1 files changed, 11 insertions, 3 deletions

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 6ae8685b11..856b8f5a82 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -72,9 +72,14 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	if (!auth_context) {
 		DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n", 
 			 user_info->internal_username.str));		
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INVALID_PARAMETER;
 	}		
 
+	if (strequal(user_info->domain.str, get_global_sam_name())) {
+		DEBUG(3,("check_winbind_security: Not using winbind, requested domain was for this SAM.\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
 	/* Send off request */
 
 	ZERO_STRUCT(request);
@@ -100,8 +105,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	       request.data.auth_crap.lm_resp_len);
 	memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
 	       request.data.auth_crap.nt_resp_len);
-	
+
+	/* we are contacting the privileged pipe */
+	become_root();
 	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+	unbecome_root();
 
 	if ( result == NSS_STATUS_UNAVAIL )  {
 		struct auth_methods *auth_method = my_private_data;
@@ -129,7 +137,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 			}
 		}
 	} else if (NT_STATUS_IS_OK(nt_status)) {
-		nt_status = NT_STATUS_UNSUCCESSFUL;
+		nt_status = NT_STATUS_NO_LOGON_SERVERS;
 	}
 
         return nt_status;