--- samba-3.0.23b/source/auth/auth_util.c.unix_group_memberships	2006-08-07 12:46:33.000000000 -0400
+++ samba-3.0.23b/source/auth/auth_util.c	2006-08-22 07:54:52.000000000 -0400
@@ -960,7 +960,8 @@ NTSTATUS create_local_token(auth_servers
 	}
 
 	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
-	    (server_info->was_mapped)) {
+	    (server_info->was_mapped) ||
+	    lp_group_memberships_from_unix()) {
 		status = create_token_from_username(server_info,
 						    server_info->unix_name,
 						    server_info->guest,
@@ -1070,6 +1071,13 @@ NTSTATUS create_token_from_username(TALL
 		goto done;
 	}
 
+	if (lp_group_memberships_from_unix()) {
+		DEBUG(5, ("setting group memberships for '%s' (uid %d) "
+			  "from UNIX, as configured\n",
+			  username, *uid));
+		goto unix_user;
+	}
+	else
 	if (sid_check_is_in_our_domain(&user_sid)) {
 
 		/* This is a passdb user, so ask passdb */
--- samba-3.0.23b/source/param/loadparm.c.unix_group_memberships	2006-08-08 12:22:36.000000000 -0400
+++ samba-3.0.23b/source/param/loadparm.c	2006-08-22 07:48:02.000000000 -0400
@@ -301,6 +301,7 @@ typedef struct {
 	BOOL bUseKerberosKeytab;
 	BOOL bDeferSharingViolations;
 	BOOL bEnablePrivileges;
+	BOOL bGroupMembershipsFromUNIX;
 	BOOL bASUSupport;
 	BOOL bUsershareOwnerOnly;
 	BOOL bUsershareAllowGuests;
@@ -867,6 +868,7 @@ static struct parm_struct parm_table[] =
 	{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, 
 	{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED}, 
 	{"enable privileges", P_BOOL, P_GLOBAL, &Globals.bEnablePrivileges, NULL, NULL, FLAG_ADVANCED}, 
+	{"group memberships from unix", P_BOOL, P_GLOBAL, &Globals.bGroupMembershipsFromUNIX, NULL, NULL, FLAG_ADVANCED}, 
 
 	{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, FLAG_ADVANCED}, 
 	{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, FLAG_ADVANCED}, 
@@ -1645,6 +1647,7 @@ static void init_globals(BOOL first_time
 	string_set(&Globals.smb_ports, SMB_PORTS);
 
 	Globals.bEnablePrivileges = True;
+	Globals.bGroupMembershipsFromUNIX = False;
 	Globals.bHostMSDfs        = True;
 	Globals.bASUSupport       = False;
 	
@@ -1918,6 +1921,7 @@ FN_GLOBAL_BOOL(lp_fam_change_notify, &Gl
 FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab)
 FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations)
 FN_GLOBAL_BOOL(lp_enable_privileges, &Globals.bEnablePrivileges)
+FN_GLOBAL_BOOL(lp_group_memberships_from_unix, &Globals.bGroupMembershipsFromUNIX)
 FN_GLOBAL_BOOL(lp_enable_asu_support, &Globals.bASUSupport)
 FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level)
 FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)