1 files changed, 65 insertions, 67 deletions
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml
index e0489c43c4..ccef2fa623 100644
--- a/docs/docbook/manpages/winbindd.8.sgml
+++ b/docs/docbook/manpages/winbindd.8.sgml
@@ -1,7 +1,5 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
-<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
-]>
-<refentry id="winbindd.8">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<refentry id="winbindd">
 
 <refmeta>
 	<refentrytitle>winbindd</refentrytitle>
@@ -31,8 +29,8 @@
 <refsect1>
 	<title>DESCRIPTION</title>
 
-	<para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
-	<manvolnum>7</manvolnum></citerefentry> suite.</para>
+	<para>This program is part of the <ulink url="samba.7.html">
+	Samba</ulink> suite.</para>
 
 	<para><command>winbindd</command> is a daemon that provides 
 	a service for the Name Service Switch capability that is present 
@@ -90,11 +88,12 @@
 	<filename>/etc/nsswitch.conf</filename> file can be used to initially 
 	resolve user and group information from <filename>/etc/passwd
 	</filename> and <filename>/etc/group</filename> and then from the 
-	Windows NT server.
-<programlisting>
+	Windows NT server. </para>
+
+	<para><programlisting>
 passwd:         files winbind
 group:          files winbind
-</programlisting></para>  
+	</programlisting></para>  
 
 	<para>The following simple configuration in the
 	<filename>/etc/nsswitch.conf</filename> file can be used to initially
@@ -130,8 +129,13 @@ group:          files winbind
 		than a file.</para></listitem>
 		</varlistentry>
 
-		&popt.common.samba;
-		&stdarg.help;
+		<varlistentry>
+		<term>-d debuglevel</term>
+		<listitem><para>Sets the debuglevel to an integer between 
+		0 and 100. 0 is for no debugging and 100 is for reams and 
+		reams. To submit a bug report to the Samba Team, use debug 
+		level 100 (see BUGS.txt).   </para></listitem>
+		</varlistentry>
 
 		<varlistentry>
 		<term>-i</term>
@@ -161,10 +165,15 @@ group:          files winbind
 		as 2 threads. The first will answer all requests from the cache, 
 		thus making responses to clients faster. The other will 
 		update the cache for the query that the first has just responded. 
-		Advantage of this is that responses stay accurate and are faster.
+		Advantage of this is that responses are accurate and fast.
 		</para></listitem>
 		</varlistentry>
 
+		<varlistentry>
+		<term>-s|--conf=smb.conf</term>
+		<listitem><para>Specifies the location of the all-important
+		<filename>smb.conf</filename> file. </para></listitem>
+		</varlistentry>
 	</variablelist>
 </refsect1>
 
@@ -199,9 +208,8 @@ group:          files winbind
 	<title>CONFIGURATION</title>
 
 	<para>Configuration of the <command>winbindd</command> daemon 
-	is done through configuration parameters in the <citerefentry>
-	<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
-	</citerefentry> file.  All parameters should be specified in the 
+	is done through configuration parameters in the <filename>smb.conf(5)
+	</filename> file.  All parameters should be specified in the 
 	[global] section of smb.conf. </para>
 
 	<itemizedlist>
@@ -235,24 +243,27 @@ group:          files winbind
 	following setup. This was tested on a RedHat 6.2 Linux box. </para>
 
 	<para>In <filename>/etc/nsswitch.conf</filename> put the 
-	following:
-<programlisting>
+	following:</para>
+
+	<para><programlisting>
 passwd:     files winbind
 group:      files winbind
-</programlisting></para>  
+	</programlisting></para>  
+
+	<para>In <filename>/etc/pam.d/*</filename> replace the 
+	<parameter>auth</parameter> lines with something like this: </para>
 
-	<para>In <filename>/etc/pam.d/*</filename> replace the <parameter>
-	auth</parameter> lines with something like this:
-<programlisting>
+ 
+	<para><programlisting>
 auth       required	/lib/security/pam_securetty.so
 auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
 auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
-</programlisting></para>
+	</programlisting></para>
   
 
-	<para>Note in particular the use of the <parameter>sufficient
-	</parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para>
+	<para>Note in particular the use of the <parameter>sufficient</parameter> 
+	keyword and the <parameter>use_first_pass</parameter> keyword. </para>
 
 	<para>Now replace the account lines with this: </para> 
 	
@@ -260,26 +271,28 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	</command></para>
  
   	<para>The next step is to join the domain. To do that use the 
-	<command>net</command> program like this:  </para>
+	<command>smbpasswd</command> program like this:  </para>
  
-	<para><command>net join -S PDC -U Administrator</command></para>
+	<para><command>smbpasswd -j DOMAIN -r PDC -U
+	Administrator</command></para>
  
 	<para>The username after the <parameter>-U</parameter> can be any
 	Domain user that has administrator privileges on the machine.
-	Substitute the name or IP of your PDC for "PDC".</para>
+	Substitute your domain name for "DOMAIN" and the name of your PDC
+	for "PDC".</para>
 
