return NT_STATUS_UNSUCCESSFUL;
}
+ /*
+ * We need to expand group memberships within our local domain,
+ * as the token might be generated by a trusted domain.
+ */
+ nt_status = authsam_update_user_info_dc(mem_ctx,
+ krbtgt->kdc_db_ctx->samdb,
+ user_info_dc);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
nt_status = samba_get_logon_info_pac_blob(mem_ctx,
user_info_dc, pac_blob);