diff --git a/samba.spec b/samba.spec
index 5e1e4c7..9db53c6 100644
--- a/samba.spec
+++ b/samba.spec
@@ -584,6 +584,7 @@ exit 0
 %attr(700,root,root) %dir /var/lib/samba/private
 %dir /var/run/winbindd
 %attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged
+%dir /var/lib/samba/scripts
 %config(noreplace) %{_sysconfdir}/samba/smb.conf
 %config(noreplace) %{_sysconfdir}/samba/lmhosts
 %config(noreplace) %{_sysconfdir}/sysconfig/samba
@@ -631,6 +632,11 @@ exit 0
 #%{_includedir}/libmsrpc.h
 
 %changelog
+* Wed Apr 4 2007 Simo Sorce <ssorce@redhat.com>
+- fixes in smb.conf
+- advice in smb.conf to put scripts in /var/lib/samba/scripts
+- create /var/lib/samba/scripts so that selinux can be happy
+
 * Tue Apr 03 2007 Guenther Deschner <gdeschner@redhat.com> 3.0.24-11.fc7
 - enable PAM and NSS dlopen checks during build
 - fix unresolved symbols in libnss_wins.so (bug #198230)
diff --git a/smb.conf.default b/smb.conf.default
index 5312da5..5be6fa0 100644
--- a/smb.conf.default
+++ b/smb.conf.default
@@ -19,6 +19,39 @@
 # NOTE: Whenever you modify this file you should run the command "testparm"
 # to check that you have not made any basic syntactic errors. 
 #
+#---------------
+# SELINUX NOTES:
+#
+# If you want to use the useradd/groupadd family of binaries please run:
+# setsebool -P samba_domain_controller on
+#
+# If you want to share home directories via samba please run:
+# setsebool -P samba_enable_home_dirs on
+#
+# If you create a new directory you want to share you should mark it as
+# "samba-share_t" so that selinux will let you write into it.
+# Make sure not to do that on system directories as they may already have
+# been marked with othe SELinux labels.
+#
+# Use ls -ldZ /path to see which context a directory has
+#
+# Set labels only on directories you created!
+# To set a label use the following: chcon -t samba_share_t /path
+#
+# If you need to share a system created directory you can use one of the
+# following (read-only/read-write):
+# setsebool -P samba_export_all_ro on
+# or
+# setsebool -P samba_export_all_rw on
+#
+# If you want to run scripts (preexec/root prexec/print command/...) please
+# put them into the /var/lib/samba/scripts directory so that smbd will be
+# allowed to run them.
+# Make sure you COPY them and not MOVE them so that the right SELinux context
+# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
+#
+#--------------
+#
 #======================= Global Settings =====================================
 	
 [global]
@@ -132,9 +165,9 @@
 	
 ;	add user script = /usr/sbin/useradd "%u" -n -g users
 ;	add group script = /usr/sbin/groupadd "%g"
-;	add machine script = /usr/sbin/adduser -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
+;	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
 ;	delete user script = /usr/sbin/userdel "%u"
-;	delete user from group script = /usr/sbin/deluser "%u" "%g"
+;	delete user from group script = /usr/sbin/userdel "%u" "%g"
 ;	delete group script = /usr/sbin/groupdel "%g"