1 files changed, 38 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/security/validusers.xml b/docs-xml/smbdotconf/security/validusers.xml
new file mode 100644
index 0000000..0b681a1
--- /dev/null
+++ b/docs-xml/smbdotconf/security/validusers.xml
@@ -0,0 +1,38 @@
+<samba:parameter name="valid users"
+                 context="S"
+                 type="cmdlist"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+    This is a list of users that should be allowed to login to this service. Names starting with 
+    '@', '+' and  '&amp;' are interpreted using the same rules as described in the 
+    <parameter moreinfo="none">invalid users</parameter> parameter.
+    </para>
+
+    <para>
+    If this is empty (the default) then any user can login. If a username is in both this list 
+    and the <parameter moreinfo="none">invalid users</parameter> list then access is denied 
+    for that user.
+    </para>
+
+    <para>
+    The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. 
+    This is useful in the [homes] section.
+    </para>
+
+    <para><emphasis>Note: </emphasis>When used in the [global] section this
+    parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see
+    <parameter moreinfo="none">local master</parameter>,
+    <parameter moreinfo="none">os level</parameter>,
+    <parameter moreinfo="none">domain master</parameter>,
+    <parameter moreinfo="none">preferred master</parameter>) this option
+    will prevent workstations from being able to browse the network.
+    </para>
+
+</description>
+
+<related>invalid users</related>
+
+<value type="default"><comment>No valid users list (anyone can login) </comment></value>
+<value type="example">greg, @pcusers</value>
+</samba:parameter>