r5146: starting draft of release notes for 3.0.11

merges from SAMBA_3_0

svn merge -r5100:5111 $SVNURL/branches/SAMBA_3_0
svn merge -r5113:5125 $SVNURL/branches/SAMBA_3_0
svn merge -r5125:5127 $SVNURL/branches/SAMBA_3_0
svn merge -r5127:5131 $SVNURL/branches/SAMBA_3_0
svn merge -r5131:5132 $SVNURL/branches/SAMBA_3_0
svn merge -r5132:5140 $SVNURL/branches/SAMBA_3_0

8 files changed, 199 insertions, 301 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2702749505d..7915112f89c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,109 +1,33 @@
-		   =================================
-                   Release Notes for Samba 3.0.11rc1
-                                Jan 28, 2005
-                   ==================================
+		   ==============================
+                   Release Notes for Samba 3.0.11
+                             XXX XX, 2005
+                   ==============================
 
-This is a release candidate of the Samba 3.0.11 code base and is 
-provided for testing only.  While close to the final stable release, 
-this snapshot is *not* intended for production servers.  If all 
-goes well, this this version will become the final 3.0.11 stable 
-release (with possible minor changes).
+This is the latest stable release of Samba. This is the version
+that production Samba servers should be running for all current
+bug-fixes.  Please read the following important changes in this 
+release.
 
-Common bugs fixed in 3.0.11rc1 include:
+Common bugs fixed in 3.0.11 include:
 
   o Crash in smbd when using CUPS printing.
   o Parsing error of other SIDs included in the user_info_3
     structure returned from domain controllers.
-    
-
-######################################################################
-Changes
-#######
-
-Changes since 3.0.11pre2
-------------------------
-
-smb.conf changes
-----------------
-
-    Parameter Name                      Action
-    --------------                      ------
-    winbind enable local accounts	Deprecated
-
-
-commits
--------
-o   Jeremy Allison <jra@samba.org>
-    * BUG 2092: Prevent auto-anonymous logins via libsmbclient 
-      for better use by desktop environments such as GNOME.
-    * Ensure we can't remove a level II oplock without having the
-      shared memory area locked.
-            
-
-o   Gerald (Jerry) Carter <jerry@samba.org>
-    * RedHat and Fedora Packaging fixes for perl dependencies.
-    * Remove unused schema items from OpenLDAP schema file.
-    * Remove duplicate enumeration of "Windows x86" architecture
-      when listing printer drivers via rpcclient.
-    * Fail set_privileges() if 'enable privileges = no' to prevent 
-      confused admins.
-    * Fix segfault in cups_queue_get().
-    * Tighten restrictions on changing user passwords when 
-      the connected user possesses the SeMachineAccountPrivilege.
-    * Ensure we set NETBIOSNAME.domainname for the long machine name
-      when publishing printers in AD (based on input from Rob Foehl).
-    * Mark 'winbind enable local accounts' as deprecated.
-    * Mark testprns tool as deprecated.
-    * Allow root to grant/revoke privilege assignments.
-    * Correct interaction between user rights and se_access_check() on
-      SAMR objects.
-    * BUG 2286: Fix typo OpenLDAP schema file for sambaConfig object 
-      class.
-
- 
-o   Guenther Deschner <gd@samba.org>
-    * Fix configure.in tests using KRB5_CONFIG variable and krb5-
-      config utility.
-    * Require assignment of Administrator SID in the passdb 
-      backend.  Fall back to the default name of 'Administrator' if
-      the lookup fails rather than using the first name in the
-      default 'admin users' list.
-    * Enhance LDAP failure debug messages.
-    
-    
-o   Volker Lendecke <vl@samba.org>
-    * Allow 'rpcclient -c enumtrust' to enumerate more than 10 trusts.
-    * Fix parsing of other_sids in net_user_info3.
-    * Correct bad failure logic when user was not a member of any 
-      domain local groups.
-    
-
-Changes for older versions follow below:
-
-      --------------------------------------------------
-		   
-		   ==================================
-                   Release Notes for Samba 3.0.11pre2
-                                Jan 21, 2005
-                   ===================================
-
-This is a preview release of the Samba 3.0.11 code base and
-is provided for testing only.  This release is *not* intended
-for production servers.  However, there have been several bug
-fixes since 3.0.10 that we feel are important to make available
-to the Samba community for wider testing.
-
-Common bugs fixed in 3.0.11pre2 include:
-
   o Inefficiencies when searching non-AD LDAP directories.
   o Failure to expand variables in user domain attributes
     in tdbsam and ldapsam.
   o Memory leaks.
   o Failure to retrieve certain attribute when migrating from 
     a Windows DC to a Samba DC via 'net rpc vampire'.
+  o Numerous printing bugs bugs including memory 
+    bloating on large/busy print servers.
+  o Compatibility issues with Exchange 5.5 SP4.
+  o sendfile fixes.
 
