Fixed looking up domain (winbind) users ahead of local users in

domain_client_validate()
(This used to be commit df0db8edb12dc8b8d290e5ac599fa7b517e9d263)

1 files changed, 18 insertions, 6 deletions

diff --git a/source3/libsmb/domain_client_validate.c b/source3/libsmb/domain_client_validate.c
index 7a8fa66841..a8c3ff2f6b 100644
--- a/source3/libsmb/domain_client_validate.c
+++ b/source3/libsmb/domain_client_validate.c
@@ -325,9 +325,14 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
 
 	ZERO_STRUCT(info3);
 
+        /*
+         * If this call succeeds, we now have lots of info about the user
+         * in the info3 structure.  
+         */
+
 	status = cli_nt_login_network(&cli, user_info, smb_uid_low, 
 				      &ctr, &info3);
-
+        
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("domain_client_validate: unable to validate password "
                          "for user %s in domain %s to Domain controller %s. "
@@ -335,13 +340,20 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
                          user_info->domain.str, cli.srv_name_slash, 
                          get_nt_error_msg(status)));
 	} else {
+                char *dom_user;
 
-		/*
-		 * Here, if we really want it, we have lots of info about the user
-		 * in info3.  
-		 */
+                /* Check DOMAIN\username first to catch winbind users, then
+                   just the username for local users. */
+
+                asprintf(&dom_user, "%s%s%s", user_info->domain.str,
+                         lp_winbind_separator(),
+                         user_info->internal_username.str);
+
+                if (!(pass = Get_Pwnam(dom_user)))
+                        pass = Get_Pwnam(user_info->internal_username.str);
+
+                free(dom_user);
 
-		pass = Get_Pwnam(user_info->internal_username.str);
 		if (pass) {
 			make_server_info_pw(server_info, pass);
 			if (!server_info) {