Vorraussetzung:

• Serverseitig wird die selbe Konfiguration benötigt wie bei nss-ldap.
• LDAP-Server mit SSL/TLS

Pakete:

• Debian (7): sssd sssd-tools
  • nscd entfernen
• Debian (10): sssd sssd-tools libnss-sss libpam-sss
• openSuSE (12.3): sssd sssd-tools
  • nscd entfernen

Debian (7):

cp /usr/share/doc/sssd/examples/sssd-example.conf /etc/sssd/sssd.conf

Debian (9):

cp /usr/share/doc/sssd-common/examples/sssd-example.conf /etc/sssd/sssd.conf

/etc/sssd/sssd.conf :

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[nss]
[pam]
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
# debian, redhat
ldap_schema = rfc2307
# suse
#ldap_schema = rfc2307bis
ldap_uri = ldap://vm1.example.com
ldap_search_base = dc=example,dc=com
cache_credentials = true

chmod 600 /etc/sssd/sssd.conf

/etc/nsswitch.conf :

passwd:         files sss
group:          files sss
shadow:         files sss
netgroup:       nis sss

OpenSuSE (12.3):

pam-config --add --sss

Debian (7):

pam-auth-update

→

/etc/pam.d/common-account :

account       [default=bad success=ok user_unknown=ignore]    pam_sss.so 

/etc/pam.d/common-auth :

auth     [success=1 default=ignore]                      pam_sss.so use_first_pass

/etc/pam.d/common-password :

password     sufficient                                      pam_sss.so 

/etc/pam.d/common-session :

session       optional                                        pam_sss.so