3

Within in the sssd.conf file, does anyone know what the syntax should be to allow me to switch between different login shells?

Thanks

example@example.com:~$ chsh -s /bin/zsh
Password:
chsh: user 'example' does not exist in /etc/passw
Valentin Bajrami
  • 4,045
  • 1
  • 18
  • 26
d3code2016
  • 31
  • 1
  • 2
  • Do you want to set a different default shell or change shells mid-session? – sippybear Jul 19 '16 at 02:06
  • Are you using ldap / freeipa services? Tell us more about your environment – Valentin Bajrami Jul 19 '16 at 10:05
  • I would like to change shells mid session and I'm using Active Directory. Running Ubuntu 14.0.4 LTS – d3code2016 Jul 19 '16 at 14:52
  • @d3code2016 the error `chsh: user 'example' does not exist in /etc/passwd` suggests that there is no user in `/etc/passwd` which is correct. If you have a central container like `ldap` that holds all objects like 'users', 'passwords', 'computers' etc.. then that's where you've to look for. What does `/etc/nsswitch.conf` show? And you are better off asking your ldap admin to modify your shell. There might be restrictions. – Valentin Bajrami Jul 20 '16 at 07:49
  • # `info libc "Name Service Switch"' for information about this file. passwd: compat sss group: compat sss shadow: compat sss hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sss sudoers: files sss – d3code2016 Jul 20 '16 at 13:44

3 Answers3

2

You have to edit the file /etc/sssd/sssd.conf and override the default shell in the domain section of the file :

[domain/YOUR_DOMAIN]
override_shell = /bin/zsh
user9486892
  • 21
  • 2
1

If this is FreeIPA, use the IPA command:

ipa user-mod  username --shell=/bin/bash

By default users can modify themselves.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
MamaMouse
  • 11
  • 1
1

using override_shell changed shell for everyone.

In AD you can add the unix shell it uses the attribute loginShell Open the user in AD Users and Computers click on the attribute tab and look for loginShell and edit that to the desired shell for the user

then in sssd.conf I add the line shell_fallback = /bin/zsh that way if your user doesn't have a shell in AD they still get a shell.
I also did add ldap_schema = ad to sssd.conf to force Active Directory schema.

Steve Krawcke
  • 11
  • 2
  • 1
    I also had to clear the cache the hard way (`systemctl stop sssd && rm -rf /var/lib/sss/db/* && systemctl restart sssd`, `sss_cache -E` did NOT work), then logout and log back in before it got applied. – bviktor Nov 20 '19 at 13:57