1 files changed, 47 insertions, 0 deletions

diff --git a/localfs/etc/sssd/sssd.conf b/localfs/etc/sssd/sssd.conf
new file mode 100644
index 0000000..7e86c46
--- /dev/null
+++ b/localfs/etc/sssd/sssd.conf
@@ -0,0 +1,47 @@
+[sssd]
+domains = whatever.de
+config_file_version = 2
+services = nss, pam
+default_domain_suffix = WHATEVER.DE
+
+[domain/whatever.de]
+ad_domain = whatever.de
+krb5_realm = WHATEVER.DE
+realmd_tags = manages-system joined-with-adcli 
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = True
+use_fully_qualified_names = True
+access_provider = simple
+dyndns_update = false
+dyndns_refresh_interval = 43200
+dyndns_update_ptr = false
+dyndns_ttl = 300
+simple_allow_users = ad_user1, ad_user2, ad_user3, ad_user4, ad_user5
+fallback_homedir = /home/%d/%u
+#full_name_format = %1$s@%2$s
+full_name_format = %1$s
+override_homedir = /home/%u
+enumerate = False
+# do this if your Windows Admins are too lazy to properly
+# configure AD round robin. I was in an environment where
+# this was the case :( -->
+ad_server = server1
+ad_backup_server = server2
+
+[nss]
+filter_groups = root
+filter_users = root
+reconnection_retries = 1
+entry_cache_timeout = 300
+entry_cache_nowait_percentage = 75
+
+[pam]
+reconnection_retries = 2
+# adjust the expiration to a proper value in the likes of
+# offline_time + remote_work + windows_admins_laziness + mtbf
+offline_credentials_expiration = 21
+offline_failed_login_attempts = 3
+offline_failed_login_delay = 5