I ran into this random SSSD authentication issue this morning:

– Users were unable to SSH into a single server, receiving a SSH Public Key error message

– I restarted the SSSD service and confirmed that it could connect to Active Directory

– However, SSH wasn’t performing user looks to AD via SSSD

– The log files (/var/logs/sssd) didn’t display any obvious errors

– Using the sssd command to diagnose errors produced a random error:

sssd -d 9 -c /etc/sssd/sssd.conf -i

[check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].

– This turned out to be a red herring, however.

– Eventually, I read this excellent article on the SSSD authentication process, which mentioned a NSS config file at /etc/nsswitch.conf

– Editing the file showing that it was missing all references to SSSD in it! The config file should look something like this:

passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files

hosts: files dns
networks: files

protocols: db files
services: db files sss
ethers: db files
rpc: db files

netgroup: nis sss
sudoers: files sss

Save the changes and restart the SSSD and SSH services, and you should be set to go now!