diff -rNu samba-3.0.26a.orig/source/auth/auth_util.c samba-3.0.26a/source/auth/auth_util.c
--- samba-3.0.26a.orig/source/auth/auth_util.c	2007-06-19 19:11:34.000000000 +0200
+++ samba-3.0.26a/source/auth/auth_util.c	2007-10-30 15:10:20.000000000 +0100
@@ -949,6 +949,8 @@
 	
 	if (lp_winbind_nested_groups()) {
 
+		become_root();
+
 		/* Now add the aliases. First the one from our local SAM */
 
 		status = add_aliases(get_global_sam_sid(), result);
@@ -966,6 +968,8 @@
 			TALLOC_FREE(result);
 			return NULL;
 		}
+
+		unbecome_root();
 	} 
 
 
@@ -1112,6 +1116,7 @@
 	}
 
 	if (sid_check_is_in_our_domain(&user_sid)) {
+		BOOL ret;
 
 		/* This is a passdb user, so ask passdb */
 
@@ -1122,7 +1127,11 @@
 			goto done;
 		}
 
-		if (!pdb_getsampwsid(sam_acct, &user_sid)) {
+		become_root();
+		ret = pdb_getsampwsid(sam_acct, &user_sid);
+		unbecome_root();
+
+		if (!ret) {
 			DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n",
 				  sid_string_static(&user_sid), username));
 			DEBUGADD(1, ("Fall back to unix user %s\n", username));