English Polish
CONVERTING YOUR SCRIPTS
Depending on your configuration, you need to start required services manually with systemd.
DESCRIPTION OPIS
[domain/default]
id_provider = ldap
auth_provider = krb5
ldap_uri = _srv_
krb5_server = _srv_
krb5_realm = MYREALM
dns_discovery_domain = myrealm
[domain/default]
id_provider = ldap
ldap_uri = _srv_
dns_discovery_domain = myrealm
domain mydomain broadcast
# or
# domain mydomain server myserver
[domain_realm]
myrealm.org = MYREALM
.myrealm.org = MYREALM
Even if LDAP is not directly used through `pam_ldap` and `nss_ldap`, it is still useful to configure ldap.conf to configure openldap-libs and indirectly, e.g. LDAP tools such as `ldapsearch`.
Examples Przykłady
If mkhomedir feature is enabled
If you use `ipa-client-install` or `realm` to join a domain, you can just remove any authconfig call in your scripts. If this is not an option, you need to replace each authconfig call with its equivalent authselect call to select a correct profile with desired features. Then you also need to write configuration file for required services.
If you use Kerberos, the default Kerberos realm should be configured in order for krb5-libs and therefore tools such as `kinit` to work out of the box.
If you want to configure SSSD for an IPA or Active Directory domain, use the `realm` tool. This will perform an initial setup which involves creating a Kerberos keytab and generating basic SSSD configuration. You can then tune it up by modifying {sysconfdir}/sssd/sssd.conf.
If you want to configure the machine to use Winbind, use `realm`. This will perform an initial setup which involves creating a Kerberos keytab and running `adcli` to join the domain. It also makes changes to `smb.conf`. You can then tune it up by modifying {sysconfdir}/samba/smb.conf.
JOINING REMOTE DOMAINS
KERBEROS
LDAP LDAP
[libdefaults]
default_realm = MYREALM
MAIN DIFFERENCES
NAME NAZWA