[Samba] Fwd: Login shell always /bin/false or whatever template is set in smb.conf
Adam Cook
adam at cookuop.co.uk
Tue Nov 6 21:28:59 UTC 2018
Hi all,
I have just set up a Samba AD DC, my first time. Ubuntu Server 16.04.5 LTS
running Samba 4.3.11-Ubuntu.
If I add the below to */etc/samba/smb.conf* then the /bin/bash shell is
applied to all users:
template shell = /bin/bash
With *samba-tool user add* I am able to specify --login-shell parameter
however whatever value I pass here does not seem to apply correctly, as
confirmed by looking at result of *getent passwd <user>*.
For example, I remove the template shell option from smb.conf, restart
samba-ad-dc.service and run the below command:
samba-tool user add adam --given-name=Adam --surname=Cook
> --login-shell=/bin/bash
Then observe the below:
root at DC:~# getent passwd adam
> LAB\adam:*:3000048:100:Adam Cook:/home/LAB/adam:/bin/false
Am I missing something? I'm conscious of giving all domain users by default
a shell. I know I can limit SSH access by AD group but my train of thought
is that if the --login-shell parameter exists in samba-tool then it could
work somehow.
Best,
Adam
More information about the samba
mailing list