[Pkg-samba-maint] r3813 - in branches/samba/experimental: . docs/manpages docs-xml/manpages-3 docs-xml/smbdotconf/logon docs-xml/smbdotconf/misc docs-xml/smbdotconf/protocol docs-xml/smbdotconf/security docs-xml/smbdotconf/winbind examples/LDAP lib/async_req lib/replace lib/replace/system lib/talloc lib/tevent lib/util packaging/RHEL packaging/RHEL-CTDB source3 source3/auth source3/include source3/lib source3/libsmb source3/modules source3/param source3/passdb source3/printing source3/rpc_server source3/rpc_server/samr source3/smbd source3/utils source3/winbindd source4/smbd

bubulle at alioth.debian.org bubulle at alioth.debian.org
Tue Jun 7 21:08:25 UTC 2011


Author: bubulle
Date: 2011-06-07 21:08:24 +0000 (Tue, 07 Jun 2011)
New Revision: 3813

Added:
   branches/samba/experimental/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml
   branches/samba/experimental/docs-xml/smbdotconf/misc/ncalrpcdir.xml
Removed:
   branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
Modified:
   branches/samba/experimental/WHATSNEW.txt
   branches/samba/experimental/docs-xml/manpages-3/idmap_ad.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_adex.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_autorid.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_hash.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_ldap.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_nss.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_rid.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_tdb.8.xml
   branches/samba/experimental/docs-xml/manpages-3/idmap_tdb2.8.xml
   branches/samba/experimental/docs-xml/manpages-3/ldbadd.1.xml
   branches/samba/experimental/docs-xml/manpages-3/ldbdel.1.xml
   branches/samba/experimental/docs-xml/manpages-3/ldbedit.1.xml
   branches/samba/experimental/docs-xml/manpages-3/ldbmodify.1.xml
   branches/samba/experimental/docs-xml/manpages-3/ldbrename.1.xml
   branches/samba/experimental/docs-xml/manpages-3/ldbsearch.1.xml
   branches/samba/experimental/docs-xml/manpages-3/net.8.xml
   branches/samba/experimental/docs-xml/manpages-3/smbta-util.8.xml
   branches/samba/experimental/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
   branches/samba/experimental/docs-xml/manpages-3/wbinfo.1.xml
   branches/samba/experimental/docs-xml/manpages-3/winbindd.8.xml
   branches/samba/experimental/docs-xml/smbdotconf/logon/enableprivileges.xml
   branches/samba/experimental/docs-xml/smbdotconf/protocol/usespnego.xml
   branches/samba/experimental/docs-xml/smbdotconf/security/passwordlevel.xml
   branches/samba/experimental/docs-xml/smbdotconf/security/passwordserver.xml
   branches/samba/experimental/docs-xml/smbdotconf/security/security.xml
   branches/samba/experimental/docs-xml/smbdotconf/security/username.xml
   branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapbackend.xml
   branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapconfig.xml
   branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapgid.xml
   branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapuid.xml
   branches/samba/experimental/docs/manpages/eventlogadm.8
   branches/samba/experimental/docs/manpages/findsmb.1
   branches/samba/experimental/docs/manpages/idmap_ad.8
   branches/samba/experimental/docs/manpages/idmap_adex.8
   branches/samba/experimental/docs/manpages/idmap_autorid.8
   branches/samba/experimental/docs/manpages/idmap_hash.8
   branches/samba/experimental/docs/manpages/idmap_ldap.8
   branches/samba/experimental/docs/manpages/idmap_nss.8
   branches/samba/experimental/docs/manpages/idmap_rid.8
   branches/samba/experimental/docs/manpages/idmap_tdb.8
   branches/samba/experimental/docs/manpages/idmap_tdb2.8
   branches/samba/experimental/docs/manpages/ldb.3
   branches/samba/experimental/docs/manpages/ldbadd.1
   branches/samba/experimental/docs/manpages/ldbdel.1
   branches/samba/experimental/docs/manpages/ldbedit.1
   branches/samba/experimental/docs/manpages/ldbmodify.1
   branches/samba/experimental/docs/manpages/ldbrename.1
   branches/samba/experimental/docs/manpages/ldbsearch.1
   branches/samba/experimental/docs/manpages/libsmbclient.7
   branches/samba/experimental/docs/manpages/lmhosts.5
   branches/samba/experimental/docs/manpages/log2pcap.1
   branches/samba/experimental/docs/manpages/net.8
   branches/samba/experimental/docs/manpages/nmbd.8
   branches/samba/experimental/docs/manpages/nmblookup.1
   branches/samba/experimental/docs/manpages/ntlm_auth.1
   branches/samba/experimental/docs/manpages/pam_winbind.8
   branches/samba/experimental/docs/manpages/pam_winbind.conf.5
   branches/samba/experimental/docs/manpages/pdbedit.8
   branches/samba/experimental/docs/manpages/profiles.1
   branches/samba/experimental/docs/manpages/rpcclient.1
   branches/samba/experimental/docs/manpages/samba.7
   branches/samba/experimental/docs/manpages/sharesec.1
   branches/samba/experimental/docs/manpages/smb.conf.5
   branches/samba/experimental/docs/manpages/smbcacls.1
   branches/samba/experimental/docs/manpages/smbclient.1
   branches/samba/experimental/docs/manpages/smbcontrol.1
   branches/samba/experimental/docs/manpages/smbcquotas.1
   branches/samba/experimental/docs/manpages/smbd.8
   branches/samba/experimental/docs/manpages/smbget.1
   branches/samba/experimental/docs/manpages/smbgetrc.5
   branches/samba/experimental/docs/manpages/smbpasswd.5
   branches/samba/experimental/docs/manpages/smbpasswd.8
   branches/samba/experimental/docs/manpages/smbspool.8
   branches/samba/experimental/docs/manpages/smbstatus.1
   branches/samba/experimental/docs/manpages/smbta-util.8
   branches/samba/experimental/docs/manpages/smbtar.1
   branches/samba/experimental/docs/manpages/smbtree.1
   branches/samba/experimental/docs/manpages/swat.8
   branches/samba/experimental/docs/manpages/tdbbackup.8
   branches/samba/experimental/docs/manpages/tdbdump.8
   branches/samba/experimental/docs/manpages/tdbtool.8
   branches/samba/experimental/docs/manpages/testparm.1
   branches/samba/experimental/docs/manpages/vfs_acl_tdb.8
   branches/samba/experimental/docs/manpages/vfs_acl_xattr.8
   branches/samba/experimental/docs/manpages/vfs_audit.8
   branches/samba/experimental/docs/manpages/vfs_cacheprime.8
   branches/samba/experimental/docs/manpages/vfs_cap.8
   branches/samba/experimental/docs/manpages/vfs_catia.8
   branches/samba/experimental/docs/manpages/vfs_commit.8
   branches/samba/experimental/docs/manpages/vfs_crossrename.8
   branches/samba/experimental/docs/manpages/vfs_default_quota.8
   branches/samba/experimental/docs/manpages/vfs_dirsort.8
   branches/samba/experimental/docs/manpages/vfs_extd_audit.8
   branches/samba/experimental/docs/manpages/vfs_fake_perms.8
   branches/samba/experimental/docs/manpages/vfs_fileid.8
   branches/samba/experimental/docs/manpages/vfs_full_audit.8
   branches/samba/experimental/docs/manpages/vfs_gpfs.8
   branches/samba/experimental/docs/manpages/vfs_netatalk.8
   branches/samba/experimental/docs/manpages/vfs_notify_fam.8
   branches/samba/experimental/docs/manpages/vfs_prealloc.8
   branches/samba/experimental/docs/manpages/vfs_preopen.8
   branches/samba/experimental/docs/manpages/vfs_readahead.8
   branches/samba/experimental/docs/manpages/vfs_readonly.8
   branches/samba/experimental/docs/manpages/vfs_recycle.8
   branches/samba/experimental/docs/manpages/vfs_scannedonly.8
   branches/samba/experimental/docs/manpages/vfs_shadow_copy.8
   branches/samba/experimental/docs/manpages/vfs_shadow_copy2.8
   branches/samba/experimental/docs/manpages/vfs_smb_traffic_analyzer.8
   branches/samba/experimental/docs/manpages/vfs_streams_depot.8
   branches/samba/experimental/docs/manpages/vfs_streams_xattr.8
   branches/samba/experimental/docs/manpages/vfs_time_audit.8
   branches/samba/experimental/docs/manpages/vfs_xattr_tdb.8
   branches/samba/experimental/docs/manpages/vfstest.1
   branches/samba/experimental/docs/manpages/wbinfo.1
   branches/samba/experimental/docs/manpages/winbind_krb5_locator.7
   branches/samba/experimental/docs/manpages/winbindd.8
   branches/samba/experimental/examples/LDAP/samba-nds.schema
   branches/samba/experimental/examples/LDAP/samba-schema-FDS.ldif
   branches/samba/experimental/examples/LDAP/samba-schema-netscapeds5.x
   branches/samba/experimental/examples/LDAP/samba.schema
   branches/samba/experimental/examples/LDAP/samba.schema.oc.IBM-DS
   branches/samba/experimental/lib/async_req/async_sock.c
   branches/samba/experimental/lib/replace/libreplace_network.m4
   branches/samba/experimental/lib/replace/system/network.h
   branches/samba/experimental/lib/talloc/talloc.c
   branches/samba/experimental/lib/talloc/testsuite.c
   branches/samba/experimental/lib/tevent/tevent_poll.c
   branches/samba/experimental/lib/util/asn1.c
   branches/samba/experimental/packaging/RHEL-CTDB/samba.spec
   branches/samba/experimental/packaging/RHEL/makerpms.sh
   branches/samba/experimental/packaging/RHEL/samba.spec
   branches/samba/experimental/source3/VERSION
   branches/samba/experimental/source3/auth/auth_server.c
   branches/samba/experimental/source3/configure
   branches/samba/experimental/source3/include/client.h
   branches/samba/experimental/source3/include/ntioctl.h
   branches/samba/experimental/source3/include/version.h
   branches/samba/experimental/source3/lib/ctdbd_conn.c
   branches/samba/experimental/source3/lib/events.c
   branches/samba/experimental/source3/libsmb/cliconnect.c
   branches/samba/experimental/source3/modules/nfs4_acls.c
   branches/samba/experimental/source3/modules/nfs4_acls.h
   branches/samba/experimental/source3/modules/vfs_default.c
   branches/samba/experimental/source3/modules/vfs_full_audit.c
   branches/samba/experimental/source3/modules/vfs_shadow_copy.c
   branches/samba/experimental/source3/modules/vfs_shadow_copy2.c
   branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.c
   branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.h
   branches/samba/experimental/source3/modules/vfs_time_audit.c
   branches/samba/experimental/source3/param/loadparm.c
   branches/samba/experimental/source3/passdb/pdb_get_set.c
   branches/samba/experimental/source3/printing/print_standard.c
   branches/samba/experimental/source3/rpc_server/rpc_ep_setup.c
   branches/samba/experimental/source3/rpc_server/rpc_server.c
   branches/samba/experimental/source3/rpc_server/samr/srv_samr_util.c
   branches/samba/experimental/source3/smbd/nttrans.c
   branches/samba/experimental/source3/smbd/open.c
   branches/samba/experimental/source3/smbd/process.c
   branches/samba/experimental/source3/smbd/reply.c
   branches/samba/experimental/source3/smbd/sesssetup.c
   branches/samba/experimental/source3/smbd/smb2_ioctl.c
   branches/samba/experimental/source3/smbd/smb2_negprot.c
   branches/samba/experimental/source3/smbd/trans2.c
   branches/samba/experimental/source3/smbd/vfs.c
   branches/samba/experimental/source3/utils/net_rpc_trust.c
   branches/samba/experimental/source3/utils/smbcacls.c
   branches/samba/experimental/source3/utils/testparm.c
   branches/samba/experimental/source3/winbindd/idmap_ldap.c
   branches/samba/experimental/source3/winbindd/winbindd_dual_srv.c
   branches/samba/experimental/source3/winbindd/winbindd_pam.c
   branches/samba/experimental/source4/smbd/service_named_pipe.c
Log:
Merge upstream 3.6.0~rc2

Modified: branches/samba/experimental/WHATSNEW.txt
===================================================================
--- branches/samba/experimental/WHATSNEW.txt	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/WHATSNEW.txt	2011-06-07 21:08:24 UTC (rev 3813)
@@ -1,10 +1,10 @@
                    ================================
-                   Release Notes for Samba 3.6.0rc1
-                             May 17, 2011
+                   Release Notes for Samba 3.6.0rc2
+                            June 7, 2011
                    ================================
 
 
-This is the first release candidate of Samba 3.6.0.  This is *not*
+This is the second release candidate of Samba 3.6.0.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -166,10 +166,10 @@
 certain RPC service over TCP/IP, you just ask the endpoint mapper on which
 port it is running. Then you can connect to the service and make sure that it
 is running.
+
 The code is deactivated by default, because it needs more testing and it
-doesn't scale yet. We will work on these limitations and hopefully release it
-with pre3. If you want to enable and test the endpoint mapper you can set
-"rpc_server:epmapper = daemon" in the smb.conf file.
+doesn't scale yet. If you want to enable and test the endpoint mapper
+you can set "rpc_server:epmapper = daemon" in the smb.conf file.
 
 
 Internal restructuring
@@ -252,6 +252,83 @@
     * Add an Endpoint Mapper daemon.
 
 
+Changes since 3.6.0rc1
+----------------------
+
+o   Michael Adam <obnox at samba.org>
+    * BUG 8200: Add support for multiple writeable ldap idmap domains.
+
+
+o   Jeremy Allison <jra at samba.org>
+    * BUG 6911: Fix Kerberos authentication from Vista to Samba.
+    * BUG 7054: Fix X account flag when "pwdlastset" is "0".
+    * BUG 8133: Fix strange behavior for the file (whose filename first
+      character is period ) in SMB2 case.
+    * BUG 8144: Fix setting timestamp when touching files with CIFS clients.
+    * BUG 8150: Ban "dos charset = utf8".
+    * BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
+    * BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
+    * BUG 8157: Fix parsing a cups printcap file.
+    * BUG 8163: Fix our asn.1 parser to handle negative numbers.
+    * BUG 8175: Fix smbd deadlock.
+    * BUG 8191: Split the ACE flag mapping between nfs4 and Windows into two
+      separate functions.
+    * BUG 8197: Winbind does not properly detect when a DC connection is dead.
+    * BUG 8203: Winbind needs to reset the DC connection if an RPC times out.
+
+
+o   Christian Ambach <ambi at samba.org>
+    * BUG 8152: Fix smbd crash in release_ip().
+
+
+o   Andrew Bartlett <abartlet at samba.org>
+    * BUG 8151: Deprecate security parameters.
+
+
+o   Gregor Beck <gbeck at sernet.de>
+    * BUG 8191: nfs4_acls: Pass ACE_FLAG_INHERITED_ACE up to the client/down
+      from the client.
+    * BUG 8192: Fix parsing of multiple flags in 'smbcacls'.
+
+
+o   Sumit Bose <sbose at redhat.com>
+    * BUG 8142: Fix typos in LDAP schema files.
+
+
+o   Holger Hetterich <hhetter at novell.com>
+    * BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.
+    * BUG 8154: Actually make use of SMBTA subversion numbers.
+
+
+o   Björn Jacke <bj at sernet.de>
+    * BUG 7998: Remove warning if IOV_MAX is not defined.
+
+
+o   Jim McDonough <jmcd at samba.org>
+    * BUG 8166: Don't lockout users when offline.
+
+
+o   Stefan Metzmacher <metze at samba.org>
+    * BUG 8140: talloc: Fix Valgrind false positives and other backports.
+    * BUG 8141: Fix wrong permissions on lp_ncalrpc_dir().
+
+
+o   Andreas Schneider <asn at samba.org>
+    * BUG 8155: Fix registering only named pipes on EPM for a service.
+
+
+o   Volker Lendecke <vl at samba.org>
+    * BUG 8159: Fix memory corruption in fetching cli->server_domain from the
+      server.
+    * BUG 8185: "security=server" does not obey guest login field.
+    * BUG 8189: Support shadow copy display over SMB2.
+    * BUG 8199: Fix potential crash in smbd handling smb2.
+
+
+o   Samuel Thibault <sthibault at debian.org>
+    * BUG 7998: Fix build on Hurd.
+
+
 Changes since 3.6.0pre3
 -----------------------
 

Modified: branches/samba/experimental/docs/manpages/eventlogadm.8
===================================================================
--- branches/samba/experimental/docs/manpages/eventlogadm.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/eventlogadm.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: eventlogadm
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "EVENTLOGADM" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "EVENTLOGADM" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/findsmb.1
===================================================================
--- branches/samba/experimental/docs/manpages/findsmb.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/findsmb.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: findsmb
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "FINDSMB" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "FINDSMB" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/idmap_ad.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_ad.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_ad.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_ad
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_AD" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_AD" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -52,9 +52,8 @@
 .\}
 .nf
 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000\-1999999
-	idmap gid = 1000000\-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000\-1999999
 
 	idmap config CORP : backend  = ad
 	idmap config CORP : range = 1000\-999999

Modified: branches/samba/experimental/docs/manpages/idmap_adex.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_adex.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_adex.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_adex
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_ADEX" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_ADEX" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -39,9 +39,8 @@
 .\}
 .nf
 	[global]
-	idmap backend = adex
-	idmap uid = 1000\-4000000000
-	idmap gid = 1000\-4000000000
+	idmap config * : backend = adex
+	idmap config * : range = 1000\-4000000000
 
 	winbind nss info = adex
 	winbind normalize names = yes

Modified: branches/samba/experimental/docs/manpages/idmap_autorid.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_autorid.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_autorid.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_autorid
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_AUTORID" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_AUTORID" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -78,9 +78,8 @@
 	workgroup = CUSTOMER
 	realm = CUSTOMER\&.COM
 
-	idmap backend = autorid
-	idmap uid = 1000000\-1999999
-	idmap gid = 1000000\-1999999
+	idmap config * : backend = autorid
+	idmap config * : range = 1000000\-1999999
 
 	
 .fi
@@ -88,7 +87,7 @@
 .RE
 .\}
 .PP
-This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain that uses the SFU mapping scheme\&. Please note that idmap uid/gid ranges and sfu ranges are not allowed to overlap\&.
+This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain that uses the SFU mapping scheme\&. Please note that idmap ranges and sfu ranges are not allowed to overlap\&.
 .sp
 .if n \{\
 .RS 4
@@ -99,10 +98,9 @@
 	workgroup = CUSTOMER
 	realm = CUSTOMER\&.COM
 
-	idmap backend = autorid
+	idmap config * : backend = autorid
+	idmap config * : range = 1000000\-19999999
 	autorid:rangesize = 1000000
-	idmap uid = 1000000\-19999999
-	idmap gid = 1000000\-19999999
 
 	idmap config TRUSTED : backend  = ad
 	idmap config TRUSTED : range    = 50000 \- 99999

Modified: branches/samba/experimental/docs/manpages/idmap_hash.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_hash.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_hash.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_hash
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_HASH" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_HASH" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -40,9 +40,8 @@
 .\}
 .nf
 	[global]
-	idmap backend = hash
-	idmap uid = 1000\-4000000000
-	idmap gid = 1000\-4000000000
+	idmap config * : backend = hash
+	idmap config * : range = 1000\-4000000000
 
 	winbind nss info = hash
 	winbind normalize names = yes

Modified: branches/samba/experimental/docs/manpages/idmap_ldap.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_ldap.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_ldap.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_ldap
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_LDAP" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_LDAP" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -24,65 +24,66 @@
 .PP
 The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service\&.
 .PP
-In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_ldap backend itself or by any other allocating backend like idmap_tdb or idmap_tdb2\&. This is configured with the parameter
-\fIidmap alloc backend\fR\&.
-.PP
-Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
-.PP
-Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend ldap should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
 .SH "IDMAP OPTIONS"
 .PP
 ldap_base_dn = DN
 .RS 4
-Defines the directory base suffix to use when searching for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
+Defines the directory base suffix to use for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
 .RE
 .PP
 ldap_user_dn = DN
 .RS 4
-Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&.
+Defines the user DN to be used for authentication\&. The secret for authenticating this user should be stored with net idmap secret (see
+\fBnet\fR(8))\&. If absent, the ldap credentials from the ldap passdb configuration are used, and if these are also absent, an anonymous bind will be performed as last fallback\&.
 .RE
 .PP
 ldap_url = ldap://server/
 .RS 4
-Specifies the LDAP server to use when searching for existing SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
+Specifies the LDAP server to use for SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
 .RE
 .PP
 range = low \- high
 .RS 4
-Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&.
 .RE
-.SH "IDMAP ALLOC OPTIONS"
+.SH "EXAMPLES"
 .PP
-ldap_base_dn = DN
+The following example shows how an ldap directory is used as the default idmap backend\&. It also configures the idmap range and base directory suffix\&. The secret for the ldap_user_dn has to be set with "net idmap secret \'*\' password"\&.
+.sp
+.if n \{\
 .RS 4
-Defines the directory base suffix under which new SID/uid/gid mapping entries should be stored\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
+.\}
+.nf
+	[global]
+	idmap config * : backend      = ldap
+	idmap config * : range        = 1000000\-1999999
+	idmap config * : ldap_url     = ldap://localhost/
+	idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+	idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+	
+.fi
+.if n \{\
 .RE
+.\}
 .PP
-ldap_user_dn = DN
-.RS 4
-Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&.
-.RE
-.PP
-ldap_url = ldap://server/
-.RS 4
-Specifies the LDAP server to which modify/add/delete requests should be sent\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
-.RE
-.SH "EXAMPLES"
-.PP
-The follow sets of a LDAP configuration which uses two LDAP directories, one for storing the ID mappings and one for retrieving new IDs\&.
+This example shows how ldap can be used as a readonly backend while tdb is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the ldap idmap backend\&. Note that a range disjoint from the default range is used\&.
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 	[global]
-	idmap backend = ldap:ldap://localhost/
-	idmap uid = 1000000\-1999999
-	idmap gid = 1000000\-1999999
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000\-1999999
 
-	idmap alloc backend = ldap
-	idmap alloc config : ldap_url	= ldap://id\-master/
-	idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+	idmap config DOM1 : backend = ldap
+	idmap config DOM1 : range = 2000000\-2999999
+	idmap config DOM1 : read only = yes
+	idmap config DOM1 : ldap_url = ldap://server/
+	idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+	idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
 	
 .fi
 .if n \{\

Modified: branches/samba/experimental/docs/manpages/idmap_nss.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_nss.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_nss.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_nss
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_NSS" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_NSS" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -32,9 +32,8 @@
 .\}
 .nf
 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000\-1999999
-	idmap gid = 1000000\-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000\-1999999
 
 	idmap config SAMBA : backend  = nss
 	idmap config SAMBA : range = 1000\-999999

Modified: branches/samba/experimental/docs/manpages/idmap_rid.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_rid.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_rid.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_rid
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_RID" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_RID" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -86,9 +86,8 @@
 	security = domain
 	workgroup = MAIN
 
-	idmap backend = tdb
-	idmap uid = 1000000\-1999999
-	idmap gid = 1000000\-1999999
+	idmap config * : backend        = tdb
+	idmap config * : range          = 1000000\-1999999
 
 	idmap config MAIN : backend     = rid
 	idmap config MAIN : range       = 10000 \- 49999

Modified: branches/samba/experimental/docs/manpages/idmap_tdb.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_tdb.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_tdb.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_tdb
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_TDB" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_TDB" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -24,57 +24,30 @@
 .PP
 The idmap_tdb plugin is the default backend used by winbindd for storing SID/uid/gid mapping tables\&.
 .PP
-In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_tdb backend itself or by any other allocating backend like idmap_ldap or idmap_tdb2\&. This is configured with the parameter
-\fIidmap alloc backend\fR\&.
-.PP
-Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
-.PP
-Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend tdb should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
 .SH "IDMAP OPTIONS"
 .PP
 range = low \- high
 .RS 4
-Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&.
 .RE
 .SH "EXAMPLES"
 .PP
-This example shows how tdb is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&. This same range is used for uid/gid allocation\&.
+This example shows how tdb is used as a the default idmap backend\&. This configured range is used for uid and gid allocation\&.
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 	[global]
-	# "idmap backend = tdb" is redundant here since it is the default
-	idmap backend = tdb
-	idmap uid = 1000000\-2000000
-	idmap gid = 1000000\-2000000
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000\-2000000
 	
 .fi
 .if n \{\
 .RE
 .\}
-.PP
-This (rather theoretical) example shows how tdb can be used as the allocating backend while ldap is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the tdb idmap backend\&. Note that the same range as the default uid/gid range is used, since the allocator has to serve both the default backend and the explicitly configured domain DOM1\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-	[global]
-	idmap backend = ldap
-	idmap uid = 1000000\-2000000
-	idmap gid = 1000000\-2000000
-	# use a different uid/gid allocator:
-	idmap alloc backend = tdb
-
-	idmap config DOM1 : backend = tdb
-	idmap config DOM1 : range = 1000000\-2000000
-	
-.fi
-.if n \{\
-.RE
-.\}
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

Modified: branches/samba/experimental/docs/manpages/idmap_tdb2.8
===================================================================
--- branches/samba/experimental/docs/manpages/idmap_tdb2.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/idmap_tdb2.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: idmap_tdb2
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "IDMAP_TDB2" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "IDMAP_TDB2" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -24,17 +24,12 @@
 .PP
 The idmap_tdb2 plugin is a substitute for the default idmap_tdb backend used by winbindd for storing SID/uid/gid mapping tables in clustered environments with Samba and CTDB\&.
 .PP
-In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_tdb2 backend itself or by any other allocating backend like idmap_tdb or idmap_ldap\&. This is configured with the parameter
-\fIidmap alloc backend\fR\&.
-.PP
-Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
-.PP
-Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend tdb2 should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
 .SH "IDMAP OPTIONS"
 .PP
 range = low \- high
 .RS 4
-Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&.
 .RE
 .SH "IDMAP SCRIPT"
 .PP
@@ -73,16 +68,15 @@
 Note that the script should cover the complete range of SIDs that can be passed in for SID to Unix ID mapping, since otherwise SIDs unmapped by the script might get mapped to IDs that had previously been mapped by the script\&.
 .SH "EXAMPLES"
 .PP
-This example shows how tdb2 is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&. This same range is used for uid/gid allocation\&.
+This example shows how tdb2 is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&.
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 	[global]
-	idmap backend = tdb2
-	idmap uid = 1000000\-2000000
-	idmap gid = 1000000\-2000000
+	idmap config * : backend = tdb2
+	idmap config * : range = 1000000\-2000000
 	
