> One part of the question is not clear to me:
 > Is the context AD users coming via trusts or is the client configured to
 > access AD directly?

They are from trust, not directly.

 > Anyhow, you can override the shell on the client using the
 > override_shell directive of sssd.conf. Simply put it into the domain
 > section and restart the SSSD.

Thanks for that tip, will try that one.

Let me also note that changing the default shell doesn't change the shell for any existing users (not entirely sure how this applies to trust users, it might get particularly wonky on different machines as each machine's sssd cache could have a different shell).


Freeipa-users mailing list

Reply via email to