Trying to get rid of having to define NIS groups along with AD. But also would like to keep ability to set shell and homedirectory without resorting to a template.

However, unixHomeDirectory and loginShell (when defined in our AD) show up in getent until 'su -' or login and then they disappear.

Can't tell if I need to use ALL posix (uid, gid, nis groups,etc) or not.

[root@machine1 db]# getent passwd user1
user1:*:975801176:975800513:User One:/home/user1:/bin/bash
[root@machine1 db]# su - user1
[user1@machine1 ~]$ echo $SHELL
/bin/bash
[user1@machine1 ~]$ logout
[root@machine1 db]# getent passwd user1
user1:*:975801176:975800513:User One:/:
[root@machine1 db]# su - user1
-sh-4.1$ echo $SHELL
/bin/sh
-sh-4.1$ logout
[root@machine1 db]#

Nothing really in sssd_nss.log other than complaining about a missing homedir template.

[sssd[nss]] [nss_memcache_initgr_check] (0x1000): Got request for [user1@dom1.local]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [user1].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user1' matched without domain, user is user1
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user1] from [<ALL>]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user1@dom1.local]
[sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user1@dom1.local]
[sssd[nss]] [expand_homedir_template] (0x0020): Missing template.
[sssd[nss]] [client_recv] (0x0200): Client disconnected!