-Additional features introduced in Samba 3.0.11pre1:
+Additional features introduced in Samba 3.0.11:
 
+  o Winbindd performance improvements.
+  o More 'net rpc vampire' functionality.
   o Support for the Windows privilege model to assign rights
     to specific SIDs.
   o New administrative options to the 'net rpc' command.
@@ -134,186 +58,42 @@ These rights can be assigned to arbitrary users or groups
 via the 'net rpc rights grant/revoke' command.  More details
 of Samba's privilege implementation can be found in the 
 Samba-HOWTO-Collection.
-
+    
 
 ######################################################################
 Changes
 #######
 
-Changes since 3.0.11pre1
-------------------------
+Changes since 3.0.11rc1
+-----------------------
 
-smb.conf changes
-----------------
-    Parameter Name              	Action
-    --------------              	------
-    enable privileges			New
-    ldap password sync			Alias
-    
-    
 commits
 -------
 o   Jeremy Allison <jra@samba.org>
-    * Fixes for libsmbclient to ensure that interrupted system calls
-      are restarted minus the already expired portion of the timeout
-      (based on work by Derrell Lipman).
-    * More Unicode string parsing fixes.
-    * Convert the winreg pipe to use WERROR returns.
-    * Make all LDAP timeouts consistent (input from Joe Meadows 
-      <jameadows@webopolis.com>).
-    * BUG 2231: Remove double "\\" from client findfirst.
-    * BUG 2238: Fix memory leak in shadow copy vfs.
-    * Return correct DOS/NT error code on transact named pipe on 
-      closed pipe handle.
-    * BUG 2211: Fix security descriptor parsing bug (based on work by 
-      Mrinal Kalakrishnan <mail@mrinal.net>).
-    * BUG 2270: Fix memory leaks in cups printing backend support 
-      (based on work by Lars Mueller).
-    * BUG 2255: Fix debug level in kerberos error messages.
-
-
-o   Andrew Bartlett <abartlet@samba.org>
-    * Don't store the auth-user credentials with the cli_state* as 
-      this can cause the schannel setup to fail when the auth-user
-      domain is not our primary domain.
-
-
-o   Grigory Batalov <bga@altlinux.org>
-    * Fix encoding while receiving of a message which was actually 
-      sent using STR_ASCII.
-
-
-o   Daniel Beschorner <db@unit-netz.de>
-    * BUG 603: Correct access mask check for _samr_lookup_domain()
-      to work with Windows RAS server
-
-
-o   Jerome Borsboom <j.borsboom@erasmusmc.nl>
-    * Fix missing printer_tdb reference decrement.
-    
-
+o   Timur Bakeyev <timur@com.bat.ru>
 o   Gerald (Jerry) Carter <jerry@samba.org>
-    * Re-instantiate previous semantics for calling init_unistr2() 
-      with a NULL source buffer.
-    * Support Windows privilege model for assigning rights
-      to specific SIDs.  Based on work by Simo Sorce in the trunk 
-      svn branch.  This feature is controlled by the 'enable 
-      privileges = [yes|no]' smb.conf(5) option.
-    * Add some smb.conf scripts for add/delete/change shares and 
-      deleting cups printers.
-    * Expand variables in the profile path, logon home and logon script 
-      values when using either tdbsam or ldapsam.
-    * Add Domain Admins (Full Control) to the default printer security 
-      descriptor if we are a DC.
-
-
 o   Guenther Deschner <gd@samba.org>
-    * Allow rpcclient to define a port to use when connecting 
-      to a remote server.
-    * Allow Account Lockout with Lockout Duration "forever" (until 
-      admin unlocks) to be set and displayed in User Manager.
-    * Allow to set acb_mask in rpcclient's enumdomusers.
-    * Add more generic rootDSE inspection function to check 
-      for given controls or extensions and remember these on a 
-      per server basis.
-    * Improve LDAP search efficiency by passing the acb_mask to 
-      pdb_setsampwent().
-    * Fixes for ldapsam_enum_group_memberships().
-    * Add createdomgroup to rpcclient.
-    * Add "net rpc user RENAME"-command.
-    * Display sam_user_info_7 in rpcclient.
-    * Make multi-domain-mode in idmap_rid accessible from outside 
-      (can be compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS).
-    * When vampiring account policy AP_LOCK_ACCOUNT_DURATION honor 
-      "Lockout Duration: Forever".
-
-
-o   Rob Foehl <rwf@loonybin.net>
-    * Implement caching of names from printcap to support a true
-      'printcap cache time'.
-
-
-o   Jeff Hardy <hardyjm@potsdam.edu>
-    * Example script for 'add print command' when using CUPS.
-
-
-o   William Jojo <jojowil@hvcc.edu>
-    * AIX 5.3 compile fixes.
-
-
 o   Volker Lendecke <vl@samba.org>
-    * Initial work to allow support for multiple pipe opens on a 
-      single cli_state*.
-    * Ensure that we still retrieve the netbios name of any DC 
-      listed as a 'password server' to work around cases where the 
-      DC was defined using an IP address or fqdn.
-    * Fix memleak in winbindd connection code.
-    * Fix cli_samr_queryuseraliases.
-    * Allow wbinfo --user-sids to expand expand domain local groups.
-
-
-o   Jim McDonough <jmcd@us.ibm.com>
-    * BUG 2198: Set password last change time when running 'net rpc 
-      vampire'.
-    * Add "refuse machine password change" policy field.
-
-
-o   Stefan Metzmacher <metze@samba.org>    
-    * autogen.sh fixes.
-
-
-o   James Peach <jpeach@sgi.com>
-    * Fix rewinddir -> rewind_dir when using VFS macros.
-    
-
-o   Simo Sorce <idra@samba.org>
-    * Allows the add/change share command to create the shared 
-      directory directory on disk.
-     
-o   Jelmer Vernooij <jelmer@samba.org>
-    * Fixes for pdb_mysql.
-
-
-      --------------------------------------------------
-                   
-		   ==================================
-                   Release Notes for Samba 3.0.11pre1
-                                Jan 4, 2005
-                   ===================================
-
-Common bugs fixed in 3.0.11pre1 include:
-
-  o Numerous printing bugs bugs including memory 
-    bloating on large/busy print servers.
-  o Compatibility issues with Exchange 5.5 SP4.
-  o sendfile fixes.
-
-Additional features introduced in Samba 3.0.11pre1:
-
-  o Winbindd performance improvements.
-  o More 'net rpc vampire' functionality.
- 
-
-
+o   Tim Potter <tpot@samba.org>
 
-######################################################################
-Changes
-#######
 
 Changes since 3.0.10
 --------------------
 
 smb.conf changes
 ----------------
-    Parameter Name              	Action
-    --------------              	------
+
+    Parameter Name                      Action
+    --------------                      ------
     afs token lifetime			New
+    enable privileges			New
+    ldap password sync			Alias
     min password length			Deprecated
+    winbind enable local accounts	Deprecated
+
 
-    
 commits
 -------
-
 o   Jeremy Allison <jra@samba.org>
     * Extend vfs to add seekdir/telldir/rewinddir.
     * Fix dirent return.
@@ -333,6 +113,22 @@ o   Jeremy Allison <jra@samba.org>
       file, not an existing one.
     * Don't go fishing for the krb5 authorization data unless we know
       it's there.
+    * Fixes for libsmbclient to ensure that interrupted system calls
+      are restarted minus the already expired portion of the timeout
+      (based on work by Derrell Lipman).
+    * More Unicode string parsing fixes.
+    * Convert the winreg pipe to use WERROR returns.
+    * Make all LDAP timeouts consistent (input from Joe Meadows 
+      <jameadows@webopolis.com>).
+    * BUG 2231: Remove double "\\" from client findfirst.
+    * BUG 2238: Fix memory leak in shadow copy vfs.
+    * Return correct DOS/NT error code on transact named pipe on 
+      closed pipe handle.
+    * BUG 2211: Fix security descriptor parsing bug (based on work by 
+      Mrinal Kalakrishnan <mail@mrinal.net>).
+    * BUG 2270: Fix memory leaks in cups printing backend support 
+      (based on work by Lars Mueller).
+    * BUG 2255: Fix debug level in kerberos error messages.
     * BUG 2110: Ensure we convert to ucs2 correctly after the 
       CAN-2004-0930 patch.
     * Make strict locking an enum. Auto means use oplock optimization.
@@ -340,7 +136,11 @@ o   Jeremy Allison <jra@samba.org>
     * More *alloc fixes (includes additional fixes by Albert Chin.
     * Catch sendfile errors correctly and return the correct values 
       we want the caller to return.
-
+    * BUG 2092: Prevent auto-anonymous logins via libsmbclient 
+      for better use by desktop environments such as GNOME.
+    * Ensure we can't remove a level II oplock without having the
+      shared memory area locked.
+            
 
 o   Timur Bakeyev <timur@com.bat.ru>
     * BUG 2100: change the way we check for errors after a dlopen().
@@ -350,6 +150,23 @@ o   Andrew Bartlett <abartlet@samba.org>
     * Clarify error message when 'lanman auth = no'.
     * Remove the unnecessary UTF-8 conversion calls in the calls to
       auth_winbind from smbd.
+    * Don't store the auth-user credentials with the cli_state* as 
+      this can cause the schannel setup to fail when the auth-user
+      domain is not our primary domain.
+
+
+o   Grigory Batalov <bga@altlinux.org>
+    * Fix encoding while receiving of a message which was actually 
+      sent using STR_ASCII.
+
+
+o   Daniel Beschorner <db@unit-netz.de>
+    * BUG 603: Correct access mask check for _samr_lookup_domain()
+      to work with Windows RAS server
+
+
+o   Jerome Borsboom <j.borsboom@erasmusmc.nl>
+    * Fix missing printer_tdb reference decrement.
     
 
 o   Gerald (Jerry) Carter <jerry@samba.org>
@@ -372,13 +189,43 @@ o   Gerald (Jerry) Carter <jerry@samba.org>
       print_queue_updates() requests sent via messages.tdb.
     * Check the setprinter(3) based on the access permissions on 
       the handle and avoid the call to print_access_check().
-      
+    * Re-instantiate previous semantics for calling init_unistr2() 
+      with a NULL source buffer.
+    * Support Windows privilege model for assigning rights
+      to specific SIDs.  Based on work by Simo Sorce in the trunk 
+      svn branch.  This feature is controlled by the 'enable 
+      privileges = [yes|no]' smb.conf(5) option.
+    * Add some smb.conf scripts for add/delete/change shares and 
+      deleting cups printers.
+    * Expand variables in the profile path, logon home and logon script 
+      values when using either tdbsam or ldapsam.
+    * Add Domain Admins (Full Control) to the default printer security 
+      descriptor if we are a DC.
+    * RedHat and Fedora Packaging fixes for perl dependencies.
+    * Remove unused schema items from OpenLDAP schema file.
+    * Remove duplicate enumeration of "Windows x86" architecture
+      when listing printer drivers via rpcclient.
+    * Fail set_privileges() if 'enable privileges = no' to prevent 
+      confused admins.
+    * Fix segfault in cups_queue_get().
+    * Tighten restrictions on changing user passwords when 
+      the connected user possesses the SeMachineAccountPrivilege.
+    * Ensure we set NETBIOSNAME.domainname for the long machine name
+      when publishing printers in AD (based on input from Rob Foehl).
+    * Mark 'winbind enable local accounts' as deprecated.
+    * Mark testprns tool as deprecated.
+    * Allow root to grant/revoke privilege assignments.
+    * Correct interaction between user rights and se_access_check() on
+      SAMR objects.
+    * BUG 2286: Fix typo OpenLDAP schema file for sambaConfig object 
+      class.
 
+ 
 o   Nadav Danieli <nadavd@exanet.com>
     * Short circuit some is_locked() tests if we are oplocked.
     
     
-o   Guenther Deschner <gd@samba.org> 
+o   Guenther Deschner <gd@samba.org>
     * Allow 'localhost' as a valid server name in the smbd for the
       spoolss calls.
     * Fix KRB5_SETPW-defines, no change in behavior (Thanks to Luke
@@ -408,9 +255,33 @@ o   Guenther Deschner <gd@samba.org>
     * Marking "min password length" as depreciated.  
     * Implement SAMR query_dom_info-call info-level 8 server- and 
       client-side, based on samba4-idl.
-
-
-
+    * Allow rpcclient to define a port to use when connecting 
+      to a remote server.
+    * Allow Account Lockout with Lockout Duration "forever" (until 
+      admin unlocks) to be set and displayed in User Manager.
+    * Allow to set acb_mask in rpcclient's enumdomusers.
+    * Add more generic rootDSE inspection function to check 
+      for given controls or extensions and remember these on a 
+      per server basis.
+    * Improve LDAP search efficiency by passing the acb_mask to 
+      pdb_setsampwent().
+    * Fixes for ldapsam_enum_group_memberships().
+    * Add createdomgroup to rpcclient.
+    * Add "net rpc user RENAME"-command.
+    * Display sam_user_info_7 in rpcclient.
+    * Make multi-domain-mode in idmap_rid accessible from outside 
+      (can be compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS).
+    * When vampiring account policy AP_LOCK_ACCOUNT_DURATION honor 
+      "Lockout Duration: Forever".
+    * Fix configure.in tests using KRB5_CONFIG variable and krb5-
+      config utility.
+    * Require assignment of Administrator SID in the passdb 
+      backend.  Fall back to the default name of 'Administrator' if
+      the lookup fails rather than using the first name in the
+      default 'admin users' list.
+    * Enhance LDAP failure debug messages.
+    
+    
 o   Jay Fenlason <fenlason@redhat.com>
     * Fix crash in 'net join' due to calling free on 
       static buffers.
@@ -423,12 +294,18 @@ o   Rob Foehl <rwf@loonybin.net>.
     * Solaris packaging fixes.
     * Don't force the cups printer-make-and-model tag as the comment
       for autoloaded printers.
-    
+    * Implement caching of names from printcap to support a true
+      'printcap cache time'.
+
 
 o   Johann Hanne <jhml@gmx.net>
     * BUG 2038: Only fail winbindd_getgroups() if all lookups fail.
 
 
+o   Jeff Hardy <hardyjm@potsdam.edu>
+    * Example script for 'add print command' when using CUPS.
+
+
 o   David Hu <david.hu@hp.com>
     * Copy structure from print_queue_update() message rather than 
       referencing it.  Fixes seg fault on HP-UX.
@@ -448,7 +325,8 @@ o   Björn Jacke <bjoern@j3e.de>
 o   William Jojo <jojowil@hvcc.edu>
     * Fix HPUX sendfile and add configure.in tests and code for
       sendfile on AIX.
-      
+    * AIX 5.3 compile fixes.
+
 
 o   Volker Lendecke <vl@samba.org>
     * Optimize anonymous session setups by workstations in a 
@@ -475,12 +353,27 @@ o   Volker Lendecke <vl@samba.org>
     * Add support for 'net idmap delete <idmap-file> <SID>'.
     * Add new parameter 'afs token lifetime' tells the AFS client 
       when to throw away a token (patch from kllin@it.su.se).
-
+    * Initial work to allow support for multiple pipe opens on a 
+      single cli_state*.
+    * Ensure that we still retrieve the netbios name of any DC 
+      listed as a 'password server' to work around cases where the 
+      DC was defined using an IP address or fqdn.
+    * Fix memleak in winbindd connection code.
+    * Fix cli_samr_queryuseraliases.
+    * Allow wbinfo --user-sids to expand expand domain local groups.
+    * Allow 'rpcclient -c enumtrust' to enumerate more than 10 trusts.
+    * Fix parsing of other_sids in net_user_info3.
+    * Correct bad failure logic when user was not a member of any 
+      domain local groups.
+    
 
 o   Jim McDonough <jmcd@us.ibm.com>
     * BUG 1952: Try INITSHUTDOWN pipe first, used by newer 
       clients.  If it fails, fall back to WINREG.
     * BUG 1770: Remove READ_ATTRIBUTES from GENERIC_EXECUTE.
+    * BUG 2198: Set password last change time when running 'net rpc 
+      vampire'.
+    * Add "refuse machine password change" policy field.
 
 
 o   Luke Mewburn <lukem@NetBSD.org>
@@ -488,9 +381,13 @@ o   Luke Mewburn <lukem@NetBSD.org>
       standard SHM_.
       
