--- samba-3.0.23d/source/passdb/pdb_get_set.c.old	2007-08-13 20:30:40.000000000 -0300
+++ samba-3.0.23d/source/passdb/pdb_get_set.c	2007-08-13 20:33:32.000000000 -0300
@@ -140,6 +140,9 @@
 	
 	/* Return the cached group SID if we have that */
 	if ( sampass->group_sid ) {
+		DEBUG(10,("pdb_get_group_sid: Using cached group SID %s for %s\n", 
+					sid_string_static(sampass->group_sid),
+					pdb_get_username(sampass)));
 		return sampass->group_sid;
 	}
 		
@@ -156,7 +159,9 @@
 
 	if ( sampass->unix_pw ) {
 		pwd = sampass->unix_pw;
+		DEBUG(10,("pdb_get_group_sid: Found existing unix account for %s: %s\n", pdb_get_username(sampass), pwd->pw_name));
 	} else {
+		DEBUG(10,("pdb_get_group_sid: alloc new user for %s\n", pdb_get_username(sampass)));
 		pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
 	}
 
@@ -191,8 +196,19 @@
 
 	/* Just set it to the 'Domain Users' RID of 512 which will 
 	   always resolve to a name */
-		   
-	sid_copy( gsid, get_global_sam_sid() );
+	
+	uint32  dummy;
+
+	DEBUG(3, ("Primary group for user %s will be SID-512\n", pdb_get_username(sampass)));
+
+	/* Try to use user's domain "Domain Users" group */
+	sid_copy(gsid, &sampass->user_sid);
+	if (!sid_split_rid(gsid, &dummy)) {
+		DEBUG(1, ("sid_split_rid(%s) failed. Using global SID\n",
+			sid_string_static(gsid)));
+		/* Use default domain if fails */
+		sid_copy(gsid, get_global_sam_sid());
+	}
 	sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
 		
 	sampass->group_sid = gsid;
@@ -511,9 +527,19 @@
 	   store DOMAIN_USERS as the primary groupSID */
 
 	if ( sid_to_gid( g_sid, &gid ) ) {
+		DEBUG(10, ("pdb_set_group_sid: resolved %s to %d\n", sid_string_static(g_sid),gid));
 		sid_copy(sampass->group_sid, g_sid);
 	} else {
-		sid_copy( sampass->group_sid, get_global_sam_sid() );
+		uint32  dummy;
+
+		DEBUG(10, ("pdb_set_group_sid: guessing group using SID-513\n"));
+
+		sid_copy(sampass->group_sid, &sampass->user_sid);
+		if (!sid_split_rid(sampass->group_sid, &dummy)) {
+			DEBUG(1, ("sid_split_rid(%s) failed. Using global SID\n",
+				sid_string_static(sampass->group_sid)));
+			sid_copy(sampass->group_sid, get_global_sam_sid());
+		}
 		sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
 	}