English Polish
You can use either `ipa-client-install` or `realm` to join an IPA domain and `realm` to join an Active Directory domain. These tools will make sure that the correct authselect profile is selected and all daemons and services are properly configured.
WINBIND
Winbind
This section contains snippets for minimal configuration of various services. Ta sekcja zawiera fragmenty służące do minimalnej konfiguracji różnych usług.
This may seem like a big disadvantage but the truth is the opposite. Authconfig is a very old tool and the applications providing required services have changed rapidly over the years. Typically, there is no longer a need to have multiple authentication modules in PAM and nsswitch.conf, because the vast majority of use-cases is covered by SSSD. Therefore there is no need to add or remove them specifically. There are also better tools to generate configuration for system daemons that can help you automate the process of joining to a remote domain such as `realm`. In addition, the shipped profiles give us comprehensive and deterministic system configuration that can be fully tested and is much less error prone. It is also much easier to distribute such configuration across many systems.
This manual page explains the main differences between authconfig, the previous tool to configure system authentication and identity sources, and authselect which replaces it. It also explains what actions need to be done in order to migrate from authconfig to authselect.
There are several places that needs to be configured in order to make NIS authentication work. First, you need to set NIS domain and optionally also NIS server in {sysconfdir}/yp.conf.
The `pam_pwquality` module can be configured in {sysconfdir}/security/pwquality.conf. See pam_pwquality(8) to see its configuration options and defaults.
systemctl enable winbind.service ; systemctl start winbind.service
systemctl enable sssd.service ; systemctl start sssd.service
systemctl enable rpcbind.service ; systemctl start rpcbind.service
systemctl enable ypbind.service ; systemctl start ypbind.service
systemctl enable oddjobd.service ; systemctl start oddjobd.service
{sysconfdir}/yp.conf
{sysconfdir}/sysconfig/network
{sysconfdir}/sssd/sssd.conf
{sysconfdir}/openldap/ldap.conf
{sysconfdir}/krb5.conf
STARTING SERVICES
[sssd]
config_file_version = 2
domains = default
SSSD