[Samba] RFC2307: login shell is always /bin/false

Arne Zachlod arne at nerdkeller.org
Thu Jan 14 12:19:08 UTC 2021

Hello List,

I'm trying to connect a Linux based Terminal server to my Samba AD DC. 
The Domain was provisioned with samba 4.3 with the --use-rfc2307 command 
line attribute.

In Windows, I configured a login shell for my users, but when doing 
"getent passwd DOMAIN\\arne", I get /bin/false as a login shell:
arne:*:10001:10000:Arne Zachlod:/home/DOMAIN/arne:/bin/false

I double checked everything from the wiki, but maybe I missed womething? 
Is this even how it's supposed to work?

I also attached my smb.conf of my DC, as you will probably ask for it 
anyway, as well as the smb.conf form the terminalserver (samba domain 


smb.conf DC:
# Global parameters
	workgroup = DOMAIN
	realm = int.domain.de
	netbios name = ADDC01
	server role = active directory domain controller
	dns forwarder =
	idmap_ldb:use rfc2307 = yes
	server signing = Auto

	path = /var/lib/samba/sysvol/int.domain.de/scripts
	read only = No

	path = /var/lib/samba/sysvol
	read only = No

smd.conf terminalserver:
	netbios name = TS01
	security = ADS
	workgroup = DOMAIN
	realm = INT.DOMAIN.DE

	logfile = /var/log/samba/%m.log
	log level = 1

	# Default idmap config used for BUILTIN and local windows accounts/groups
	idmap config *:backend = tdb
	idmap config *:range = 2000-9999

	# idmap config for domain DOMAIN
	idmap config DOMAIN:backend = ad
	idmap config DOMAIN:schema_mode = rfc2307
	idmap config DOMAIN:range = 10000-99999

	# Use settings from AD for login shell and home directory
	winbind nss info = rfc2307
	winbind enum users = yes
	winbind enum groups = yes
	winbind use default domain = yes
	winbind refresh tickets = yes

	# disable printing
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes

More information about the samba mailing list