[Samba] Cross forest group membership only showing after ssh

craig bourke craig.bourke86 at gmail.com
Sat Oct 14 05:17:31 UTC 2017


I've got a two-way cross forest trust between forest A (users domain) and
forest B (resources domain).

I have linux1 joined to forest B and a user in forest A that's a member of
a group in forest B.

When i perform an id -a ForestA+user, i don't see the group membership.

When i perform an ssh ForestA+user at localhost and authenticate successfully,
i perform another id -a and can now see the group membership.

Is this expected behavior? I was hoping to limit ssh access to cross forest
group membership.

to further illustrate, the below shows the user's group membership of
CORP+testgroup shows after ssh. Note, it doesn't show after an su:

[root at linux1 ~]# id -a INTERNAL+mel.dire
uid=200001105(INTERNAL+mel.dire) gid=200000513(INTERNAL+domain users)
groups=200000513(INTERNAL+domain users),200001105(INTERNAL+mel.dire)

[root at linux1 ~]# ssh INTERNAL+mel.dire at localhost

[INTERNAL+mel.dire at linux1 ~]$ id -a
uid=200001105(INTERNAL+mel.dire) gid=200000513(INTERNAL+domain users)
groups=200000513(INTERNAL+domain
users),100001106(CORP+testgroup),200001105(INTERNAL+mel.dire)

Thanks.


More information about the samba mailing list