdotconf/security/readlist.xml16
-rw-r--r--docs/smbdotconf/security/readonly.xml3
-rw-r--r--docs/smbdotconf/security/restrictanonymous.xml3
-rw-r--r--docs/smbdotconf/security/rootdirectory.xml5
-rw-r--r--docs/smbdotconf/security/security.xml85
-rw-r--r--docs/smbdotconf/security/serverschannel.xml24
-rw-r--r--docs/smbdotconf/security/updateencrypted.xml42
-rw-r--r--docs/smbdotconf/security/username.xml9
-rw-r--r--docs/smbdotconf/security/usernamemap.xml3
-rw-r--r--docs/smbdotconf/security/writeable.xml3
-rw-r--r--docs/smbdotconf/tuning/getwdcache.xml3
-rw-r--r--docs/smbdotconf/tuning/keepalive.xml3
-rw-r--r--docs/smbdotconf/tuning/maxconnections.xml3
-rw-r--r--docs/smbdotconf/vfs/hostmsdfs.xml3
-rw-r--r--docs/smbdotconf/vfs/msdfsproxy.xml3
-rw-r--r--docs/smbdotconf/vfs/msdfsroot.xml2
85 files changed, 321 insertions, 394 deletions
diff --git a/docs/manpages-3/winbindd.8.xml b/docs/manpages-3/winbindd.8.xml
index 1ad8a6ff1e..4d02ed6a35 100644
--- a/docs/manpages-3/winbindd.8.xml
+++ b/docs/manpages-3/winbindd.8.xml
@@ -255,25 +255,30 @@ hosts: files wins
<refsect1>
<title>EXAMPLE SETUP</title>
- <para>To setup winbindd for user and group lookups plus
+ <para>
+ To setup winbindd for user and group lookups plus
authentication from a domain controller use something like the
- following setup. This was tested on a RedHat 6.2 Linux box. </para>
+ following setup. This was tested on an early Red Hat Linux box.
+ </para>
<para>In <filename>/etc/nsswitch.conf</filename> put the
following:
<programlisting>
-passwd: files winbind
-group: files winbind
-</programlisting></para>
+passwd: files winbind
+group: files winbind
+</programlisting>
+ </para>
<para>In <filename>/etc/pam.d/*</filename> replace the <parameter>
auth</parameter> lines with something like this:
<programlisting>
-auth required /lib/security/pam_securetty.so
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_winbind.so
-auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
-</programlisting></para>
+auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_nologin.so
+auth sufficient /lib/security/pam_winbind.so
+auth required /lib/security/pam_pwdb.so \
+ use_first_pass shadow nullok
+</programlisting>
+ </para>
<para>Note in particular the use of the <parameter>sufficient
diff --git a/docs/smbdotconf/base/bindinterfacesonly.xml b/docs/smbdotconf/base/bindinterfacesonly.xml
index 0fd302ceaa..ae72efd73d 100644
--- a/docs/smbdotconf/base/bindinterfacesonly.xml
+++ b/docs/smbdotconf/base/bindinterfacesonly.xml
@@ -10,60 +10,59 @@
<manvolnum>8</manvolnum></citerefentry> and name service <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> in a slightly different ways.</para>
- <para>For name service it causes <command moreinfo="none">nmbd</command> to bind
- to ports 137 and 138 on the interfaces listed in
- the <link linkend="INTERFACES">interfaces</link> parameter. <command moreinfo="none">nmbd</command> also
- binds to the &quot;all addresses&quot; interface (0.0.0.0)
- on ports 137 and 138 for the purposes of reading broadcast messages.
- If this option is not set then <command moreinfo="none">nmbd</command> will service
- name requests on all of these sockets. If <smbconfoption name="bind interfaces only"/> is set then <command moreinfo="none">nmbd</command> will check the
- source address of any packets coming in on the broadcast sockets
- and discard any that don't match the broadcast addresses of the
- interfaces in the <smbconfoption name="interfaces"/> parameter list.
- As unicast packets are received on the other sockets it allows
- <command moreinfo="none">nmbd</command> to refuse to serve names to machines that
- send packets that arrive through any interfaces not listed in the
- <smbconfoption name="interfaces"/> list. IP Source address spoofing
- does defeat this simple check, however, so it must not be used
- seriously as a security feature for <command moreinfo="none">nmbd</command>.</para>
+ <para>
+ For name service it causes <command moreinfo="none">nmbd</command> to bind to ports 137 and 138 on the
+ interfaces listed in the <smbconfoption name="interfaces"/> parameter. <command moreinfo="none">nmbd</command>
+ also binds to the &quot;all addresses&quot; interface (0.0.0.0) on ports 137 and 138 for the purposes of
+ reading broadcast messages. If this option is not set then <command moreinfo="none">nmbd</command> will
+ service name requests on all of these sockets. If <smbconfoption name="bind interfaces only"/> is set then
+ <command moreinfo="none">nmbd</command> will check the source address of any packets coming in on the
+ broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the
+ <smbconfoption name="interfaces"/> parameter list. As unicast packets are received on the other sockets it
+ allows <command moreinfo="none">nmbd</command> to refuse to serve names to machines that send packets that
+ arrive through any interfaces not listed in the <smbconfoption name="interfaces"/> list. IP Source address
+ spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for
+ <command moreinfo="none">nmbd</command>.
+ </para>
- <para>For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list
- given in the <link linkend="INTERFACES">interfaces</link> parameter. This
- restricts the networks that <command moreinfo="none">smbd</command> will serve
- to packets coming in those interfaces. Note that you should not use this parameter
- for machines that are serving PPP or other intermittent or non-broadcast network
- interfaces as it will not cope with non-permanent interfaces.</para>
+ <para>
+ For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list given in the <smbconfoption
+ name="interfaces"/> parameter. This restricts the networks that <command moreinfo="none">smbd</command> will
+ serve to packets coming in those interfaces. Note that you should not use this parameter for machines that
+ are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with
+ non-permanent interfaces.
+ </para>
-<para>If <smbconfoption name="bind interfaces only"/> is set then
- unless the network address <emphasis>127.0.0.1</emphasis> is added
- to the <smbconfoption name="interfaces"/> parameter
- list <citerefentry><refentrytitle>smbpasswd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>swat</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> may not work as expected due
- to the reasons covered below.</para>
+ <para>
+ If <smbconfoption name="bind interfaces only"/> is set then unless the network address
+ <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list
+ <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> and
+ <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> may not work as
+ expected due to the reasons covered below.
+ </para>
- <para>To change a users SMB password, the <command moreinfo="none">smbpasswd</command>
- by default connects to the <emphasis>localhost - 127.0.0.1</emphasis>
- address as an SMB client to issue the password change request. If
- <smbconfoption name="bind interfaces only"/> is set then unless the
- network address <emphasis>127.0.0.1</emphasis> is added to the
- <smbconfoption name="interfaces"/> parameter list then <command moreinfo="none">
- smbpasswd</command> will fail to connect in it's default mode.
- <command moreinfo="none">smbpasswd</command> can be forced to use the primary IP interface
- of the local host by using its <citerefentry><refentrytitle>smbpasswd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> <parameter moreinfo="none">-r <replaceable>remote machine</replaceable></parameter>
- parameter, with <replaceable>remote machine</replaceable> set
- to the IP name of the primary interface of the local host.</para>
+ <para>
+ To change a users SMB password, the <command moreinfo="none">smbpasswd</command> by default connects to the
+ <emphasis>localhost - 127.0.0.1</emphasis> address as an SMB client to issue the password change request. If
+ <smbconfoption name="bind interfaces only"/> is set then unless the network address
+ <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list then <command
+ moreinfo="none"> smbpasswd</command> will fail to connect in it's default mode. <command
+ moreinfo="none">smbpasswd</command> can be forced to use the primary IP interface of the local host by using
+ its <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> <parameter
+ moreinfo="none">-r <replaceable>remote machine</replaceable></parameter> parameter, with <replaceable>remote
+ machine</replaceable> set to the IP name of the primary interface of the local host.
+ </para>
- <para>The <command moreinfo="none">swat</command> status page tries to connect with
- <command moreinfo="none">smbd</command> and <command moreinfo="none">nmbd</command> at the address
- <emphasis>127.0.0.1</emphasis> to determine if they are running.
- Not adding <emphasis>127.0.0.1</emphasis> will cause <command moreinfo="none">
- smbd</command> and <command moreinfo="none">nmbd</command> to always show
- &quot;not running&quot; even if they really are. This can prevent <command moreinfo="none">
- swat</command> from starting/stopping/restarting <command moreinfo="none">smbd</command>
- and <command moreinfo="none">nmbd</command>.</para>
+ <para>
+ The <command moreinfo="none">swat</command> status page tries to connect with <command
+ moreinfo="none">smbd</command> and <command moreinfo="none">nmbd</command> at the address
+ <emphasis>127.0.0.1</emphasis> to determine if they are running. Not adding <emphasis>127.0.0.1</emphasis>
+ will cause <command moreinfo="none"> smbd</command> and <command moreinfo="none">nmbd</command> to always show
+ &quot;not running&quot; even if they really are. This can prevent <command moreinfo="none"> swat</command>
+ from starting/stopping/restarting <command moreinfo="none">smbd</command> and <command
+ moreinfo="none">nmbd</command>.
+ </para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/filename/manglingchar.xml b/docs/smbdotconf/filename/manglingchar.xml
index 39e7546ef0..95b47794d1 100644
--- a/docs/smbdotconf/filename/manglingchar.xml
+++ b/docs/smbdotconf/filename/manglingchar.xml
@@ -4,7 +4,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This controls what character is used as
- the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The
+ the <emphasis>magic</emphasis> character in <smbconfoption name="name mangling"/>. The
default is a '~' but this may interfere with some software. Use this option to set
it to whatever you prefer. This is effective only when mangling method is hash.</para>
</description>
diff --git a/docs/smbdotconf/locking/fakeoplocks.xml b/docs/smbdotconf/locking/fakeoplocks.xml
index 069cdaa95e..fa004d7497 100644
--- a/docs/smbdotconf/locking/fakeoplocks.xml
+++ b/docs/smbdotconf/locking/fakeoplocks.xml
@@ -15,8 +15,7 @@
<refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> will
always grant oplock requests no matter how many clients are using the file.</para>
- <para>It is generally much better to use the real <link linkend="OPLOCKS">
- <parameter moreinfo="none">oplocks</parameter></link> support rather
+ <para>It is generally much better to use the real <smbconfoption name="oplocks"/> support rather
than this parameter.</para>
<para>If you enable this option on all read-only shares or
diff --git a/docs/smbdotconf/locking/kerneloplocks.xml b/docs/smbdotconf/locking/kerneloplocks.xml
index a89f6b4d80..c4f12b9bd4 100644
--- a/docs/smbdotconf/locking/kerneloplocks.xml
+++ b/docs/smbdotconf/locking/kerneloplocks.xml
@@ -3,8 +3,7 @@
context="G"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>For UNIXes that support kernel based <link linkend="OPLOCKS">
- <parameter moreinfo="none">oplocks</parameter></link>
+ <para>For UNIXes that support kernel based <smbconfoption name="oplocks"/>
(currently only IRIX and the Linux 2.4 kernel), this parameter
allows the use of them to be turned on or off.</para>
diff --git a/docs/smbdotconf/locking/level2oplocks.xml b/docs/smbdotconf/locking/level2oplocks.xml
index 96a855c45a..496701b188 100644
--- a/docs/smbdotconf/locking/level2oplocks.xml
+++ b/docs/smbdotconf/locking/level2oplocks.xml
@@ -26,11 +26,11 @@
<para>For more discussions on level2 oplocks see the CIFS spec.</para>
- <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel
- oplocks</parameter></link> are supported then level2 oplocks are
- not granted (even if this parameter is set to <constant>yes</constant>).
- Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
- </link> parameter must be set to <constant>yes</constant> on this share in order for
+ <para>
+ Currently, if <smbconfoption name="kernel oplocks"/> are supported then
+ level2 oplocks are not granted (even if this parameter is set to
+ <constant>yes</constant>). Note also, the <smbconfoption name="oplocks"/>
+ parameter must be set to <constant>yes</constant> on this share in order for
this parameter to have any effect.</para>
</description>
diff --git a/docs/smbdotconf/locking/lockspintime.xml b/docs/smbdotconf/locking/lockspintime.xml
index 172e854894..c2e5501f07 100644
--- a/docs/smbdotconf/locking/lockspintime.xml
+++ b/docs/smbdotconf/locking/lockspintime.xml
@@ -5,8 +5,7 @@
<description>
<para>The time in microseconds that smbd should
pause before attempting to gain a failed lock. See
- <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin
- count</parameter></link> for more details.</para>
+ <smbconfoption name="lock spin count"/> for more details.</para>
</description>
<value type="default">10</value>
</samba:parameter>
diff --git a/docs/smbdotconf/locking/oplocks.xml b/docs/smbdotconf/locking/oplocks.xml
index d7f453c561..3ce70a7883 100644
--- a/docs/smbdotconf/locking/oplocks.xml
+++ b/docs/smbdotconf/locking/oplocks.xml
@@ -14,8 +14,7 @@
directory.</para>
<para>Oplocks may be selectively turned off on certain files with a
- share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none">
- veto oplock files</parameter></link> parameter. On some systems
+ share. See the <smbconfoption name="veto oplock files"/> parameter. On some systems
oplocks are recognized by the underlying operating system. This
allows data synchronization between all access to oplocked files,
whether it be via Samba or NFS or a local UNIX process. See the
diff --git a/docs/smbdotconf/logging/debughirestimestamp.xml b/docs/smbdotconf/logging/debughirestimestamp.xml
index 7da4573df5..eef5af73f0 100644
--- a/docs/smbdotconf/logging/debughirestimestamp.xml
+++ b/docs/smbdotconf/logging/debughirestimestamp.xml
@@ -9,8 +9,8 @@
boolean parameter adds microsecond resolution to the timestamp
message header when turned on.</para>
- <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none">
- debug timestamp</parameter></link> must be on for this to have an
+ <para>
+ Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an
effect.</para>
</description>
diff --git a/docs/smbdotconf/logging/debugpid.xml b/docs/smbdotconf/logging/debugpid.xml
index 1d6bc95704..0d84eb5263 100644
--- a/docs/smbdotconf/logging/debugpid.xml
+++ b/docs/smbdotconf/logging/debugpid.xml
@@ -11,8 +11,7 @@
is adds the process-id to the timestamp message headers in the
logfile when turned on.</para>
- <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none">
- debug timestamp</parameter></link> must be on for this to have an
+ <para>Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an
effect.</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/logging/debugtimestamp.xml b/docs/smbdotconf/logging/debugtimestamp.xml
index 2215baeb01..ac1ce7b09e 100644
--- a/docs/smbdotconf/logging/debugtimestamp.xml
+++ b/docs/smbdotconf/logging/debugtimestamp.xml
@@ -6,8 +6,7 @@
<synonym>timestamp logs</synonym>
<description>
<para>Samba debug log messages are timestamped
- by default. If you are running at a high <link linkend="DEBUGLEVEL">
- <parameter moreinfo="none">debug level</parameter></link> these timestamps
+ by default. If you are running at a high <smbconfoption name="debug level"/> these timestamps
can be distracting. This boolean parameter allows timestamping
to be turned off.</para>
</description>
diff --git a/docs/smbdotconf/logging/debuguid.xml b/docs/smbdotconf/logging/debuguid.xml
index af84501e80..616128a581 100644
--- a/docs/smbdotconf/logging/debuguid.xml
+++ b/docs/smbdotconf/logging/debuguid.xml
@@ -9,8 +9,7 @@
current euid, egid, uid and gid to the timestamp message headers
in the log file if turned on.</para>
- <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none">
- debug timestamp</parameter></link> must be on for this to have an
+ <para>Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an
effect.</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/logon/abortshutdownscript.xml b/docs/smbdotconf/logon/abortshutdownscript.xml
index b9084897ff..f1ac6183dc 100644
--- a/docs/smbdotconf/logon/abortshutdownscript.xml
+++ b/docs/smbdotconf/logon/abortshutdownscript.xml
@@ -6,8 +6,7 @@
<description>
<para>This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> that
- should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT">
- <parameter moreinfo="none">shutdown script</parameter></link>.</para>
+ should stop a shutdown procedure issued by the <smbconfoption name="shutdown script"/>.</para>
<para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>,
right, this command will be run as user.</para>
diff --git a/docs/smbdotconf/logon/adduserscript.xml b/docs/smbdotconf/logon/adduserscript.xml
index 568c054a1a..1dd71b3867 100644
--- a/docs/smbdotconf/logon/adduserscript.xml
+++ b/docs/smbdotconf/logon/adduserscript.xml
@@ -38,11 +38,10 @@
already existed. In this way, UNIX users are dynamically created to
match existing Windows NT accounts.</para>
- <para>See also <link linkend="SECURITY"><parameter moreinfo="none">
- security</parameter></link>, <link linkend="PASSWORDSERVER">
- <parameter moreinfo="none">password server</parameter></link>,
- <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user
- script</parameter></link>.</para>
+ <para>
+ See also <smbconfoption name="security"/>, <smbconfoption name="password server"/>,
+ <smbconfoption name="delete user script"/>.
+ </para>
</description>
<value type="default"/>
diff --git a/docs/smbdotconf/logon/domainlogons.xml b/docs/smbdotconf/logon/domainlogons.xml
index 7c432221d0..d274faa18b 100644
--- a/docs/smbdotconf/logon/domainlogons.xml
+++ b/docs/smbdotconf/logon/domainlogons.xml
@@ -7,8 +7,7 @@
<para>
If set to <constant>yes</constant>, the Samba server will
provide the netlogon service for Windows 9X network logons for the
- <link linkend="WORKGROUP">
- <parameter moreinfo="none">workgroup</parameter></link> it is in.
+ <smbconfoption name="workgroup"/> it is in.
This will also cause the Samba server to act as a domain
controller for NT4 style domain services. For more details on
setting up this feature see the Domain Control chapter of the
diff --git a/docs/smbdotconf/logon/logondrive.xml b/docs/smbdotconf/logon/logondrive.xml
index a37c2e760b..2b8f016ece 100644
--- a/docs/smbdotconf/logon/logondrive.xml
+++ b/docs/smbdotconf/logon/logondrive.xml
@@ -5,8 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter specifies the local path to
- which the home directory will be connected (see <link linkend="LOGONHOME">
- <parameter moreinfo="none">logon home</parameter></link>)
+ which the home directory will be connected (see <smbconfoption name="logon home"/>)
and is only used by NT Workstations. </para>
<para>Note that this option is only useful if Samba is set up as a
diff --git a/docs/smbdotconf/logon/logonhome.xml b/docs/smbdotconf/logon/logonhome.xml
index 8d07550c30..5939902625 100644
--- a/docs/smbdotconf/logon/logonhome.xml
+++ b/docs/smbdotconf/logon/logonhome.xml
@@ -29,8 +29,7 @@
\\server\share when a user does <command moreinfo="none">net use /home</command>
but use the whole string when dealing with profiles.</para>
- <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH">
- <parameter moreinfo="none">logon path</parameter></link> was returned rather than
+ <para>Note that in prior versions of Samba, the <smbconfoption name="logon path"/> was returned rather than
<parameter moreinfo="none">logon home</parameter>. This broke <command
moreinfo="none">net use /home</command> but allowed profiles outside the home directory.
The current implementation is correct, and can be used for profiles if you use
diff --git a/docs/smbdotconf/logon/logonpath.xml b/docs/smbdotconf/logon/logonpath.xml
index ab87c77bb9..eb2e9de056 100644
--- a/docs/smbdotconf/logon/logonpath.xml
+++ b/docs/smbdotconf/logon/logonpath.xml
@@ -8,8 +8,7 @@
where roaming profiles (NTuser.dat etc files for Windows NT) are
stored. Contrary to previous versions of these manual pages, it has
nothing to do with Win 9X roaming profiles. To find out how to
- handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME">
- <parameter moreinfo="none">logon home</parameter></link> parameter.</para>
+ handle roaming profiles for Win 9X system, see the <smbconfoption name="logon home"/> parameter.</para>
<para>This option takes the standard substitutions, allowing you
to have separate logon scripts for each user or machine. It also
diff --git a/docs/smbdotconf/logon/logonscript.xml b/docs/smbdotconf/logon/logonscript.xml
index eb7bda66ee..847896e1ce 100644
--- a/docs/smbdotconf/logon/logonscript.xml
+++ b/docs/smbdotconf/logon/logonscript.xml
@@ -11,13 +11,13 @@
file is recommended.</para>
<para>The script must be a relative path to the [netlogon]
- service. If the [netlogon] service specifies a <link linkend="PATH">
- <parameter moreinfo="none">path</parameter></link> of <filename
- moreinfo="none">/usr/local/samba/netlogon</filename>, and <command
- moreinfo="none">logon script = STARTUP.BAT</command>, then
- the file that will be downloaded is:</para>
-
- <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para>
+ service. If the [netlogon] service specifies a <smbconfoption name="path"/> of <filename
+ moreinfo="none">/usr/local/samba/netlogon</filename>, and <smbconfoption name="logon
+ script">STARTUP.BAT</smbconfoption>, then the file that will be downloaded is:
+ <screen>
+ /usr/local/samba/netlogon/STARTUP.BAT
+ </screen>
+ </para>
<para>The contents of the batch file are entirely your choice. A
suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET
@@ -35,8 +35,7 @@
<para>This option takes the standard substitutions, allowing you
to have separate logon scripts for each user or machine.</para>
- <para>This option is only useful if Samba is set up as a logon
- server.</para>
+ <para>This option is only useful if Samba is set up as a logon server.</para>
</description>
<value type="default"></value>
<value type="example">scripts\%U.bat</value>
diff --git a/docs/smbdotconf/misc/addsharecommand.xml b/docs/smbdotconf/misc/addsharecommand.xml
index c1eecd5930..a351044e18 100644
--- a/docs/smbdotconf/misc/addsharecommand.xml
+++ b/docs/smbdotconf/misc/addsharecommand.xml
@@ -47,8 +47,7 @@
<para>
This parameter is only used for add file shares. To add printer shares,
- see the <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter
- command</parameter></link>.
+ see the <smbconfoption name="addprinter command"/>.
</para>
</description>
diff --git a/docs/smbdotconf/misc/defaultservice.xml b/docs/smbdotconf/misc/defaultservice.xml
index f7a6c0234d..ca986d460a 100644
--- a/docs/smbdotconf/misc/defaultservice.xml
+++ b/docs/smbdotconf/misc/defaultservice.xml
@@ -14,14 +14,12 @@
parameter is not given, attempting to connect to a nonexistent
service results in an error.</para>
- <para>Typically the default service would be a <link linkend="GUESTOK">
- <parameter moreinfo="none">guest ok</parameter></link>, <link linkend="READONLY">
- <parameter moreinfo="none">read-only</parameter></link> service.</para>
-
- <para>Also note that the apparent service name will be changed
- to equal that of the requested service, this is very useful as it
- allows you to use macros like <parameter moreinfo="none">%S</parameter> to make
- a wildcard service.</para>
+ <para>
+ Typically the default service would be a <smbconfoption name="guest ok"/>, <smbconfoption
+ name="read-only"/> service.</para> <para>Also note that the apparent service name will be changed to equal
+ that of the requested service, this is very useful as it allows you to use macros like <parameter
+ moreinfo="none">%S</parameter> to make a wildcard service.
+ </para>
<para>Note also that any &quot;_&quot; characters in the name of the service
used in the default service will get mapped to a &quot;/&quot;. This allows for
diff --git a/docs/smbdotconf/misc/deletesharecommand.xml b/docs/smbdotconf/misc/deletesharecommand.xml
index 1489a4136d..1afce2fd24 100644
--- a/docs/smbdotconf/misc/deletesharecommand.xml
+++ b/docs/smbdotconf/misc/deletesharecommand.xml
@@ -35,8 +35,7 @@
<para>
This parameter is only used to remove file shares. To delete printer shares,
- see the <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none">deleteprinter
- command</parameter></link>.
+ see the <smbconfoption name="deleteprinter command"/>.
</para>
</description>
diff --git a/docs/smbdotconf/misc/homedirmap.xml b/docs/smbdotconf/misc/homedirmap.xml
index 4e4e0d9fe5..3459928b58 100644
--- a/docs/smbdotconf/misc/homedirmap.xml
+++ b/docs/smbdotconf/misc/homedirmap.xml
@@ -4,8 +4,8 @@
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>If<link linkend="NISHOMEDIR"><parameter moreinfo="none">nis homedir
- </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle>
+ <para>If <smbconfoption name="nis homedir"/> is <constant>yes</constant>,
+ and <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> is also acting
as a Win95/98 <parameter moreinfo="none">logon server</parameter> then this parameter
specifies the NIS (or YP) map from which the server for the user's
diff --git a/docs/smbdotconf/misc/lockdirectory.xml b/docs/smbdotconf/misc/lockdirectory.xml
index a0abf8cf97..d96351a4fb 100644
--- a/docs/smbdotconf/misc/lockdirectory.xml
+++ b/docs/smbdotconf/misc/lockdirectory.xml
@@ -7,8 +7,8 @@
<description>
<para>This option specifies the directory where lock
files will be placed. The lock files are used to implement the
- <link linkend="MAXCONNECTIONS"><parameter moreinfo="none">max connections</parameter>
-</link> option.</para>
+ <smbconfoption name="max connections"/> option.
+ </para>
</description>
<value type="default">${prefix}/var/locks</value>
diff --git a/docs/smbdotconf/misc/magicoutput.xml b/docs/smbdotconf/misc/magicoutput.xml
index 1e41a9ff55..ed0cb0b21c 100644
--- a/docs/smbdotconf/misc/magicoutput.xml
+++ b/docs/smbdotconf/misc/magicoutput.xml
@@ -3,10 +3,11 @@
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter specifies the name of a file
+ <para>
+ This parameter specifies the name of a file
which will contain output created by a magic script (see the
- <link linkend="MAGICSCRIPT"><parameter moreinfo="none">magic script</parameter></link>
- parameter below).</para>
+ <smbconfoption name="magic script"/> parameter below).
+ </para>
<warning><para>If two clients use the same <parameter moreinfo="none">magic script
</parameter> in the same directory the output file content
diff --git a/docs/smbdotconf/misc/magicscript.xml b/docs/smbdotconf/misc/magicscript.xml
index 143576e7bd..b621f00c38 100644
--- a/docs/smbdotconf/misc/magicscript.xml
+++ b/docs/smbdotconf/misc/magicscript.xml
@@ -13,8 +13,8 @@
of privilege and the file permissions allow the deletion.</para>
<para>If the script generates output, output will be sent to
- the file specified by the <link linkend="MAGICOUTPUT"><parameter moreinfo="none">
- magic output</parameter></link> parameter (see above).</para>
+ the file specified by the <smbconfoption name="magic output"/>
+ parameter (see above).</para>
<para>Note that some shells are unable to interpret scripts
containing CR/LF instead of CR as
diff --git a/docs/smbdotconf/misc/nishomedir.xml b/docs/smbdotconf/misc/nishomedir.xml
index a1bfd947b6..45c451197e 100644
--- a/docs/smbdotconf/misc/nishomedir.xml
+++ b/docs/smbdotconf/misc/nishomedir.xml
@@ -21,8 +21,8 @@
long as a Samba daemon is running on the home directory server,
it will be mounted on the Samba client directly from the directory
server. When Samba is returning the home share to the client, it
- will consult the NIS map specified in <link linkend="HOMEDIRMAP">
- <parameter moreinfo="none">homedir map</parameter></link> and return the server
+ will consult the NIS map specified in
+ <smbconfoption name="homedir map"/> and return the server
listed there.</para>
<para>Note that for this option to work there must be a working
diff --git a/docs/smbdotconf/misc/preexec.xml b/docs/smbdotconf/misc/preexec.xml
index 001f9c2b42..6608c83050 100644
--- a/docs/smbdotconf/misc/preexec.xml
+++ b/docs/smbdotconf/misc/preexec.xml
@@ -12,13 +12,16 @@
message every time they log in. Maybe a message of the day? Here
is an example:</para>
- <para><command moreinfo="none">preexec = csh -c 'echo \&quot;Welcome to %S!\&quot; | /usr/local/samba/bin/smbclient -M %m -I %I' &amp; </command></para>
+ <para>
+ <command moreinfo="none">preexec = csh -c 'echo \&quot;Welcome to %S!\&quot; |
+ /usr/local/samba/bin/smbclient -M %m -I %I' &amp; </command>
+ </para>
<para>Of course, this could get annoying after a while :-)</para>
- <para>See also <link linkend="PREEXECCLOSE"><parameter moreinfo="none">preexec close</parameter></link> and <link
- linkend="POSTEXEC"><parameter moreinfo="none">postexec
- </parameter></link>.</para>
+ <para>
+ See also <smbconfoption name="preexec close"/> and <smbconfoption name="postexec"/>.
+ </para>
</description>
<value type="default"></value>
diff --git a/docs/smbdotconf/misc/preexecclose.xml b/docs/smbdotconf/misc/preexecclose.xml
index a557a58a36..c616ad7f07 100644
--- a/docs/smbdotconf/misc/preexecclose.xml
+++ b/docs/smbdotconf/misc/preexecclose.xml
@@ -5,8 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This boolean option controls whether a non-zero
- return code from <link linkend="PREEXEC"><parameter moreinfo="none">preexec
-</parameter></link> should close the service being connected to.</para>
+ return code from <smbconfoption name="preexec"/> should close the service being connected to.</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/misc/preload.xml b/docs/smbdotconf/misc/preload.xml
index 70b5b2968b..94905a67ef 100644
--- a/docs/smbdotconf/misc/preload.xml
+++ b/docs/smbdotconf/misc/preload.xml
@@ -10,9 +10,11 @@
for homes and printers services that would otherwise not be
visible.</para>
- <para>Note that if you just want all printers in your
- printcap file loaded then the <link linkend="LOADPRINTERS">
- <parameter moreinfo="none">load printers</parameter></link> option is easier.</para>
+ <para>
+ Note that if you just want all printers in your
+ printcap file loaded then the <smbconfoption name="load printers"/>
+ option is easier.
+ </para>
</description>
<value type="default"></value>
diff --git a/docs/smbdotconf/misc/remoteannounce.xml b/docs/smbdotconf/misc/remoteannounce.xml
index 891790327d..fc46a46e89 100644
--- a/docs/smbdotconf/misc/remoteannounce.xml
+++ b/docs/smbdotconf/misc/remoteannounce.xml
@@ -21,14 +21,13 @@
<para>the above line would cause <command moreinfo="none">nmbd</command> to announce itself
to the two given IP addresses using the given workgroup names.
If you leave out the workgroup name then the one given in
- the <link linkend="WORKGROUP"><parameter moreinfo="none">workgroup</parameter></link>
- parameter is used instead.</para>
+ the <smbconfoption name="workgroup"/> parameter is used instead.</para>
<para>The IP addresses you choose would normally be the broadcast
addresses of the remote networks, but can also be the IP addresses
of known browse masters if your network config is that stable.</para>
-<para>See <link linkend="NetworkBrowsing"/>.</para>
+<para>See <smbconfoption name="NetworkBrowsing"/>.</para>
</description>
<value type="default"></value>
diff --git a/docs/smbdotconf/printing/cupsoptions.xml b/docs/smbdotconf/printing/cupsoptions.xml
index ce3eb83c7e..6bb3782dc3 100644
--- a/docs/smbdotconf/printing/cupsoptions.xml
+++ b/docs/smbdotconf/printing/cupsoptions.xml
@@ -4,8 +4,8 @@
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only applicable if <link
- linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link> is
+ <para>
+ This parameter is only applicable if <smbconfoption name="printing"/> is
set to <constant>cups</constant>. Its value is a free form string of options
passed directly to the cups library.
</para>
diff --git a/docs/smbdotconf/printing/cupsserver.xml b/docs/smbdotconf/printing/cupsserver.xml
index ecd2958e61..045d260277 100644
--- a/docs/smbdotconf/printing/cupsserver.xml
+++ b/docs/smbdotconf/printing/cupsserver.xml
@@ -4,9 +4,7 @@
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only applicable if <link
- linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link> is
- set to <constant>cups</constant>.
+ <para>This parameter is only applicable if <smbconfoption name="printing"/> is set to <constant>cups</constant>.
</para>
<para>If set, this option overrides the ServerName option in the CUPS
diff --git a/docs/smbdotconf/printing/defaultdevmode.xml b/docs/smbdotconf/printing/defaultdevmode.xml
index 971c507e5a..fba5b898bb 100644
--- a/docs/smbdotconf/printing/defaultdevmode.xml
+++ b/docs/smbdotconf/printing/defaultdevmode.xml
@@ -4,7 +4,7 @@
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services.
+ <para>This parameter is only applicable to <smbconfoption name="printable"/> services.
When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
server has a Device Mode which defines things such as paper size and
orientation and duplex settings. The device mode can only correctly be
diff --git a/docs/smbdotconf/printing/deleteprintercommand.xml b/docs/smbdotconf/printing/deleteprintercommand.xml
index ed24ff4048..1f9a91656d 100644
--- a/docs/smbdotconf/printing/deleteprintercommand.xml
+++ b/docs/smbdotconf/printing/deleteprintercommand.xml
@@ -10,17 +10,17 @@
DeletePrinter() RPC call.</para>
<para>For a Samba host this means that the printer must be
- physically deleted from underlying printing system. The <parameter moreinfo="none">
- deleteprinter command</parameter> defines a script to be run which
+ physically deleted from underlying printing system. The
+ <smbconfoption name="deleteprinter command"/> defines a script to be run which
will perform the necessary operations for removing the printer
from the print system and from <filename moreinfo="none">smb.conf</filename>.
</para>
- <para>The <parameter moreinfo="none">deleteprinter command</parameter> is
- automatically called with only one parameter: <parameter moreinfo="none">
- &quot;printer name&quot;</parameter>.</para>
+ <para>The <smbcomfoption name="deleteprinter command"/> is
+ automatically called with only one parameter: <smbconfoption name="printer name"/>.
+ </para>
- <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has
+ <para>Once the <smbconfoption name="deleteprinter command"/> has
been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none">
smb.conf</filename> to associated printer no longer exists.
If the sharename is still valid, then <command moreinfo="none">smbd
diff --git a/docs/smbdotconf/printing/loadprinters.xml b/docs/smbdotconf/printing/loadprinters.xml
index 63b110dadf..b136505009 100644
--- a/docs/smbdotconf/printing/loadprinters.xml
+++ b/docs/smbdotconf/printing/loadprinters.xml
@@ -6,7 +6,7 @@
<description>
<para>A boolean variable that controls whether all
printers in the printcap will be loaded for browsing by default.
- See the <link linkend="PRINTERSSECT">printers</link> section for
+ See the <smbconfoption name="printers"/> section for
more details.</para>
</description>
diff --git a/docs/smbdotconf/printing/lpresumecommand.xml b/docs/smbdotconf/printing/lpresumecommand.xml
index 4a703057de..dc807f1f71 100644
--- a/docs/smbdotconf/printing/lpresumecommand.xml
+++ b/docs/smbdotconf/printing/lpresumecommand.xml
@@ -10,8 +10,7 @@
<para>This command should be a program or script which takes
a printer name and job number to resume the print job. See
- also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command
- </parameter></link> parameter.</para>
+ also the <smbconfoption name="lppause command"/> parameter.</para>
<para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with
@@ -21,8 +20,7 @@
in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not
be available to the server.</para>
- <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing
- </parameter></link> parameter.</para>
+ <para>See also the <smbconfoption name="printing"/> parameter.</para>
<para>Default: Currently no default value is given
to this string, unless the value of the <parameter moreinfo="none">printing</parameter>
diff --git a/docs/smbdotconf/printing/os2drivermap.xml b/docs/smbdotconf/printing/os2drivermap.xml
index ac49babd40..d646071e3a 100644
--- a/docs/smbdotconf/printing/os2drivermap.xml
+++ b/docs/smbdotconf/printing/os2drivermap.xml
@@ -15,7 +15,7 @@
LaserJet 5L</command>.</para>
<para>The need for the file is due to the printer driver namespace
- problem described in <link linkend="printing"/>. For more details on OS/2 clients, please
+ problem described in <link linkend="classicalprinting"/>. For more details on OS/2 clients, please
refer to <link linkend="Other-Clients"/>.</para>
</description>
<value type="default"/>
diff --git a/docs/smbdotconf/printing/printable.xml b/docs/smbdotconf/printing/printable.xml
index b8991ae9ad..73aa533ed3 100644
--- a/docs/smbdotconf/printing/printable.xml
+++ b/docs/smbdotconf/printing/printable.xml
@@ -11,8 +11,7 @@
<para>Note that a printable service will ALWAYS allow writing
to the service path (user privileges permitting) via the spooling
- of print data. The <link linkend="READONLY"><parameter moreinfo="none">read only
- </parameter></link> parameter controls only non-printing access to
+ of print data. The <smbconfoption name="read only"/> parameter controls only non-printing access to
the resource.</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/printing/printcapname.xml b/docs/smbdotconf/printing/printcapname.xml
index c0d228896e..7ade8881b6 100644
--- a/docs/smbdotconf/printing/printcapname.xml
+++ b/docs/smbdotconf/printing/printcapname.xml
@@ -13,7 +13,7 @@
<para>To use the CUPS printing interface set <command moreinfo="none">printcap name = cups
</command>. This should be supplemented by an addtional setting
- <link linkend="PRINTING">printing = cups</link> in the [global]
+ <smbconfoption name="printing">cups</smbconfoption> in the [global]
section. <command moreinfo="none">printcap name = cups</command> will use the
&quot;dummy&quot; printcap created by CUPS, as specified in your CUPS
configuration file.
diff --git a/docs/smbdotconf/printing/printcommand.xml b/docs/smbdotconf/printing/printcommand.xml
index e17fb7ae2f..461d6de8e3 100644
--- a/docs/smbdotconf/printing/printcommand.xml
+++ b/docs/smbdotconf/printing/printcommand.xml
@@ -47,8 +47,7 @@
<para>Note that printing may fail on some UNIXes from the
<constant>nobody</constant> account. If this happens then create
- an alternative guest account that can print and set the <link linkend="GUESTACCOUNT">
- <parameter moreinfo="none">guest account</parameter></link>
+ an alternative guest account that can print and set the <smbconfoption name="guest account"/>
in the [global] section.</para>
<para>You can form quite complex print commands by realizing
@@ -61,8 +60,8 @@
<para>You may have to vary this command considerably depending
on how you normally print files on your system. The default for
- the parameter varies depending on the setting of the <link linkend="PRINTING">
- <parameter moreinfo="none">printing</parameter></link> parameter.</para>
+ the parameter varies depending on the setting of the <smbconfoption name="printing"/>
+ parameter.</para>
<para>Default: For <command moreinfo="none">printing = BSD, AIX, QNX, LPRNG
or PLP :</command></para>
@@ -75,7 +74,7 @@
<para><command moreinfo="none">print command = lp -d%p -s %s; rm %s</command></para>
<para>For printing = CUPS : If SAMBA is compiled against
- libcups, then <link linkend="PRINTING">printcap = cups</link>
+ libcups, then <smbconfoption name="printcap">cups</smbconfoption>
uses the CUPS API to
submit jobs, etc. Otherwise it maps to the System V
commands with the -oraw option for printing, i.e. it
diff --git a/docs/smbdotconf/printing/printername.xml b/docs/smbdotconf/printing/printername.xml
index ed55a9bb70..fad127cad1 100644
--- a/docs/smbdotconf/printing/printername.xml
+++ b/docs/smbdotconf/printing/printername.xml
@@ -5,14 +5,22 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>printer</synonym>
<description>
- <para>This parameter specifies the name of the printer
- to which print jobs spooled through a printable service will be sent.</para>
+ <para>
+ This parameter specifies the name of the printer to which print jobs spooled through a printable service
+ will be sent.
+ </para>
- <para>If specified in the [global] section, the printer
- name given will be used for any printable service that does
- not have its own printer name specified.</para>
+ <para>
+ If specified in the [global] section, the printer name given will be used for any printable service that
+ does not have its own printer name specified.
+ </para>
+
+ <para>
+ The default value of the <smbconfoption name="printer name"/> may be <literal>lp</literal> on many
+ systems.
