This shows you the differences between two versions of the page.
— |
sssd_setup [2019/02/11 16:47] (current) timotej created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Steps needed to set up AD authentication with PAM and SSSD for students. | ||
+ | |||
+ | # install required stuff | ||
+ | apt install sssd adcli | ||
+ | | ||
+ | # join the domain; < | ||
+ | adcli join -v -U < | ||
+ | |||
+ | Basic ''/ | ||
+ | |||
+ | [libdefaults] | ||
+ | default_realm = FRI1.UNI-LJ.SI | ||
+ | | ||
+ | kdc_timesync = 1 | ||
+ | ccache_type = 4 | ||
+ | forwardable = true | ||
+ | proxiable = true | ||
+ | |||
+ | A ''/ | ||
+ | |||
+ | [sssd] | ||
+ | config_file_version = 2 | ||
+ | services = nss, pam | ||
+ | | ||
+ | domains = fri1.uni-lj.si | ||
+ | default_domain_suffix = student.uni-lj.si | ||
+ | | ||
+ | [nss] | ||
+ | default_shell = /bin/bash | ||
+ | override_homedir = /home/%u | ||
+ | | ||
+ | [domain/ | ||
+ | id_provider = ad | ||
+ | access_provider = ad | ||
+ | sudo_provider = none | ||
+ | | ||
+ | ad_enabled_domains = student.uni-lj.si | ||
+ | cache_credentials = true | ||
+ | krb5_store_password_if_offline = true | ||
+ | | ||
+ | # limit to @student.uni-lj.si | ||
+ | ldap_user_search_base = OU=FRI, | ||
+ | # strip domain part from users/ | ||
+ | full_name_format = %1$s | ||