|
2541.
|
|
|
ldap_sasl_mech = gssapi
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:43
|
|
2542.
|
|
|
ldap_referrals = false
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:48
|
|
2543.
|
|
|
ldap_account_expire_policy = ad
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:53
|
|
2544.
|
|
|
ldap_use_tokengroups = true
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
|
|
2545.
|
|
|
ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:63
|
|
2546.
|
|
|
The AD provider looks for a different principal than the LDAP provider by default, because in an Active Directory environment the principals are divided into two groups - User Principals and Service Principals. Only User Principal can be used to obtain a TGT and by default, computer object's principal is constructed from its sAMAccountName and the AD realm. The well-known host/hostname@REALM principal is a Service Principal and thus cannot be used to get a TGT with.
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:66
|
|
2547.
|
|
|
NSS configuration
|
|
|
type: Content of: <refsect1><refsect2><title>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:80
|
|
2548.
|
|
|
fallback_homedir = /home/%d/%u
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:84
|
|
2549.
|
|
|
The AD provider automatically sets "fallback_homedir = /home/%d/%u" to provide personal home directories for users without the homeDirectory attribute. If your AD Domain is properly populated with Posix attributes, and you want to avoid this fallback behavior, you can explicitly set "fallback_homedir = %o".
|
|
|
type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ad_modified_defaults.xml:87
|
|
2550.
|
|
|
Certain option defaults do not match their respective backend provider defaults, these option names and IPA provider-specific defaults are listed below:
|
|
|
type: Content of: <refsect1><para>
|
|
|
|
(no translation yet)
|
|
|
|
Located in
include/ipa_modified_defaults.xml:4
|