diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencoding.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencoding.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencoding.xml 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencoding.xml 2020-05-14 17:45:18.641060200 +0000
@@ -0,0 +1,29 @@
+
+
+ If this parameter is yes, then you
+ can encode the IPv4 address of the workstation as its name
+ and have Samba to verify whether it matches.
+
+ This could be useful in combination with userWorkstation
+ attributes when you are sure that specific IPs can be only
+ used by specific physical computers.
+
+ Out of compatibility reasons this is not possible for IPv6
+ addresses, thus it is only useful when you only allow IPv4
+ connections.
+
+ Example:
+ The workstation with the address 10.20.30.200 would have the
+ workstation name 10_20_30_200.
+
+ A connection from 10.20.30.201 claiming to be 10_20_30_200
+ would be refused while connections from 10.20.30.200 are allowed.
+ The underscores have been used to be not confused with DNS names.
+
+
+
+no
+
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnameipencodingsuffix.xml 2020-05-16 13:48:33.027451300 +0000
@@ -0,0 +1,21 @@
+
+
+
+ This is a list of strings being allowed to be appended to the workstation
+ name to allow the coexistence of different OSes with slightly different
+ workstation names on the same IP (i.e. for dual boot situations).
+
+
+
+ If this is empty (the default) then only the encoded IPv4 address is
+ allowed as the workstation name.
+
+
+
+
+Empty, no suffix is allowed
+L,M (i.e. 10_20_30_40L and 10_20_30_40M would be allowed additionally to 10_20_30_40
+
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationnamesuffixrestrictedusers.xml 2020-05-16 19:05:13.979451300 +0000
@@ -0,0 +1,24 @@
+
+
+
+ This is a list of allowed suffixes appended to the reverse lookup
+ name of the workstation.
+
+
+
+ If this is empty (the default) then no suffixes are allowed.
+ This parameter is to allow i.e. linux workstations to have a configurable
+ suffix to the reverse lookup workstation name to allow dual boot
+ configurations and working around the limitation of only one
+ reverse lookup name.
+
+
+
+
+No suffix is allowed
+
+linux,mac,win
+
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusers.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusers.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusers.xml 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusers.xml 2020-05-14 17:31:13.381060200 +0000
@@ -0,0 +1,31 @@
+
+
+
+ This is a list of users for which additional verifications on the claimed
+ identity of the connecting workstation must be applied. Names starting
+ with '@', '+' and '&' are interpreted using the same rules as described
+ in the invalid users parameter.
+
+
+
+ If this is empty (the default) then no extra checks on the claimed identity
+ of the connecting workstation are made. It would be better if this could/
+ would be dynamically created at runtime, but for now you have to configure
+ it yourself (patches are welcome ;-) ).
+
+
+ Note:
+ This parameter will prevent your BYOD from connecting with workstation
+ restricted users unless you configure reverse lookups for them.
+
+
+
+
+No workstation restricted users (no extra
+check on the claimed identity of the connecting workstation is applied)
+
+cio, @financial, @examusergroup
+
diff -r -N -u orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml
--- orig/samba-4.11.6/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.11.6+dfsg/docs-xml/smbdotconf/security/workstationrestrictedusersprefix.xml 2020-05-16 14:01:02.519451300 +0000
@@ -0,0 +1,29 @@
+
+
+
+ This is a list of username prefixes for which additional verifications on the
+ claimed identity of the connecting workstation must be applied.
+
+
+
+ If this is empty (the default) then no extra checks on the claimed identity
+ of the connecting workstation are made. It would be better if this could/
+ would be dynamically created at runtime, but for now you have to configure
+ it yourself (patches are welcome ;-) ).
+
+
+ Note:
+ This parameter will prevent your BYOD from connecting with workstation
+ restricted users unless you configure reverse lookups for them.
+
+
+
+
+No workstation restricted users (no extra
+check on the claimed identity of the connecting workstation is applied)
+
+exam
+