SHARE
TWEET

Untitled

a guest Jul 22nd, 2019 77 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [sssd]
  2. config_file_version = 2
  3. services = nss, pam
  4. domains = {{ KRB_REALM }}
  5.  
  6. [nss]
  7. filter_groups = root
  8. filter_users = root
  9. reconnection_retries = 3
  10. entry_cache_timeout = 300
  11. entry_cache_nowait_percentage = 75
  12.  
  13. [pam]
  14. reconnection_retries = 3
  15. offline_credentials_expiration = 0
  16. offline_failed_login_attempts = 0
  17. offline_failed_login_delay = 5
  18.  
  19. [domain/{{ KRB_REALM }}]
  20. id_provider = ldap
  21. auth_provider = krb5
  22. access_provider = ldap
  23. chpass_provider = krb5
  24. debug_level = 9
  25. min_id = 500
  26. enumerate = False
  27. timeout = 10
  28. cache_credentials = False
  29. entry_cache_timeout = 300
  30. ignore_group_members = True
  31. case_sensitive = False
  32.  
  33. ldap_schema = ad
  34. ldap_uri = ldap://{{ ldap_server }}
  35. ldap_id_mapping = True
  36. ldap_default_bind_dn={{ ldap_username }}@{{ KRB_REALM }}
  37. ldap_default_authtok_type = password
  38. ldap_default_authtok = {{ ldap_password }}
  39.  
  40. ldap_access_filter = (cn=*)
  41. ldap_search_base = {{ search_base }}
  42. ldap_user_search_base = {{ user_search_base }}
  43. ldap_group_search_base = {{ group_search_base }}
  44.  
  45. ldap_referrals = False
  46. ldap_search_timeout = 5
  47. ldap_network_timeout = 5
  48. ldap_force_upper_case_realm = True
  49.  
  50. ldap_user_uid_number = uidNumber
  51. ldap_user_gid_number = gidNumber
  52. ldap_user_principal = userPrincipalName
  53. ldap_user_gecos = cn
  54. ldap_user_home_directory = unixHomeDirectory
  55. ldap_user_object_class = user
  56. ldap_user_name = sAMAccountName
  57. ldap_user_shell = loginShell
  58. ldap_user_objectsid = objectSid
  59. ldap_group_gid_number = gidNumber
  60. ldap_group_object_class = group
  61. ldap_group_objectsid = objectSid
  62. ldap_group_member = member
  63. ldap_group_name = cn
  64. ldap_idmap_range_min = 100000
  65. ldap_idmap_range_max = 2000100000
  66. ldap_idmap_range_size = 2000000000
  67.  
  68. krb5_server=kdc.realm.com
  69. krb5_realm=REALM.COM
  70. krb5_keytab=/etc/sssd/host.keytab
  71. krb5_store_password_if_offline = true
  72.  
  73. override_shell = /bin/bash
  74. fallback_homedir = /home/%u
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top