I ran into this random SSSD authentication issue this morning:
– Users were unable to SSH into a single server, receiving a SSH Public Key error message
– I restarted the SSSD service and confirmed that it could connect to Active Directory
– However, SSH wasn’t performing user looks to AD via SSSD
– The log files (/var/logs/sssd) didn’t display any obvious errors
– Using the sssd command to diagnose errors produced a random error:
[check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [No such file or directory].
– This turned out to be a red herring, however.
– Eventually, I read this excellent article on the SSSD authentication process, which mentioned a NSS config file at /etc/nsswitch.conf
– Editing the file showing that it was missing all references to SSSD in it! The config file should look something like this:
group: compat sss
shadow: compat sss
hosts: files dns
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss
Save the changes and restart the SSSD and SSH services, and you should be set to go now!