1 files changed, 12 insertions, 2 deletions

diff --git a/docs/docbook/smbdotconf/security/authmethods.xml b/docs/docbook/smbdotconf/security/authmethods.xml
index 0b7965d55b..7c0f5a71e1 100644
--- a/docs/docbook/smbdotconf/security/authmethods.xml
+++ b/docs/docbook/smbdotconf/security/authmethods.xml
@@ -6,14 +6,24 @@
     <para>This option allows the administrator to chose what
     authentication methods <command moreinfo="none">smbd</command> will use when authenticating
     a user.  This option defaults to sensible values based on <link linkend="SECURITY">
-    <parameter moreinfo="none">security</parameter></link>.</para>
+    <parameter moreinfo="none">security</parameter></link>.  This should be considered
+    a developer option and used only in rare circumstances.  In the majority (if not all)
+    of production servers, the default setting should be adequate.</para>
 
     <para>Each entry in the list attempts to authenticate the user in turn, until
     the user authenticates.  In practice only one method will ever actually 
     be able to complete the authentication.
     </para>
 
+    <para>Possible options include <constant>guest</constant> (anonymous access), 
+    <constant>sam</constant> (lookups in local list of accounts based on netbios 
+    name or domain name), <constant>winbind</constant> (relay authentication requests
+    for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd 
+    method of authentication for remote domain users; deprecated in favour of winbind method), 
+    <constant>trustdomain</constant> (authenticate trusted users by contacting the 
+    remote DC directly from smbd; deprecated in favour of winbind method).</para>
+
     <para>Default: <command moreinfo="none">auth methods = &lt;empty string&gt;</command></para>
-    <para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para>
+    <para>Example: <command moreinfo="none">auth methods = guest sam winbind</command></para>
 </listitem>
 </samba:parameter>