Hello! I'm trying to implement system, where could be logged 3 types of ldap users separated per groups. First type is full admin, another 2 is a very imited users, with rbash and unical per group home dir, which defines which commands a allowed to this groups of users.
Can i set per-domain skel dir? My conf: [sssd] services = nss, pam, autofs config_file_version = 2 domains = 01_HW_ADMINS_DOMAIN, 02_TERMINAL_RESCTRICTEC_ACCESSS_DOMAIN, 03_SECURITY_AUDIT_DOMAIN [domain/default] debug_level = 7 [domain/01_HW_ADMINS_DOMAIN] autofs_provider = ldap cache_credentials = False id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://my.ldap.server:389 ldap_schema = rfc2307 ldap_default_bind_dn = uid=sssd,ou=ServiceAccounts,dc=my,dc=domain ldap_default_authtok_type = obfuscated_password ldap_default_authtok = ***** ldap_tls_reqcert = never ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts ldap_search_base = dc=my,dc=domain ldap_user_search_base = ou=users,dc=my,dc=domain?subtree?(memberOf=cn=HW_ADMINS,ou=groups,dc=my,dc=domain) ldap_group_search_base = ou=groups,dc=my,dc=domain access_provider = ldap ldap_access_filter = (memberOf=cn=HW_ADMINS,ou=groups,dc=my,dc=domain) override_homedir = /home/%u override_gid = 1001 override_shell = /bin/bash skel_dir = /etc/skel_HWadm/ debug_level = 7 [domain/02_TERMINAL_RESCTRICTEC_ACCESSS_DOMAIN] autofs_provider = ldap cache_credentials = False id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://my.ldap.server:389 ldap_schema = rfc2307 ldap_default_bind_dn = uid=sssd,ou=ServiceAccounts,dc=my,dc=domain ldap_default_authtok_type = obfuscated_password ldap_default_authtok = ***** ldap_tls_reqcert = never ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts ldap_search_base = dc=my,dc=domain ldap_user_search_base = ou=users,dc=my,dc=domain?subtree?(memberOf=cn=TERMINAL_RESCTRICTEC_ACCESSS,ou=groups,dc=my,dc=domain) ldap_group_search_base = ou=groups,dc=my,dc=domain access_provider = ldap ldap_access_filter = (memberOf=cn=TERMINAL_RESCTRICTEC_ACCESSS,ou=groups,dc=my,dc=domain) override_homedir = /home/%u override_gid = 1002 override_shell = /bin/rbash skel_dir = /etc/skel_terminalaccess/ debug_level = 7 [domain/03_SECURITY_AUDIT_DOMAIN] autofs_provider = ldap cache_credentials = False id_provider = ldap auth_provider = ldap chpass_provider = ldap sudo_provider = none ldap_uri = ldap://my.ldap.server:389 ldap_schema = rfc2307 ldap_default_bind_dn = uid=sssd,ou=ServiceAccounts,dc=my,dc=domain ldap_default_authtok_type = obfuscated_password ldap_default_authtok = ***** ldap_tls_reqcert = never ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts ldap_search_base = dc=my,dc=domain ldap_user_search_base = ou=users,dc=my,dc=domain?subtree?(memberOf=cn=SECURITY_AUDIT,ou=groups,dc=my,dc=domain) ldap_group_search_base = ou=groups,dc=my,dc=domain access_provider = ldap ldap_access_filter = (memberOf=cn=SECURITY_AUDIT,ou=groups,dc=my,dc=domain) override_homedir = /home/%u override_gid = 1003 override_shell = /bin/rbash skel_dir = /etc/skel_secaud/ debug_level = 7 [nss] homedir_substring = /home debug_level = 7 [pam] [autofs] [ssh] [pac] [ifp] _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