+ </para>
</description>
-<value type="default"><comment>none (but may be <constant>lp</constant> on many systems)</comment></value>
+<value type="default">none</value>
<value type="example">laserwriter</value>
</samba:parameter>
diff --git a/docs/smbdotconf/printing/queueresumecommand.xml b/docs/smbdotconf/printing/queueresumecommand.xml
index 1a878c2098..f6593c2289 100644
--- a/docs/smbdotconf/printing/queueresumecommand.xml
+++ b/docs/smbdotconf/printing/queueresumecommand.xml
@@ -7,8 +7,7 @@
<para>This parameter specifies the command to be
executed on the server host in order to resume the printer queue. It
is the command to undo the behavior that is caused by the
- previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none">
- queuepause command</parameter></link>).</para>
+ previous parameter (<smbconfoption name="queuepause command"/>).</para>
<para>This command should be a program or script which takes
a printer name as its only parameter and resumes the printer queue,
diff --git a/docs/smbdotconf/protocol/maxwinsttl.xml b/docs/smbdotconf/protocol/maxwinsttl.xml
index 20461b7a49..09935cdd9b 100644
--- a/docs/smbdotconf/protocol/maxwinsttl.xml
+++ b/docs/smbdotconf/protocol/maxwinsttl.xml
@@ -5,8 +5,8 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT">
- <parameter moreinfo="none">wins support = yes</parameter></link>) what the maximum
+ <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server
+ (<smbconfoption name="wins support">yes</smbconfoption>) what the maximum
'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command>
will grant will be (in seconds). You should never need to change this
parameter. The default is 6 days (518400 seconds).</para>
diff --git a/docs/smbdotconf/protocol/minprotocol.xml b/docs/smbdotconf/protocol/minprotocol.xml
index a1480756bd..0bec282467 100644
--- a/docs/smbdotconf/protocol/minprotocol.xml
+++ b/docs/smbdotconf/protocol/minprotocol.xml
@@ -6,15 +6,14 @@
<description>
<para>The value of the parameter (a string) is the
lowest SMB protocol dialect than Samba will support. Please refer
- to the <link linkend="MAXPROTOCOL"><parameter moreinfo="none">max protocol</parameter></link>
+ to the <smbconfoption name="max protocol"/>
parameter for a list of valid protocol names and a brief description
of each. You may also wish to refer to the C source code in
<filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol
dialects supported by clients.</para>
<para>If you are viewing this parameter as a security measure, you should
- also refer to the <link linkend="LANMANAUTH"><parameter moreinfo="none">lanman
- auth</parameter></link> parameter. Otherwise, you should never need
+ also refer to the <smbconfoption name="lanman auth"/> parameter. Otherwise, you should never need
to change this parameter.</para>
</description>
diff --git a/docs/smbdotconf/protocol/minwinsttl.xml b/docs/smbdotconf/protocol/minwinsttl.xml
index 9c308d8b73..38fbd7b0eb 100644
--- a/docs/smbdotconf/protocol/minwinsttl.xml
+++ b/docs/smbdotconf/protocol/minwinsttl.xml
@@ -6,8 +6,7 @@
<description>
<para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>
- when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter moreinfo="none">
- wins support = yes</parameter></link>) what the minimum 'time to live'
+ when acting as a WINS server (<smbconfoption name="wins support">yes</smbconfoption>) what the minimum 'time to live'
of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in
seconds). You should never need to change this parameter. The default
is 6 hours (21600 seconds).</para>
diff --git a/docs/smbdotconf/protocol/nameresolveorder.xml b/docs/smbdotconf/protocol/nameresolveorder.xml
index a3637a3ee0..d8bbb39589 100644
--- a/docs/smbdotconf/protocol/nameresolveorder.xml
+++ b/docs/smbdotconf/protocol/nameresolveorder.xml
@@ -18,8 +18,8 @@
<listitem>
<para><constant>lmhosts</constant> : Lookup an IP
address in the Samba lmhosts file. If the line in lmhosts has
- no name type attached to the NetBIOS name (see the <ulink
- noescape="1" url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
+ no name type attached to the NetBIOS name (see the <usmbconfoption
+ noescape="1" url="lmhosts.5.html">lmhosts(5)</usmbconfoption> for details) then
any name type matches for lookup.</para>
</listitem>
@@ -37,14 +37,14 @@
<listitem>
<para><constant>wins</constant> : Query a name with
- the IP address listed in the <link linkend="WINSSERVER"><parameter moreinfo="none">
- wins server</parameter></link> parameter. If no WINS server has
+ the IP address listed in the <smbconfoption name="WINSSERVER"><parameter moreinfo="none">
+ wins server</parameter></smbconfoption> parameter. If no WINS server has
been specified this method will be ignored.</para>
</listitem>
<listitem>
<para><constant>bcast</constant> : Do a broadcast on
- each of the known local interfaces listed in the <link linkend="INTERFACES"><parameter moreinfo="none">interfaces</parameter></link>
+ each of the known local interfaces listed in the <smbconfoption name="interfaces"/>
parameter. This is the least reliable of the name resolution
methods as it depends on the target host being on a locally
connected subnet.</para>
diff --git a/docs/smbdotconf/security/adminusers.xml b/docs/smbdotconf/security/adminusers.xml
index 6c2d8e8f72..d8f14b6d74 100644
--- a/docs/smbdotconf/security/adminusers.xml
+++ b/docs/smbdotconf/security/adminusers.xml
@@ -11,8 +11,7 @@
this list will be able to do anything they like on the share,
irrespective of file permissions.</para>
- <para>This parameter will not work with the <link linkend="SECURITY">
- <parameter moreinfo="none">security = share</parameter></link> in
+ <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
Samba 3.0. This is by design.</para>
</description>
diff --git a/docs/smbdotconf/security/allowtrusteddomains.xml b/docs/smbdotconf/security/allowtrusteddomains.xml
index ad84513417..7bc5554550 100644
--- a/docs/smbdotconf/security/allowtrusteddomains.xml
+++ b/docs/smbdotconf/security/allowtrusteddomains.xml
@@ -4,8 +4,8 @@
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option only takes effect when the <link linkend="SECURITY">
- <parameter moreinfo="none">security</parameter></link> option is set to
+ <para>
+ This option only takes effect when the <smbconfoption name="security"/> option is set to
<constant>server</constant>,<constant>domain</constant> or <constant>ads</constant>.
If it is set to no, then attempts to connect to a resource from
a domain or workgroup other than the one which smbd is running
diff --git a/docs/smbdotconf/security/authmethods.xml b/docs/smbdotconf/security/authmethods.xml
index 2eaf6a352b..6e6b88c519 100644
--- a/docs/smbdotconf/security/authmethods.xml
+++ b/docs/smbdotconf/security/authmethods.xml
@@ -4,12 +4,12 @@
basic="1" advanced="1" wizard="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option allows the administrator to chose what
- authentication methods <command moreinfo="none">smbd</command> will use when authenticating
- a user. This option defaults to sensible values based on <link linkend="SECURITY">
- <parameter moreinfo="none">security</parameter></link>. This should be considered
- a developer option and used only in rare circumstances. In the majority (if not all)
- of production servers, the default setting should be adequate.</para>
+ <para>
+ This option allows the administrator to chose what authentication methods <command
+ moreinfo="none">smbd</command> will use when authenticating a user. This option defaults to sensible values
+ based on <smbconfoption name="security"/>. This should be considered a developer option and used only in rare
+ circumstances. In the majority (if not all) of production servers, the default setting should be adequate.
+ </para>
<para>Each entry in the list attempts to authenticate the user in turn, until
the user authenticates. In practice only one method will ever actually
diff --git a/docs/smbdotconf/security/createmask.xml b/docs/smbdotconf/security/createmask.xml
index 14b8253a87..7f9f93caaa 100644
--- a/docs/smbdotconf/security/createmask.xml
+++ b/docs/smbdotconf/security/createmask.xml
@@ -17,18 +17,15 @@
'group' and 'other' write and execute bits from the UNIX modes.</para>
<para>Following this Samba will bit-wise 'OR' the UNIX mode created
- from this parameter with the value of the <link linkend="FORCECREATEMODE">
- <parameter moreinfo="none">force create mode</parameter></link>
+ from this parameter with the value of the <smbconfoption name="force create mode"/>
parameter which is set to 000 by default.</para>
<para>This parameter does not affect directory modes. See the
- parameter <link linkend="DIRECTORYMODE"><parameter moreinfo="none">directory mode
- </parameter></link> for details.</para>
+ parameter <smbconfoption name="directory mode"/> for details.</para>
<para>Note that this parameter does not apply to permissions
set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
- a mask on access control lists also, they need to set the <link linkend="SECURITYMASK">
- <parameter moreinfo="none">security mask</parameter></link>.</para>
+ a mask on access control lists also, they need to set the <smbconfoption name="security mask"/>.</para>
</description>
<related>force create mode</related>
diff --git a/docs/smbdotconf/security/directorymask.xml b/docs/smbdotconf/security/directorymask.xml
index 8662b31e15..414239bcff 100644
--- a/docs/smbdotconf/security/directorymask.xml
+++ b/docs/smbdotconf/security/directorymask.xml
@@ -21,14 +21,12 @@
user who owns the directory to modify it.</para>
<para>Following this Samba will bit-wise 'OR' the UNIX mode
- created from this parameter with the value of the <link linkend="FORCEDIRECTORYMODE">
- <parameter moreinfo="none">force directory mode</parameter></link> parameter.
+ created from this parameter with the value of the <smbconfoption name="force directory mode"/> parameter.
This parameter is set to 000 by default (i.e. no extra mode bits are added).</para>
<para>Note that this parameter does not apply to permissions
set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
- a mask on access control lists also, they need to set the <link linkend="DIRECTORYSECURITYMASK">
- <parameter moreinfo="none">directory security mask</parameter></link>.</para>
+ a mask on access control lists also, they need to set the <smbconfoption name="directory security mask"/>.</para>
</description>
<related>force directory mode</related>
diff --git a/docs/smbdotconf/security/encryptpasswords.xml b/docs/smbdotconf/security/encryptpasswords.xml
index e3bc3f6dea..8d2b86cb8c 100644
--- a/docs/smbdotconf/security/encryptpasswords.xml
+++ b/docs/smbdotconf/security/encryptpasswords.xml
@@ -32,7 +32,7 @@
have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> program for information on how to set up
- and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which
+ and maintain this file), or set the <smbconfoption name="security">[server|domain|ads]</smbconfoption> parameter which
causes <command moreinfo="none">smbd</command> to authenticate against another
server.</para>
</description>
diff --git a/docs/smbdotconf/security/forcegroup.xml b/docs/smbdotconf/security/forcegroup.xml
index 2d8f5790d8..f6c9974f99 100644
--- a/docs/smbdotconf/security/forcegroup.xml
+++ b/docs/smbdotconf/security/forcegroup.xml
@@ -25,8 +25,8 @@
primary group assigned to sys when accessing this Samba share. All
other users will retain their ordinary primary group.</para>
- <para>If the <link linkend="FORCEUSER"><parameter moreinfo="none">force user</parameter>
- </link> parameter is also set the group specified in
+ <para>
+ If the <smbconfoption name="force user"/> parameter is also set the group specified in
<parameter moreinfo="none">force group</parameter> will override the primary group
set in <parameter moreinfo="none">force user</parameter>.</para>
diff --git a/docs/smbdotconf/security/guestaccount.xml b/docs/smbdotconf/security/guestaccount.xml
index fd791c7423..8132835a82 100644
--- a/docs/smbdotconf/security/guestaccount.xml
+++ b/docs/smbdotconf/security/guestaccount.xml
@@ -5,8 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This is a username which will be used for access
- to services which are specified as <link linkend="GUESTOK"><parameter moreinfo="none">
- guest ok</parameter></link> (see below). Whatever privileges this
+ to services which are specified as <smbconfoption name="guest ok"/> (see below). Whatever privileges this
user has will be available to any client connecting to the guest service.
This user must exist in the password file, but does not require
a valid login. The user account &quot;ftp&quot; is often a good choice
diff --git a/docs/smbdotconf/security/guestok.xml b/docs/smbdotconf/security/guestok.xml
index f2e5f0adcd..7cbf4e50bb 100644
--- a/docs/smbdotconf/security/guestok.xml
+++ b/docs/smbdotconf/security/guestok.xml
@@ -7,15 +7,13 @@
<description>
<para>If this parameter is <constant>yes</constant> for
a service, then no password is required to connect to the service.
- Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">
- guest account</parameter></link>.</para>
+ Privileges will be those of the <smbconfoption name="guest account"/>.</para>
<para>This paramater nullifies the benifits of setting
- <link linkend="RESTRICTANONYMOUS"><parameter moreinfo="none">restrict
- anonymous</parameter></link> = 2</para>
+ <smbconfoption name="restrict anonymous">2</smbconfoption>
+ </para>
- <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none">
- security</parameter></link> for more information about this option.
+ <para>See the section below on <smbconfoption name="security"/> for more information about this option.
</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/security/guestonly.xml b/docs/smbdotconf/security/guestonly.xml
index 9d70c16c3f..258eba9267 100644
--- a/docs/smbdotconf/security/guestonly.xml
+++ b/docs/smbdotconf/security/guestonly.xml
@@ -6,11 +6,9 @@
<description>
<para>If this parameter is <constant>yes</constant> for
a service, then only guest connections to the service are permitted.
- This parameter will have no effect if <link linkend="GUESTOK">
- <parameter moreinfo="none">guest ok</parameter></link> is not set for the service.</para>
+ This parameter will have no effect if <smbconfoption name="guest ok"/> is not set for the service.</para>
- <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none">
- security</parameter></link> for more information about this option.
+ <para>See the section below on <smbconfoption name="security"/> for more information about this option.
</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/security/hostsallow.xml b/docs/smbdotconf/security/hostsallow.xml
index e71377a289..5e807daa68 100644
--- a/docs/smbdotconf/security/hostsallow.xml
+++ b/docs/smbdotconf/security/hostsallow.xml
@@ -24,8 +24,7 @@
be given here also.</para>
<para>Note that the localhost address 127.0.0.1 will always
- be allowed access unless specifically denied by a <link linkend="HOSTSDENY">
- <parameter moreinfo="none">hosts deny</parameter></link> option.</para>
+ be allowed access unless specifically denied by a <smbconfoption name="hosts deny"/> option.</para>
<para>You can also specify hosts by network/netmask pairs and
by netgroup names if your system supports netgroups. The
diff --git a/docs/smbdotconf/security/hostsequiv.xml b/docs/smbdotconf/security/hostsequiv.xml
index 014c75369a..db7cbaffc8 100644
--- a/docs/smbdotconf/security/hostsequiv.xml
+++ b/docs/smbdotconf/security/hostsequiv.xml
@@ -9,8 +9,7 @@
and users who will be allowed access without specifying a password.
</para>
- <para>This is not be confused with <link linkend="HOSTSALLOW">
- <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts
+ <para>This is not be confused with <smbconfoption name="hosts allow"/> which is about hosts
access to services and is more useful for guest services. <parameter moreinfo="none">
hosts equiv</parameter> may be useful for NT clients which will
not supply passwords to Samba.</para>
diff --git a/docs/smbdotconf/security/inheritpermissions.xml b/docs/smbdotconf/security/inheritpermissions.xml
index b6c774ab93..6e09f4f033 100644
--- a/docs/smbdotconf/security/inheritpermissions.xml
+++ b/docs/smbdotconf/security/inheritpermissions.xml
@@ -3,24 +3,20 @@
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>The permissions on new files and directories
- are normally governed by <link linkend="CREATEMASK"><parameter moreinfo="none">
- create mask</parameter></link>, <link linkend="DIRECTORYMASK">
- <parameter moreinfo="none">directory mask</parameter></link>, <link linkend="FORCECREATEMODE">
- <parameter moreinfo="none">force create mode</parameter>
- </link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force
- directory mode</parameter></link> but the boolean inherit
- permissions parameter overrides this.</para>
+ <para>
+ The permissions on new files and directories are normally governed by <smbconfoption name="create mask"/>,
+ <smbconfoption name="directory mask"/>, <smbconfoption name="force create mode"/> and <smbconfoption
+ name="force directory mode"/> but the boolean inherit permissions parameter overrides this.
+ </para>
<para>New directories inherit the mode of the parent directory,
including bits such as setgid.</para>
- <para>New files inherit their read/write bits from the parent
- directory. Their execute bits continue to be determined by
- <link linkend="MAPARCHIVE"><parameter moreinfo="none">map archive</parameter>
- </link>, <link linkend="MAPHIDDEN"><parameter moreinfo="none">map hidden</parameter>
- </link> and <link linkend="MAPSYSTEM"><parameter moreinfo="none">map system</parameter>
- </link> as usual.</para>
+ <para>
+ New files inherit their read/write bits from the parent directory. Their execute bits continue to be
+ determined by <smbconfoption name="map archive"/>, <smbconfoption name="map hidden"/> and <smbconfoption
+ name="map system"/> as usual.
+ </para>
<para>Note that the setuid bit is <emphasis>never</emphasis> set via
inheritance (the code explicitly prohibits this).</para>
diff --git a/docs/smbdotconf/security/maptoguest.xml b/docs/smbdotconf/security/maptoguest.xml
index 8993959073..52600a5dcc 100644
--- a/docs/smbdotconf/security/maptoguest.xml
+++ b/docs/smbdotconf/security/maptoguest.xml
@@ -4,8 +4,8 @@
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter is only useful in <link linkend="SECURITY">
- security</link> modes other than <parameter moreinfo="none">security = share</parameter>
+ <para>This parameter is only useful in <smbconfoption name="SECURITY">
+ security</smbconfoption> modes other than <parameter moreinfo="none">security = share</parameter>
- i.e. <constant>user</constant>, <constant>server</constant>,
and <constant>domain</constant>.</para>
@@ -27,14 +27,13 @@
<para><constant>Bad User</constant> - Means user
logins with an invalid password are rejected, unless the username
does not exist, in which case it is treated as a guest login and
- mapped into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">
- guest account</parameter></link>.</para>
+ mapped into the <smbconfoption name="guest account"/>.</para>
</listitem>
<listitem>
<para><constant>Bad Password</constant> - Means user logins
with an invalid password are treated as a guest login and mapped
- into the <link linkend="GUESTACCOUNT">guest account</link>. Note that
+ into the <smbconfoption name="guest account"/>. Note that
this can cause problems as it means that any user incorrectly typing
their password will be silently logged on as &quot;guest&quot; - and
will not know the reason they cannot access files they think
diff --git a/docs/smbdotconf/security/obeypamrestrictions.xml b/docs/smbdotconf/security/obeypamrestrictions.xml
index fd12e456b6..40777f4f5d 100644
--- a/docs/smbdotconf/security/obeypamrestrictions.xml
+++ b/docs/smbdotconf/security/obeypamrestrictions.xml
@@ -9,8 +9,8 @@
should obey PAM's account and session management directives. The
default behavior is to use PAM for clear text authentication only
and to ignore any account or session management. Note that Samba
- always ignores PAM for authentication in the case of <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypt passwords = yes</parameter></link>. The reason
+ always ignores PAM for authentication in the case of <smbconfoption
+ name="encrypt passwords">yes</smbconfoption>. The reason
is that PAM modules cannot support the challenge/response
authentication mechanism needed in the presence of SMB password encryption.
</para>
diff --git a/docs/smbdotconf/security/onlyuser.xml b/docs/smbdotconf/security/onlyuser.xml
index d94d3d523d..b1ef1b7606 100644
--- a/docs/smbdotconf/security/onlyuser.xml
+++ b/docs/smbdotconf/security/onlyuser.xml
@@ -9,8 +9,7 @@
client can supply a username to be used by the server. Enabling
this parameter will force the server to only use the login
names from the <parameter moreinfo="none">user</parameter> list and is only really
- useful in <link linkend="SECURITYEQUALSSHARE">share level</link>
- security.</para>
+ useful in <smbconfoption name="security">share</smbconfoption> level security.</para>
<para>Note that this also means Samba won't try to deduce
usernames from the service name. This can be annoying for
diff --git a/docs/smbdotconf/security/pampasswordchange.xml b/docs/smbdotconf/security/pampasswordchange.xml
index 22dc98d4e9..e5c04d405c 100644
--- a/docs/smbdotconf/security/pampasswordchange.xml
+++ b/docs/smbdotconf/security/pampasswordchange.xml
@@ -8,10 +8,9 @@
this parameter, it is possible to use PAM's password change control
flag for Samba. If enabled, then PAM will be used for password
changes when requested by an SMB client instead of the program listed in
- <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter></link>.
+ <smbconfoption name="passwd program"/>.
It should be possible to enable this without changing your
- <link linkend="PASSWDCHAT"><parameter moreinfo="none">passwd chat</parameter></link>
- parameter for most setups.</para>
+ <smbconfoption name="passwd chat"/> parameter for most setups.</para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/security/passdbbackend.xml b/docs/smbdotconf/security/passdbbackend.xml
index 74f26b89ea..bbe1d13106 100644
--- a/docs/smbdotconf/security/passdbbackend.xml
+++ b/docs/smbdotconf/security/passdbbackend.xml
@@ -27,8 +27,7 @@
<listitem>
<para><command moreinfo="none">tdbsam</command> - The TDB based password storage
backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb
- in the <link linkend="PRIVATEDIR">
- <parameter moreinfo="none">private dir</parameter></link> directory.</para>
+ in the <smbconfoption name="private dir"/> directory.</para>
</listitem>
<listitem>
@@ -37,7 +36,7 @@
<command moreinfo="none">ldap://localhost</command>)</para>
<para>LDAP connections should be secured where possible. This may be done using either
- Start-TLS (see <link linkend="LDAPSSL"><parameter moreinfo="none">ldap ssl</parameter></link>) or by
+ Start-TLS (see <smbconfoption name="ldap ssl"/>) or by
specifying <parameter moreinfo="none">ldaps://</parameter> in
the URL argument. </para>
diff --git a/docs/smbdotconf/security/passwdchat.xml b/docs/smbdotconf/security/passwdchat.xml
index f3a7395710..32ae5b3033 100644
--- a/docs/smbdotconf/security/passwdchat.xml
+++ b/docs/smbdotconf/security/passwdchat.xml
@@ -10,22 +10,20 @@
program to change the user's password. The string describes a
sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the
- <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter>
- </link> and what to expect back. If the expected output is not
+ <smbconfoption name="passwd program"/> and what to expect back. If the expected output is not
received then the password is not changed.</para>
<para>This chat sequence is often quite site specific, depending
on what local methods are used for password control (such as NIS
etc).</para>
- <para>Note that this parameter only is only used if the <link
- linkend="UNIXPASSWORDSYNC"> <parameter moreinfo="none">unix password sync</parameter>
- </link> parameter is set to <constant>yes</constant>. This sequence is
+ <para>Note that this parameter only is only used if the <smbconfoption
+ name="unix password sync"/> parameter is set to <constant>yes</constant>. This sequence is
then called <emphasis>AS ROOT</emphasis> when the SMB password in the
smbpasswd file is being changed, without access to the old password
cleartext. This means that root must be able to reset the user's password without
knowing the text of the previous password. In the presence of
- NIS/YP, this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must
+ NIS/YP, this means that the <smbconfoption name="passwd program"/> must
be executed on the NIS master.
</para>
@@ -41,10 +39,9 @@
stop &quot;.&quot;, then no string is sent. Similarly, if the
expect string is a full stop then no string is expected.</para>
- <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam
- password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs
- may be matched in any order, and success is determined by the PAM result,
- not any particular output. The \n macro is ignored for PAM conversions.
+ <para>If the <smbconfoption name="pam password change"/> parameter is set to <constant>yes</constant>, the
+ chat pairs may be matched in any order, and success is determined by the PAM result, not any particular
+ output. The \n macro is ignored for PAM conversions.
</para>
</description>
diff --git a/docs/smbdotconf/security/passwdchatdebug.xml b/docs/smbdotconf/security/passwdchatdebug.xml
index 6211688eb7..78714ab8b5 100644
--- a/docs/smbdotconf/security/passwdchatdebug.xml
+++ b/docs/smbdotconf/security/passwdchatdebug.xml
@@ -9,13 +9,13 @@
strings passed to and received from the passwd chat are printed
in the <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> log with a
- <link linkend="DEBUGLEVEL"><parameter moreinfo="none">debug level</parameter></link>
+ <smbconfoption name="debug level"/>
of 100. This is a dangerous option as it will allow plaintext passwords
to be seen in the <command moreinfo="none">smbd</command> log. It is available to help
Samba admins debug their <parameter moreinfo="none">passwd chat</parameter> scripts
when calling the <parameter moreinfo="none">passwd program</parameter> and should
be turned off after this has been done. This option has no effect if the
- <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam password change</parameter></link>
+ <smbconfoption name="pam password change"/>
paramter is set. This parameter is off by default.</para>
</description>
diff --git a/docs/smbdotconf/security/passwordlevel.xml b/docs/smbdotconf/security/passwordlevel.xml
index 33a0f13e2a..1da11e406b 100644
--- a/docs/smbdotconf/security/passwordlevel.xml
+++ b/docs/smbdotconf/security/passwordlevel.xml
@@ -40,8 +40,7 @@
<para>This parameter is used only when using plain-text passwords. It is
not at all used when encrypted passwords as in use (that is the default
- since samba-3.0.0). Use this only when <link linkend="ENCRYPTPASSWORDS">
- encrypt passwords = No</link>.</para>
+ since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para>
</description>
<value type="default">0</value>
diff --git a/docs/smbdotconf/security/passwordserver.xml b/docs/smbdotconf/security/passwordserver.xml
index 4836a17731..188cea88d1 100644
--- a/docs/smbdotconf/security/passwordserver.xml
+++ b/docs/smbdotconf/security/passwordserver.xml
@@ -20,8 +20,7 @@
connections.</para>
<para>If parameter is a name, it is looked up using the
- parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name
- resolve order</parameter></link> and so may resolved
+ parameter <smbconfoption name="name resolve order"/> and so may resolved
by any method and order described in that parameter.</para>
<para>The password server must be a machine capable of using
diff --git a/docs/smbdotconf/security/readlist.xml b/docs/smbdotconf/security/readlist.xml
index 613758ec2a..df6b4f129b 100644
--- a/docs/smbdotconf/security/readlist.xml
+++ b/docs/smbdotconf/security/readlist.xml
@@ -3,16 +3,14 @@
type="list"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a list of users that are given read-only
- access to a service. If the connecting user is in this list then
- they will not be given write access, no matter what the <link linkend="READONLY">
- <parameter moreinfo="none">read only</parameter></link>
- option is set to. The list can include group names using the
- syntax described in the <link linkend="INVALIDUSERS"><parameter moreinfo="none">
- invalid users</parameter></link> parameter.</para>
+ <para>
+ This is a list of users that are given read-only access to a service. If the connecting user is in this list
+ then they will not be given write access, no matter what the <smbconfoption name="read only"/> option is set
+ to. The list can include group names using the syntax described in the <smbconfoption name="invalid users"/>
+ parameter.
+ </para>
- <para>This parameter will not work with the <link linkend="SECURITY">
- <parameter moreinfo="none">security = share</parameter></link> in
+ <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
Samba 3.0. This is by design.</para>
</description>
diff --git a/docs/smbdotconf/security/readonly.xml b/docs/smbdotconf/security/readonly.xml
index 686b28aede..6e1f6dd2b8 100644
--- a/docs/smbdotconf/security/readonly.xml
+++ b/docs/smbdotconf/security/readonly.xml
@@ -4,8 +4,7 @@
basic="1" advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>An inverted synonym is <link linkend="WRITEABLE">
- <parameter moreinfo="none">writeable</parameter></link>.</para>
+ <para>An inverted synonym is <smbconfoption name="writeable"/>.</para>
<para>If this parameter is <constant>yes</constant>, then users
of a service may not create or modify files in the service's
diff --git a/docs/smbdotconf/security/restrictanonymous.xml b/docs/smbdotconf/security/restrictanonymous.xml
index a7aaa31b0b..2a45ef1561 100644
--- a/docs/smbdotconf/security/restrictanonymous.xml
+++ b/docs/smbdotconf/security/restrictanonymous.xml
@@ -29,8 +29,7 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
<note>
<para>
The security advantage of using restrict anonymous = 2 is removed
- by setting <link linkend="GUESTOK"><parameter moreinfo="none">guest
- ok</parameter> = yes</link> on any share.
+ by setting <smbconfoption name="guest ok">yes</smbconfoption> on any share.
</para>
</note>
</description>
diff --git a/docs/smbdotconf/security/rootdirectory.xml b/docs/smbdotconf/security/rootdirectory.xml
index ed894d57cb..8736598001 100644
--- a/docs/smbdotconf/security/rootdirectory.xml
+++ b/docs/smbdotconf/security/rootdirectory.xml
@@ -12,9 +12,8 @@
server will deny access to files not in one of the service entries.
It may also check for, and deny access to, soft links to other
parts of the filesystem, or attempts to use &quot;..&quot; in file names
- to access other directories (depending on the setting of the <link linkend="WIDELINKS">
- <parameter moreinfo="none">wide links</parameter></link>
- parameter).
+ to access other directories (depending on the setting of the
+ <smbconfoption name="wide smbconfoptions"/> parameter).
</para>
<para>Adding a <parameter moreinfo="none">root directory</parameter> entry other
diff --git a/docs/smbdotconf/security/security.xml b/docs/smbdotconf/security/security.xml
index fe5cf5404f..226d1c1270 100644
--- a/docs/smbdotconf/security/security.xml
+++ b/docs/smbdotconf/security/security.xml
@@ -47,13 +47,11 @@
want to mainly setup shares without a password (guest shares). This
is commonly used for a shared printer server. It is more difficult
to setup guest shares with <command moreinfo="none">security = user</command>, see
- the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter>
- </link>parameter for details.</para>
+ the <smbconfoption name="map to guest"/>parameter for details.</para>
<para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
hybrid mode</emphasis> where it is offers both user and share
- level security under different <link linkend="NETBIOSALIASES">
- <parameter moreinfo="none">NetBIOS aliases</parameter></link>. </para>
+ level security under different <smbconfoption name="NetBIOS aliases"/>. </para>
<para>The different settings will now be explained.</para>
@@ -83,17 +81,14 @@
<itemizedlist>
<listitem>
- <para>If the <link linkend="GUESTONLY"><parameter moreinfo="none">guest
- only</parameter></link> parameter is set, then all the other
- stages are missed and only the <link linkend="GUESTACCOUNT">
- <parameter moreinfo="none">guest account</parameter></link> username is checked.
+ <para>If the <smbconfoption name="guest only"/> parameter is set, then all the other
+ stages are missed and only the <smbconfoption name="guest account"/> username is checked.
</para>
</listitem>
<listitem>
<para>Is a username is sent with the share connection
- request, then this username (after mapping - see <link linkend="USERNAMEMAP">
- <parameter moreinfo="none">username map</parameter></link>),
+ request, then this username (after mapping - see <smbconfoption name="username map"/>),
is added as a potential username.
</para>
</listitem>
@@ -118,8 +113,7 @@
</listitem>
<listitem>
- <para>Any users on the <link linkend="USER"><parameter moreinfo="none">
- user</parameter></link> list are added as potential usernames.
+ <para>Any users on the <smbconfoption name="user"/> list are added as potential usernames.
</para>
</listitem>
</itemizedlist>
@@ -145,13 +139,10 @@
<para>This is the default security setting in Samba 3.0.
With user-level security a client must first &quot;log-on&quot; with a
- valid username and password (which can be mapped using the <link linkend="USERNAMEMAP">
- <parameter moreinfo="none">username map</parameter></link>
- parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypted passwords</parameter></link> parameter) can also
- be used in this security mode. Parameters such as <link linkend="USER">
- <parameter moreinfo="none">user</parameter></link> and <link linkend="GUESTONLY">
- <parameter moreinfo="none">guest only</parameter></link> if set are then applied and
+ valid username and password (which can be mapped using the <smbconfoption name="username map"/>
+ parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
+ be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+ name="guest only"/> if set are then applied and
may change the UNIX user to use on this connection, but only after
the user has been successfully authenticated.</para>
@@ -159,21 +150,17 @@
requested is <emphasis>not</emphasis> sent to the server until after
the server has successfully authenticated the client. This is why
guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <link linkend="GUESTACCOUNT">
- <parameter moreinfo="none">guest account</parameter></link>.
- See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter>
- </link> parameter for details on doing this.</para>
+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
- <para>See also the section <link linkend="VALIDATIONSECT">
- NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+ <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
<para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
<para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> has been used to add this
- machine into a Windows NT Domain. It expects the <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypted passwords</parameter>
- </link> parameter to be set to <constant>yes</constant>. In this
+ machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
+ parameter to be set to <constant>yes</constant>. In this
mode Samba will try to validate the username/password by passing
it to a Windows NT Primary or Backup Domain Controller, in exactly
the same way that a Windows NT Server would do.</para>
@@ -192,31 +179,26 @@
requested is <emphasis>not</emphasis> sent to the server until after
the server has successfully authenticated the client. This is why
guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <link linkend="GUESTACCOUNT">
- <parameter moreinfo="none">guest account</parameter></link>.
- See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter>
- </link> parameter for details on doing this.</para>
+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
<para>See also the section <link linkend="VALIDATIONSECT">
NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
- <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password
- server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypted passwords</parameter>
- </link> parameter.</para>
+ <para>See also the <smbconfoption name="password server"/> parameter and
+ the <smbconfoption name="encrypted passwords"/> parameter.</para>
<para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para>
- <para>In this mode Samba will try to validate the username/password
- by passing it to another SMB server, such as an NT box. If this
- fails it will revert to <command moreinfo="none">security =
- user</command>. It expects the <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypted passwords</parameter></link> parameter
- to be set to <constant>yes</constant>, unless the remote server
- does not support them. However note that if encrypted passwords have been
- negotiated then Samba cannot revert back to checking the UNIX password file,
- it must have a valid <filename moreinfo="none">smbpasswd</filename> file to check
- users against. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up.</para>
+ <para>
+ In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
+ NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the
+ <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote
+ server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot
+ revert back to checking the UNIX password file, it must have a valid <filename
+ moreinfo="none">smbpasswd</filename> file to check users against. See the chapter about the User Database in
+ the Samba HOWTO Collection for details on how to set this up.
+</para>
<note><para>This mode of operation has
significant pitfalls, due to the fact that is activly initiates a
@@ -238,17 +220,14 @@
requested is <emphasis>not</emphasis> sent to the server until after
the server has successfully authenticated the client. This is why
guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <link linkend="GUESTACCOUNT">
- <parameter moreinfo="none">guest account</parameter></link>.
