On Jun 23, 2021, at 7:12 AM, Hooton, Gerard <g.hooton@xxxxxx> wrote: > > The users are authenticated using OpenLDAP. > On LDAP the default shell is csh. > When ssh to login it works, i.e. $SHELL = /bin/csh > Also, when using xrdp it works. > However, a login from the keyboard and screen attached computer we get $SHELL = /bin/bash The shell is a symptom, not the core issue here. The core issue is that local console logins aren’t configured to use LDAP on your system, so they fall back to the old flat-file-based user info sources. (/etc/passwd, /etc/group, /etc/shadow…) The question then is, do you really *want* local logins to require the LDAP server to be up before it’ll accept a login? If an LDAP package upgrade roaches things, do you want to be forced to reboot into single-user mode to fix it? If there’s a network outage between this box and the OpenLDAP server, are you going to wait to log in locally as well until the network’s fixed? Me, I’d just do a “chsh” on the users or a sed pass on /etc/passwd to change all the shells locally so they match the LDAP configuration so I can have it both ways. However, if you’re bound and determined to have LDAP be the single source of all user truth, the bit at the end of Step 2 here looks like it should do that: https://arthurdejong.org/nss-pam-ldapd/setup May you live to *not* regret doing that! _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos