[Samba] template shell RFC2307 loginShell

Jeff Sadowski jeff.sadowski at gmail.com
Fri Dec 4 22:43:44 UTC 2015

We use power broker here at work and where wondering why we need it.

I was able to setup a new linux server using samba and am able to login
with my active directory accounts but I couldn't figure out how to set the
login shells.
I have a work around but would like feedback
in my /etc/samba/smb.conf I have the following

   security = ads
   realm = DOMAIN.LONG
   workgroup = DOMAIN
   idmap config DOMAIN : backend = ad
   idmap config DOMAIN : range = 1000-999999999
   #should not get here
   idmap config * : range = 999999998-999999999
   idmap config * :backend      =rid
   template homedir = /nfs/homes/%U
   template shell = /nfs/homes/%U/.default_shell
   winbind use default domain = yes
   restrict anonymous = 2

allowing users to pick their shell using
ln -s /bin/bash ~/.default_shell
ln -s /bin/tcsh ~/.default_shell

It will be easy to create the .default shell for each user using a simple
script I can run on a machine that has power broker but I am wondering what
others have done to allow users to pick their shell using samba to
What are the downsides of doing it the way I did it?

is there a way to use the loginShell provided by rfc2307 that I haven't
found documented in samba?

I'm using samba version 4.1.6 if that makes a difference. I could probably
find a way to upgrade if there is support in newer versions.

More information about the samba mailing list