Line 82: |
Line 82: |
| | | |
| [pam] | | [pam] |
− |
| + | |
| [domain/LDAP] | | [domain/LDAP] |
| + | # Debug is now per domain |
| + | # Debug level can be 0-10 for simple levels, |
| + | # or for more control hex values Format is 0xXXXX |
| + | # 1 = 0x0010 2 = 0x0020 3 = 0x040 4 = 0x080 5 = 0x0100 6 = 0x0200 |
| + | # see man sssd for more |
| + | # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sssd-troubleshooting |
| + | debug_level = 3 |
| id_provider = ldap | | id_provider = ldap |
| auth_provider = ldap | | auth_provider = ldap |
Line 225: |
Line 232: |
| | | |
| ===Mount Shares=== | | ===Mount Shares=== |
| + | |
| + | {{Note box|The following page is worth a read https://wiki.contribs.org/Smeserver-tw-logonscript#Linux_client_integration |
| + | It is possible to create a simple local pam_mount.conf.xml file and then load a per user config from the server}} |
| | | |
| If you can successfully login with a domain account you can now try and automatically mounts shares. | | If you can successfully login with a domain account you can now try and automatically mounts shares. |
Line 230: |
Line 240: |
| You will require at least cif-utils and libpam-mount | | You will require at least cif-utils and libpam-mount |
| | | |
− | sudo apt-get install libpam_mount cifs-utils | + | sudo apt-get install libpam-mount cifs-utils |
| | | |
| In the above file /etc/auth-client-config/profile.d/sss | | In the above file /etc/auth-client-config/profile.d/sss |
Line 265: |
Line 275: |
| user = "*" | | user = "*" |
| sgrp = "admins"/> | | sgrp = "admins"/> |
− | <!-- General Directory-->
| + | <!-- General Directory--> |
| <volume fstype = "cifs" | | <volume fstype = "cifs" |
| server = "sme.server.com" | | server = "sme.server.com" |
Line 276: |
Line 286: |
| _EOF | | _EOF |
| | | |
| + | You may need to add a 'sec' option like this: |
| + | |
| + | options = "uid=%(USER),nosuid,nodev,noexec,sec=ntlmssp,vers=1.0" |
| | | |
| Now when you login as a domain user your shares should mount and you should have full sudo access. | | Now when you login as a domain user your shares should mount and you should have full sudo access. |