[Samba] SSH, pam_winbind and cross-forest membership...

[Marco Gaiarin]

In a multidomain/forest environment, seems that on domain members some
cross-forest membership get evaluated by pam_winbind only after a
successful logon.

But if i need (for example) users to logon to a server via SSH if
and only if they are members of a particular cross-forest group
(eg using AllowGroups in sshd_config)?


How can i solve this 'chicken and egg' problem?


Thanks.

-- 
  E sempre allegri bisogna stare, che il nostro piangere fa male al Re
  fa male al ricco, al Cardinale,
  diventan tristi se noi piangiam...			(Fo, Jannacci)