sssd.conf.j2 709 Bytes
Newer Older
1
2
3
4
5
[sssd]
domains = {{ domain }}
config_file_version = 2
services = nss, pam

6
7
8
9
10
[pam]
offline_credentials_expiration = 1
offline_failed_login_attempts = 3
offline_failed_login_delay = 0

11
12
13
14
15
16
17
18
19
20
21
22
23
24
[domain/{{ domain }}]
ad_domain = {{ domain }}
krb5_realm = {{ domain.upper() }}
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
enumerate = true
ldap_user_fullname = displayName
25
26
27
krb5_lifetime = 48h
krb5_renewable_lifetime = 200h
krb5_renew_interval = 30m
28
ad_gpo_access_control = disabled # ignore group policies