[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = LOCAL,SAMBA

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/LOCAL]
domain_type = local
description = LOCAL Users domain
enumerate = true
min_id = 400
max_id = 499

[domain/SAMBA]
description = Samba 4 Authentication Environment
enumerate = true
use_fully_qualified_names = False
min_id = 500
id_provider = ldap
ldap_uri = ldap://192.168.1.2
ldap_tls_reqcert = never
ldap_tls_cacert = /etc/ssl/certs/raafca.crt
ldap_schema = rfc2307bis
ldap_search_base = dc=bar,dc=com
ldap_referrals = False
ldap_default_bind_dn = cn=ldap-ella,cn=users,dc=bar,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = ReadOnlyAccount
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_fullname = name
ldap_user_gecos = name
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_user_principal = userPrincipalName
ldap_user_pwd = unixUserPassword
ldap_user_modify_timestamp = whenChanged
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = gidNumber
ldap_group_pwd = unixUserPassword
ldap_group_modify_timestamp = whenChanged
ldap_force_upper_case_realm = True
auth_provider = krb5
chpass_provider = krb5
krb5_server = 192.168.1.2
krb5_kpasswd = 192.168.1.2
krb5_kdcip = 192.168.1.2
krb5_realm = BAR.COM
krb5_changepw_principal = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15