A.I.lab

UL FRI

User Tools

Site Tools

You are here: start » sssd_setup
sssd_setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

sssd_setup [2019/02/11 16:47] (current)
timotej created
Line 1: Line 1:
 +Steps needed to set up AD authentication with PAM and SSSD for students.
 +
 +  # install required stuff
 +  apt install sssd adcli
 +  
 +  # join the domain; <user> should have permission to create computers
 +  adcli join -v -U <user> -D fri1.uni-lj.si
 +
 +Basic ''/etc/krb5.conf'', not sure if really needed.
 +
 +  [libdefaults]
 +      default_realm = FRI1.UNI-LJ.SI
 +  
 +      kdc_timesync = 1
 +      ccache_type = 4
 +      forwardable = true
 +      proxiable = true
 +
 +A ''/etc/sssd/sssd.conf'' that works. Could probably be optimized further.
 +
 +  [sssd]
 +  config_file_version = 2
 +  services = nss, pam
 +  
 +  domains = fri1.uni-lj.si
 +  default_domain_suffix = student.uni-lj.si
 +  
 +  [nss]
 +  default_shell = /bin/bash
 +  override_homedir = /home/%u
 +  
 +  [domain/fri1.uni-lj.si]
 +  id_provider = ad
 +  access_provider = ad
 +  sudo_provider = none
 +  
 +  ad_enabled_domains = student.uni-lj.si
 +  cache_credentials = true
 +  krb5_store_password_if_offline = true
 +  
 +  # limit to @student.uni-lj.si
 +  ldap_user_search_base = OU=FRI,DC=student,DC=uni-lj,DC=si?base?
 +  # strip domain part from users/groups
 +  full_name_format = %1$s
  
sssd_setup.txt · Last modified: 2019/02/11 16:47 by timotej

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki