This indicates that your hypothesis is probably correct. For one
reason
or another, the SSSD is operating in offline mode, and because the user
has not previously logged in, they are not being granted access via
cached credentials. sssd_LDAP.log will allow us to see why the
connection is being considered offline.
Ok, I've included the sssd_LDAP.log for both a successful connection
(user = jt) and a failed connection (user = iambot). The successful
user pastebin:
http://pastebin.com/v105Tnbx
Failed user pastebin:
http://pastebin.com/Dghdhcsy
I see that the latter shows "backend" is offline, yet the former (just
13 seconds earlier) shows it's "working" and returning info.
What's going on?
johnny