Skip to main content

Configuring SSSD

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

01:00:00

Difficulty

Advanced

The System Security Services Daemon (SSSD) is an important tool for system authentication and authorization. In this hands-on lab, we will configure SSSD in order to develop a basic proficiency with SSSD configuration and operation. We will also explore the local SSSD user configuration store.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring SSSD

Introduction

The System Security Services Daemon (SSSD) is an important tool for system authentication and authorization. In this hands-on lab, we will configure SSSD in order to develop a basic proficiency with SSSD configuration and operation. We will also explore the local SSSD user configuration store.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Install SSSD

  1. Escalate privileges to root.
    sudo su -
  2. Install the necessary SSSD packages.
    yum install -y sssd sssd-tools 

Configure SSSD

  1. Copy the base configuration file from /usr/share/doc/. (Remember to replace <CURRENT_VERSION> with the actual current version number.)
    sudo cp /usr/share/doc/sssd-common-<CURRENT_VERSION>/sssd-example.conf /etc/sssd/sssd.conf && sudo chmod 0600 /etc/sssd/sssd.conf
  2. Edit the /etc/sssd/sssd.conf file.
    vim /etc/sssd/sssd.conf
  3. Under the line "; domains = LDAP", add the following text:

    domains = LOCAL
    
    [domain/LOCAL] 
    id_provider = local 
    auth_provider = local 
    min_id = 2000
  4. Press Esc, then type :wq to exit the vim text editor.
  5. Start the SSSD service.
    systemctl start sssd

Create and Configure a New User and Group

  1. Add the user jsmith.
    sss_useradd jsmith 
  2. Create the sis group.
    sss_groupadd sis
  3. Add sis as a supplemental group to jsmith.
    sss_usermod -a sis jsmith

Verify That the New User Does Not Exist in /etc/passwd

  1. Search /etc/passwd for jsmith.
    grep jsmith /etc/passwd
  2. Verify that the user exists in the sis group.
    id jsmith

Conclusion

Congratulations, you've successfully completed this hands-on lab!