-
-
Save ram0973/c2031d6c2bf101d86fb85b57663fb073 to your computer and use it in GitHub Desktop.
Example configuration files for libkrb5 and sssd for authentication with Active Directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is an example of krb5.conf for authentication with Active Directory | |
# Tested on libkrb5-3 1.15-1+deb9u1 | |
[libdefaults] | |
default_realm = EXAMPLE.COM | |
dns_lookup_realm = true | |
dns_lookup_kdc = true | |
forwardable = true | |
# Values for next three parameters should be used from Default Domain Policy GPO | |
# Default Domain Policy \ Computer Configuration \ Policies \ Windows Settings \ ... | |
# ... \ Security Settings Account Policies \ Kerberos Policy | |
# Maximum lifetime for user ticket | |
ticket_lifetime = 10h | |
# Maximum lifetime for user ticket renewal | |
renew_lifetime = 7d | |
# Maximum tolerance for computer clock synchronization | |
clockskew = 300 | |
[realms] | |
EXAMPLE.COM = { | |
admin_server = dc01.example.com | |
kdc = dc01.example.com | |
kdc = dc02.example.com | |
kdc = dc03.example.com | |
kdc = dc04.example.com | |
kdc = dc05.example.com | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is an example of sssd.conf for authentication with Active Directory | |
# Tested on sssd 1.15.0-3 | |
[sssd] | |
debug_level = 0 | |
domains = example.com | |
config_file_version = 2 | |
services = nss, pam, sudo | |
[nss] | |
debug_level = 0 | |
[pam] | |
debug_level = 0 | |
pam_id_timeout = 60 | |
[domain/walletone.local] | |
debug_level = 0 | |
ad_domain = example.com | |
ad_server = dc01.example.com, dc02.example.com, _srv_ | |
# ad_backup_server = dc03.example.com, dc04.example.com, dc05.example.com | |
ad_hostname = hostname.example.com | |
krb5_realm = EXAMPLE.COM | |
realmd_tags = manages-system joined-with-adcli | |
id_provider = ad | |
krb5_store_password_if_offline = True | |
default_shell = /bin/bash | |
ldap_id_mapping = True | |
fallback_homedir = /home/%d/%u | |
sudo_provider = none | |
use_fully_qualified_names = False | |
cache_credentials = True | |
krb5_auth_timeout = 60 | |
ldap_opt_timeout = 60 | |
access_provider = simple | |
simple_allow_groups = domain users@example.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment