SSSD

The following examples have been tested against Active Directory in 2003 mode.

LDAP (works without Samba)

{{File|/etc/sssd/sssd.conf|

[sssd]
config_file_version = 2
services = nss, pam
domains = YOURDOMAIN

[nss]
filter_users = root,named,avahi,dbus,radiusd,news,nscd
override_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash

[pam]

[domain/YOURDOMAIN]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://yourdc.yourdomain.local/
ldap_search_base = dc=yourdomain,dc=local
ldap_default_bind_dn = adbinduser
ldap_default_authtok = adbinduserpassword

ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_name = sAMAccountName
ldap_tls_reqcert = never
ldap_tls_cacertdir = /etc/openldap/cacerts

# defines user/group schema type
ldap_schema = ad

# for SID-UID mapping
ldap_id_mapping = true

# disable case sensitive user names
case_sensitive = false

# caching credentials
cache_credentials = true
enumerate = false

# access controls
ldap_access_order = expire
ldap_account_expire_policy = ad

# performance
ldap_disable_referrals = true

override_homedir = /home/%d/%u
fallback_homedir = /home/%d/%u
default_shell = /bin/bash

AD (required Samba)

SSSD

LDAP (works without Samba)

AD (required Samba)

Navigation menu

Search