Index: auth/auth_unix.c
===================================================================
--- auth/auth_unix.c	(revision 23527)
+++ auth/auth_unix.c	(working copy)
@@ -113,10 +113,45 @@
 			/* if a real user check pam account restrictions */
 			/* only really perfomed if "obey pam restriction" is true */
 			nt_status = smb_pam_accountcheck(pass->pw_name);
-			if (  !NT_STATUS_IS_OK(nt_status)) {
+			if (!NT_STATUS_IS_OK(nt_status)) {
 				DEBUG(1, ("PAM account restriction prevents user login\n"));
 			} else {
-				make_server_info_pw(server_info, pass->pw_name, pass);
+				char *qualified_name = NULL;
+				DOM_SID u_sid;
+				enum lsa_SidType type;
+
+				nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
+				if (!NT_STATUS_IS_OK(nt_status)) {
+					return nt_status;
+				}
+
+				/*
+				 * The SID returned in server_info->sam_account is based
+				 * on our SAM sid even though for a UNIX account this should
+				 * not be the case as it doesn't really exist in the SAM db.
+				 * Change this to a "Unix Users" SID.
+				 */
+
+				qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+					unix_users_domain_name(),
+					pass->pw_name );
+				if (!qualified_name) {
+					return NT_STATUS_NO_MEMORY;
+				}
+
+				if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
+						NULL, NULL,
+						&u_sid, &type)) {
+					return NT_STATUS_NO_SUCH_USER;
+				}
+
+				if (type != SID_NAME_USER) {
+					return NT_STATUS_NO_SUCH_USER;
+				}
+
+				if (!pdb_set_user_sid((*server_info)->sam_account, &u_sid, PDB_CHANGED)) {
+					return NT_STATUS_NO_SUCH_USER;
+				}
 			}
 		} else {
 			/* we need to do somthing more useful here */