[Samba] RFC2307: login shell is always /bin/false
Arne Zachlod
arne at nerdkeller.org
Mon Jan 18 14:20:27 UTC 2021
Hello List,
for anyone interested, I just solved it. My smb.conf of the
terminalserver was missing a crucial line:
template shell = /bin/sh
Once again, reading the manual saved the day.
- Arne
On 1/14/21 1:19 PM, Arne Zachlod via samba wrote:
> Hello List,
>
> I'm trying to connect a Linux based Terminal server to my Samba AD DC.
> The Domain was provisioned with samba 4.3 with the --use-rfc2307 command
> line attribute.
>
> In Windows, I configured a login shell for my users, but when doing
> "getent passwd DOMAIN\\arne", I get /bin/false as a login shell:
> arne:*:10001:10000:Arne Zachlod:/home/DOMAIN/arne:/bin/false
>
> I double checked everything from the wiki, but maybe I missed womething?
> Is this even how it's supposed to work?
>
> I also attached my smb.conf of my DC, as you will probably ask for it
> anyway, as well as the smb.conf form the terminalserver (samba domain
> member).
>
> Thanks
> Arne
>
> smb.conf DC:
> ========================
> # Global parameters
> [global]
> workgroup = DOMAIN
> realm = int.domain.de
> netbios name = ADDC01
> server role = active directory domain controller
> dns forwarder = 10.1.1.1
> idmap_ldb:use rfc2307 = yes
> server signing = Auto
>
> [netlogon]
> path = /var/lib/samba/sysvol/int.domain.de/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
>
> smd.conf terminalserver:
> ========================
> [global]
> netbios name = TS01
> security = ADS
> workgroup = DOMAIN
> realm = INT.DOMAIN.DE
>
> logfile = /var/log/samba/%m.log
> log level = 1
>
> # Default idmap config used for BUILTIN and local windows
> accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
>
> # idmap config for domain DOMAIN
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000-99999
>
> # Use settings from AD for login shell and home directory
> winbind nss info = rfc2307
>
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind refresh tickets = yes
>
> # disable printing
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
More information about the samba
mailing list