[Samba] pam_winbind, ssh and cross-forest membership...
Marco Gaiarin
gaio at lilliput.linux.it
Tue Jan 11 11:15:24 UTC 2022
Situation: multiforest AD domain, RHEL8, samba 4.14.5-2.el8.x86_64 .
User 'a' is member of 'groupa' in domain SUBA.DOM.IT, in a forest where the
domain 'DOM.IT' have a group 'supergroup' that have 'groupa' as member.
If i put in sshd_config:
AllowGroups root supergroup
user are NON allowed to login. Also if i do:
id a
'supergroup' is not listed as membership; clearly if i do:
getent group supergroup
'supergroup' get listed (with empty membership).
Seems like winbind by default does not expand the cross-forest membership.
There's some way to force it? Thanks.
--
I poveri debbono smetterla di lamentarsi della pagliuzza negli occhi dei
ricchi avendo una trave nel culo! (Paolo Rossi, in collegamento da
Bologna con la trasmissione MARKETTE, imitando Berlusconi)
More information about the samba
mailing list