[Samba] Problem with Active Directory authentication
Data Control Systems - Mike Elkevizth
mike at datacontrolsystems.com
Wed Jun 8 22:55:53 UTC 2016
The problem is that on a Samba AD DC you only get 'uidNumber' & 'gidNumber'
attributes from winbindd, all other rfc2307 attributes are ignored, so the
shell set in the RFC2307 attributes will not be honored on a DC. I'm not
sure why this is, but it is. Maybe a Samba dev can chime in on why it is
necessary for a DC to act this way.? It's caused me plenty of headaches.
Mike E.
On Jun 8, 2016 6:38 PM, "Miguel Medalha" <medalist at sapo.pt> wrote:
>
> (...) By default a samba AD DC sets the login shell for all
>> Active Directory user accounts to /bin/false. The only way I've found to
>> change this, is to override that globally with the "template shell =
>> /bin/bash" option in smb.conf, which enables it globally for all Active
>> Directory users (probably not desired).
>>
>
> Using RFC2307 you can give each user its own shell and home directory.
> Read here:
>
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
>
>
More information about the samba
mailing list