On (08/12/17 06:02), Иван Мастренко wrote: >Hello! >I'm trying to implement system, where could be logged 3 types of ldap users >separated per groups. >First type is full admin, another 2 is a very imited users, with rbash and >unical per group home dir, which defines which commands a allowed to this >groups of users. > >Can i set per-domain skel dir? > >My conf: > >[sssd] >services = nss, pam, autofs >config_file_version = 2 >domains = 01_HW_ADMINS_DOMAIN, 02_TERMINAL_RESCTRICTEC_ACCESSS_DOMAIN, >03_SECURITY_AUDIT_DOMAIN > > >[domain/default] >debug_level = 7 > > >[domain/01_HW_ADMINS_DOMAIN] >autofs_provider = ldap >cache_credentials = False >id_provider = ldap >auth_provider = ldap >chpass_provider = ldap >
The problem is that the option skel_dir is supported only with local provider and not with ldap provider. As it is described in man sssd.conf. Maybe you should try to solve your problem in different way. I can image that host based access control (HBAC) could be a solution but that is supported only with IPA (or GPO with Active directory) With ldap provider you might try to use https://docs.pagure.org/SSSD.sssd/design_pages/restrict_domains_in_pam.html But I think it is a little bit different use-case then yours. LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org