* catching last minute changes to debug messages, formatting, and

  tpot's popt changes
* sync docs

That's it.  Ready to cut the release.

11 files changed, 493 insertions, 342 deletions

diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.xml b/docs/docbook/projdoc/DOMAIN_MEMBER.xml
index 5c33ae90f5a..0af934faab8 100644
--- a/docs/docbook/projdoc/DOMAIN_MEMBER.xml
+++ b/docs/docbook/projdoc/DOMAIN_MEMBER.xml
@@ -716,6 +716,9 @@ The minimal configuration for <filename>krb5.conf</filename> is:
 </para>
 
 <para><programlisting>
+        [libdefaults]
+            default_realm = YOUR.KERBEROS.REALM
+
 	[realms]
 	    YOUR.KERBEROS.REALM = {
 		kdc = your.kerberos.server
diff --git a/docs/docbook/projdoc/winbind.xml b/docs/docbook/projdoc/winbind.xml
index 2c257249311..524f05ffa2e 100644
--- a/docs/docbook/projdoc/winbind.xml
+++ b/docs/docbook/projdoc/winbind.xml
@@ -6,7 +6,7 @@
 		<firstname>Tim</firstname><surname>Potter</surname>
 		<affiliation>
 			<orgname>Samba Team</orgname>
-			<address><email>tpot@linuxcare.com.au</email></address>
+			<address><email>tpot@samba.org</email></address>
 		</affiliation>
 	</author>
 	&author.tridge;
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8
index ab376f1c148..ff0fc1244bd 100644
--- a/docs/manpages/pdbedit.8
+++ b/docs/manpages/pdbedit.8
@@ -65,7 +65,7 @@ samba:45:Test User
 This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
 
 
-Example: \fBpdbedit -l -v\fR
+Example: \fBpdbedit -L -v\fR
 
 
 .nf
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
index 0a64a78718b..50665c700b0 100644
--- a/docs/manpages/samba.7
+++ b/docs/manpages/samba.7
@@ -1,147 +1,221 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
-.\" Please send any bug reports, improvements, comments, patches, 
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SAMBA" "7" "04 March 2003" "" ""
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "SAMBA" 7 "" "" ""
 .SH NAME
-SAMBA \- A Windows SMB/CIFS fileserver for UNIX
-.SH SYNOPSIS
+samba \- A Windows SMB/CIFS fileserver for UNIX
+.SH "SYNOPSIS"
 
-\fBSamba\fR
+.nf
+\fBSamba\fR 
+.fi
 
 .SH "DESCRIPTION"
+
 .PP
-The Samba software suite is a collection of programs 
-that implements the Server Message Block (commonly abbreviated 
-as SMB) protocol for UNIX systems. This protocol is sometimes 
-also referred to as the Common Internet File System (CIFS). For a
-more thorough description, see  http://www.ubiqx.org/cifs/ <URL:http://www.ubiqx.org/cifs/>. Samba also implements the NetBIOS
-protocol in nmbd.
-.TP
-\fBsmbd\fR
-The \fBsmbd \fR
-daemon provides the file and print services to 
-SMB clients, such as Windows 95/98, Windows NT, Windows 
-for Workgroups or LanManager. The configuration file 
-for this daemon is described in \fIsmb.conf\fR
-.TP
-\fBnmbd\fR
-The \fBnmbd\fR
-daemon provides NetBIOS nameservice and browsing
-support. The configuration file for this daemon 
-is described in \fIsmb.conf\fR
-.TP
-\fBsmbclient\fR
-The \fBsmbclient\fR
-program implements a simple ftp-like client. This 
-is useful for accessing SMB shares on other compatible
-servers (such as Windows NT), and can also be used 
-to allow a UNIX box to print to a printer attached to 
-any SMB server (such as a PC running Windows NT).
-.TP
-\fBtestparm\fR
-The \fBtestparm\fR
-utility is a simple syntax checker for Samba's
-\fIsmb.conf\fRconfiguration file.
-.TP
-\fBtestprns\fR
-The \fBtestprns\fR
-utility supports testing printer names defined 
-in your \fIprintcap\fR file used 
-by Samba.
-.TP
-\fBsmbstatus\fR
-The \fBsmbstatus\fR
-tool provides access to information about the 
-current connections to \fBsmbd\fR.
-.TP
-\fBnmblookup\fR
-The \fBnmblookup\fR
-tools allows NetBIOS name queries to be made 
-from a UNIX host.
-.TP
-\fBmake_smbcodepage\fR
-The \fBmake_smbcodepage\fR
-utility provides a means of creating SMB code page 
-definition files for your \fBsmbd\fR server.
-.TP
-\fBsmbpasswd\fR
-The \fBsmbpasswd\fR
-command is a tool for changing LanMan and Windows NT 
-password hashes on Samba and Windows NT servers.
+The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems\&. This protocol is sometimes also referred to as the Common Internet File System (CIFS)\&. For a more thorough description, see http://www\&.ubiqx\&.org/cifs/\&. Samba also implements the NetBIOS protocol in nmbd\&.
+
+.TP
+\fBsmbd\fR(8)
+The \fBsmbd\fR daemon provides the file and print services to SMB clients, such as Windows 95/98, Windows NT, Windows for Workgroups or LanManager\&. The configuration file for this daemon is described in \fBsmb.conf\fR(5)
+
+
+.TP
+\fBnmbd\fR(8)
+The \fBnmbd\fR daemon provides NetBIOS nameservice and browsing support\&. The configuration file for this daemon is described in \fBsmb.conf\fR(5)
+
+
+.TP
+\fBsmbclient\fR(1)
+The \fBsmbclient\fR program implements a simple ftp-like client\&. This is useful for accessing SMB shares on other compatible servers (such as Windows NT), and can also be used to allow a UNIX box to print to a printer attached to any SMB server (such as a PC running Windows NT)\&.
+
+
+.TP
+\fBtestparm\fR(1)
+The \fBtestparm\fR utility is a simple syntax checker for Samba's \fBsmb.conf\fR(5) configuration file\&.
+
+
+.TP
+\fBtestprns\fR(1)
+The \fBtestprns\fR utility supports testing printer names defined in your \fIprintcap\fR file used by Samba\&.
+
+
+.TP
+\fBsmbstatus\fR(1)
+The \fBsmbstatus\fR tool provides access to information about the current connections to \fBsmbd\fR\&.
+
+
+.TP
+\fBnmblookup\fR(1)
+The \fBnmblookup\fR tools allows NetBIOS name queries to be made from a UNIX host\&.
+
+
+.TP
+\fBsmbgroupedit\fR(8)
+The \fBsmbgroupedit\fR tool allows for mapping unix groups to NT Builtin, Domain, or Local groups\&. Also it allows setting priviledges for that group, such as saAddUser, etc\&.
+
+
+.TP
+\fBsmbpasswd\fR(8)
+The \fBsmbpasswd\fR command is a tool for changing LanMan and Windows NT password hashes on Samba and Windows NT servers\&.
+
+
+.TP
+\fBsmbcacls\fR(1)
+The \fBsmbcacls\fR command is a tool to set ACL's on remote CIFS servers\&.
+
+
+.TP
+\fBsmbsh\fR(1)
+The \fBsmbsh\fR command is a program that allows you to run a unix shell with with an overloaded VFS\&.
+
+
+.TP
+\fBsmbtree\fR(1)
+The \fBsmbtree\fR command is a text-based network neighborhood tool\&.
+
+
+.TP
+\fBsmbtar\fR(1)
+The \fBsmbtar\fR can make backups of data on CIFS/SMB servers\&.
+
+
+.TP
+\fBsmbspool\fR(8)
+\fBsmbspool\fR is a helper utility for printing on printers connected to CIFS servers\&.
+
+
+.TP
+\fBsmbcontrol\fR(1)
+\fBsmbcontrol\fR is a utility that can change the behaviour of running samba daemons\&.
+
+
+.TP
+\fBrpcclient\fR(1)
+\fBrpcclient\fR is a utility that can be used to execute RPC commands on remote CIFS servers\&.
+
+
+.TP
+\fBpdbedit\fR(8)
+The \fBpdbedit\fR command can be used to maintain the local user database on a samba server\&.
+
+
+.TP
+\fBfindsmb\fR(1)
+The \fBfindsmb\fR command can be used to find SMB servers on the local network\&.
+
+
+.TP
+\fBnet\fR(8)
+The \fBnet\fR command is supposed to work similar to the DOS/Windows NET\&.EXE command\&.
+
+
+.TP
+\fBswat\fR(8)
+\fBswat\fR is a web-based interface to configuring \fIsmb\&.conf\fR\&.
+
+
+.TP
+\fBwinbindd\fR(8)
+\fBwinbindd\fR is a daemon that is used for integrating authentication and the user database into unix\&.
+
+
+.TP
+\fBwbinfo\fR(1)
+\fBwbinfo\fR is a utility that retrieves and stores information related to winbind\&.
+
+
+.TP
+\fBeditreg\fR(1)
+\fBeditreg\fR is a command-line utility that can edit windows registry files\&.
+
+
+.TP
+\fBprofiles\fR(1)
+\fBprofiles\fR is a command-line utility that can be used to replace all occurences of a certain SID with another SID\&.
+
+
+.TP
+\fBvfstest\fR(1)
+\fBvfstest\fR is a utility that can be used to test vfs modules\&.
+
+
+.TP
+\fBntlm_auth\fR(1)
+\fBntlm_auth\fR is a helper-utility for external programs wanting to do NTLM-authentication\&.
+
+
+.TP
+\fBsmbmount\fR(8), \fBsmbumount\fR(8), \fBsmbmount\fR(8)
+\fBsmbmount\fR,\fBsmbmnt\fR and \fBsmbmnt\fR are commands that can be used to mount CIFS/SMB shares on Linux\&.
+
+
+.TP
+\fBsmbcquotas\fR(1)
+\fBsmbcquotas\fR is a tool that can set remote QUOTA's on server with NTFS 5\&.
+
+
 .SH "COMPONENTS"
+
 .PP
-The Samba suite is made up of several components. Each 
-component is described in a separate manual page. It is strongly 
-recommended that you read the documentation that comes with Samba 
-and the manual pages of those components that you use. If the 
-manual pages and documents aren't clear enough then please visit
-http://devel.samba.org <URL:http://devel.samba.org/>
-for information on how to file a bug report or submit a patch.
+The Samba suite is made up of several components\&. Each component is described in a separate manual page\&. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use\&. If the manual pages and documents aren't clear enough then please visithttp://devel\&.samba\&.org for information on how to file a bug report or submit a patch\&.
+
 .PP
-If you require help, visit the Samba webpage at
-http://www.samba.org/ <URL:http://samba.org/> and
-explore the many option available to you.
+If you require help, visit the Samba webpage athttp://www\&.samba\&.org/ and explore the many option available to you\&.
+
 .SH "AVAILABILITY"
+
 .PP
-The Samba software suite is licensed under the 
-GNU Public License(GPL). A copy of that license should 
-have come with the package in the file COPYING. You are 
-encouraged to distribute copies of the Samba suite, but 
-please obey the terms of this license.
+The Samba software suite is licensed under the GNU Public License(GPL)\&. A copy of that license should have come with the package in the file COPYING\&. You are encouraged to distribute copies of the Samba suite, but please obey the terms of this license\&.
+
 .PP
-The latest version of the Samba suite can be 
-obtained via anonymous ftp from samba.org in the
-directory pub/samba/. It is also available on several 
-mirror sites worldwide.
+The latest version of the Samba suite can be obtained via anonymous ftp from samba\&.org in the directory pub/samba/\&. It is also available on several mirror sites worldwide\&.
+
 .PP
-You may also find useful information about Samba 
-on the newsgroup  comp.protocol.smb <URL:news:comp.protocols.smb> and the Samba mailing 
-list. Details on how to join the mailing list are given in 
-the README file that comes with Samba.
+You may also find useful information about Samba on the newsgroup comp\&.protocol\&.smb and the Samba mailing list\&. Details on how to join the mailing list are given in the README file that comes with Samba\&.
+
 .PP
-If you have access to a WWW viewer (such as Netscape 
-or Mosaic) then you will also find lots of useful information, 
-including back issues of the Samba mailing list, at
-http://lists.samba.org <URL:http://lists.samba.org/>.
+If you have access to a WWW viewer (such as Mozilla or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, athttp://lists\&.samba\&.org\&.
+
 .SH "VERSION"
+
 .PP
-This man page is correct for version 2.2 of the 
-Samba suite. 
+This man page is correct for version 3\&.0 of the Samba suite\&.
+
 .SH "CONTRIBUTIONS"
+
 .PP
-If you wish to contribute to the Samba project, 
-then I suggest you join the Samba mailing list at 
-http://lists.samba.org <URL:http://lists.samba.org/>.
+If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list athttp://lists\&.samba\&.org\&.
+
 .PP
-If you have patches to submit, visit
-http://devel.samba.org/ <URL:http://devel.samba.org/>
-for information on how to do it properly. We prefer patches in
-\fBdiff -u\fR format.
+If you have patches to submit, visithttp://devel\&.samba\&.org/ for information on how to do it properly\&. We prefer patches in \fBdiff -u\fR format\&.
+
 .SH "CONTRIBUTORS"
+
 .PP
-Contributors to the project are now too numerous 
-to mention here but all deserve the thanks of all Samba 
-users. To see a full list, look at  ftp://samba.org/pub/samba/alpha/change-log <URL:ftp://samba.org/pub/samba/alpha/change-log>
-for the pre-CVS changes and at  ftp://samba.org/pub/samba/alpha/cvs.log <URL:ftp://samba.org/pub/samba/alpha/cvs.log>
-for the contributors to Samba post-CVS. CVS is the Open Source 
-source code control system used by the Samba Team to develop 
-Samba. The project would have been unmanageable without it.
-.PP
-In addition, several commercial organizations now help 
-fund the Samba Team with money and equipment. For details see 
-the Samba Web pages at  http://samba.org/samba/samba-thanks.html
+Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users\&. To see a full list, look at the\fIchange-log\fR in the source package for the pre-CVS changes and at http://cvs\&.samba\&.org/ for the contributors to Samba post-CVS\&. CVS is the Open Source source code control system used by the Samba Team to develop Samba\&. The project would have been unmanageable without it\&.
+
 .SH "AUTHOR"
+
 .PP
-The original Samba software and related utilities 
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar 
-to the way the Linux kernel is developed.
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
+
 .PP
-The original Samba man pages were written by Karl Auer. 
-The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
+
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index 37b1fce1fd6..3e0bc555eae 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -460,10 +460,6 @@ Here is a list of all global parameters\&. See the section of each parameter for
 
 .TP
 \(bu
-\fIads server\fR
-
-.TP
-\(bu
 \fIalgorithmic rid base\fR
 
 .TP
@@ -504,6 +500,10 @@ Here is a list of all global parameters\&. See the section of each parameter for
 
 .TP
 \(bu
+\fIclient use spnego\fR
+
+.TP
+\(bu
 \fIconfig file\fR
 
 .TP
@@ -632,6 +632,14 @@ Here is a list of all global parameters\&. See the section of each parameter for
 
 .TP
 \(bu
+\fIidmap gid\fR
+
+.TP
+\(bu
+\fIidmap uid\fR
+
+.TP
+\(bu
 \fIinclude\fR
 
 .TP
@@ -1459,6 +1467,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo
 
 .TP
 \(bu
+\fImap acl inherit\fR
+
+.TP
+\(bu
 \fImap archive\fR
 
 .TP
@@ -1863,17 +1875,6 @@ Example: \fBadmin users = jason\fR
 
 
 .TP
-ads server (G)
-If this option is specified, samba does not try to figure out what ads server to use itself, but uses the specified ads server\&. Either one DNS name or IP address can be used\&.
-
-
-Default: \fBads server = \fR
-
-
-Example: \fBads server = 192.168.1.2\fR
-
-
-.TP
 algorithmic rid base (G)
 This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers\&.
 
@@ -1930,16 +1931,19 @@ Example: \fBannounce version = 2.0\fR
 
 .TP
 auth methods (G)
-This option allows the administrator to chose what authentication methods \fBsmbd\fR will use when authenticating a user\&. This option defaults to sensible values based on \fIsecurity\fR\&.
+This option allows the administrator to chose what authentication methods \fBsmbd\fR will use when authenticating a user\&. This option defaults to sensible values based on \fIsecurity\fR\&. This should be considered a developer option and used only in rare circumstances\&. In the majority (if not all) of production servers, the default setting should be adequate\&.
 
 
 Each entry in the list attempts to authenticate the user in turn, until the user authenticates\&. In practice only one method will ever actually be able to complete the authentication\&.
 
 
+Possible options include \fBguest\fR (anonymous access), \fBsam\fR (lookups in local list of accounts based on netbios name or domain name), \fBwinbind\fR (relay authentication requests for remote users through winbindd), \fBntdomain\fR (pre-winbindd method of authentication for remote domain users; deprecated in favour of winbind method), \fBtrustdomain\fR (authenticate trusted users by contacting the remote DC directly from smbd; deprecated in favour of winbind method)\&.
+
+
 Default: \fBauth methods = <empty string>\fR
 
 
-Example: \fBauth methods = guest sam ntdomain\fR
+Example: \fBauth methods = guest sam winbind\fR
 
 
 .TP
@@ -2080,6 +2084,14 @@ Example: \fBchange share command = /usr/local/bin/addshare\fR
 
 
 .TP
+client use spnego (G)
+This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism\&. SPNEGO client support with Sign and Seal is currently broken, so you might want to turn this option off when doing joins to Windows 2003 domains\&.
+
+
+Default: \fBclient use spnego = yes\fR
+
+
+.TP
 comment (S)
 This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via \fBnet view\fR to list what shares are available\&.
 
@@ -3125,6 +3137,31 @@ Example: \fBhosts equiv = /etc/hosts.equiv\fR
 
 
 .TP
+idmap gid (G)
+The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&.
+
+
+The availability of an idmap gid range is essential for correct operation of all group mapping\&.
+
+
+Default: \fBidmap gid = <empty string>\fR
+
+
+Example: \fBidmap gid = 10000-20000\fR
+
+
+.TP
+idmap uid (G)
+The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&.
+
+
+Default: \fBidmap uid = <empty string>\fR
+
+
+Example: \fBidmap uid = 10000-20000\fR
+
+
+.TP
 include (G)
 This allows you to include one config file inside another\&. The file is included literally, as though typed in place\&.
 
@@ -3963,6 +4000,14 @@ Example: \fBmangling method = hash\fR
 
 
 .TP
+map acl inherit (S)
+This boolean parameter controls whether \fBsmbd\fR(8) will attempt to map the 'inherit' and 'protected' access control entry flags stored in Windows ACLs into an extended attribute called user\&.SAMBA_PAI\&. This parameter only takes effect if Samba is being run on a platform that supports extended attributes (Linux and IRIX so far) and allows the Windows 2000 ACL editor to correctly use inheritance with the Samba POSIX ACL mapping code\&.
+
+
+Default: \fBmap acl inherit = no\fR
+
+
+.TP
 map archive (S)
 This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit\&. The DOS archive bit is set when a file has been modified since its last backup\&. One motivation for this option it to keep Samba/your PC from making any file it touches from becoming executable under UNIX\&. This can be quite annoying for shared source code, documents, etc\&.\&.\&.
 
@@ -4324,7 +4369,7 @@ Example: \fBname cache timeout = 0\fR
 
 .TP
 name resolve order (G)
-This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses\&. The option takes a space separated string of name resolution options\&.
+This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses\&. Its main purpose to is to control how netbios name resolution is performed\&. The option takes a space separated string of name resolution options\&.
 
 
 The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows:
@@ -4332,7 +4377,7 @@ The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be
 
 \fBlmhosts\fR : Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup\&.
 
-\fBhost\fR : Do a standard host name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fR file\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
+\fBhost\fR : Do a standard host name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fR file\&. Note that this method is used only if the NetBIOS name type being queried is the 0x20 (server) name type or 0x1c (domain controllers)\&. The latter case is only useful for active directory domains and results in a DNS query for the SRV RR entry matching _ldap\&._tcp\&.domain\&.
 
 \fBwins\fR : Query a name with the IP address listed in the \fI wins server\fR parameter\&. If no WINS server has been specified this method will be ignored\&.
 
@@ -4347,6 +4392,15 @@ Example: \fBname resolve order = lmhosts bcast host\fR
 This will cause the local lmhosts file to be examined first, followed by a broadcast attempt, followed by a normal system hostname lookup\&.
 
