search for: ad_hostname

....keytab --principal=dc1$" - configure sssd to point to DC2 on FS1: [sssd] config_file_version = 2 domains = DOMAIN.COM services = nss, pam debug_level=6 [domain/DOMAIN.COM] enumerate = true ad_domain = DOMAIN.COM krb5_realm = DOMAIN.COM cache_credentials = True id_provider = ad ad_hostname = dc2.domain.com ad_server = dc2.domain.com ad_domain = domain.com ldap_id_mapping = False access_provider = ad krb5_keytab=/etc/krb5.sssd.keytab debug_level=6 - service sssd restart - Now, DC2 has it's A record changed to match the IP address of FS1 Took me a week to figure out...

...access provider is always 'permit'. The AD access # provider by default checks for account expiration access_provider = ad # Uncomment to use POSIX attributes on the server ldap_id_mapping = true # Uncomment if the client machine hostname doesn't match the computer object on the DC. #ad_hostname = invisad.invis-ad.loc # Uncomment if DNS SRV resolution is not working #ad_server = invisad.invis-ad.loc # Uncomment if the domain section is named differently than your Samba domain #ad_domain = invis-ad.loc # Enumeration is discouraged for performance reasons. enumerate = true -------------...

...secure solution to achieve this, but ... Using sssd 1.11.1 : files configuration: 1) > sudo cat /etc/sssd/sssd.conf > [sssd] > services = nss, pam > config_file_version = 2 > domains = radiodjiido.nc > [nss] > [pam] > [domain/radiodjiido.nc] > dyndns_update = false > ad_hostname = serveur.radiodjiido.nc > ad_server = serveur.radiodjiido.nc > ad_domain = radiodjiido.nc > ldap_schema = ad > id_provider = ad > access_provider = simple > enumerate = true > cache_credentials = true > auth_provider = krb5 > chpass_provider = krb5 > krb5_realm = RADI...

...t fine (no errors in the log and the daemons are running), but getent passwd and getent groups returns nothing. Below is my config: [sssd] services = nss, pam config_file_version = 2 domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] [domain/default] ad_hostname = bubba3-one.earth.local ad_server = bubba3-one.earth.local ad_domain = earth.local ldap_schema = rfc2307bis id_provider = ldap access_provider = simple # on large directories, you may want to disable enumeration for performance reasons enumerate = true auth_provider = krb5 chpass_provider = krb...

...omain_realm] .mydomain.de = MYDOMAIN.DE [login] krb4_convert = true krb4_get_tickets = false >> sssd.conf >> [sssd] services = nss, pam config_file_version = 2 domains = mydomain.de [nss] [pam] [domain/mydomain.de] id_provider = ad access_provider = ad ad_hostname = dc.mydomain.de ad_server = dc.mydomain.de ad_domain = mydomain.de enumerate = true krb5_keytab=/etc/krb5.sssd.keytab >> smb.conf >> [global] #### GLOBAL SETTINGS netbios name = SERVER2 server string = SERVER2 workgroup = MYDOMAIN realm = MYDOMAIN.DE s...

..._credentials = true debug_level = 7 # Use this if users are being logged in at /. # This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with pam_mkhomedir.so override_homedir = /var/samba/users/%u # Uncomment if the client machine hostname doesn't match the computer object on the DC. ad_hostname = samba-2 # Uncomment if DNS SRV resolution is not working ad_server = dc-1.corp.celadonsystems.com # Uncomment if the AD domain is named differently than the Samba domain ad_domain = CORP.CELADONSYSTEMS.COM # Enumeration is discouraged for performance reasons. # enumerate = true ==============...

...AL] id_provider = ad access_provider = ad # Use this if users are being logged in at /. # This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with pam_mkhomedir.so override_homedir = /home/%d/%u # Uncomment if the client machine hostname doesn't match the computer object on the DC. # ad_hostname = SRVLNXINTRA01.comune.spoleto.local # Uncomment if DNS SRV resolution is not working # ad_server = SRVW3KDC01.comune.spoleto.local # Uncomment if the AD domain is named differently than the Samba domain # ad_domain = COMUNE.SPOLETO.LOCAL # Enumeration is discouraged for performance reasons. # e...

...debug_level = 1 ldap_id_mapping = true #ldap_schema = rfc2307bis #use_fully_qualified_names = True override_homedir = /home/%u default_shell = /bin/bash krb5_keytab = /etc/krb5.keytab krb5_realm =DOMAIN.COM ldap_search_base = dc=domain,dc=com ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt ad_hostname = Server.DOMAIN.COM ad_domain = DOMAIN.COM ldap_id_mapping = true default_shell = /bin/bash ldap_referrals = false # 2019-03-30: https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/ subdomain_inherit = ignore_group_members, ldap_purge_cache_timeout...