oops! please excuse previous reply re: SHA1. John.
It would be very helpful if you could include your sssd.conf. I strongly suspect
that you have a typo in your configuration somewhere.
I have included sssd.conf file. I have tried to keep it as simple as possible but have tried several iterations on it as well. -------------------------
[domain/default]
debug_level = 9 ldap_id_use_start_tls = True ldap_search_base = ou=internal,dc=parc,dc=com krb5_realm = EXAMPLE.COM krb5_server = kerberos.example.com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://pldap.parc.com/ cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_reqcert = demand [sssd] services = nss, pam config_file_version = 2 enumerate = True domains = default
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]