diff options
-rw-r--r-- | source3/auth/auth_util.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5c933e90c9..7a186f65cd 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1515,7 +1515,19 @@ BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) { DOM_SID domain_sid; - sid_copy( &domain_sid, get_global_sam_sid() ); + /* if we are a domain member, the get the domain SID, else for + a DC or standalone server, use our own SID */ + + if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) { + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domain_sid ) ) { + DEBUG(1,("nt_token_check_domain_rid: Cannot lookup SID for domain [%s]\n", + lp_workgroup())); + return False; + } + } + else + sid_copy( &domain_sid, get_global_sam_sid() ); + sid_append_rid( &domain_sid, rid ); return nt_token_check_sid( &domain_sid, token );\ |