yum install sssd
[sssd]
config_file_version = 2
domains = comp.local
services = nss
[nss]
filter_users = root
shell_fallback = /sbin/nologin
fallback_homedir = /usr/share/smbusers/%u (любой, должен существовать!)
default_shell = /bin/sh
[domain/comp.local]
id_provider = ldap
auth_provider = ad
access_provider = ldap
selinux_provider = none
ldap_referrals = false
ldap_uri = ldap://dc1.comp.local/
ldap_backup_uri = ldap://dc3.comp.local/
ad_server = dc1.comp.local
ad_backup_server = dc3.comp.local
ldap_sasl_mech = GSSAPI
ldap_id_mapping = true
ldap_schema = ad
ldap_idmap_default_domain_sid = [SID]
lookup_family_order = ipv4_only
case_sensitive = false
ldap_user_search_base = dc=comp,dc=local
ldap_group_search_base = dc=comp,dc=local
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
krb5_realm = COMP.LOCAL
krb5_canonicalize = false
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_gecos = displayName
ldap_user_principal = userPrincipalName
ldap_user_modify_timestamp = whenChanged
ldap_user_shadow_last_change = pwdLastSet
ldap_user_shadow_expire = accountExpires
ldap_group_object_class = group
ldap_group_name = cn
objectSid: S-1-5-21-BBBBBBBBB-AAAAAAAAAA-XXXXXXXX-YYYYY
passwd: files sss
group: files sss
shadow: files sss
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
automount: files sss
aliases: files
netgroup: files sss