![](https://seccdn.libravatar.org/avatar/f15c560a0ca9454d9c0122ea1a7a54e2.jpg?s=120&d=mm&r=g)
On Tue, 2013-08-20 at 07:57 -0400, Anton Aylward wrote:
Neil Rickert said the following on 08/19/2013 09:32 PM:
On Mon, 19 Aug 2013 22:58:10 +0200 lynn <lynn@steve-ss.com> wrote:
OK. It's not the file itself, more what I'm passing to the operating system. I'm using sssd, which seems to copy username to gecos and have / as the default home directory even if those attributes are not populated in AD. It will however allow me to leave login shell blank. getent then gives me this: cifsuser:*:3000020:20513:cifsuser:/: which gives the correct number of ":". I'm not sure whether it's sssd or AD which decides on the defaults. Anyway, a bit better.
A blank login shell is interpreted as "/bin/sh". If logins are never to be allowed for this user, I would typically set the shell to "/noshell", which does not have a special meaning, but will deny login as long as "/noshell" does not exist in the file system. Any non-existent file path would do the same thing.
Please see "man nologin" for the 'polite' way to do this :-)
Hi I can't get it polite: hh16:/tmo # nologin This account is currently not available. works OK but it's not polite: hh16:/tmp # su cifsuser Password: su: /noshell: No such file or directory This is what I have in the directory: cn: cifsuser objectClass: posixAccount uidNumber: 3000020 gidNumber: 20513 loginShell: /noshell Note that unixHomeDirectory and gecos are not set but still appear: hh16:/tmp # getent passwd cifsuser cifsuser:*:3000020:20513:cifsuser:/:/noshell Here is /etc/pam.d/common-auth auth required pam_env.so auth optional pam_gnome_keyring.so auth sufficient pam_unix.so try_first_pass auth required pam_sss.so use_first_pass sssd is up and is OK as all domain users with a loginShell can authenticate and are correctly placed in their home directory. 1. How do I get the polite message? 2. How do I enter a blank gecos 3. how do I enter a blank home directory? 4. Is it possible that cifsuser never be prompted for a password? Thanks -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org