 
+o   Stefan Metzmacher <metze@samba.org>    
+    * autogen.sh fixes.
+
+
 o   Buchan Milne <bgmilne@mandrake.org>
     * Mandrake packaging fixes.
-     
+
 
 o   Lars Mueller <lmuelle@suse.de>
     * Fix build of libsmbclient on x86_64.
@@ -507,6 +404,10 @@ o   Jason Mader <jason@ncac.gwu.edu>
     * BUG 2083: Fix compiler warnings caused by bad type casts.
 
 
+o   James Peach <jpeach@sgi.com>
+    * Fix rewinddir -> rewind_dir when using VFS macros.
+    
+
 o   Gavrie Philipson <gavrie@disksites.com>
     * BUG 1838: Remove stale printers imeeddiately when 
       processing a SIGHUP and during smb.conf reload.
@@ -519,24 +420,28 @@ o   Tim Potter <tpot@samba.org>
       more liberal.
     * HP-UX compile fixes.
 
-    
+
 o   Simo Sorce <idra@samba.org>
     * Backport pdbedit changes from trunk.
+    * Allows the add/change share command to create the shared 
+      directory directory on disk.
+     
+o   Jelmer Vernooij <jelmer@samba.org>
+    * Bug fixes for pdb_{xml,pqsql,xml}
+    * Fixes for pdb_mysql.
 
 
 o   Andrew Tridgell <tridge@samba.org>
     * Bring Samba3 into line with the Samba4 password change code.
     
 
-o   Jelmer Vernooij <jelmer@samba.org>
-    * Bug fixes for pdb_{xml,pqsql,xml}
-
-
 o   Shiro Yamada <shiro@miraclelinux.com>
     * BUG 2190: Force SWAT to display parameters in unix charset and 
       not UTF-8.
 
 
+Release Notes for older release follow:
+
       --------------------------------------------------
                    ==============================
                    Release Notes for Samba 3.0.10
diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x
index 56f66a54a5b..1e0d18b6ba4 100644
--- a/examples/LDAP/samba-schema-netscapeds5.x
+++ b/examples/LDAP/samba-schema-netscapeds5.x
@@ -2,6 +2,9 @@
 ## Darren Chew <darren.chew at vicscouts dot asn dot au>
 ## Andre Fiebach <andre dot fiebach at stud dot uni-rostock dot de>
 ## Thomas Mueller 12.04.2003, thomas.mueller@christ-wasser.de
+## Richard Renard rrenard@idealx.com 2005-01-28
+## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours
+## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif
 ##
 ## Samba 3.0 schema file for Netscape DS 5.x
 ##
@@ -9,22 +12,22 @@
 ####################################################################
 # Sun One DS do not load the schema without this lines
 # André Fiebach <af123@uni-rostock.de> 
-dn: cn=schema

-objectClass: top

-objectClass: ldapSubentry

-objectClass: subschema

-cn: schema

-aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo

- us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)

-aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow 

- (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, 

- o=NetscapeRoot";)

-aci: (targetattr = "*")(version 3.0; acl "Local Directory Administrators Group

- "; allow (all) groupdn = "ldap:///cn=Directory Administrators, dc=samba,dc=org";)

-aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld

- ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot";)

-####################################################################

-objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName ) X-ORIGIN 'user defined' )
+dn: cn=schema
+objectClass: top
+objectClass: ldapSubentry
+objectClass: subschema
+cn: schema
+aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo
+ us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
+aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow 
+ (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, 
+ o=NetscapeRoot";)
+aci: (targetattr = "*")(version 3.0; acl "Local Directory Administrators Group
+ "; allow (all) groupdn = "ldap:///cn=Directory Administrators, dc=samba,dc=org";)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld
+ ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot";)
+####################################################################
+objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' )
 objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY  ( displayName $ description ) X-ORIGIN 'user defined' )
 objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) X-ORIGIN 'user defined' )
 objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' )
@@ -45,6 +48,11 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE X-ORIGIN 'user defined' )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' )
 attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'	DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
diff --git a/examples/VFS/autogen.sh b/examples/VFS/autogen.sh
index e8160d21731..223919890f1 100755
--- a/examples/VFS/autogen.sh
+++ b/examples/VFS/autogen.sh
@@ -47,9 +47,6 @@ if [ "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0" ]; then
 	exit 1
 fi
 
-echo "$0: running script/mkversion.sh"
-./script/mkversion.sh || exit 1
-
 rm -rf autom4te*.cache
 
 echo "$0: running $AUTOHEADER"
diff --git a/examples/pdb/test.c b/examples/pdb/test.c
index a10d66005f5..63eb1eaaf97 100644
--- a/examples/pdb/test.c
+++ b/examples/pdb/test.c
@@ -29,7 +29,7 @@ static int testsam_debug_level = DBGC_ALL;
  Start enumeration of the passwd list.
 ****************************************************************/
 
-static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update)
+static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask)
 {
 	DEBUG(10, ("testsam_setsampwent called\n"));
 	return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/source/lib/system_smbd.c b/source/lib/system_smbd.c
index eed607ee8fb..c83eecf1733 100644
--- a/source/lib/system_smbd.c
+++ b/source/lib/system_smbd.c
@@ -111,13 +111,12 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
 
 static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
 {
-	char *p;
 	int retval;
 
 	DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
 	
 	/* see if we should disable winbindd lookups for local users */
-	if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) {
+	if (strchr(user, *lp_winbind_separator()) == NULL) {
 		if ( !winbind_off() )
 			DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n",
 				WINBINDD_DONT_ENV));
diff --git a/source/rpc_client/cli_ds.c b/source/rpc_client/cli_ds.c
index 7719f97034e..40a32c7ee0c 100644
--- a/source/rpc_client/cli_ds.c
+++ b/source/rpc_client/cli_ds.c
@@ -110,7 +110,7 @@ NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	init_q_ds_enum_domain_trusts( &q, server, flags );
 		
 	if (!ds_io_q_enum_domain_trusts("", &qbuf, 0, &q) 
-	    || !rpc_api_pipe_req(cli, PI_LSARPC_DS, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) {
+	    || !rpc_api_pipe_req(cli, PI_NETLOGON, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) {
 		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c
index c4ff240cef8..e38197ddba1 100644
--- a/source/rpc_parse/parse_lsa.c
+++ b/source/rpc_parse/parse_lsa.c
@@ -214,16 +214,12 @@ static void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS
 static BOOL lsa_io_obj_attr(const char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps, 
 			    int depth)
 {
-	uint32 start;
-
 	prs_debug(ps, depth, desc, "lsa_io_obj_attr");
 	depth++;
 
 	if(!prs_align(ps))
 		return False;
 	
-	start = prs_offset(ps);
-
 	/* these pointers had _better_ be zero, because we don't know
 	   what they point to!
 	 */
@@ -240,15 +236,6 @@ static BOOL lsa_io_obj_attr(const char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps
 	if(!prs_uint32("ptr_sec_qos ", ps, depth, &attr->ptr_sec_qos )) /* security quality of service (pointer) */
 		return False;
 
-	/* code commented out as it's not necessary true (tested with hyena). JFM, 11/22/2001 */
-#if 0
-	if (attr->len != prs_offset(ps) - start) {
-		DEBUG(3,("lsa_io_obj_attr: length %x does not match size %x\n",
-		         attr->len, prs_offset(ps) - start));
-		return False;
-	}
-#endif
-
 	if (attr->ptr_sec_qos != 0) {
 		if (UNMARSHALLING(ps))
 			if (!(attr->sec_qos = PRS_ALLOC_MEM(ps,LSA_SEC_QOS,1)))
diff --git a/source/rpcclient/cmd_ds.c b/source/rpcclient/cmd_ds.c
index c5b12ed1503..0a1fd7e012b 100644
--- a/source/rpcclient/cmd_ds.c
+++ b/source/rpcclient/cmd_ds.c
@@ -55,13 +55,15 @@ static NTSTATUS cmd_ds_enum_domain_trusts(struct cli_state *cli,
 	uint32 			flags = 0x1;
 	struct ds_domain_trust	 *trusts = NULL;
 	unsigned int 			num_domains = 0;
+	int i;
 	
 	result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags, 
 		&trusts, &num_domains );
 	
 	printf( "%d domains returned\n", num_domains );
-	
-	SAFE_FREE( trusts );
+
+	for (i=0; i<num_domains; i++ ) 
+		printf("%s (%s)\n", trusts[i].dns_domain, trusts[i].netbios_domain);
 	
 	return result;
 }