On all versions of SSSD (centos, fedora, freebsd), default_shell does not function if the shell from an ldap user is not present.
My shell is /bin/zsh - it may be uninstalled, or in a different location on freebsd.
The following occurs 100%
host# su william
su: /bin/zsh: No such file or directory
host# which /bin/sh
host# cat /usr/local/etc/sssd/sssd.conf | grep -i shell_fallback
I'm not sure I understand the issue, sorry -- is the issue that william has a shell assigned, but it doesn't exist on the client or that the user entry in LDAP has no shell at all? (Or a variant of the first where the shell is installed but not present in /etc/shells and therefore not reported by getusershell(3))?)
What shell does getpwnam return for william? Can you paste me the output of getent passwd william?
getent passwd william
Ldap user william has a shell of /bin/zsh in their ldap object. But it does not exist on the target system.
In that case, isn't shell_fallback what you're looking for?
The default shell to use if an allowed shell is not installed on the machine.
(Yes, the options for augmenting the shell are too many and too confusing..)
It also doesn't work then.
It says "default: /bin/sh"
Evidence is showing it's failing to apply. So this issue is still valid.
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.4 — Documentation