[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 39f5352fdb8b6cc088a447152f43ba5148ad4819 - IPFire-SCM

27 Jul 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  39f5352fdb8b6cc088a447152f43ba5148ad4819 (commit)
       via  2deb75c0f3ee968c6298689bcac2110cb12027fe (commit)
       via  889219356ebe78cc59e682ae0bd2fad4a8b0a95e (commit)
       via  b56746432b882544afd7b493341cd9960a30ad29 (commit)
       via  0274b14c5ea4d63d151ddc0ed1e82c4f22c11b96 (commit)
       via  603248db53e41290600a25a140e7f033bbe09abd (commit)
       via  0ffbb688d3bf4a0890800b1ae35fb73bf60d1804 (commit)
       via  a8e327cd5054cabda42458e3415bd4c3a5375d6a (commit)
       via  be2817a72ad06fb47ca81da0c27dfd9be433b010 (commit)
       via  879dafbf1782afa70486d8bc63dd8c50e8c771ef (commit)
       via  cfba7c56dbaca141353f3aa9be6062d8d4a85c48 (commit)
      from  bb5902b6f41801a7fcc09f61827388894eee18b0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 39f5352fdb8b6cc088a447152f43ba5148ad4819
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Jul 27 12:02:17 2014 +0200
Update translations.
commit 2deb75c0f3ee968c6298689bcac2110cb12027fe
Merge: bb5902b 8892193
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Jul 27 12:01:50 2014 +0200
Merge remote-tracking branch 'ms/squid-ad' into next
commit 889219356ebe78cc59e682ae0bd2fad4a8b0a95e
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Jun 12 16:14:11 2014 +0200
samba: Make sure that permissions of the lock dir are fine.
commit b56746432b882544afd7b493341cd9960a30ad29
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Jun 12 11:29:18 2014 +0200
proxy: Add option to require a certain group for Internet access.
commit 0274b14c5ea4d63d151ddc0ed1e82c4f22c11b96
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Mon Mar 24 01:36:44 2014 +0100
squid: Rename "Windows" authentication to what it really is.
Remove language strings from languages I don't speak so
    that they use the English term.
commit 603248db53e41290600a25a140e7f033bbe09abd
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Mon Mar 24 01:30:23 2014 +0100
squid: Add NTLM authentication against Windows Active Directory servers.
commit 0ffbb688d3bf4a0890800b1ae35fb73bf60d1804
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Mar 23 23:47:07 2014 +0100
samba: Add GUI functionality to join a domain.
commit a8e327cd5054cabda42458e3415bd4c3a5375d6a
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Mar 23 21:49:25 2014 +0100
sambactrl: Re-indent file.
commit be2817a72ad06fb47ca81da0c27dfd9be433b010
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Mar 23 21:36:53 2014 +0100
samba: Merge winbind initscript into samba initscript.
commit 879dafbf1782afa70486d8bc63dd8c50e8c771ef
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Mar 23 21:23:07 2014 +0100
samba: Enable support for AD.
commit cfba7c56dbaca141353f3aa9be6062d8d4a85c48
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sun Mar 23 21:22:34 2014 +0100
krb5: New package.
-----------------------------------------------------------------------
Summary of changes:
 config/etc/group                             |   1 +
 config/rootfiles/common/armv5tel/initscripts |   1 -
 config/rootfiles/common/i586/initscripts     |   1 -
 config/rootfiles/packages/krb5               | 165 +++++++++++++++
 config/rootfiles/packages/samba              |   2 +-
 doc/language_issues.de                       |   2 +-
 doc/language_issues.en                       |   2 +-
 doc/language_issues.es                       |  10 +
 doc/language_issues.fr                       |  10 +
 doc/language_issues.nl                       |  10 +-
 doc/language_issues.pl                       |  10 +
 doc/language_issues.ru                       |  10 +
 doc/language_issues.tr                       |  10 +-
 doc/language_missings                        |  40 ++++
 html/cgi-bin/proxy.cgi                       |  71 ++++++-
 html/cgi-bin/samba.cgi                       |  90 ++++++++-
 langs/de/cgi-bin/de.pl                       |  11 +-
 langs/en/cgi-bin/en.pl                       |  11 +-
 langs/es/cgi-bin/es.pl                       |   1 -
 langs/fr/cgi-bin/fr.pl                       |   1 -
 langs/nl/cgi-bin/nl.pl                       |   1 -
 langs/pl/cgi-bin/pl.pl                       |   1 -
 langs/ru/cgi-bin/ru.pl                       |   1 -
 langs/tr/cgi-bin/tr.pl                       |   1 -
 lfs/{flac => krb5}                           |  46 +++--
 lfs/samba                                    |  37 +++-
 make.sh                                      |   1 +
 src/initscripts/init.d/samba                 |  22 +-
 src/initscripts/init.d/winbind               |  50 -----
 src/misc-progs/sambactrl.c                   | 289 ++++++++++++---------------
 src/paks/samba/install.sh                    |   8 +
 src/paks/samba/update.sh                     |   8 +
 src/patches/mitkrb-1.12.1-db2_fix-1.patch    | 175 ++++++++++++++++
 33 files changed, 823 insertions(+), 276 deletions(-)
 create mode 100644 config/rootfiles/packages/krb5
 copy lfs/{flac => krb5} (77%)
 delete mode 100644 src/initscripts/init.d/winbind
 create mode 100644 src/patches/mitkrb-1.12.1-db2_fix-1.patch
Difference in files:

diff --git a/config/etc/group b/config/etc/group
index ab5f4af..51334aa 100644
--- a/config/etc/group
+++ b/config/etc/group
@@ -25,6 +25,7 @@ stunnel:x:51:
 lock:x:54:
 sshd:x:74:
 pcap:x:77:
+wbpriv:x:88:squid
 nobody:x:99:
 users:x:100:
 snort:x:101:
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 1ec9ed4..7657fe6 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -131,7 +131,6 @@ etc/rc.d/init.d/upnpd
 #etc/rc.d/init.d/vdradmin
 #etc/rc.d/init.d/vsftpd
 #etc/rc.d/init.d/watchdog
-#etc/rc.d/init.d/winbind
 etc/rc.d/init.d/wlanclient
 #etc/rc.d/init.d/xinetd
 #etc/rc.d/rc0.d
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 153a5f4..458b966 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -134,7 +134,6 @@ etc/rc.d/init.d/upnpd
 #etc/rc.d/init.d/vdradmin
 #etc/rc.d/init.d/vsftpd
 #etc/rc.d/init.d/watchdog
-#etc/rc.d/init.d/winbind
 etc/rc.d/init.d/wlanclient
 #etc/rc.d/init.d/xinetd
 #etc/rc.d/rc0.d
diff --git a/config/rootfiles/packages/krb5 b/config/rootfiles/packages/krb5
new file mode 100644
index 0000000..e1e7d64
--- /dev/null
+++ b/config/rootfiles/packages/krb5
@@ -0,0 +1,165 @@
+#usr/bin/gss-client
+#usr/bin/k5srvutil
+usr/bin/kadmin
+usr/bin/kdestroy
+usr/bin/kinit
+usr/bin/klist
+usr/bin/kpasswd
+#usr/bin/krb5-config
+#usr/bin/ksu
+#usr/bin/kswitch
+#usr/bin/ktutil
+#usr/bin/kvno
+#usr/bin/sclient
