English Polish
Examples Przykłady
authconfig --enableldap --enableldapauth --enablefaillock --updateall
authselect select sssd with-faillock
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
authselect select sssd with-smartcard
authconfig --enableecryptfs --enablepamaccess --updateall
authselect select sssd with-ecryptfs with-pamaccess
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
CONFIGURATION FILES PLIKI KONFIGURACYJNE
This section contains snippets for minimal configuration of various services. Ta sekcja zawiera fragmenty służące do minimalnej konfiguracji różnych usług.
LDAP LDAP
Even if LDAP is not directly used through `pam_ldap` and `nss_ldap`, it is still useful to configure ldap.conf to configure openldap-libs and indirectly, e.g. LDAP tools such as `ldapsearch`.
{sysconfdir}/openldap/ldap.conf
# Set the default base dn
BASE dc=example,dc=com
# Set the default LDAP server
URI ldap://ldap.example.com ldap://ldap-master.example.com:666
KERBEROS
If you use Kerberos, the default Kerberos realm should be configured in order for krb5-libs and therefore tools such as `kinit` to work out of the box.
{sysconfdir}/krb5.conf
[libdefaults]
default_realm = MYREALM
[realms]
MYREALM = {
kdc = kdc.myrealm.org
}
[domain_realm]
myrealm.org = MYREALM
.myrealm.org = MYREALM
SSSD
Authselect encourages users to use SSSD wherever possible. There are many configuration options, see sssd.conf(5). This is a minimal configuration that creates one LDAP domain called `default`. The LDAP server is auto-discovered through DNS lookups.