(: June 21, 2019)
The IPA Identity Management server provides bidirectional user identity and password synchronization with Microsoft Active Directory. But after the configuration of IPA and Active Directory, the default shell for users is /bin/sh. This guide will discuss how you can change the default shell for AD trust users on FreeIPA client so that all users can enjoy better shell environments such as bash and zsh.
I assume you have installed and configured both FreeIPA server and Client. Our guides below should be helpful.
Change default Shell on SSSD
The System Security Services Daemon (SSSD) is a system service to access remote directories and authentication mechanisms. It connects a local system (an SSSD client) to an external back-end system (a domain). We will edit the SSSD client configuration file /etc/sssd/sssd.conf and define default shell under DOMAIN section.
$ sudo vim /etc/sssd/sssd.conf ....... default_shell = /bin/bash override_shell = /bin/bash
See screenshot below.
After making the change, remove sssd cache and restart sssd service.
sudo rm -rf /var/lib/sss/db/* sudo systemctl restart sssd
Check user on AD.
$ id ADSRV01\ipauser uid=1426401131([email protected]) gid=1426401131([email protected]) groups=1426401131([email protected]),1426400513(domain [email protected]),915800006(ad_users)
Try to ssh as AD user.
$ ssh ipauser@[email protected] Password: Creating home directory for [email protected] Last login: Fri Jun 21 16:41:27 2019 from localhost
Check user login shell.
$ echo $SHELL /bin/bash
You now have /bin/bash as default shell for all your AD users accessing Linux services via SSH.