From f8004328f41db5eec4332b2d6fc54ff91dd3a0c1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Thu, 13 Jul 2006 16:28:38 +0000
Subject: r17016: Different and smaller fix for the valid users = username
 problem.

If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.

Volker
(This used to be commit f6e3ee147ffde572532fb44b619dda01388d4a31)
---
 source3/auth/auth_util.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source3/auth/auth_util.c')

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 823bf8c322..9fcaffa3d6 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -950,7 +950,13 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (server_info->was_mapped) {
+	/*
+	 * If winbind is not around, we can not make much use of the SIDs the
+	 * domain controller provided us with. Likewise if the user name was
+	 * mapped to some local unix user.
+	 */
+
+	if ((!winbind_ping()) || (server_info->was_mapped)) {
 		status = create_token_from_username(server_info,
 						    server_info->unix_name,
 						    server_info->guest,
-- 
cgit