API tools faq
paste
Guest User

Untitled

a guest
May 23rd, 2018
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.35 KB | None | 0 0
raw download clone embed print report
  1. [sssd]
  2. services = nss, pam
  3. config_file_version = 2
  4. domains = DOMAIN,OTHER
  5.  
  6. [domain/DOMAIN]
  7. access_provider = ldap
  8. auth_provider = ldap
  9. id_provider = ldap
  10. use_fully_qualified_names = True
  11. full_name_format = %1$s_d
  12.  
  13. ldap_access_filter = objectClass=person
  14. ldap_tls_reqcert = allow
  15. ldap_schema = ad
  16. ldap_user_object_class = person
  17. ldap_user_name = sAMAccountName
  18. ldap_user_fullname = displayName
  19. ldap_id_mapping = False
  20. ldap_uri = <ldap URI>
  21. ldap_search_base = <search base>
  22. ldap_default_bind_dn = <bind user>
  23. ldap_default_authtok = <bind user password>
  24.  
  25. auth required pam_env.so
  26. auth required pam_faildelay.so delay=2000000
  27. auth sufficient pam_unix.so nullok try_first_pass
  28. auth requisite pam_succeed_if.so uid >= 1000 quiet_success
  29. auth sufficient pam_sss.so use_first_pass
  30. auth required pam_deny.so
  31.  
  32. account required pam_unix.so
  33. account sufficient pam_localuser.so
  34. account sufficient pam_succeed_if.so uid < 1000 quiet
  35. account [default=bad success=ok user_unknown=ignore] pam_sss.so
  36. account required pam_permit.so
  37.  
  38. password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
  39. password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
  40. password sufficient pam_sss.so use_authtok
  41. password required pam_deny.so
  42.  
  43. session optional pam_keyinit.so revoke
  44. session required pam_limits.so
  45. -session optional pam_systemd.so
  46. session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
  47. session sufficient pam_sss.so
  48. session required pam_unix.so
  49.  
  50. passwd: file
  51.  
  52. s sss
  53. shadow: files
  54. group: files
  55. #initgroups: files
  56.  
  57. #hosts: db files nisplus nis dns
  58. hosts: files dns myhostname
  59.  
  60. # Example - obey only what nisplus tells us...
  61. #services: nisplus [NOTFOUND=return] files
  62. #networks: nisplus [NOTFOUND=return] files
  63. #protocols: nisplus [NOTFOUND=return] files
  64. #rpc: nisplus [NOTFOUND=return] files
  65. #ethers: nisplus [NOTFOUND=return] files
  66. #netmasks: nisplus [NOTFOUND=return] files
  67.  
  68. bootparams: nisplus [NOTFOUND=return] files
  69.  
  70. ethers: files
  71. netmasks: files
  72. networks: files
  73. protocols: files
  74. rpc: files
  75. services: files
  76.  
  77. netgroup: nisplus
  78.  
  79. publickey: nisplus
  80.  
  81. automount: files nisplus
  82. aliases: files nisplus
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!