1 files changed, 21 insertions, 24 deletions
diff --git a/docs/Samba-Guide/Chap04-SecureOfficeServer.xml b/docs/Samba-Guide/Chap04-SecureOfficeServer.xml
index 1ea6df9d2a..41e18a475d 100644
--- a/docs/Samba-Guide/Chap04-SecureOfficeServer.xml
+++ b/docs/Samba-Guide/Chap04-SecureOfficeServer.xml
@@ -512,8 +512,7 @@ Given 500 Users and 2 years:
 	      <primary>name resolve order</primary>
 	    </indexterm>
 		WINS serving is enabled by the <smbconfoption name="wins support">Yes</smbconfoption>,
-		and name resolution is set to use it by means of the <smbconfoption><name>name resolve order</name>
-		<value>wins bcast hosts</value></smbconfoption> entry.
+		and name resolution is set to use it by means of the <smbconfoption name="name resolve order">wins bcast hosts</smbconfoption> entry.
 		</para></listitem>
 
 	<listitem><para><indexterm>
@@ -554,9 +553,9 @@ Given 500 Users and 2 years:
 	      <primary>User Mode</primary>
 	    </indexterm>
 		The &smb.conf; file specifies that the Samba server will operate in (default) <parameter>
-		security = user</parameter> mode<footnote>See <emphasis>TOSHARG</emphasis>, Chapter 3. This is necessary
+			security = user</parameter> mode<footnote><para>See <emphasis>TOSHARG</emphasis>, Chapter 3. This is necessary
 		so that Samba can act as a Domain Controller (PDC); see <emphasis>TOSHARG</emphasis>, Chapter 4 for 
-		additional information.</footnote> (User Mode).
+		additional information.</para></footnote> (User Mode).
 		</para></listitem>
 
 	<listitem><para><indexterm>
@@ -575,8 +574,7 @@ Given 500 Users and 2 years:
 	    </indexterm><indexterm>
 	      <primary>profile share</primary>
 	    </indexterm>
-		Roaming profiles are enabled through the specification of the parameter, <smbconfoption><name>logon path</name>
-		<value>\\%L\profiles\%U</value></smbconfoption>. The value of this parameter translates the
+		Roaming profiles are enabled through the specification of the parameter, <smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>. The value of this parameter translates the
 		<constant>%L</constant> to the name by which the Samba server is called by the client (for this
 		configuration, it translates to the name <constant>DIAMOND</constant>), and the <constant>%U</constant>
 		will translate to the name of the user within the context of the connection made to the profile share.
@@ -728,8 +726,8 @@ echo 1 > /proc/sys/net/ipv4/ip_forward
 </screen>
 		To ensure that your kernel is capable of IP forwarding during configuration, you may 
 		wish to execute that command manually also. This setting permits the Linux system to 
-		act as a router.<footnote>ED NOTE: You may want to do the echo command last and include 
-		"0" in the init scripts since it opens up your network for a short time.</footnote>
+		act as a router.<footnote><para>ED NOTE: You may want to do the echo command last and include 
+				"0" in the init scripts since it opens up your network for a short time.</para></footnote>
 		</para></step>
 
 	  <step><para><indexterm>
@@ -869,8 +867,7 @@ echo -e "\nNAT firewall done.\n"
 <smbconfoption name="bind interfaces only">Yes</smbconfoption>
 <smbconfoption name="passdb backend">tdbsam</smbconfoption>
 <smbconfoption name="pam password change">Yes</smbconfoption>
-<smbconfoption name="passwd chat">*New*Password* %n\n *Re-enter*new*password*</smbconfoption>
-<member><parameter> %n\n *Password*changed*</parameter></member>
+<smbconfoption name="passwd chat">*New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</smbconfoption>
 <smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
 <smbconfoption name="unix password sync">Yes</smbconfoption>
 <smbconfoption name="log level">1</smbconfoption>
@@ -887,8 +884,7 @@ echo -e "\nNAT firewall done.\n"
 <smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption>
 <smbconfoption name="delete group script">/usr/sbin/groupdel '%g'</smbconfoption>
 <smbconfoption name="add user to group script">/usr/sbin/usermod -G '%g' '%u'</smbconfoption>
-<smbconfoption name="add machine script">/usr/sbin/useradd</smbconfoption>
-<member><parameter>-s /bin/false -d /tmp '%u'</parameter></member>
+<smbconfoption name="add machine script">/usr/sbin/useradd -s /bin/false -d /tmp '%u'</smbconfoption>
 <smbconfoption name="shutdown script">/var/lib/samba/scripts/shutdown.sh</smbconfoption>
 <smbconfoption name="abort shutdown script">/sbin/shutdown -c</smbconfoption>
 <smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
@@ -1282,7 +1278,7 @@ subnet 123.45.67.64 netmask 255.255.255.252 {
 		<step><para>
 		Create the files shown in their directories as follows:
 
