Override template shell on linux system in Active Directory domain?

If you're using winbind, you can do the following:

  1. Install IDMU as Christoph suggested. If you have 2003 R2 or later, the necessary RFC 2307 schema is already installed, so you can skip this step.

  2. Add the following to smb.conf, per the Samba wiki:

    winbind nss info = rfc2307
    

    Again, this is only going to work if you're using winbind. Restart it once you've made the change.

  3. Set users' loginShell attribute in Active Directory. winbind will honor that setting on its next refresh.


If you have a large number of Linux systems using AD, this may not be efficient, but for a small number of systems, the simplest way of doing this is to run the following on the Linux machine:

getent passwd ADUSER >> /etc/passwd

Then edit the corresponding line in /etc/passwd to reflect the preferred shell (or better yet, use sed to change the shell entry on the fly before appending to /etc/passwd). IDMU, as others have suggested, is probably the most elegant solution for multiple hosts, but the above example gets the job done if you're just looking to do this on a few systems.


If you install Identity Management for Unix (IDMU) on your AD server, the LDAP schema is extended for storing Unix attributes and you can set the login shell in the "Unix Attributes" tab of the (user) object properties.