English Chinese (Traditional) (zh_TW)
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
authselect select sssd with-smartcard
authconfig --enableecryptfs --enablepamaccess --updateall
authselect select sssd with-ecryptfs with-pamaccess
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
CONFIGURATION FILES
This section contains snippets for minimal configuration of various services.
LDAP
Even if LDAP is not directly used through `pam_ldap` and `nss_ldap`, it is still useful to configure ldap.conf to configure openldap-libs and indirectly, e.g. LDAP tools such as `ldapsearch`.
{sysconfdir}/openldap/ldap.conf
# Set the default base dn
BASE dc=example,dc=com
# Set the default LDAP server
URI ldap://ldap.example.com ldap://ldap-master.example.com:666
KERBEROS
If you use Kerberos, the default Kerberos realm should be configured in order for krb5-libs and therefore tools such as `kinit` to work out of the box.
{sysconfdir}/krb5.conf
[libdefaults]
default_realm = MYREALM
[realms]
MYREALM = {
kdc = kdc.myrealm.org
}
[domain_realm]
myrealm.org = MYREALM
.myrealm.org = MYREALM
SSSD
Authselect encourages users to use SSSD wherever possible. There are many configuration options, see sssd.conf(5). This is a minimal configuration that creates one LDAP domain called `default`. The LDAP server is auto-discovered through DNS lookups.
{sysconfdir}/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = default