ulvis.paste.net

Paste Search Dynamic
Recent pastes
sssd sample config
  1. SSSD CONFIG
  2.  
  3. [domain/default]
  4. ldap_id_use_start_tls = False
  5. ldap_auth_use_start_tls = False
  6. cache_credentials = True
  7. debug_level = 5
  8. ldap_search_base = <YOUR OU HERE>
  9. id_provider = ldap
  10. # group_provider = ldap
  11. auth_provider = ldap
  12. # chpass_provider = ldap
  13. ldap_uri = ldaps://SERVER-1-URL
  14. backup_uri = ldaps://SERVER-2-URL
  15. ldap_id_mapping = True
  16. # ldap_backup_uri =
  17. ldap_default_bind_dn = <SERVICE ACCOUNT NAME>
  18. ldap_default_authtok = <SERVICE ACCOUNT PASSWORD>
  19. ldap_user_object_class = user
  20. ldap_user_name = samAccountName
  21. ldap_tls_cacertdir = /etc/pki
  22. ldap_tls_cacert = /etc/pki/ca.crt
  23. ldap_tls_reqcert = never
  24. entry_cache_timeout = 60
  25. ldap_group_search_base =
  26. ldap_schema = AD
  27. min_id = 100
  28. max_id = 0
  29. override_homedir = /home/%u
  30. default_shell = /bin/bash
  31. create_homedir = True
  32.  
  33. [sssd]
  34. services = nss, pam, autofs, ssh
  35. config_file_version = 2
  36. domains = default
  37.  
  38. [nss]
  39. filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
  40.  
  41. [pam]
  42.  
  43. [sudo]
  44.  
  45. [autofs]
  46.  
  47. [ssh]
  48.  
  49. -------------------------------------------------------------------
  50.  
  51. You'll also need to edit /etc/nsswitch.conf:
  52.  
  53. #
  54. # /etc/nsswitch.conf
  55. #
  56. # An example Name Service Switch config file. This file should be
  57. # sorted with the most-used services at the beginning.
  58. #
  59. passwd:     files sss
  60. shadow:     files sss
  61. group:      files sss
  62.  
  63. hosts:      files dns
  64.  
  65. bootparams: nisplus [NOTFOUND=return] files
  66.  
  67. ethers:     files
  68. netmasks:   files
  69. networks:   files
  70. protocols:  files
  71. rpc:        files
  72. services:   files sss
  73.  
  74. netgroup:   files sss
  75.  
  76. publickey:  nisplus sss
  77.  
  78. automount:  files sss
  79. aliases:    files nisplus
  80.  
  81. --------------------------------------------------
  82.  
  83. FINALLY:
  84.  
  85. The service won't start if you have the sssd.conf file perms too open:
  86.  
  87. chmod 0600 /etc/sssd/sssd.conf
  88.  
  89. Then:
  90.  
  91. service sssd restart
Parsed in 0.004 seconds