[CentOS] sssd.conf file missing

Thu Jun 23 16:51:35 UTC 2016
Gordon Messmer <gordon.messmer at gmail.com>

On 06/23/2016 05:23 AM, Kaplan, Andrew H. wrote:
> We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication.

In an AD environment, it's important to point out that you typically 
can't do "ldap authentication".  You can, but you'll need a service 
account to do it, and none of the work you've described so far indicates 
that you've set one up.

Instead of thinking about AD as LDAP, consider it a set of services that 
should be used together.  Technically, you'll use LDAP for identity and 
Kerberos for authentication, but you should think of AD as providing 
both identity and authentication.

The easy way to use AD is to use the realm tool to set up integration:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/realmd-domain.html

The details of setting up AD manually are described in excruciating 
detail here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Windows_Integration_Guide/Red_Hat_Enterprise_Linux-7-Windows_Integration_Guide-en-US.pdf

If you use realmd, you should not need to edit sssd.conf at all.  If you 
decide to do things manually, I'd still recommend providing the complete 
configuration description to "authconfig" and allowing it to write 
sssd.conf for you.