### MANAGED BY PUPPET (base-configuration::authentication) [sssd] domains = student.otago.ac.nz config_file_version = 2 services = nss, pam [domain/student.otago.ac.nz] ad_domain = student.otago.ac.nz krb5_realm = STUDENT.OTAGO.AC.NZ realmd_tags = joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u # create private groups for users auto_private_groups = True # only retrieve the "domain user" group (the rest are useless to us) ldap_use_tokengroups = False ldap_group_search_base = CN=Users,DC=win,DC=trust,DC=test?sub?(|(cn=domain users)) # don't manage sudo via SSSD sudo_provider = None # the following *significantly* speeds up login (we don't need to validate group memberships) ignore_group_members = True