English Chinese (Traditional) (zh_TW)
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
authselect select sssd with-smartcard
authconfig --enableecryptfs --enablepamaccess --updateall
authselect select sssd with-ecryptfs with-pamaccess
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
This section contains snippets for minimal configuration of various services.
Even if LDAP is not directly used through `pam_ldap` and `nss_ldap`, it is still useful to configure ldap.conf to configure openldap-libs and indirectly, e.g. LDAP tools such as `ldapsearch`.
# Set the default base dn
BASE dc=example,dc=com
# Set the default LDAP server
URI ldap://ldap.example.com ldap://ldap-master.example.com:666
If you use Kerberos, the default Kerberos realm should be configured in order for krb5-libs and therefore tools such as `kinit` to work out of the box.
default_realm = MYREALM
kdc = kdc.myrealm.org
myrealm.org = MYREALM
.myrealm.org = MYREALM
Authselect encourages users to use SSSD wherever possible. There are many configuration options, see sssd.conf(5). This is a minimal configuration that creates one LDAP domain called `default`. The LDAP server is auto-discovered through DNS lookups.
config_file_version = 2
domains = default