1 files changed, 53 insertions, 82 deletions

diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index a1e39fa172..696de8537b 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -3,8 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WINBINDD" "8" "07 april 2003" "" ""
-
+.TH "WINBINDD" "8" "04 March 2003" "" ""
 .SH NAME
 winbindd \- Name Service Switch daemon for resolving names  from NT servers
 .SH SYNOPSIS
@@ -13,7 +12,7 @@ winbindd \- Name Service Switch daemon for resolving names  from NT servers
 
 .SH "DESCRIPTION"
 .PP
-This program is part of the \fBSamba\fR(7) suite.
+This program is part of the  Samba suite.
 .PP
 \fBwinbindd\fR is a daemon that provides 
 a service for the Name Service Switch capability that is present 
@@ -60,11 +59,13 @@ For example, the following simple configuration in the
 \fI/etc/nsswitch.conf\fR file can be used to initially 
 resolve user and group information from \fI/etc/passwd
 \fR and \fI/etc/group\fR and then from the 
-Windows NT server.
+Windows NT server. 
+.PP
 
 .nf
 passwd:         files winbind
 group:          files winbind
+	
 .fi
 .PP
 The following simple configuration in the
@@ -90,49 +91,11 @@ If specified, this parameter causes
 \fBwinbindd\fR to log to standard output rather
 than a file.
 .TP
-\fB-V\fR
-Prints the version number for 
-\fBsmbd\fR.
-.TP
-\fB-s <configuration file>\fR
-The file specified contains the 
-configuration details required by the server.  The 
-information in this file includes server-specific
-information such as what printcap file to use, as well 
-as descriptions of all the services that the server is 
-to provide. See \fIsmb.conf(5)\fR for more information.
-The default configuration file name is determined at 
-compile time.
-.TP
-\fB-d|--debug=debuglevel\fR
-\fIdebuglevel\fR is an integer 
-from 0 to 10.  The default value if this parameter is 
-not specified is zero.
-
-The higher this value, the more detail will be 
-logged to the log files about the activities of the 
-server. At level 0, only critical errors and serious 
-warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of 
-information about operations carried out.
-
-Levels above 1 will generate considerable 
-amounts of log data, and should only be used when 
-investigating a problem. Levels above 3 are designed for 
-use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.
-
-Note that specifying this parameter here will 
-override the log
-level file.
-.TP
-\fB-l|--logfile=logbasename\fR
-File name for log/debug files. The extension
-".client" will be appended. The log file is
-never removed by the client.
-.TP
-\fB-h|--help\fR
-Print a summary of command line options.
+\fB-d debuglevel\fR
+Sets the debuglevel to an integer between 
+0 and 100. 0 is for no debugging and 100 is for reams and 
+reams. To submit a bug report to the Samba Team, use debug 
+level 100 (see BUGS.txt).   
 .TP
 \fB-i\fR
 Tells \fBwinbindd\fR to not 
@@ -155,7 +118,11 @@ Dual daemon mode. This means winbindd will run
 as 2 threads. The first will answer all requests from the cache, 
 thus making responses to clients faster. The other will 
 update the cache for the query that the first has just responded. 
-Advantage of this is that responses stay accurate and are faster.
+Advantage of this is that responses are accurate and fast.
+.TP
+\fB-s|--conf=smb.conf\fR
+Specifies the location of the all-important
+\fIsmb.conf\fR file. 
 .SH "NAME AND ID RESOLUTION"
 .PP
 Users and groups on a Windows NT server are assigned 
@@ -180,7 +147,8 @@ and group rids.
 .SH "CONFIGURATION"
 .PP
 Configuration of the \fBwinbindd\fR daemon 
-is done through configuration parameters in the \fBsmb.conf\fR(5) file.  All parameters should be specified in the 
+is done through configuration parameters in the \fIsmb.conf(5)
+\fR file.  All parameters should be specified in the 
 [global] section of smb.conf. 
 .TP 0.2i
 \(bu
@@ -217,23 +185,28 @@ following setup. This was tested on a RedHat 6.2 Linux box.
 .PP
 In \fI/etc/nsswitch.conf\fR put the 
 following:
+.PP
 
 .nf
 passwd:     files winbind
 group:      files winbind
+	
 .fi
 .PP
-In \fI/etc/pam.d/*\fR replace the \fI auth\fR lines with something like this:
+In \fI/etc/pam.d/*\fR replace the 
+\fIauth\fR lines with something like this: 
+.PP
 
