Differences

This shows you the differences between two versions of the page.

--- linux:pam_users [2022/02/01 18:03]
manu
+++ linux:pam_users [2022/11/07 16:28] (current)
manu
@@ Line 1: / Line 1: @@
 ====== Config PAM on linux ======
-=== Debug PAM: ===
+==== Example of sssd.conf file ====
+<cli prompt='#'>
+[root@LINUX10 ~]# cat /etc/sssd/sssd.conf
+[sssd]
+default_domain_suffix = ad.domain.lu
+domains = ad.domain.lu
+config_file_version = 2
+services = nss, pam
+[domain/ad.domain.lu]
+ad_domain = ad.domain.lu
+krb5_realm = AD.DOMAIN.LU
+realmd_tags = manages-system joined-with-adcli
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = True
+use_fully_qualified_names = True
+fallback_homedir = /home/%u@%d
+access_provider = simple
+simple_allow_groups = LINUX-ALL-SUDO@ad.domain.lu, LINUX-MYSQL-USER@ad.domain.lu
+</cli>
+==== Debug PAM: ====
 === 1° solution ===
@@ Line 65: / Line 91: @@
 # systemctl restart sssd
 </cli>
+==== Use AD UID and GID ====
+By default, the AD provider will map UID and GID values from the objectSID parameter in Active Directory.
+For details on this, see the “ID MAPPING” section below.
+If you want to disable ID mapping and instead rely on POSIX attributes defined in Active Directory, you should set
+  ldap_id_mapping = False
+SSSD configuration would depend on what attributes are used in AD. The defaults for UID and GID are **uidNumber** and **gidNumber**, but some defaults change based on which version of SSSD you are running. Check the manpage for the release you are using.

wiki

User Tools

Site Tools

Differences

Page Tools