The sssd.io site offers good documentation about joining to an AD domain.

 

https://sssd.io/docs/ad/ad-introduction.html

 

cache_credentials = true – would allow for offline logins.

 

Outside of that, it can be tricky to offer advice because some options will relate to your domain setup.

 

For instance, POSIX UID/GIDs may or may not be in your domain.

 

Cheers

Mark

 

 

From: Matt Zagrabelny <mzagrabe@d.umn.edu>
Sent: 15 April 2022 04:35
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] Debian user for sssd with AD

 

You don't often get email from mzagrabe@d.umn.edu. Learn why this is important

CAUTION: External email. Ensure this message is from a trusted source before clicking links/attachments.

 

Greetings,

 

I haven't started using sssd yet, but am excited to do so.

 

I have a bunch of Debian clients that I'd like to use/test against an AD controller.

 

I'm assuming other folks have done such configurations. I'm afraid I don't know exactly which packages I'll need to install to have sss(d) perform the nsswitch'ing. I've read that sssd has a local cache in case the connection to the LDAP directory fails.

 

Can anyone point me in the right direction regarding what packages I'll need or perhaps a HOWTO document on the internet? I've seen a few Redhat/Fedora docs - which I can translate/interpret for Debian as needed, but was wondering if there was a somewhat condensed version for simply setting up a (Debian) client.

 

Thanks for any pointers and for helping out a newcomer.

 

-m



The University of Aberdeen is a charity registered in Scotland, No SC013683.
Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. SC013683.