>From e60e93b218ab29f5054a5751c39c8329ef6b1227 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 9 Apr 2015 09:25:50 +0200
Subject: [PATCH] MAN: Clarify how are GPO mappings called in GPO editor

https://fedorahosted.org/sssd/ticket/2618
---
 src/man/sssd-ad.5.xml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 2d3c88c6e7c3e059d9595e848b764e6d142da365..55c7a404527bbd279deadc08b17549c517773719 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -356,9 +356,9 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
                             DenyInteractiveLogonRight policy settings.
                         </para>
                         <para>
-                            Note: Using the Group Policy Management Editor this
-                            value InteractiveLogonRight  is called "Allow log on
-                            locally" and "Deny log on locally".
+                            Note: Using the Group Policy Management Editor
+                            this value is called "Allow log on locally"
+                            and "Deny log on locally".
                         </para>
                         <para>
                             It is possible to add another PAM service name
@@ -467,6 +467,12 @@ ad_gpo_map_remote_interactive = +my_pam_service, -sshd
                             policy settings.
                         </para>
                         <para>
+                            Note: Using the Group Policy Management Editor
+                            this value is called "Access this computer
+                            from the network" and "Deny access to this
+                            computer from the network".
+                        </para>
+                        <para>
                             It is possible to add another PAM service name
                             to the default set by using <quote>+service_name</quote>
                             or to explicitly remove a PAM service name from
@@ -507,6 +513,11 @@ ad_gpo_map_network = +my_pam_service, -ftp
                             policy settings.
                         </para>
                         <para>
+                            Note: Using the Group Policy Management Editor
+                            this value is called "Allow log on as a batch
+                            job" and "Deny log on as a batch job".
+                        </para>
+                        <para>
                             It is possible to add another PAM service name
                             to the default set by using <quote>+service_name</quote>
                             or to explicitly remove a PAM service name from
@@ -542,6 +553,11 @@ ad_gpo_map_batch = +my_pam_service, -crond
                             policy settings.
                         </para>
                         <para>
+                            Note: Using the Group Policy Management Editor
+                            this value is called "Allow log on as a service"
+                            and "Deny log on as a service".
+                        </para>
+                        <para>
                             It is possible to add a PAM service name to the
                             default set by using <quote>+service_name</quote>.
                             Since the default set is empty, it is not possible
-- 
2.1.0