- See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter>
- </link> parameter for details on doing this.</para>
+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
<para>See also the section <link linkend="VALIDATIONSECT">
NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
- <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password
- server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypted passwords</parameter></link> parameter.</para>
+ <para>See also the <smbconfoption name="password server"/> parameter and the
+ <smbconfoption name="encrypted passwords"/> parameter.</para>
<para><anchor id="SECURITYEQUALSADS"/><emphasis>SECURITY = ADS</emphasis></para>
diff --git a/docs/smbdotconf/security/serverschannel.xml b/docs/smbdotconf/security/serverschannel.xml
index 0f264a0f7d..6317448fb6 100644
--- a/docs/smbdotconf/security/serverschannel.xml
+++ b/docs/smbdotconf/security/serverschannel.xml
@@ -4,20 +4,18 @@
basic="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether the server offers or even
- demands the use of the netlogon schannel.
- <parameter>server schannel = no</parameter> does not
- offer the schannel, <parameter>server schannel =
- auto</parameter> offers the schannel but does not
- enforce it, and <parameter>server schannel =
- yes</parameter> denies access if the client is not
- able to speak netlogon schannel. This is only the case
- for Windows NT4 before SP4.</para>
+ <para>
+ This controls whether the server offers or even demands the use of the netlogon schannel.
+ <smbconfoption name="server schannel">no</smbconfoption> does not offer the schannel, <smbconfoption
+ name="server schannel">auto</smbconfoption> offers the schannel but does not enforce it, and <smbconfoption
+ name="server schannel">yes</smbconfoption> denies access if the client is not able to speak netlogon schannel.
+ This is only the case for Windows NT4 before SP4.
+ </para>
- <para>Please note that with this set to
- <parameter>no</parameter> you will have to apply the
- WindowsXP requireSignOrSeal-Registry patch found in
- the docs/Registry subdirectory.</para>
+ <para>
+ Please note that with this set to <literal>no</literal> you will have to apply the WindowsXP
+ <filename>WinXP_SignOrSeal.reg</filename> registry patch found in the docs/registry subdirectory of the Samba distribution tarball.
+ </para>
</description>
<value type="default">auto</value>
diff --git a/docs/smbdotconf/security/updateencrypted.xml b/docs/smbdotconf/security/updateencrypted.xml
index 7042a11678..da493665cf 100644
--- a/docs/smbdotconf/security/updateencrypted.xml
+++ b/docs/smbdotconf/security/updateencrypted.xml
@@ -5,29 +5,29 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This boolean parameter allows a user logging on with
- a plaintext password to have their encrypted (hashed) password in
- the smbpasswd file to be updated automatically as they log
- on. This option allows a site to migrate from plaintext
- password authentication (users authenticate with plaintext
- password over the wire, and are checked against a UNIX account
- database) to encrypted password authentication (the SMB
- challenge/response authentication mechanism) without forcing all
- users to re-enter their passwords via smbpasswd at the time the
- change is made. This is a convenience option to allow the change
- over to encrypted passwords to be made over a longer period.
- Once all users have encrypted representations of their passwords
- in the smbpasswd file this parameter should be set to
- <constant>no</constant>.</para>
+ <para>
+ This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
+ password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
+ migrate from plaintext password authentication (users authenticate with plaintext password over the
+ wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB
+ challenge/response authentication mechanism) without forcing all users to re-enter their passwords via
+ smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted
+ passwords to be made over a longer period. Once all users have encrypted representations of their passwords
+ in the smbpasswd file this parameter should be set to <constant>no</constant>.
+ </para>
- <para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS">
- <parameter moreinfo="none">encrypt passwords</parameter></link> parameter must
- be set to <constant>no</constant> when this parameter is set to <constant>yes</constant>.</para>
+ <para>
+ In order for this parameter to be operative the <smbconfoption name="encrypt passwords"/> parameter must
+ be set to <constant>no</constant>. The default value of <smbconfoption name="encrypt
+ passwords">Yes</smbconfoption>. Note: This must be set to <constant>no</constant> for this <smbconfoption
+ name="update encrypted"/> to work.
+ </para>
- <para>Note that even when this parameter is set a user
- authenticating to <command moreinfo="none">smbd</command> must still enter a valid
- password in order to connect correctly, and to update their hashed
- (smbpasswd) passwords.</para>
+ <para>
+ Note that even when this parameter is set a user authenticating to <command moreinfo="none">smbd</command>
+ must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd)
+ passwords.
+ </para>
</description>
<value type="default">no</value>
diff --git a/docs/smbdotconf/security/username.xml b/docs/smbdotconf/security/username.xml
index 9a6d83ae71..3a45d4d72f 100644
--- a/docs/smbdotconf/security/username.xml
+++ b/docs/smbdotconf/security/username.xml
@@ -32,8 +32,7 @@
so they cannot do anything that user cannot do.</para>
<para>To restrict a service to a particular set of users you
- can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users
- </parameter></link> parameter.</para>
+ can use the <smbconfoption name="valid users"/> parameter.</para>
<para>If any of the usernames begin with a '@' then the name
will be looked up first in the NIS netgroups list (if Samba
@@ -54,9 +53,9 @@
quite some time, and some clients may time out during the
search.</para>
- <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
- USERNAME/PASSWORD VALIDATION</link> for more information on how
-this parameter determines access to the services.</para>
+ <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
+ USERNAME/PASSWORD VALIDATION</link> for more information on how
+ this parameter determines access to the services.</para>
</description>
<value type="default"><comment>The guest account if a guest service,
diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml
index 1c76d31711..ef4291733e 100644
--- a/docs/smbdotconf/security/usernamemap.xml
+++ b/docs/smbdotconf/security/usernamemap.xml
@@ -75,8 +75,7 @@ guest = *
will actually be connecting to \\server\mary and will need to
supply a password suitable for <constant>mary</constant> not
<constant>fred</constant>. The only exception to this is the
- username passed to the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">
- password server</parameter></link> (if you have one). The password
+ username passed to the <smbconfoption name="password server"/> (if you have one). The password
server will receive whatever username the client supplies without
modification.</para>
diff --git a/docs/smbdotconf/security/writeable.xml b/docs/smbdotconf/security/writeable.xml
index 1bb0e41810..f811c47e5c 100644
--- a/docs/smbdotconf/security/writeable.xml
+++ b/docs/smbdotconf/security/writeable.xml
@@ -4,7 +4,6 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>writable</synonym>
<description>
- <para>Inverted synonym for <link linkend="READONLY">
- <parameter moreinfo="none">read only</parameter></link>.</para>
+ <para>Inverted synonym for <smbconfoption name="read only"/>.</para>
</description>
</samba:parameter>
diff --git a/docs/smbdotconf/tuning/getwdcache.xml b/docs/smbdotconf/tuning/getwdcache.xml
index cac8dba47b..74d30c28e5 100644
--- a/docs/smbdotconf/tuning/getwdcache.xml
+++ b/docs/smbdotconf/tuning/getwdcache.xml
@@ -6,8 +6,7 @@
<para>This is a tuning option. When this is enabled a
caching algorithm will be used to reduce the time taken for getwd()
calls. This can have a significant impact on performance, especially
- when the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter>
-</link> parameter is set to <constant>no</constant>.</para>
+ when the <smbconfoption name="wide smbconfoptions"/> parameter is set to <constant>no</constant>.</para>
</description>
<value type="default">yes</value>
diff --git a/docs/smbdotconf/tuning/keepalive.xml b/docs/smbdotconf/tuning/keepalive.xml
index 5648253478..0586365512 100644
--- a/docs/smbdotconf/tuning/keepalive.xml
+++ b/docs/smbdotconf/tuning/keepalive.xml
@@ -11,8 +11,7 @@
a client is still present and responding.</para>
<para>Keepalives should, in general, not be needed if the socket
- has the SO_KEEPALIVE attribute set on it by default. (see <link linkend="SOCKETOPTIONS">
- <parameter moreinfo="none">socket options</parameter></link>).
+ has the SO_KEEPALIVE attribute set on it by default. (see <smbconfoption name="socket options"/>).
Basically you should only use this option if you strike difficulties.</para>
</description>
diff --git a/docs/smbdotconf/tuning/maxconnections.xml b/docs/smbdotconf/tuning/maxconnections.xml
index ac014100ea..1e3043b2f7 100644
--- a/docs/smbdotconf/tuning/maxconnections.xml
+++ b/docs/smbdotconf/tuning/maxconnections.xml
@@ -9,8 +9,7 @@
of zero mean an unlimited number of connections may be made.</para>
<para>Record lock files are used to implement this feature. The lock files will be stored in
- the directory specified by the <link linkend="LOCKDIRECTORY">
- <parameter moreinfo="none">lock directory</parameter></link> option.</para>
+ the directory specified by the <smbconfoption name="lock directory"/> option.</para>
</description>
<value type="default">0</value>
diff --git a/docs/smbdotconf/vfs/hostmsdfs.xml b/docs/smbdotconf/vfs/hostmsdfs.xml
index f941621a6c..877daac998 100644
--- a/docs/smbdotconf/vfs/hostmsdfs.xml
+++ b/docs/smbdotconf/vfs/hostmsdfs.xml
@@ -8,8 +8,7 @@
server, and allow Dfs-aware clients to browse Dfs trees hosted
on the server.</para>
- <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none">
- msdfs root</parameter></link> share level parameter. For
+ <para>See also the <smbconfoption name="msdfs root"/> share level parameter. For
more information on setting up a Dfs tree on Samba,
refer to <link linkend="msdfs"/>.
</para>
diff --git a/docs/smbdotconf/vfs/msdfsproxy.xml b/docs/smbdotconf/vfs/msdfsproxy.xml
index 86e8175f06..5117bae224 100644
--- a/docs/smbdotconf/vfs/msdfsproxy.xml
+++ b/docs/smbdotconf/vfs/msdfsproxy.xml
@@ -10,8 +10,7 @@
the SMB-Dfs protocol.</para>
<para>Only Dfs roots can act as proxy shares. Take a look at the
- <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link>
- and <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link>
+ <smbconfoption name="msdfs root"/> and <smbconfoption name="host msdfs"/>
options to find out how to set up a Dfs root share.</para>
</description>
diff --git a/docs/smbdotconf/vfs/msdfsroot.xml b/docs/smbdotconf/vfs/msdfsroot.xml
index 5fdaef5092..24b8884ffc 100644
--- a/docs/smbdotconf/vfs/msdfsroot.xml
+++ b/docs/smbdotconf/vfs/msdfsroot.xml
@@ -16,5 +16,5 @@
<related>host msdfs</related>
<value type="default">no</value>
- <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para>
+ <para>See also <smbconfoption name="host msdfs"/></para>
</samba:parameter>