From e3a151e2472d97891c97cc898f27f3ccf712bf35 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri@samba.org>
Date: Wed, 7 Jun 2017 20:33:24 +0300
Subject: [PATCH] winbindd: cache name-to-sid from PAC based on lookup domain

The name-to-sid lookup for trusted domains is not necessarily
done against the domain - in AD member case it is done
against the primary domain. Therefore the caching should also
be done against the lookup domain.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source3/winbindd/winbindd_pam.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 8abd8f07e02..37b0c098d89 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2664,7 +2664,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
 		 * We're in the parent here, so find the child
 		 * pointer from the PAC domain name.
 		 */
-		domain = find_domain_from_name_noinit(
+		domain = find_lookup_domain_from_name(
 				info3_copy->base.logon_domain.string);
 		if (domain && domain->primary ) {
 			struct dom_sid user_sid;
-- 
2.11.4.GIT