 .fi
 .if n \{\

Modified: branches/samba/experimental/docs/manpages/ldb.3
===================================================================
--- branches/samba/experimental/docs/manpages/ldb.3	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldb.3	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldb
 .\"    Author: [see the "Author" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: C Library Functions
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDB" "3" "05/17/2011" "Samba 3\&.6" "C Library Functions"
+.TH "LDB" "3" "06/07/2011" "Samba 3\&.6" "C Library Functions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/ldbadd.1
===================================================================
--- branches/samba/experimental/docs/manpages/ldbadd.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldbadd.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldbadd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDBADD" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LDBADD" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -47,7 +47,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
 ldb(7), ldbmodify, ldbdel, ldif(5)

Modified: branches/samba/experimental/docs/manpages/ldbdel.1
===================================================================
--- branches/samba/experimental/docs/manpages/ldbdel.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldbdel.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldbdel
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDBDEL" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LDBDEL" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -47,7 +47,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
 ldb(7), ldbmodify, ldbadd, ldif(5)

Modified: branches/samba/experimental/docs/manpages/ldbedit.1
===================================================================
--- branches/samba/experimental/docs/manpages/ldbedit.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldbedit.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldbedit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDBEDIT" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LDBEDIT" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -80,7 +80,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
 ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1)

Modified: branches/samba/experimental/docs/manpages/ldbmodify.1
===================================================================
--- branches/samba/experimental/docs/manpages/ldbmodify.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldbmodify.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldbmodify
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDBMODIFY" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LDBMODIFY" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -42,7 +42,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
 ldb(7), ldbedit

Modified: branches/samba/experimental/docs/manpages/ldbrename.1
===================================================================
--- branches/samba/experimental/docs/manpages/ldbrename.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldbrename.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldbrename
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDBRENAME" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LDBRENAME" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -50,7 +50,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
 ldb(7), ldbmodify, ldbdel, ldif(5)

Modified: branches/samba/experimental/docs/manpages/ldbsearch.1
===================================================================
--- branches/samba/experimental/docs/manpages/ldbsearch.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ldbsearch.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ldbsearch
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LDBSEARCH" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LDBSEARCH" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -60,7 +60,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
 ldb(7), ldbedit(1)

Modified: branches/samba/experimental/docs/manpages/libsmbclient.7
===================================================================
--- branches/samba/experimental/docs/manpages/libsmbclient.7	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/libsmbclient.7	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: libsmbclient
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: 7
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LIBSMBCLIENT" "7" "05/17/2011" "Samba 3\&.6" "7"
+.TH "LIBSMBCLIENT" "7" "06/07/2011" "Samba 3\&.6" "7"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/lmhosts.5
===================================================================
--- branches/samba/experimental/docs/manpages/lmhosts.5	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/lmhosts.5	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: lmhosts
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LMHOSTS" "5" "05/17/2011" "Samba 3\&.6" "File Formats and Conventions"
+.TH "LMHOSTS" "5" "06/07/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/log2pcap.1
===================================================================
--- branches/samba/experimental/docs/manpages/log2pcap.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/log2pcap.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: log2pcap
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "LOG2PCAP" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "LOG2PCAP" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/net.8
===================================================================
--- branches/samba/experimental/docs/manpages/net.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/net.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: net
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "NET" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "NET" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -550,6 +550,139 @@
 .SS "RPC TRUSTDOM LIST"
 .PP
 List all interdomain trust relationships\&.
+.SS "RPC TRUSTDOM LIST"
+.PP
+List all interdomain trust relationships\&.
+.SS "RPC TRUST"
+.SS "RPC TRUST CREATE"
+.PP
+Create a trust trust object by calling lsaCreateTrustedDomainEx2\&. The can be done on a single server or on two servers at once with the possibility to use a random trust password\&.
+.PP
+\fBOptions:\fR
+.PP
+otherserver
+.RS 4
+Domain controller of the second domain
+.RE
+.PP
+otheruser
+.RS 4
+Admin user in the second domain
+.RE
+.PP
+otherdomainsid
+.RS 4
+SID of the second domain
+.RE
+.PP
+other_netbios_domain
+.RS 4
+NetBIOS (short) name of the second domain
+.RE
+.PP
+otherdomain
+.RS 4
+DNS (full) name of the second domain
+.RE
+.PP
+trustpw
+.RS 4
+Trust password
+.RE
+.PP
+\fBExamples:\fR
+.PP
+Create a trust object on srv1\&.dom1\&.dom for the domain dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust create \e
+    otherdomainsid=S\-x\-x\-xx\-xxxxxxxxxx\-xxxxxxxxxx\-xxxxxxxxx \e
+    other_netbios_domain=dom2 \e
+    otherdomain=dom2\&.dom \e
+    trustpw=12345678 \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+Create a trust relationship between dom1 and dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust create \e
+    otherserver=srv2\&.dom2\&.test \e
+    otheruser=dom2adm \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.SS "RPC TRUST DELETE"
+.PP
+Delete a trust trust object by calling lsaDeleteTrustedDomain\&. The can be done on a single server or on two servers at once\&.
+.PP
+\fBOptions:\fR
+.PP
+otherserver
+.RS 4
+Domain controller of the second domain
+.RE
+.PP
+otheruser
+.RS 4
+Admin user in the second domain
+.RE
+.PP
+otherdomainsid
+.RS 4
+SID of the second domain
+.RE
+.PP
+\fBExamples:\fR
+.PP
+Delete a trust object on srv1\&.dom1\&.dom for the domain dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust delete \e
+    otherdomainsid=S\-x\-x\-xx\-xxxxxxxxxx\-xxxxxxxxxx\-xxxxxxxxx \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+Delete a trust relationship between dom1 and dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust delete \e
+    otherserver=srv2\&.dom2\&.test \e
+    otheruser=dom2adm \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.SS ""
 .SS "RPC RIGHTS"
 .PP
 This subcommand is used to view and manage Samba\'s rights assignments (also referred to as privileges)\&. There are three options currently available:

Modified: branches/samba/experimental/docs/manpages/nmbd.8
===================================================================
--- branches/samba/experimental/docs/manpages/nmbd.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/nmbd.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: nmbd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "NMBD" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "NMBD" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/nmblookup.1
===================================================================
--- branches/samba/experimental/docs/manpages/nmblookup.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/nmblookup.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: nmblookup
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "NMBLOOKUP" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "NMBLOOKUP" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/ntlm_auth.1
===================================================================
--- branches/samba/experimental/docs/manpages/ntlm_auth.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/ntlm_auth.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: ntlm_auth
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "NTLM_AUTH" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "NTLM_AUTH" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/pam_winbind.8
===================================================================
--- branches/samba/experimental/docs/manpages/pam_winbind.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/pam_winbind.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: pam_winbind
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: 8
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "PAM_WINBIND" "8" "05/17/2011" "Samba 3\&.6" "8"
+.TH "PAM_WINBIND" "8" "06/07/2011" "Samba 3\&.6" "8"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/pam_winbind.conf.5
===================================================================
--- branches/samba/experimental/docs/manpages/pam_winbind.conf.5	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/pam_winbind.conf.5	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: pam_winbind.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: 5
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "PAM_WINBIND\&.CONF" "5" "05/17/2011" "Samba 3\&.6" "5"
+.TH "PAM_WINBIND\&.CONF" "5" "06/07/2011" "Samba 3\&.6" "5"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/pdbedit.8
===================================================================
--- branches/samba/experimental/docs/manpages/pdbedit.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/pdbedit.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: pdbedit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "PDBEDIT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "PDBEDIT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/profiles.1
===================================================================
--- branches/samba/experimental/docs/manpages/profiles.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/profiles.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: profiles
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "PROFILES" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "PROFILES" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/rpcclient.1
===================================================================
--- branches/samba/experimental/docs/manpages/rpcclient.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/rpcclient.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: rpcclient
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "RPCCLIENT" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "RPCCLIENT" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/samba.7
===================================================================
--- branches/samba/experimental/docs/manpages/samba.7	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/samba.7	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: samba
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: Miscellanea
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SAMBA" "7" "05/17/2011" "Samba 3\&.6" "Miscellanea"
+.TH "SAMBA" "7" "06/07/2011" "Samba 3\&.6" "Miscellanea"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/sharesec.1
===================================================================
--- branches/samba/experimental/docs/manpages/sharesec.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/sharesec.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: sharesec
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SHARESEC" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SHARESEC" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smb.conf.5
===================================================================
--- branches/samba/experimental/docs/manpages/smb.conf.5	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smb.conf.5	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smb.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMB\&.CONF" "5" "05/17/2011" "Samba 3\&.6" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "06/07/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -1407,6 +1407,16 @@
 \fI\fIannounce version\fR\fR\fI = \fR\fI2\&.0\fR\fI \fR
 .RE
 
+async smb echo handler (G)
+.\" async smb echo handler
+.PP
+.RS 4
+This parameter specifies whether Samba should fork the async smb echo handler\&. It can be beneficial if your file system can block syscalls for a very long time\&. In some circumstances, it prolongs the timeout that Windows uses to determine whether a connection is dead\&.
+.sp
+Default:
+\fI\fIasync smb echo handler\fR\fR\fI = \fR\fIno\fR\fI \fR
+.RE
+
 auth methods (G)
 .\" auth methods
 .PP
@@ -3035,7 +3045,7 @@
 .\" enable privileges
 .PP
 .RS 4
-This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
 net rpc rights
 or one of the Windows user and group manager tools\&. This parameter is enabled by default\&. It can be disabled to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user\&.
 .sp
@@ -3935,44 +3945,15 @@
 \fI\fIhosts deny\fR\fR\fI = \fR\fI150\&.203\&.4\&. badhost\&.mynet\&.edu\&.au\fR\fI \fR
 .RE
 
-idmap alloc config (G)
-.\" idmap alloc config
-.PP
-.RS 4
-The idmap alloc config prefix provides a means of managing settings for the backend defined by the
-\m[blue]\fBidmap alloc backend\fR\m[]
-parameter\&. Refer to the man page for each idmap plugin regarding specific configuration details\&.
-.sp
-\fINo default\fR
-.RE
-
 idmap backend (G)
 .\" idmap backend
 .PP
 .RS 4
 The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables\&.
 .sp
-This option specifies the default backend that is used when no special configuration set by
-\m[blue]\fBidmap config\fR\m[]
-matches the specific request\&.
+This option specifies the default backend that is used when no special configuration set, but it is now deprecated in favour of the new spelling
+\m[blue]\fBidmap config * : backend\fR\m[]\&.
 .sp
-This default backend also specifies the place where winbind\-generated idmap entries will be stored\&. So it is highly recommended that you specify a writable backend like
-\fBidmap_tdb\fR(8)
-or
-\fBidmap_ldap\fR(8)
-as the idmap backend\&. The
-\fBidmap_rid\fR(8)
-and
-\fBidmap_ad\fR(8)
-backends are not writable and thus will generate unexpected results if set as idmap backend\&.
-.sp
-To use the rid and ad backends, please specify them via the
-\m[blue]\fBidmap config\fR\m[]
-parameter, possibly also for the domain your machine is member of, specified by
-\m[blue]\fBworkgroup\fR\m[]\&.
-.sp
-Examples of SID/uid/gid backends include tdb (\fBidmap_tdb\fR(8)), ldap (\fBidmap_ldap\fR(8)), rid (\fBidmap_rid\fR(8)), and ad (\fBidmap_ad\fR(8))\&.
-.sp
 Default:
 \fI\fIidmap backend\fR\fR\fI = \fR\fItdb\fR\fI \fR
 .RE
@@ -3991,26 +3972,38 @@
 .\" idmap config
 .PP
 .RS 4
-The idmap config prefix provides a means of managing each trusted domain separately\&. The idmap config prefix should be followed by the name of the domain, a colon, and a setting specific to the chosen backend\&. There are three options available for all domains:
+ID mapping in Samba is the mapping between Windows SIDs and Unix user and group IDs\&. This is performed by Winbindd with a configurable plugin interface\&. Samba\'s ID mapping is configured by options starting with the
+\m[blue]\fBidmap config\fR\m[]
+prefix\&. An idmap option consists of the
+\m[blue]\fBidmap config\fR\m[]
+prefix, followed by a domain name or the asterisk character (*), a colon, and the name of an idmap setting for the chosen domain\&.
+.sp
+The idmap configuration is hence divided into groups, one group for each domain to be configured, and one group with the the asterisk instead of a proper domain name, which speifies the default configuration that is used to catch all domains that do not have an explicit idmap configuration of their own\&.
+.sp
+There are three general options available:
 .PP
 backend = backend_name
 .RS 4
-Specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain\&.
+This specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain\&. The standard backends are tdb (\fBidmap_tdb\fR(8)), tdb2 (\fBidmap_tdb2\fR(8)), ldap (\fBidmap_ldap\fR(8)), , rid (\fBidmap_rid\fR(8)), , hash (\fBidmap_hash\fR(8)), , autorid (\fBidmap_autorid\fR(8)), , ad (\fBidmap_ad\fR(8)), , adex (\fBidmap_adex\fR(8)), , and nss\&. (\fBidmap_nss\fR(8)), The corresponding manual pages contain the details, but here is a summary\&.
+.sp
+The first three of these create mappings of their own using internal unixid counters and store the mappings in a database\&. These are suitable for use in the default idmap configuration\&. The rid and hash backends use a pure algorithmic calculation to determine the unixid for a SID\&. The autorid module is a mixture of the tdb and rid backend\&. It creates ranges for each domain encountered and then uses the rid algorithm for each of these automatically configured domains individually\&. The ad and adex backends both use unix IDs stored in Active Directory via the standard schema extensions\&. The nss backend reverses the standard winbindd setup and gets the unixids via names from nsswitch which can be useful in an ldap setup\&.
 .RE
 .PP
 range = low \- high
 .RS 4
-Defines the available matching uid and gid range for which the backend is authoritative\&. Note that the range commonly matches the allocation range due to the fact that the same backend will store and retrieve SID/uid/gid mapping entries\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&. For allocating backends, this also defines the start and the end of the range for allocating new unid IDs\&.
 .sp
-winbind uses this parameter to find the backend that is authoritative for a unix ID to SID mapping, so it must be set for each individually configured domain, and it must be disjoint from the ranges set via
-\m[blue]\fBidmap uid\fR\m[]
-and
-\m[blue]\fBidmap gid\fR\m[]\&.
+winbind uses this parameter to find the backend that is authoritative for a unix ID to SID mapping, so it must be set for each individually configured domain and for the default configuration\&. The configured ranges must be mutually disjoint\&.
 .RE
+.PP
+read only = yes|no
+.RS 4
+This option can be used to turn the writing backends tdb, tdb2, and ldap into read only mode\&. This can be useful e\&.g\&. in cases where a pre\-filled database exists that should not be extended automatically\&.
+.RE
 .sp
 The following example illustrates how to configure the
 \fBidmap_ad\fR(8)
-for the CORP domain and the
+backend for the CORP domain and the
 \fBidmap_tdb\fR(8)
 backend for all other domains\&. This configuration assumes that the admin of CORP assigns unix ids below 1000000 via the SFU extensions, and winbind is supposed to use the next million entries for its own mappings from trusted domains and for local groups for example\&.
 .sp
@@ -4018,9 +4011,8 @@
 .RS 4
 .\}
 .nf
-	idmap backend = tdb
-	idmap uid = 1000000\-1999999
-	idmap gid = 1000000\-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000\-1999999
 
 	idmap config CORP : backend  = ad
 	idmap config CORP : range = 1000\-999999
@@ -4045,12 +4037,12 @@
 .\" idmap gid
 .PP
 .RS 4
-The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&.
+The idmap gid parameter specifies the range of group ids for the default idmap configuration\&. It is now deprecated in favour of
+\m[blue]\fBidmap config * : range\fR\m[]\&.
 .sp
-See also the
-\m[blue]\fBidmap backend\fR\m[], and
+See the
 \m[blue]\fBidmap config\fR\m[]
-options\&.
+option\&.
 .sp
 Default:
 \fI\fIidmap gid\fR\fR\fI = \fR\fI\fR\fI \fR
@@ -4081,13 +4073,12 @@
 .\" idmap uid
 .PP
 .RS 4
-The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&.
+The idmap uid parameter specifies the range of user ids for the default idmap configuration\&. It is now deprecated in favour of
+\m[blue]\fBidmap config * : range\fR\m[]\&.
 .sp
-See also the
-\m[blue]\fBidmap backend\fR\m[]
-and
+See the
 \m[blue]\fBidmap config\fR\m[]
-options\&.
+option\&.
 .sp
 Default:
 \fI\fIidmap uid\fR\fR\fI = \fR\fI\fR\fI \fR
@@ -6770,6 +6761,22 @@
 \fI\fIname resolve order\fR\fR\fI = \fR\fIlmhosts bcast host\fR\fI \fR
 .RE
 
+ncalrpc dir (G)
+.\" ncalrpc dir
+.PP
+.RS 4
+This directory will hold a series of named pipes to allow RPC over inter\-process communication\&.
+.sp
+\&.
+	This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP\&. Additionally a sub\-directory \'np\' has restricted permissions, and allows a trusted communication channel between Samba processes
+.sp
+Default:
+\fI\fIncalrpc dir\fR\fR\fI = \fR\fI${prefix}/var/ncalrpc\fR\fI \fR
+.sp
+Example:
+\fI\fIncalrpc dir\fR\fR\fI = \fR\fI/var/run/samba/ncalrpc\fR\fI \fR
+.RE
+
 netbios aliases (G)
 .\" netbios aliases
 .PP
@@ -7320,7 +7327,7 @@
 .RS 4
 Some client/server combinations have difficulty with mixed\-case passwords\&. One offending client is Windows for Workgroups, which for some reason forces passwords to upper case when using the LANMAN1 protocol, but leaves them alone when using COREPLUS! Another problem child is the Windows 95/98 family of operating systems\&. These clients upper case clear text passwords even when NT LM 0\&.12 selected by the protocol negotiation request/response\&.
 .sp
-This parameter defines the maximum number of characters that may be upper case in passwords\&.
+This deprecated parameter defines the maximum number of characters that may be upper case in passwords\&.
 .sp
 For example, say the password given was "FRED"\&. If
 \fI password level\fR
@@ -7358,61 +7365,31 @@
 security = [ads|domain|server]
 it is possible to get Samba to do all its username/password validation using a specific remote server\&.
 .sp
-This option sets the name or IP address of the password server to use\&. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm\&. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e\&.g\&. 192\&.168\&.1\&.100:389)\&. If you do not specify a port, Samba will use the standard LDAP port of tcp/389\&. Note that port numbers have no effect on password servers for Windows NT 4\&.0 domains or netbios connections\&.
-.sp
-If parameter is a name, it is looked up using the parameter
-\m[blue]\fBname resolve order\fR\m[]
-and so may resolved by any method and order described in that parameter\&.
-.sp
-The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&.
-.if n \{\
-.sp
-.\}
-.RS 4
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBNote\fR
-.ps -1
-.br
-Using a password server means your UNIX box (running Samba) is only as secure as your password server\&.
-\fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&.
-.sp .5v
-.RE
-Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server!
-.sp
-The name of the password server takes the standard substitutions, but probably the only useful one is
-\fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow!
-.sp
 If the
 \fIsecurity\fR
 parameter is set to
 \fBdomain\fR
 or
-\fBads\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character \'*\', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using
-security = domain
-is that if you list several hosts in the
+\fBads\fR, then this option
+\fIshould not\fR
+be used, as the default \'*\' indicates to Samba to determine the best DC to contact dynamically, just as all other hosts in an AD domain do\&. This allows the domain to be maintained without modification to the smb\&.conf file\&. The cryptograpic protection on the authenticated RPC calls used to verify passwords ensures that this default is safe\&.
+.sp
+\fIIt is strongly recommended that you use the default of \'*\'\fR, however if in your particular environment you have reason to specify a particular DC list, then the list of machines in this option must be a list of names or IP addresses of Domain controllers for the Domain\&. If you use the default of \'*\', or list several hosts in the
 \fIpassword server\fR
 option then
 smbd
 will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&.
 .sp
-If the
-\fIpassword server\fR
-option is set to the character \'*\', then Samba will attempt to auto\-locate the Primary or Backup Domain controllers to authenticate against by doing a query for the name
-\fBWORKGROUP<1C>\fR
-and then contacting each server returned in the list of IP addresses from the name resolution source\&.
-.sp
 If the list of servers contains both names/IP\'s and the \'*\' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC\'s will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&.
 .sp
+If parameter is a name, it is looked up using the parameter
+\m[blue]\fBname resolve order\fR\m[]
+and so may resolved by any method and order described in that parameter\&.
+.sp
 If the
 \fIsecurity\fR
 parameter is set to
-\fBserver\fR, then there are different restrictions that
-security = domain
-doesn\'t suffer from:
+\fBserver\fR, these additional restrictions apply:
 .sp
 .RS 4
 .ie n \{\
@@ -7440,12 +7417,69 @@
 .sp -1
 .IP \(bu 2.3
 .\}
-If you are using a Windows NT server as your password server then you will have to ensure that your users are able to login from the Samba server, as when in
+You will have to ensure that your users are able to login from the Samba server, as when in
 security = server
-mode the network logon will appear to come from there rather than from the users workstation\&.
+mode the network logon will appear to come from the Samba server rather than from the users workstation\&.
 .RE
 .sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The client must not select NTLMv2 authentication\&.
 .RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Using a password server means your UNIX box (running Samba) is only as secure as (a host masqurading as) your password server\&.
+\fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server!
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The name of the password server takes the standard substitutions, but probably the only useful one is
+\fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow!
+.RE
+.sp
+.RE
 Default:
 \fI\fIpassword server\fR\fR\fI = \fR\fI*\fR\fI \fR
 .sp
@@ -8454,27 +8488,22 @@
 security = user, as this is the most common setting needed when talking to Windows 98 and Windows NT\&.
 .sp
 The alternatives are
-security = share,
-security = server
+security = ads
 or
-security = domain\&.
+security = domain, which support joining Samba to a Windows domain, along with
+security = share
+and
+security = server, both of which are deprecated\&.
 .sp
 In versions of Samba prior to 2\&.0\&.0, the default was
 security = share
 mainly because that was the only option at one stage\&.
 .sp
-There is a bug in WfWg that has relevance to this setting\&. When in user or server level security a WfWg client will totally ignore the username and password you type in the "connect drive" dialog box\&. This makes it very difficult (if not impossible) to connect to a Samba service as anyone except the user that you are logged into WfWg as\&.
-.sp
-If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use
-security = user\&. If you mostly use usernames that don\'t exist on the UNIX box then use
-security = share\&.
-.sp
-You should also use
-security = share
-if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&. It is more difficult to setup guest shares with
-security = user, see the
+You should use
+security = user
+and
 \m[blue]\fBmap to guest\fR\m[]
-parameter for details\&.
+if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&.
 .sp
 It is possible to use
 smbd
@@ -8485,8 +8514,80 @@
 .sp
 The different settings will now be explained\&.
 .sp
+\fISECURITY = USER\fR
+.sp
+This is the default security setting in Samba\&. With user\-level security a client must first "log\-on" with a valid username and password (which can be mapped using the
+\m[blue]\fBusername map\fR\m[]
+parameter)\&. Encrypted passwords (see the
+\m[blue]\fBencrypted passwords\fR\m[]
+parameter) can also be used in this security mode\&. Parameters such as
+\m[blue]\fBuser\fR\m[]
+and
+\m[blue]\fBguest only\fR\m[]
+if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated\&.
+.sp
+\fINote\fR
+that the name of the resource being requested is
+\fInot\fR
+sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the
+\m[blue]\fBguest account\fR\m[]\&. See the
+\m[blue]\fBmap to guest\fR\m[]
+parameter for details on doing this\&.
+.sp
+See also the section
+NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
+.sp
+\fISECURITY = DOMAIN\fR
+.sp
+This mode will only work correctly if
+\fBnet\fR(8)
+has been used to add this machine into a Windows NT Domain\&. It expects the
+\m[blue]\fBencrypted passwords\fR\m[]
+parameter to be set to
+\fByes\fR\&. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do\&.
+.sp
+\fINote\fR
+that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to\&.
+.sp
+\fINote\fR
+that from the client\'s point of view
+security = domain
+is the same as
+security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
+.sp
+\fINote\fR
+that the name of the resource being requested is
+\fInot\fR
+sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the
+\m[blue]\fBguest account\fR\m[]\&. See the
+\m[blue]\fBmap to guest\fR\m[]
+parameter for details on doing this\&.
+.sp
+See also the section
+NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
+.sp
+See also the
+\m[blue]\fBpassword server\fR\m[]
+parameter and the
+\m[blue]\fBencrypted passwords\fR\m[]
+parameter\&.
+.sp
 \fISECURITY = SHARE\fR
+.if n \{\
 .sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This option is deprecated as it is incompatible with SMB2
+.sp .5v
+.RE
 When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a
 security = share
 server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&.
@@ -8596,67 +8697,9 @@
 See also the section
 NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
 .sp
-\fISECURITY = USER\fR
-.sp
-This is the default security setting in Samba 3\&.0\&. With user\-level security a client must first "log\-on" with a valid username and password (which can be mapped using the
-\m[blue]\fBusername map\fR\m[]
-parameter)\&. Encrypted passwords (see the
-\m[blue]\fBencrypted passwords\fR\m[]
-parameter) can also be used in this security mode\&. Parameters such as
-\m[blue]\fBuser\fR\m[]
-and
-\m[blue]\fBguest only\fR\m[]
-if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated\&.
-.sp
-\fINote\fR
-that the name of the resource being requested is
-\fInot\fR
-sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the
-\m[blue]\fBguest account\fR\m[]\&. See the
-\m[blue]\fBmap to guest\fR\m[]
-parameter for details on doing this\&.
-.sp
-See also the section
-NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
-.sp
-\fISECURITY = DOMAIN\fR
-.sp
-This mode will only work correctly if
-\fBnet\fR(8)
-has been used to add this machine into a Windows NT Domain\&. It expects the
-\m[blue]\fBencrypted passwords\fR\m[]
-parameter to be set to
-\fByes\fR\&. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do\&.
-.sp
-\fINote\fR
-that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to\&.
-.sp
-\fINote\fR
-that from the client\'s point of view
-security = domain
-is the same as
-security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
-.sp
-\fINote\fR
-that the name of the resource being requested is
-\fInot\fR
-sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the
-\m[blue]\fBguest account\fR\m[]\&. See the
-\m[blue]\fBmap to guest\fR\m[]
-parameter for details on doing this\&.
-.sp
-See also the section
-NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
-.sp
-See also the
-\m[blue]\fBpassword server\fR\m[]
-parameter and the
-\m[blue]\fBencrypted passwords\fR\m[]
-parameter\&.
-.sp
 \fISECURITY = SERVER\fR
 .sp
-In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to
+In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to
 security = user\&. It expects the
 \m[blue]\fBencrypted passwords\fR\m[]
 parameter to be set to
@@ -8675,7 +8718,7 @@
 \fBNote\fR
 .ps -1
 .br
-This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authentications to the Samba server may fail (from a single client, till it disconnects)\&.
+This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consumption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and further authentications to the Samba server may fail (from a single client, till it disconnects)\&.
 .sp .5v
 .RE
 .if n \{\
@@ -8690,12 +8733,43 @@
 \fBNote\fR
 .ps -1
 .br
+If the client selects NTLMv2 authentication, then this mode of operation
+\fIwill fail\fR
+.sp .5v
+.RE
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
 From the client\'s point of view,
 security = server
 is the same as
 security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
 .sp .5v
 .RE
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This option is deprecated, and may be removed in future
+.sp .5v
+.RE
 \fINote\fR
 that the name of the resource being requested is
 \fInot\fR
@@ -9965,7 +10039,7 @@
 .RS 4
 Multiple users may be specified in a comma\-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&.
 .sp
-The
+The deprecated
 \fIusername\fR
 line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \e\eserver\eshare%user syntax instead\&.
 .sp
@@ -10122,7 +10196,7 @@
 .\" use spnego
 .PP
 .RS 4
-This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&.
+This deprecated variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&.
 .sp
 Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&.
 .sp

Modified: branches/samba/experimental/docs/manpages/smbcacls.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbcacls.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbcacls.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbcacls
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBCACLS" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBCACLS" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbclient.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbclient.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbclient.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbclient
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBCLIENT" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBCLIENT" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbcontrol.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbcontrol.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbcontrol.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbcontrol
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBCONTROL" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBCONTROL" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbcquotas.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbcquotas.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbcquotas.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbcquotas
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBCQUOTAS" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBCQUOTAS" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbd.8
===================================================================
--- branches/samba/experimental/docs/manpages/smbd.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbd.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBD" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "SMBD" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbget.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbget.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbget.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbget
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBGET" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBGET" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbgetrc.5
===================================================================
--- branches/samba/experimental/docs/manpages/smbgetrc.5	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbgetrc.5	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbgetrc
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBGETRC" "5" "05/17/2011" "Samba 3\&.6" "File Formats and Conventions"
+.TH "SMBGETRC" "5" "06/07/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbpasswd.5
===================================================================
--- branches/samba/experimental/docs/manpages/smbpasswd.5	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbpasswd.5	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbpasswd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBPASSWD" "5" "05/17/2011" "Samba 3\&.6" "File Formats and Conventions"
+.TH "SMBPASSWD" "5" "06/07/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbpasswd.8
===================================================================
--- branches/samba/experimental/docs/manpages/smbpasswd.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbpasswd.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbpasswd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBPASSWD" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "SMBPASSWD" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbspool.8
===================================================================
--- branches/samba/experimental/docs/manpages/smbspool.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbspool.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbspool
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBSPOOL" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "SMBSPOOL" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbstatus.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbstatus.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbstatus.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbstatus
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBSTATUS" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBSTATUS" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbta-util.8
===================================================================
--- branches/samba/experimental/docs/manpages/smbta-util.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbta-util.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbta-util
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBTA\-UTIL" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "SMBTA\-UTIL" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -24,18 +24,18 @@
 .HP \w'\ 'u
 smbta\-util
 .HP \w'\ 'u
-smbta\-util [\fICOMMANDS\fR...]
+smbta\-util [\fIOPTIONS\fR...]
 .SH "DESCRIPTION"
 .PP
 This tool is part of the
-\fBsamba\fR(1)
+\fBsamba\fR(7)
 suite\&.
 .PP
 smbta\-util
 is a tool to ease the configuration of the vfs_smb_traffic_analyzer module regarding data encryption\&.
 .PP
 The user can generate a key, install a key (activating encryption), or uninstall a key (deactivating encryption)\&. Any operation that installs a key will create a File containing the key\&. This file can be used by smbta\-tool on other machines to install the same key from the file\&.
-.SH "COMMANDS"
+.SH "OPTIONS"
 .PP
 \fB\-h\fR
 .RS 4
@@ -68,7 +68,7 @@
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 3\&.4 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "AUTHOR"
 .PP
 The original version of smbta\-util was created by Holger Hetterich\&.

Modified: branches/samba/experimental/docs/manpages/smbtar.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbtar.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbtar.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbtar
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBTAR" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBTAR" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/smbtree.1
===================================================================
--- branches/samba/experimental/docs/manpages/smbtree.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/smbtree.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smbtree
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMBTREE" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "SMBTREE" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/swat.8
===================================================================
--- branches/samba/experimental/docs/manpages/swat.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/swat.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: swat
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SWAT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "SWAT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/tdbbackup.8
===================================================================
--- branches/samba/experimental/docs/manpages/tdbbackup.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/tdbbackup.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: tdbbackup
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "TDBBACKUP" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "TDBBACKUP" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/tdbdump.8
===================================================================
--- branches/samba/experimental/docs/manpages/tdbdump.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/tdbdump.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: tdbdump
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "TDBDUMP" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "TDBDUMP" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/tdbtool.8
===================================================================
--- branches/samba/experimental/docs/manpages/tdbtool.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/tdbtool.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: tdbtool
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "TDBTOOL" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "TDBTOOL" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/testparm.1
===================================================================
--- branches/samba/experimental/docs/manpages/testparm.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/testparm.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: testparm
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "TESTPARM" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "TESTPARM" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_acl_tdb.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_acl_tdb.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_acl_tdb.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_acl_tdb
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_ACL_TDB" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_ACL_TDB" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_acl_xattr.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_acl_xattr.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_acl_xattr.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_acl_xattr
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_ACL_XATTR" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_ACL_XATTR" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_audit.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_audit.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_audit.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_audit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_AUDIT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_AUDIT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_cacheprime.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_cacheprime.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_cacheprime.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_cacheprime
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_CACHEPRIME" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_CACHEPRIME" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_cap.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_cap.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_cap.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_cap
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_CAP" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_CAP" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_catia.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_catia.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_catia.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_catia
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_CATIA" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_CATIA" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_commit.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_commit.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_commit.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_commit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_COMMIT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_COMMIT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_crossrename.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_crossrename.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_crossrename.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_crossrename
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_CROSSRENAME" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_CROSSRENAME" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_default_quota.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_default_quota.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_default_quota.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_default_quota
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_DEFAULT_QUOTA" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_DEFAULT_QUOTA" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_dirsort.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_dirsort.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_dirsort.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_dirsort
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_DIRSORT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_DIRSORT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_extd_audit.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_extd_audit.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_extd_audit.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_extd_audit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_EXTD_AUDIT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_EXTD_AUDIT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_fake_perms.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_fake_perms.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_fake_perms.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_fake_perms
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_FAKE_PERMS" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_FAKE_PERMS" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_fileid.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_fileid.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_fileid.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_fileid
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_FILEID" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_FILEID" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_full_audit.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_full_audit.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_full_audit.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_full_audit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_FULL_AUDIT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_FULL_AUDIT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_gpfs.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_gpfs.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_gpfs.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_gpfs
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_GPFS" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_GPFS" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_netatalk.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_netatalk.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_netatalk.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_netatalk
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_NETATALK" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_NETATALK" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_notify_fam.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_notify_fam.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_notify_fam.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_notify_fam
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_NOTIFY_FAM" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_NOTIFY_FAM" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_prealloc.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_prealloc.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_prealloc.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_prealloc
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_PREALLOC" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_PREALLOC" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_preopen.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_preopen.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_preopen.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_preopen
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_PREOPEN" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_PREOPEN" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_readahead.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_readahead.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_readahead.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_readahead
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_READAHEAD" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_READAHEAD" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_readonly.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_readonly.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_readonly.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_readonly
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_READONLY" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_READONLY" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_recycle.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_recycle.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_recycle.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_recycle
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_RECYCLE" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_RECYCLE" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_scannedonly.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_scannedonly.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_scannedonly.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_scannedonly
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_SCANNEDONLY" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_SCANNEDONLY" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_shadow_copy.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_shadow_copy.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_shadow_copy.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_shadow_copy
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_SHADOW_COPY" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_SHADOW_COPY" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_shadow_copy2.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_shadow_copy2.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_shadow_copy2.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_shadow_copy2
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_SHADOW_COPY2" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_SHADOW_COPY2" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_smb_traffic_analyzer.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_smb_traffic_analyzer.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_smb_traffic_analyzer.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: smb_traffic_analyzer
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "SMB_TRAFFIC_ANALYZER" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "SMB_TRAFFIC_ANALYZER" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 .PP
 The
 vfs_smb_traffic_analyzer
-VFS module logs client file operations on a Samba server and sends this data over a socket to a helper program (in the following the "Receiver"), which feeds a SQL database\&. More information on the helper programs can be obtained from the homepage of the project at: http://holger123\&.wordpress\&.com/smb\-traffic\-analyzer/ Since the VFS module depends on a receiver that is doing something with the data, it is evolving in it\'s development\&. Therefore, the module works with different protocol versions, and the receiver has to be able to decode the protocol that is used\&. The protocol version 1 was introduced to Samba at September 25, 2008\&. It was a very simple protocol, supporting only a small list of VFS operations, and had several drawbacks\&. The protocol version 2 is a try to solve the problems version 1 had while at the same time adding new features\&.
+VFS module logs client file operations on a Samba server and sends this data over a socket to a helper program (in the following the "Receiver"), which feeds a SQL database\&. More information on the helper programs can be obtained from the homepage of the project at: http://holger123\&.wordpress\&.com/smb\-traffic\-analyzer/ Since the VFS module depends on a receiver that is doing something with the data, it is evolving in it\'s development\&. Therefore, the module works with different protocol versions, and the receiver has to be able to decode the protocol that is used\&. The protocol version 1 was introduced to Samba at September 25, 2008\&. It was a very simple protocol, supporting only a small list of VFS operations, and had several drawbacks\&. The protocol version 2 is a try to solve the problems version 1 had while at the same time adding new features\&. With the release of Samba 3\&.6\&.0, the module will run protocol version 2 by default\&.
 .SH "PROTOCOL VERSION 1 DOCUMENTATION"
 .PP
 vfs_smb_traffic_analyzer
@@ -149,7 +149,19 @@
 \- a timestamp, formatted as "yyyy\-mm\-dd hh\-mm\-ss\&.ms" indicating when the VFS operation occured
 .RE
 .sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+IP
+\- The IP Address (v4 or v6) of the client machine that initiated the VFS operation\&.
 .RE
+.sp
+.RE
 .PP
 This module is stackable\&.
 .SH "DRAWBACKS OF PROTOCOL VERSION 1"
@@ -230,7 +242,7 @@
 .sp -1
 .IP \(bu 2.3
 .\}
-The module now can identify itself against the receiver with a sub\-release number, where the receiver may run with a different sub\-release number than the module\&. However, as long as both run on the V2\&.x protocol, the receiver will not crash, even if the module uses features only implemented in the newer subrelease\&. Ultimativly, if the module uses a new feature from a newer subrelease, and the receiver runs an older protocol, it is just ignoring the functionality\&. Of course it is best to have both the receiver and the module running the same subrelease of the protocol\&.
+The module now can identify itself against the receiver with a sub\-release number, where the receiver may run with a different sub\-release number than the module\&. However, as long as both run on the V2\&.x protocol, the receiver will not crash, even if the module uses features only implemented in the newer subrelease\&. If the module uses a new feature from a newer subrelease, and the receiver runs an older protocol, it is just ignoring the functionality\&. Of course it is best to have both the receiver and the module running the same subrelease of the protocol\&.
 .RE
 .sp
 .RS 4
@@ -287,7 +299,7 @@
 .PP
 smb_traffic_analyzer:protocol_version = STRING
 .RS 4
-If STRING matches to V1 or is not given at all, the module will use version 1 of the protocol\&. If STRING matches to "V2" the module will use version 2 of the protocol\&.
+If STRING matches to V1, the module will use version 1 of the protocol\&. If STRING is not given, the module will use version 2 of the protocol, which is the default\&.
 .RE
 .SH "EXAMPLES"
 .PP
@@ -300,7 +312,6 @@
 	\fI[example_share]\fR
 	\m[blue]\fBpath = /data/example\fR\m[]
 	\m[blue]\fBvfs_objects = smb_traffic_analyzer\fR\m[]
-	\m[blue]\fBsmb_traffic_analyzer:protocol_version = V2\fR\m[]
 	\m[blue]\fBsmb_traffic_analyzer:host = examplehost\fR\m[]
 	\m[blue]\fBsmb_traffic_analyzer:port = 3491\fR\m[]
 	

Modified: branches/samba/experimental/docs/manpages/vfs_streams_depot.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_streams_depot.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_streams_depot.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_streams_depot
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_STREAMS_DEPOT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_STREAMS_DEPOT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_streams_xattr.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_streams_xattr.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_streams_xattr.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_streams_xattr
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_STREAMS_XATTR" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_STREAMS_XATTR" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_time_audit.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_time_audit.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_time_audit.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_time_audit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_TIME_AUDIT" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_TIME_AUDIT" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfs_xattr_tdb.8
===================================================================
--- branches/samba/experimental/docs/manpages/vfs_xattr_tdb.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfs_xattr_tdb.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfs_xattr_tdb
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFS_XATTR_TDB" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "VFS_XATTR_TDB" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/vfstest.1
===================================================================
--- branches/samba/experimental/docs/manpages/vfstest.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/vfstest.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: vfstest
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "VFSTEST" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "VFSTEST" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/wbinfo.1
===================================================================
--- branches/samba/experimental/docs/manpages/wbinfo.1	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/wbinfo.1	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: wbinfo
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "WBINFO" "1" "05/17/2011" "Samba 3\&.6" "User Commands"
+.TH "WBINFO" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -326,7 +326,7 @@
 .PP
 \-U|\-\-uid\-to\-sid \fIuid\fR
 .RS 4
-Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap uid range then the operation will fail\&.
+Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap range then the operation will fail\&.
 .RE
 .PP
 \-\-verbose

Modified: branches/samba/experimental/docs/manpages/winbind_krb5_locator.7
===================================================================
--- branches/samba/experimental/docs/manpages/winbind_krb5_locator.7	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/winbind_krb5_locator.7	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: winbind_krb5_locator
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: 7
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "WINBIND_KRB5_LOCATOR" "7" "05/17/2011" "Samba 3\&.6" "7"
+.TH "WINBIND_KRB5_LOCATOR" "7" "06/07/2011" "Samba 3\&.6" "7"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------

Modified: branches/samba/experimental/docs/manpages/winbindd.8
===================================================================
--- branches/samba/experimental/docs/manpages/winbindd.8	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs/manpages/winbindd.8	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,12 +2,12 @@
 .\"     Title: winbindd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 05/17/2011
+.\"      Date: 06/07/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
-.TH "WINBINDD" "8" "05/17/2011" "Samba 3\&.6" "System Administration tools"
+.TH "WINBINDD" "8" "06/07/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
@@ -39,11 +39,9 @@
 ntlm_auth
 and the
 pam_winbind\&.so
-PAM module, by managing connections to domain controllers\&. In this configuraiton the
-\m[blue]\fBidmap uid\fR\m[]
-and
-\m[blue]\fBidmap gid\fR\m[]
-parameters are not required\&. (This is known as `netlogon proxy only mode\'\&.)
+PAM module, by managing connections to domain controllers\&. In this configuration the
+\m[blue]\fBidmap config * : range\fR\m[]
+parameter is not required\&. (This is known as `netlogon proxy only mode\'\&.)
 .PP
 The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured through the
 /etc/nsswitch\&.conf
@@ -265,7 +263,7 @@
 .IP \(bu 2.3
 .\}
 
-\m[blue]\fBidmap uid\fR\m[]
+\m[blue]\fBidmap config * : range\fR\m[]
 .RE
 .sp
 .RS 4
@@ -277,7 +275,7 @@
 .IP \(bu 2.3
 .\}
 
-\m[blue]\fBidmap gid\fR\m[]
+\m[blue]\fBidmap config * : backend\fR\m[]
 .RE
 .sp
 .RS 4
@@ -289,18 +287,6 @@
 .IP \(bu 2.3
 .\}
 
-\m[blue]\fBidmap backend\fR\m[]
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
 \m[blue]\fBwinbind cache time\fR\m[]
 .RE
 .sp
@@ -478,8 +464,7 @@
         winbind cache time = 10
         template shell = /bin/bash
         template homedir = /home/%D/%U
-        idmap uid = 10000\-20000
-        idmap gid = 10000\-20000
+        idmap config * : range = 10000\-20000
         workgroup = DOMAIN
         security = domain
         password server = *
@@ -507,7 +492,7 @@
 .PP
 If more than one UNIX machine is running
 winbindd, then in general the user and groups ids allocated by winbindd will not be the same\&. The user and group ids will only be valid for the local machine, unless a shared
-\m[blue]\fBidmap backend\fR\m[]
+\m[blue]\fBidmap config * : backend\fR\m[]
 is configured\&.
 .PP
 If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\&.

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_ad.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_ad.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_ad.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -85,9 +85,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
 
 	idmap config CORP : backend  = ad
 	idmap config CORP : range = 1000-999999

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_adex.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_adex.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_adex.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -66,9 +66,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = adex
-	idmap uid = 1000-4000000000
-	idmap gid = 1000-4000000000
+	idmap config * : backend = adex
+	idmap config * : range = 1000-4000000000
 
 	winbind nss info = adex
 	winbind normalize names = yes

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_autorid.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_autorid.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_autorid.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -88,9 +88,8 @@
 	workgroup = CUSTOMER
 	realm = CUSTOMER.COM
 
-	idmap backend = autorid
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = autorid
+	idmap config * : range = 1000000-1999999
 
 	</programlisting>
 
@@ -98,7 +97,7 @@
 		This example shows how to configure idmap_autorid as default
 		for all domains with a potentially large amount of users
 		plus a specific configuration for a trusted domain
-		that uses the SFU mapping scheme. Please note that idmap uid/gid
+		that uses the SFU mapping scheme. Please note that idmap
 		ranges and sfu ranges are not allowed to overlap.
 	</para>
 
@@ -108,10 +107,9 @@
 	workgroup = CUSTOMER
 	realm = CUSTOMER.COM
 
-	idmap backend = autorid
+	idmap config * : backend = autorid
+	idmap config * : range = 1000000-19999999
 	autorid:rangesize = 1000000
-	idmap uid = 1000000-19999999
-	idmap gid = 1000000-19999999
 
 	idmap config TRUSTED : backend  = ad
 	idmap config TRUSTED : range    = 50000 - 99999

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_hash.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_hash.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_hash.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -52,9 +52,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = hash
-	idmap uid = 1000-4000000000
-	idmap gid = 1000-4000000000
+	idmap config * : backend = hash
+	idmap config * : range = 1000-4000000000
 
 	winbind nss info = hash
 	winbind normalize names = yes

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_ldap.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_ldap.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_ldap.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -27,26 +27,9 @@
 	<para>
 	In contrast to read only backends like idmap_rid, it is an allocating
 	backend: This means that it needs to allocate new user and group IDs in
-	order to create new mappings. The allocator can be provided by the
-	idmap_ldap backend itself or by any other allocating backend like
-	idmap_tdb or idmap_tdb2. This is configured with the
-	parameter <parameter>idmap alloc backend</parameter>.
+	order to create new mappings.
 	</para>
 
-	<para>
-	Note that in order for this (or any other allocating) backend to
-	function at all, the default backend needs to be writeable.
-	The ranges used for uid and gid allocation are the default ranges
-	configured by "idmap uid" and "idmap gid".
-	</para>
-
-	<para>
-	Furthermore, since there is only one global allocating backend
-	responsible for all domains using writeable idmap backends,
-	any explicitly configured domain with idmap backend ldap
-	should have the same range as the default range, since it needs
-	to use the global uid / gid allocator. See the example below.
-	</para>
 </refsynopsisdiv>
 
 <refsect1>
@@ -56,7 +39,7 @@
 		<varlistentry>
 		<term>ldap_base_dn = DN</term>
 		<listitem><para>
-			Defines the directory base suffix to use when searching for
+			Defines the directory base suffix to use for
 			SID/uid/gid mapping entries.  If not defined, idmap_ldap will default
 			to using the "ldap idmap suffix" option from smb.conf.
 		</para></listitem>
@@ -65,15 +48,21 @@
 		<varlistentry>
 		<term>ldap_user_dn = DN</term>
 		<listitem><para>
-			Defines the user DN to be used for authentication. If absent an
-			anonymous bind will be performed.
+			Defines the user DN to be used for authentication.
+			The secret for authenticating this user should be
+			stored with net idmap secret
+			(see <citerefentry><refentrytitle>net</refentrytitle>
+			<manvolnum>8</manvolnum></citerefentry>).
+			If absent, the ldap credentials from the ldap passdb configuration
+			are used, and if these are also absent, an anonymous
+			bind will be performed as last fallback.
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
 		<term>ldap_url = ldap://server/</term>
 		<listitem><para>
-			Specifies the LDAP server to use when searching for existing
+			Specifies the LDAP server to use for
 			SID/uid/gid map entries. If not defined, idmap_ldap will
 			assume that ldap://localhost/ should be used.
 		</para></listitem>
@@ -84,64 +73,50 @@
                 <listitem><para>
 			Defines the available matching uid and gid range for which the
 			backend is authoritative.
-			If the parameter is absent, Winbind fails over to use the
-			"idmap uid" and "idmap gid" options
-			from smb.conf.
                 </para></listitem>
                 </varlistentry>
 	</variablelist>
 </refsect1>
 
 <refsect1>
-	<title>IDMAP ALLOC OPTIONS</title>
+	<title>EXAMPLES</title>
 
-	<variablelist>
-		<varlistentry>
-		<term>ldap_base_dn = DN</term>
-		<listitem><para>
-			Defines the directory base suffix under which new SID/uid/gid mapping
-			entries should be stored.  If not defined, idmap_ldap will default
-			to using the "ldap idmap suffix" option from smb.conf.
-		</para></listitem>
-		</varlistentry>
+	<para>
+	The following example shows how an ldap directory is used as the
+	default idmap backend. It also configures the idmap range and base
+	directory suffix. The secret for the ldap_user_dn has to be set with
+	"net idmap secret '*' password".
+	</para>
 
-		<varlistentry>
-		<term>ldap_user_dn = DN</term>
-		<listitem><para>
-			Defines the user DN to be used for authentication. If absent an
-			anonymous bind will be performed.
-		</para></listitem>
-		</varlistentry>
+	<programlisting>
+	[global]
+	idmap config * : backend      = ldap
+	idmap config * : range        = 1000000-1999999
+	idmap config * : ldap_url     = ldap://localhost/
+	idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+	idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+	</programlisting>
 
-		<varlistentry>
-		<term>ldap_url = ldap://server/</term>
-		<listitem><para>
-			Specifies the LDAP server to which modify/add/delete requests should
-			be sent.  If not defined, idmap_ldap will assume that ldap://localhost/
-			should be used.
-		</para></listitem>
-		</varlistentry>
-	</variablelist>
-</refsect1>
-
-<refsect1>
-	<title>EXAMPLES</title>
-
 	<para>
-	The follow sets of a LDAP configuration which uses two LDAP
-	directories, one for storing the ID mappings and one for retrieving
-	new IDs.
+	This example shows how ldap can be used as a readonly backend while
+	tdb is the default backend used to store the mappings.
+	It adds an explicit configuration for some domain DOM1, that
+	uses the ldap idmap backend. Note that a range disjoint from the
+	default range is used.
 	</para>
 
 	<programlisting>
 	[global]
-	idmap backend = ldap:ldap://localhost/
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
 
-	idmap alloc backend = ldap
-	idmap alloc config : ldap_url	= ldap://id-master/
-	idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+	idmap config DOM1 : backend = ldap
+	idmap config DOM1 : range = 2000000-2999999
+	idmap config DOM1 : read only = yes
+	idmap config DOM1 : ldap_url = ldap://server/
+	idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+	idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
 	</programlisting>
 </refsect1>
 

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_nss.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_nss.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_nss.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -38,9 +38,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
 
 	idmap config SAMBA : backend  = nss
 	idmap config SAMBA : range = 1000-999999

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_rid.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_rid.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_rid.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -106,9 +106,8 @@
 	security = domain
 	workgroup = MAIN
 
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend        = tdb
+	idmap config * : range          = 1000000-1999999
 
 	idmap config MAIN : backend     = rid
 	idmap config MAIN : range       = 10000 - 49999

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_tdb.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_tdb.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_tdb.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -27,26 +27,8 @@
 	<para>
 	In contrast to read only backends like idmap_rid, it is an allocating
 	backend: This means that it needs to allocate new user and group IDs in
-	order to create new mappings. The allocator can be provided by the
-	idmap_tdb backend itself or by any other allocating backend like
-	idmap_ldap or idmap_tdb2. This is configured with the
-	parameter <parameter>idmap alloc backend</parameter>.
+	order to create new mappings.
 	</para>
-
-	<para>
-	Note that in order for this (or any other allocating) backend to
-	function at all, the default backend needs to be writeable.
-	The ranges used for uid and gid allocation are the default ranges
-	configured by "idmap uid" and "idmap gid".
-	</para>
-
-	<para>
-	Furthermore, since there is only one global allocating backend
-	responsible for all domains using writeable idmap backends,
-	any explicitly configured domain with idmap backend tdb
-	should have the same range as the default range, since it needs
-	to use the global uid / gid allocator. See the example below.
-	</para>
 </refsynopsisdiv>
 
 <refsect1>
@@ -58,9 +40,6 @@
                 <listitem><para>
 			Defines the available matching uid and gid range for which the
 			backend is authoritative.
-			If the parameter is absent, Winbind fails over to use
-			the "idmap uid" and "idmap gid" options
-			from smb.conf.
                 </para></listitem>
                 </varlistentry>
 	</variablelist>
@@ -71,39 +50,15 @@
 
 	<para>
 	This example shows how tdb is used as a the default idmap backend.
-	It configures the idmap range through the global options for all
-	domains encountered. This same range is used for uid/gid allocation.
+	This configured range is used for uid and gid allocation.
 	</para>
 
 	<programlisting>
 	[global]
-	# "idmap backend = tdb" is redundant here since it is the default
-	idmap backend = tdb
-	idmap uid = 1000000-2000000
-	idmap gid = 1000000-2000000
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-2000000
 	</programlisting>
-
-	<para>
-	This (rather theoretical) example shows how tdb can be used as the
-	allocating backend while ldap is the default backend used to store
-	the mappings.
-	It adds an explicit configuration for some domain DOM1, that
-	uses the tdb idmap backend. Note that the same range as the
-	default uid/gid range is used, since the allocator has to serve
-	both the default backend and the explicitly configured domain DOM1.
-	</para>
-
-	<programlisting>
-	[global]
-	idmap backend = ldap
-	idmap uid = 1000000-2000000
-	idmap gid = 1000000-2000000
-	# use a different uid/gid allocator:
-	idmap alloc backend = tdb
-
-	idmap config DOM1 : backend = tdb
-	idmap config DOM1 : range = 1000000-2000000
-	</programlisting>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/idmap_tdb2.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/idmap_tdb2.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/idmap_tdb2.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -28,26 +28,8 @@
 	<para>
 	In contrast to read only backends like idmap_rid, it is an allocating
 	backend: This means that it needs to allocate new user and group IDs in
-	order to create new mappings. The allocator can be provided by the
-	idmap_tdb2 backend itself or by any other allocating backend like
-	idmap_tdb or idmap_ldap. This is configured with the
-	parameter <parameter>idmap alloc backend</parameter>.
+	order to create new mappings.
 	</para>
-
-	<para>
-	Note that in order for this (or any other allocating) backend to
-	function at all, the default backend needs to be writeable.
-	The ranges used for uid and gid allocation are the default ranges
-	configured by "idmap uid" and "idmap gid".
-	</para>
-
-	<para>
-	Furthermore, since there is only one global allocating backend
-	responsible for all domains using writeable idmap backends,
-	any explicitly configured domain with idmap backend tdb2
-	should have the same range as the default range, since it needs
-	to use the global uid / gid allocator. See the example below.
-	</para>
 </refsynopsisdiv>
 
 <refsect1>
@@ -59,9 +41,6 @@
 		<listitem><para>
 			Defines the available matching uid and gid range for which the
 			backend is authoritative.
-			If the parameter is absent, Winbind fails over to use
-			the "idmap uid" and "idmap gid" options
-			from smb.conf.
 		</para></listitem>
 		</varlistentry>
 	</variablelist>
@@ -108,14 +87,13 @@
 	<para>
 	This example shows how tdb2 is used as a the default idmap backend.
 	It configures the idmap range through the global options for all
-	domains encountered. This same range is used for uid/gid allocation.
+	domains encountered.
 	</para>
 
 	<programlisting>
 	[global]
-	idmap backend = tdb2
-	idmap uid = 1000000-2000000
-	idmap gid = 1000000-2000000
+	idmap config * : backend = tdb2
+	idmap config * : range = 1000000-2000000
 	</programlisting>
 </refsect1>
 

Modified: branches/samba/experimental/docs-xml/manpages-3/ldbadd.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/ldbadd.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/ldbadd.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -78,7 +78,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/ldbdel.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/ldbdel.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/ldbdel.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -76,7 +76,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/ldbedit.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/ldbedit.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/ldbedit.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -169,7 +169,7 @@
     <refsect1>
 	<title>VERSION</title>
 	
-	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
     </refsect1>
 
     <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/ldbmodify.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/ldbmodify.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/ldbmodify.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -66,7 +66,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/ldbrename.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/ldbrename.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/ldbrename.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -80,7 +80,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/ldbsearch.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/ldbsearch.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/ldbsearch.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -92,7 +92,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/net.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/net.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/net.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -795,8 +795,128 @@
 <para>List all interdomain trust relationships.</para>
 
 </refsect3>
+<refsect3>
+<title>RPC TRUSTDOM LIST</title>
 
+<para>List all interdomain trust relationships.</para>
+
+</refsect3>
+</refsect2>
+
+<refsect2>
+<title>RPC TRUST</title>
+
 <refsect3>
+<title>RPC TRUST CREATE</title>
+
+<para>Create a trust trust object by calling lsaCreateTrustedDomainEx2.
+The can be done on a single server or on two servers at once with the
+possibility to use a random trust password.</para>
+
+<variablelist><title>Options:</title>
+<varlistentry>
+<term>otherserver</term>
+<listitem><para>Domain controller of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otheruser</term>
+<listitem><para>Admin user in the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otherdomainsid</term>
+<listitem><para>SID of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>other_netbios_domain</term>
+<listitem><para>NetBIOS (short) name of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otherdomain</term>
+<listitem><para>DNS (full) name of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>trustpw</term>
+<listitem><para>Trust password</para></listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist><title>Examples:</title>
+<varlistentry>
+<term>Create a trust object on srv1.dom1.dom for the domain dom2</term>
+<listitem><literallayout>
+net rpc trust create \
+    otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
+    other_netbios_domain=dom2 \
+    otherdomain=dom2.dom \
+    trustpw=12345678 \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+<varlistentry>
+<term>Create a trust relationship between dom1 and dom2</term>
+<listitem><literallayout>
+net rpc trust create \
+    otherserver=srv2.dom2.test \
+    otheruser=dom2adm \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+</variablelist>
+</refsect3>
+
+<refsect3>
+<title>RPC TRUST DELETE</title>
+
+<para>Delete a trust trust object by calling lsaDeleteTrustedDomain.
+The can be done on a single server or on two servers at once.</para>
+
+<variablelist><title>Options:</title>
+<varlistentry>
+<term>otherserver</term>
+<listitem><para>Domain controller of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otheruser</term>
+<listitem><para>Admin user in the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otherdomainsid</term>
+<listitem><para>SID of the second domain</para></listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist><title>Examples:</title>
+<varlistentry>
+<term>Delete a trust object on srv1.dom1.dom for the domain dom2</term>
+<listitem><literallayout>
+net rpc trust delete \
+    otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+<varlistentry>
+<term>Delete a trust relationship between dom1 and dom2</term>
+<listitem><literallayout>
+net rpc trust delete \
+    otherserver=srv2.dom2.test \
+    otheruser=dom2adm \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+</variablelist>
+</refsect3>
+
+</refsect2>
+
+<refsect2>
+<refsect3>
 <title>RPC RIGHTS</title>
 
 <para>This subcommand is used to view and manage Samba's rights assignments (also 

Modified: branches/samba/experimental/docs-xml/manpages-3/smbta-util.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/smbta-util.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/smbta-util.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -25,7 +25,7 @@
 	<cmdsynopsis>
 		<command>smbta-util</command>
 		<arg rep="repeat" choice="opt">
-		<replaceable>COMMANDS</replaceable>
+		<replaceable>OPTIONS</replaceable>
 		</arg>
 	</cmdsynopsis>
 
@@ -36,7 +36,7 @@
 
 	<para>This tool is part of the
 	<citerefentry><refentrytitle>samba</refentrytitle>
-	<manvolnum>1</manvolnum></citerefentry> suite.</para>
+	<manvolnum>7</manvolnum></citerefentry> suite.</para>
 
 	<para><command>smbta-util</command> is a tool to ease the
 	configuration of the vfs_smb_traffic_analyzer module regarding
@@ -52,7 +52,7 @@
 
 
 <refsect1>
-	<title>COMMANDS</title>
+	<title>OPTIONS</title>
 
 	<variablelist>
 
@@ -103,7 +103,7 @@
 
 <refsect1>
 	<title>VERSION</title>
-	<para>This man page is correct for version 3.4 of the Samba suite.</para>
+	<para>This man page is correct for version 3.6 of the Samba suite.</para>
 </refsect1>
 
 <refsect1>

Modified: branches/samba/experimental/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -45,6 +45,8 @@
 	protocol, supporting only a small list of VFS operations, and had
 	several drawbacks. The protocol version 2 is a try to solve the
 	problems version 1 had while at the same time adding new features.
+	With the release of Samba 3.6.0, the module will run protocol version 2
+	by default.
 	</para>
 </refsect1>
 
@@ -77,6 +79,7 @@
 	<listitem><para><command>SHARE</command> - the name of the share on which the VFS operation occured</para></listitem>
 	<listitem><para><command>FILENAME</command> - the name of the file that was used by the VFS operation</para></listitem>
 	<listitem><para><command>TIMESTAMP</command> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured</para></listitem>
+	<listitem><para><command>IP</command> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</para></listitem>
 	</itemizedlist>
 
 	</para>
@@ -136,7 +139,7 @@
 		The module now can identify itself against the receiver with a sub-release number, where
 		the receiver may run with a different sub-release number than the module. However, as
 		long as both run on the V2.x protocol, the receiver will not crash, even if the module
-		uses features only implemented in the newer subrelease. Ultimativly, if the module uses
+		uses features only implemented in the newer subrelease. If the module uses
 		a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
 		ignoring the functionality. Of course it is best to have both the receiver and the module
 		running the same subrelease of the protocol.
@@ -224,9 +227,9 @@
 		<varlistentry>
 		<term>smb_traffic_analyzer:protocol_version = STRING</term>
 		<listitem>
-		<para>If STRING matches to V1 or is not given at all, the module
-		will use version 1 of the protocol. If STRING matches to "V2"
-		the module will use version 2 of the protocol.
+		<para>If STRING matches to V1, the module will use version 1 of the
+		protocol. If STRING is not given, the module will use version 2 of the
+		protocol, which is the default.
 		</para>
 		</listitem>
 		</varlistentry>
@@ -241,7 +244,6 @@
 	<smbconfsection name="[example_share]"/>
 	<smbconfoption name="path">/data/example</smbconfoption>
 	<smbconfoption name="vfs_objects">smb_traffic_analyzer</smbconfoption>
-	<smbconfoption name="smb_traffic_analyzer:protocol_version">V2</smbconfoption>
 	<smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
 	<smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
 	</programlisting>

Modified: branches/samba/experimental/docs-xml/manpages-3/wbinfo.1.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/wbinfo.1.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/wbinfo.1.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -423,7 +423,7 @@
 		<term>-U|--uid-to-sid <replaceable>uid</replaceable></term>
 		<listitem><para>Try to convert a UNIX user id to a Windows NT
 		SID.  If the uid specified does not refer to one within
-		the idmap uid range then the operation will fail. </para></listitem>
+		the idmap range then the operation will fail. </para></listitem>
 		</varlistentry>
 
 		<varlistentry>

Modified: branches/samba/experimental/docs-xml/manpages-3/winbindd.8.xml
===================================================================
--- branches/samba/experimental/docs-xml/manpages-3/winbindd.8.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/manpages-3/winbindd.8.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -45,10 +45,9 @@
 	<para>Even if winbind is not used for nsswitch, it still provides a
 	service to <command>smbd</command>, <command>ntlm_auth</command>
 	and the <command>pam_winbind.so</command> PAM module, by managing connections to
-	domain controllers.  In this configuraiton the
-	<smbconfoption name="idmap uid"/> and
-	<smbconfoption name="idmap gid"/>
-	parameters are not required. (This is known as `netlogon proxy only mode'.)</para>
+	domain controllers.  In this configuration the
+	<smbconfoption name="idmap config * : range"/>
+	parameter is not required. (This is known as `netlogon proxy only mode'.)</para>
 
         <para> The Name Service Switch allows user
 	and system information to be obtained from different databases
@@ -246,12 +245,10 @@
 		<listitem><para>
 		<smbconfoption name="winbind separator"/></para></listitem>
 		<listitem><para>
-		<smbconfoption name="idmap uid"/></para></listitem>
+		<smbconfoption name="idmap config * : range"/></para></listitem>
 		<listitem><para>
-		<smbconfoption name="idmap gid"/></para></listitem>
+		<smbconfoption name="idmap config * : backend"/></para></listitem>
 		<listitem><para>
-		<smbconfoption name="idmap backend"/></para></listitem>
-		<listitem><para>
 		<smbconfoption name="winbind cache time"/></para></listitem>
 		<listitem><para>
 		<smbconfoption name="winbind enum users"/></para></listitem>
@@ -340,8 +337,7 @@
         winbind cache time = 10
         template shell = /bin/bash
         template homedir = /home/%D/%U
-        idmap uid = 10000-20000
-        idmap gid = 10000-20000
+        idmap config * : range = 10000-20000
         workgroup = DOMAIN
         security = domain
         password server = *
@@ -374,7 +370,7 @@
 	<para>If more than one UNIX machine is running <command>winbindd</command>,
 	then in general the user and groups ids allocated by winbindd will not
 	be the same.  The user and group ids will only be valid for the local
-	machine, unless a shared <smbconfoption name="idmap backend"/> is configured.</para>
+	machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para>
 
 	<para>If the the Windows NT SID to UNIX user and group id mapping
 	file is damaged or destroyed then the mappings will be lost. </para>

Modified: branches/samba/experimental/docs-xml/smbdotconf/logon/enableprivileges.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/logon/enableprivileges.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/logon/enableprivileges.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -5,7 +5,7 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>
-	This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+	This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
 	 <command>net rpc rights</command> or one of the Windows user and group manager tools.  This parameter is
 	enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
 	assign privileges to users or groups which can then result in certain smbd operations running as root that

Copied: branches/samba/experimental/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml (from rev 3812, tags/samba/upstream_3.6.0~rc2/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml)
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml	                        (rev 0)
+++ branches/samba/experimental/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -0,0 +1,15 @@
+<samba:parameter name="async smb echo handler"
+                 context="G"
+				 type="boolean"
+                 advanced="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>This parameter specifies whether Samba should fork the
+	  async smb echo handler. It can be beneficial if your file
+	  system can block syscalls for a very long time. In some
+	  circumstances, it prolongs the timeout that Windows uses to
+	  determine whether a connection is dead.
+	</para>
+</description>
+<value type="default">no</value>
+</samba:parameter>

Copied: branches/samba/experimental/docs-xml/smbdotconf/misc/ncalrpcdir.xml (from rev 3812, tags/samba/upstream_3.6.0~rc2/docs-xml/smbdotconf/misc/ncalrpcdir.xml)
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/misc/ncalrpcdir.xml	                        (rev 0)
+++ branches/samba/experimental/docs-xml/smbdotconf/misc/ncalrpcdir.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -0,0 +1,13 @@
+<samba:parameter name="ncalrpc dir"
+                 context="G"
+                 advanced="1" developer="1"
+		 type="string"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>This directory will hold a series of named pipes to allow RPC over inter-process communication.  </para>.
+	<para>This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP.  Additionally a sub-directory 'np' has restricted permissions, and allows a trusted communication channel between Samba processes</para>
+</description>
+
+<value type="default">${prefix}/var/ncalrpc</value>
+<value type="example">/var/run/samba/ncalrpc</value>
+</samba:parameter>

Modified: branches/samba/experimental/docs-xml/smbdotconf/protocol/usespnego.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/protocol/usespnego.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/protocol/usespnego.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -4,7 +4,7 @@
                  developer="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>This variable controls controls whether samba will try 
+    <para>This deprecated variable controls controls whether samba will try
     to use Simple and Protected NEGOciation (as specified by rfc2478) with 
     WindowsXP and Windows2000 clients to agree upon an authentication mechanism. 
 </para>

Modified: branches/samba/experimental/docs-xml/smbdotconf/security/passwordlevel.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/security/passwordlevel.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/security/passwordlevel.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -13,7 +13,7 @@
     text passwords even when NT LM 0.12 selected by the protocol
     negotiation request/response.</para>
 
-    <para>This parameter defines the maximum number of characters 
+    <para>This deprecated parameter defines the maximum number of characters
     that may be upper case in passwords.</para>
 
     <para>For example, say the password given was "FRED". If <parameter moreinfo="none">

Modified: branches/samba/experimental/docs-xml/smbdotconf/security/passwordserver.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/security/passwordserver.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/security/passwordserver.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -10,54 +10,24 @@
     it is possible to get Samba
     to do all its username/password validation using a specific remote server.</para>
 
-    <para>This option sets the name or IP address of the password server to use. 
-    New syntax has been added to support defining the port to use when connecting 
-    to the server the case of an ADS realm.  To define a port other than the
-    default LDAP port of 389, add the port number using a colon after the 
-    name or IP address (e.g. 192.168.1.100:389).  If you do not specify a port,
-    Samba will use the standard LDAP port of tcp/389.  Note that port numbers
-    have no effect on password servers for Windows NT 4.0 domains or netbios 
-    connections.</para>
-
-    <para>If parameter is a name, it is looked up using the 
-    parameter <smbconfoption name="name resolve order"/> and so may resolved
-    by any method and order described in that parameter.</para>
-
-    <para>The password server must be a machine capable of using 
-    the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
-    user level security mode.</para>
-
-    <note><para>Using a password server  means your UNIX box (running
-    Samba) is only as secure as your  password server. <emphasis>DO NOT
-    CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</emphasis>.
-    </para></note>
-		
-    <para>Never point a Samba server at itself for password serving.
-    This will cause a loop and could lock up your Samba  server!</para>
-
-    <para>The name of the password server takes the standard 
-    substitutions, but probably the only useful one is <parameter moreinfo="none">%m
-    </parameter>, which means the Samba server will use the incoming 
-    client as the password server. If you use this then you better 
-    trust your clients, and you had better restrict them with hosts allow!</para>
-
     <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
-    <constant>domain</constant> or <constant>ads</constant>, then the list of machines in this 
-    option must be a list of Primary or Backup Domain controllers for the
-    Domain or the character '*', as the Samba server is effectively
-    in that domain, and will use cryptographically authenticated RPC calls
-    to authenticate the user logging on. The advantage of using <command moreinfo="none">
-    security = domain</command> is that if you list several hosts in the 
-    <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
-    </command> will try each in turn till it finds one that responds.  This
-    is useful in case your primary server goes down.</para>
+    <constant>domain</constant> or <constant>ads</constant>, then this option
+    <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
+    to determine the best DC to contact dynamically, just as all other hosts in an
+    AD domain do.  This allows the domain to be maintained without modification to
+    the smb.conf file.  The cryptograpic protection on the authenticated RPC calls
+    used to verify passwords ensures that this default is safe.</para>
 
-    <para>If the <parameter moreinfo="none">password server</parameter> option is set 
-    to the character '*', then Samba will attempt to auto-locate the 
-    Primary or Backup Domain controllers to authenticate against by 
-    doing a query for the name <constant>WORKGROUP<1C></constant> 
-    and then contacting each server returned in the list of IP 
-    addresses from the name resolution source. </para>
+    <para><emphasis>It is strongly recommended that you use the
+    default of '*'</emphasis>, however if in your particular
+    environment you have reason to specify a particular DC list, then
+    the list of machines in this option must be a list of names or IP
+    addresses of Domain controllers for the Domain. If you use the
+    default of '*', or list several hosts in the <parameter
+    moreinfo="none">password server</parameter> option then <command
+    moreinfo="none">smbd </command> will try each in turn till it
+    finds one that responds.  This is useful in case your primary
+    server goes down.</para>
 
     <para>If the list of servers contains both names/IP's and the '*'
     character, the list is treated as a list of preferred 
@@ -65,10 +35,12 @@
     will be added to the list as well.  Samba will not attempt to optimize 
     this list by locating the closest DC.</para>
 		
+    <para>If parameter is a name, it is looked up using the
+    parameter <smbconfoption name="name resolve order"/> and so may resolved
+    by any method and order described in that parameter.</para>
+
     <para>If the <parameter moreinfo="none">security</parameter> parameter is 
-    set to <constant>server</constant>, then there are different
-    restrictions that <command moreinfo="none">security = domain</command> doesn't 
-    suffer from:</para>
+    set to <constant>server</constant>, these additional restrictions apply:</para>
 
     <itemizedlist>
 	<listitem>
@@ -82,12 +54,42 @@
 	</listitem>
 	    
 	<listitem>
-	    <para>If you are using a Windows NT server as your 
-	    password server then you will have to ensure that your users 
+	    <para>You will have to ensure that your users
 	    are able to login from the Samba server, as when in <command moreinfo="none">
 	    security = server</command>  mode the network logon will appear to 
-	    come from there rather than from the users workstation.</para>
+	    come from the Samba server rather than from the users workstation.</para>
 	</listitem>
+
+	<listitem>
+	    <para>The client must not select NTLMv2 authentication.</para>
+	</listitem>
+
+	<listitem>
+	  <para>The password server must be a machine capable of using
+	  the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
+	  user level security mode.</para>
+	</listitem>
+
+	<listitem>
+	  <para>Using a password server  means your UNIX box (running
+	  Samba) is only as secure as (a host masqurading as) your password server. <emphasis>DO NOT
+	  CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</emphasis>.
+	  </para>
+	</listitem>
+
+	<listitem>
+	  <para>Never point a Samba server at itself for password serving.
+	  This will cause a loop and could lock up your Samba  server!</para>
+	</listitem>
+
+	<listitem>
+	  <para>The name of the password server takes the standard
+	  substitutions, but probably the only useful one is <parameter moreinfo="none">%m
+	  </parameter>, which means the Samba server will use the incoming
+	  client as the password server. If you use this then you better
+	  trust your clients, and you had better restrict them with hosts allow!</para>
+	</listitem>
+
     </itemizedlist>
 </description>
 

Modified: branches/samba/experimental/docs-xml/smbdotconf/security/security.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/security/security.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/security/security.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -22,32 +22,18 @@
     the most common setting needed when talking to Windows 98 and 
     Windows NT.</para>
 
-    <para>The alternatives are <command moreinfo="none">security = share</command>,
-    <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain
-    </command>.</para>
+    <para>The alternatives are
+    <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
+    </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para>
 
     <para>In versions of Samba prior to 2.0.0, the default was 
     <command moreinfo="none">security = share</command> mainly because that was
     the only option at one stage.</para>
 
-    <para>There is a bug in WfWg that has relevance to this 
-    setting. When in user or server level security a WfWg client 
-    will totally ignore the username and password you type in the "connect 
-    drive" dialog box. This makes it very difficult (if not impossible) 
-    to connect to a Samba service as anyone except the user that 
-    you are logged into WfWg as.</para>
-
-    <para>If your PCs use usernames that are the same as their 
-    usernames on the UNIX machine then you will want to use 
-    <command moreinfo="none">security = user</command>. If you mostly use usernames 
-    that don't exist on the UNIX box then use <command moreinfo="none">security = 
-    share</command>.</para>
-
-    <para>You should also use <command moreinfo="none">security = share</command> if you 
+    <para>You should use <command moreinfo="none">security = user</command> and
+    <smbconfoption name="map to guest"/> if you
     want to mainly setup shares without a password (guest shares). This 
-    is commonly used for a shared printer server. It is more difficult 
-    to setup guest shares with <command moreinfo="none">security = user</command>, see 
-    the <smbconfoption name="map to guest"/> parameter for details.</para>
+    is commonly used for a shared printer server. </para>
 		
     <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
     hybrid mode</emphasis> where it is offers both user and share 
@@ -56,7 +42,62 @@
     <para>The different settings will now be explained.</para>
 
 
+    <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
+
+    <para>This is the default security setting in Samba.
+    With user-level security a client must first "log-on" with a
+    valid username and password (which can be mapped using the <smbconfoption name="username map"/>
+    parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
+    be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+	name="guest only"/> if set	are then applied and
+    may change the UNIX user to use on this connection, but only after
+    the user has been successfully authenticated.</para>
+
+    <para><emphasis>Note</emphasis> that the name of the resource being
+    requested is <emphasis>not</emphasis> sent to the server until after
+    the server has successfully authenticated the client. This is why
+    guest shares don't work in user level security without allowing
+    the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+    <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+    <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
+
+    <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
+    <manvolnum>8</manvolnum></citerefentry> has been used to add this
+    machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
+	parameter to be set to <constant>yes</constant>. In this
+    mode Samba will try to validate the username/password by passing
+    it to a Windows NT Primary or Backup Domain Controller, in exactly
+    the same way that a Windows NT Server would do.</para>
+
+    <para><emphasis>Note</emphasis> that a valid UNIX user must still
+    exist as well as the account on the Domain Controller to allow
+    Samba to have a valid UNIX account to map file access to.</para>
+
+    <para><emphasis>Note</emphasis> that from the client's point
+    of view <command moreinfo="none">security = domain</command> is the same
+    as <command moreinfo="none">security = user</command>. It only
+    affects how the server deals with the authentication,
+    it does not in any way affect what the client sees.</para>
+
+    <para><emphasis>Note</emphasis> that the name of the resource being
+    requested is <emphasis>not</emphasis> sent to the server until after
+    the server has successfully authenticated the client. This is why
+    guest shares don't work in user level security without allowing
+    the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+    <para>See also the section <link linkend="VALIDATIONSECT">
+    NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+    <para>See also the <smbconfoption name="password server"/> parameter and
+	 the <smbconfoption name="encrypted passwords"/> parameter.</para>
+
     <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para> 
+
+    <note><para>This option is deprecated as it is incompatible with SMB2</para></note>
 		
     <para>When clients connect to a share level security server, they 
     need not log onto the server with a valid username and password before 
@@ -135,63 +176,10 @@
     <para>See also the section <link linkend="VALIDATIONSECT">
     NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
 
-    <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
-
-    <para>This is the default security setting in Samba 3.0. 
-    With user-level security a client must first "log-on" with a 
-    valid username and password (which can be mapped using the <smbconfoption name="username map"/> 
-    parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
-    be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
-	name="guest only"/> if set	are then applied and 
-    may change the UNIX user to use on this connection, but only after 
-    the user has been successfully authenticated.</para>
-
-    <para><emphasis>Note</emphasis> that the name of the resource being 
-    requested is <emphasis>not</emphasis> sent to the server until after 
-    the server has successfully authenticated the client. This is why 
-    guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
-    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
-    <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
-    <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
-
-    <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
-    <manvolnum>8</manvolnum></citerefentry> has been used to add this
-    machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
-	parameter to be set to <constant>yes</constant>. In this 
-    mode Samba will try to validate the username/password by passing
-    it to a Windows NT Primary or Backup Domain Controller, in exactly 
-    the same way that a Windows NT Server would do.</para>
-
-    <para><emphasis>Note</emphasis> that a valid UNIX user must still 
-    exist as well as the account on the Domain Controller to allow 
-    Samba to have a valid UNIX account to map file access to.</para>
-
-    <para><emphasis>Note</emphasis> that from the client's point 
-    of view <command moreinfo="none">security = domain</command> is the same 
-    as <command moreinfo="none">security = user</command>. It only 
-    affects how the server deals with the authentication, 
-    it does not in any way affect what the client sees.</para>
-
-    <para><emphasis>Note</emphasis> that the name of the resource being 
-    requested is <emphasis>not</emphasis> sent to the server until after 
-    the server has successfully authenticated the client. This is why 
-    guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
-    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
-    <para>See also the section <link linkend="VALIDATIONSECT">
-    NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
-    <para>See also the <smbconfoption name="password server"/> parameter and
-	 the <smbconfoption name="encrypted passwords"/> parameter.</para>
-
     <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para>
 
     <para>
-	In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
+	In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an
 	NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the
 	<smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote
 	server does not support them.  However note that if encrypted passwords have been negotiated then Samba cannot
@@ -203,19 +191,24 @@
 	<note><para>This mode of operation has
     significant pitfalls since it is more vulnerable to
     man-in-the-middle attacks and server impersonation.  In particular,
-    this mode of operation can cause significant resource consuption on
+    this mode of operation can cause significant resource consumption on
     the PDC, as it must maintain an active connection for the duration
     of the user's session.  Furthermore, if this connection is lost,
-    there is no way to reestablish it, and futher authentications to the
+    there is no way to reestablish it, and further authentications to the
     Samba server may fail (from a single client, till it disconnects).
 	</para></note>
 
+	<note><para>If the client selects NTLMv2 authentication, then this mode of operation <emphasis>will fail</emphasis>
+	</para></note>
+
 	<note><para>From the client's point of 
     view, <command moreinfo="none">security = server</command> is the
     same as <command moreinfo="none">security = user</command>.  It
     only affects how the server deals  with the authentication, it does
 	not in any way affect what the  client sees.</para></note>
 
+    <note><para>This option is deprecated, and may be removed in future</para></note>
+
     <para><emphasis>Note</emphasis> that the name of the resource being 
     requested is <emphasis>not</emphasis> sent to the server until after 
     the server has successfully authenticated the client. This is why 

Modified: branches/samba/experimental/docs-xml/smbdotconf/security/username.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/security/username.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/security/username.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -9,7 +9,7 @@
     list, in which case the supplied password will be tested against 
     each username in turn (left to right).</para>
 
-    <para>The <parameter moreinfo="none">username</parameter> line is needed only when 
+    <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when
     the PC is unable to supply its own username. This is the case 
     for the COREPLUS protocol or where your users have different WfWg 
     usernames to UNIX usernames. In both these cases you may also be 

Deleted: branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapallocconfig.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapallocconfig.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -1,14 +0,0 @@
-<samba:parameter name="idmap alloc config"
-                 context="G"
-		 type="string"
-                 advanced="1" developer="1" hide="1"
-                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
-	<para>
-	The idmap alloc config prefix provides a means of managing settings
-	for the backend defined by the <smbconfoption name="idmap alloc backend"/> 
-	parameter.  Refer to the man page for each idmap plugin regarding
-	specific configuration details.
-	</para>
-</description>
-</samba:parameter>

Modified: branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapbackend.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapbackend.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapbackend.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -11,40 +11,9 @@
 
 	<para>
 	This option specifies the default backend that is used when no special
-	configuration set by <smbconfoption name="idmap config"/> matches the
-	specific request.
+	configuration set, but it is now deprecated in favour of the new
+	spelling <smbconfoption name="idmap config * :  backend"/>.
 	</para>
-
-	<para>
-	This default backend also specifies the place where winbind-generated
-	idmap entries will be stored. So it is highly recommended that you
-	specify a writable backend like <citerefentry>
-	<refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum>
-	</citerefentry> or <citerefentry>
-	<refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum>
-	</citerefentry> as the idmap backend. The <citerefentry>
-	<refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum>
-	</citerefentry> and <citerefentry>
-	<refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
-	</citerefentry> backends are not writable and thus will generate
-	unexpected results if set as idmap backend.
-	</para>
-
-	<para>
-	To use the rid and ad backends, please specify them via the
-	<smbconfoption name="idmap config"/> parameter, possibly also for the
-	domain your machine is member of, specified by <smbconfoption
-	name="workgroup"/>.
-	</para>
-
-	<para>Examples of SID/uid/gid backends include tdb (<citerefentry>
-	<refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
-	ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
-	<manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry>
-	<refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
-	and ad (<citerefentry><refentrytitle>idmap_ad</refentrytitle>
-	<manvolnum>8</manvolnum></citerefentry>).
-	</para>
 </description>
 
 <value type="default">tdb</value>

Modified: branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapconfig.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapconfig.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapconfig.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -6,44 +6,108 @@
 <description>
 
 	<para>
-	The idmap config prefix provides a means of managing each trusted
-        domain separately. The idmap config prefix should be followed by the
-        name of the domain, a colon, and a setting specific to the chosen
-        backend. There are three options available for all domains:
+	ID mapping in Samba is the mapping between Windows SIDs and Unix user
+	and group IDs. This is performed by Winbindd with a configurable plugin
+	interface. Samba's ID mapping is configured by options starting with the
+	<smbconfoption name="idmap config"/> prefix.
+	An idmap option consists of the <smbconfoption name="idmap config"/>
+	prefix, followed by a domain name or the asterisk character (*),
+	a colon, and the name of an idmap setting for the chosen domain.
 	</para>
 
-	<variablelist>  
+	<para>
+	The idmap configuration is hence divided into groups, one group
+	for each domain to be configured, and one group with the the
+	asterisk instead of a proper domain name, which speifies the
+	default configuration that is used to catch all domains that do
+	not have an explicit idmap configuration of their own.
+	</para>
+
+	<para>
+	There are three general options available:
+	</para>
+
+	<variablelist>
 		<varlistentry>
 		<term>backend = backend_name</term>
 		<listitem><para>
-			Specifies the name of the idmap plugin to use as the 
-			SID/uid/gid backend for this domain.
+		This specifies the name of the idmap plugin to use as the
+		SID/uid/gid backend for this domain. The standard backends are
+		tdb
+		(<citerefentry><refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>),
+		tdb2
+		(<citerefentry><refentrytitle>idmap_tdb2</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		ldap
+		(<citerefentry><refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		,
+		rid
+		(<citerefentry><refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		,
+		hash
+		(<citerefentry><refentrytitle>idmap_hash</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		,
+		autorid
+		(<citerefentry><refentrytitle>idmap_autorid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		,
+		ad
+		(<citerefentry><refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		,
+		adex
+		(<citerefentry><refentrytitle>idmap_adex</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		,
+		and nss.
+		(<citerefentry><refentrytitle>idmap_nss</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+		The corresponding manual pages contain the details, but
+		here is a summary.
+		</para>
+		<para>
+		The first three of these create mappings of their own using
+		internal unixid counters and store the mappings in a database.
+		These are suitable for use in the default idmap configuration.
+		The rid and hash backends use a pure algorithmic calculation
+		to determine the unixid for a SID. The autorid module is a
+		mixture of the tdb and rid backend. It creates ranges for
+		each domain encountered and then uses the rid algorithm for each
+		of these automatically configured domains individually.
+		The ad and adex
+		backends both use unix IDs stored in Active Directory via
+		the standard schema extensions. The nss backend reverses
+		the standard winbindd setup and gets the unixids via names
+		from nsswitch which can be useful in an ldap setup.
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
 		<term>range = low - high</term>
-                <listitem><para>
+		<listitem><para>
 		Defines the available matching uid and gid range for which the
-		backend is authoritative.  Note that the range commonly
-		matches the allocation range due to the fact that the same
-		backend will store and retrieve SID/uid/gid mapping entries.
-                </para>
+		backend is authoritative. For allocating backends, this also
+		defines the start and the end of the range for allocating
+		new unid IDs.
+		</para>
 		<para>
 		winbind uses this parameter to find the backend that is
-                authoritative for a unix ID to SID mapping, so it must be set
-                for each individually configured domain, and it must be
-                disjoint from the ranges set via <smbconfoption name="idmap
-                uid"/> and <smbconfoption name="idmap gid"/>.
+		authoritative for a unix ID to SID mapping, so it must be set
+		for each individually configured domain and for the default
+		configuration. The configured ranges must be mutually disjoint.
 		</para></listitem>
+		</varlistentry>
 
+		<varlistentry>
+		<term>read only = yes|no</term>
+		<listitem><para>
+		This option can be used to turn the writing backends
+		tdb, tdb2, and ldap into read only mode. This can be useful
+		e.g. in cases where a pre-filled database exists that should
+		not be extended automatically.
+		</para></listitem>
 		</varlistentry>
 	</variablelist>
 
 	<para>
 	The following example illustrates how to configure the <citerefentry>
 	<refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
-	</citerefentry> for the CORP domain and the
+	</citerefentry> backend for the CORP domain and the
 	<citerefentry><refentrytitle>idmap_tdb</refentrytitle>
 	<manvolnum>8</manvolnum></citerefentry> backend for all other
 	domains. This configuration assumes that the admin of CORP assigns
@@ -53,9 +117,8 @@
 	</para>
 
 	<programlisting>
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
 
 	idmap config CORP : backend  = ad
 	idmap config CORP : range = 1000-999999

Modified: branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapgid.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapgid.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapgid.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -5,16 +5,13 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 		<synonym>winbind gid</synonym>
 <description>
-	<para>The idmap gid parameter specifies the range of group ids 
-	that are allocated for the purpose of mapping UNX groups to NT group 
-	SIDs. This range of group ids should have no 
-	existing local or NIS groups within it as strange conflicts can 
-	occur otherwise.</para>
-
-	<para>See also the <smbconfoption name="idmap backend"/>, and
-	<smbconfoption name="idmap config"/> options.
+	<para>
+	The idmap gid parameter specifies the range of group ids
+	for the default idmap configuration. It is now deprecated
+	in favour of <smbconfoption name="idmap config * : range"/>.
 	</para>
 
+	<para>See the <smbconfoption name="idmap config"/> option.</para>
 </description>
 
 <value type="default"></value>

Modified: branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapuid.xml
===================================================================
--- branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapuid.xml	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/docs-xml/smbdotconf/winbind/idmapuid.xml	2011-06-07 21:08:24 UTC (rev 3813)
@@ -6,14 +6,12 @@
 <synonym>winbind uid</synonym>
 <description>
 	<para>
-	The idmap uid parameter specifies the range of user ids that are 
-	allocated for use in mapping UNIX users to NT user SIDs. This 
-	range of ids should have no existing local
-	or NIS users within it as strange conflicts can occur otherwise.</para>
-
-	<para>See also the <smbconfoption name="idmap backend"/> and
-	<smbconfoption name="idmap config"/> options.
+	The idmap uid parameter specifies the range of user ids for
+	the default idmap configuration. It is now deprecated in favour
+	of <smbconfoption name="idmap config * : range"/>.
 	</para>
+
+	<para>See the <smbconfoption name="idmap config"/> option.</para>
 </description>
 
 <value type="default"></value>

Modified: branches/samba/experimental/examples/LDAP/samba-nds.schema
===================================================================
--- branches/samba/experimental/examples/LDAP/samba-nds.schema	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/examples/LDAP/samba-nds.schema	2011-06-07 21:08:24 UTC (rev 3813)
@@ -407,4 +407,4 @@
 dn: cn=schema
 changetype: modify
 add: objectClasses
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) )
+objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) )

Modified: branches/samba/experimental/examples/LDAP/samba-schema-FDS.ldif
===================================================================
--- branches/samba/experimental/examples/LDAP/samba-schema-FDS.ldif	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/examples/LDAP/samba-schema-FDS.ldif	2011-06-07 21:08:24 UTC (rev 3813)
@@ -183,4 +183,4 @@
 ##
 ## used for IPA_ldapsam
 ##
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) )
+objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) )

Modified: branches/samba/experimental/examples/LDAP/samba-schema-netscapeds5.x
===================================================================
--- branches/samba/experimental/examples/LDAP/samba-schema-netscapeds5.x	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/examples/LDAP/samba-schema-netscapeds5.x	2011-06-07 21:08:24 UTC (rev 3813)
@@ -36,7 +36,7 @@
 objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber )  X-ORIGIN 'user defined' )
 objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID )  X-ORIGIN 'user defined' )
 objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY  ( sambaPreviousClearTextPassword ) X-ORIGIN 'user defined')
-objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) X-ORIGIN 'user defined' )
+objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) X-ORIGIN 'user defined' )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'	DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE X-ORIGIN 'user defined' )

Modified: branches/samba/experimental/examples/LDAP/samba.schema
===================================================================
--- branches/samba/experimental/examples/LDAP/samba.schema	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/examples/LDAP/samba.schema	2011-06-07 21:08:24 UTC (rev 3813)
@@ -621,10 +621,10 @@
 ##
 ## used for IPA_ldapsam
 ##
-objectclasses ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL
+objectclass ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL
 	DESC 'Samba Trusted Domain Object'
 	MUST ( cn )
-	MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $
+	MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $
 	      sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $
 	      sambaTrustAuthIncoming $ sambaSecurityIdentifier $
 	      sambaTrustForestTrustInfo) )

Modified: branches/samba/experimental/examples/LDAP/samba.schema.oc.IBM-DS
===================================================================
--- branches/samba/experimental/examples/LDAP/samba.schema.oc.IBM-DS	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/examples/LDAP/samba.schema.oc.IBM-DS	2011-06-07 21:08:24 UTC (rev 3813)
@@ -20,4 +20,4 @@
 
 objectclasses=( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL DESC 'Samba Trust Password' MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ))
 
-objectclasses=( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) )
+objectclasses=( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) )

Modified: branches/samba/experimental/lib/async_req/async_sock.c
===================================================================
--- branches/samba/experimental/lib/async_req/async_sock.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/async_req/async_sock.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -385,6 +385,7 @@
 	int count;
 	size_t total_size;
 	uint16_t flags;
+	bool err_on_readability;
 };
 
 static void writev_trigger(struct tevent_req *req, void *private_data);
@@ -412,10 +413,8 @@
 	if (state->iov == NULL) {
 		goto fail;
 	}
-	state->flags = TEVENT_FD_WRITE;
-	if (err_on_readability) {
-		state->flags |= TEVENT_FD_READ;
-	}
+	state->flags = TEVENT_FD_WRITE|TEVENT_FD_READ;
+	state->err_on_readability = err_on_readability;
 
 	if (queue == NULL) {
 		struct tevent_fd *fde;
@@ -461,8 +460,35 @@
 	to_write = 0;
 
 	if ((state->flags & TEVENT_FD_READ) && (flags & TEVENT_FD_READ)) {
-		tevent_req_error(req, EPIPE);
-		return;
+		int ret, value;
+
+		if (state->err_on_readability) {
+			/* Readable and the caller wants an error on read. */
+			tevent_req_error(req, EPIPE);
+			return;
+		}
+
+		/* Might be an error. Check if there are bytes to read */
+		ret = ioctl(state->fd, FIONREAD, &value);
+		/* FIXME - should we also check
+		   for ret == 0 and value == 0 here ? */
+		if (ret == -1) {
+			/* There's an error. */
+			tevent_req_error(req, EPIPE);
+			return;
+		}
+		/* A request for TEVENT_FD_READ will succeed from now and
+		   forevermore until the bytes are read so if there was
+		   an error we'll wait until we do read, then get it in
+		   the read callback function. Until then, remove TEVENT_FD_READ
+		   from the flags we're waiting for. */
+		state->flags &= ~TEVENT_FD_READ;
+		TEVENT_FD_NOT_READABLE(fde);
+
+		/* If not writable, we're done. */
+		if (!(flags & TEVENT_FD_WRITE)) {
+			return;
+		}
 	}
 
 	for (i=0; i<state->count; i++) {

Modified: branches/samba/experimental/lib/replace/libreplace_network.m4
===================================================================
--- branches/samba/experimental/lib/replace/libreplace_network.m4	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/replace/libreplace_network.m4	2011-06-07 21:08:24 UTC (rev 3813)
@@ -240,12 +240,25 @@
 		{
 			struct addrinfo hints = {0,};
 			struct addrinfo *ppres;
-			const char hostname[] = "0.0.0.0";
+			const char hostname1[] = "0.0.0.0";
+			const char hostname2[] = "127.0.0.1";
+			const char hostname3[] = "::";
 			hints.ai_socktype = SOCK_STREAM;
-			hints.ai_family = AF_INET;
+			hints.ai_family = AF_UNSPEC;
 			hints.ai_flags =
 				AI_NUMERICHOST|AI_PASSIVE|AI_ADDRCONFIG;
-			return getaddrinfo(hostname, NULL, &hints, &ppres) != 0 ? 1 : 0;
+			/* Test for broken flag combination on AIX. */
+			if (getaddrinfo(hostname1, NULL, &hints, &ppres) == EAI_BADFLAGS) {
+				/* This fails on an IPv6-only box, but not with
+				   the EAI_BADFLAGS error. */
+				return 1;
+			}
+			if (getaddrinfo(hostname2, NULL, &hints, &ppres) == 0) {
+				/* IPv4 lookup works - good enough. */
+				return 0;
+			}
+			/* Uh-oh, no IPv4. Are we IPv6-only ? */
+			return getaddrinfo(hostname3, NULL, &hints, &ppres) != 0 ? 1 : 0;
 		}],
 		libreplace_cv_HAVE_GETADDRINFO=yes,
 		libreplace_cv_HAVE_GETADDRINFO=no)

Modified: branches/samba/experimental/lib/replace/system/network.h
===================================================================
--- branches/samba/experimental/lib/replace/system/network.h	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/replace/system/network.h	2011-06-07 21:08:24 UTC (rev 3813)
@@ -331,8 +331,6 @@
      * which might return 512 or bigger
      */
 #   define IOV_MAX 512
-#  else
-#   error IOV_MAX and UIO_MAXIOV undefined
 #  endif
 # endif
 #endif

Modified: branches/samba/experimental/lib/talloc/talloc.c
===================================================================
--- branches/samba/experimental/lib/talloc/talloc.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/talloc/talloc.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -709,6 +709,69 @@
 
 static void *_talloc_steal_internal(const void *new_ctx, const void *ptr);
 
+static inline void _talloc_free_poolmem(struct talloc_chunk *tc,
+					const char *location)
+{
+	struct talloc_chunk *pool;
+	void *next_tc;
+	unsigned int *pool_object_count;
+
+	pool = (struct talloc_chunk *)tc->pool;
+	next_tc = TC_POOLMEM_NEXT_CHUNK(tc);
+
+	tc->flags |= TALLOC_FLAG_FREE;
+
+	/* we mark the freed memory with where we called the free
+	 * from. This means on a double free error we can report where
+	 * the first free came from
+	 */
+	tc->name = location;
+
+	TC_INVALIDATE_FULL_CHUNK(tc);
+
+	pool_object_count = talloc_pool_objectcount(pool);
+
+	if (unlikely(*pool_object_count == 0)) {
+		talloc_abort("Pool object count zero!");
+		return;
+	}
+
+	*pool_object_count -= 1;
+
+	if (unlikely(*pool_object_count == 1 && !(pool->flags & TALLOC_FLAG_FREE))) {
+		/*
+		 * if there is just one object left in the pool
+		 * and pool->flags does not have TALLOC_FLAG_FREE,
+		 * it means this is the pool itself and
+		 * the rest is available for new objects
+		 * again.
+		 */
+		pool->pool = TC_POOL_FIRST_CHUNK(pool);
+		TC_INVALIDATE_POOL(pool);
+	} else if (unlikely(*pool_object_count == 0)) {
+		/*
+		 * we mark the freed memory with where we called the free
+		 * from. This means on a double free error we can report where
+		 * the first free came from
+		 */
+		pool->name = location;
+
+		TC_INVALIDATE_FULL_CHUNK(pool);
+		free(pool);
+	} else if (pool->pool == next_tc) {
+		/*
+		 * if pool->pool still points to end of
+		 * 'tc' (which is stored in the 'next_tc' variable),
+		 * we can reclaim the memory of 'tc'.
+		 */
+		pool->pool = tc;
+	}
+}
+
+static inline void _talloc_free_children_internal(struct talloc_chunk *tc,
+						  void *ptr,
+						  const char *location);
+
 /* 
    internal talloc_free call
 */
@@ -779,42 +842,8 @@
 
 	tc->flags |= TALLOC_FLAG_LOOP;
 
-	while (tc->child) {
-		/* we need to work out who will own an abandoned child
-		   if it cannot be freed. In priority order, the first
-		   choice is owner of any remaining reference to this
-		   pointer, the second choice is our parent, and the
-		   final choice is the null context. */
-		void *child = TC_PTR_FROM_CHUNK(tc->child);
-		const void *new_parent = null_context;
-		struct talloc_chunk *old_parent = NULL;
-		if (unlikely(tc->child->refs)) {
-			struct talloc_chunk *p = talloc_parent_chunk(tc->child->refs);
-			if (p) new_parent = TC_PTR_FROM_CHUNK(p);
-		}
-		/* finding the parent here is potentially quite
-		   expensive, but the alternative, which is to change
-		   talloc to always have a valid tc->parent pointer,
-		   makes realloc more expensive where there are a
-		   large number of children.
+	_talloc_free_children_internal(tc, ptr, location);
 
-		   The reason we need the parent pointer here is that
-		   if _talloc_free_internal() fails due to references
-		   or a failing destructor we need to re-parent, but
-		   the free call can invalidate the prev pointer.
-		*/
-		if (new_parent == null_context && (tc->child->refs || tc->child->destructor)) {
-			old_parent = talloc_parent_chunk(ptr);
-		}
-		if (unlikely(_talloc_free_internal(child, location) == -1)) {
-			if (new_parent == null_context) {
-				struct talloc_chunk *p = old_parent;
-				if (p) new_parent = TC_PTR_FROM_CHUNK(p);
-			}
-			_talloc_steal_internal(new_parent, child);
-		}
-	}
-
 	tc->flags |= TALLOC_FLAG_FREE;
 
 	/* we mark the freed memory with where we called the free
@@ -823,22 +852,11 @@
 	 */	 
 	tc->name = location;
 
-	if (tc->flags & (TALLOC_FLAG_POOL|TALLOC_FLAG_POOLMEM)) {
-		struct talloc_chunk *pool;
-		void *next_tc = NULL;
+	if (tc->flags & TALLOC_FLAG_POOL) {
 		unsigned int *pool_object_count;
 
-		if (unlikely(tc->flags & TALLOC_FLAG_POOL)) {
-			pool = tc;
-		} else {
-			pool = (struct talloc_chunk *)tc->pool;
-			next_tc = TC_POOLMEM_NEXT_CHUNK(tc);
+		pool_object_count = talloc_pool_objectcount(tc);
 
-			TC_INVALIDATE_FULL_CHUNK(tc);
-		}
-
-		pool_object_count = talloc_pool_objectcount(pool);
-
 		if (unlikely(*pool_object_count == 0)) {
 			talloc_abort("Pool object count zero!");
 			return 0;
@@ -846,26 +864,12 @@
 
 		*pool_object_count -= 1;
 
-		if (unlikely(*pool_object_count == 1)) {
-			/*
-			 * if there is just object left in the pool
-			 * it means this is the pool itself and
-			 * the rest is available for new objects
-			 * again.
-			 */
-			pool->pool = TC_POOL_FIRST_CHUNK(pool);
-			TC_INVALIDATE_POOL(pool);
-		} else if (unlikely(*pool_object_count == 0)) {
-			TC_INVALIDATE_FULL_CHUNK(pool);
-			free(pool);
-		} else if (pool->pool == next_tc) {
-			/*
-			 * if pool->pool still points to end of
-			 * 'tc' (which is stored in the 'next_tc' variable),
-			 * we can reclaim the memory of 'tc'.
-			 */
-			pool->pool = tc;
+		if (unlikely(*pool_object_count == 0)) {
+			TC_INVALIDATE_FULL_CHUNK(tc);
+			free(tc);
 		}
+	} else if (tc->flags & TALLOC_FLAG_POOLMEM) {
+		_talloc_free_poolmem(tc, location);
 	} else {
 		TC_INVALIDATE_FULL_CHUNK(tc);
 		free(tc);
@@ -1230,21 +1234,10 @@
 	return ptr;
 }
 
-/*
-  this is a replacement for the Samba3 talloc_destroy_pool functionality. It
-  should probably not be used in new code. It's in here to keep the talloc
-  code consistent across Samba 3 and 4.
-*/
-_PUBLIC_ void talloc_free_children(void *ptr)
+static inline void _talloc_free_children_internal(struct talloc_chunk *tc,
+						  void *ptr,
+						  const char *location)
 {
-	struct talloc_chunk *tc;
-
-	if (unlikely(ptr == NULL)) {
-		return;
-	}
-
-	tc = talloc_chunk_from_ptr(ptr);
-
 	while (tc->child) {
 		/* we need to work out who will own an abandoned child
 		   if it cannot be freed. In priority order, the first
@@ -1253,13 +1246,28 @@
 		   final choice is the null context. */
 		void *child = TC_PTR_FROM_CHUNK(tc->child);
 		const void *new_parent = null_context;
+		struct talloc_chunk *old_parent = NULL;
 		if (unlikely(tc->child->refs)) {
 			struct talloc_chunk *p = talloc_parent_chunk(tc->child->refs);
 			if (p) new_parent = TC_PTR_FROM_CHUNK(p);
 		}
-		if (unlikely(talloc_free(child) == -1)) {
+		/* finding the parent here is potentially quite
+		   expensive, but the alternative, which is to change
+		   talloc to always have a valid tc->parent pointer,
+		   makes realloc more expensive where there are a
+		   large number of children.
+
+		   The reason we need the parent pointer here is that
+		   if _talloc_free_internal() fails due to references
+		   or a failing destructor we need to re-parent, but
+		   the free call can invalidate the prev pointer.
+		*/
+		if (new_parent == null_context && (tc->child->refs || tc->child->destructor)) {
+			old_parent = talloc_parent_chunk(ptr);
+		}
+		if (unlikely(_talloc_free_internal(child, location) == -1)) {
 			if (new_parent == null_context) {
-				struct talloc_chunk *p = talloc_parent_chunk(ptr);
+				struct talloc_chunk *p = old_parent;
 				if (p) new_parent = TC_PTR_FROM_CHUNK(p);
 			}
 			_talloc_steal_internal(new_parent, child);
@@ -1267,6 +1275,24 @@
 	}
 }
 
+/*
+  this is a replacement for the Samba3 talloc_destroy_pool functionality. It
+  should probably not be used in new code. It's in here to keep the talloc
+  code consistent across Samba 3 and 4.
+*/
+_PUBLIC_ void talloc_free_children(void *ptr)
+{
+	struct talloc_chunk *tc;
+
+	if (unlikely(ptr == NULL)) {
+		return;
+	}
+
+	tc = talloc_chunk_from_ptr(ptr);
+
+	_talloc_free_children_internal(tc, ptr, __location__);
+}
+
 /* 
    Allocate a bit of memory as a child of an existing pointer
 */
@@ -1445,8 +1471,13 @@
 		size_t new_chunk_size = TC_ALIGN16(TC_HDR_SIZE + size);
 		size_t space_needed;
 		size_t space_left;
+		unsigned int chunk_count = *talloc_pool_objectcount(pool_tc);
 
-		if (*talloc_pool_objectcount(pool_tc) == 2) {
+		if (!(pool_tc->flags & TALLOC_FLAG_FREE)) {
+			chunk_count -= 1;
+		}
+
+		if (chunk_count == 1) {
 			/*
 			 * optimize for the case where 'tc' is the only
 			 * chunk in the pool.
@@ -1473,6 +1504,7 @@
 				memmove(pool_tc->pool, tc, old_used);
 				new_ptr = pool_tc->pool;
 
+				tc = (struct talloc_chunk *)new_ptr;
 				TC_UNDEFINE_GROW_CHUNK(tc, size);
 
 				/*
@@ -1516,7 +1548,6 @@
 		}
 
 		new_ptr = talloc_alloc_pool(tc, size + TC_HDR_SIZE);
-		*talloc_pool_objectcount(pool_tc) -= 1;
 
 		if (new_ptr == NULL) {
 			new_ptr = malloc(TC_HDR_SIZE+size);
@@ -1525,21 +1556,8 @@
 
 		if (new_ptr) {
 			memcpy(new_ptr, tc, MIN(tc->size,size) + TC_HDR_SIZE);
-			TC_INVALIDATE_FULL_CHUNK(tc);
 
-			if (*talloc_pool_objectcount(pool_tc) == 1) {
-				/*
-				 * If the pool is empty now reclaim everything.
-				 */
-				pool_tc->pool = TC_POOL_FIRST_CHUNK(pool_tc);
-				TC_INVALIDATE_POOL(pool_tc);
-			} else if (next_tc == pool_tc->pool) {
-				/*
-				 * If it was reallocated and tc was the last
-				 * chunk, we can reclaim the memory of tc.
-				 */
-				pool_tc->pool = tc;
-			}
+			_talloc_free_poolmem(tc, __location__ "_talloc_realloc");
 		}
 	}
 	else {

Modified: branches/samba/experimental/lib/talloc/testsuite.c
===================================================================
--- branches/samba/experimental/lib/talloc/testsuite.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/talloc/testsuite.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -1128,23 +1128,31 @@
 	pool = talloc_pool(NULL, 1024);
 
 	p1 = talloc_size(pool, 80);
+	memset(p1, 0x11, talloc_get_size(p1));
 	p2 = talloc_size(pool, 20);
+	memset(p2, 0x11, talloc_get_size(p2));
 	p3 = talloc_size(p1, 50);
+	memset(p3, 0x11, talloc_get_size(p3));
 	p4 = talloc_size(p3, 1000);
+	memset(p4, 0x11, talloc_get_size(p4));
 
 #if 1 /* this relies on ALWAYS_REALLOC == 0 in talloc.c */
 	p2_2 = talloc_realloc_size(pool, p2, 20+1);
 	torture_assert("pool realloc 20+1", p2_2 == p2, "failed: pointer changed");
+	memset(p2, 0x11, talloc_get_size(p2));
 	p2_2 = talloc_realloc_size(pool, p2, 20-1);
 	torture_assert("pool realloc 20-1", p2_2 == p2, "failed: pointer changed");
+	memset(p2, 0x11, talloc_get_size(p2));
 	p2_2 = talloc_realloc_size(pool, p2, 20-1);
 	torture_assert("pool realloc 20-1", p2_2 == p2, "failed: pointer changed");
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	talloc_free(p3);
 
 	/* this should reclaim the memory of p4 and p3 */
 	p2_2 = talloc_realloc_size(pool, p2, 400);
 	torture_assert("pool realloc 400", p2_2 == p2, "failed: pointer changed");
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	talloc_free(p1);
 
@@ -1152,37 +1160,46 @@
 	p2_2 = talloc_realloc_size(pool, p2, 800);
 	torture_assert("pool realloc 800", p2_2 == p1, "failed: pointer not changed");
 	p2 = p2_2;
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	/* this should do a malloc */
 	p2_2 = talloc_realloc_size(pool, p2, 1800);
 	torture_assert("pool realloc 1800", p2_2 != p2, "failed: pointer not changed");
 	p2 = p2_2;
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	/* this should reclaim the memory from the pool */
 	p3 = talloc_size(pool, 80);
 	torture_assert("pool alloc 80", p3 == p1, "failed: pointer changed");
+	memset(p3, 0x11, talloc_get_size(p3));
 
 	talloc_free(p2);
 	talloc_free(p3);
 
 	p1 = talloc_size(pool, 80);
+	memset(p1, 0x11, talloc_get_size(p1));
 	p2 = talloc_size(pool, 20);
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	talloc_free(p1);
 
 	p2_2 = talloc_realloc_size(pool, p2, 20-1);
 	torture_assert("pool realloc 20-1", p2_2 == p2, "failed: pointer changed");
+	memset(p2, 0x11, talloc_get_size(p2));
 	p2_2 = talloc_realloc_size(pool, p2, 20-1);
 	torture_assert("pool realloc 20-1", p2_2 == p2, "failed: pointer changed");
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	/* this should do a malloc */
 	p2_2 = talloc_realloc_size(pool, p2, 1800);
 	torture_assert("pool realloc 1800", p2_2 != p2, "failed: pointer not changed");
 	p2 = p2_2;
+	memset(p2, 0x11, talloc_get_size(p2));
 
 	/* this should reclaim the memory from the pool */
 	p3 = talloc_size(pool, 800);
 	torture_assert("pool alloc 800", p3 == p1, "failed: pointer changed");
+	memset(p3, 0x11, talloc_get_size(p3));
 
 #endif /* this relies on ALWAYS_REALLOC == 0 in talloc.c */
 
@@ -1191,7 +1208,74 @@
 	return true;
 }
 
+static bool test_pool_steal(void)
+{
+	void *root;
+	void *pool;
+	void *p1, *p2;
+	void *p1_2, *p2_2;
+	size_t hdr;
+	size_t ofs1, ofs2;
 
+	root = talloc_new(NULL);
+	pool = talloc_pool(root, 1024);
+
+	p1 = talloc_size(pool, 4 * 16);
+	torture_assert("pool allocate 4 * 16", p1 != NULL, "failed ");
+	memset(p1, 0x11, talloc_get_size(p1));
+	p2 = talloc_size(pool, 4 * 16);
+	torture_assert("pool allocate 4 * 16", p2 > p1, "failed: !(p2 > p1) ");
+	memset(p2, 0x11, talloc_get_size(p2));
+
+	ofs1 = PTR_DIFF(p2, p1);
+	hdr = ofs1 - talloc_get_size(p1);
+
+	talloc_steal(root, p1);
+	talloc_steal(root, p2);
+
+	talloc_free(pool);
+
+	p1_2 = p1;
+
+#if 1 /* this relies on ALWAYS_REALLOC == 0 in talloc.c */
+	p1_2 = talloc_realloc_size(root, p1, 5 * 16);
+	torture_assert("pool realloc 5 * 16", p1_2 > p2, "failed: pointer not changed");
+	memset(p1_2, 0x11, talloc_get_size(p1_2));
+	ofs1 = PTR_DIFF(p1_2, p2);
+	ofs2 = talloc_get_size(p2) + hdr;
+
+	torture_assert("pool realloc ", ofs1 == ofs2, "failed: pointer offset unexpected");
+
+	p2_2 = talloc_realloc_size(root, p2, 3 * 16);
+	torture_assert("pool realloc 5 * 16", p2_2 == p2, "failed: pointer changed");
+	memset(p2_2, 0x11, talloc_get_size(p2_2));
+#endif /* this relies on ALWAYS_REALLOC == 0 in talloc.c */
+
+	talloc_free(p1_2);
+
+	p2_2 = p2;
+
+#if 1 /* this relies on ALWAYS_REALLOC == 0 in talloc.c */
+	/* now we should reclaim the full pool */
+	p2_2 = talloc_realloc_size(root, p2, 8 * 16);
+	torture_assert("pool realloc 8 * 16", p2_2 == p1, "failed: pointer not expected");
+	p2 = p2_2;
+	memset(p2_2, 0x11, talloc_get_size(p2_2));
+
+	/* now we malloc and free the full pool space */
+	p2_2 = talloc_realloc_size(root, p2, 2 * 1024);
+	torture_assert("pool realloc 2 * 1024", p2_2 != p1, "failed: pointer not expected");
+	memset(p2_2, 0x11, talloc_get_size(p2_2));
+
+#endif /* this relies on ALWAYS_REALLOC == 0 in talloc.c */
+
+	talloc_free(p2_2);
+
+	talloc_free(root);
+
+	return true;
+}
+
 static bool test_free_ref_null_context(void)
 {
 	void *p1, *p2, *p3;
@@ -1290,6 +1374,8 @@
 	test_reset();
 	ret &= test_pool();
 	test_reset();
+	ret &= test_pool_steal();
+	test_reset();
 	ret &= test_free_ref_null_context();
 	test_reset();
 	ret &= test_rusty();

Modified: branches/samba/experimental/lib/tevent/tevent_poll.c
===================================================================
--- branches/samba/experimental/lib/tevent/tevent_poll.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/tevent/tevent_poll.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -233,9 +233,21 @@
 
 			pfd = &poll_ev->fds[pfd_idx];
 
-			if (pfd->revents & (POLLIN|POLLHUP|POLLERR)) {
+			if (pfd->revents & (POLLHUP|POLLERR)) {
+				/* If we only wait for TEVENT_FD_WRITE, we
+				   should not tell the event handler about it,
+				   and remove the writable flag, as we only
+				   report errors when waiting for read events
+				   to match the select behavior. */
+				if (!(fde->flags & TEVENT_FD_READ)) {
+					TEVENT_FD_NOT_WRITEABLE(fde);
+					continue;
+				}
 				flags |= TEVENT_FD_READ;
 			}
+			if (pfd->revents & POLLIN) {
+				flags |= TEVENT_FD_READ;
+			}
 			if (pfd->revents & POLLOUT) {
 				flags |= TEVENT_FD_WRITE;
 			}

Modified: branches/samba/experimental/lib/util/asn1.c
===================================================================
--- branches/samba/experimental/lib/util/asn1.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/lib/util/asn1.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -885,10 +885,19 @@
 bool asn1_read_implicit_Integer(struct asn1_data *data, int *i)
 {
 	uint8_t b;
+	bool first_byte = true;
 	*i = 0;
 
 	while (!data->has_error && asn1_tag_remaining(data)>0) {
 		if (!asn1_read_uint8(data, &b)) return false;
+		if (first_byte) {
+			if (b & 0x80) {
+				/* Number is negative.
+				   Set i to -1 for sign extend. */
+				*i = -1;
+			}
+			first_byte = false;
+		}
 		*i = (*i << 8) + b;
 	}
 	return !data->has_error;	

Modified: branches/samba/experimental/packaging/RHEL/makerpms.sh
===================================================================
--- branches/samba/experimental/packaging/RHEL/makerpms.sh	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/packaging/RHEL/makerpms.sh	2011-06-07 21:08:24 UTC (rev 3813)
@@ -20,7 +20,7 @@
 
 USERID=`id -u`
 GRPID=`id -g`
-VERSION='3.6.0rc1'
+VERSION='3.6.0rc2'
 REVISION=''
 SPECFILE="samba.spec"
 RPMVER=`rpm --version | awk '{print $3}'`

Modified: branches/samba/experimental/packaging/RHEL/samba.spec
===================================================================
--- branches/samba/experimental/packaging/RHEL/samba.spec	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/packaging/RHEL/samba.spec	2011-06-07 21:08:24 UTC (rev 3813)
@@ -5,7 +5,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.6.0rc1
+Version:      3.6.0rc2
 Release:      1
 Epoch:        0
 License: GNU GPL version 3

Modified: branches/samba/experimental/packaging/RHEL-CTDB/samba.spec
===================================================================
--- branches/samba/experimental/packaging/RHEL-CTDB/samba.spec	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/packaging/RHEL-CTDB/samba.spec	2011-06-07 21:08:24 UTC (rev 3813)
@@ -5,7 +5,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.6.0rc1
+Version:      3.6.0rc2
 Release:      1GITHASH
 Epoch:        0
 License: GNU GPL version 3

Modified: branches/samba/experimental/source3/VERSION
===================================================================
--- branches/samba/experimental/source3/VERSION	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/VERSION	2011-06-07 21:08:24 UTC (rev 3813)
@@ -56,7 +56,7 @@
 # e.g. SAMBA_VERSION_RC_RELEASE=1                      #
 #  ->  "3.0.0rc1"                                      #
 ########################################################
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
 
 ########################################################
 # To mark SVN snapshots this should be set to 'yes'    #

Modified: branches/samba/experimental/source3/auth/auth_server.c
===================================================================
--- branches/samba/experimental/source3/auth/auth_server.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/auth/auth_server.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -427,7 +427,7 @@
 	}
 
 	/* if logged in as guest then reject */
-	if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
+	if (cli->is_guestlogin) {
 		DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
 		nt_status = NT_STATUS_LOGON_FAILURE;
 	}

Modified: branches/samba/experimental/source3/configure
===================================================================
--- branches/samba/experimental/source3/configure	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/configure	2011-06-07 21:08:24 UTC (rev 3813)
@@ -13285,12 +13285,25 @@
 		{
 			struct addrinfo hints = {0,};
 			struct addrinfo *ppres;
-			const char hostname[] = "0.0.0.0";
+			const char hostname1[] = "0.0.0.0";
+			const char hostname2[] = "127.0.0.1";
+			const char hostname3[] = "::";
 			hints.ai_socktype = SOCK_STREAM;
-			hints.ai_family = AF_INET;
+			hints.ai_family = AF_UNSPEC;
 			hints.ai_flags =
 				AI_NUMERICHOST|AI_PASSIVE|AI_ADDRCONFIG;
-			return getaddrinfo(hostname, NULL, &hints, &ppres) != 0 ? 1 : 0;
+			/* Test for broken flag combination on AIX. */
+			if (getaddrinfo(hostname1, NULL, &hints, &ppres) == EAI_BADFLAGS) {
+				/* This fails on an IPv6-only box, but not with
+				   the EAI_BADFLAGS error. */
+				return 1;
+			}
+			if (getaddrinfo(hostname2, NULL, &hints, &ppres) == 0) {
+				/* IPv4 lookup works - good enough. */
+				return 0;
+			}
+			/* Uh-oh, no IPv4. Are we IPv6-only ? */
+			return getaddrinfo(hostname3, NULL, &hints, &ppres) != 0 ? 1 : 0;
 		}
 _ACEOF
 if ac_fn_c_try_run "$LINENO"; then :

Modified: branches/samba/experimental/source3/include/client.h
===================================================================
--- branches/samba/experimental/source3/include/client.h	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/include/client.h	2011-06-07 21:08:24 UTC (rev 3813)
@@ -109,6 +109,7 @@
 	int initialised;
 	int win95;
 	bool is_samba;
+	bool is_guestlogin;
 	uint32 capabilities;
 	/* What the server offered. */
 	uint32_t server_posix_capabilities;

Modified: branches/samba/experimental/source3/include/ntioctl.h
===================================================================
--- branches/samba/experimental/source3/include/ntioctl.h	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/include/ntioctl.h	2011-06-07 21:08:24 UTC (rev 3813)
@@ -77,13 +77,12 @@
 /* For FSCTL_GET_SHADOW_COPY_DATA ...*/
 typedef char SHADOW_COPY_LABEL[25];
 
-typedef struct shadow_copy_data {
-	TALLOC_CTX *mem_ctx;
+struct shadow_copy_data {
 	/* Total number of shadow volumes currently mounted */
 	uint32 num_volumes;
 	/* Concatenated list of labels */
 	SHADOW_COPY_LABEL *labels;
-} SHADOW_COPY_DATA;
+};
 
 
 #endif /* _NTIOCTL_H */

Modified: branches/samba/experimental/source3/include/version.h
===================================================================
--- branches/samba/experimental/source3/include/version.h	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/include/version.h	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2,8 +2,8 @@
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 6
 #define SAMBA_VERSION_RELEASE 0
-#define SAMBA_VERSION_RC_RELEASE 1
-#define SAMBA_VERSION_OFFICIAL_STRING "3.6.0rc1"
+#define SAMBA_VERSION_RC_RELEASE 2
+#define SAMBA_VERSION_OFFICIAL_STRING "3.6.0rc2"
 #ifdef SAMBA_VERSION_VENDOR_FUNCTION
 #  define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
 #else /* SAMBA_VERSION_VENDOR_FUNCTION */

Modified: branches/samba/experimental/source3/lib/ctdbd_conn.c
===================================================================
--- branches/samba/experimental/source3/lib/ctdbd_conn.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/lib/ctdbd_conn.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -1361,6 +1361,11 @@
 	}
 
 	conn->release_ip_handler = release_ip_handler;
+	/*
+	 * store the IP address of the server socket for later
+	 * comparison in release_ip()
+	 */
+	conn->release_ip_priv = private_data;
 
 	/*
 	 * We want to be told about IP releases

Modified: branches/samba/experimental/source3/lib/events.c
===================================================================
--- branches/samba/experimental/source3/lib/events.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/lib/events.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -258,9 +258,22 @@
 			return false;
 		}
 
-		if (pfd->revents & (POLLIN|POLLHUP|POLLERR)) {
+		if (pfd->revents & (POLLHUP|POLLERR)) {
+			/* If we only wait for EVENT_FD_WRITE, we
+			   should not tell the event handler about it,
+			   and remove the writable flag, as we only
+			   report errors when waiting for read events
+			   to match the select behavior. */
+			if (!(fde->flags & EVENT_FD_READ)) {
+				EVENT_FD_NOT_WRITEABLE(fde);
+				continue;
+			}
 			flags |= EVENT_FD_READ;
 		}
+
+		if (pfd->revents & POLLIN) {
+			flags |= EVENT_FD_READ;
+		}
 		if (pfd->revents & POLLOUT) {
 			flags |= EVENT_FD_WRITE;
 		}

Modified: branches/samba/experimental/source3/libsmb/cliconnect.c
===================================================================
--- branches/samba/experimental/source3/libsmb/cliconnect.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/libsmb/cliconnect.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -259,8 +259,10 @@
 	uint8_t *p;
 	NTSTATUS status;
 	ssize_t ret;
+	uint8_t wct;
+	uint16_t *vwv;
 
-	status = cli_smb_recv(subreq, state, &in, 0, NULL, NULL,
+	status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
 			      &num_bytes, &bytes);
 	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -272,6 +274,7 @@
 	p = bytes;
 
 	cli->vuid = SVAL(inbuf, smb_uid);
+	cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
 
 	status = smb_bytes_talloc_string(cli,
 					inbuf,
@@ -487,8 +490,10 @@
 	uint8_t *p;
 	NTSTATUS status;
 	ssize_t ret;
+	uint8_t wct;
+	uint16_t *vwv;
 
-	status = cli_smb_recv(subreq, state, &in, 0, NULL, NULL,
+	status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
 			      &num_bytes, &bytes);
 	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -500,6 +505,7 @@
 	p = bytes;
 
 	cli->vuid = SVAL(inbuf, smb_uid);
+	cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
 
 	status = smb_bytes_talloc_string(cli,
 					inbuf,
@@ -695,8 +701,10 @@
 	uint8_t *p;
 	NTSTATUS status;
 	ssize_t ret;
+	uint8_t wct;
+	uint16_t *vwv;
 
-	status = cli_smb_recv(subreq, state, &in, 0, NULL, NULL,
+	status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
 			      &num_bytes, &bytes);
 	TALLOC_FREE(subreq);
 	if (tevent_req_nterror(req, status)) {
@@ -707,6 +715,7 @@
 	p = bytes;
 
 	cli->vuid = SVAL(inbuf, smb_uid);
+	cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
 
 	status = smb_bytes_talloc_string(cli,
 					inbuf,
@@ -1051,8 +1060,10 @@
 	uint8_t *p;
 	NTSTATUS status;
 	ssize_t ret;
+	uint8_t wct;
+	uint16_t *vwv;
 
-	status = cli_smb_recv(subreq, state, &in, 0, NULL, NULL,
+	status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
 			      &num_bytes, &bytes);
 	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -1064,6 +1075,7 @@
 	p = bytes;
 
 	cli->vuid = SVAL(inbuf, smb_uid);
+	cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
 
 	status = smb_bytes_talloc_string(cli,
 					inbuf,
@@ -1291,7 +1303,7 @@
 	uint8_t *inbuf;
 	ssize_t ret;
 
-	status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
+	status = cli_smb_recv(subreq, state, &inbuf, 4, &wct, &vwv,
 			      &num_bytes, &bytes);
 	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status)
@@ -1305,6 +1317,7 @@
 
 	state->inbuf = (char *)inbuf;
 	cli->vuid = SVAL(state->inbuf, smb_uid);
+	cli->is_guestlogin = ((SVAL(vwv+2, 0) & 1) != 0);
 
 	blob_length = SVAL(vwv+3, 0);
 	if (blob_length > num_bytes) {
@@ -1887,6 +1900,9 @@
 			host = strchr_m(cli->desthost, '.');
 			if (dest_realm) {
 				realm = SMB_STRDUP(dest_realm);
+				if (!realm) {
+					return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+				}
 				strupper_m(realm);
 			} else {
 				if (host) {
@@ -1898,19 +1914,33 @@
 				}
 			}
 
-			if (realm && *realm) {
-				principal = talloc_asprintf(talloc_tos(),
-							    "cifs/%s@%s",
-							    cli->desthost,
-							    realm);
-				if (!principal) {
-					SAFE_FREE(realm);
+			if (realm == NULL || *realm == '\0') {
+				realm = SMB_STRDUP(lp_realm());
+				if (!realm) {
 					return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 				}
-				DEBUG(3,("cli_session_setup_spnego: guessed "
-					"server principal=%s\n",
-					principal ? principal : "<null>"));
+				strupper_m(realm);
+				DEBUG(3,("cli_session_setup_spnego: cannot "
+					"get realm from dest_realm %s, "
+					"desthost %s. Using default "
+					"smb.conf realm %s\n",
+					dest_realm ? dest_realm : "<null>",
+					cli->desthost,
+					realm));
 			}
+
+			principal = talloc_asprintf(talloc_tos(),
+						    "cifs/%s@%s",
+						    cli->desthost,
+						    realm);
+			if (!principal) {
+				SAFE_FREE(realm);
+				return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+			}
+			DEBUG(3,("cli_session_setup_spnego: guessed "
+				"server principal=%s\n",
+				principal ? principal : "<null>"));
+
 			SAFE_FREE(realm);
 		}
 
@@ -2655,11 +2685,14 @@
 		}
 		/* work out if they sent us a workgroup */
 		if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
-		    smb_buflen(cli->inbuf) > 8) {
-			clistr_pull(cli->inbuf, cli->server_domain,
-				    bytes+8, sizeof(cli->server_domain),
-				    num_bytes-8,
-				    STR_UNICODE|STR_NOALIGN);
+		    smb_buflen(inbuf) > 8) {
+			ssize_t ret;
+			status = smb_bytes_talloc_string(
+				cli, (char *)inbuf, &cli->server_domain,
+				bytes + 8, num_bytes - 8, &ret);
+			if (tevent_req_nterror(req, status)) {
+				return;
+			}
 		}
 
 		/*

Modified: branches/samba/experimental/source3/modules/nfs4_acls.c
===================================================================
--- branches/samba/experimental/source3/modules/nfs4_acls.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/nfs4_acls.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -52,6 +52,57 @@
 	SMB_ACE4_INT_T	*last;
 } SMB_ACL4_INT_T;
 
+/************************************************
+ Split the ACE flag mapping between nfs4 and Windows
+ into two separate functions rather than trying to do
+ it inline. Allows us to carefully control what flags
+ are mapped to what in one place.
+************************************************/
+
+static uint32_t map_nfs4_ace_flags_to_windows_ace_flags(uint32_t nfs4_ace_flags)
+{
+	uint32_t win_ace_flags = 0;
+
+	/* The nfs4 flags <= 0xf map perfectly. */
+	win_ace_flags = nfs4_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
+				      SEC_ACE_FLAG_CONTAINER_INHERIT|
+				      SEC_ACE_FLAG_NO_PROPAGATE_INHERIT|
+				      SEC_ACE_FLAG_INHERIT_ONLY);
+
+	/* flags greater than 0xf have diverged :-(. */
+	/* See the nfs4 ace flag definitions here:
+	   http://www.ietf.org/rfc/rfc3530.txt.
+	   And the Windows ace flag definitions here:
+	   librpc/idl/security.idl. */
+	if (nfs4_ace_flags & SMB_ACE4_INHERITED_ACE) {
+		win_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
+	}
+
+	return win_ace_flags;
+}
+
+static uint32_t map_windows_ace_flags_to_nfs4_ace_flags(uint32_t win_ace_flags)
+{
+	uint32_t nfs4_ace_flags = 0;
+
+	/* The windows flags <= 0xf map perfectly. */
+	nfs4_ace_flags = win_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|
+				      SMB_ACE4_DIRECTORY_INHERIT_ACE|
+				      SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+				      SMB_ACE4_INHERIT_ONLY_ACE);
+
+	/* flags greater than 0xf have diverged :-(. */
+	/* See the nfs4 ace flag definitions here:
+	   http://www.ietf.org/rfc/rfc3530.txt.
+	   And the Windows ace flag definitions here:
+	   librpc/idl/security.idl. */
+	if (win_ace_flags & SEC_ACE_FLAG_INHERITED_ACE) {
+		nfs4_ace_flags |= SMB_ACE4_INHERITED_ACE;
+	}
+
+	return nfs4_ace_flags;
+}
+
 static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *theacl)
 {
 	SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
@@ -234,7 +285,7 @@
 		uint32_t mask;
 		struct dom_sid sid;
 		SMB_ACE4PROP_T	*ace = &aceint->prop;
-		uint32_t mapped_ace_flags;
+		uint32_t win_ace_flags;
 
 		DEBUG(10, ("magic: 0x%x, type: %d, iflags: %x, flags: %x, mask: %x, "
 			"who: %d\n", aceint->magic, ace->aceType, ace->flags,
@@ -271,25 +322,25 @@
 			ace->aceMask |= SMB_ACE4_DELETE_CHILD;
 		}
 
-		mapped_ace_flags = ace->aceFlags & 0xf;
-		if (!is_directory && (mapped_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE))) {
+		win_ace_flags = map_nfs4_ace_flags_to_windows_ace_flags(ace->aceFlags);
+		if (!is_directory && (win_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT))) {
 			/*
 			 * GPFS sets inherits dir_inhert and file_inherit flags
 			 * to files, too, which confuses windows, and seems to
 			 * be wrong anyways. ==> Map these bits away for files.
 			 */
 			DEBUG(10, ("removing inherit flags from nfs4 ace\n"));
-			mapped_ace_flags &= ~(SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE);
+			win_ace_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT);
 		}
-		DEBUG(10, ("mapped ace flags: 0x%x => 0x%x\n",
-		      ace->aceFlags, mapped_ace_flags));
+		DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n",
+		      ace->aceFlags, win_ace_flags));
 
 		/* Windows clients expect SYNC on acls to
 		   correctly allow rename. See bug #7909. */
 		mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
 		init_sec_ace(&nt_ace_list[good_aces++], &sid,
 			ace->aceType, mask,
-			mapped_ace_flags);
+			win_ace_flags);
 	}
 
 	*ppnt_ace_list = nt_ace_list;
@@ -561,7 +612,7 @@
 
 	memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
 	ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
-	ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
+	ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(ace_nt->flags);
 	ace_v4->aceMask = ace_nt->access_mask &
 		(SEC_STD_ALL | SEC_FILE_ALL);
 

Modified: branches/samba/experimental/source3/modules/nfs4_acls.h
===================================================================
--- branches/samba/experimental/source3/modules/nfs4_acls.h	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/nfs4_acls.h	2011-06-07 21:08:24 UTC (rev 3813)
@@ -76,9 +76,10 @@
 #define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG   0x00000010
 #define SMB_ACE4_FAILED_ACCESS_ACE_FLAG       0x00000020
 #define SMB_ACE4_IDENTIFIER_GROUP             0x00000040
+#define SMB_ACE4_INHERITED_ACE                0x00000080
 #define SMB_ACE4_ALL_FLAGS	( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
 | SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
-| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP )
+| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP | SMB_ACE4_INHERITED_ACE)
 
 	uint32	aceMask;	/* Access rights */
 /*The bitmask constants used for the access mask field are as follows: */

Modified: branches/samba/experimental/source3/modules/vfs_default.c
===================================================================
--- branches/samba/experimental/source3/modules/vfs_default.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_default.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -84,7 +84,10 @@
 #endif
 }
 
-static int vfswrap_get_shadow_copy_data(struct vfs_handle_struct *handle, struct files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, bool labels)
+static int vfswrap_get_shadow_copy_data(struct vfs_handle_struct *handle,
+					struct files_struct *fsp,
+					struct shadow_copy_data *shadow_copy_data,
+					bool labels)
 {
 	errno = ENOSYS;
 	return -1;  /* Not implemented. */

Modified: branches/samba/experimental/source3/modules/vfs_full_audit.c
===================================================================
--- branches/samba/experimental/source3/modules/vfs_full_audit.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_full_audit.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -695,7 +695,8 @@
 
 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
 				struct files_struct *fsp,
-				SHADOW_COPY_DATA *shadow_copy_data, bool labels)
+				struct shadow_copy_data *shadow_copy_data,
+				bool labels)
 {
 	int result;
 

Modified: branches/samba/experimental/source3/modules/vfs_shadow_copy.c
===================================================================
--- branches/samba/experimental/source3/modules/vfs_shadow_copy.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_shadow_copy.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -216,7 +216,10 @@
 	return 0;	
 }
 
-static int shadow_copy_get_shadow_copy_data(vfs_handle_struct *handle, files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, bool labels)
+static int shadow_copy_get_shadow_copy_data(vfs_handle_struct *handle,
+					    files_struct *fsp,
+					    struct shadow_copy_data *shadow_copy_data,
+					    bool labels)
 {
 	SMB_STRUCT_DIR *p = SMB_VFS_NEXT_OPENDIR(handle,fsp->conn->connectpath,NULL,0);
 
@@ -250,7 +253,7 @@
 			continue;
 		}
 
-		tlabels = (SHADOW_COPY_LABEL *)TALLOC_REALLOC(shadow_copy_data->mem_ctx,
+		tlabels = (SHADOW_COPY_LABEL *)TALLOC_REALLOC(shadow_copy_data,
 									shadow_copy_data->labels,
 									(shadow_copy_data->num_volumes+1)*sizeof(SHADOW_COPY_LABEL));
 		if (tlabels == NULL) {

Modified: branches/samba/experimental/source3/modules/vfs_shadow_copy2.c
===================================================================
--- branches/samba/experimental/source3/modules/vfs_shadow_copy2.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_shadow_copy2.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -837,7 +837,7 @@
   sort the shadow copy data in ascending or descending order
  */
 static void shadow_copy2_sort_data(vfs_handle_struct *handle,
-				   SHADOW_COPY_DATA *shadow_copy2_data)
+				   struct shadow_copy_data *shadow_copy2_data)
 {
 	int (*cmpfunc)(const void *, const void *);
 	const char *sort;
@@ -869,7 +869,7 @@
 
 static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, 
 					      files_struct *fsp, 
-					      SHADOW_COPY_DATA *shadow_copy2_data, 
+					      struct shadow_copy_data *shadow_copy2_data,
 					      bool labels)
 {
 	SMB_STRUCT_DIR *p;
@@ -918,7 +918,7 @@
 			continue;
 		}
 
-		tlabels = talloc_realloc(shadow_copy2_data->mem_ctx,
+		tlabels = talloc_realloc(shadow_copy2_data,
 					 shadow_copy2_data->labels,
 					 SHADOW_COPY_LABEL, shadow_copy2_data->num_volumes+1);
 		if (tlabels == NULL) {

Modified: branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.c
===================================================================
--- branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -417,6 +417,17 @@
 	 */
 	char state_flags[9] = "000000\0";
 
+	/**
+	 * The first byte of the state flag string represents
+	 * the modules protocol subversion number, defined
+	 * in smb_traffic_analyzer.h. smbtatools/smbtad are designed
+	 * to handle not yet implemented protocol enhancements
+	 * by ignoring them. By recognizing the SMBTA_SUBRELEASE
+	 * smbtatools can tell the user to update the client
+	 * software.
+	 */
+	state_flags[0] = SMBTA_SUBRELEASE;
+
 	SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
 
 	if (rf_sock == NULL || rf_sock->sock == -1) {
@@ -452,7 +463,7 @@
 					"protocol_version", NULL );
 
 
-	if ( protocol_version == NULL || strcmp( protocol_version,"V1") == 0) {
+	if (protocol_version != NULL && strcmp(protocol_version,"V1") == 0) {
 
 		struct rw_data *s_data = (struct rw_data *) data;
 
@@ -489,7 +500,10 @@
 		return;
 		}
 
-	} else if ( strcmp( protocol_version, "V2") == 0) {
+	} else {
+		/**
+		 * Protocol 2 is used by default.
+		 */
 
 		switch( vfs_operation ) {
 		case vfs_id_open: ;
@@ -557,10 +571,6 @@
 			return;
 		}
 
-	} else {
-		DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
-			"error, unknown protocol given!\n"));
-		return;
 	}
 
 	if (!str) {

Modified: branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.h
===================================================================
--- branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.h	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_smb_traffic_analyzer.h	2011-06-07 21:08:24 UTC (rev 3813)
@@ -77,7 +77,7 @@
  */
 
 /* Protocol subrelease number */
-#define SMBTA_SUBRELEASE 0
+#define SMBTA_SUBRELEASE '0'
 
 /*
  * Every data block sends a number of blocks sending common data

Modified: branches/samba/experimental/source3/modules/vfs_time_audit.c
===================================================================
--- branches/samba/experimental/source3/modules/vfs_time_audit.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/modules/vfs_time_audit.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -144,7 +144,7 @@
 
 static int smb_time_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
 					       struct files_struct *fsp,
-					       SHADOW_COPY_DATA *shadow_copy_data,
+					       struct shadow_copy_data *shadow_copy_data,
 					       bool labels)
 {
 	int result;

Modified: branches/samba/experimental/source3/param/loadparm.c
===================================================================
--- branches/samba/experimental/source3/param/loadparm.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/param/loadparm.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -708,6 +708,7 @@
 static bool handle_netbios_aliases( int snum, const char *pszParmValue, char **ptr );
 static bool handle_netbios_scope( int snum, const char *pszParmValue, char **ptr );
 static bool handle_charset( int snum, const char *pszParmValue, char **ptr );
+static bool handle_dos_charset( int snum, const char *pszParmValue, char **ptr );
 static bool handle_printing( int snum, const char *pszParmValue, char **ptr);
 static bool handle_ldap_debug_level( int snum, const char *pszParmValue, char **ptr);
 
@@ -955,7 +956,7 @@
 		.type		= P_STRING,
 		.p_class	= P_GLOBAL,
 		.ptr		= &Globals.dos_charset,
-		.special	= handle_charset,
+		.special	= handle_dos_charset,
 		.enum_list	= NULL,
 		.flags		= FLAG_ADVANCED
 	},
@@ -1160,7 +1161,7 @@
 		.ptr		= &Globals.bNullPasswords,
 		.special	= NULL,
 		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED,
+		.flags		= FLAG_ADVANCED | FLAG_DEPRECATED,
 	},
 	{
 		.label		= "obey pam restrictions",
@@ -1259,7 +1260,7 @@
 		.ptr		= &Globals.bEnablePrivileges,
 		.special	= NULL,
 		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED,
+		.flags		= FLAG_ADVANCED | FLAG_DEPRECATED,
 	},
 
 	{
@@ -1332,7 +1333,7 @@
 		.ptr		= &Globals.pwordlevel,
 		.special	= NULL,
 		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED,
+		.flags		= FLAG_ADVANCED | FLAG_DEPRECATED,
 	},
 	{
 		.label		= "username level",
@@ -1431,7 +1432,7 @@
 		.ptr		= &sDefault.szUsername,
 		.special	= NULL,
 		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
+		.flags		= FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE | FLAG_DEPRECATED,
 	},
 	{
 		.label		= "user",
@@ -2294,7 +2295,7 @@
 		.ptr		= &Globals.bUseSpnego,
 		.special	= NULL,
 		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED,
+		.flags		= FLAG_ADVANCED | FLAG_DEPRECATED,
 	},
 	{
 		.label		= "client signing",
@@ -7531,8 +7532,45 @@
 	return True;
 }
 
+static bool handle_dos_charset(int snum, const char *pszParmValue, char **ptr)
+{
+	bool is_utf8 = false;
+	size_t len = strlen(pszParmValue);
 
+	if (len == 4 || len == 5) {
+		/* Don't use StrCaseCmp here as we don't want to
+		   initialize iconv. */
+		if ((toupper_ascii(pszParmValue[0]) == 'U') &&
+		    (toupper_ascii(pszParmValue[1]) == 'T') &&
+		    (toupper_ascii(pszParmValue[2]) == 'F')) {
+			if (len == 4) {
+				if (pszParmValue[3] == '8') {
+					is_utf8 = true;
+				}
+			} else {
+				if (pszParmValue[3] == '-' &&
+				    pszParmValue[4] == '8') {
+					is_utf8 = true;
+				}
+			}
+		}
+	}
 
+	if (strcmp(*ptr, pszParmValue) != 0) {
+		if (is_utf8) {
+			DEBUG(0,("ERROR: invalid DOS charset: 'dos charset' must not "
+				"be UTF8, using (default value) %s instead.\n",
+				DEFAULT_DOS_CHARSET));
+			pszParmValue = DEFAULT_DOS_CHARSET;
+		}
+		string_set(ptr, pszParmValue);
+		init_iconv();
+	}
+	return True;
+}
+
+
+
 static bool handle_workgroup(int snum, const char *pszParmValue, char **ptr)
 {
 	bool ret;
@@ -9580,6 +9618,17 @@
 	set_default_server_announce_type();
 	set_allowed_client_auth();
 
+	if (lp_security() == SEC_SHARE) {
+		DEBUG(1, ("WARNING: The security=share option is deprecated\n"));
+	} else if (lp_security() == SEC_SERVER) {
+		DEBUG(1, ("WARNING: The security=server option is deprecated\n"));
+	}
+
+	if (lp_security() == SEC_ADS && strchr(lp_passwordserver(), ':')) {
+		DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
+			  lp_passwordserver()));
+	}
+
 	bLoaded = True;
 
 	/* Now we check bWINSsupport and set szWINSserver to 127.0.0.1 */

Modified: branches/samba/experimental/source3/passdb/pdb_get_set.c
===================================================================
--- branches/samba/experimental/source3/passdb/pdb_get_set.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/passdb/pdb_get_set.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -123,8 +123,7 @@
 
 bool pdb_get_pass_can_change(const struct samu *sampass)
 {
-	if (sampass->pass_can_change_time == get_time_t_max() &&
-	    sampass->pass_last_set_time != 0)
+	if (sampass->pass_can_change_time == get_time_t_max())
 		return False;
 	return True;
 }

Modified: branches/samba/experimental/source3/printing/print_standard.c
===================================================================
--- branches/samba/experimental/source3/printing/print_standard.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/printing/print_standard.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -93,6 +93,10 @@
 
 			has_punctuation = (strchr_m(p, ' ') ||
 			                   strchr_m(p, '\t') ||
+					   strchr_m(p, '"') ||
+					   strchr_m(p, '\'') ||
+					   strchr_m(p, ';') ||
+					   strchr_m(p, ',') ||
 			                   strchr_m(p, '(') ||
 			                   strchr_m(p, ')'));
 
@@ -101,11 +105,7 @@
 				continue;
 			}
 
-			if (strlen(p) <= MAXPRINTERLEN &&
-			    strlen(p) > strlen(name) && !has_punctuation) {
-				if (!*comment) {
-					strlcpy(comment, name, sizeof(comment));
-				}
+			if (strlen(p) <= MAXPRINTERLEN && *name == '\0' && !has_punctuation) {
 				strlcpy(name, p, sizeof(name));
 				continue;
 			}
@@ -117,9 +117,6 @@
 			}
 		}
 
-		comment[60] = 0;
-		name[MAXPRINTERLEN] = 0;
-
 		if (*name && !pcap_cache_add(name, comment, NULL)) {
 			x_fclose(pcap_file);
 			return false;

Modified: branches/samba/experimental/source3/rpc_server/rpc_ep_setup.c
===================================================================
--- branches/samba/experimental/source3/rpc_server/rpc_ep_setup.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/rpc_server/rpc_ep_setup.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -133,7 +133,7 @@
 					  struct tevent_context *ev_ctx,
 					  struct messaging_context *msg_ctx,
 					  const struct ndr_interface_table *iface,
-					  const char *name,
+					  const char *ncalrpc,
 					  uint16_t port,
 					  struct dcerpc_binding_handle **pbh);
 
@@ -256,7 +256,7 @@
 					  struct tevent_context *ev_ctx,
 					  struct messaging_context *msg_ctx,
 					  const struct ndr_interface_table *iface,
-					  const char *name,
+					  const char *ncalrpc,
 					  uint16_t port,
 					  struct dcerpc_binding_handle **pbh)
 {
@@ -266,7 +266,7 @@
 	status = dcerpc_binding_vector_create(mem_ctx,
 					      iface,
 					      port,
-					      name,
+					      ncalrpc,
 					      &v);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -276,7 +276,7 @@
 				    iface,
 				    v,
 				    &iface->syntax_id.uuid,
-				    name,
+				    iface->name,
 				    pbh);
 	talloc_free(v);
 	if (!NT_STATUS_IS_OK(status)) {

Modified: branches/samba/experimental/source3/rpc_server/rpc_server.c
===================================================================
--- branches/samba/experimental/source3/rpc_server/rpc_server.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/rpc_server/rpc_server.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -263,6 +263,17 @@
 	}
 	state->fd = -1;
 
+	/*
+	 * As lp_ncalrpc_dir() should have 0755, but
+	 * lp_ncalrpc_dir()/np should have 0700, we need to
+	 * create lp_ncalrpc_dir() first.
+	 */
+	if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0755)) {
+		DEBUG(0, ("Failed to create pipe directory %s - %s\n",
+			  lp_ncalrpc_dir(), strerror(errno)));
+		goto out;
+	}
+
 	np_dir = talloc_asprintf(state, "%s/np", lp_ncalrpc_dir());
 	if (!np_dir) {
 		DEBUG(0, ("Out of memory\n"));
@@ -889,13 +900,13 @@
 		return false;
 	}
 
-	if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0700)) {
+	if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0755)) {
 		DEBUG(0, ("Failed to create pipe directory %s - %s\n",
 			  lp_ncalrpc_dir(), strerror(errno)));
 		goto out;
 	}
 
-	state->fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0700);
+	state->fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0755);
 	if (state->fd == -1) {
 		DEBUG(0, ("Failed to create pipe socket! [%s/%s]\n",
 			  lp_ncalrpc_dir(), name));

Modified: branches/samba/experimental/source3/rpc_server/samr/srv_samr_util.c
===================================================================
--- branches/samba/experimental/source3/rpc_server/samr/srv_samr_util.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/rpc_server/samr/srv_samr_util.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -612,7 +612,16 @@
 		DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l,
 			from->password_expired));
 		if (from->password_expired != 0) {
-			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+			/* Only allow the set_time to zero (which means
+			   "User Must Change Password on Next Login"
+			   if the user object allows password change. */
+			if (pdb_get_pass_can_change(to)) {
+				pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+			} else {
+				DEBUG(10,("%s Disallowing set of 'User Must "
+					"Change Password on Next Login' as "
+					"user object disallows this.\n", l));
+			}
 		} else {
 			/* A subtlety here: some windows commands will
 			   clear the expired flag even though it's not

Modified: branches/samba/experimental/source3/smbd/nttrans.c
===================================================================
--- branches/samba/experimental/source3/smbd/nttrans.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/nttrans.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2214,8 +2214,7 @@
 		 * Allocate the correct amount and return the pointer to let
 		 * it be deallocated when we return.
 		 */
-		SHADOW_COPY_DATA *shadow_data = NULL;
-		TALLOC_CTX *shadow_mem_ctx = NULL;
+		struct shadow_copy_data *shadow_data = NULL;
 		bool labels = False;
 		uint32 labels_data_count = 0;
 		uint32 i;
@@ -2236,28 +2235,19 @@
 			labels = True;
 		}
 
-		shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA");
-		if (shadow_mem_ctx == NULL) {
-			DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
-			reply_nterror(req, NT_STATUS_NO_MEMORY);
-			return;
-		}
-
-		shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
+		shadow_data = TALLOC_ZERO_P(talloc_tos(),
+					    struct shadow_copy_data);
 		if (shadow_data == NULL) {
 			DEBUG(0,("TALLOC_ZERO() failed!\n"));
-			talloc_destroy(shadow_mem_ctx);
 			reply_nterror(req, NT_STATUS_NO_MEMORY);
 			return;
 		}
 
-		shadow_data->mem_ctx = shadow_mem_ctx;
-
 		/*
 		 * Call the VFS routine to actually do the work.
 		 */
 		if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) {
-			talloc_destroy(shadow_data->mem_ctx);
+			TALLOC_FREE(shadow_data);
 			if (errno == ENOSYS) {
 				DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n", 
 					conn->connectpath));
@@ -2282,14 +2272,14 @@
 		if (max_data_count<data_count) {
 			DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
 				max_data_count,data_count));
-			talloc_destroy(shadow_data->mem_ctx);
+			TALLOC_FREE(shadow_data);
 			reply_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
 			return;
 		}
 
 		pdata = nttrans_realloc(ppdata, data_count);
 		if (pdata == NULL) {
-			talloc_destroy(shadow_data->mem_ctx);
+			TALLOC_FREE(shadow_data);
 			reply_nterror(req, NT_STATUS_NO_MEMORY);
 			return;
 		}
@@ -2322,7 +2312,7 @@
 			}
 		}
 
-		talloc_destroy(shadow_data->mem_ctx);
+		TALLOC_FREE(shadow_data);
 
 		send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0,
 				pdata, data_count);

Modified: branches/samba/experimental/source3/smbd/open.c
===================================================================
--- branches/samba/experimental/source3/smbd/open.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/open.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -1056,18 +1056,8 @@
 	return false;
 }
 
-static bool file_has_brlocks(files_struct *fsp)
-{
-	struct byte_range_lock *br_lck;
-
-	br_lck = brl_get_locks_readonly(fsp);
-	if (!br_lck)
-		return false;
-
-	return br_lck->num_locks > 0 ? true : false;
-}
-
 static void grant_fsp_oplock_type(files_struct *fsp,
+				const struct byte_range_lock *br_lck,
 				int oplock_request,
 				bool got_level2_oplock,
 				bool got_a_none_oplock)
@@ -1085,7 +1075,7 @@
 		DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
 			fsp->oplock_type, fsp_str_dbg(fsp)));
 		return;
-	} else if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
+	} else if (br_lck && br_lck->num_locks > 0) {
 		DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
 			fsp_str_dbg(fsp)));
 		fsp->oplock_type = NO_OPLOCK;
@@ -1563,6 +1553,55 @@
 	}
 }
 
+/****************************************************************
+ Ensure we get the brlock lock followed by the share mode lock
+ in the correct order to prevent deadlocks if other smbd's are
+ using the brlock database on this file simultaneously with this open
+ (that code also gets the locks in brlock -> share mode lock order).
+****************************************************************/
+
+static bool acquire_ordered_locks(TALLOC_CTX *mem_ctx,
+				files_struct *fsp,
+				const struct file_id id,
+				const char *connectpath,
+				const struct smb_filename *smb_fname,
+				const struct timespec *p_old_write_time,
+				struct share_mode_lock **p_lck,
+				struct byte_range_lock **p_br_lck)
+{
+	/* Ordering - we must get the br_lck for this
+	   file before the share mode. */
+	if (lp_locking(fsp->conn->params)) {
+		*p_br_lck = brl_get_locks_readonly(fsp);
+		if (*p_br_lck == NULL) {
+			DEBUG(0, ("Could not get br_lock\n"));
+			return false;
+		}
+		/* Note - we don't need to free the returned
+		   br_lck explicitly as it was allocated on talloc_tos()
+		   and so will be autofreed (and release the lock)
+		   once the frame context disappears.
+
+		   If it was set to fsp->brlock_rec then it was
+		   talloc_move'd to hang off the fsp pointer and
+		   in this case is guarenteed to not be holding the
+		   lock on the brlock database. */
+	}
+
+	*p_lck = get_share_mode_lock(mem_ctx,
+				id,
+				connectpath,
+				smb_fname,
+				p_old_write_time);
+
+	if (*p_lck == NULL) {
+		DEBUG(0, ("Could not get share mode lock\n"));
+		TALLOC_FREE(*p_br_lck);
+		return false;
+	}
+	return true;
+}
+
 /****************************************************************************
  Open a file with a share mode. Passed in an already created files_struct *.
 ****************************************************************************/
@@ -1907,6 +1946,7 @@
 	}
 
 	if (file_existed) {
+		struct byte_range_lock *br_lck = NULL;
 		struct share_mode_entry *batch_entry = NULL;
 		struct share_mode_entry *exclusive_entry = NULL;
 		bool got_level2_oplock = false;
@@ -1915,12 +1955,14 @@
 		struct timespec old_write_time = smb_fname->st.st_ex_mtime;
 		id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
 
-		lck = get_share_mode_lock(talloc_tos(), id,
-					  conn->connectpath,
-					  smb_fname, &old_write_time);
-
-		if (lck == NULL) {
-			DEBUG(0, ("Could not get share mode lock\n"));
+		if (!acquire_ordered_locks(talloc_tos(),
+					fsp,
+					id,
+					conn->connectpath,
+					smb_fname,
+					&old_write_time,
+					&lck,
+					&br_lck)) {
 			return NT_STATUS_SHARING_VIOLATION;
 		}
 
@@ -1974,6 +2016,7 @@
 		}
 
 		grant_fsp_oplock_type(fsp,
+				br_lck,
                                 oplock_request,
                                 got_level2_oplock,
                                 got_a_none_oplock);
@@ -2137,6 +2180,7 @@
 	}
 
 	if (!file_existed) {
+		struct byte_range_lock *br_lck = NULL;
 		struct share_mode_entry *batch_entry = NULL;
 		struct share_mode_entry *exclusive_entry = NULL;
 		bool got_level2_oplock = false;
@@ -2159,15 +2203,14 @@
 
 		id = fsp->file_id;
 
-		lck = get_share_mode_lock(talloc_tos(), id,
-					  conn->connectpath,
-					  smb_fname, &old_write_time);
-
-		if (lck == NULL) {
-			DEBUG(0, ("open_file_ntcreate: Could not get share "
-				  "mode lock for %s\n",
-				  smb_fname_str_dbg(smb_fname)));
-			fd_close(fsp);
+		if (!acquire_ordered_locks(talloc_tos(),
+					fsp,
+					id,
+					conn->connectpath,
+					smb_fname,
+					&old_write_time,
+					&lck,
+					&br_lck)) {
 			return NT_STATUS_SHARING_VIOLATION;
 		}
 
@@ -2238,6 +2281,7 @@
 		}
 
 		grant_fsp_oplock_type(fsp,
+				br_lck,
                                 oplock_request,
                                 got_level2_oplock,
                                 got_a_none_oplock);

Modified: branches/samba/experimental/source3/smbd/process.c
===================================================================
--- branches/samba/experimental/source3/smbd/process.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/process.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2357,6 +2357,9 @@
 		p = addr + 7;
 	}
 
+	DEBUG(10, ("Got release IP message for %s, "
+		   "our address is %s\n", ip, p));
+
 	if ((strcmp(p, ip) == 0) || ((p != addr) && strcmp(addr, ip) == 0)) {
 		/* we can't afford to do a clean exit - that involves
 		   database writes, which would potentially mean we

Modified: branches/samba/experimental/source3/smbd/reply.c
===================================================================
--- branches/samba/experimental/source3/smbd/reply.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/reply.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -2381,15 +2381,18 @@
 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
 			uint16 dirtype)
 {
-	uint32 fmode;
-
 	if (!CAN_WRITE(conn)) {
 		return NT_STATUS_MEDIA_WRITE_PROTECTED;
 	}
 
-	fmode = dos_mode(conn, fsp->fsp_name);
-	if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
-		return NT_STATUS_NO_SUCH_FILE;
+	if ((dirtype & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) !=
+			(FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
+		/* Only bother to read the DOS attribute if we might deny the
+		   rename on the grounds of attribute missmatch. */
+		uint32_t fmode = dos_mode(conn, fsp->fsp_name);
+		if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
+			return NT_STATUS_NO_SUCH_FILE;
+		}
 	}
 
 	if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {

Modified: branches/samba/experimental/source3/smbd/sesssetup.c
===================================================================
--- branches/samba/experimental/source3/smbd/sesssetup.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/sesssetup.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -954,13 +954,28 @@
 	}
 
 	asn1_load(data, *pblob);
-	asn1_start_tag(data, pblob->data[0]);
-	if (data->has_error || data->nesting == NULL) {
+	if (asn1_start_tag(data, pblob->data[0])) {
+		/* asn1_start_tag checks if the given
+		   length of the blob is enough to complete
+		   the tag. If it returns true we know
+		   there is nothing to do - the blob is
+		   complete. */
 		asn1_free(data);
-		/* Let caller catch. */
 		return NT_STATUS_OK;
 	}
 
+	if (data->nesting == NULL) {
+		/* Incorrect tag, allocation failed,
+		   or reading the tag length failed.
+		   Let the caller catch. */
+		asn1_free(data);
+		return NT_STATUS_OK;
+	}
+
+	/* Here we know asn1_start_tag() has set data->has_error to true.
+	   asn1_tag_remaining() will have failed due to the given blob
+	   being too short. We need to work out how short. */
+
 	/* Integer wrap paranoia.... */
 
 	if (data->nesting->taglen + data->nesting->start < data->nesting->taglen ||
@@ -989,6 +1004,13 @@
 
 	if (needed_len <= pblob->length) {
 		/* Nothing to do - blob is complete. */
+		/* THIS SHOULD NOT HAPPEN - asn1_start_tag()
+		   above should have caught this !!! */
+		DEBUG(0,("check_spnego_blob_complete: logic "
+			"error (needed_len = %u, "
+			"pblob->length = %u).\n",
+			(unsigned int)needed_len,
+			(unsigned int)pblob->length ));
 		return NT_STATUS_OK;
 	}
 

Modified: branches/samba/experimental/source3/smbd/smb2_ioctl.c
===================================================================
--- branches/samba/experimental/source3/smbd/smb2_ioctl.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/smb2_ioctl.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -24,6 +24,7 @@
 #include "../libcli/smb/smb_common.h"
 #include "../lib/util/tevent_ntstatus.h"
 #include "rpc_server/srv_pipe_hnd.h"
+#include "include/ntioctl.h"
 
 static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx,
 					       struct tevent_context *ev,
@@ -377,6 +378,126 @@
 					req);
 		return req;
 
+	case 0x00144064:	/* FSCTL_SRV_ENUMERATE_SNAPSHOTS */
+	{
+		/*
+		 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
+		 * and return their volume names.  If max_data_count is 16, then it is just
+		 * asking for the number of volumes and length of the combined names.
+		 *
+		 * pdata is the data allocated by our caller, but that uses
+		 * total_data_count (which is 0 in our case) rather than max_data_count.
+		 * Allocate the correct amount and return the pointer to let
+		 * it be deallocated when we return.
+		 */
+		struct shadow_copy_data *shadow_data = NULL;
+		bool labels = False;
+		uint32_t labels_data_count = 0;
+		uint32_t data_count;
+		uint32_t i;
+		char *pdata;
+		NTSTATUS status;
+
+		if (in_max_output < 16) {
+			DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: "
+				 "in_max_output(%u) < 16 is invalid!\n",
+				 in_max_output));
+			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+			return tevent_req_post(req, ev);
+		}
+
+		if (in_max_output > 16) {
+			labels = True;
+		}
+
+		shadow_data = TALLOC_ZERO_P(talloc_tos(),
+					    struct shadow_copy_data);
+		if (tevent_req_nomem(shadow_data, req)) {
+			DEBUG(0,("TALLOC_ZERO() failed!\n"));
+			return tevent_req_post(req, ev);
+		}
+
+		/*
+		 * Call the VFS routine to actually do the work.
+		 */
+		if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)
+		    != 0) {
+			if (errno == ENOSYS) {
+				DEBUG(5, ("FSCTL_GET_SHADOW_COPY_DATA: "
+					  "connectpath %s, not supported.\n",
+					  smbreq->conn->connectpath));
+				status = NT_STATUS_NOT_SUPPORTED;
+			} else {
+				DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: "
+					 "connectpath %s, failed.\n",
+					 smbreq->conn->connectpath));
+				status = map_nt_error_from_unix(errno);
+			}
+			TALLOC_FREE(shadow_data);
+			tevent_req_nterror(req, status);
+			return tevent_req_post(req, ev);
+		}
+
+		labels_data_count =
+			(shadow_data->num_volumes*2*sizeof(SHADOW_COPY_LABEL))
+			+ 2;
+
+		if (labels) {
+			data_count = 12+labels_data_count+4;
+		} else {
+			data_count = 16;
+		}
+
+		if (labels && (in_max_output < data_count)) {
+			DEBUG(0, ("FSCTL_GET_SHADOW_COPY_DATA: "
+				  "in_max_output(%u) too small (%u) bytes "
+				  "needed!\n", in_max_output, data_count));
+			TALLOC_FREE(shadow_data);
+			tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
+			return tevent_req_post(req, ev);
+		}
+
+		state->out_output = data_blob_talloc(state, NULL, data_count);
+		if (tevent_req_nomem(state->out_output.data, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		pdata = (char *)state->out_output.data;
+
+		/* num_volumes 4 bytes */
+		SIVAL(pdata, 0, shadow_data->num_volumes);
+
+		if (labels) {
+			/* num_labels 4 bytes */
+			SIVAL(pdata, 4, shadow_data->num_volumes);
+		}
+
+		/* needed_data_count 4 bytes */
+		SIVAL(pdata, 8, labels_data_count+4);
+
+		pdata += 12;
+
+		DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for "
+			  "path[%s].\n",
+			  shadow_data->num_volumes, fsp_str_dbg(fsp)));
+		if (labels && shadow_data->labels) {
+			for (i=0; i<shadow_data->num_volumes; i++) {
+				srvstr_push(pdata, smbreq->flags2,
+					    pdata, shadow_data->labels[i],
+					    2*sizeof(SHADOW_COPY_LABEL),
+					    STR_UNICODE|STR_TERMINATE);
+				pdata += 2*sizeof(SHADOW_COPY_LABEL);
+				DEBUGADD(10, ("Label[%u]: '%s'\n", i,
+					      shadow_data->labels[i]));
+			}
+		}
+
+		TALLOC_FREE(shadow_data);
+
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+        }
+
 	default:
 		if (IS_IPC(smbreq->conn)) {
 			tevent_req_nterror(req, NT_STATUS_FS_DRIVER_REQUIRED);

Modified: branches/samba/experimental/source3/smbd/smb2_negprot.c
===================================================================
--- branches/samba/experimental/source3/smbd/smb2_negprot.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/smb2_negprot.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -177,5 +177,7 @@
 
 	outdyn = security_buffer;
 
+	req->sconn->using_smb2 = true;
+
 	return smbd_smb2_request_done(req, outbody, &outdyn);
 }

Modified: branches/samba/experimental/source3/smbd/trans2.c
===================================================================
--- branches/samba/experimental/source3/smbd/trans2.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/trans2.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -6051,8 +6051,9 @@
 		  "SMB_FILE_RENAME_INFORMATION (fnum %d) %s -> %s\n",
 		  fsp->fnum, fsp_str_dbg(fsp),
 		  smb_fname_str_dbg(smb_fname_dst)));
-	status = rename_internals_fsp(conn, fsp, smb_fname_dst, 0,
-				      overwrite);
+	status = rename_internals_fsp(conn, fsp, smb_fname_dst,
+				(FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM),
+				overwrite);
 
  out:
 	TALLOC_FREE(smb_fname_dst);
@@ -7227,6 +7228,9 @@
  Open/Create a file with POSIX semantics.
 ****************************************************************************/
 
+#define SMB_O_RDONLY_MAPPING (FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA)
+#define SMB_O_WRONLY_MAPPING (FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA)
+
 static NTSTATUS smb_posix_open(connection_struct *conn,
 			       struct smb_request *req,
 				char **ppdata,
@@ -7272,13 +7276,14 @@
 
 	switch (wire_open_mode & SMB_ACCMODE) {
 		case SMB_O_RDONLY:
-			access_mask = FILE_READ_DATA;
+			access_mask = SMB_O_RDONLY_MAPPING;
 			break;
 		case SMB_O_WRONLY:
-			access_mask = FILE_WRITE_DATA;
+			access_mask = SMB_O_WRONLY_MAPPING;
 			break;
 		case SMB_O_RDWR:
-			access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
+			access_mask = (SMB_O_RDONLY_MAPPING|
+					SMB_O_WRONLY_MAPPING);
 			break;
 		default:
 			DEBUG(5,("smb_posix_open: invalid open mode 0x%x\n",
@@ -7356,20 +7361,21 @@
 	if (wire_open_mode & SMB_O_SYNC) {
 		create_options |= FILE_WRITE_THROUGH;
 	}
+	if (wire_open_mode & SMB_O_APPEND) {
+		access_mask |= FILE_APPEND_DATA;
+	}
+	if (wire_open_mode & SMB_O_DIRECT) {
+		mod_unixmode |= FILE_FLAG_NO_BUFFERING;
+	}
+
 	if ((wire_open_mode & SMB_O_DIRECTORY) ||
 			VALID_STAT_OF_DIR(smb_fname->st)) {
-		if (access_mask != FILE_READ_DATA) {
+		if (access_mask != SMB_O_RDONLY_MAPPING) {
 			return NT_STATUS_FILE_IS_A_DIRECTORY;
 		}
 		create_options &= ~FILE_NON_DIRECTORY_FILE;
 		create_options |= FILE_DIRECTORY_FILE;
 	}
-	if (wire_open_mode & SMB_O_APPEND) {
-		access_mask |= FILE_APPEND_DATA;
-	}
-	if (wire_open_mode & SMB_O_DIRECT) {
-		mod_unixmode |= FILE_FLAG_NO_BUFFERING;
-	}
 
 	DEBUG(10,("smb_posix_open: file %s, smb_posix_flags = %u, mode 0%o\n",
 		smb_fname_str_dbg(smb_fname),

Modified: branches/samba/experimental/source3/smbd/vfs.c
===================================================================
--- branches/samba/experimental/source3/smbd/vfs.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/smbd/vfs.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -1174,7 +1174,7 @@
 
 int smb_vfs_call_get_shadow_copy_data(struct vfs_handle_struct *handle,
 				      struct files_struct *fsp,
-				      SHADOW_COPY_DATA *shadow_copy_data,
+				      struct shadow_copy_data *shadow_copy_data,
 				      bool labels)
 {
 	VFS_FIND(get_shadow_copy_data);

Modified: branches/samba/experimental/source3/utils/net_rpc_trust.c
===================================================================
--- branches/samba/experimental/source3/utils/net_rpc_trust.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/utils/net_rpc_trust.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -419,19 +419,22 @@
 	struct other_dom_data *other_dom_data;
 	struct net_context *other_net_ctx = NULL;
 	struct dom_data dom_data[2];
+	void (*usage)(void);
 
+	switch (op) {
+		case TRUST_CREATE:
+			usage = print_trust_usage;
+			break;
+		case TRUST_DELETE:
+			usage = print_trust_delete_usage;
+			break;
+		default:
+			DEBUG(0, ("Unsupported trust operation.\n"));
+			return -1;
+	}
+
 	if (net_ctx->display_usage) {
-		switch (op) {
-			case TRUST_CREATE:
-				print_trust_usage();
-				break;
-			case TRUST_DELETE:
-				print_trust_delete_usage();
-				break;
-			default:
-				DEBUG(0, ("Unsupported trust operation.\n"));
-				return -1;
-		}
+		usage();
 		return 0;
 	}
 
@@ -444,7 +447,7 @@
 	ret = parse_trust_args(mem_ctx, argc, argv, &other_dom_data, &trust_pw);
 	if (ret != 0) {
 		if (ret == EINVAL) {
-			print_trust_usage();
+			usage();
 		} else {
 			DEBUG(0, ("Failed to parse arguments.\n"));
 		}
@@ -471,7 +474,7 @@
 		     (dom_data[1].domain_name == NULL ||
 		      dom_data[1].dns_domain_name == NULL))) {
 			DEBUG(0, ("Missing required argument.\n"));
-			print_trust_usage();
+			usage();
 			goto done;
 		}
 	}

Modified: branches/samba/experimental/source3/utils/smbcacls.c
===================================================================
--- branches/samba/experimental/source3/utils/smbcacls.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/utils/smbcacls.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -360,7 +360,12 @@
 			return false;
 		}
 
-		if (*p != '|' && *p != '\0') {
+		switch (*p) {
+		case '|':
+			p++;
+		case '\0':
+			continue;
+		default:
 			return false;
 		}
 	}

Modified: branches/samba/experimental/source3/utils/testparm.c
===================================================================
--- branches/samba/experimental/source3/utils/testparm.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/utils/testparm.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -128,20 +128,35 @@
 	 * Password server sanity checks.
 	 */
 
-	if((lp_security() == SEC_SERVER || lp_security() >= SEC_DOMAIN) && !lp_passwordserver()) {
+	if((lp_security() == SEC_SERVER || lp_security() >= SEC_DOMAIN) && !*lp_passwordserver()) {
 		const char *sec_setting;
 		if(lp_security() == SEC_SERVER)
 			sec_setting = "server";
 		else if(lp_security() == SEC_DOMAIN)
 			sec_setting = "domain";
+		else if(lp_security() == SEC_ADS)
+			sec_setting = "ads";
 		else
 			sec_setting = "";
 
-		fprintf(stderr, "ERROR: The setting 'security=%s' requires the 'password server' parameter be set \
-to a valid password server.\n", sec_setting );
+		fprintf(stderr, "ERROR: The setting 'security=%s' requires the 'password server' parameter be set\n"
+			"to the default value * or a valid password server.\n", sec_setting );
 		ret = 1;
 	}
 
+	if((lp_security() >= SEC_DOMAIN) && (strcmp(lp_passwordserver(), "*") != 0)) {
+		const char *sec_setting;
+		if(lp_security() == SEC_DOMAIN)
+			sec_setting = "domain";
+		else if(lp_security() == SEC_ADS)
+			sec_setting = "ads";
+		else
+			sec_setting = "";
+
+		fprintf(stderr, "WARNING: The setting 'security=%s' should NOT be combined with the 'password server' parameter.\n"
+			"(by default Samba will discover the correct DC to contact automatically).\n", sec_setting );
+	}
+
 	/*
 	 * Password chat sanity checks.
 	 */

Modified: branches/samba/experimental/source3/winbindd/idmap_ldap.c
===================================================================
--- branches/samba/experimental/source3/winbindd/idmap_ldap.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/winbindd/idmap_ldap.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -232,8 +232,8 @@
  Allocate a new uid or gid
 ********************************/
 
-static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
-				       struct unixid *xid)
+static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom,
+						struct unixid *xid)
 {
 	TALLOC_CTX *mem_ctx;
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -391,21 +391,21 @@
  * For now this is for the default idmap domain only.
  * Should be extended later on.
  */
-static NTSTATUS idmap_ldap_get_new_id(struct idmap_domain *dom,
-				      struct unixid *id)
+static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
+				       struct unixid *id)
 {
 	NTSTATUS ret;
 
 	if (!strequal(dom->name, "*")) {
-		DEBUG(3, ("idmap_ldap_get_new_id: "
+		DEBUG(3, ("idmap_ldap_allocate_id: "
 			  "Refusing allocation of a new unixid for domain'%s'. "
-			  "Currently only supported for the default "
+			  "This is only supported for the default "
 			  "domain \"*\".\n",
 			   dom->name));
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	ret = idmap_ldap_allocate_id(dom, id);
+	ret = idmap_ldap_allocate_id_internal(dom, id);
 
 	return ret;
 }
@@ -484,7 +484,7 @@
 	ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
 	CHECK_ALLOC_DONE(ctx->rw_ops);
 
-	ctx->rw_ops->get_new_id = idmap_ldap_get_new_id;
+	ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
 	ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
 
 	ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
@@ -1144,7 +1144,7 @@
 	.init = idmap_ldap_db_init,
 	.unixids_to_sids = idmap_ldap_unixids_to_sids,
 	.sids_to_unixids = idmap_ldap_sids_to_unixids,
-	.allocate_id = idmap_ldap_get_new_id,
+	.allocate_id = idmap_ldap_allocate_id,
 };
 
 NTSTATUS idmap_ldap_init(void);

Modified: branches/samba/experimental/source3/winbindd/winbindd_dual_srv.c
===================================================================
--- branches/samba/experimental/source3/winbindd/winbindd_dual_srv.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/winbindd/winbindd_dual_srv.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -35,6 +35,17 @@
 	*r->out.out_data = r->in.in_data;
 }
 
+static bool reset_cm_connection_on_error(struct winbindd_domain *domain,
+					NTSTATUS status)
+{
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		invalidate_cm_connection(&domain->conn);
+		/* We invalidated the connection. */
+		return true;
+	}
+	return false;
+}
+
 NTSTATUS _wbint_LookupSid(struct pipes_struct *p, struct wbint_LookupSid *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
@@ -49,6 +60,7 @@
 
 	status = domain->methods->sid_to_name(domain, p->mem_ctx, r->in.sid,
 					      &dom_name, &name, &type);
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -62,6 +74,7 @@
 NTSTATUS _wbint_LookupSids(struct pipes_struct *p, struct wbint_LookupSids *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
@@ -73,21 +86,26 @@
 	 * and winbindd_ad call into lsa_lookupsids anyway. Caching is
 	 * done at the wbint RPC layer.
 	 */
-	return rpc_lookup_sids(p->mem_ctx, domain, r->in.sids,
-			       &r->out.domains, &r->out.names);
+	status = rpc_lookup_sids(p->mem_ctx, domain, r->in.sids,
+				 &r->out.domains, &r->out.names);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_LookupName(struct pipes_struct *p, struct wbint_LookupName *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
 	}
 
-	return domain->methods->name_to_sid(
+	status = domain->methods->name_to_sid(
 		domain, p->mem_ctx, r->in.domain, r->in.name, r->in.flags,
 		r->out.sid, r->out.type);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_Sid2Uid(struct pipes_struct *p, struct wbint_Sid2Uid *r)
@@ -251,53 +269,65 @@
 NTSTATUS _wbint_QueryUser(struct pipes_struct *p, struct wbint_QueryUser *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
 	}
 
-	return domain->methods->query_user(domain, p->mem_ctx, r->in.sid,
-					   r->out.info);
+	status = domain->methods->query_user(domain, p->mem_ctx, r->in.sid,
+					     r->out.info);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_LookupUserAliases(struct pipes_struct *p,
 				  struct wbint_LookupUserAliases *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
 	}
 
-	return domain->methods->lookup_useraliases(
+	status = domain->methods->lookup_useraliases(
 		domain, p->mem_ctx, r->in.sids->num_sids, r->in.sids->sids,
 		&r->out.rids->num_rids, &r->out.rids->rids);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_LookupUserGroups(struct pipes_struct *p,
 				 struct wbint_LookupUserGroups *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
 	}
 
-	return domain->methods->lookup_usergroups(
+	status = domain->methods->lookup_usergroups(
 		domain, p->mem_ctx, r->in.sid,
 		&r->out.sids->num_sids, &r->out.sids->sids);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_QuerySequenceNumber(struct pipes_struct *p,
 				    struct wbint_QuerySequenceNumber *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
 	}
 
-	return domain->methods->sequence_number(domain, r->out.sequence);
+	status = domain->methods->sequence_number(domain, r->out.sequence);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_LookupGroupMembers(struct pipes_struct *p,
@@ -317,6 +347,7 @@
 	status = domain->methods->lookup_groupmem(
 		domain, p->mem_ctx, r->in.sid, r->in.type,
 		&num_names, &sid_mem, &names, &name_types);
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -342,14 +373,17 @@
 			      struct wbint_QueryUserList *r)
 {
 	struct winbindd_domain *domain = wb_child_domain();
+	NTSTATUS status;
 
 	if (domain == NULL) {
 		return NT_STATUS_REQUEST_NOT_ACCEPTED;
 	}
 
-	return domain->methods->query_user_list(
+	status = domain->methods->query_user_list(
 		domain, p->mem_ctx, &r->out.users->num_userinfos,
 		&r->out.users->userinfos);
+	reset_cm_connection_on_error(domain, status);
+	return status;
 }
 
 NTSTATUS _wbint_QueryGroupList(struct pipes_struct *p,
@@ -367,6 +401,7 @@
 
 	status = domain->methods->enum_dom_groups(domain, talloc_tos(),
 						  &num_groups, &groups);
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -415,6 +450,7 @@
 
 	status = cm_connect_netlogon(domain, &netlogon_pipe);
 
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("Can't contact the NETLOGON pipe\n"));
 		return status;
@@ -435,6 +471,23 @@
 		if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(werr)) {
 			goto done;
 		}
+		if (reset_cm_connection_on_error(domain, status)) {
+			/* Re-initialize. */
+			status = cm_connect_netlogon(domain, &netlogon_pipe);
+
+			reset_cm_connection_on_error(domain, status);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(10, ("Can't contact the NETLOGON pipe\n"));
+				return status;
+			}
+
+			b = netlogon_pipe->binding_handle;
+
+			/* This call can take a long time - allow the server to time out.
+			   35 seconds should do it. */
+
+			orig_timeout = rpccli_set_timeout(netlogon_pipe, 35000);
+		}
 	}
 
 	/*
@@ -457,6 +510,7 @@
 			r->in.domain_name, &dc_info->dc_unc, &werr);
 	}
 
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("dcerpc_netr_Get[Any]DCName failed: %s\n",
 			   nt_errstr(status)));
@@ -496,6 +550,7 @@
 	status = domain->methods->rids_to_names(
 		domain, talloc_tos(), &domain->sid, r->in.rids->rids,
 		r->in.rids->num_rids, &domain_name, &names, &types);
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -649,6 +704,7 @@
 	}
 
 	status = cm_connect_netlogon(domain, &netlogon_pipe);
+	reset_cm_connection_on_error(domain, status);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
 		return status;
@@ -668,12 +724,7 @@
 					  logon_server, NETLOGON_CONTROL_QUERY,
 					  2, &info, &werr);
 
-	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
-		DEBUG(2, ("dcerpc_netr_LogonControl timed out\n"));
-		invalidate_cm_connection(&domain->conn);
-		return status;
-	}
-
+	reset_cm_connection_on_error(domain, status);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(2, ("dcerpc_netr_LogonControl failed: %s\n",
 			nt_errstr(status)));

Modified: branches/samba/experimental/source3/winbindd/winbindd_pam.c
===================================================================
--- branches/samba/experimental/source3/winbindd/winbindd_pam.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source3/winbindd/winbindd_pam.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -993,7 +993,10 @@
 
 	}
 
-	/* User does *NOT* know the correct password, modify info3 accordingly */
+	/* User does *NOT* know the correct password, modify info3 accordingly, but only if online */
+	if (domain->online == false) {
+		goto failed;
+	}
 
 	/* failure of this is not critical */
 	result = get_max_bad_attempts_from_lockout_policy(domain, state->mem_ctx, &max_allowed_bad_attempts);

Modified: branches/samba/experimental/source4/smbd/service_named_pipe.c
===================================================================
--- branches/samba/experimental/source4/smbd/service_named_pipe.c	2011-06-07 21:05:37 UTC (rev 3812)
+++ branches/samba/experimental/source4/smbd/service_named_pipe.c	2011-06-07 21:08:24 UTC (rev 3813)
@@ -200,6 +200,13 @@
 		goto fail;
 	}
 
+	if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), geteuid(), 0755)) {
+		status = map_nt_error_from_unix(errno);
+		DEBUG(0,(__location__ ": Failed to create ncalrpc pipe directory '%s' - %s\n",
+			 lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status)));
+		goto fail;
+	}
+
 	dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx));
 	if (dirname == NULL) {
 		goto fail;





More information about the Pkg-samba-maint mailing list