winbindd: cache name-to-sid from PAC based on lookup domain

The name-to-sid lookup for trusted domains is not necessarily
done against the domain - in AD member case it is done
against the primary domain. Therefore the caching should also
be done against the lookup domain.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 8abd8f07e021f6837c765fccab4f15bdc4c008c7..37b0c098d89e67739d2970f743792c16ce87186e 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2664,7 +2664,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
                 * We're in the parent here, so find the child
                 * pointer from the PAC domain name.
                 */
-               domain = find_domain_from_name_noinit(
+               domain = find_lookup_domain_from_name(
                                info3_copy->base.logon_domain.string);
                if (domain && domain->primary ) {
                        struct dom_sid user_sid;