Web lists-archives.com

[Samba] Fwd: Login shell always /bin/false or whatever template is set in smb.conf

Hi all,

I have just set up a Samba AD DC, my first time. Ubuntu Server 16.04.5 LTS
running Samba 4.3.11-Ubuntu.

If I add the below to */etc/samba/smb.conf* then the /bin/bash shell is
applied to all users:

template shell = /bin/bash

With *samba-tool user add* I am able to specify --login-shell parameter
however whatever value I pass here does not seem to apply correctly, as
confirmed by looking at result of *getent passwd <user>*.

For example, I remove the template shell option from smb.conf, restart
samba-ad-dc.service and run the below command:

samba-tool user add adam --given-name=Adam --surname=Cook
> --login-shell=/bin/bash

Then observe the below:

root@DC:~# getent passwd adam
> LAB\adam:*:3000048:100:Adam Cook:/home/LAB/adam:/bin/false

Am I missing something? I'm conscious of giving all domain users by default
a shell. I know I can limit SSH access by AD group but my train of thought
is that if the --login-shell parameter exists in samba-tool then it could
work somehow.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba