LDAP

How to set up authorization in ad on ubuntu 20.04 without entering domain?

Trying to setup ad auth on ubuntu 20.04 using sssd via ldap with kerberos auth without domain login.
Do not offer to enter into the domain, because this is a necessary condition.

Server OS Windows Server 2019
Domain doom.local
KDC ad1.doom.local
Test account test

1) Installed the packages:
sudo apt install sssd-ldap sssd-krb5 ldap-utils krb5-user

2) Received a ticket:
kinit test

3) Checked what I got :
klist -c

4) Test configuration /etc/sssd/sssd.conf:

[sssd]
config_file_version = 2
domains = doom.local

[domain/doom.local]
id_provider = ldap
ldap_uri = ldap://ad1.doom.local
ldap_search_base = dc=doom,dc=local
auth_provider = krb5
krb5_server = ad1.doom.local krb5_kpasswd
= ad1.doom.local
krb5_realm = DOOM.LOCAL cache_credentials
= True
enumerate = true :root /etc/sssd/sssd.conf sudo chmod 0600 /etc/sssd/sssd.conf 6) Started the service: sudo systemctl start sssd.service 7) Configured automatic home folder creation sudo pam-auth-update --enable mkhomedir 8 ) I'm trying to get test account data from the domain, but the command does not work: getent passwd test The system tries to find a user in the local Ubuntu directory.





The command: "ldapwhoami -h ad1.doom.local -N" shows that it is connected to ldap through the account test:
SASL/GSSAPI authentication started
SASL username: [email protected]
SASL SSF: 256
SASL data security layer installed.
u:DOOM\test

What should I do to make ubuntu look for a user in AD when I type "sudo login test"?