[sssd]
services = nss, pam
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[domain/hh3.site]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
That's it. It takes care of all the rfc2307 mapping and gssapi keytab stuff. Just make sure you have the MACHINE$ key available in the keytab. Oh, don't forget to clear the cache:
rm /usr/local/var/lib/sss/db/*
It throws in A, AAAA and PTR updates for free. Great if you're on dhcp. A big thanks to the sssd devs.
Add autofs to taste with this configuration. Unfortunately, there is no autofs_provider = ad. Yet:(
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]
[domain/default]
dyndns_update_ptr=true
ad_hostname = catral.hh3.site
ad_server = hh16.hh3.site
ad_domain = hh3.site
ldap_schema = ad
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad
ldap_id_mapping=false
ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$@HH3.SITE
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
autofs_provider=ldap
autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
autofs schema details here