[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains =
domain-a.com[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
# entry_cache_nowait_percentage = 300
[pam]
reconnection_retries = 3
# Example LOCAL domain that stores all users natively in the SSSD internal
# directory. These local users and groups are not visible in /etc/passwd; it
# now contains only root and system accounts.
# [domain/LOCAL]
# description = LOCAL Users domain
# id_provider = local
# enumerate = true
# min_id = 500
# max_id = 999
[domain/
domain-a.com]
; Using enumerate = true leads to high load and slow response
enumerate = true
cache_credentials = false
entry_cache_timeout = 5400
# account_cache_expiration = 365
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://
intra.domain-a.comldap_tls_reqcert = demand
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
ldap_schema = rfc2307bis
ldap_default_bind_dn = cn=ldap-deb7,cn=users,dc=intra,dc=domain-a,dc=com
ldap_default_authok_type = password
ldap_default_authtok = p@ssw0rd
ldap_search_base = cn=users,cn=users,dc=intra,dc=domain-a,dc=com
ldap_user_object_class = person
#ldap_user_principal = userPrincipalName
ldap_user_principal = sAMAccountname
ldap_group_object_class = group
ldap_user_home_directory = unixHomeDirectory
ldap_force_upper_case_realm = true
krb5_server =
intra.domain-a.comkrb5_realm =
INTRA.DOMAIN-A.COMkrb5_changepw_principle = kadmin/changepw
krb5_auth_timeout = 15
use_fully_qualified_names = true
# re_expression = ((intra\.(?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@$
# full_name_format = %1$s@intra.%2$s
# not available on Wheezy - sssd < 1.9.0
# override_shell = /usr/sbin/nologin
override_homedir = /media/homedrive/%d/users/%u