Jamf Nation Community

d'oh its early and i haven't had a coffee yet thats my excuse :P

very interesting issue that you encountered there mm2270 - good info to know

I can't run a command line without fixing Terminal. I did look in Directory Utility and Under Advanced Options - User Experience - Default user shell is checked and lists /bin/bash. If I go into Users & Groups - right click on my network user click Advanced Options it shows Login Shell: /usr/bin/tcsh.

I fixed the shell on my network user, logged out and logged in with a test user account we have, verified the test users shell in Advanced Options shows Login Shell: /usr/bin/tcsh.

Then I logged back in with my fixed network account user ran your script for the test user and it came back with /bin/bash. It seems like your script just shows what is in the Directory Utility of the User instead of the profile of the user.

Yes, the line I posted is querying AD for the user settings. If you want to look at the local cached account, then replace the "Active Directory/ORG/All Domains" with just a period to indicate the localhost. So...

dscl . /Users/username UserShell

but that will only show most likely that the User Shell is set to /bin/tsch, which you kind of already know.
You can change the setting from dscl as well, but you need to figure out where that's actually coming from. Are you saying if you run the query on the account against AD its returning /bin/bash for the User Shell setting?

We dug into this a bit and tracked this down to be related to a change in AD and some behavior of the Apple AD plug-in. Centrify is used in AD here for users who need access to Unix environments, and we found that if a user changed their default shell in their Unix environment to something other than /bin/bash, it was stored in MCX settings by Centrify for their account.

^^ intrigues me though. Is there a possibility that with our old AD system 2003, I believe, the tcsh is already stored in MCX settings and that's where it's pulling the /usr/bin/tcsh from? We create mobile accounts at login. I will test not creating a mobile account when binding and see what the Shell is.

Yeah, that's kind of why I mentioned all that. Its very possible the shell setting is being pulled from AD at the time the account is getting created, and overriding what the AD plug-in settings are for that. That's essentially what was happening in our case.

10.9 pulls the Shell from AD. In our environment it's currently listed as /usr/bin/tcsh. We will work with our Systems Department to get that changed. Thank you mm2270 for your input as it wound up being the issue!!!! And hip hip hooray that Casper wasn't the problem, and I get to pass the proverbial buck on up the chain.

Awesome! I'm glad that helped someone else besides us!

I like Apache Directory Studio to view the AD structure and attributes.
When ever i'm doing an integration, i like to check through some sample user records and what not just to see what attributes are set and what data is in them. Sometimes its cool finding useful information that is populated in there that can be used in the JSS like year level, room, building etc etc. Othertimes you find things that might cause issues like the homedirectory or as you guys have found out the shell! Will add that to my list of things to check.

The Directory Editor component of Directory Utility (found in /System/Library/CoreServices, moved into an Applications sub-folder in Yosemite) can be invaluable in researching these sorts of situations as well.