Centralised authentication through LDAP is very useful. No matter the number of machine that used it, the user have the same login and groups. When the user change his password on one of the machine, the password is updated everywhere. However in case of lack of connection with the LDAP server it is no more possible to login. Here we will see how to configure sssd to provide caching and offline support of identity and authentication to the system.
You will need to have a working LDAP server that is able to provide authentication.
On the client first install
# apt-get install sssd
It should also install
libnss-sss packages that
provide the binding for authentication and identity. Be sure to remove any other
caching server like
All the configuration is done in the
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 debug_level = 10 services = nss, pam domains = EXAMPLE [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/EXAMPLE] enumerate = false cache_credentials = true id_provider = ldap auth_provider = ldap chpass_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.example.com/ ldap_search_base = dc=example,dc=com ldap_tls_reqcert = never ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt ldap_default_bind_dn = cn=admin,dc=example,dc=com ldap_default_authtok_type = password ldap_default_authtok = xxxxxxxxx