Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-forest trust - not supported but partially working? #7837

Open
fdalfa opened this issue Feb 12, 2025 · 0 comments
Open

Cross-forest trust - not supported but partially working? #7837

fdalfa opened this issue Feb 12, 2025 · 0 comments

Comments

@fdalfa
Copy link

fdalfa commented Feb 12, 2025

Hello,

I know that cross-forest trust is declared as not supported but.. our environment is similar to #7544 and #6843: we have

  1. main.com forest
  2. sub.main.com forest (it looks a main.com child but no, is a forest)
  3. bidirectional trust between above forests

we have then some linux machines with sssd configured for direct ad integration on sub.main.com forest and GPO access control; the GPO declares

and everything works fine until we put a main.com user into [email protected]: the first user's login attempt fails, the subsequent ones are ok. If we wait some minutes (a cache expiring?), again: the first login fails, the subsequents are ok.

IMHO the above is a straightforward cross-forest group memberships case, I understood that sssd will not handle it but.. why does it works after the first failure? I expected to have no login at all, I dunno if some odd parameters (eg. a timeout) may solve my issue.

thanks and regards,
Fabrizio

@fdalfa fdalfa changed the title Cross-forest trust - not s Cross-forest trust - not supported but partially working? Feb 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant