SSSD

From Nuclear Physics Group Documentation Pages
Revision as of 14:54, 9 August 2013 by Aholmes (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Configuring SSSD

1. yum install sssd libsss_sudo


2. authconfig --enablesssd --enablesssdauth --enablelocauthorize --update


3. /etc/sssd/sssd.conf:

  [sssd]
  config_file_version = 2
  services = nss, pam
  domains = default
  [nss]
  filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
  [domain/default]
  ldap_tls_reqcert = never
  auth_provider = ldap
  ldap_schema = rfc2307bis
  krb5_realm = EXAMPLE.COM
  ldap_search_base = dc=physics,dc=unh,dc=edu
  id_provider = ldap
  ldap_id_use_start_tls = False
  chpass_provider = ldap
  ldap_uri = ldaps://einstein.unh.edu
  krb5_kdcip = kerberos.example.com
  cache_credentials = True
  ldap_tls_cacertdir = /etc/openldap/cacerts
  entry_cache_timeout = 600
  ldap_network_timeout = 3
  ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))


4. /etc/nsswitch.conf:

  passwd     files sss
  shadow     files sss
  group      files sss
  sudoers    files sss


5. service sssd restart


6. Test settings: id (username)