sssd_setup
Steps needed to set up AD authentication with PAM and SSSD for students.
# install required stuff apt install sssd adcli # join the domain; <user> should have permission to create computers adcli join -v -U <user> -D fri1.uni-lj.si
Basic /etc/krb5.conf, not sure if really needed.
[libdefaults]
default_realm = FRI1.UNI-LJ.SI
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
A /etc/sssd/sssd.conf that works. Could probably be optimized further.
[sssd] config_file_version = 2 services = nss, pam domains = fri1.uni-lj.si default_domain_suffix = student.uni-lj.si [nss] default_shell = /bin/bash override_homedir = /home/%u [domain/fri1.uni-lj.si] id_provider = ad access_provider = ad sudo_provider = none ad_enabled_domains = student.uni-lj.si cache_credentials = true krb5_store_password_if_offline = true # limit to @student.uni-lj.si ldap_user_search_base = OU=FRI,DC=student,DC=uni-lj,DC=si?base? # strip domain part from users/groups full_name_format = %1$s
sssd_setup.txt · Last modified: 2019/02/11 16:47 by timotej
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
