Update sssd-example.conf

Mention cache_credentials and tweak the AD example to match the wiki page.

https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server

1 files changed, 6 insertions, 3 deletions

diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf
index b18c4049..59df4167 100644
--- a/src/examples/sssd.conf
+++ b/src/examples/sssd.conf
@@ -26,6 +26,8 @@ services = nss, pam
 # Consequently, the default value for enumeration is FALSE.
 # Refer to the sssd.conf man page for full details.
 ; enumerate = false
+# Allow offline logins by locally storing password hashes (default: false).
+; cache_credentials = true
 
 # An example Active Directory domain. Please note that this configuration
 # works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
@@ -39,13 +41,14 @@ services = nss, pam
 ;
 ; ldap_uri = ldap://your.ad.example.com
 ; ldap_search_base = dc=example,dc=com
+; ldap_schema = rfc2307bis
 ; ldap_sasl_mech = GSSAPI
-; ldap_sasl_authid = hostname$@EXAMPLE.COM
 ; ldap_user_object_class = user
 ; ldap_group_object_class = group
 ; ldap_user_home_directory = unixHomeDirectory
-; ldap_schema = rfc2307bis
-; ldap_force_upper_case_realm = True
+; ldap_user_principal = userPrincipalName
+; ldap_account_expire_policy = ad
+; ldap_force_upper_case_realm = true
 ;
 ; krb5_server = your.ad.example.com
 ; krb5_realm = EXAMPLE.COM