blob: 7e86c462c69164536c5c8934c812d162641a1d9d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
[sssd]
domains = whatever.de
config_file_version = 2
services = nss, pam
default_domain_suffix = WHATEVER.DE
[domain/whatever.de]
ad_domain = whatever.de
krb5_realm = WHATEVER.DE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
access_provider = simple
dyndns_update = false
dyndns_refresh_interval = 43200
dyndns_update_ptr = false
dyndns_ttl = 300
simple_allow_users = ad_user1, ad_user2, ad_user3, ad_user4, ad_user5
fallback_homedir = /home/%d/%u
#full_name_format = %1$s@%2$s
full_name_format = %1$s
override_homedir = /home/%u
enumerate = False
# do this if your Windows Admins are too lazy to properly
# configure AD round robin. I was in an environment where
# this was the case :( -->
ad_server = server1
ad_backup_server = server2
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 1
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75
[pam]
reconnection_retries = 2
# adjust the expiration to a proper value in the likes of
# offline_time + remote_work + windows_admins_laziness + mtbf
offline_credentials_expiration = 21
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
|
