Example configuration files for libkrb5 and sssd for authentication with Active Directory
# This is an example of krb5.conf for authentication with Active Directory | |
# Tested on libkrb5-3 1.15-1+deb9u1 | |
[libdefaults] | |
default_realm = EXAMPLE.COM | |
dns_lookup_realm = true | |
dns_lookup_kdc = true | |
forwardable = true | |
# Values for next three parameters should be used from Default Domain Policy GPO | |
# Default Domain Policy \ Computer Configuration \ Policies \ Windows Settings \ ... | |
# ... \ Security Settings Account Policies \ Kerberos Policy | |
# Maximum lifetime for user ticket | |
ticket_lifetime = 10h | |
# Maximum lifetime for user ticket renewal | |
renew_lifetime = 7d | |
# Maximum tolerance for computer clock synchronization | |
clockskew = 300 | |
[realms] | |
EXAMPLE.COM = { | |
admin_server = dc01.example.com | |
kdc = dc01.example.com | |
kdc = dc02.example.com | |
kdc = dc03.example.com | |
kdc = dc04.example.com | |
kdc = dc05.example.com | |
} |
# This is an example of sssd.conf for authentication with Active Directory | |
# Tested on sssd 1.15.0-3 | |
[sssd] | |
debug_level = 0 | |
domains = example.com | |
config_file_version = 2 | |
services = nss, pam, sudo | |
[nss] | |
debug_level = 0 | |
[pam] | |
debug_level = 0 | |
pam_id_timeout = 60 | |
[domain/example.com] | |
debug_level = 0 | |
ad_domain = example.com | |
ad_server = dc01.example.com, dc02.example.com, _srv_ | |
# ad_backup_server = dc03.example.com, dc04.example.com, dc05.example.com | |
ad_hostname = hostname.example.com | |
krb5_realm = EXAMPLE.COM | |
realmd_tags = manages-system joined-with-adcli | |
id_provider = ad | |
krb5_store_password_if_offline = True | |
default_shell = /bin/bash | |
ldap_id_mapping = True | |
fallback_homedir = /home/%d/%u | |
sudo_provider = none | |
use_fully_qualified_names = False | |
cache_credentials = True | |
krb5_auth_timeout = 60 | |
ldap_opt_timeout = 60 | |
access_provider = simple | |
simple_allow_groups = domain users@example.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment