Okay, so I have sssd-ad pretty much working on a Fedora 18 laptop, but I'm not having much luck getting it going on RHEL 6.4, at least not for GDM logins.

If I have the sssd daemon running, I get an authentication failure using my domain username / password, and my local account login takes orders of magnitude longer to complete than if sssd is shut off. This is after I've manually (and successfully) completed 'kinit <domain-username>' and 'net ads join -k', so I have a TGT and two application principals (cifs and ldap) attached to my domain user principal. There is also a valid krb5.keytab file in /etc/.

Now from my Fedora laptop, where I'm logged in with my domain credentials (the same ones, obviously, as I'm trying to use from my RHEL 6.4 workstation): if the sssd daemon is not running on the RHEL 6.4 workstation, an attempt to ssh from the laptop fails with an authentication error. Once I start sssd on the workstation, my ssh connection from the laptop succeeds without any password or passphrase challenges - presumably because the kerberos credentials are in force.

The files /etc/krb5.conf, /etc/samba/smb.conf, and /etc/sssd/sssd.conf are identical on both systems, but obviously the applications and libraries are different versions between Fedora 18 and RHEL 6.4. Has anyone here gotten everything working (with Microsoft Active Directory) using sssd on RHEL 6.4?

Regards,

--
Harry Sutton
Global Solutions Support Engineering (GSSE)
GSD Customer Solution Center
Technology Services, Enterprise Group