[sssd]
debug_level = 3
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam

domains = LANCS

[nss]
debug_level = 3
filter_groups = root
filter_users = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd
reconnection_retries = 3
entry_cache_nowait_percentage = 50

[pam]
debug_level = 3
reconnection_retries = 3
offline_failed_login_attempts = 5
offline_failed_login_delay = 5
# allow PAM to cache user details for this long
# this can improve login times
# but it also delays AD changes from being seen
pam_id_timeout = 600

[domain/LANCS]
timeout = 60
debug_level = 3
dns_discovery_domain = lancs.local

id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = none

ad_domain = lancs.local
ad_enable_gc = false
ldap_id_mapping = False
ldap_use_tokengroups = false
dyndns_update = false
enumerate = False
min_id = 200
cache_credentials = False
ldap_user_gecos = displayName
ad_gpo_access_control=permissive

# ignore_group_members makes getgr* omit the members field
# this vastly improves performance for things like id and sudo
# but it may need to be disabled if any of your applications
# expect to be able to read group memberships.
ignore_group_members = true

# ad_cli messes up renewal of machine account passwords
ad_maximum_machine_account_password_age = 0

# you may wish to use these instead of the directory-provided values
#override_homedir = /home/%u
#override_shell = /bin/bash