I loved to find out how to achieve that.
I did looked for information, all I found was that:
https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS
Unfortunately it seems to list all users (I don't know these MS commands
but "Get-AdUser -Filter"...) then sending that list to something to
modify
received users list ("Set-AdObject -Replace
@{unixhomedirectory='/bin/sh','bin/bash'}" and
https://technet.microsoft.com/en-us/library/ee617215.aspx).
I would have looked into AD schema and configuration DIT (or naming
context?) but first I did a grep on Samba's source tree looking for
"/bin/sh" string but that strnig seems to be used for running commands
and
shebangs only, I could easily have missed something anyway.
A cheating method is to give that task (user creation) to another team or
to use LDIF to create user, but you already thought about these options I
expect : )
Cheers,
mathias
2016-06-13 9:22 GMT+02:00 Daniel Thielking <
daniel.thielking at ias.rwth-aachen.de>:
> That already works and we use RFC2307. We also create user account with
> ADUC. But every time we create a user with ADUC we have to change the
> attribute /bin/sh to /bin/tcsh because /bin/sh seems to be the default
> value for this attribute. I want to know how to change this default value
> to /bin/tcsh so that we don't need to change it every time when we
create
> new users via ADUC.
>
>
> On 13/06/16 09:07, Rowland penny wrote:
>
>> On 13/06/16 07:27, Daniel Thielking wrote:
>>
>>> Yes of course. We use Samba4 ADDC with winbind to get unix
attributes
>>> from the DC to the clients. But every time we creating a new member
in the
>>> AD we have to change the default shell what is /bin/sh to
/bin/tcsh. So we
>>> want to change the default value of the field in the AD that we
don't have
>>> to change it every time.
>>>
>>> The users logging in on a unix domain member. No login on DC
themselves.
>>>
>>> Samba Version is 4.4.4 compiled from source no extra options
chosen.
>>>
>>>
>>>
>>>
>> OK, if you are logging into a domain member, then you need to use
RFC2307
>> attributes, see here:
>>
>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>
>> I take it you are creating the users with ADUC, if you use samba-tool
on
>> the DC, you can add the required attributes when you create a new user,
>> type 'samba-tool user create --help' in a terminal on the DC
for more info.
>>
>> Rowland
>>
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 13/06/16 13:13, mathias dufresne wrote:> I loved to find out how to achieve that. > > I did looked for information, all I found was that: > https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS > > Unfortunately it seems to list all users (I don't know these MS commands > but "Get-AdUser -Filter"...) then sending that list to something to modify > received users list ("Set-AdObject -Replace > @{unixhomedirectory='/bin/sh','bin/bash'}" and > https://technet.microsoft.com/en-us/library/ee617215.aspx).You could always use ldbmodify on the Samba4 DC and the attribute you need to change for the users login shell is 'loginShell' :-)> > I would have looked into AD schema and configuration DIT (or naming > context?) but first I did a grep on Samba's source tree looking for > "/bin/sh" string but that strnig seems to be used for running commands and > shebangs only, I could easily have missed something anyway.Try reading /usr/local/samba/share/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt Note: the path to your copy may vary. Rowland> > A cheating method is to give that task (user creation) to another team or > to use LDIF to create user, but you already thought about these options I > expect : ) > > Cheers, > > mathias > >
2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 13/06/16 13:13, mathias dufresne wrote: > >> I loved to find out how to achieve that. >> >> I did looked for information, all I found was that: >> >> https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS >> >> Unfortunately it seems to list all users (I don't know these MS commands >> but "Get-AdUser -Filter"...) then sending that list to something to modify >> received users list ("Set-AdObject -Replace >> @{unixhomedirectory='/bin/sh','bin/bash'}" and >> https://technet.microsoft.com/en-us/library/ee617215.aspx). >> > > You could always use ldbmodify on the Samba4 DC and the attribute you need > to change for the users login shell is 'loginShell' :-) >Yep, MS doc, the dude who wrote that made a mistake, he tried to help at least.> > >> I would have looked into AD schema and configuration DIT (or naming >> context?) but first I did a grep on Samba's source tree looking for >> "/bin/sh" string but that strnig seems to be used for running commands and >> shebangs only, I could easily have missed something anyway. >> > > Try reading > /usr/local/samba/share/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt > Note: the path to your copy may vary. >I thought schemas were descriptions of attributes and classes, not places to set values. As I could be wrong, I used grep to read that file: cat `locate MS-AD_Schema_2K8_R2_Attributes.txt` | grep sh -w -> no answer, "sh" (as word) is not present in that file. There is still a chance it is written in configuration DIT but as the same grep was done during the week-end on the whole Samba 4.4.4 source tree without findind more relevant traces of "sh" word, I'm now suspecting the client is the one managing that. If I found time I'll have a look into that DIT...> > Rowland > > >> A cheating method is to give that task (user creation) to another team or >> to use LDIF to create user, but you already thought about these options I >> expect : ) >> >> Cheers, >> >> mathias >> >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >