diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencoding.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencoding.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencoding.xml	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencoding.xml	2020-05-14 17:45:18.641060200 +0000
@@ -0,0 +1,29 @@
+<samba:parameter name="workstation name ip encoding"
+                 context="G"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>If this parameter is <constant>yes</constant>, then you
+    can encode the IPv4 address of the workstation as its name
+    and have Samba to verify whether it matches.
+
+    This could be useful in combination with userWorkstation
+    attributes when you are sure that specific IPs can be only
+    used by specific physical computers.
+
+    Out of compatibility reasons this is not possible for IPv6
+    addresses, thus it is only useful when you only allow IPv4
+    connections.
+
+    Example:
+    The workstation with the address 10.20.30.200 would have the
+    workstation name 10_20_30_200.
+
+    A connection from 10.20.30.201 claiming to be 10_20_30_200
+    would be refused while connections from 10.20.30.200 are allowed.
+    The underscores have been used to be not confused with DNS names.
+    </para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml	2020-05-16 13:48:33.027451300 +0000
@@ -0,0 +1,21 @@
+<samba:parameter name="workstation name ip encoding suffix"
+                 context="G"
+                 type="cmdlist"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    This is a list of strings being allowed to be appended to the workstation 
+    name to allow the coexistence of different OSes with slightly different 
+    workstation names on the same IP (i.e. for dual boot situations).
+    </para>
+
+    <para>
+    If this is empty (the default) then only the encoded IPv4 address is
+    allowed as the workstation name.
+    </para>
+
+</description>
+
+<value type="default"><comment>Empty, no suffix is allowed </comment></value>
+<value type="example">L,M (i.e. 10_20_30_40L and 10_20_30_40M would be allowed additionally to 10_20_30_40</value>
+</samba:parameter>
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml	2020-05-16 19:05:13.979451300 +0000
@@ -0,0 +1,24 @@
+<samba:parameter name="workstation name suffix restricted users"
+                 context="G"
+                 type="cmdlist"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    This is a list of allowed suffixes appended to the reverse lookup
+    name of the workstation. 
+    </para>
+
+    <para>
+    If this is empty (the default) then no suffixes are allowed.
+    This parameter is to allow i.e. linux workstations to have a configurable
+    suffix to the reverse lookup workstation name to allow dual boot
+    configurations and working around the limitation of only one
+    reverse lookup name.
+    </para>
+
+</description>
+
+<value type="default"><comment>No suffix is allowed
+</comment></value>
+<value type="example">linux,mac,win</value>
+</samba:parameter>
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusers.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusers.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusers.xml	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusers.xml	2020-05-14 17:31:13.381060200 +0000
@@ -0,0 +1,31 @@
+<samba:parameter name="workstation restricted users"
+                 context="G"
+                 type="cmdlist"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    This is a list of users for which additional verifications on the claimed
+    identity of the connecting workstation must be applied. Names starting 
+    with '@', '+' and  '&amp;' are interpreted using the same rules as described
+    in the <parameter moreinfo="none">invalid users</parameter> parameter.
+    </para>
+
+    <para>
+    If this is empty (the default) then no extra checks on the claimed identity
+    of the connecting workstation are made. It would be better if this could/
+    would be dynamically created at runtime, but for now you have to configure 
+    it yourself (patches are welcome ;-) ).
+    </para>
+
+    <para><emphasis>Note: </emphasis>
+    This parameter will prevent your BYOD from connecting with workstation 
+    restricted users unless you configure reverse lookups for them.
+    </para>
+
+</description>
+
+<value type="default"><comment>No workstation restricted users (no extra 
+check on the claimed identity of the connecting workstation is applied)
+</comment></value>
+<value type="example">cio, @financial, @examusergroup</value>
+</samba:parameter>
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml	2020-05-16 14:01:02.519451300 +0000
@@ -0,0 +1,29 @@
+<samba:parameter name="workstation restricted users prefix"
+                 context="G"
+                 type="cmdlist"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    This is a list of username prefixes for which additional verifications on the 
+    claimed identity of the connecting workstation must be applied. 
+    </para>
+
+    <para>
+    If this is empty (the default) then no extra checks on the claimed identity
+    of the connecting workstation are made. It would be better if this could/
+    would be dynamically created at runtime, but for now you have to configure 
+    it yourself (patches are welcome ;-) ).
+    </para>
+
+    <para><emphasis>Note: </emphasis>
+    This parameter will prevent your BYOD from connecting with workstation 
+    restricted users unless you configure reverse lookups for them.
+    </para>
+
+</description>
+
+<value type="default"><comment>No workstation restricted users (no extra 
+check on the claimed identity of the connecting workstation is applied)
+</comment></value>
+<value type="example">exam</value>
+</samba:parameter>