Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [sssd]
- services = nss, pam
- domains = DOMAIN.COM
- debug_level = 10
- [nss]
- debug_level = 10
- [pam]
- debug_level = 10
- [domain/DOMAIN.COM]
- debug_level = 10
- id_provider = ldap
- auth_provider = krb5
- access_provider = ldap
- chpass_provider = krb5
- dyndns_update = False
- realmd_tags = manages-system joined-with-samba
- cache_credentials = False
- enumerate = False
- entry_cache_timeout = 86400
- min_id = 1000000
- default_shell = /bin/bash
- fallback_homedir = /home/%u@%d
- use_fully_qualified_names = True
- #LDAP Configuration
- ldap_uri = ldap://ldapserver:389
- ldap_search_base = dc=domain,dc=com
- ldap_user_search_base = dc=domain,dc=com
- ldap_group_search_base = dc=domain,dc=com
- ldap_id_mapping = True
- ldap_idmap_range_min = 100000
- ldap_idmap_range_max = 2000100000
- ldap_idmap_range_size = 2000000000
- ldap_idmap_default_domain = <DOMAIN>
- ldap_access_filter = &(objectClass=krbPrincipal)
- ldap_user_object_class = krbPrincipal
- ldap_user_name = krbPrincipalName
- ldap_user_principal = krbPrincipalName
- ldap_user_fullname = krbPrincipalName
- ldap_user_uid_number = krbPrincipalName
- ldap_user_objectsid = krbPrincipalName
- #KRB5 Configuration
- krb5_server = kdc_server
- krb5_realm = DOMAIN.COM
- dn: krbPrincipalName=test-user2@DOMAIN.COM,cn=DOMAIN.COM,cn=kerberos,dc=domain,dc=com
- ufn: test-user2@DOMAIN.COM, DOMAIN.COM, kerberos, DOMAIN.com
- krbLoginFailedCount: 0
- krbPrincipalName: test-user2@DOMAIN.COM
- krbPrincipalKey:: ...
- krbLastPwdChange: 20190524234020Z
- krbExtraData:: ...
- krbExtraData:: ...
- objectClass: krbPrincipal
- objectClass: krbPrincipalAux
- objectClass: krbTicketPolicyAux
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement