From 0632591996893fe136a1f2fe44d9b9f404f41f3e Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Thu, 1 Nov 2018 13:30:58 +0100 Subject: Initial commit --- localfs/etc/sssd/sssd.conf | 47 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 localfs/etc/sssd/sssd.conf (limited to 'localfs/etc/sssd') diff --git a/localfs/etc/sssd/sssd.conf b/localfs/etc/sssd/sssd.conf new file mode 100644 index 0000000..7e86c46 --- /dev/null +++ b/localfs/etc/sssd/sssd.conf @@ -0,0 +1,47 @@ +[sssd] +domains = whatever.de +config_file_version = 2 +services = nss, pam +default_domain_suffix = WHATEVER.DE + +[domain/whatever.de] +ad_domain = whatever.de +krb5_realm = WHATEVER.DE +realmd_tags = manages-system joined-with-adcli +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = True +use_fully_qualified_names = True +access_provider = simple +dyndns_update = false +dyndns_refresh_interval = 43200 +dyndns_update_ptr = false +dyndns_ttl = 300 +simple_allow_users = ad_user1, ad_user2, ad_user3, ad_user4, ad_user5 +fallback_homedir = /home/%d/%u +#full_name_format = %1$s@%2$s +full_name_format = %1$s +override_homedir = /home/%u +enumerate = False +# do this if your Windows Admins are too lazy to properly +# configure AD round robin. I was in an environment where +# this was the case :( --> +ad_server = server1 +ad_backup_server = server2 + +[nss] +filter_groups = root +filter_users = root +reconnection_retries = 1 +entry_cache_timeout = 300 +entry_cache_nowait_percentage = 75 + +[pam] +reconnection_retries = 2 +# adjust the expiration to a proper value in the likes of +# offline_time + remote_work + windows_admins_laziness + mtbf +offline_credentials_expiration = 21 +offline_failed_login_attempts = 3 +offline_failed_login_delay = 5 -- cgit v1.2.3