[SOLVED] Override nologin-entry for LDAP user

[anoia]

Dear Community,

the last two weeks have seen much googlework, trial and error configuring Centos7 on an intranet server as LDAP client with... this and that, getting jupyterhub working took most of the time. Having used only debian based systems so far, it was quite a ride.

The one problem I cannot tackle so far is the LDAP-Server, which sets no-login as shell for all network users. I can authenticate via ssh, but get kicked out immediately. Since I don't have root access to that Server, there's not much I can do about it there.

I tried:

• adding

  Code: Select all

  default shell = /bin/bash

  to /etc/sssd/sssd.conf,
• adding

  Code: Select all

  map passwd loginShell "/bin/bash"

  to /etc/nslcd.conf

and restarting services nslcd, sssd, but to no avail.

Are there more places to look out for? Where? Most things I do find are modifying LDAP server settings. That, again, is no option, the server won't change. It's operated by an its-running-so-what-do-you-want-everything-else-is-your-problem-company. In debian, I did a nsswitch_override... (or the like of it) in ldap.conf, but here?

Thank you very much in advance
Ralf from Berlin

[tomkep]

Assuming you are using sssd (and it looks to me like you do) the command you are looking for is sss_override. Try:

Code: Select all

sss_override user-add <username> --shell=/bin/bash

Please also note that configuration entry you need to change in sssd.conf if you consider the change for ALL users is likely override_shell, not "default shell".

[anoia]

Thank you very much,

adding

Code: Select all

override_shell = /bin/bash

in the nss section of sssd.conf did the job.