There are settings in the sssd.conf file that aren't in the
output or that have the wrong values in the output:
[root@host ~]# cat /etc/sssd/sssd.conf
access_provider = simple
ad_domain = domain.com
ad_hostname = host.domain.com
cache_credentials = true
debug_level = 6
default_shell = /bin/bash
dyndns_update = false
fallback_homedir = /home/%u
id_provider = ad
krb5_realm = DOMAIN.COM
krb5_store_password_if_offline = true
ldap_id_mapping = true
realmd_tags = manages-system joined-with-adcli
simple_allow_groups = Group1
use_fully_qualified_names = false
config_file_version = 2
domains = domain.com
override_space = _
services = nss,pam
[root@host ~]# ldbsearch -H /var/lib/sss/db/config.ldb
server_sort:Unable to register control with rootdse!
# record 1
services: nss, pam
# record 2
Are you really sure that sssd was restarted after changing sssd.conf?
The attribute lastUpdate says taht sssd.conf was changed at
"Tuesday, 29-Mar-16 14:08:49 UTC"
Your timezeone seems to be -4:00 according to mail header.
But in your previous mail configuration file was changed
earlier (13:29:58 UTC)
Mar 29 09:29:58 localhost puppet-agent:
(Class[Realmd::Sssd::Service]) Scheduling refresh of Service[sssd]
Mar 29 09:29:58 localhost systemd: Stopping System Security Services
Mar 29 09:29:58 localhost sssd[nss]: Shutting down
Mar 29 09:29:58 localhost sssd[be[domain.com]]: Shutting down
Mar 29 09:29:58 localhost sssd[pam]: Shutting down
Mar 29 09:29:58 localhost systemd: Starting System Security Services
Mar 29 09:29:58 localhost sssd: Starting up
Mar 29 09:29:58 localhost sssd[be[domain.com]]: Starting up
Mar 29 09:29:59 localhost sssd[nss]: Starting up
Mar 29 09:29:59 localhost sssd[pam]: Starting up
Mar 29 09:29:59 localhost systemd: Started System Security Services Daemon.
Is it possible that sssd.conf was changed more often with different versions ?