fumiyas/pam-config-debian.sh

## pam-config-debian.sh
dpkg-reconfigure libpam-runtime

## pam-config-rhel8.sh
authselect select sssd --force

## sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = lan.example.co.jp

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

memcache_timeout = 30
enum_cache_timeout = 10
entry_negative_timeout = 1

[pam]
reconnection_retries = 3

[domain/lan.example.co.jp]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

enumerate = true
cache_credentials = true
case_sensitive = false

ldap_uri = ldap://ldap.lan.example.co.jp
ldap_search_base = dc=example,dc=co,dc=jp
ldap_tls_reqcert = demand
ldap_id_use_start_tls = true
	[sssd]
	config_file_version = 2
	reconnection_retries = 3
	sbus_timeout = 30
	services = nss, pam
	domains = lan.example.co.jp

	[nss]
	filter_groups = root
	filter_users = root
	reconnection_retries = 3

	memcache_timeout = 30
	enum_cache_timeout = 10
	entry_negative_timeout = 1

	[pam]
	reconnection_retries = 3

	[domain/lan.example.co.jp]
	id_provider = ldap
	auth_provider = ldap
	chpass_provider = ldap

	enumerate = true
	cache_credentials = true
	case_sensitive = false

	ldap_uri = ldap://ldap.lan.example.co.jp
	ldap_search_base = dc=example,dc=co,dc=jp
	ldap_tls_reqcert = demand
	ldap_id_use_start_tls = true