 
+When Samba is functioning in ADS security mode (\fBsecurity = ads\fR) it is advised to use following settings for \fIname resolve order\fR:
+
+
+\fBname resolve order = wins bcast\fR
+
+
+DC lookups will still be done via DNS, but fallbacks to netbios names will not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups\&.
+
+
 .TP
 netbios aliases (G)
 This is a list of NetBIOS names that nmbd(8) will advertise as additional names by which the Samba server is known\&. This allows one machine to appear in browse lists under multiple names\&. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon servers, only the primary name of the machine will be advertised with these capabilities\&.
@@ -4597,7 +4651,7 @@ This parameter is in two parts, the backend's name, and a 'location' string that
 Available backends can include: .TP 3 \(bu \fBsmbpasswd\fR - The default smbpasswd backend\&. Takes a path to the smbpasswd file as an optional argument\&. .TP \(bu \fBtdbsam\fR - The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the \fIprivate dir\fR directory\&. .TP \(bu \fBldapsam\fR - The LDAP based passdb backend\&. Takes an LDAP URL as an optional argument (defaults to \fBldap://localhost\fR) LDAP connections should be secured where possible\&. This may be done using either Start-TLS (see \fIldap ssl\fR) or by specifying \fIldaps://\fR in the URL argument\&. .TP \(bu \fBnisplussam\fR - The NIS+ based passdb backend\&. Takes name NIS domain as an optional argument\&. Only works with sun NIS+ servers\&. .TP \(bu \fBmysql\fR - The MySQL based passdb backend\&. Takes an identifier as argument\&. Read the Samba HOWTO Collection for configuration details\&. .TP \(bu \fBguest\fR - Very simple backend that only provides one user: the guest user\&. Only maps the NT guest user to the \fIguest account\fR\&. Required in pretty much all situations\&. .LP
 
 
-Default: \fBpassdb backend = smbpasswd guest\fR
+Default: \fBpassdb backend = smbpasswd\fR
 
 
 Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest\fR
@@ -4709,13 +4763,13 @@ Example: \fBpassword level = 4\fR
 
 .TP
 password server (G)
-By specifying the name of another SMB server (such as a WinNT box) with this option, and using \fBsecurity = domain \fR or \fBsecurity = server\fR you can get Samba to do all its username/password validation via a remote server\&.
+By specifying the name of another SMB server or Active Directory domain controller with this option, and using \fBsecurity = [ads|domain|server]\fR it is possible to get Samba to to do all its username/password validation using a specific remote server\&.
 
 
-This option sets the name of the password server to use\&. It must be a NetBIOS name, so if the machine's NetBIOS name is different from its Internet name then you may have to add its NetBIOS name to the lmhosts file which is stored in the same directory as the \fIsmb\&.conf\fR file\&.
+This option sets the name or IP address of the password server to use\&. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm\&. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e\&.g\&. 192\&.168\&.1\&.100:389)\&. If you do not specify a port, Samba will use the standard LDAP port of tcp/389\&. Note that port numbers have no effect on password servers for Windows NT 4\&.0 domains or netbios connections\&.
 
 
-The name of the password server is looked up using the parameter \fIname resolve order\fR and so may resolved by any method and order described in that parameter\&.
+If parameter is a name, it is looked up using the parameter \fIname resolve order\fR and so may resolved by any method and order described in that parameter\&.
 
 
 The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&.
@@ -4729,13 +4783,13 @@ Never point a Samba server at itself for password serving\&. This will cause a l
 The name of the password server takes the standard substitutions, but probably the only useful one is \fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow!
 
 
-If the \fIsecurity\fR parameter is set to \fBdomain\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character '*', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using \fB security = domain\fR is that if you list several hosts in the \fIpassword server\fR option then \fBsmbd \fR will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&.
+If the \fIsecurity\fR parameter is set to \fBdomain\fR or \fBads\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character '*', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using \fB security = domain\fR is that if you list several hosts in the \fIpassword server\fR option then \fBsmbd \fR will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&.
 
 
 If the \fIpassword server\fR option is set to the character '*', then Samba will attempt to auto-locate the Primary or Backup Domain controllers to authenticate against by doing a query for the name \fBWORKGROUP<1C>\fR and then contacting each server returned in the list of IP addresses from the name resolution source\&.
 
 
-If the list of servers contains both names and the '*' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC's will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&.
+If the list of servers contains both names/IP's and the '*' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC's will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&.
 
 
 If the \fIsecurity\fR parameter is set to \fBserver\fR, then there are different restrictions that \fBsecurity = domain\fR doesn't suffer from:
@@ -4754,6 +4808,9 @@ Default: \fBpassword server = <empty string>\fR
 Example: \fBpassword server = NT-PDC, NT-BDC1, NT-BDC2, *\fR
 
 
+Example: \fBpassword server = windc.mydomain.com:389 192.168.1.101 *\fR
+
+
 Example: \fBpassword server = *\fR
 
 
@@ -6309,6 +6366,9 @@ Default: \fBwinbind enum users = yes \fR
 
 .TP
 winbind gid (G)
+This parameter is now an alias for \fBidmap gid\fR
+
+
 The winbind gid parameter specifies the range of group ids that are allocated by the \fBwinbindd\fR(8) daemon\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&.
 
 
@@ -6334,7 +6394,10 @@ Example: \fBwinbind separator = +\fR
 
 .TP
 winbind uid (G)
-The winbind gid parameter specifies the range of group ids that are allocated by the \fBwinbindd\fR(8) daemon\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&.
+This parameter is now an alias for \fBidmap uid\fR
+
+
+The winbind gid parameter specifies the range of user ids that are allocated by the \fBwinbindd\fR(8) daemon\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&.
 
 
 Default: \fBwinbind uid = <empty string>\fR
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 04814890784..9bbecb29a41 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -25,7 +25,7 @@ wbinfo \- Query information from winbind daemon
 .nf
 \fBwbinfo\fR [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid]
        [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password]
-       [-A user%password] [--get-auth-user] [-p]
+       [--set-auth-user user%password] [--get-auth-user] [-p]
 .fi
 
 .SH "DESCRIPTION"
@@ -117,7 +117,7 @@ Attempt to authenticate a user via winbindd\&. This checks both authenticaion me
 
 
 .TP
--A username%password
+--set-auth-user username%password
 Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&.
 
 
diff --git a/source/client/client.c b/source/client/client.c
index f2be268efe2..ea21957d73d 100644
--- a/source/client/client.c
+++ b/source/client/client.c
@@ -2563,6 +2563,9 @@ static struct cli_state *do_connect(const char *server, const char *share)
 		if (password[0] || !username[0] || use_kerberos ||
 		    !cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) { 
 			d_printf("session setup failed: %s\n", cli_errstr(c));
+			if (NT_STATUS_V(cli_nt_error(c)) == 
+			    NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
+				d_printf("did you forget to run kinit?\n");
 			cli_shutdown(c);
 			return NULL;
 		}
@@ -2859,6 +2862,7 @@ static void remember_query_host(const char *arg,
 
 	pstrcpy(username, cmdline_auth_info.username);
 	pstrcpy(password, cmdline_auth_info.password);
+
 	use_kerberos = cmdline_auth_info.use_kerberos;
 	got_pass = cmdline_auth_info.got_pass;
 
diff --git a/source/lib/popt_common.c b/source/lib/popt_common.c
index 6920ef4d5f0..b8e77b2d9ec 100644
--- a/source/lib/popt_common.c
+++ b/source/lib/popt_common.c
@@ -335,8 +335,8 @@ static void popt_common_credentials_callback(poptContext con,
 struct poptOption popt_common_credentials[] = {
 	{ NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, popt_common_credentials_callback },
 	{ "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" },
-	{ "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, True, "Don't ask for a password" },
-	{ "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, True, "Use kerberos (active directory) authentication" },
+	{ "no-pass", 'N', POPT_ARG_NONE, &cmdline_auth_info.got_pass, 0, "Don't ask for a password" },
+	{ "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, 'k', "Use kerberos (active directory) authentication" },
 	{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
 	POPT_TABLEEND
 };
diff --git a/source/passdb/pdb_smbpasswd.c b/source/passdb/pdb_smbpasswd.c
index e00680917c5..0e7dd77b405 100644
--- a/source/passdb/pdb_smbpasswd.c
+++ b/source/passdb/pdb_smbpasswd.c
@@ -1352,7 +1352,7 @@ static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
 	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
 
 	if (fp == NULL) {
-		DEBUG(0, ("unable to open passdb database.\n"));
+		DEBUG(0, ("Unable to open passdb database.\n"));
 		return nt_status;
 	}
 
@@ -1412,7 +1412,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUN
 	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
 
 	if (fp == NULL) {
-		DEBUG(0, ("unable to open passdb database.\n"));
+		DEBUG(0, ("Unable to open passdb database.\n"));
 		return nt_status;
 	}
 
diff --git a/source/smbd/statcache.c b/source/smbd/statcache.c
index 79758bcfe2e..0d55c22f7a2 100644
--- a/source/smbd/statcache.c
+++ b/source/smbd/statcache.c
@@ -24,7 +24,6 @@
 
 extern BOOL case_sensitive;
 
-
 /****************************************************************************
  Stat cache code used in unix_convert.
 *****************************************************************************/
@@ -53,123 +52,126 @@ static hash_table stat_cache;
 
 void stat_cache_add( const char *full_orig_name, const char *orig_translated_path)
 {
-  stat_cache_entry *scp;
-  stat_cache_entry *found_scp;
-  char *translated_path;
-  size_t translated_path_length;
-
-  char *original_path;
-  size_t original_path_length;
-
-  hash_element *hash_elem;
-
-  if (!lp_stat_cache()) return;
-
-  /*
-   * Don't cache trivial valid directory entries.
-   */
-  if((*full_orig_name == '\0') || (strcmp(full_orig_name, ".") == 0) ||
-     (strcmp(full_orig_name, "..") == 0))
-    return;
-
-  /*
-   * If we are in case insentive mode, we don't need to
-   * store names that need no translation - else, it
-   * would be a waste.
-   */
-
-  if(case_sensitive && (strcmp(full_orig_name, orig_translated_path) == 0))
-    return;
-
-  /*
-   * Remove any trailing '/' characters from the
-   * translated path.
-   */
-
-  translated_path = strdup(orig_translated_path);
-  if (!translated_path)
-	  return;
-
-  translated_path_length = strlen(translated_path);
-
-  if(translated_path[translated_path_length-1] == '/') {
-    translated_path[translated_path_length-1] = '\0';
-    translated_path_length--;
-  }
-
-  original_path = strdup(full_orig_name);
-  if (!original_path) {
-	  SAFE_FREE(translated_path);
-	  return;
-  }
-
-  original_path_length = strlen(original_path);
-
-  if(original_path[original_path_length-1] == '/') {
-    original_path[original_path_length-1] = '\0';
-    original_path_length--;
-  }
-
-  if(!case_sensitive)
-	  strupper(original_path);
-
-  if (original_path_length != translated_path_length) {
-	  if (original_path_length < translated_path_length) {
-		  DEBUG(0, ("OOPS - tried to store stat cache entry for werid length paths [%s] %u and [%s] %u)!\n", original_path, original_path_length, translated_path, translated_path_length));
-		  SAFE_FREE(original_path);
-		  SAFE_FREE(translated_path);
-		  return;
-	  }
-
-	  /* we only want to store the first part of original_path,
-	     up to the length of translated_path */
-
-	  original_path[translated_path_length] = '\0';
-	  original_path_length = translated_path_length;
-  }
-
-  /*
-   * Check this name doesn't exist in the cache before we 
-   * add it.
-   */
-
-  if ((hash_elem = hash_lookup(&stat_cache, original_path))) {
-	  found_scp = (stat_cache_entry *)(hash_elem->value);
-	  if (strcmp((found_scp->translated_path), orig_translated_path) == 0) {
-		  /* already in hash table */
-		  SAFE_FREE(original_path);
-		  SAFE_FREE(translated_path);
-		  return;
-	  }
-	  /* hash collision - remove before we re-add */
-	  hash_remove(&stat_cache, hash_elem);
-  }  
+	stat_cache_entry *scp;
+	stat_cache_entry *found_scp;
+	char *translated_path;
+	size_t translated_path_length;
+
+	char *original_path;
+	size_t original_path_length;
+
+	hash_element *hash_elem;
+
+	if (!lp_stat_cache())
+		return;
+
+	/*
+	 * Don't cache trivial valid directory entries.
+	 */
+
+	if((*full_orig_name == '\0') || (strcmp(full_orig_name, ".") == 0) ||
+			(strcmp(full_orig_name, "..") == 0))
+		return;
+
+	/*
+	 * If we are in case insentive mode, we don't need to
+	 * store names that need no translation - else, it
+	 * would be a waste.
+	 */
+
+	if(case_sensitive && (strcmp(full_orig_name, orig_translated_path) == 0))
+		return;
+
+	/*
+	 * Remove any trailing '/' characters from the
+	 * translated path.
+	 */
+
+	translated_path = strdup(orig_translated_path);
+	if (!translated_path)
+		return;
+
+	translated_path_length = strlen(translated_path);
+
+	if(translated_path[translated_path_length-1] == '/') {
+		translated_path[translated_path_length-1] = '\0';
+		translated_path_length--;
+	}
+
+	original_path = strdup(full_orig_name);
+	if (!original_path) {
+		SAFE_FREE(translated_path);
+		return;
+	}
+
+	original_path_length = strlen(original_path);
+
+	if(original_path[original_path_length-1] == '/') {
+		original_path[original_path_length-1] = '\0';
+		original_path_length--;
+	}
+
+	if(!case_sensitive)
+		strupper(original_path);
+
+	if (original_path_length != translated_path_length) {
+		if (original_path_length < translated_path_length) {
+			DEBUG(0, ("OOPS - tried to store stat cache entry for werid length paths [%s] %u and [%s] %u)!\n",
+						original_path, original_path_length, translated_path, translated_path_length));
+			SAFE_FREE(original_path);
+			SAFE_FREE(translated_path);
+			return;
+		}
+
+		/* we only want to store the first part of original_path,
+			up to the length of translated_path */
+
+		original_path[translated_path_length] = '\0';
+		original_path_length = translated_path_length;
+	}
+
+	/*
+	 * Check this name doesn't exist in the cache before we 
+	 * add it.
+	 */
+
+	if ((hash_elem = hash_lookup(&stat_cache, original_path))) {
+		found_scp = (stat_cache_entry *)(hash_elem->value);
+		if (strcmp((found_scp->translated_path), orig_translated_path) == 0) {
+			/* already in hash table */
+			SAFE_FREE(original_path);
+			SAFE_FREE(translated_path);
+			return;
+		}
+		/* hash collision - remove before we re-add */
+		hash_remove(&stat_cache, hash_elem);
+	}  
   
-  /*
-   * New entry.
-   */
+	/*
+	 * New entry.
+	 */
   
-  if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)
-				       +original_path_length
-				       +translated_path_length)) == NULL) {
-	  DEBUG(0,("stat_cache_add: Out of memory !\n"));
-	  SAFE_FREE(original_path);
-	  SAFE_FREE(translated_path);
-	  return;
-  }
-
-  scp->original_path = scp->names;
-  scp->translated_path = scp->names + original_path_length + 1;
-  safe_strcpy(scp->original_path, original_path, original_path_length);
-  safe_strcpy(scp->translated_path, translated_path, translated_path_length);
-  scp->translated_path_length = translated_path_length;
-
-  hash_insert(&stat_cache, (char *)scp, original_path);
-
-  SAFE_FREE(original_path);
-  SAFE_FREE(translated_path);
-
-  DEBUG(5,("stat_cache_add: Added entry %s -> %s\n", scp->original_path, scp->translated_path));
+	if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)
+						+original_path_length
+						+translated_path_length)) == NULL) {
+		DEBUG(0,("stat_cache_add: Out of memory !\n"));
+		SAFE_FREE(original_path);
+		SAFE_FREE(translated_path);
+		return;
+	}
+
+	scp->original_path = scp->names;
+	scp->translated_path = scp->names + original_path_length + 1;
+	safe_strcpy(scp->original_path, original_path, original_path_length);
+	safe_strcpy(scp->translated_path, translated_path, translated_path_length);
+	scp->translated_path_length = translated_path_length;
+
+	hash_insert(&stat_cache, (char *)scp, original_path);
+
+	SAFE_FREE(original_path);
+	SAFE_FREE(translated_path);
+
+	DEBUG(5,("stat_cache_add: Added entry %s -> %s\n", scp->original_path, scp->translated_path));
 }
 
 /**
@@ -191,73 +193,73 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat
 BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath, 
 		       char **start, SMB_STRUCT_STAT *pst)
 {
-  stat_cache_entry *scp;
-  pstring chk_name;
-  size_t namelen;
-  hash_element *hash_elem;
-  char *sp;
-
-  if (!lp_stat_cache())
-    return False;
+	stat_cache_entry *scp;
+	pstring chk_name;
+	size_t namelen;
+	hash_element *hash_elem;
+	char *sp;
+
+	if (!lp_stat_cache())
+		return False;
  
-  namelen = strlen(name);
-
-  *start = name;
-
-  DO_PROFILE_INC(statcache_lookups);
-
-  /*
-   * Don't lookup trivial valid directory entries.
-   */
-  if((*name == '\0') || (strcmp(name, ".") == 0) || (strcmp(name, "..") == 0)) {
-    DO_PROFILE_INC(statcache_misses);
-    return False;
-  }
-
-  pstrcpy(chk_name, name);
-  if(!case_sensitive)
-    strupper( chk_name );
-
-  while (1) {
-    hash_elem = hash_lookup(&stat_cache, chk_name);
-    if(hash_elem == NULL) {
-      /*
-       * Didn't find it - remove last component for next try.
-       */
-      sp = strrchr_m(chk_name, '/');
-      if (sp) {
-        *sp = '\0';
-      } else {
-        /*
-         * We reached the end of the name - no match.
-         */
-	DO_PROFILE_INC(statcache_misses);
-        return False;
-      }
-      if((*chk_name == '\0') || (strcmp(chk_name, ".") == 0)
-                          || (strcmp(chk_name, "..") == 0)) {
-	DO_PROFILE_INC(statcache_misses);
-        return False;
-      }
-    } else {
-      scp = (stat_cache_entry *)(hash_elem->value);
-      DO_PROFILE_INC(statcache_hits);
-      if(SMB_VFS_STAT(conn,scp->translated_path, pst) != 0) {
-        /* Discard this entry - it doesn't exist in the filesystem.  */
-        hash_remove(&stat_cache, hash_elem);
-        return False;
-      }
-      memcpy(name, scp->translated_path, MIN(sizeof(pstring)-1, scp->translated_path_length));
-
-      /* set pointer for 'where to start' on fixing the rest of the name */
-      *start = &name[scp->translated_path_length];
-      if(**start == '/')
-        ++*start;
-
-      pstrcpy(dirpath, scp->translated_path);
-      return (namelen == scp->translated_path_length);
-    }
-  }
+	namelen = strlen(name);
+
+	*start = name;
+
+	DO_PROFILE_INC(statcache_lookups);
+
+	/*
+	 * Don't lookup trivial valid directory entries.
+	 */
+	if((*name == '\0') || (strcmp(name, ".") == 0) || (strcmp(name, "..") == 0)) {
+		DO_PROFILE_INC(statcache_misses);
+		return False;
+	}
+
+	pstrcpy(chk_name, name);
+	if(!case_sensitive)
+		strupper( chk_name );
+
+	while (1) {
+		hash_elem = hash_lookup(&stat_cache, chk_name);
+		if(hash_elem == NULL) {
+			/*
+			 * Didn't find it - remove last component for next try.
+			 */
+			sp = strrchr_m(chk_name, '/');
+			if (sp) {
+				*sp = '\0';
+			} else {
+				/*
+				 * We reached the end of the name - no match.
+				 */
+				DO_PROFILE_INC(statcache_misses);
+				return False;
+			}
+			if((*chk_name == '\0') || (strcmp(chk_name, ".") == 0)
+					|| (strcmp(chk_name, "..") == 0)) {
+				DO_PROFILE_INC(statcache_misses);
+				return False;
+			}
+		} else {
+			scp = (stat_cache_entry *)(hash_elem->value);
+			DO_PROFILE_INC(statcache_hits);
+			if(SMB_VFS_STAT(conn,scp->translated_path, pst) != 0) {
+				/* Discard this entry - it doesn't exist in the filesystem.  */
+				hash_remove(&stat_cache, hash_elem);
+				return False;
+			}
+			memcpy(name, scp->translated_path, MIN(sizeof(pstring)-1, scp->translated_path_length));
+
+			/* set pointer for 'where to start' on fixing the rest of the name */
+			*start = &name[scp->translated_path_length];
+			if(**start == '/')
+				++*start;
+
+			pstrcpy(dirpath, scp->translated_path);
+			return (namelen == scp->translated_path_length);
+		}
+	}
 }
 
 /*************************************************************************** **
@@ -271,7 +273,8 @@ BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath,
 BOOL reset_stat_cache( void )
 {
 	static BOOL initialised;
-	if (!lp_stat_cache()) return True;
+	if (!lp_stat_cache())
+		return True;
 
 	if (initialised) {
 		hash_clear(&stat_cache);
@@ -280,4 +283,4 @@ BOOL reset_stat_cache( void )
 	initialised = hash_table_init( &stat_cache, INIT_STAT_CACHE_SIZE, 
 				       (compare_function)(strcmp));
 	return initialised;
-} /* reset_stat_cache  */
+}
diff --git a/source/utils/profiles.c b/source/utils/profiles.c
index afaa83f6384..23df26d1502 100644
--- a/source/utils/profiles.c
+++ b/source/utils/profiles.c
@@ -454,6 +454,8 @@ static int get_sid(DOM_SID *sid, const unsigned char *sid_str)
   return 1;
 }
 
+#if 0
+
 /* 
  * Replace SID1, component by component with SID2
  * Assumes will never be called with unequal length SIDS
@@ -470,6 +472,8 @@ static void change_sid(DOM_SID *s1, DOM_SID *s2)
   }
 }
 
+#endif
+
 static void print_sid(DOM_SID *sid)
 {
   int i, comps = sid->num_auths;