[Samba] template shell RFC2307 loginShell
jeff.sadowski at gmail.com
Sat Dec 5 02:47:14 UTC 2015
Thank you Rowland for looking at it.
I did read the wiki here https://wiki.samba.org/index.php/Idmap_config_ad
that is how I got as far as I did; that and the idmap_ad man page. I could
not find how to use the loginShell is there a variable I can use for it in
the template or an option to set to use it? loginShell and unixHomedir are
not mentioned on the wiki that I could find. I'm good with the templated
homedir but curious how to use the unixHomedir. It seems that the schema_mode
= rfc2307 is the default as it works fine except for the default shells
which I have the workaround for. I think I will move them out of their home
directories and set them else ware, where users will need to ask to change
the shell. I purposefully set rid as the default backend if one does not
exist explicit for the domain as it worked better for me. What I did with
the default backend should stop the login if the domain isn't explicitly
On Fri, Dec 4, 2015 at 4:00 PM, Rowland penny <rpenny at samba.org> wrote:
> On 04/12/15 22:43, Jeff Sadowski wrote:
>> We use power broker here at work and where wondering why we need it.
>> I was able to setup a new linux server using samba and am able to login
>> with my active directory accounts but I couldn't figure out how to set the
>> login shells.
>> I have a work around but would like feedback
>> in my /etc/samba/smb.conf I have the following
>> security = ads
>> realm = DOMAIN.LONG
>> workgroup = DOMAIN
>> idmap config DOMAIN : backend = ad
>> idmap config DOMAIN : range = 1000-999999999
>> #should not get here
>> idmap config * : range = 999999998-999999999
>> idmap config * :backend =rid
>> template homedir = /nfs/homes/%U
>> template shell = /nfs/homes/%U/.default_shell
>> winbind use default domain = yes
>> restrict anonymous = 2
> Have you considered reading the Samba wiki ?
> Your 'idmap config' block should look similar to this:
> # Default idmap config used for BUILTIN and local accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> # idmap config for domain SAMDOM
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000-99999
> # Use template settings for login shell and home directory
> winbind nss info = template
> template shell = /nfs/homes/%U/.default_shell
> template homedir = /nfs/homes/%U
> Though as you seem to be using uidNumber & gidNumber attributes, you could
> also store the loginShell and unixHomedir in AD as well.
> allowing users to pick their shell using
>> ln -s /bin/bash ~/.default_shell
>> ln -s /bin/tcsh ~/.default_shell
>> It will be easy to create the .default shell for each user using a simple
>> script I can run on a machine that has power broker but I am wondering
>> others have done to allow users to pick their shell using samba to
>> What are the downsides of doing it the way I did it?
>> is there a way to use the loginShell provided by rfc2307 that I haven't
>> found documented in samba?
>> I'm using samba version 4.1.6 if that makes a difference. I could probably
>> find a way to upgrade if there is support in newer versions.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba