OK, so all the workaround config changes are either useless or harmful, but
we're still left with the problem. I can provide logs, but I'd rather not
provide them publicly as they provide too many internal details I'd think...
We join computers to the domain using "kinit <domain_admin_user> && net
The Red Hat support engineer had me enable debug in various SSSD sections,
and also provide the output from ldbsearch.
John Beranek To generalise is to be an idiot.
-- William Blake