[sssd]
    domains = domain.tld
    config_file_version = 2
    services = nss, pam, sudo, autofs, pac
[autofs]
    debug_level = 9
[sudo]
    debug_level = 2
[nss]
    debug_level = 9
[pac]
[pam]
    debug_level = 2
    offline_credentials_expiration = 28
    pam_account_expired_message = Account expired
    pam_account_locked_message = Account locked
    pam_pwd_expiration_warning = 5
[domain/domain.tld]
    debug_level = 9
    full_name_format = %3$s\%1$s
    default_shell = /bin/bash
    use_fully_qualified_names = False
    fallback_homedir = /home/%u
    krb5_use_enterprise_principal = false
    krb5_ccname_template = FILE:/tmp/krb5cc_%U
    cache_credentials = True
    account_cache_expiration = 30
    entry_cache_timeout = 14400
    krb5_store_password_if_offline = True
    krb5_lifetime = 12h
    krb5_renewable_lifetime = 24h
    ldap_id_mapping = false
    min_id = 10000
    max_id = 19999
    ldap_schema = rfc2307bis
    ignore_group_members = True
    ad_domain = domain.tld
    krb5_realm = DOMAIN.TLD
    realmd_tags = manages-system joined-with-adcli
    id_provider = ad
    dyndns_ttl = 10800
    dyndns_refresh_interval = 86400
    ad_maximum_machine_account_password_age = 10
    
    access_provider = ad
    auth_provider = ad
    ad_hostname = ubuntu2.domain.tld
    ad_enable_dns_sites = True
ldap_uri = ldap://172.16.0.80
    sudo_provider = ldap
    ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=tld
    ldap_sudorule_object_class = sudoRole
    ldap_sasl_mech = gssapi
    ldap_krb5_keytab = /etc/krb5.keytab
    ldap_sasl_authid = UBUNTU2$@DOMAIN.TLD
    ldap_netgroup_search_base = ou=netgroup,dc=domain,dc=tld
    autofs_provider = ldap
    ldap_krb5_init_creds = true
    ldap_autofs_search_base = OU=automount,dc=domain,dc=tld
    ldap_autofs_map_object_class=automountMap
    ldap_autofs_entry_object_class=automount
    ldap_autofs_map_name=automountMapName
    ldap_autofs_entry_key=automountKey
    ldap_autofs_entry_value=automountInformation