SSSD: Difference between revisions

From Q
Jump to navigation Jump to search
← Older editNewer edit →
Tgurr (talk | contribs)
1,619 edits
No edit summary
Tgurr (talk | contribs)
1,619 edits
No edit summary
Line 57: Line 57:
fallback_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash
default_shell = /bin/bash
<pre>
</pre>
}}
}}


== AD (required Samba) ==
== AD (required Samba) ==

Revision as of 11:28, 13 May 2013

The following examples have been tested against Active Directory in 2003 mode.

LDAP (works without Samba)

File: /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains = YOURDOMAIN

[nss]
filter_users = root,named,avahi,dbus,radiusd,news,nscd
override_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash

[pam]

[domain/YOURDOMAIN]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://yourdc.yourdomain.local/
ldap_search_base = dc=yourdomain,dc=local
ldap_default_bind_dn = adbinduser
ldap_default_authtok = adbinduserpassword

ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_name = sAMAccountName
ldap_tls_reqcert = never
ldap_tls_cacertdir = /etc/openldap/cacerts

# defines user/group schema type
ldap_schema = ad

# for SID-UID mapping
ldap_id_mapping = true

# disable case sensitive user names
case_sensitive = false

# caching credentials
cache_credentials = true
enumerate = false

# access controls
ldap_access_order = expire
ldap_account_expire_policy = ad

# performance
ldap_disable_referrals = true

override_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash

AD (required Samba)

Retrieved from "https://q-old.deltaquadrant.org/index.php?title=SSSD&oldid=3574"