--- FAQ.sgml.orig	Sat Aug 31 19:54:38 2002
+++ FAQ.sgml	Mon Sep  9 00:56:09 2002
@@ -12912,23 +12912,42 @@
 Each authentication program must select its own scheme for persistent
 storage of passwords and usernames.
 
+<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
+
 <sect1>How do I use the Winbind authenticators?
 
 <p>by
-<url url="mailto: jmurdoc at itraktech dot com" name="Jerry Murdock">
+<url url="mailto: jmurdock at itraktech dot com" name="Jerry Murdock">
 
 <p>
 Winbind is a recent addition to Samba providing some impressive 
-capabilities for NT based user accounts.  From Squid's perspective winbind provides a robust and efficient
-engine for both basic and NTLM challenge/response authentication
+capabilities for NT based user accounts.  From Squid's perspective winbind provides a 
+robust and efficient engine for both basic and NTLM challenge/response authentication
 against an NT domain controller.
 <p>
-Samba 2.2.4 or greater is required.  Samba 2.2.4, 2.2.5, and 3.0a17 
-are known to work with the Squid 2.5 winbind authenticators.  
+The winbind authenticators have been used successfully under Linux, FreeBSD and Solaris.
 <p>
-The winbind authenticators have been used successfully
-under Linux, FreeBSD and Solaris.
+
+<sect2>Supported Samba Releases
 <p>
+Samba 2.2.x releases 2.2.4 and later are officially supported.  
+
+Squid 2.5 uses an internal Samba interface to communicate with the winbindd daemon. 
+It is therefore sensitive to any changes the Samba team may make to the interface.
+
+Samba 3.0a17 and 3.0a18 implement the same winbindd interface as 2.2.4+ and are known to work.
+
+With Samba 3.0a19, the winbindd interface changed and Squid 2.5 will not work as 
+distributed.  Replacing the <tt>winbindd_nss.h</tt> file in Squid's 
+<tt>helpers/basic_auth/winbind</tt> and <tt>helpers/ntlm_auth/winbind</tt> 
+directories with the version in Samba's <tt>source/nsswitch</tt> directory has 
+been reported to work.
+
+The approach may be applicable for later Samba 3.0 versions as long as the 
+interface does not change significantly.
+
+The Samba and Squid teams are actively working together to insure future Samba 
+stable releases will be supported.  
 
 <sect2>Configure Samba
 <p>
@@ -13035,26 +13054,21 @@
 <url url="http://www.squid-cache.org/mail-archive/squid-dev/200207/att-0117/01-smbpasswd.diff" name="smbpasswd.diff">
 is a patch to Samba 2.2.5's smbpasswd utility to allow
 changing the machine account password at will.  It is a minimal patch
-simply exposing a command line interface to an existing Samba function.  
+simply exposing a command line interface to an existing Samba function.
+<p><bf>Note: This patch has been included in Samba as of 2.2.6pre2.</bf> 
+ 
 <p>
 Once patched, the smbpasswd syntax to change the password is:
 <verb>
 	smbpasswd -t DOMAIN -r PDC
 </verb>
-<p>
 
 <bf>Samba 3.x</bf>
 <p>
-Things are much easier under the 3.x versions of Samba. Smbd is no 
-longer required to manage the machine's trust account, and there is no
-need to patch any utilities. 
-<p>
 The Samba team has incorporated functionality to change the machine 
 trust account password in the new "net" command.  A simple daily cron
-job scheduling "net rpc changetrustpw" is all that is needed.
+job scheduling "<tt>net rpc changetrustpw</tt>" is all that is needed.
 <p>
-<p>
-
 
 <sect2>Configure Squid
 <p>
@@ -13152,7 +13166,7 @@
 </enum>
 <p>
 <p>
-If no usernames appear in acces.log and/or no password dialogs appear
+If no usernames appear in access.log and/or no password dialogs appear
 in either browser, then the acl/http_access portions of squid.conf are
 not correct. 
 <p>