--- /dev/null
+<samba:parameter name="force unknown acl user"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://samba.org/common">
+
+<description>
+ <para>If this parameter is set, a Windows NT ACL that contains an unknown
+ SID (security descriptor, or representation of a user or group
+ id) as the owner or group owner of the file will be silently
+ mapped into the current UNIX uid or gid of the currently
+ connected user.</para>
+
+ <para>This is designed to allow Windows NT clients to copy files and
+ folders containing ACLs that were created locally on the client
+ machine and contain users local to that machine only (no domain
+ users) to be copied to a Samba server (usually with XCOPY /O)
+ and have the unknown userid and groupid of the file owner map to
+ the current connected user. This can only be fixed correctly
+ when winbindd allows arbitrary mapping from any Windows NT SID
+ to a UNIX uid or gid.</para>
+
+ <para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED
+ error.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>