API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 26th, 2017
263
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.09 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # This file is managed by salt - Configured by authentication formula
  3. # Manual changes to this file will be lost!
  4. #
  5.  
  6. [sssd]
  7. debug_level = 0x030
  8. config_file_version = 2
  9. services = nss, pam, ssh
  10. domains = AD, ad.LOCALDOMAIN.com
  11.  
  12. [nss]
  13. debug_level = 0x030
  14. # how long to cache enumerations
  15. enum_cache_timeout = 3600
  16. # how long to cache negative cache hits
  17. entry_negative_timeout = 5400
  18. # update entries in the background if they are older than 50% of entry_cache_timeout
  19. entry_cache_nowait_percentage = 50
  20.  
  21. filter_users = root
  22. filter_groups = pulse-rt
  23.  
  24. [pam]
  25. debug_level = 0x070
  26. offline_credentials_expiration = 1
  27.  
  28. [domain/AD]
  29. debug_level = 0x070
  30. id_provider = ldap
  31. auth_provider = krb5
  32. chpass_provider = krb5
  33. enumerate = false
  34.  
  35. ldap_uri = _srv_
  36. dns_discovery_domain = Vancouver._sites.ad.LOCALDOMAIN.com
  37. ldap_search_base = dc=ad,dc=LOCALDOMAIN,dc=com
  38. ldap_schema = rfc2307bis
  39. ldap_user_object_class = user
  40. ldap_user_name = sAMAccountName
  41. ldap_user_ssh_public_key = sshPublicKey
  42. ldap_group_object_class = group
  43. ldap_user_home_directory = unixHomeDirectory
  44. override_shell =
  45. ldap_user_principal = userPrincipalName
  46. ldap_user_gecos = displayName
  47. ldap_account_expire_policy = ad
  48. ldap_force_upper_case_realm = true
  49. ldap_referrals = false
  50. ldap_tls_reqcert = never
  51. ldap_pwd_policy = mit_kerberos
  52. #ldap_search_timeout = 10
  53. #ldap_network_timeout = 10
  54. #ldap_connection_expire_timeout = 3600
  55.  
  56. krb5_server = ad.LOCALDOMAIN.com
  57. krb5_realm = AD.LOCALDOMAIN.COM
  58.  
  59. # should we cache user credentials?
  60. cache_credentials = true
  61. # number of days after successful login that user account entry cached
  62. account_cache_expiration = 1
  63. # age of entry in seconds before SSSD requests updated information
  64. entry_cache_timeout = 864000
  65.  
  66. [domain/ad.LOCALDOMAIN.com]
  67. debug = 7
  68. ad_domain = ad.LOCALDOMAIN.com
  69. krb5_realm = AD.LOCALDOMAIN.COM
  70. realmd_tags = manages-system joined-with-samba
  71. cache_credentials = True
  72. id_provider = ad
  73. krb5_store_password_if_offline = True
  74. default_shell = /bin/bash
  75. ldap_id_mapping = False
  76. use_fully_qualified_names = True
  77. fallback_homedir = /home/%u@%d
  78. access_provider = ad
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!