[Samba] SSH, pam_winbind and cross-forest membership...

[Marco Gaiarin]

In a multidomain/forest environment, seems that on domain members some
cross-forest membership get evaluated by pam_winbind only after a
successful logon.

But if i need (for example) users to logon to a server via SSH if
and only if they are members of a particular cross-forest group
(eg using AllowGroups in sshd_config)?


How can i solve this 'bootstrap' problem?


Thanks.

-- 
  In amore ci vuole fortuna, ma anche un bel culo non guasta.
							(Fabio Fazio)