Hi, I think I managed changing the LDAP attribute, so we don’t need to delete user and create new, but maybe it’s a just a workaround for now because we have to allow ldap weak auth.
Add this line to NSDC smb.conf global section: ldap server require strong auth = no
and restart samba4 in container.
Detailed solution with templating can be found here:
Create an ldif file, like test.ldif with following content according to your Samba AD
dn: cn=markus,cn=Users,dc=ad,dc=local changetype: modify replace: loginShell loginShell: /bin/bash
Then use ldapmodify from Nethserver et voilà!
[root@server ~]# ldapmodify -h NSDC-SERVER -D admin@ad.local -w SECRET -f test.ldif modifying entry "cn=markus,cn=Users,dc=ad,dc=local"
You may set loginShell to /usr/libexec/openssh/sftp-server or /bin/false for deactivating shell access.
Hope this helps!