I'm a relatively new Linux sysadmin in a large windows environment with about 30 Linux servers that currently use LDAP+WINBIND.
I've read a lot about SSSD, and I've been working to understand it and test it.
The problem is, there is a TON of information out there about the way to configure it. I'm going a little crazy trying to cut it down to just what I need.
Here are my goals:
- Allow AD users to authenticate to Linux over SSH
- auto-create home directories for AD users
- cache credentials locally for AD users
Super simple.
My understanding is:
- install the sssd package(s)
- Configure krb5.conf and smb.conf
- run authconfig --enablesssd --enablesssdauth (which should configure nsswitch.conf and pam.d/password-auth and system-auth
- service start sssd
Here are my questions:
Do I need to manually edit sssd.conf?
Do I need to join AD via net ads join?
What am I missing?
[link] [comments]