+#usr/bin/sim_client
+#usr/bin/uuclient
+#usr/include/gssapi
+#usr/include/gssapi.h
+#usr/include/gssapi/gssapi.h
+#usr/include/gssapi/gssapi_ext.h
+#usr/include/gssapi/gssapi_generic.h
+#usr/include/gssapi/gssapi_krb5.h
+#usr/include/gssapi/mechglue.h
+#usr/include/gssrpc
+#usr/include/gssrpc/auth.h
+#usr/include/gssrpc/auth_gss.h
+#usr/include/gssrpc/auth_gssapi.h
+#usr/include/gssrpc/auth_unix.h
+#usr/include/gssrpc/clnt.h
+#usr/include/gssrpc/netdb.h
+#usr/include/gssrpc/pmap_clnt.h
+#usr/include/gssrpc/pmap_prot.h
+#usr/include/gssrpc/pmap_rmt.h
+#usr/include/gssrpc/rename.h
+#usr/include/gssrpc/rpc.h
+#usr/include/gssrpc/rpc_msg.h
+#usr/include/gssrpc/svc.h
+#usr/include/gssrpc/svc_auth.h
+#usr/include/gssrpc/types.h
+#usr/include/gssrpc/xdr.h
+#usr/include/kadm5
+#usr/include/kadm5/admin.h
+#usr/include/kadm5/chpass_util_strings.h
+#usr/include/kadm5/kadm_err.h
+#usr/include/kdb.h
+#usr/include/krad.h
+#usr/include/krb5
+#usr/include/krb5.h
+#usr/include/krb5/ccselect_plugin.h
+#usr/include/krb5/clpreauth_plugin.h
+#usr/include/krb5/hostrealm_plugin.h
+#usr/include/krb5/kadm5_hook_plugin.h
+#usr/include/krb5/kdcpreauth_plugin.h
+#usr/include/krb5/krb5.h
+#usr/include/krb5/localauth_plugin.h
+#usr/include/krb5/locate_plugin.h
+#usr/include/krb5/plugin.h
+#usr/include/krb5/preauth_plugin.h
+#usr/include/krb5/pwqual_plugin.h
+#usr/include/profile.h
+#usr/include/verto-module.h
+#usr/include/verto.h
+usr/lib/krb5
+usr/lib/krb5/plugins
+usr/lib/krb5/plugins/authdata
+usr/lib/krb5/plugins/kdb
+usr/lib/krb5/plugins/kdb/db2.so
+usr/lib/krb5/plugins/libkrb5
+usr/lib/krb5/plugins/preauth
+usr/lib/krb5/plugins/preauth/otp.so
+usr/lib/krb5/plugins/preauth/pkinit.so
+#usr/lib/libgssapi_krb5.so
+usr/lib/libgssapi_krb5.so.2
+usr/lib/libgssapi_krb5.so.2.2
+#usr/lib/libgssrpc.so
+usr/lib/libgssrpc.so.4
+usr/lib/libgssrpc.so.4.2
+#usr/lib/libk5crypto.so
+usr/lib/libk5crypto.so.3
+usr/lib/libk5crypto.so.3.1
+#usr/lib/libkadm5clnt.so
+#usr/lib/libkadm5clnt_mit.so
+usr/lib/libkadm5clnt_mit.so.9
+usr/lib/libkadm5clnt_mit.so.9.0
+#usr/lib/libkadm5srv.so
+#usr/lib/libkadm5srv_mit.so
+usr/lib/libkadm5srv_mit.so.9
+usr/lib/libkadm5srv_mit.so.9.0
+#usr/lib/libkdb5.so
+usr/lib/libkdb5.so.7
+usr/lib/libkdb5.so.7.0
+#usr/lib/libkrad.so
+usr/lib/libkrad.so.0
+usr/lib/libkrad.so.0.0
+#usr/lib/libkrb5.so
+usr/lib/libkrb5.so.3
+usr/lib/libkrb5.so.3.3
+#usr/lib/libkrb5support.so
+usr/lib/libkrb5support.so.0
+usr/lib/libkrb5support.so.0.1
+#usr/lib/libverto.so
+usr/lib/libverto.so.0
+usr/lib/libverto.so.0.0
+#usr/lib/pkgconfig/gssrpc.pc
+#usr/lib/pkgconfig/kadm-client.pc
+#usr/lib/pkgconfig/kadm-server.pc
+#usr/lib/pkgconfig/kdb.pc
+#usr/lib/pkgconfig/krb5-gssapi.pc
+#usr/lib/pkgconfig/krb5.pc
+#usr/lib/pkgconfig/mit-krb5-gssapi.pc
+#usr/lib/pkgconfig/mit-krb5.pc
+#usr/sbin/gss-server
+#usr/sbin/kadmin.local
+#usr/sbin/kadmind
+#usr/sbin/kdb5_util
+#usr/sbin/kprop
+#usr/sbin/kpropd
+#usr/sbin/kproplog
+#usr/sbin/krb5-send-pr
+#usr/sbin/krb5kdc
+#usr/sbin/sim_server
+#usr/sbin/sserver
+#usr/sbin/uuserver
+#usr/share/examples
+#usr/share/examples/krb5
+#usr/share/examples/krb5/kdc.conf
+#usr/share/examples/krb5/krb5.conf
+#usr/share/examples/krb5/services.append
+#usr/share/gnats
+#usr/share/gnats/mit
+#usr/share/locale/en_US
+#usr/share/locale/en_US/LC_MESSAGES
+#usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo
+#usr/share/man/cat1
+#usr/share/man/cat5
+#usr/share/man/cat8
+#usr/share/man/man1/k5srvutil.1
+#usr/share/man/man1/kadmin.1
+#usr/share/man/man1/kdestroy.1
+#usr/share/man/man1/kinit.1
+#usr/share/man/man1/klist.1
+#usr/share/man/man1/kpasswd.1
+#usr/share/man/man1/krb5-config.1
+#usr/share/man/man1/krb5-send-pr.1
+#usr/share/man/man1/ksu.1
+#usr/share/man/man1/kswitch.1
+#usr/share/man/man1/ktutil.1
+#usr/share/man/man1/kvno.1
+#usr/share/man/man1/sclient.1
+#usr/share/man/man5/.k5identity.5
+#usr/share/man/man5/.k5login.5
+#usr/share/man/man5/k5identity.5
+#usr/share/man/man5/k5login.5
+#usr/share/man/man5/kadm5.acl.5
+#usr/share/man/man5/kdc.conf.5
+#usr/share/man/man5/krb5.conf.5
+#usr/share/man/man8/kadmin.local.8
+#usr/share/man/man8/kadmind.8
+#usr/share/man/man8/kdb5_ldap_util.8
+#usr/share/man/man8/kdb5_util.8
+#usr/share/man/man8/kprop.8
+#usr/share/man/man8/kpropd.8
+#usr/share/man/man8/kproplog.8
+#usr/share/man/man8/krb5kdc.8
+#usr/share/man/man8/sserver.8
+var/lib/krb5kdc
diff --git a/config/rootfiles/packages/samba b/config/rootfiles/packages/samba
index 9882067..aafa112 100644
--- a/config/rootfiles/packages/samba
+++ b/config/rootfiles/packages/samba
@@ -219,10 +219,10 @@ var/ipfire/samba/shares
 var/ipfire/samba/smb.conf
 var/ipfire/samba/smb.conf.default
 var/lib/samba
+var/lib/samba/winbindd_privileged
 var/log/samba
 var/nmbd
 etc/rc.d/init.d/samba
-etc/rc.d/init.d/winbind
 srv/web/ipfire/cgi-bin/samba.cgi
 srv/web/ipfire/cgi-bin/sambahlp.cgi
 var/ipfire/menu.d/EX-samba.menu
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 8565439..0eb5785 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -21,6 +21,7 @@ WARNING: translation string unused: add-route
 WARNING: translation string unused: addon
 WARNING: translation string unused: admin user password has been changed
 WARNING: translation string unused: administrator user password
+WARNING: translation string unused: adsl settings
 WARNING: translation string unused: advproxy LDAP auth
 WARNING: translation string unused: advproxy NTLM auth
 WARNING: translation string unused: advproxy advanced proxy
@@ -237,7 +238,6 @@ WARNING: translation string unused: fwhost Custom Host
 WARNING: translation string unused: fwhost Custom Network
 WARNING: translation string unused: fwhost IpSec Host
 WARNING: translation string unused: fwhost IpSec Network
-WARNING: translation string unused: fwhost OpenVPN N-2-N
 WARNING: translation string unused: fwhost OpenVPN static host
 WARNING: translation string unused: fwhost OpenVPN static network
 WARNING: translation string unused: fwhost Standard Network
diff --git a/doc/language_issues.en b/doc/language_issues.en
index aa957aa..f3ef621 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -20,6 +20,7 @@ WARNING: translation string unused: add xtaccess
 WARNING: translation string unused: add-route
 WARNING: translation string unused: admin user password has been changed
 WARNING: translation string unused: administrator user password
+WARNING: translation string unused: adsl settings
 WARNING: translation string unused: advproxy LDAP auth
 WARNING: translation string unused: advproxy NTLM auth
 WARNING: translation string unused: advproxy advanced proxy
@@ -260,7 +261,6 @@ WARNING: translation string unused: fwhost Custom Host
 WARNING: translation string unused: fwhost Custom Network
 WARNING: translation string unused: fwhost IpSec Host
 WARNING: translation string unused: fwhost IpSec Network
-WARNING: translation string unused: fwhost OpenVPN N-2-N
 WARNING: translation string unused: fwhost OpenVPN static host
 WARNING: translation string unused: fwhost OpenVPN static network
 WARNING: translation string unused: fwhost Standard Network
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 1176883..70bff8e 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -594,10 +594,16 @@ WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -778,6 +784,7 @@ WARNING: untranslated string: fwdfw wd_sun
 WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwhost OpenVPN N-2-N
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -861,6 +868,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -932,6 +940,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index beca008..158b544 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -604,10 +604,16 @@ WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -789,6 +795,7 @@ WARNING: untranslated string: fwdfw wd_sun
 WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwhost OpenVPN N-2-N
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -872,6 +879,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -939,6 +947,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 6162636..358958b 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -260,7 +260,6 @@ WARNING: translation string unused: fwhost Custom Host
 WARNING: translation string unused: fwhost Custom Network
 WARNING: translation string unused: fwhost IpSec Host
 WARNING: translation string unused: fwhost IpSec Network
-WARNING: translation string unused: fwhost OpenVPN N-2-N
 WARNING: translation string unused: fwhost OpenVPN static host
 WARNING: translation string unused: fwhost OpenVPN static network
 WARNING: translation string unused: fwhost Standard Network
@@ -661,6 +660,12 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: atm device
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
@@ -683,6 +688,7 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
+WARNING: untranslated string: messages
 WARNING: untranslated string: model
 WARNING: untranslated string: modem hardware details
 WARNING: untranslated string: modem information
@@ -712,6 +718,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 1176883..70bff8e 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -594,10 +594,16 @@ WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -778,6 +784,7 @@ WARNING: untranslated string: fwdfw wd_sun
 WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwhost OpenVPN N-2-N
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -861,6 +868,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -932,6 +940,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 547e1d4..b3c765e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -597,10 +597,16 @@ WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -773,6 +779,7 @@ WARNING: untranslated string: fwdfw wd_sun
 WARNING: untranslated string: fwdfw wd_thu
 WARNING: untranslated string: fwdfw wd_tue
 WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwhost OpenVPN N-2-N
 WARNING: untranslated string: fwhost addgrp
 WARNING: untranslated string: fwhost addgrpname
 WARNING: untranslated string: fwhost addhost
@@ -857,6 +864,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -922,6 +930,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index cc40178..abb23af 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -259,7 +259,6 @@ WARNING: translation string unused: fwhost Custom Host
 WARNING: translation string unused: fwhost Custom Network
 WARNING: translation string unused: fwhost IpSec Host
 WARNING: translation string unused: fwhost IpSec Network
-WARNING: translation string unused: fwhost OpenVPN N-2-N
 WARNING: translation string unused: fwhost OpenVPN static host
 WARNING: translation string unused: fwhost OpenVPN static network
 WARNING: translation string unused: fwhost Standard Network
@@ -664,6 +663,12 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
 WARNING: untranslated string: default
@@ -683,6 +688,7 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
+WARNING: untranslated string: messages
 WARNING: untranslated string: model
 WARNING: untranslated string: modem hardware details
 WARNING: untranslated string: modem information
@@ -711,6 +717,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
diff --git a/doc/language_missings b/doc/language_missings
index 4699f12..cab98e0 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -14,10 +14,17 @@
 # Checking cgi-bin translations for language: fr                           #
 ############################################################################
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -337,6 +344,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -407,6 +415,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < show dh
 < snat new source ip address
@@ -545,10 +555,17 @@
 # Checking cgi-bin translations for language: es                           #
 ############################################################################
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -868,6 +885,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -954,6 +972,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < Set time on boot
 < show dh
@@ -1069,10 +1089,17 @@
 # Checking cgi-bin translations for language: pl                           #
 ############################################################################
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -1383,6 +1410,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -1455,6 +1483,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < show dh
 < snat new source ip address
@@ -1569,10 +1599,17 @@
 ############################################################################
 < Add a route
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -1889,6 +1926,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -1959,6 +1997,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < show dh
 < snat new source ip address
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 9c3be0b..9abcb91 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -172,6 +172,8 @@ unless (-e $acl_include) { system("touch $acl_include"); }
 unless (-e $browserdb) { system("touch $browserdb"); }
 unless (-e $mimetypes) { system("touch $mimetypes"); }
+my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
+
 open FILE, $browserdb;
 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
 close(FILE);
@@ -264,6 +266,7 @@ $proxysettings{'LDAP_PORT'} = '389';
 $proxysettings{'LDAP_BINDDN_USER'} = '';
 $proxysettings{'LDAP_BINDDN_PASS'} = '';
 $proxysettings{'LDAP_GROUP'} = '';
+$proxysettings{'NTLM_AUTH_GROUP'} = '';
 $proxysettings{'NTLM_DOMAIN'} = '';
 $proxysettings{'NTLM_PDC'} = '';
 $proxysettings{'NTLM_BDC'} = '';
@@ -860,6 +863,7 @@ $checked{'AUTH_METHOD'}{'ncsa'} = '';
 $checked{'AUTH_METHOD'}{'ident'} = '';
 $checked{'AUTH_METHOD'}{'ldap'} = '';
 $checked{'AUTH_METHOD'}{'ntlm'} = '';
+$checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
 $checked{'AUTH_METHOD'}{'radius'} = '';
 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
@@ -1686,18 +1690,33 @@ print <<END
 END
 ;
-print <<END
+my $auth_columns = 5;
+if ($HAVE_NTLM_AUTH) {
+	$auth_columns++;
+}
+my $auth_column_width = 100 / $auth_columns;
+
+print <<END;
 <table width='100%'>
 <tr>
-	<td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
+	<td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
 </tr>
 <tr>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
+END
+
+if ($HAVE_NTLM_AUTH) {
+	print <<END;
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
+END
+}
+
+print <<END
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
 </tr>
 </table>
 END
@@ -1977,6 +1996,27 @@ END
 ; }
# ===================================================================
+#  NTLM-AUTH settings
+# ===================================================================
+
+if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
+	print <<END;
+		<hr size ='1'>
+		<table width='100%'>
+			<tr>
+				<td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
+			</tr>
+			<tr>
+				<td width='20%' class='base'>$Lang::tr{'advproxy group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+				<td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
+				<td>&nbsp;</td>
+				<td>&nbsp;</td>
+			</tr>
+	</table>
+END
+}
+
+# ===================================================================
 #  LDAP auth settings
 # ===================================================================
@@ -3143,7 +3183,6 @@ END
    print FILE <<END
cache_effective_user squid
-cache_effective_group squid
 umask 022
pid_filename /var/run/squid.pid
@@ -3326,6 +3365,20 @@ END
    		}
    	}
+		if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
+		{
+			print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
+			if ($proxysettings{'NTLM_AUTH_GROUP'}) {
+				my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
+				$ntlm_auth_group =~ s/\/+/;
+
+				print FILE " --require-membership-of="$ntlm_auth_group"";
+			}
+			print FILE "\n";
+
+			print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
+		}
+
    	if ($proxysettings{'AUTH_METHOD'} eq 'radius')
    	{
    		print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index bfa0b89..0e1409c 100644
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -67,8 +67,7 @@ $ovpnip[3]=$ovpnip[3]+1;
 ############################################################################################################################
 ############################################# Samba Dienste fr Statusberprfung ##########################################
-my %servicenames = ('SMB Daemon' => 'smbd','NetBIOS Nameserver' => 'nmbd');
-#my %servicenames = ('SMB Daemon' => 'smbd','NetBIOS Nameserver' => 'nmbd','Winbind Daemon' => 'winbindd');
+my %servicenames = ('SMB Daemon' => 'smbd', 'NetBIOS Nameserver' => 'nmbd', 'Winbind Daemon' => 'winbindd');
&Header::showhttpheaders();
@@ -192,6 +191,10 @@ if ($sambasettings{'ACTION'} eq 'globalresetyes')
    refreshpage();
    }
+if ($sambasettings{'ACTION'} eq 'join') {
+	$message .= &joindomain($sambasettings{'USERNAME'}, $sambasettings{'PASSWORD'});
+}
+
 ############################################################################################################################
 ################################################ Sicherheitsabfrage für den Reset ##########################################
@@ -276,6 +279,7 @@ print FILE <<END
 netbios name = $sambasettings{'NETBIOSNAME'}
 server string = $sambasettings{'SRVSTRING'}
 workgroup = $sambasettings{'WORKGRP'}
+realm = $mainsettings{'DOMAINNAME'}
 passdb backend = smbpasswd
wide links = $sambasettings{'WIDELINKS'}
@@ -315,8 +319,12 @@ username level = 1
 wins support = $sambasettings{'WINSSUPPORT'}
 wins server = $sambasettings{'WINSSRV'}
+winbind separator = +
+winbind uid = 10000-20000
+winbind gid = 10000-20000
+winbind use default domain = yes
+
 log file       = /var/log/samba/samba-log.%m
-lock directory = /var/lock/samba
 pid directory  = /var/run/
 log level = $sambasettings{'LOGLEVEL'}
 syslog = $sambasettings{'SYSLOGLEVEL'}
@@ -384,6 +392,15 @@ if ($errormessage)
    &Header::closebox();
    }
+if ($message) {
+	$message = &Header::cleanhtml($message);
+	$message =~ s/\n/<br>/g;
+
+	&Header::openbox('100%', 'left', $Lang::tr{'messages'});
+	print "$message\n";
+	&Header::closebox();
+}
+
 ############################################################################################################################
 ########################################## Aktivieren von Checkboxen und Dropdowns #########################################
@@ -440,14 +457,6 @@ $selected{'SECURITY'}{$sambasettings{'SECURITY'}} = "selected='selected'";
 print <<END
 <br />
 <table width='95%' cellspacing='0'>
-END
-;
-if ( $message ne "" )
-	{
-	print "<tr><td colspan='3' align='left'><font color='red'>$message</font>";
-	}
-
-print <<END
 <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'all services'}</b></td></tr>
 </table><table width='95%' cellspacing='0'>
 END
@@ -875,6 +884,55 @@ END
 &Header::closebox();
 }
+if ($sambasettings{'SECURITY'} eq "ADS") {
+	&Header::openbox('100%', 'center', $Lang::tr{'samba join a domain'});
+
+	my $AD_DOMAINNAME = uc($mainsettings{'DOMAINNAME'});
+
+	print <<END;
+	<form method="POST" action="$ENV{'SCRIPT_NAME'}">
+		<input type="hidden" name="ACTION" value="join">
+
+		<table width="95%">
+			<tbody>
+				<tr>
+					<td width="40%">
+						$Lang::tr{'domain'}
+					</td>
+					<td>
+						$AD_DOMAINNAME
+					</td>
+				</tr>
+				<tr>
+					<td width="40%">
+						$Lang::tr{'administrator username'}
+					</td>
+					<td>
+						<input type="text" name="USERNAME" size="30">
+					</td>
+				</tr>
+				<tr>
+					<td width="40%">
+						$Lang::tr{'administrator password'}
+					</td>
