[Samba] SSH, pam_winbind and cross-forest membership...

Marco Gaiarin gaio at lilliput.linux.it
Thu Mar 31 16:51:45 UTC 2022

In a multidomain/forest environment, seems that on domain members some
cross-forest membership get evaluated by pam_winbind only after a
successful logon.

But if i need (for example) users to logon to a server via SSH if
and only if they are members of a particular cross-forest group
(eg using AllowGroups in sshd_config)?

How can i solve this 'chicken and egg' problem?


  E sempre allegri bisogna stare, che il nostro piangere fa male al Re
  fa male al ricco, al Cardinale,
  diventan tristi se noi piangiam...			(Fo, Jannacci)

More information about the samba mailing list