10 files changed, 84 insertions, 68 deletions

diff --git a/docs/smbdotconf/security/allowtrusteddomains.xml b/docs/smbdotconf/security/allowtrusteddomains.xml
index 7bc5554550..924e41e793 100644
--- a/docs/smbdotconf/security/allowtrusteddomains.xml
+++ b/docs/smbdotconf/security/allowtrusteddomains.xml
@@ -5,7 +5,7 @@
 		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
     <para>
-	This option only takes effect when the <smbconfoption name="security"/> option is set to 
+    This option only takes effect when the <smbconfoption name="security"/> option is set to 
     <constant>server</constant>,<constant>domain</constant> or <constant>ads</constant>.  
     If it is set to no, then attempts to connect to a resource from 
     a domain or workgroup other than the one which smbd is running 
diff --git a/docs/smbdotconf/security/authmethods.xml b/docs/smbdotconf/security/authmethods.xml
index 6e6b88c519..39d211dbd3 100644
--- a/docs/smbdotconf/security/authmethods.xml
+++ b/docs/smbdotconf/security/authmethods.xml
@@ -4,25 +4,30 @@
                  basic="1" advanced="1" wizard="1" developer="1"
 		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
+
     <para>
-	This option allows the administrator to chose what authentication methods <command
-	moreinfo="none">smbd</command> will use when authenticating a user.  This option defaults to sensible values
-	based on <smbconfoption name="security"/>.  This should be considered a developer option and used only in rare
-	circumstances.  In the majority (if not all) of production servers, the default setting should be adequate.
-	</para>
+    This option allows the administrator to chose what authentication methods <command  moreinfo="none">smbd</command> 
+    will use when authenticating a user. This option defaults to sensible values based on <smbconfoption name="security"/>.  
+    This should be considered a developer option and used only in rare circumstances.  In the majority (if not all) 
+    of production servers, the default setting should be adequate.
+    </para>
 
-    <para>Each entry in the list attempts to authenticate the user in turn, until
+    <para>
+    Each entry in the list attempts to authenticate the user in turn, until
     the user authenticates.  In practice only one method will ever actually 
     be able to complete the authentication.
     </para>
 
-    <para>Possible options include <constant>guest</constant> (anonymous access), 
+    <para>
+    Possible options include <constant>guest</constant> (anonymous access), 
     <constant>sam</constant> (lookups in local list of accounts based on netbios 
     name or domain name), <constant>winbind</constant> (relay authentication requests
     for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd 
     method of authentication for remote domain users; deprecated in favour of winbind method), 
     <constant>trustdomain</constant> (authenticate trusted users by contacting the 
-	remote DC directly from smbd; deprecated in favour of winbind method).</para>
+    remote DC directly from smbd; deprecated in favour of winbind method).
+    </para>
+
 </description>
 <value type="default"/>
 <value type="example">guest sam winbind</value>
diff --git a/docs/smbdotconf/security/clientschannel.xml b/docs/smbdotconf/security/clientschannel.xml
index 7530849260..e229182f97 100644
--- a/docs/smbdotconf/security/clientschannel.xml
+++ b/docs/smbdotconf/security/clientschannel.xml
@@ -5,14 +5,13 @@
 		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 
-    <para>This controls whether the client offers or even
-    demands the use of the netlogon schannel.
-    <parameter>client schannel = no</parameter> does not
-    offer the schannel, <parameter>client schannel =
-    auto</parameter> offers the schannel but does not
-    enforce it, and <parameter>client schannel =
-    yes</parameter> denies access if the server is not
-	able to speak netlogon schannel. </para>
+    <para>
+    This controls whether the client offers or even demands the use of the netlogon schannel.
+    <smbconfoption name="client schannel">no</smbconfoption> does not offer the schannel, 
+    <smbconfoption name="client schannel">auto</smbconfoption> offers the schannel but does not
+    enforce it, and <smbconfoption name="client schannel">yes</smbconfoption> denies access 
+    if the server is not able to speak netlogon schannel. 
+    </para>
 </description>
 <value type="default">auto</value>
 <value type="example">yes</value>
diff --git a/docs/smbdotconf/security/forceunknownacluser.xml b/docs/smbdotconf/security/forceunknownacluser.xml
index c1708bab75..4c0949f052 100644
--- a/docs/smbdotconf/security/forceunknownacluser.xml
+++ b/docs/smbdotconf/security/forceunknownacluser.xml
@@ -4,23 +4,23 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 
 <description>
-    <para>If this parameter is set, a Windows NT ACL that contains an unknown
-              SID (security descriptor, or representation of a user or group
-              id) as the owner or group owner of the file will be silently
-              mapped into the current UNIX uid or gid of the currently
-              connected user.</para>
+    <para>
+    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or 
+    representation of a user or group id) as the owner or group owner of the file will be silently
+    mapped into the current UNIX uid or gid of the currently connected user.
+    </para>
 
