--- /dev/null
+From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001
+From: Justin Maggard <jmaggard@netgear.com>
+Date: Tue, 21 Jul 2015 15:17:30 -0700
+Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid
+ lookup.
+
+Somewhere along the line, a config line like "valid users = @foo"
+broke when "foo" also exists as a user.
+
+user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
+flag; but lookup_name() was not respecting that flag, and went ahead and looked
+for users anyway.
+
+Regression test to follow.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
+
+Signed-off-by: Justin Maggard <jmaggard@netgear.com>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
+
+(cherry picked from commit dc99d451bf23668d73878847219682fced547622)
+---
+ source3/passdb/lookup_sid.c | 4 ++--
+ source3/passdb/lookup_sid.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
+index dcc2911..18d0e37 100644
+--- a/source3/passdb/lookup_sid.c
++++ b/source3/passdb/lookup_sid.c
+@@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
+ goto ok;
+ }
+
+- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
++ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
+ && strequal(domain, unix_users_domain_name())) {
+ if (lookup_unix_user_name(name, &sid)) {
+ type = SID_NAME_USER;
+@@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
+ /* 11. Ok, windows would end here. Samba has two more options:
+ Unmapped users and unmapped groups */
+
+- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
++ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
+ && lookup_unix_user_name(name, &sid)) {
+ domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
+ type = SID_NAME_USER;
+diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
+index b2f5cf5..4b26e0a 100644
+--- a/source3/passdb/lookup_sid.h
++++ b/source3/passdb/lookup_sid.h
+@@ -29,7 +29,7 @@
+ #define LOOKUP_NAME_NONE 0x00000000
+ #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */
+ #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */
+-#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for
++#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for
+ valid users = @foo where foo also
+ exists in as user. */
+ #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid
+--
+2.5.0
+