Configuring SSSD

1 hour
  • 4 Learning Objectives

About this Hands-on Lab

The System Security Services Daemon (SSSD) is an important tool for system authentication and authorization. In this hands-on lab, we will configure SSSD in order to develop a basic proficiency with SSSD configuration and operation. We will also explore the local SSSD user configuration store.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install SSSD and the necessary tools.

Run yum install -y sssd sssd-tools.

Configure SSSD to use the local database and to start UIDs and 2000.
  • Run sudo cp /usr/share/doc/sssd-common-<current version>/sssd-example.conf /etc/sssd/sssd.conf && sudo chmod 0600 /etc/sssd/sssd.conf

  • Add the following configurations to /etc/sssd/sssd.conf:
    domains = LOCAL
    id_provider = local
    auth_provider = local
    min_id = 2000

Create the `jsmith` user, the `sis` group, and configure `jsmith` to have `sis` as a supplemental group in the local SSSD database.

Run the following commands:

 sss_useradd jsmith 
 sss_groupadd sis 
 sss_usermod -a sis jsmith 
Verify the user was created but is not located in `/etc/passwd`.
  • Run grep jsmith /etc/passwd and verify no lines return.
  • Run id jsmith to verify the user exists.

Additional Resources

To improve login security, you've been asked to configure local SSSD authentication in a testing environment to prepare for a production deployment of the technology. You must install and configure SSSD to authenticate against the local SSSD database. The users created in the SSSD database should have UIDs starting no lower than 2000. You must test the configuration by creating the user jsmith and the group sis. The user jsmith should have sis assigned as a supplemental group. Verify that jsmith was not created in the regular system user store by checking for jsmith in the /etc/passwd file.

Summary tasks list:

  • Install SSSD and the necessary tools.
  • Configure SSSD to use the local database and start UIDs at 2000.
  • Create the jsmith user, the sis group, and configure jsmith to have sis as a supplemental group in the local SSSD database.
  • Verify that jsmith exists, but is not located in /etc/passwd.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?