sssd.conf

[sssd]
config_file_version = 2
services = nss, pam, ifp, sudo
debug_level = 0x3ff0
#domains = ldap.vm
domains = ipa.vm
user = root

[nss]
debug_level = 0x3ff0
timeout = 30000
# command = valgrind --leak-check=full --log-file=/tmp/valgrind.log /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 -d 0x3ff0 --debug-to-files

[pam]
timeout = 30000
debug_level = 0x3ff0

[pac]
timeout = 30000
debug_level = 0x3ff0

[sudo]
timeout = 30000
debug_level = 0x3ff0

[ssh]
timeout = 30000
debug_level = 0x3ff0

[ifp]
timeout = 30000
debug_level = 0x3ff0

[kcm]
timeout = 30000
debug_level = 0x3ff0

[secrets]
timeout = 30000
debug_level = 0x3ff0

[domain/ldap.vm]
timeout = 30000
debug_level = 0x3ff0
id_provider = ldap
ldap_uri = _srv_
ldap_tls_reqcert = demand
ldap_tls_cacert = /shared/enrollment/ldap/cacert.asc
dns_discovery_domain = ldap.vm

[domain/ipa.vm]
timeout = 30000
debug_level = 0x3ff0
id_provider = ipa
access_provider = ipa
ipa_server = _srv_
ipa_domain = ipa.vm
ipa_hostname = master.client.vm
krb5_keytab = /shared/enrollment/client/ipa.keytab
ldap_krb5_keytab = /shared/enrollment/client/ipa.keytab
auth_provider = krb5
krb5_server = kasztan.test.cos:88, master.ipa.vm:88, pajacyk.test:88, 192.168.100.20:88
#krb5_server = 10.11.12.1:88
krb5_realm = IPA.VM
krb5_store_password_if_offline = True


[domain/ad.vm]
timeout = 30000
debug_level = 0x3ff0
id_provider = ad
access_provider = ad
ad_server = _srv_
ad_domain = ad.vm
ad_hostname = master.client.vm
krb5_keytab = /shared/enrollment/client/ad.keytab
ldap_krb5_keytab = /shared/enrollment/client/ad.keytab
dyndns_update = false

[domain/child.ad.vm]
timeout = 30000
debug_level = 0x3ff0
id_provider = ad
access_provider = ad
ad_server = _srv_
ad_domain = child.ad.vm
ad_hostname = child.client.vm
krb5_keytab = /shared/enrollment/client/ad-child.keytab
ldap_krb5_keytab = /shared/enrollment/client/ad-child.keytab
dyndns_update = false