SSSD: Difference between revisions
Jump to navigation
Jump to search
Created page with "The following examples have been tested against Active Directory in 2003 mode. == LDAP (works without Samba) == <pre> [sssd] config_file_version = 2 services = nss, pam domai..." |
No edit summary |
||
| Line 2: | Line 2: | ||
== LDAP (works without Samba) == | == LDAP (works without Samba) == | ||
{{File|/etc/sssd/sssd.conf| | |||
<pre> | <pre> | ||
[sssd] | [sssd] | ||
Revision as of 11:27, 13 May 2013
The following examples have been tested against Active Directory in 2003 mode.
LDAP (works without Samba)
{{File|/etc/sssd/sssd.conf|
[sssd] config_file_version = 2 services = nss, pam domains = YOURDOMAIN [nss] filter_users = root,named,avahi,dbus,radiusd,news,nscd override_homedir = /home/%d/%u fallback_homedir = /home/%d/%u default_shell = /bin/bash [pam] [domain/YOURDOMAIN] id_provider = ldap auth_provider = ldap access_provider = ldap chpass_provider = ldap ldap_uri = ldap://yourdc.yourdomain.local/ ldap_search_base = dc=yourdomain,dc=local ldap_default_bind_dn = adbinduser ldap_default_authtok = adbinduserpassword ldap_user_object_class = user ldap_group_object_class = group ldap_user_name = sAMAccountName ldap_tls_reqcert = never ldap_tls_cacertdir = /etc/openldap/cacerts # defines user/group schema type ldap_schema = ad # for SID-UID mapping ldap_id_mapping = true # disable case sensitive user names case_sensitive = false # caching credentials cache_credentials = true enumerate = false # access controls ldap_access_order = expire ldap_account_expire_policy = ad # performance ldap_disable_referrals = true override_homedir = /home/%d/%u fallback_homedir = /home/%d/%u default_shell = /bin/bashAD (required Samba)