[sssd]
domains = {{ domain }}
config_file_version = 2

[domain/{{ domain }}]
default_shell = /bin/bash
cache_credentials = True
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = {{ domain | upper }}
id_provider = ad
#override_homedir = /home/%u
ad_domain = {{ domain }}
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = True
ad_maximum_machine_account_password_age = 0