Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [sssd]
- services = nss, pam
- config_file_version = 2
- domains = DOMAIN,OTHER
- [domain/DOMAIN]
- access_provider = ldap
- auth_provider = ldap
- id_provider = ldap
- use_fully_qualified_names = True
- full_name_format = %1$s_d
- ldap_access_filter = objectClass=person
- ldap_tls_reqcert = allow
- ldap_schema = ad
- ldap_user_object_class = person
- ldap_user_name = sAMAccountName
- ldap_user_fullname = displayName
- ldap_id_mapping = False
- ldap_uri = <ldap URI>
- ldap_search_base = <search base>
- ldap_default_bind_dn = <bind user>
- ldap_default_authtok = <bind user password>
- auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth sufficient pam_unix.so nullok try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth sufficient pam_sss.so use_first_pass
- auth required pam_deny.so
- account required pam_unix.so
- account sufficient pam_localuser.so
- account sufficient pam_succeed_if.so uid < 1000 quiet
- account [default=bad success=ok user_unknown=ignore] pam_sss.so
- account required pam_permit.so
- password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
- password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
- password sufficient pam_sss.so use_authtok
- password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- -session optional pam_systemd.so
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session sufficient pam_sss.so
- session required pam_unix.so
- passwd: file
- s sss
- shadow: files
- group: files
- #initgroups: files
- #hosts: db files nisplus nis dns
- hosts: files dns myhostname
- # Example - obey only what nisplus tells us...
- #services: nisplus [NOTFOUND=return] files
- #networks: nisplus [NOTFOUND=return] files
- #protocols: nisplus [NOTFOUND=return] files
- #rpc: nisplus [NOTFOUND=return] files
- #ethers: nisplus [NOTFOUND=return] files
- #netmasks: nisplus [NOTFOUND=return] files
- bootparams: nisplus [NOTFOUND=return] files
- ethers: files
- netmasks: files
- networks: files
- protocols: files
- rpc: files
- services: files
- netgroup: nisplus
- publickey: nisplus
- automount: files nisplus
- aliases: files nisplus
Add Comment
Please, Sign In to add comment