Index: auth/auth_server.c
===================================================================
RCS file: /home/cvs/samba/source/auth/auth_server.c,v
retrieving revision 1.21.2.4
diff -u -r1.21.2.4 auth_server.c
--- auth/auth_server.c	16 Apr 2003 12:13:07 -0000	1.21.2.4
+++ auth/auth_server.c	28 Apr 2003 23:29:06 -0000
@@ -372,12 +372,19 @@
 
 	cli_ulogoff(cli);
 
-	if NT_STATUS_IS_OK(nt_status) {
+	if (NT_STATUS_IS_OK(nt_status)) {
 		struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
 		if (pass) {
 			nt_status = make_server_info_pw(server_info, pass);
 		} else {
-			nt_status = NT_STATUS_NO_SUCH_USER;
+			auth_add_user_script(user_info->domain.str, user_info->internal_username.str);
+			pass = Get_Pwnam(user_info->internal_username.str);
+
+			if (pass) {
+				nt_status = make_server_info_pw(server_info, pass);
+			} else {
+				nt_status = NT_STATUS_NO_SUCH_USER;
+			}
 		}
 	}
 
Index: auth/auth_util.c
===================================================================
RCS file: /home/cvs/samba/source/auth/auth_util.c,v
retrieving revision 1.39.2.13
diff -u -r1.39.2.13 auth_util.c
--- auth/auth_util.c	24 Apr 2003 11:56:09 -0000	1.39.2.13
+++ auth/auth_util.c	28 Apr 2003 23:29:07 -0000
@@ -36,7 +36,7 @@
  Create a UNIX user on demand.
 ****************************************************************************/
 
-static int smb_create_user(const char *unix_user, const char *homedir)
+static int smb_create_user(const char *domain, const char *unix_username, const char *homedir)
 {
 	pstring add_script;
 	int ret;
@@ -44,7 +44,9 @@
 	pstrcpy(add_script, lp_adduser_script());
 	if (! *add_script)
 		return -1;
-	all_string_sub(add_script, "%u", unix_user, sizeof(pstring));
+	all_string_sub(add_script, "%u", unix_username, sizeof(pstring));
+	if (domain)
+		all_string_sub(add_script, "%D", domain, sizeof(pstring));
 	if (homedir)
 		all_string_sub(add_script, "%H", homedir, sizeof(pstring));
 	ret = smbrun(add_script,NULL);
@@ -56,24 +58,18 @@
  Add and Delete UNIX users on demand, based on NTSTATUS codes.
 ****************************************************************************/
 
-void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void auth_add_user_script(const char *domain, const char *username)
 {
 	struct passwd *pwd=NULL;
 
-	if (NT_STATUS_IS_OK(nt_status)) {
-
-		if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) {
-			
-			/*
-			 * User validated ok against Domain controller.
-			 * If the admin wants us to try and create a UNIX
-			 * user on the fly, do so.
-			 */
-			
-			if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) {
-				smb_create_user(user_info->internal_username.str, NULL);
-			}
-		}
+	/*
+	 * User validated ok against Domain controller.
+	 * If the admin wants us to try and create a UNIX
+	 * user on the fly, do so.
+	 */
+	
+	if(lp_adduser_script() && !(pwd = Get_Pwnam(username))) {
+		smb_create_user(domain, username, NULL);
 	}
 }
 
@@ -913,30 +909,38 @@
 		nt_status = pdb_init_sam_pw(&sam_account, passwd);
 		passwd_free(&passwd);
 	} else {
-		char *dom_user;
-		dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
-					   nt_domain,
-					   lp_winbind_separator(),
-					   internal_username);
-		
-		if (!dom_user) {
-			DEBUG(0, ("talloc_asprintf failed!\n"));
-			return NT_STATUS_NO_MEMORY;
-		} else { 
-		
-			if (!(passwd = Get_Pwnam(dom_user))
-				/* Only lookup local for the local
-				   domain, we don't want this for
-				   trusted domains */
-			    && strequal(nt_domain, lp_workgroup())) {
-				passwd = Get_Pwnam(internal_username);
+		int try = 0;
+		while (try < 2) {
+			char *dom_user;
+			dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
+						   nt_domain,
+						   lp_winbind_separator(),
+						   internal_username);
+			
+			if (!dom_user) {
+				DEBUG(0, ("talloc_asprintf failed!\n"));
+				nt_status = NT_STATUS_NO_MEMORY;
+			} else { 
+				
+				if (!(passwd = Get_Pwnam(dom_user))
+				    /* Only lookup local for the local
+				       domain, we don't want this for
+				       trusted domains */
+				    && strequal(nt_domain, lp_workgroup())) {
+					passwd = Get_Pwnam(internal_username);
+				}
+				
+				if (!passwd) {
+					nt_status = NT_STATUS_NO_SUCH_USER;
+				} else {
+					nt_status = pdb_init_sam_pw(&sam_account, passwd);
+					break;
+				}
 			}
-			    
-			if (!passwd) {
-				return NT_STATUS_NO_SUCH_USER;
-			} else {
-				nt_status = pdb_init_sam_pw(&sam_account, passwd);
+			if (try == 0) {
+				auth_add_user_script(nt_domain, internal_username);
 			}
+			try++;
 		}
 	}
 	
Index: auth/auth.c
===================================================================
RCS file: /home/cvs/samba/source/auth/auth.c,v
retrieving revision 1.32.2.10
diff -u -r1.32.2.10 auth.c
--- auth/auth.c	24 Apr 2003 11:56:09 -0000	1.32.2.10
+++ auth/auth.c	28 Apr 2003 23:29:07 -0000
@@ -255,12 +255,6 @@
 			break;
 	}
 
-	/* This is one of the few places the *relies* (rather than just sets defaults
-	   on the value of lp_security().  This needs to change.  A new paramater 
-	   perhaps? */
-	if (lp_security() >= SEC_SERVER)
-		smb_user_control(user_info, *server_info, nt_status);
-
 	if (NT_STATUS_IS_OK(nt_status)) {
 		pdb_username = pdb_get_username((*server_info)->sam_account);
 		if (!(*server_info)->guest) {