On 13/06/16 07:27, Daniel Thielking wrote:> Yes of course. We use Samba4 ADDC with winbind to get unix attributes > from the DC to the clients. But every time we creating a new member in > the AD we have to change the default shell what is /bin/sh to > /bin/tcsh. So we want to change the default value of the field in the > AD that we don't have to change it every time. > > The users logging in on a unix domain member. No login on DC themselves. > > Samba Version is 4.4.4 compiled from source no extra options chosen. > > >OK, if you are logging into a domain member, then you need to use RFC2307 attributes, see here: https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member I take it you are creating the users with ADUC, if you use samba-tool on the DC, you can add the required attributes when you create a new user, type 'samba-tool user create --help' in a terminal on the DC for more info. Rowland
That already works and we use RFC2307. We also create user account with ADUC. But every time we create a user with ADUC we have to change the attribute /bin/sh to /bin/tcsh because /bin/sh seems to be the default value for this attribute. I want to know how to change this default value to /bin/tcsh so that we don't need to change it every time when we create new users via ADUC. On 13/06/16 09:07, Rowland penny wrote:> On 13/06/16 07:27, Daniel Thielking wrote: >> Yes of course. We use Samba4 ADDC with winbind to get unix attributes >> from the DC to the clients. But every time we creating a new member >> in the AD we have to change the default shell what is /bin/sh to >> /bin/tcsh. So we want to change the default value of the field in the >> AD that we don't have to change it every time. >> >> The users logging in on a unix domain member. No login on DC themselves. >> >> Samba Version is 4.4.4 compiled from source no extra options chosen. >> >> >> > > OK, if you are logging into a domain member, then you need to use > RFC2307 attributes, see here: > > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > I take it you are creating the users with ADUC, if you use samba-tool > on the DC, you can add the required attributes when you create a new > user, type 'samba-tool user create --help' in a terminal on the DC for > more info. > > Rowland > > >
On 13/06/16 08:22, Daniel Thielking wrote:> That already works and we use RFC2307. We also create user account > with ADUC. But every time we create a user with ADUC we have to change > the attribute /bin/sh to /bin/tcsh because /bin/sh seems to be the > default value for this attribute. I want to know how to change this > default value to /bin/tcsh so that we don't need to change it every > time when we create new users via ADUC. >OK, I think you are going to have to ask Microsoft about that, it seems to be hard coded in the ADUC code. Your options appear to be: Use ADUC and change the shell every time you add Unix attributes to a user (note: the latest ADUC doesn't have the Unix attributes tabs) Use a script on windows to create your users. Use samba-tool on the Samba4 AD DC to create users. Rowland
I loved to find out how to achieve that.
I did looked for information, all I found was that:
https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS
Unfortunately it seems to list all users (I don't know these MS commands
but "Get-AdUser -Filter"...) then sending that list to something to
modify
received users list ("Set-AdObject -Replace
@{unixhomedirectory='/bin/sh','bin/bash'}" and
https://technet.microsoft.com/en-us/library/ee617215.aspx).
I would have looked into AD schema and configuration DIT (or naming
context?) but first I did a grep on Samba's source tree looking for
"/bin/sh" string but that strnig seems to be used for running commands
and
shebangs only, I could easily have missed something anyway.
A cheating method is to give that task (user creation) to another team or
to use LDIF to create user, but you already thought about these options I
expect : )
Cheers,
mathias
2016-06-13 9:22 GMT+02:00 Daniel Thielking <
daniel.thielking at ias.rwth-aachen.de>:
> That already works and we use RFC2307. We also create user account with
> ADUC. But every time we create a user with ADUC we have to change the
> attribute /bin/sh to /bin/tcsh because /bin/sh seems to be the default
> value for this attribute. I want to know how to change this default value
> to /bin/tcsh so that we don't need to change it every time when we
create
> new users via ADUC.
>
>
> On 13/06/16 09:07, Rowland penny wrote:
>
>> On 13/06/16 07:27, Daniel Thielking wrote:
>>
>>> Yes of course. We use Samba4 ADDC with winbind to get unix
attributes
>>> from the DC to the clients. But every time we creating a new member
in the
>>> AD we have to change the default shell what is /bin/sh to
/bin/tcsh. So we
>>> want to change the default value of the field in the AD that we
don't have
>>> to change it every time.
>>>
>>> The users logging in on a unix domain member. No login on DC
themselves.
>>>
>>> Samba Version is 4.4.4 compiled from source no extra options
chosen.
>>>
>>>
>>>
>>>
>> OK, if you are logging into a domain member, then you need to use
RFC2307
>> attributes, see here:
>>
>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>
>> I take it you are creating the users with ADUC, if you use samba-tool
on
>> the DC, you can add the required attributes when you create a new user,
>> type 'samba-tool user create --help' in a terminal on the DC
for more info.
>>
>> Rowland
>>
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>