Web lists-archives.com

[Samba] Cross forest group membership only showing after ssh




I've got a two-way cross forest trust between forest A (users domain) and
forest B (resources domain).

I have linux1 joined to forest B and a user in forest A that's a member of
a group in forest B.

When i perform an id -a ForestA+user, i don't see the group membership.

When i perform an ssh ForestA+user@localhost and authenticate successfully,
i perform another id -a and can now see the group membership.

Is this expected behavior? I was hoping to limit ssh access to cross forest
group membership.

to further illustrate, the below shows the user's group membership of
CORP+testgroup shows after ssh. Note, it doesn't show after an su:

[root@linux1 ~]# id -a INTERNAL+mel.dire
uid=200001105(INTERNAL+mel.dire) gid=200000513(INTERNAL+domain users)
groups=200000513(INTERNAL+domain users),200001105(INTERNAL+mel.dire)

[root@linux1 ~]# ssh INTERNAL+mel.dire@localhost

[INTERNAL+mel.dire@linux1 ~]$ id -a
uid=200001105(INTERNAL+mel.dire) gid=200000513(INTERNAL+domain users)
groups=200000513(INTERNAL+domain
users),100001106(CORP+testgroup),200001105(INTERNAL+mel.dire)

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba