daily pastebin goal
77%
SHARE
TWEET

Untitled

a guest May 26th, 2017 127 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # This file is managed by salt - Configured by authentication formula
  3. # Manual changes to this file will be lost!
  4. #
  5.  
  6. [sssd]
  7. debug_level = 0x030
  8. config_file_version = 2
  9. services = nss, pam, ssh
  10. domains = AD, ad.LOCALDOMAIN.com
  11.  
  12. [nss]
  13. debug_level = 0x030
  14. # how long to cache enumerations
  15. enum_cache_timeout = 3600
  16. # how long to cache negative cache hits
  17. entry_negative_timeout = 5400
  18. # update entries in the background if they are older than 50% of entry_cache_timeout
  19. entry_cache_nowait_percentage = 50
  20.  
  21. filter_users = root
  22. filter_groups = pulse-rt
  23.  
  24. [pam]
  25. debug_level = 0x070
  26. offline_credentials_expiration = 1
  27.  
  28. [domain/AD]
  29. debug_level = 0x070
  30. id_provider = ldap
  31. auth_provider = krb5
  32. chpass_provider = krb5
  33. enumerate = false
  34.  
  35. ldap_uri = _srv_
  36. dns_discovery_domain = Vancouver._sites.ad.LOCALDOMAIN.com
  37. ldap_search_base = dc=ad,dc=LOCALDOMAIN,dc=com
  38. ldap_schema = rfc2307bis
  39. ldap_user_object_class = user
  40. ldap_user_name = sAMAccountName
  41. ldap_user_ssh_public_key = sshPublicKey
  42. ldap_group_object_class = group
  43. ldap_user_home_directory = unixHomeDirectory
  44. override_shell =
  45. ldap_user_principal = userPrincipalName
  46. ldap_user_gecos = displayName
  47. ldap_account_expire_policy = ad
  48. ldap_force_upper_case_realm = true
  49. ldap_referrals = false
  50. ldap_tls_reqcert = never
  51. ldap_pwd_policy = mit_kerberos
  52. #ldap_search_timeout = 10
  53. #ldap_network_timeout = 10
  54. #ldap_connection_expire_timeout = 3600
  55.  
  56. krb5_server = ad.LOCALDOMAIN.com
  57. krb5_realm = AD.LOCALDOMAIN.COM
  58.  
  59. # should we cache user credentials?
  60. cache_credentials = true
  61. # number of days after successful login that user account entry cached
  62. account_cache_expiration = 1
  63. # age of entry in seconds before SSSD requests updated information
  64. entry_cache_timeout = 864000
  65.  
  66. [domain/ad.LOCALDOMAIN.com]
  67. debug = 7
  68. ad_domain = ad.LOCALDOMAIN.com
  69. krb5_realm = AD.LOCALDOMAIN.COM
  70. realmd_tags = manages-system joined-with-samba
  71. cache_credentials = True
  72. id_provider = ad
  73. krb5_store_password_if_offline = True
  74. default_shell = /bin/bash
  75. ldap_id_mapping = False
  76. use_fully_qualified_names = True
  77. fallback_homedir = /home/%u@%d
  78. access_provider = ad
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top