This was a case where 'realm permit' of a user was causing a back-end sssd process (sssd_be) to core dump. (sigsegv). I reported this to this group a few months ago. We're working this case with the Linux OS vendor. Turns out, if we explicitly add:
ldap_sasl_authid = host/<HOST>@<HOST's REALM>
to each [domain/XXX.COMPANY.COM
] stanza in /etc/sssd/sssd.conf file, it no longer core dumps.
That is, we have these child AD domains defined in sssd.conf
However, our host is registered in only one child domain. Say AMER for a server amerhost1 in North America. So we'd set:
Why does this prevent sssd_be from core dumping? Not a clue! But sssd performs flawlessly once this is added.