 .nf
 auth       required	/lib/security/pam_securetty.so
 auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
 auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+	
 .fi
 .PP
-Note in particular the use of the \fIsufficient
-\fR keyword and the \fIuse_first_pass\fR keyword. 
+Note in particular the use of the \fIsufficient\fR 
+keyword and the \fIuse_first_pass\fR keyword. 
 .PP
 Now replace the account lines with this: 
 .PP
@@ -241,24 +214,27 @@ Now replace the account lines with this:
 \fR
 .PP
 The next step is to join the domain. To do that use the 
-\fBnet\fR program like this:  
+\fBsmbpasswd\fR program like this:  
 .PP
-\fBnet join -S PDC -U Administrator\fR
+\fBsmbpasswd -j DOMAIN -r PDC -U
+Administrator\fR
 .PP
 The username after the \fI-U\fR can be any
 Domain user that has administrator privileges on the machine.
-Substitute the name or IP of your PDC for "PDC".
+Substitute your domain name for "DOMAIN" and the name of your PDC
+for "PDC".
 .PP
 Next copy \fIlibnss_winbind.so\fR to 
-\fI/lib\fR and \fIpam_winbind.so
-\fR to \fI/lib/security\fR.  A symbolic link needs to be
+\fI/lib\fR and \fIpam_winbind.so\fR
+to \fI/lib/security\fR.  A symbolic link needs to be
 made from \fI/lib/libnss_winbind.so\fR to
 \fI/lib/libnss_winbind.so.2\fR.  If you are using an
 older version of glibc then the target of the link should be
 \fI/lib/libnss_winbind.so.1\fR.
 .PP
-Finally, setup a \fBsmb.conf\fR(5) containing directives like the 
-following:
+Finally, setup a \fIsmb.conf\fR containing directives like the 
+following:  
+.PP
 
 .nf
 [global]
@@ -271,6 +247,7 @@ following:
         workgroup = DOMAIN
         security = domain
         password server = *
+	
 .fi
 .PP
 Now start winbindd and you should find that your user and 
@@ -284,12 +261,17 @@ commands \fBgetent passwd\fR and \fBgetent group
 The following notes are useful when configuring and 
 running \fBwinbindd\fR: 
 .PP
-\fBnmbd\fR(8) must be running on the local machine 
-for \fBwinbindd\fR to work. \fBwinbindd\fR queries
-the list of trusted domains for the Windows NT server
+\fBnmbd\fR must be running on the local machine 
+for \fBwinbindd\fR to work. \fBwinbindd\fR
+queries the list of trusted domains for the Windows NT server
 on startup and when a SIGHUP is received.  Thus, for a running \fB winbindd\fR to become aware of new trust relationships between 
 servers, it must be sent a SIGHUP signal. 
 .PP
+Client processes resolving names through the \fBwinbindd\fR
+nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR.  If this variable contains a comma separated
+list of Windows NT domain names, then winbindd will only resolve users
+and groups within those Windows NT domains. 
+.PP
 PAM is really easy to misconfigure.  Make sure you know what 
 you are doing when modifying PAM configuration files.  It is possible 
 to set up PAM such that you can no longer log into your system. 
@@ -307,8 +289,8 @@ The following signals can be used to manipulate the
 \fBwinbindd\fR daemon. 
 .TP
 \fBSIGHUP\fR
-Reload the \fBsmb.conf\fR(5) file and 
-apply any parameter changes to the running 
+Reload the \fIsmb.conf(5)\fR
+file and apply any parameter changes to the running 
 version of winbindd.  This signal also clears any cached 
 user and group information.  The list of other domains trusted 
 by winbindd is also reloaded.  
@@ -333,19 +315,6 @@ if both the \fI/tmp/.winbindd\fR directory
 and \fI/tmp/.winbindd/pipe\fR file are owned by 
 root. 
 .TP
-\fB$LOCKDIR/winbindd_privilaged/pipe\fR
-The UNIX pipe over which 'privilaged' clients 
-communicate with the \fBwinbindd\fR program.  For security 
-reasons, access to some winbindd functions - like those needed by 
-the \fBntlm_auth\fR utility - is restricted.  By default,
-only users in the 'root' group will get this access, however the administrator
-may change the group permissions on $LOCKDIR/winbindd_privilaged to allow
-programs like 'squid' to use ntlm_auth.
-Note that the winbind client will only attempt to connect to the winbindd daemon 
-if both the \fI$LOCKDIR/winbindd_privilaged\fR directory
-and \fI$LOCKDIR/winbindd_privilaged/pipe\fR file are owned by 
-root. 
-.TP
 \fB/lib/libnss_winbind.so.X\fR
 Implementation of name service switch library.
 .TP
@@ -364,7 +333,10 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fInsswitch.conf(5)\fR, \fBSamba\fR(7), \fBwbinfo\fR(8), \fBsmb.conf\fR(5)
+\fInsswitch.conf(5)\fR,
+samba(7)
+wbinfo(1)
+smb.conf(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -372,9 +344,8 @@ were created by Andrew Tridgell. Samba is now developed
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-\fBwbinfo\fR and \fBwinbindd\fR were 
-written by Tim Potter.
+\fBwbinfo\fR and \fBwinbindd\fR
+were written by Tim Potter.
 .PP
 The conversion to DocBook for Samba 2.2 was done 
-by Gerald Carter. The conversion to DocBook XML 4.2 for
-Samba 3.0 was done by Alexander Bokovoy.
+by Gerald Carter