-			<table if="namedrscfiles">
+			<table id="namedrscfiles">
 				<title>DNS (named) Resource Files</title>
 				<tgroup cols="2">
 					<colspec align="left"/>
@@ -1960,10 +1956,10 @@ $rootprompt; ps ax | grep winbind
 14295 ?        S     0:00 /usr/sbin/winbindd -B
 </screen>
 			The <command>winbindd</command> daemon is running in split mode (normal), so there are also
-			two instances<footnote>For more information regarding winbindd, see <emphasis>TOSHARG</emphasis>, 
+			two instances<footnote><para>For more information regarding winbindd, see <emphasis>TOSHARG</emphasis>, 
 			Chapter 22, Section 22.3. The single instance of <command>smbd</command> is normal. One additional
 			<command>smbd</command> slave process is spawned for each SMB/CIFS client 
-			connection.</footnote> of it.
+			connection.</para></footnote> of it.
 			</para></step>
 	
 			<step><para>
@@ -2332,6 +2328,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 		include the Accounting department HP LaserJet 6 and Minolta QMS Magicolor printers. You will
 		also configure identical printers that are located in the financial services department.
 		Install printers on each machine using the following steps:
+		</para>
 
 			<procedure>
 				<step><para>
@@ -2365,8 +2362,8 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 				dialog panel. Right-click <menuchoice>
 					<guiicon>HP LaserJet 6</guiicon>
 					<guimenuitem>Properties</guimenuitem>
-					<guimenusub>Details (Tab)</guimenusub>
-					<guimenubutton>Add Port</guimenubutton>
+					<guisubmenu>Details (Tab)</guisubmenu>
+					<guimenuitem>Add Port</guimenuitem>
 					</menuchoice>.
 				</para></step>
 
@@ -2384,7 +2381,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 				as well as for both QMS Magicolor laser printers.
 				</para></step>
 			</procedure>
-		</para></step>
+		</step>
 
 	  <step><para><indexterm>
 		<primary>defragmentation</primary>
@@ -2477,7 +2474,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 	<para>
 	</para>
 
-	<qandaset defaultlabel="chap04qa" type="number">
+	<qandaset>
 	<qandaentry>
 	<question>
 
@@ -2511,8 +2508,8 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 		in the tdbsam backend to 250. This is the point at which most networks tend to want backup domain
 		controllers (BDCs). Samba-3 does not provide a mechanism for replicating tdbsam data so it can be used
 		by a BDC. The limitation of 250 users per tdbsam is predicated only on the need for replication
-		not on the limits<footnote>Bench tests have shown that tdbsam is a very effective database technology.
-		There is surprisingly little performance loss even with over 4000 users.</footnote> of the tdbsam backend itself. 
+		not on the limits<footnote><para>Bench tests have shown that tdbsam is a very effective database technology.
+				There is surprisingly little performance loss even with over 4000 users.</para></footnote> of the tdbsam backend itself. 
 		</para>
 
 	</answer>
@@ -2682,8 +2679,8 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 		means <constant>top level domain</constant>. A FQDN is a long hand but easy to remember
 		expression that may be up to 1024 characters in length and that represents an IP address. 
 		A NetBIOS name is always 16 characters long. The 16<superscript>th</superscript> character
-		is a name type indicator. A specific name type is registered<footnote>
-		See <emphasis>TOSHARG</emphasis>, Chapter 9 for more information.</footnote> for each 
+		is a name type indicator. A specific name type is registered<footnote><para>
+				See <emphasis>TOSHARG</emphasis>, Chapter 9 for more information.</para></footnote> for each 
 		type of service that is provided by the Windows server or client and that may be registered
 		where a WINS server is in use.
 		</para>
@@ -2704,7 +2701,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 
 		<para>
 		Windows 200x Active Directory requires the registration in the DNS zone for the domain it 
-		controls of service locator<footnote>See TOSHARG, Chapter 9, Section 9.3.3</footnote> records 
+		controls of service locator<footnote><para>See TOSHARG, Chapter 9, Section 9.3.3</para></footnote> records 
 		that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also 
 		requires the registration of special records that are called global catalog (GC) entries 
 		and site entries by which domain controllers and other essential ADS servers may be located.