-    <para>This is designed to allow Windows NT clients to copy files and
-              folders containing ACLs that were created locally on the client
-              machine and contain users local to that machine only (no domain
-              users) to be copied to a Samba server (usually with XCOPY /O)
-              and have the unknown userid and groupid of the file owner map to
-              the current connected user.  This can only be fixed correctly
-              when winbindd allows arbitrary mapping from any Windows NT SID
-              to a UNIX uid or gid.</para>
+    <para>
+    This is designed to allow Windows NT clients to copy files and folders containing ACLs that were 
+    created locally on the client machine and contain users local to that machine only (no domain
+    users) to be copied to a Samba server (usually with XCOPY /O) and have the unknown userid and 
+    groupid of the file owner map to the current connected user.  This can only be fixed correctly
+    when winbindd allows arbitrary mapping from any Windows NT SID to a UNIX uid or gid.
+    </para>
 
-    <para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED
-    error.</para>
+    <para>
+    Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+    </para>
 </description>
 
 <value type="default">no</value>
diff --git a/docs/smbdotconf/security/passdbbackend.xml b/docs/smbdotconf/security/passdbbackend.xml
index bbe1d13106..1a4baa5c08 100644
--- a/docs/smbdotconf/security/passdbbackend.xml
+++ b/docs/smbdotconf/security/passdbbackend.xml
@@ -65,7 +65,7 @@
 
     </para>
 	Examples of use are:
-<screen>
+<programlisting>
 passdb backend = tdbsam:/etc/samba/private/passdb.tdb \
     smbpasswd:/etc/samba/smbpasswd
 
@@ -81,7 +81,7 @@ passdb backend = ldapsam:"ldap://ldap-1.example.com \
 or
 
 passdb backend = mysql:my_plugin_args tdbsam
-</screen>
+</programlisting>
 </description>
 
 <value type="default">smbpasswd</value>
diff --git a/docs/smbdotconf/security/restrictanonymous.xml b/docs/smbdotconf/security/restrictanonymous.xml
index 2a45ef1561..1fbf983d54 100644
--- a/docs/smbdotconf/security/restrictanonymous.xml
+++ b/docs/smbdotconf/security/restrictanonymous.xml
@@ -7,10 +7,10 @@
     <para>The setting of this parameter determines whether user and
     group list information is returned for an anonymous connection.
     and mirrors the effects of the
-<screen>
+<programlisting>
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
            Control\LSA\RestrictAnonymous
-</screen>
+</programlisting>
 	registry key in Windows 2000 and Windows NT.  When set to 0, user
 	and group list information is returned to anyone who asks.  When set
     to 1, only an authenticated user can retrive user and
diff --git a/docs/smbdotconf/security/smbpasswdfile.xml b/docs/smbdotconf/security/smbpasswdfile.xml
index b21da8e1ae..209fa74422 100644
--- a/docs/smbdotconf/security/smbpasswdfile.xml
+++ b/docs/smbdotconf/security/smbpasswdfile.xml
@@ -7,12 +7,12 @@
     <para>This option sets the path to the encrypted smbpasswd file. By
     default the path to the smbpasswd file  is compiled into Samba.</para>
 
-	<para>
-	An example of use is:
-<screen>
+    <para>
+    An example of use is:
+<programlisting>
 smb passwd file = /etc/samba/smbpasswd
-</screen>
-	</para>
+</programlisting>
+    </para>
 </description>
 
 <value type="default">${prefix}/private/smbpasswd</value>
diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml
index 7b939f6956..c30e2327c5 100644
--- a/docs/smbdotconf/security/usernamemap.xml
+++ b/docs/smbdotconf/security/usernamemap.xml
@@ -76,15 +76,17 @@
 guest = *
 </programlisting></para>
 
-    <para>Note that the remapping is applied to all occurrences
+    <para>
+    Note that the remapping is applied to all occurrences
     of usernames. Thus if you connect to \\server\fred and <constant>
     fred</constant> is remapped to <constant>mary</constant> then you
     will actually be connecting to \\server\mary and will need to
     supply a password suitable for <constant>mary</constant> not
     <constant>fred</constant>. The only exception to this is the
-    username passed to the <smbconfoption name="password server"/> (if you have one). The password
-    server will receive whatever username the client supplies without
-    modification.</para>
+    username passed to the <smbconfoption name="password server"/> 
+    (if you have one). The password server will receive whatever 
+    username the client supplies without  modification.
+    </para>
 
     <para>Also note that no reverse mapping is done. The main effect
     this has is with printing. Users who have been mapped may have
@@ -117,12 +119,12 @@ guest = *
     after the user has been successfully authenticated.
     </para>
 
-	<para>
-	An example of use is:
-<screen>
+    <para>
+    An example of use is:
+<programlisting>
 username map = /usr/local/samba/lib/users.map
-</screen>
-	</para>
+</programlisting>
+    </para>
 </description>
 
 <value type="default"><comment>no username map</comment></value>
diff --git a/docs/smbdotconf/security/validusers.xml b/docs/smbdotconf/security/validusers.xml
index 49536a724d..313739d7c1 100644
--- a/docs/smbdotconf/security/validusers.xml
+++ b/docs/smbdotconf/security/validusers.xml
@@ -3,17 +3,22 @@
 				 type="list"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>This is a list of users that should be allowed 
-    to login to this service. Names starting with '@', '+' and  '&amp;'
-    are interpreted using the same rules as described in the 
-    <parameter moreinfo="none">invalid users</parameter> parameter.</para>
+    <para>
+    This is a list of users that should be allowed to login to this service. Names starting with 
+    '@', '+' and  '&amp;' are interpreted using the same rules as described in the 
+    <parameter moreinfo="none">invalid users</parameter> parameter.
+    </para>
 
-    <para>If this is empty (the default) then any user can login. 
-    If a username is in both this list and the <parameter moreinfo="none">invalid 
-    users</parameter> list then access is denied for that user.</para>
+    <para>
+    If this is empty (the default) then any user can login. If a username is in both this list 
+    and the <parameter moreinfo="none">invalid users</parameter> list then access is denied 
+    for that user.
+    </para>
 
-    <para>The current servicename is substituted for <parameter moreinfo="none">%S
-	</parameter>. This is useful in the [homes] section.</para>
+    <para>
+    The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. 
+    This is useful in the [homes] section.
+    </para>
 </description>
 
 <related>invalid users</related>
diff --git a/docs/smbdotconf/security/writelist.xml b/docs/smbdotconf/security/writelist.xml
index 3476b311bf..60db3f19f0 100644
--- a/docs/smbdotconf/security/writelist.xml
+++ b/docs/smbdotconf/security/writelist.xml
@@ -3,17 +3,22 @@
 				 type="list"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>This is a list of users that are given read-write 
-    access to a service. If the connecting user is in this list then 
-	they will be given write access, no matter what the <smbconfoption name="read only"/>
-    option is set to. The list can include group names using the 
-    @group syntax.</para>
+    <para>
+    This is a list of users that are given read-write access to a service. If the 
+    connecting user is in this list then they will be given write access, no matter 
+    what the <smbconfoption name="read only"/> option is set to. The list can 
+    include group names using the @group syntax.
+    </para>
 
-    <para>Note that if a user is in both the read list and the 
-    write list then they will be given write access.</para>
+    <para>
+    Note that if a user is in both the read list and the write list then they will be 
+    given write access.
+    </para>
 
-<para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in
-    Samba 3.0.  This is by design.</para>
+    <para>
+    By design, this parameter will not work with the 
+    <smbconfoption name="security">share</smbconfoption> in Samba 3.0.
+    </para>
 
 </description>