[SSSD-users] Active Directory domain authorization on CentOS 7.2 servers with SSSD

Hello SSSD guru`s! I want to set up Active Directory domain authorization in my CentOS 7.2 servers with SSSD. For this I use SSSD as described here: https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-dire... I have set up for several servers and everything works well. But on the last one server SSSD does not work as they should. I attached this server to the domain using the realm utility. It looks nice. [root@KOM-OVIRT1 ~]# realm list ad.holding.com type: kerberos realm-name: AD.HOLDING.COM domain-name: ad.holding.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U(a)ad.holding.com login-policy: allow-permitted-logins permitted-logins: permitted-groups: KOM-SRV-Linux-Admins(a)ad.holding.com However, getent does not return information about domain accounts: [root@KOM-OVIRT1 ~]# getent passwd aleksey(a)ad.holding.com [root@KOM-OVIRT1 ~]# getent for local accounts work: [root@KOM-OVIRT1 ~]# getent passwd root root:x:0:0:root:/root:/bin/bash My /etc/sssd/sssd.conf: ------------------------------------------------ [sssd] domains = ad.holding.com config_file_version = 2 services = nss, pam default_domain_suffix = ad.holding.com [nss] debug_level=9 [domain/ad.holding.com] ad_server = kom-dc01.ad.holding.com, kom-dc02.ad.holding.com ad_domain = ad.holding.com krb5_realm = AD.HOLDING.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u access_provider = ad debug_level=9 ------------------------------------------------ /var/log/sssd/sssd_nss.log: (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ad.holding.com][4097][1][name=aleksey] (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7f8794b5f9a0 (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f8792bce0d0:1:aleksey@ad.holding.com] (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7f8794b5f9a0 (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x7f8794b5b120 (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline (Wed Oct 19 16:54:44 2016) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Fast reply - offline Will try to return what we have in cache (Wed Oct 19 16:54:44 2016) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f8792bce0d0:1:aleksey@ad.holding.com] ------------------------------------------------ /var/log/sssd/sssd_ad.holding.com.log (Wed Oct 19 16:53:21 2016) [sssd[be[ad.holding.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=aleksey] (Wed Oct 19 16:53:21 2016) [sssd[be[ad.holding.com]]] [be_get_account_info] (0x0100): Request processed. Returned 1,11,Fast reply - offline What could be the problem?