From 6d91ac2a646ae47d359914503030cab51b2c9d16 Mon Sep 17 00:00:00 2001
From: Steven Danneman <steven.danneman@isilon.com>
Date: Fri, 22 May 2009 16:57:52 -0700
Subject: [PATCH] s3/docs Add manpage for "map untrusted to domain" parameter

This fixes bug 6352.
---
 .../smbdotconf/security/mapuntrustedtodomain.xml   | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 docs-xml/smbdotconf/security/mapuntrustedtodomain.xml

diff --git a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
new file mode 100644
index 00000000000..bcf65e6eb6d
--- /dev/null
+++ b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="map untrusted to domain"
+                 context="G"
+		 type="boolean"
+		 advanced="1"
+		 developer="1"
+		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    If a client connects to smbd using an untrusted domain name, such as
+    BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
+    attempting to authenticate that user.  In the case where smbd is acting as
+    a PDC this will be DOMAIN\user.  In the case where smbd is acting as a
+    domain member server or a standalone server this will be WORKSTATION\user.
+    </para>
+
+    <para>
+    In previous versions of Samba (pre 3.4), if smbd was acting as a domain
+    member server, the BOGUS domain name would instead be replaced by the
+    primary domain which smbd was a member of.  In this case authentication
+    would be deferred off to a DC using the credentials DOMAIN\user.
+    </para>
+
+    <para>
+    When this parameter is set to <constant>yes</constant> smbd provides the
+    legacy behavior of mapping untrusted domain names to the primary domain.
+    When smbd is not acting as a domain member server, this parameter has no
+    effect.
+    </para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
-- 
2.11.4.GIT