tune_sssd.sh: improve config, remove old etersoft.conf

dc-client/tune_sssd.sh

@@ -2,6 +2,8 @@
 
 # Use: ./tune_sssd.sh [AdminUser] [REALM]
 
+# Check https://www.altlinux.org/SSSD/AD"
+
 fatal()
 {
     echo "$@" >&2
@@ -67,13 +69,28 @@ fi
 #fi
 
 if [ -d /etc/sssd/conf.d ] ; then
+[ -f /etc/sssd/conf.d/etersoft.conf ] && rm -vf /etc/sssd/conf.d/etersoft.conf
+
 cat <<EOF >/etc/sssd/conf.d/ad.conf || fatal
 [sssd]
+config_file_version = 2
+services = nss, pam
 domains = $REALM
+debug_level = 1
+
+; Should be used until ALT#34124 will be resolved
+user = root
+
+[nss]
+debug_level = 1
+
+[pam]
+debug_level = 1
 
 [domain/$REALM]
 id_provider = ad
 auth_provider = ad
+# check https://docs.pagure.org/SSSD.sssd/design_pages/active_directory_access_control.html
 access_provider = ad
 chpass_provider = ad
 
@@ -81,11 +98,11 @@ default_shell = /bin/bash
 fallback_homedir = /home/%u
 ;debug_level = 5
 
-;chpass_provider = ldap
 ; enable when auto discovery is enabled
 ldap_chpass_dns_service_name = ad
 
 ldap_id_mapping = False
+
 use_fully_qualified_names = False
 ; always ask KDC
 cache_credentials = false
@@ -96,7 +113,7 @@ EOF
 
 chmod 0600 /etc/sssd/conf.d/ad.conf
 else
-    echo "Skipping sssd conf creating"
+    echo "Skipping sssd conf creating (/etc/sssd/conf.d/ad.conf is exists)"
 fi
 
 # TODO: Fedora has special command for change nssswitch.conf
@@ -160,5 +177,6 @@ case $(distr_info -d) in
 esac
 
 echo "Done. Don't bother about DNS errors above"
+echo "Check https://www.altlinux.org/SSSD/AD for detailed description."
 exit