sssd->AD authentication not working on 6.8
I followed the instructions for authenticating RHEL 6 users to AD. I have been able to join the server to the domain and can run ldapsearch with positive results. I can also run kinit and obtain a ticket granting ticket. However, authenticating users fails.
Log files indicate different output. For instance, /var/log/sssd/ldap_child.log states
(Tue Mar 21 12:07:58 2017) [[sssd[ldap_child[13426]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Preauthentication failed
and /var/log/secure states
Mar 21 11:35:48 drfoak01 login: pam_unix(login:auth): check pass; user unknown
Mar 21 11:35:48 drfoak01 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost=
Mar 21 11:35:48 drfoak01 login: pam_succeed_if(login:auth): error retrieving information about user user
Mar 21 11:35:50 drfoak01 login: FAILED LOGIN 1 FROM (null) FOR user, User not known to the underlying authentication module
Configurations are accurate:
sssd.conf:
[sssd]
config_file_version = 2
domains = domain.local
services = nss, pam, autofs, ssh
[domain/hph.local]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ldap_id_mapping = false
[autofs]
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
rdns = false
forwardable = true
[realms]
# DOMAIN.LOCAL = {
# kdc = kdc.domain.local
# admin_server = kdc.domain.local
# }
[domain_realm]
# domain.local = DOMAIN.LOCAL
# .domain.local = DOMAIN.LOCAL
and smb.conf:
[global]
workgroup = DOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
password server = kdc.domain.local
realm = DOMAIN.LOCAL
security = ads
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read_only = No
inherit acls = Yes
This configuration mirrors that of a functioning RHEL 7, but is also pretty much the configuration defined by the document mentioned above for RHEL 6.
I know this question comes up a lot, but so far nothing I've read has solved the problem I'm encountering.