[Samba] Fwd: Login shell always /bin/false or whatever template is set in smb.conf

Adam Cook adam at cookuop.co.uk
Tue Nov 6 21:28:59 UTC 2018

Hi all,

I have just set up a Samba AD DC, my first time. Ubuntu Server 16.04.5 LTS
running Samba 4.3.11-Ubuntu.

If I add the below to */etc/samba/smb.conf* then the /bin/bash shell is
applied to all users:

template shell = /bin/bash

With *samba-tool user add* I am able to specify --login-shell parameter
however whatever value I pass here does not seem to apply correctly, as
confirmed by looking at result of *getent passwd <user>*.

For example, I remove the template shell option from smb.conf, restart
samba-ad-dc.service and run the below command:

samba-tool user add adam --given-name=Adam --surname=Cook
> --login-shell=/bin/bash

Then observe the below:

root at DC:~# getent passwd adam
> LAB\adam:*:3000048:100:Adam Cook:/home/LAB/adam:/bin/false

Am I missing something? I'm conscious of giving all domain users by default
a shell. I know I can limit SSH access by AD group but my train of thought
is that if the --login-shell parameter exists in samba-tool then it could
work somehow.


More information about the samba mailing list