[Samba] template shell RFC2307 loginShell
Rowland penny
rpenny at samba.org
Fri Dec 4 23:00:52 UTC 2015
On 04/12/15 22:43, Jeff Sadowski wrote:
> We use power broker here at work and where wondering why we need it.
>
> I was able to setup a new linux server using samba and am able to login
> with my active directory accounts but I couldn't figure out how to set the
> login shells.
> I have a work around but would like feedback
> in my /etc/samba/smb.conf I have the following
>
> security = ads
> realm = DOMAIN.LONG
> workgroup = DOMAIN
> idmap config DOMAIN : backend = ad
> idmap config DOMAIN : range = 1000-999999999
> #should not get here
> idmap config * : range = 999999998-999999999
> idmap config * :backend =rid
> template homedir = /nfs/homes/%U
> template shell = /nfs/homes/%U/.default_shell
> winbind use default domain = yes
> restrict anonymous = 2
>
Have you considered reading the Samba wiki ?
Your 'idmap config' block should look similar to this:
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain SAMDOM
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
# Use template settings for login shell and home directory
winbind nss info = template
template shell = /nfs/homes/%U/.default_shell
template homedir = /nfs/homes/%U
Though as you seem to be using uidNumber & gidNumber attributes, you
could also store the loginShell and unixHomedir in AD as well.
Rowland
> allowing users to pick their shell using
> ln -s /bin/bash ~/.default_shell
> or
> ln -s /bin/tcsh ~/.default_shell
> ...
>
> It will be easy to create the .default shell for each user using a simple
> script I can run on a machine that has power broker but I am wondering what
> others have done to allow users to pick their shell using samba to
> authenticate?
> What are the downsides of doing it the way I did it?
>
> is there a way to use the loginShell provided by rfc2307 that I haven't
> found documented in samba?
>
> I'm using samba version 4.1.6 if that makes a difference. I could probably
> find a way to upgrade if there is support in newer versions.
More information about the samba
mailing list