I deployed a clean/new Fedora 27 minimal, installed ipa-client/sssd, we have sssd version 1.16.0-6.fc27 on that virtual machine now, and then enrolled the host in our FreeIPA.
Then I did a:
service sssd stop ; rm -rvf /var/lib/sss/db/* ; rm -rvf /var/lib/sss/mc/* ; rm -rvf /var/log/sssd/* ; service sssd start
added log level 9 to all sections of the sssd config file
Ran my test and then tar'd up the sssd log files and attached them here.
I did look them over beforehand but I'm not seeing anything interesting that I would recognize other than:
(Wed Mar 14 14:50:06 2018) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][placeiq.net
A little more background.
Of course we don't run Fedora in production, it's all CentOS, mostly 7 and some 6. And we use FreeIPA.
We use Rundeck (http://rundeck.org/
) for job scheduling and we have a few jobs that can, if not properly scheduled, trigger multiple logins to the same host, by the same FreeIPA user, at the same time.
This did not used to cause problems but unfortunately Puppet pushed out an update to sssd to all of our CentOS nodes last Friday, March 9 and with this updated sssd version we started seeing failures.