 	<para>Next copy <filename>libnss_winbind.so</filename> to 
-	<filename>/lib</filename> and <filename>pam_winbind.so
-	</filename> to <filename>/lib/security</filename>.  A symbolic link needs to be
+	<filename>/lib</filename> and <filename>pam_winbind.so</filename>
+	to <filename>/lib/security</filename>.  A symbolic link needs to be
 	made from <filename>/lib/libnss_winbind.so</filename> to
 	<filename>/lib/libnss_winbind.so.2</filename>.  If you are using an
 	older version of glibc then the target of the link should be
 	<filename>/lib/libnss_winbind.so.1</filename>.</para>
 
-	<para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle>
-	<manvolnum>5</manvolnum></citerefentry> containing directives like the 
-	following:
-<programlisting>
+	<para>Finally, setup a <filename>smb.conf</filename> containing directives like the 
+	following:  </para> 
+
+	<para><programlisting>
 [global]
 	winbind separator = +
         winbind cache time = 10
@@ -290,7 +303,7 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
         workgroup = DOMAIN
         security = domain
         password server = *
-</programlisting></para>
+	</programlisting></para>
   
 
 	<para>Now start winbindd and you should find that your user and 
@@ -308,14 +321,19 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	<para>The following notes are useful when configuring and 
 	running <command>winbindd</command>: </para>
 
-	<para><citerefentry><refentrytitle>nmbd</refentrytitle>
-	<manvolnum>8</manvolnum></citerefentry> must be running on the local machine 
-	for <command>winbindd</command> to work. <command>winbindd</command> queries
-	the list of trusted domains for the Windows NT server
+	<para><command>nmbd</command> must be running on the local machine 
+	for <command>winbindd</command> to work. <command>winbindd</command>
+	queries the list of trusted domains for the Windows NT server
 	on startup and when a SIGHUP is received.  Thus, for a running <command>
 	winbindd</command> to become aware of new trust relationships between 
 	servers, it must be sent a SIGHUP signal. </para>
 
+	<para>Client processes resolving names through the <command>winbindd</command>
+	nsswitch module read an environment variable named <envar>
+	$WINBINDD_DOMAIN</envar>.  If this variable contains a comma separated
+	list of Windows NT domain names, then winbindd will only resolve users
+	and groups within those Windows NT domains. </para>
+
 	<para>PAM is really easy to misconfigure.  Make sure you know what 
 	you are doing when modifying PAM configuration files.  It is possible 
 	to set up PAM such that you can no longer log into your system. </para>
@@ -339,9 +357,8 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	<variablelist>
 		<varlistentry>
 		<term>SIGHUP</term>
-		<listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle>
-		<manvolnum>5</manvolnum></citerefentry> file and 
-		apply any parameter changes to the running 
+		<listitem><para>Reload the <filename>smb.conf(5)</filename>
+		file and apply any parameter changes to the running 
 		version of winbindd.  This signal also clears any cached 
 		user and group information.  The list of other domains trusted 
 		by winbindd is also reloaded.  </para></listitem>
@@ -381,21 +398,6 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 		</varlistentry>
 
 		<varlistentry>
-		<term>$LOCKDIR/winbindd_privilaged/pipe</term>
-	        <listitem><para>The UNIX pipe over which 'privilaged' clients 
-                communicate with the <command>winbindd</command> program.  For security 
-                reasons, access to some winbindd functions - like those needed by 
-                the <command>ntlm_auth</command> utility - is restricted.  By default,
-                only users in the 'root' group will get this access, however the administrator
-                may change the group permissions on $LOCKDIR/winbindd_privilaged to allow
-                programs like 'squid' to use ntlm_auth.
-		Note that the winbind client will only attempt to connect to the winbindd daemon 
-		if both the <filename>$LOCKDIR/winbindd_privilaged</filename> directory
-		and <filename>$LOCKDIR/winbindd_privilaged/pipe</filename> file are owned by 
-		root. </para></listitem>
-		</varlistentry>
-
-		<varlistentry>
 		<term>/lib/libnss_winbind.so.X</term>
 		<listitem><para>Implementation of name service switch library.
 		</para></listitem>
@@ -429,13 +431,10 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 <refsect1>
 	<title>SEE ALSO</title>
 	
-	<para><filename>nsswitch.conf(5)</filename>, <citerefentry>
-	<refentrytitle>Samba</refentrytitle>
-	<manvolnum>7</manvolnum></citerefentry>, <citerefentry>
-	<refentrytitle>wbinfo</refentrytitle>
-	<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
-	<refentrytitle>smb.conf</refentrytitle>
-	<manvolnum>5</manvolnum></citerefentry></para>
+	<para><filename>nsswitch.conf(5)</filename>,
+	<ulink url="samba.7.html">samba(7)</ulink>,
+	<ulink url="wbinfo.1.html">wbinfo(1)</ulink>,
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink></para>
 </refsect1>
 
 <refsect1>
@@ -446,12 +445,11 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	by the Samba Team as an Open Source project similar 
 	to the way the Linux kernel is developed.</para>
 	
-	<para><command>wbinfo</command> and <command>winbindd</command> were 
-	written by Tim Potter.</para>
+	<para><command>wbinfo</command> and <command>winbindd</command>
+	were written by Tim Potter.</para>
 	
 	<para>The conversion to DocBook for Samba 2.2 was done 
-	by Gerald Carter. The conversion to DocBook XML 4.2 for
-	Samba 3.0 was done by Alexander Bokovoy.</para>
+	by Gerald Carter</para>
 </refsect1>
 
 </refentry>