Open Thulium-Drake opened 4 years ago
chsnell
commented
4 years ago I know you can set the default shell at the IPA server config. It can be done in the ipaconfig module with the defaultshell parameter. Then, if your users are local to IPA (and not through a trust), you can override them in the user information. Is that what you're looking for?
Thulium-Drake
commented
4 years ago I already did that :-) but most of the users will be coming through a trust from AD. So all the IPA users are accounted for, but SSSD still assumes /bin/bash if the shell is not provided for a user (which is the case for AD)
rjeffman
commented
4 years ago I don't know how to change with IPA, but if ipaconfig is not enough, you might try configuring SSSD.
Thulium-Drake
commented
4 years ago Well that's exactly the point of this issue. I use the ipaclient role to configure the IPA domain joins, which means it has control over the SSSD config files. But the module it uses to generate sssd.conf does not have options for default_shell / override_shell
rjeffman
commented
4 years ago The behavior of the module is consistent with the IPA CLI command, as both (role and CLI) use the same FreeIPA calls.The issue is that FreeIPA does not provide, as of today, a way to set the default shell at install time.
An alternative to set this with Ansible, until it is available in FreeIPA, is to write a task with lineinfile. I agree it is not the best solution, but one that is readily available.
I'm marking this issue as an enhancement, but we have to have this on FreeIPA before we can add it to the role.
Thulium-Drake
commented
4 years ago I see, thanks for clarifying! I'll work out something, thanks!
Hi!
In my environment I have a need to set a default_shell and sometimes override it, but it seems the module that renders the SSSD config has no option for that at this time.