Voir :
Voir aussi :
Voir :
No configuration should be necessary, if the following things are properly configured.
Open the following ports :
Source : https://paulgorman.org/technical/linux-active-directory-auth.txt.html
Disable ID Mapping
/etc/sssd/sssd.conf
ldap_id_mapping = false
# Important. Impact les performances enumerate = false cache_credentials = True # How long should we allow cached logins (in days since the last successful online login). 0 for no limit # offline_creditinals_expiration=0 default_shell=/bin/bash # ad_gpo_access_control = enforcing # Défaut RHEL8 # ad_gpo_access_control = permissive # Ne pas bloquer l’authentification si les GPO ne sont pas accessible (si permissive ou disabled) ad_gpo_access_control = disabled # dyndns_update = false ldap_referrals = false
systemctl restart sssd
tail /var/log/secure sssctl config-check systemctl stop sssd ps -ef |grep sssd killall sssd rm /var/lib/sss/db/* systemctl start sssd getend password plop
Del cache
sss_cache -E
rm -rf /etc/authselect/custom/activedirectory-ACME.LOCAL/ authselect create-profile activedirectory-ACME.LOCAL -b sssd authselect select custom/activedirectory-ACME.LOCAL with-pamaccess with-mkhomedir --force
la configuration présente dans /etc/authselect/user-nsswitch.conf
grep passwd /etc/authselect/custom/activedirectory-ACME.LOCAL/nsswitch.conf |grep -q with-files-domain && echo "profil OK" || echo "profil KO" egrep "^passwd:" /etc/nsswitch.conf|grep -q "files sss" && echo "conf OK" || echo "conf KO"