[Samba] Problem with Active Directory authentication

Data Control Systems - Mike Elkevizth mike at datacontrolsystems.com
Wed Jun 8 22:55:53 UTC 2016

The problem is that on a Samba AD DC you only get 'uidNumber' & 'gidNumber'
attributes from winbindd, all other rfc2307 attributes are ignored, so the
shell set in the RFC2307 attributes will not be honored on a DC.  I'm not
sure why this is, but it is.  Maybe a Samba dev can chime in on why it is
necessary for a DC to act this way.?  It's caused me plenty of headaches.

Mike E.
On Jun 8, 2016 6:38 PM, "Miguel Medalha" <medalist at sapo.pt> wrote:

> (...)  By default a samba AD DC sets the login shell for all
>> Active Directory user accounts to /bin/false.  The only way I've found to
>> change this, is to override that globally with the "template shell =
>> /bin/bash" option in smb.conf, which enables it globally for all Active
>> Directory users (probably not desired).
> Using RFC2307 you can give each user its own shell and home directory.
> Read here:
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD

More information about the samba mailing list