r17016: Different and smaller fix for the valid users = username problem.

If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.

Volker

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 823bf8c32282f439a2c4ead0e5f3f6a1aad6bc65..9fcaffa3d65fa7a19c1b4e2b02c5dfc2c4cea85a 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -950,7 +950,13 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
                return NT_STATUS_NO_MEMORY;
        }
 
-       if (server_info->was_mapped) {
+       /*
+        * If winbind is not around, we can not make much use of the SIDs the
+        * domain controller provided us with. Likewise if the user name was
+        * mapped to some local unix user.
+        */
+
+       if ((!winbind_ping()) || (server_info->was_mapped)) {
                status = create_token_from_username(server_info,
                                                    server_info->unix_name,
                                                    server_info->guest,