diff --git a/.cvsignore b/.cvsignore
index c9177b6..aae6a6c 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-samba-3.5.2.tar.gz
+samba-3.5.3.tar.gz
diff --git a/nmb.init b/nmb.init
index cdbdf0b..6234ff9 100644
--- a/nmb.init
+++ b/nmb.init
@@ -71,7 +71,7 @@ reload() {
 }	
 
 rhstatus() {
-	status nmbd
+	status -l nmb nmbd
 	return $?
 }	
 
diff --git a/samba-3.5.2-ipv6.patch b/samba-3.5.2-ipv6.patch
new file mode 100644
index 0000000..322570f
--- /dev/null
+++ b/samba-3.5.2-ipv6.patch
@@ -0,0 +1,273 @@
+From 841525d4b9dcf167ae114dd656d74c510ef36c13 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 14 May 2010 23:21:47 +0200
+Subject: [PATCH 1/3] s3-winbind: make the getpeername() checks in cm_prepare_connection ipv6 aware.
+
+ipv6 gurus, please check.
+
+Guenther
+---
+ source3/winbindd/winbindd_cm.c |   30 +++++++++++++++++++++++++-----
+ 1 files changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 9715363..45747d4 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -808,11 +808,31 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
+ 
+ 	peeraddr_len = sizeof(peeraddr);
+ 
+-	if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0) ||
+-	    (peeraddr_len != sizeof(struct sockaddr_in)) ||
+-	    (peeraddr_in->sin_family != PF_INET))
+-	{
+-		DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno)));
++	if ((getpeername((*cli)->fd, &peeraddr, &peeraddr_len) != 0)) {
++		DEBUG(0,("cm_prepare_connection: getpeername failed with: %s\n",
++			strerror(errno)));
++		result = NT_STATUS_UNSUCCESSFUL;
++		goto done;
++	}
++
++	if ((peeraddr_len != sizeof(struct sockaddr_in))
++#ifdef HAVE_IPV6
++	    && (peeraddr_len != sizeof(struct sockaddr_in6))
++#endif
++	    ) {
++		DEBUG(0,("cm_prepare_connection: got unexpected peeraddr len %d\n",
++			peeraddr_len));
++		result = NT_STATUS_UNSUCCESSFUL;
++		goto done;
++	}
++
++	if ((peeraddr_in->sin_family != PF_INET)
++#ifdef HAVE_IPV6
++	    && (peeraddr_in->sin_family != PF_INET6)
++#endif
++	    ) {
++		DEBUG(0,("cm_prepare_connection: got unexpected family %d\n",
++			peeraddr_in->sin_family));
+ 		result = NT_STATUS_UNSUCCESSFUL;
+ 		goto done;
+ 	}
+-- 
+1.6.6.1
+
+
+From 435ba0625599388f585759738554ddb509ce3c54 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 14 May 2010 23:23:34 +0200
+Subject: [PATCH 2/3] s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
+
+Guenther
+---
+ source3/include/proto.h        |    3 ++-
+ source3/libads/kerberos.c      |   19 ++++++++++++-------
+ source3/libsmb/namequery_dc.c  |    6 ++++--
+ source3/winbindd/winbindd_cm.c |    6 ++++--
+ 4 files changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/source3/include/proto.h b/source3/include/proto.h
+index 91b6bd9..b633d9e 100644
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -1821,7 +1821,8 @@ int kerberos_kinit_password(const char *principal,
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ 						const char *domain,
+ 						const char *sitename,
+-						struct sockaddr_storage *pss);
++						struct sockaddr_storage *pss,
++						const char *kdc_name);
+ 
+ /* The following definitions come from libads/kerberos_keytab.c  */
+ 
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index 7fb4ec3..01a88e8 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -715,7 +715,8 @@ int kerberos_kinit_password(const char *principal,
+ 
+ static char *print_kdc_line(char *mem_ctx,
+ 			const char *prev_line,
+-			const struct sockaddr_storage *pss)
++			const struct sockaddr_storage *pss,
++			const char *kdc_name)
+ {
+ 	char *kdc_str = NULL;
+ 
+@@ -772,14 +773,15 @@ static char *print_kdc_line(char *mem_ctx,
+ static char *get_kdc_ip_string(char *mem_ctx,
+ 		const char *realm,
+ 		const char *sitename,
+-		struct sockaddr_storage *pss)
++		struct sockaddr_storage *pss,
++		const char *kdc_name)
+ {
+ 	int i;
+ 	struct ip_service *ip_srv_site = NULL;
+ 	struct ip_service *ip_srv_nonsite = NULL;
+ 	int count_site = 0;
+ 	int count_nonsite;
+-	char *kdc_str = print_kdc_line(mem_ctx, "", pss);
++	char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
+ 
+ 	if (kdc_str == NULL) {
+ 		return NULL;
+@@ -803,7 +805,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ 			 * but not done often. */
+ 			kdc_str = print_kdc_line(mem_ctx,
+ 						kdc_str,
+-						&ip_srv_site[i].ss);
++						&ip_srv_site[i].ss,
++						NULL);
+ 			if (!kdc_str) {
+ 				SAFE_FREE(ip_srv_site);
+ 				return NULL;
+@@ -840,7 +843,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ 		/* Append to the string - inefficient but not done often. */
+ 		kdc_str = print_kdc_line(mem_ctx,
+ 				kdc_str,
+-				&ip_srv_nonsite[i].ss);
++				&ip_srv_nonsite[i].ss,
++				NULL);
+ 		if (!kdc_str) {
+ 			SAFE_FREE(ip_srv_site);
+ 			SAFE_FREE(ip_srv_nonsite);
+@@ -868,7 +872,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ 						const char *domain,
+ 						const char *sitename,
+-						struct sockaddr_storage *pss)
++						struct sockaddr_storage *pss,
++						const char *kdc_name)
+ {
+ 	char *dname;
+ 	char *tmpname = NULL;
+@@ -912,7 +917,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ 	realm_upper = talloc_strdup(fname, realm);
+ 	strupper_m(realm_upper);
+ 
+-	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
++	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
+ 	if (!kdc_ip_string) {
+ 		goto done;
+ 	}
+diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
+index 3b3470d..cebd793 100644
+--- a/source3/libsmb/namequery_dc.c
++++ b/source3/libsmb/namequery_dc.c
+@@ -109,12 +109,14 @@ static bool ads_dc_name(const char *domain,
+ 				create_local_private_krb5_conf_for_domain(realm,
+ 									domain,
+ 									sitename,
+-									&ads->ldap.ss);
++									&ads->ldap.ss,
++									ads->config.ldap_server_name);
+ 			} else {
+ 				create_local_private_krb5_conf_for_domain(realm,
+ 									domain,
+ 									NULL,
+-									&ads->ldap.ss);
++									&ads->ldap.ss,
++									ads->config.ldap_server_name);
+ 			}
+ 		}
+ #endif
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 45747d4..5ea5196 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -1152,7 +1152,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+ 					create_local_private_krb5_conf_for_domain(domain->alt_name,
+ 									domain->name,
+ 									sitename,
+-									pss);
++									pss,
++									name);
+ 
+ 					SAFE_FREE(sitename);
+ 				} else {
+@@ -1160,7 +1161,8 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+ 					create_local_private_krb5_conf_for_domain(domain->alt_name,
+ 									domain->name,
+ 									NULL,
+-									pss);
++									pss,
++									name);
+ 				}
+ 				winbindd_set_locator_kdc_envs(domain);
+ 
+-- 
+1.6.6.1
+
+
+From 06135ae36667c96fe28b69724393323727e82ba6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Sat, 15 May 2010 00:34:35 +0200
+Subject: [PATCH 3/3] s3-kerberos: temporary fix for ipv6 in print_kdc_line().
+
+Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
+in just the kdc_name if we have it and let the krb5 lib figure out the
+appropriate ipv6 address
+
+ipv6 gurus, please check.
+
+Guenther
+---
+ source3/libads/kerberos.c |   25 ++++++++++++++++++++-----
+ 1 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index 01a88e8..c78b8b8 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -728,6 +728,9 @@ static char *print_kdc_line(char *mem_ctx,
+ 		char addr[INET6_ADDRSTRLEN];
+ 		uint16_t port = get_sockaddr_port(pss);
+ 
++		DEBUG(10,("print_kdc_line: IPV6 case for kdc_name: %s, port: %d\n",
++			kdc_name, port));
++
+ 		if (port != 0 && port != DEFAULT_KRB5_PORT) {
+ 			/* Currently for IPv6 we can't specify a non-default
+ 			   krb5 port with an address, as this requires a ':'.
+@@ -744,6 +747,7 @@ static char *print_kdc_line(char *mem_ctx,
+ 					"Error %s\n.",
+ 					print_canonical_sockaddr(mem_ctx, pss),
+ 					gai_strerror(ret)));
++				return NULL;
+ 			}
+ 			/* Success, use host:port */
+ 			kdc_str = talloc_asprintf(mem_ctx,
+@@ -752,11 +756,22 @@ static char *print_kdc_line(char *mem_ctx,
+ 					hostname,
+ 					(unsigned int)port);
+ 		} else {
+-			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+-					prev_line,
+-					print_sockaddr(addr,
+-						sizeof(addr),
+-						pss));
++
++			/* no krb5 lib currently supports "kdc = ipv6 address"
++			 * at all, so just fill in just the kdc_name if we have
++			 * it and let the krb5 lib figure out the appropriate
++			 * ipv6 address - gd */
++
++			if (kdc_name) {
++				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++						prev_line, kdc_name);
++			} else {
++				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++						prev_line,
++						print_sockaddr(addr,
++							sizeof(addr),
++							pss));
++			}
+ 		}
+ 	}
+ 	return kdc_str;
+-- 
+1.6.6.1
+
diff --git a/samba.spec b/samba.spec
index 3fbd087..89c8226 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,5 +1,5 @@
-%define main_release 59
-%define samba_version 3.5.2
+%define main_release 60
+%define samba_version 3.5.3
 %define tdb_version 1.2.1
 %define talloc_version 2.0.1
 #%define pre_release rc3
@@ -45,6 +45,7 @@ Patch104: samba-3.0.0rc3-nmbd-netbiosname.patch
 # The passwd part has been applied, but not the group part
 Patch107: samba-3.2.0pre1-grouppwd.patch
 Patch200: samba-3.2.5-inotify.patch
+Patch201: samba-3.5.2-ipv6.patch
 
 Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release}
 Requires: pam >= 0:0.64
@@ -201,6 +202,7 @@ cp %{SOURCE11} packaging/Fedora/
 #%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply
 %patch107 -p1 -b .grouppwd
 %patch200 -p0 -b .inotify
+%patch201 -p1 -b .ipv6
 
 mv %samba_source/VERSION %samba_source/VERSION.orig
 sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < %samba_source/VERSION.orig > %samba_source/VERSION
@@ -650,6 +652,11 @@ exit 0
 %{_datadir}/pixmaps/samba/logo-small.png
 
 %changelog
+* Wed May 19 2010 Guenther Deschner <gdeschner@redhat.com> - 3.5.3-60
+- Update to 3.5.3
+- Make sure nmb and smb initscripts return LSB compliant return codes
+- Fix winbind over ipv6
+
 * Wed Apr 07 2010 Guenther Deschner <gdeschner@redhat.com> - 3.5.2-59
 - Update to 3.5.2
 
diff --git a/smb.init b/smb.init
index fbb6152..f9fec26 100644
--- a/smb.init
+++ b/smb.init
@@ -71,7 +71,7 @@ reload() {
 }	
 
 rhstatus() {
-	status smbd
+	status -l smb smbd
 	return $?
 }	
 
diff --git a/sources b/sources
index 6d170b5..69c1059 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6f8cf649207ccd8c2c17e28c335f4e9d  samba-3.5.2.tar.gz
+7c8d2a34b649380d5df838c3e030dbec  samba-3.5.3.tar.gz