+					<td>
+						<input type="password" name="PASSWORD" size="30">
+					</td>
+				</tr>
+				<tr>
+					<td></td>
+					<td>
+						<input type="submit" value="$Lang::tr{'samba join domain'}">
+					</td>
+				</tr>
+			</tbody>
+		</table>
+	</form>
+END
+
+	&Header::closebox();
+}
+
 ############################################################################################################################
 ############################################### Verwalten von Freigaben ####################################################
@@ -1304,3 +1362,13 @@ sub isrunning
    	}
    return $status;
    }
+
+sub joindomain {
+	my $username = shift;
+	my $password = shift;
+
+	my @options = ("/usr/local/bin/sambactrl", "join", $username, $password);
+	my $output = qx(@options);
+
+	return $output;
+}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 556e65c..736cdf6 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -99,7 +99,10 @@
 'addon' => 'Addons',
 'admin user password has been changed' => 'Passwort für Benutzer admin wurde geändert.',
 'admin users' => 'Liste der Benutzer mit Super User Rechten',
+'administrator password' => 'Administrator-Passwort',
 'administrator user password' => 'Passwort für Benutzer &quot;admin&quot;:',
+'administrator username' => 'Administrator-Benutzername',
+'adsl settings' => 'ADSL-Einstellungen',
 'advanced' => 'Erweitert',
 'advanced server' => 'Erweiterte Server-Optionen',
 'advproxy AUTH always required' => 'Authentifizierung für uneingeschränkte Quelladressen erforderlich',
@@ -111,7 +114,8 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Lokal',
 'advproxy AUTH method none' => 'Keine',
-'advproxy AUTH method ntlm' => 'Windows',
+'advproxy AUTH method ntlm' => 'Windows NT4-Domäne',
+'advproxy AUTH method ntlm auth' => 'Windows Active Directory',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domains ohne Authentifizierung (eine pro Zeile)',
 'advproxy AUTH number of auth processes' => 'Anzahl der Authentifizierungsprozesse',
@@ -262,6 +266,8 @@
 'advproxy fake useragent' => 'Gefälschter Useragent für externe Web-Sites',
 'advproxy friday' => 'Fre',
 'advproxy from' => 'Von',
+'advproxy group access control' => 'Gruppenbasierte Zugriffskontrolle',
+'advproxy group required' => 'Erforderliche Gruppe',
 'advproxy hdd cache size' => 'Cachegröße auf der Festplatte (MB)',
 'advproxy invalid num of children' => 'Ungültige Anzahl der Filter-Prozesse',
 'advproxy log enabled' => 'Protokoll aktiviert',
@@ -1462,6 +1468,7 @@
 'memory' => 'Speicher',
 'memory information' => 'Speicherinformationen',
 'memory usage per' => 'Speichernutzung pro',
+'messages' => 'Meldungen',
 'messages logging' => 'Logeinstellungen für /var/log/messages',
 'method' => 'Methode:',
 'min costs' => 'Minimale Kosten',
@@ -1897,6 +1904,8 @@
 'running' => 'LÄUFT',
 'safe removal of umounted device' => 'Sie können gefahrlos das abgemeldete Gerät entfernen',
 'samba' => 'Samba',
+'samba join a domain' => 'Einer Domäne beitreten',
+'samba join domain' => 'Domäne beitreten',
 'samba status' => 'Samba Status',
 'saturday' => 'Samstag',
 'save' => 'Speichern',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index f4fafca..ba9e134 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -99,7 +99,10 @@
 'addons' => 'Addons',
 'admin user password has been changed' => 'Admin user password has been changed.',
 'admin users' => 'User with superuser rights',
+'administrator password' => 'Administrator password',
 'administrator user password' => 'Admin user password:',
+'administrator username' => 'Administrator username',
+'adsl settings' => 'ADSL settings',
 'advanced' => 'Advanced',
 'advanced server' => 'Advanced server options',
 'advproxy AUTH always required' => 'Require authentication for unrestricted source addresses',
@@ -111,7 +114,8 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
-'advproxy AUTH method ntlm' => 'Windows',
+'advproxy AUTH method ntlm' => 'Windows NT4 Domain',
+'advproxy AUTH method ntlm auth' => 'Windows Active Directory',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domains without authentication (one per line)',
 'advproxy AUTH number of auth processes' => 'Number of authentication processes',
@@ -262,6 +266,8 @@
 'advproxy fake useragent' => 'Fake useragent submitted to external sites',
 'advproxy friday' => 'Fri',
 'advproxy from' => 'From',
+'advproxy group access control' => 'Group based access control',
+'advproxy group required' => 'Required group',
 'advproxy hdd cache size' => 'Harddisk cache size (MB)',
 'advproxy invalid num of children' => 'Invalid number of filter processes',
 'advproxy log enabled' => 'Log enabled',
@@ -1492,6 +1498,7 @@
 'memory' => 'Memory',
 'memory information' => 'Memory information',
 'memory usage per' => 'Memory Usage per',
+'messages' => 'Messages',
 'messages logging' => 'Logsettings for /var/log/messages',
 'method' => 'Method:',
 'min costs' => 'Minimum costs',
@@ -1929,6 +1936,8 @@
 'running' => 'RUNNING',
 'safe removal of umounted device' => 'You can safely remove the unmounted device',
 'samba' => 'Samba',
+'samba join a domain' => 'Join a domain',
+'samba join domain' => 'Join domain',
 'samba status' => 'Samba Status',
 'saturday' => 'Saturday',
 'save' => 'Save',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 2be3d36..8c757a9 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -101,7 +101,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'Ninguno',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Dominios sin autenticación (uno por línea)',
 'advproxy AUTH number of auth processes' => 'Número de proceso de autenticación',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index f4e9518..ccd61cb 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -103,7 +103,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'Rien',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domaines sans authentification (un par ligne)',
 'advproxy AUTH number of auth processes' => 'Nombre de processus d'authentification',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index b9e4c6f..fdad1d3 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -110,7 +110,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Lokaal',
 'advproxy AUTH method none' => 'Geen',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domeinen zonder authenticatie (een per regel)',
 'advproxy AUTH number of auth processes' => 'Aantal authenticatieprocessen',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index a79eed0..5a205e1 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -103,7 +103,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domeny bez autoryzacji (jedna w linii)',
 'advproxy AUTH number of auth processes' => 'Liczba procesów autoryzujących',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index e3aaab4..38b8441 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -101,7 +101,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Локальный',
 'advproxy AUTH method none' => 'Нет',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Домен без аутентификации (один на строчку)',
 'advproxy AUTH number of auth processes' => 'Кол-во процессов аутентификации',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 459a80c..e2a6d4f 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -110,7 +110,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Yerel',
 'advproxy AUTH method none' => 'Yok',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Kimlik doğrulaması olmayan hedefler (her satırda bir tane)',
 'advproxy AUTH number of auth processes' => 'Kimlik doğrulama işlemlerinin sayısı',
diff --git a/lfs/krb5 b/lfs/krb5
new file mode 100644
index 0000000..64eb670
--- /dev/null
+++ b/lfs/krb5
@@ -0,0 +1,105 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see http://www.gnu.org/licenses/.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.12.1
+
+THISAPP    = krb5-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)/src
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = krb5
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 4a631b3474d3e44773f1ecda96f04400
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+	@$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/mitkrb-1.12.1-db2_fix-1.patch
+
+	cd $(DIR_APP) && sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
+		-e "s@-lpython2.5]@&,\n  AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
+		-i configure.in
+	cd $(DIR_APP) && autoconf
+
+	cd $(DIR_APP) && ./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var/lib \
+		--with-system-et \
+		--with-system-ss \
+		--enable-dns-for-realm \
+		CPPFLAGS="-I/usr/include/et"
+
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make $(EXTRA_INSTALL) install
+
+	for LIB in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
+        		kdb5 kdb_ldap krad krb5 krb5support verto; do \
+		chmod -f -v 755 "/usr/lib/lib$$LIB.so"; \
+	done
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/samba b/lfs/samba
index 603f215..4bd42cb 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
 PAK_VER    = 58
-DEPS       = "cups"
+DEPS       = "cups krb5"
###############################################################################
 # Top-level Rules
@@ -78,16 +78,27 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @$(PREBUILD)
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
    cd $(DIR_APP)/source3 && ./configure \
-				--prefix=/usr \
-				--libdir=/usr/lib/ \
-				--sysconfdir=/var/ipfire \
-				--localstatedir=/var \
-				--with-piddir=/var/run \
-				--with-fhs \
-				--with-winbind \
-				--disable-swat \
-				--enable-cups \
-				--with-syslog
+		--prefix=/usr \
+		--libdir=/usr/lib/ \
+		--sysconfdir=/var/ipfire \
+		--localstatedir=/var \
+		--with-cachedir=/var/lib/samba \
+		--with-lockdir=/var/lib/samba \
+		--with-piddir=/var/run \
+		--with-ads \
+		--with-acl-support \
+		--with-libsmbclient \
+		--with-libsmbsharemodes \
+		--with-sendfile-support \
+		--without-smbwrapper \
+		--with-mmap \
+		--with-fhs \
+		--with-vfs \
+		--with-winbind \
+		--disable-swat \
+		--enable-cups \
+		--disable-avahi \
+		--with-syslog
    cd $(DIR_APP)/source3 && make proto && make all $(MAKETUNING) $(EXTRA_MAKE)
    cd $(DIR_APP)/source3 && make install
    cd $(DIR_APP)/source3 && chmod -v 644 /usr/include/libsmbclient.h
@@ -107,5 +118,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
    -mkdir -p /var/log/samba
    install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
+
+	-mkdir -p 750 /var/lib/samba/winbindd_privileged
+	chgrp wbpriv /var/lib/samba/winbindd_privileged
+
    @rm -rf $(DIR_APP)
    @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 4ca0549..65ca37d 100755
--- a/make.sh
+++ b/make.sh
@@ -616,6 +616,7 @@ buildipfire() {
   ipfiremake foomatic
   ipfiremake hplip
   ipfiremake cifs-utils
+  ipfiremake krb5
   ipfiremake samba
   ipfiremake sudo
   ipfiremake mc
diff --git a/src/initscripts/init.d/samba b/src/initscripts/init.d/samba
index d6bdb26..614c9b8 100644
--- a/src/initscripts/init.d/samba
+++ b/src/initscripts/init.d/samba
@@ -4,19 +4,28 @@
 # Based on sysklogd script from LFS-3.1 and earlier.
 # Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org
-#$LastChangedBy: bdubbs $
-#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $
-
 . /etc/sysconfig/rc
 . $rc_functions
+function fix_permissions() {
+	local lockdir="/var/lib/samba/winbindd_privileged"
+
+	chmod 750 "${lockdir}"
+	chgrp wbpriv "${lockdir}"
+}
+
 case "$1" in
    start)
+		fix_permissions
+
    	boot_mesg "Starting nmbd..."
    	loadproc /usr/sbin/nmbd -D
boot_mesg "Starting smbd..."
    	loadproc /usr/sbin/smbd -D
+
+		boot_mesg "Starting winbind..."
+		loadproc /usr/sbin/winbindd
    	;;
stop)
@@ -25,6 +34,9 @@ case "$1" in
boot_mesg "Stopping nmbd..."
    	killproc -p /var/run/nmbd.pid /usr/sbin/nmbd
+
+		boot_mesg "Stopping winbind..."
+		killproc -p /var/run/winbindd.pid /usr/sbin/winbindd
                 ;;
reload)
@@ -33,6 +45,9 @@ case "$1" in
boot_mesg "Reloading nmbd..."
    	reloadproc /usr/sbin/nmbd
+
+		boot_mesg "Reloading winbind..."
+		reloadproc /usr/sbin/winbindd
    	;;
restart)
@@ -44,6 +59,7 @@ case "$1" in
    status)
    	statusproc /usr/sbin/nmbd
    	statusproc /usr/sbin/smbd
+		statusproc /usr/sbin/winbindd
    	;;
*)
diff --git a/src/initscripts/init.d/winbind b/src/initscripts/init.d/winbind
deleted file mode 100644
index 590fddf..0000000
--- a/src/initscripts/init.d/winbind
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-# Begin $rc_base/init.d/winbind
-
-# Based on sysklogd script from LFS-3.1 and earlier.
-# Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org
-
-#$LastChangedBy: bdubbs $
-#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $
-
-. /etc/sysconfig/rc
-. $rc_functions
-
-PIDFILE="/var/run/winbindd.pid"
-KILLDELAY="10"
-
-case "$1" in
-
-        start)
-                boot_mesg "Starting winbind..."
-                loadproc /usr/sbin/winbindd
-                ;;
-
-        stop)
-                boot_mesg "Stopping winbind..."
-		killproc -p ${PIDFILE} /usr/sbin/winbind
-		;;
-
-	reload)
-		boot_mesg "Reloading winbind..."
-		reloadproc /usr/sbin/winbindd
-		;;
-
-        restart)
-                $0 stop
-                sleep 1
-                $0 start
-                ;;
-
-        status)
-                statusproc /usr/sbin/winbindd
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|reload|restart|status}"
-                exit 1
-                ;;
-
-esac
-
-# End $rc_base/init.d/winbind
diff --git a/src/misc-progs/sambactrl.c b/src/misc-progs/sambactrl.c
index f81b295..45c166d 100644
--- a/src/misc-progs/sambactrl.c
+++ b/src/misc-progs/sambactrl.c
@@ -10,165 +10,136 @@
char command[BUFFER_SIZE];
-int main(int argc, char *argv[])
-{
+int main(int argc, char *argv[]) {
+	if (!(initsetuid()))
+		exit(1);
-if (!(initsetuid()))
-exit(1);
+	// Check what command is asked
+	if (argc == 1) {
+		fprintf (stderr, "Missing smbctrl command!\n");
+		return 1;
-// Check what command is asked
-if (argc==1)
-{
-fprintf (stderr, "Missing smbctrl command!\n");
-return 1;
-}
-else if (strcmp(argv[1], "smbuserdisable")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbuserenable")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbuserdelete")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconf")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconfcups")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconfpdc")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconfpdccups")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbglobalreset")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
-safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
-safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
-safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc");
-return 0;
-}
-else if (strcmp(argv[1], "smbsharesreset")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf");
-safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares");
-return 0;
-}
-else if (strcmp(argv[1], "smbprinterreset")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf");
-safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer");
-return 0;
-}
-else if (strcmp(argv[1], "smbstop")==0)
-{
-safe_system("/etc/rc.d/init.d/samba stop >/dev/null");
-safe_system("/usr/local/bin/sambactrl disable");
-return 0;
-}
-else if (strcmp(argv[1], "smbstart")==0)
-{
-safe_system("/etc/rc.d/init.d/samba start >/dev/null");
-safe_system("/usr/local/bin/sambactrl enable");
-return 0;
-}
-else if (strcmp(argv[1], "smbrestart")==0)
-{
-safe_system("/etc/rc.d/init.d/samba restart >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "smbreload")==0)
-{
-safe_system("/etc/rc.d/init.d/samba reload >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "smbstatus")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null");
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbuseradd")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null");
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbpcadd")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null");
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbchangepw")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "readsmbpasswd")==0)
-{
-safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null");
-safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "locksmbpasswd")==0)
-{
-safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null");
-safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "enable")==0)
-{
-safe_system("touch /var/ipfire/samba/enable");
-safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba");
-safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba");
-safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba");
-return 0;
-}
-else if (strcmp(argv[1], "disable")==0)
-{
-safe_system("unlink /var/ipfire/samba/enable");
-safe_system("rm -rf /etc/rc.d/rc*.d/*samba");
-return 0;
-}
-return 0;
+	} else if (strcmp(argv[1], "smbuserdisable") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbuserenable") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbuserdelete") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbsafeconf") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbsafeconfcups") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbsafeconfpdc") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbsafeconfpdccups") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbglobalreset") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+		safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
+		safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
+		safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc");
+
+	} else if (strcmp(argv[1], "smbsharesreset") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf");
+		safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares");
+
+	} else if (strcmp(argv[1], "smbprinterreset") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf");
+		safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer");
+
+	} else if (strcmp(argv[1], "smbstop") == 0) {
+		safe_system("/etc/rc.d/init.d/samba stop >/dev/null");
+		safe_system("/usr/local/bin/sambactrl disable");
+
+	} else if (strcmp(argv[1], "smbstart") == 0) {
+		safe_system("/etc/rc.d/init.d/samba start >/dev/null");
+		safe_system("/usr/local/bin/sambactrl enable");
+
+	} else if (strcmp(argv[1], "smbrestart") == 0) {
+		safe_system("/etc/rc.d/init.d/samba restart >/dev/null");
+
+	} else if (strcmp(argv[1], "smbreload") == 0) {
+		safe_system("/etc/rc.d/init.d/samba reload >/dev/null");
+
+	} else if (strcmp(argv[1], "smbstatus") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null");
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbuseradd") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null");
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbpcadd") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null");
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbchangepw") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "readsmbpasswd") == 0) {
+		safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null");
+		safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null");
+
+	} else if (strcmp(argv[1], "locksmbpasswd") == 0) {
+		safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null");
+		safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null");
+
+	} else if (strcmp(argv[1], "enable") == 0) {
+		safe_system("touch /var/ipfire/samba/enable");
+		safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba");
+		safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba");
+		safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba");
+
+	} else if (strcmp(argv[1], "disable") == 0) {
+		safe_system("unlink /var/ipfire/samba/enable");
+		safe_system("rm -rf /etc/rc.d/rc*.d/*samba");
+
+	} else if (strcmp(argv[1], "join") == 0) {
+		if (argc == 4) {
+			snprintf(command, BUFFER_SIZE - 1, "/usr/bin/net join -U "%s%%%s"",
+				argv[2], argv[3]);
+			return safe_system(command);
+		} else {
+			fprintf(stderr, "Wrong number of arguments. Need username and password.\n");
+			return 1;
+		}
+	}
+
+	return 0;
 }
diff --git a/src/paks/samba/install.sh b/src/paks/samba/install.sh
index 9c4f7f4..b7a2fc1 100644
--- a/src/paks/samba/install.sh
+++ b/src/paks/samba/install.sh
@@ -22,6 +22,14 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+
+# If the wbpriv group does not exist yet, then create it and put squid
+# into it.
+if ! getent group wbpriv >/dev/null; then
+	groupadd -g 88 wbpriv
+	usermod -a -G wbpriv squid
+fi
+
 extract_files
 restore_backup ${NAME}
 /usr/local/bin/sambactrl smbstart
diff --git a/src/paks/samba/update.sh b/src/paks/samba/update.sh
index 6f4cb60..648b025 100644
--- a/src/paks/samba/update.sh
+++ b/src/paks/samba/update.sh
@@ -23,6 +23,14 @@
 #
 . /opt/pakfire/lib/functions.sh
 ./uninstall.sh
+
+# If the wbpriv group does not exist yet, then create it and put squid
+# into it.
+if ! getent group wbpriv >/dev/null; then
+	groupadd -g 88 wbpriv
+	usermod -a -G wbpriv squid
+fi
+
 extract_files
 restore_backup ${NAME}
 echo "passdb backend = smbpasswd" >> /var/ipfire/samba/smb.conf
diff --git a/src/patches/mitkrb-1.12.1-db2_fix-1.patch b/src/patches/mitkrb-1.12.1-db2_fix-1.patch
new file mode 100644
index 0000000..f27304c
--- /dev/null
+++ b/src/patches/mitkrb-1.12.1-db2_fix-1.patch
@@ -0,0 +1,175 @@
+Submitted By:            Pierre Labastie <pierre dot labastie at eamil dot fr>
+Date:                    2014-03-04
+Initial Package Version: 1.12.1
+Upstream Status:         In upstream GIT
+Origin:                  Upstream
+Description:             Fixes http://krbdev.mit.edu/rt/Ticket/Display.html?id=7860
+
+--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.c
++++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.c
+@@ -81,9 +81,9 @@ mpool_open(key, fd, pagesize, maxcache)
+ 	/* Allocate and initialize the MPOOL cookie. */
+ 	if ((mp = (MPOOL *)calloc(1, sizeof(MPOOL))) == NULL)
+ 		return (NULL);
+-	CIRCLEQ_INIT(&mp->lqh);
++	TAILQ_INIT(&mp->lqh);
+ 	for (entry = 0; entry < HASHSIZE; ++entry)
+-		CIRCLEQ_INIT(&mp->hqh[entry]);
++		TAILQ_INIT(&mp->hqh[entry]);
+ 	mp->maxcache = maxcache;
+ 	mp->npages = sb.st_size / pagesize;
+ 	mp->pagesize = pagesize;
+@@ -143,8 +143,8 @@ mpool_new(mp, pgnoaddr, flags)
+ 	bp->flags = MPOOL_PINNED | MPOOL_INUSE;
+ 
+ 	head = &mp->hqh[HASHKEY(bp->pgno)];
+-	CIRCLEQ_INSERT_HEAD(head, bp, hq);
+-	CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q);
++	TAILQ_INSERT_HEAD(head, bp, hq);
++	TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+ 	return (bp->page);
+ }
+ 
+@@ -168,8 +168,8 @@ mpool_delete(mp, page)
+ 
+ 	/* Remove from the hash and lru queues. */
+ 	head = &mp->hqh[HASHKEY(bp->pgno)];
+-	CIRCLEQ_REMOVE(head, bp, hq);
+-	CIRCLEQ_REMOVE(&mp->lqh, bp, q);
++	TAILQ_REMOVE(head, bp, hq);
++	TAILQ_REMOVE(&mp->lqh, bp, q);
+ 
+ 	free(bp);
+ 	return (RET_SUCCESS);
+@@ -208,10 +208,10 @@ mpool_get(mp, pgno, flags)
+ 		 * of the lru chain.
+ 		 */
+ 		head = &mp->hqh[HASHKEY(bp->pgno)];
+-		CIRCLEQ_REMOVE(head, bp, hq);
+-		CIRCLEQ_INSERT_HEAD(head, bp, hq);
+-		CIRCLEQ_REMOVE(&mp->lqh, bp, q);
+-		CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q);
++		TAILQ_REMOVE(head, bp, hq);
++		TAILQ_INSERT_HEAD(head, bp, hq);
++		TAILQ_REMOVE(&mp->lqh, bp, q);
++		TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+ 
+ 		/* Return a pinned page. */
+ 		bp->flags |= MPOOL_PINNED;
+@@ -261,8 +261,8 @@ mpool_get(mp, pgno, flags)
+ 	 * of the lru chain.
+ 	 */
+ 	head = &mp->hqh[HASHKEY(bp->pgno)];
+-	CIRCLEQ_INSERT_HEAD(head, bp, hq);
+-	CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q);
++	TAILQ_INSERT_HEAD(head, bp, hq);
++	TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+ 
+ 	/* Run through the user's filter. */
+ 	if (mp->pgin != NULL)
+@@ -311,8 +311,8 @@ mpool_close(mp)
+ 	BKT *bp;
+ 
+ 	/* Free up any space allocated to the lru pages. */
+-	while ((bp = mp->lqh.cqh_first) != (void *)&mp->lqh) {
+-		CIRCLEQ_REMOVE(&mp->lqh, mp->lqh.cqh_first, q);
++	while ((bp = mp->lqh.tqh_first) != NULL) {
++		TAILQ_REMOVE(&mp->lqh, mp->lqh.tqh_first, q);
+ 		free(bp);
+ 	}
+ 
+@@ -332,8 +332,7 @@ mpool_sync(mp)
+ 	BKT *bp;
+ 
+ 	/* Walk the lru chain, flushing any dirty pages to disk. */
+-	for (bp = mp->lqh.cqh_first;
+-	    bp != (void *)&mp->lqh; bp = bp->q.cqe_next)
++	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next)
+ 		if (bp->flags & MPOOL_DIRTY &&
+ 		    mpool_write(mp, bp) == RET_ERROR)
+ 			return (RET_ERROR);
+@@ -363,8 +362,7 @@ mpool_bkt(mp)
+ 	 * off any lists.  If we don't find anything we grow the cache anyway.
+ 	 * The cache never shrinks.
+ 	 */
+-	for (bp = mp->lqh.cqh_first;
+-	    bp != (void *)&mp->lqh; bp = bp->q.cqe_next)
++	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next)
+ 		if (!(bp->flags & MPOOL_PINNED)) {
+ 			/* Flush if dirty. */
+ 			if (bp->flags & MPOOL_DIRTY &&
+@@ -375,8 +373,8 @@ mpool_bkt(mp)
+ #endif
+ 			/* Remove from the hash and lru queues. */
+ 			head = &mp->hqh[HASHKEY(bp->pgno)];
+-			CIRCLEQ_REMOVE(head, bp, hq);
+-			CIRCLEQ_REMOVE(&mp->lqh, bp, q);
++			TAILQ_REMOVE(head, bp, hq);
++			TAILQ_REMOVE(&mp->lqh, bp, q);
+ #if defined(DEBUG) && !defined(DEBUG_IDX0SPLIT)
+ 			{ void *spage;
+ 				spage = bp->page;
+@@ -450,7 +448,7 @@ mpool_look(mp, pgno)
+ 	BKT *bp;
+ 
+ 	head = &mp->hqh[HASHKEY(pgno)];
+-	for (bp = head->cqh_first; bp != (void *)head; bp = bp->hq.cqe_next)
++	for (bp = head->tqh_first; bp != NULL; bp = bp->hq.tqe_next)
+ 		if ((bp->pgno == pgno) && (bp->flags & MPOOL_INUSE)) {
+ #ifdef STATISTICS
+ 			++mp->cachehit;
+@@ -494,8 +492,7 @@ mpool_stat(mp)
+ 
+ 	sep = "";
+ 	cnt = 0;
+-	for (bp = mp->lqh.cqh_first;
+-	    bp != (void *)&mp->lqh; bp = bp->q.cqe_next) {
++	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next) {
+ 		(void)fprintf(stderr, "%s%d", sep, bp->pgno);
+ 		if (bp->flags & MPOOL_DIRTY)
+ 			(void)fprintf(stderr, "d");
+
+--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.h
++++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.h
+@@ -47,8 +47,8 @@
+ 
+ /* The BKT structures are the elements of the queues. */
+ typedef struct _bkt {
+-	CIRCLEQ_ENTRY(_bkt) hq;		/* hash queue */
+-	CIRCLEQ_ENTRY(_bkt) q;		/* lru queue */
++	TAILQ_ENTRY(_bkt) hq;		/* hash queue */
++	TAILQ_ENTRY(_bkt) q;		/* lru queue */
+ 	void    *page;			/* page */
+ 	db_pgno_t   pgno;			/* page number */
+ 
+@@ -59,9 +59,9 @@ typedef struct _bkt {
+ } BKT;
+ 
+ typedef struct MPOOL {
+-	CIRCLEQ_HEAD(_lqh, _bkt) lqh;	/* lru queue head */
++	TAILQ_HEAD(_lqh, _bkt) lqh;	/* lru queue head */
+ 					/* hash queue array */
+-	CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE];
++	TAILQ_HEAD(_hqh, _bkt) hqh[HASHSIZE];
+ 	db_pgno_t	curcache;		/* current number of cached pages */
+ 	db_pgno_t	maxcache;		/* max number of cached pages */
+ 	db_pgno_t	npages;			/* number of pages in the file */
+
+--- a/src/plugins/kdb/db2/libdb2/test/run.test
++++ b/src/plugins/kdb/db2/libdb2/test/run.test
+@@ -71,10 +71,11 @@ main()
+ }
+ 
+ getnwords() {
+-	# Delete blank lines because the db code appears not to
+-	# like empty keys.  On Debian Linux, $DICT appears to contain
+-	# some non-ASCII characters, and "rev" chokes on them.
+-	sed -e '/^$/d' < $DICT | cat -v | sed -e ${1}q
++	# Delete blank lines because the db code appears not to like
++	# empty keys.  Omit lines with non-alphanumeric characters to
++	# avoid shell metacharacters and non-ASCII characters which
++	# could cause 'rev' to choke.
++	LC_ALL=C sed -e '/^$/d' -e '/[^A-Za-z]/d' < $DICT | sed -e ${1}q
+ }
+ 
+ # Take the first hundred entries in the dictionary, and make them
hooks/post-receive
--
IPFire 2.x development tree

    