[Samba] Cross forest group membership only showing after ssh
craig bourke
craig.bourke86 at gmail.com
Sat Oct 14 05:17:31 UTC 2017
I've got a two-way cross forest trust between forest A (users domain) and
forest B (resources domain).
I have linux1 joined to forest B and a user in forest A that's a member of
a group in forest B.
When i perform an id -a ForestA+user, i don't see the group membership.
When i perform an ssh ForestA+user at localhost and authenticate successfully,
i perform another id -a and can now see the group membership.
Is this expected behavior? I was hoping to limit ssh access to cross forest
group membership.
to further illustrate, the below shows the user's group membership of
CORP+testgroup shows after ssh. Note, it doesn't show after an su:
[root at linux1 ~]# id -a INTERNAL+mel.dire
uid=200001105(INTERNAL+mel.dire) gid=200000513(INTERNAL+domain users)
groups=200000513(INTERNAL+domain users),200001105(INTERNAL+mel.dire)
[root at linux1 ~]# ssh INTERNAL+mel.dire at localhost
[INTERNAL+mel.dire at linux1 ~]$ id -a
uid=200001105(INTERNAL+mel.dire) gid=200000513(INTERNAL+domain users)
groups=200000513(INTERNAL+domain
users),100001106(CORP+testgroup),200001105(INTERNAL+mel.dire)
Thanks.
More information about the samba
mailing list