[sssd] services = nss, pam config_file_version = 2 domains = example debug_level = 9 [nss] filter_users = root filter_groups = root [pam] [domain/example] ad_hostname = kde-client.example.net ad_server = samba4-1.example.net ad_domain = example default_shell = /bin/bash override_homedir = /home/\%u ldap_schema = ad id_provider = ad access_provider = ad # on large directories, you may want to disable enumeration for performance reasons enumerate = true cache_credentials = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = GSSAPI ldap_sasl_authid = kde-client\$@EXAMPLE.NET krb5_realm = EXAMPLE.NET krb5_server = samba4-1.example.net krb5_kpasswd = samba4-1.example.net krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true ldap_referrals = false ldap_uri = ldap://samba4-1.example.net ldap_search_base = dc=example,dc=net dyndns_update=false ldap_id_mapping=true