summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_util.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5c933e90c9..7a186f65cd 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1515,7 +1515,19 @@ BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
{
DOM_SID domain_sid;
- sid_copy( &domain_sid, get_global_sam_sid() );
+ /* if we are a domain member, the get the domain SID, else for
+ a DC or standalone server, use our own SID */
+
+ if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+ if ( !secrets_fetch_domain_sid( lp_workgroup(), &domain_sid ) ) {
+ DEBUG(1,("nt_token_check_domain_rid: Cannot lookup SID for domain [%s]\n",
+ lp_workgroup()));
+ return False;
+ }
+ }
+ else
+ sid_copy( &domain_sid, get_global_sam_sid() );
+
sid_append_rid( &domain_sid, rid );
return nt_token_check_sid( &domain_sid, token );\