On 04/10/2014 04:20 PM, Jakub Hrozek wrote:
Hi,
our current HOWTO[1] on connecting SSSD to an AD DC is outdated,
mostly because the page still only introduces the LDAP provider. Recently, me,
Sumit and Jeremy Agee wrote a new page that specifically advises to use
the AD provider and also use realmd for setup:
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
We started a new page and kept the old one around mostly because pre-1.9
versions still need the LDAP provider info.
I'd like to get some review and feedback from our community so we can
link the wiki page from the front page or the documentation section. In
addition to the lists, I also CC-ed the individual contributors to the
original page directly..I hope that's fine.
Thank you for your comments.
[1]
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
Hi,
nice article. I have just few nitpicks to sssd.conf.
[sssd]
config_file_version = 2
domains = ad.example.com
services = nss, pam
[domain/ad.example.com]
# Uncomment if you need offline logins
# cache_credentials = true
id_provider = ad
auth_provider = ad
access_provider = ad
I think presenting a minimal configuration would be better, ie removing
auth and access providers since they are inherited from id.
# Uncomment if service discovery is not working
# ad_server = server.ad.example.com
# Uncomment if you want to use POSIX UIDs and GIDs
# ldap_id_mapping = False
IMHO this description is a little bit misleading. Since you use UIDs and
GIDs event it id mapping is turned on. It should say "if you have UIDs
and GIDs set on AD side" or something similar.
# Comment out if the users have the shell and home dir set on the AD side
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
# Uncomment and adjust if the default principal SHORTNAME$@REALM is not
available
# ldap_sasl_authid = host/client.ad.example....@ad.example.com
# Comment out if you prefer to user shortnames.
use_fully_qualified_names = True
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
