[Samba] pam_winbind, ssh and cross-forest membership...
samba at abisoft.biz
Tue Jan 11 11:58:42 UTC 2022
Won't "winbind expand groups = 5" help?
> Situation: multiforest AD domain, RHEL8, samba 4.14.5-2.el8.x86_64 .
> User 'a' is member of 'groupa' in domain SUBA.DOM.IT, in a forest where the
> domain 'DOM.IT' have a group 'supergroup' that have 'groupa' as member.
> If i put in sshd_config:
> AllowGroups root supergroup
> user are NON allowed to login. Also if i do:
> id a
> 'supergroup' is not listed as membership; clearly if i do:
> getent group supergroup
> 'supergroup' get listed (with empty membership).
> Seems like winbind by default does not expand the cross-forest membership.
> There's some way to force it? Thanks.
More information about the samba