config_file_version = 2
services = nss, pam

# Managed by system facility command:
## control sssd-drop-privileges unprivileged|privileged|default
user = _sssd
domains = domain.local

# SSSD will not start if you do not configure any domains.

[nss]

[pam]

[domain/domain.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = domain.local
realmd_tags = manages-system joined-with-adcli 
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = domain.local
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
ad_site = controller.domain.local
ad_gpo_ignore_unreadable = True
ad_gpo_map_network = +nx