[Samba] RFC2307: login shell is always /bin/false
Arne Zachlod
arne at nerdkeller.org
Thu Jan 14 12:19:08 UTC 2021
Hello List,
I'm trying to connect a Linux based Terminal server to my Samba AD DC.
The Domain was provisioned with samba 4.3 with the --use-rfc2307 command
line attribute.
In Windows, I configured a login shell for my users, but when doing
"getent passwd DOMAIN\\arne", I get /bin/false as a login shell:
arne:*:10001:10000:Arne Zachlod:/home/DOMAIN/arne:/bin/false
I double checked everything from the wiki, but maybe I missed womething?
Is this even how it's supposed to work?
I also attached my smb.conf of my DC, as you will probably ask for it
anyway, as well as the smb.conf form the terminalserver (samba domain
member).
Thanks
Arne
smb.conf DC:
========================
# Global parameters
[global]
workgroup = DOMAIN
realm = int.domain.de
netbios name = ADDC01
server role = active directory domain controller
dns forwarder = 10.1.1.1
idmap_ldb:use rfc2307 = yes
server signing = Auto
[netlogon]
path = /var/lib/samba/sysvol/int.domain.de/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
smd.conf terminalserver:
========================
[global]
netbios name = TS01
security = ADS
workgroup = DOMAIN
realm = INT.DOMAIN.DE
logfile = /var/log/samba/%m.log
log level = 1
# Default idmap config used for BUILTIN and local windows accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain DOMAIN
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
More information about the samba
mailing list