Set Default Login Shell on SSSD for AD users using FreeIPA

18 June 2025

0

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

The IPA Identity Management server provides bidirectional user identity and password synchronization with Microsoft Active Directory. But after the configuration of IPA and Active Directory, the default shell for users is /bin/sh. This guide will discuss how you can change the default shell for AD trust users on FreeIPA client so that all users can enjoy better shell environments such as bash and zsh.

I assume you have installed and configured both FreeIPA server and Client. Our guides below should be helpful.

Installing FreeIPA server on Ubuntu / CentOS 7 / RHEL 8 / Rocky Linux 8
Configuring FreeIPA Client on CentOS 7 / Ubuntu/Debian / RHEL/CentOS 8

Change default Shell on SSSD

The System Security Services Daemon (SSSD) is a system service to access remote directories and authentication mechanisms. It connects a local system (an SSSD client) to an external back-end system (a domain). We will edit the SSSD client configuration file /etc/sssd/sssd.conf and define default shell under DOMAIN section.

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

$ sudo vim /etc/sssd/sssd.conf
.......
default_shell = /bin/bash
override_shell = /bin/bash

See screenshot below.

After making the change, remove sssd cache and restart sssd service.

sudo rm -rf /var/lib/sss/db/*
sudo systemctl restart sssd

Check user on AD.

$ id ADSRV01\\ipauser
uid=1426401131([email protected]) gid=1426401131([email protected]) groups=1426401131([email protected]),1426400513(domain [email protected]),915800006(ad_users)

Try to ssh as AD user.

$ ssh ipauser\@mydomain.com@localhost
Password: 
Creating home directory for [email protected].
Last login: Fri Jun 21 16:41:27 2019 from localhost

Check user login shell.

$ echo $SHELL
/bin/bash

You now have /bin/bash as default shell for all your AD users accessing Linux services via SSH. Find more guides below on FreeIPA:

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

Set Default Login Shell on SSSD for AD users using FreeIPA

Change default Shell on SSSD

Main Toolbar Functions in Wireshark

PRES Users Context List in Wireshark

What is ANCP Window in Wireshark?

LEAVE A REPLY Cancel reply

Most Popular

MediaTek’s next flagship chip may give future Android phones faster cores and a beefed-up NPU

Google Maps navigation on Pixel and Wear OS watches just got a lot easier

007 First Light seems like it offers exactly what I want from a James Bond video game

The biggest name on YouTube wants to run your next cell network

EDITOR PICKS

MediaTek’s next flagship chip may give future Android phones faster cores and a beefed-up NPU

Google Maps navigation on Pixel and Wear OS watches just got a lot easier

007 First Light seems like it offers exactly what I want from a James Bond video game

POPULAR POSTS

MediaTek’s next flagship chip may give future Android phones faster cores and a beefed-up NPU

Google Maps navigation on Pixel and Wear OS watches just got a lot easier

007 First Light seems like it offers exactly what I want from a James Bond video game

POPULAR CATEGORY

ABOUT US

FOLLOW US