ufw
List content of Keytab file
klist -e -k -t /etc/krb5.keytab
Config file /etc/krb5.conf
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
[libdefaults]
default_realm = OFFICE.company.COM
dns_lookup_realm = true
dns_lookup_kdc = true
passwd_check_s_address = false
noaddresses = true
udp_preference_limit = 1
ccache_type = 3
kdc_timesync = 0
allow_weak_crypto = true
ticket_lifetime = 24h
renew_lifetime = 7d
rdns = false
forwardable = yes
[domain_realm]
.in.company.com = OFFICE.company.COM
.lo.company.com = OFFICE.company.COM
.company.com = OFFICE.company.COM
office.company.com = OFFICE.company.COM
Config file /etc/sssd/sssd.conf
[sssd]
domains = office.company.com
config_file_version = 2
services = nss, pam, ifp
[domain/office.company.com]
auto_private_groups = true
ad_domain = office.company.com
ad_hostname = server.office.company.com
default_shell = /bin/bash
krb5_store_password_if_offline = True
krb5_realm = OFFICE.company.COM
cache_credentials = True
id_provider = ad
fallback_homedir = /home/%u
use_fully_qualified_names = False
ldap_id_mapping = True
ldap_idmap_autorid_compat = True
ldap_idmap_range_min = 20000
dyndns_update = false
reconnection_retries = 3
access_provider = simple
simple_allow_groups = it_linux_adm
#simple_deny_groups =
#simple_deny_users =
#simple_allow_users =
#filter_groups =
#filter_users =
[pam]
reconnection_retries = 3
offline_credentials_expiration = 15
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
Get domain group members
Get domain user
id username
getent passwd username