SSSD: Difference between revisions

Revision as of 11:47, 13 May 2013

The following examples have been tested against Active Directory in 2003 mode.

LDAP (works without Samba)

File: /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam
domains = YOURDOMAIN

[nss]
filter_users = root,named,avahi,dbus,radiusd,news,nscd
override_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash

[pam]

[domain/YOURDOMAIN]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://yourdc.yourdomain.local/
ldap_search_base = dc=yourdomain,dc=local
ldap_default_bind_dn = adbinduser
ldap_default_authtok = adbinduserpassword

ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_name = sAMAccountName
ldap_tls_reqcert = never
ldap_tls_cacertdir = /etc/openldap/cacerts

# defines user/group schema type
ldap_schema = ad

# for SID-UID mapping
ldap_id_mapping = true

# disable case sensitive user names
case_sensitive = false

# caching credentials
cache_credentials = true
enumerate = false

# access controls
ldap_access_order = expire
ldap_account_expire_policy = ad

# performance
ldap_disable_referrals = true

override_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash

AD (required Samba)

File: /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam

domains = YOURDOMAIN

[nss]
override_homedir = /home/%u
fallback_homedir = /home/%u
default_shell = /bin/bash

[pam]

[domain/YOURDOMAIN]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad

ad_server = yourdc.yourdomain.local
ad_domain = YOURDOMAIN.LOCAL
case_sensitive = False

override_homedir = /home/%u
fallback_homedir = /home/%u
default_shell = /bin/bash

SSSD: Difference between revisions

Revision as of 11:47, 13 May 2013

LDAP (works without Samba)

AD (required Samba)

Navigation menu

Search