diff options
author | H. P. <harald.p.@xmart.de> | 2018-11-01 13:30:58 +0100 |
---|---|---|
committer | H. P. <harald.p.@xmart.de> | 2018-11-01 13:30:58 +0100 |
commit | 0632591996893fe136a1f2fe44d9b9f404f41f3e (patch) | |
tree | 7340edbe7c212da3db45a83219147143a3268c8d /localfs/etc/sssd | |
download | fedora-laptop-0632591996893fe136a1f2fe44d9b9f404f41f3e.tar.bz2 |
Initial commit
Diffstat (limited to 'localfs/etc/sssd')
-rw-r--r-- | localfs/etc/sssd/sssd.conf | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/localfs/etc/sssd/sssd.conf b/localfs/etc/sssd/sssd.conf new file mode 100644 index 0000000..7e86c46 --- /dev/null +++ b/localfs/etc/sssd/sssd.conf @@ -0,0 +1,47 @@ +[sssd] +domains = whatever.de +config_file_version = 2 +services = nss, pam +default_domain_suffix = WHATEVER.DE + +[domain/whatever.de] +ad_domain = whatever.de +krb5_realm = WHATEVER.DE +realmd_tags = manages-system joined-with-adcli +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = True +use_fully_qualified_names = True +access_provider = simple +dyndns_update = false +dyndns_refresh_interval = 43200 +dyndns_update_ptr = false +dyndns_ttl = 300 +simple_allow_users = ad_user1, ad_user2, ad_user3, ad_user4, ad_user5 +fallback_homedir = /home/%d/%u +#full_name_format = %1$s@%2$s +full_name_format = %1$s +override_homedir = /home/%u +enumerate = False +# do this if your Windows Admins are too lazy to properly +# configure AD round robin. I was in an environment where +# this was the case :( --> +ad_server = server1 +ad_backup_server = server2 + +[nss] +filter_groups = root +filter_users = root +reconnection_retries = 1 +entry_cache_timeout = 300 +entry_cache_nowait_percentage = 75 + +[pam] +reconnection_retries = 2 +# adjust the expiration to a proper value in the likes of +# offline_time + remote_work + windows_admins_laziness + mtbf +offline_credentials_expiration = 21 +offline_failed_login_attempts = 3 +offline_failed_login_delay = 5 |