« back to all changes in this revision
Viewing changes to serverguide/C/network-auth.xml
- browse files at revision 266
- compare with another revision
- download diff
- download tarball
- view history from revision 266
- Committer: Doug Smythies
- Date: 2016-02-07 19:02:01 UTC
- Revision ID: dsmythies@telus.net-20160207190201-4064kw4iqlfz8eg8
the old ascii checker command missed some issues, found by improved command.
- files modified:
- serverguide/C/network-auth.xml
added
removed
serverguide/C/network-auth.xml
3980
3980
<title>Prerequisites, Assumptions, and Requirements</title>
3981
3981
<itemizedlist>
3982
3982
<listitem>
3983
<para>This guide does not explain Active Directory, how it works, how to set one up, or how to maintain it. It may not provide “best practices” for your environment.</para></listitem>
3983
<para>This guide does not explain Active Directory, how it works, how to set one up, or how to maintain it. It may not provide <quote>best practices</quote> for your environment.</para></listitem>
3984
3984
<listitem>
3985
3985
<para>This guide assumes that a working Active Directory domain is already configured.</para></listitem>
3986
3986
<listitem>
4019
4019
renew_lifetime = 7d
4020
4020
</programlisting>
4021
4021
4022
<para>If default_realm is not specified, it may be necessary to log in with “username@domain” instead of “username”.</para>
4022
<para>If default_realm is not specified, it may be necessary to log in with <quote>username@domain</quote> instead of <quote>username</quote>.</para>
4023
4023
4024
4024
<para>The system time on the Active Directory member needs to be consistent with that of the domain controller, or Kerberos authentication may fail. Ideally, the domain controller server itself will provide the NTP service. Edit <filename>/etc/ntp.conf</filename>:</para>
4025
4025
4155
4155
4156
4156
<sect2 id="sssd-ad-mkhomedir" status="review">
4157
4157
<title>Home directories with pam_mkhomedir (optional)</title>
4158
<para>When logging in using an Active Directory user account, it is likely that user has no home directory. This can be fixed with pam_mkdhomedir.so, which will create the user’s home directory on login. Edit <filename>/etc/pam.d/common-session</filename>, and add this line directly after <emphasis>session required pam_unix.so:</emphasis></para>
4158
<para>When logging in using an Active Directory user account, it is likely that user has no home directory. This can be fixed with pam_mkdhomedir.so, which will create the user's home directory on login. Edit <filename>/etc/pam.d/common-session</filename>, and add this line directly after <emphasis>session required pam_unix.so:</emphasis></para>
4159
4159
<programlisting>
4160
4160
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
4161
4161
</programlisting>
4162
4162
4163
<note><para>This may also need <emphasis>override_homedir</emphasis> in <filename>sssd.conf</filename> to function correctly, so make sure that’s set.</para></note>
4163
<note><para>This may also need <emphasis>override_homedir</emphasis> in <filename>sssd.conf</filename> to function correctly, so make sure that's set.</para></note>
4164
4164
</sect2>
4165
4165
4166
4166
<sect2 id="sssd-ad-desktop" status="review">
Loggerhead is a web-based interface for Breezy
Version: 2.0.1