r936: Fix a rather weird error that crippled my site, when we upgraded to

Samba 3.0.4.

If we fail a query for the members of the 'administrators' group (and we may well just have the IDL wrong), this destroys later parts of the domain logon process.

For reasons I can't understand, the client-side 'heck, what happened'
bailout causes the connection to the DC to be dropped, and causes the
mandetory profile not to be loaded.  (This also only occours after a reboot)

Return the members of 'administrators', and it all works fine.

The reason we hit this is because we run winbindd (to support
pam_winbind) on our DC, and the winbindd lookup in sid_to_gid was
messing things up.  As we don't care what type of thing this is,
provided it exists in the group mapping db, we should not bother
winbindd here.

Andrew Bartlett
(This used to be commit d626b5c6d401e72296cf570e50f324c145fd70e0)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 842db8de5dc7529d1947b5ccd91732c8fa9ce97e..d536383ef3eceddc65f4fda5521276931917d979 100644 (file)
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -445,14 +445,11 @@ NTSTATUS sid_to_gid(const DOM_SID *psid, gid_t *pgid)
         * Group mapping can deal with foreign SIDs
         */
 
+       if ( local_sid_to_gid(pgid, psid, &name_type) )
+               goto success;
+       
        if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
-               DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
-                       sid_to_string(sid_str, psid) ));
-
-               if ( local_sid_to_gid(pgid, psid, &name_type) )
-                       goto success;
-                       
-               DEBUG(10,("sid_to_gid: no one knows this SID\n"));
+               DEBUG(10,("sid_to_gid: no one knows the SID %s (tried local, then winbind)\n", sid_to_string(sid_str, psid)));
                
                return NT_STATUS_UNSUCCESSFUL;
        }