Hi,

please see logs attached. (couldn't upload logs as they were too large so i hope a tar.gz gets through). I stopped sssd, deleted logs and started sssd. Then ran the commands below;

ssh B\\test.user@localhost - run at (Tue Sep 24 10:31:19 2013) - login succeds
ssh a\\mhunt.test@localhost - run at (Tue Sep 24 10:32:10 2013) - login fails. The error on ssh login is "Permission denied, please try again."

(NOTE: I have just noticed I tested with uppercase domain "B" and lowercase domain "a". I have just retested with uppercase "A" and it still fails.)

There are DNS server errors in the log.

(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record of 'le-vm05-centos6' in DNS
(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error
(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Input/output error, resolver returned: [11]: Could not contact DNS servers

However, DNS from this install is working (when querying its hostname or others on LAN or internet) and from other boxes querying its hostname. resolv.conf has correct name servers and they are responding to 'nslookup' and 'host'

Also the following line looks to be creating the parent domain (domain.org) as a subdomain or b.domain.org?

(Tue Sep 24 10:30:45 2013) [sssd[be[B.DOMAIN.ORG]]] [new_subdomain] (0x0400): Creating [domain.org] as subdomain of [B.DOMAIN.ORG]!

I have changed domain names in logs and changed bits of SIDs. Hope I have not confused anything with SID changes!!

Thanks,

Matthew