[Freeipa-users] SSH with password fails - 7 (Authentication failure)

Hi guys. This have puzzled my and left clueless. It's a fresh new deployment and still only single master. Very first & only user and I cannot 'ssh' with password - but krb ticket I can obtain and 'ssh' with it successfully. ssh logs: .. pam_sss(sshd:auth): received for user bs58: 7 (Authentication failure) .. with in: /etc/sssd/sssd.conf [pam] debug_level=9 only fail/error/warn in sssd_pam.log is: .. (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] service: sshd (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] tty: ssh (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] ruser: not set (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] rhost: 10.0.0.16 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] authtok type: 1 (Password) (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] newauthtok type: 0 (No authentication token available) (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] priv: 1 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] cli_pid: 25363 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] logon name: bs583 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] flags: 2 (2022-01-16 12:20:18): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2022-01-16 12:20:18): [pam] [sbus_dispatch] (0x4000): Dispatching. (2022-01-16 12:20:18): [pam] [pam_dp_send_req_done] (0x0200): received: [7 (Authentication failure)][ccn.private.com][CID #6] (2022-01-16 12:20:18): [pam] [pam_reply] (0x4000): pam_reply initially called with result [7]: Authentication failure. this result might be changed during processing (2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): blen: 43 (2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): Returning [7]: Authentication failure to the client [CID #6] (2022-01-16 12:20:20): [pam] [client_recv] (0x0200): Client disconnected! ... It's on Centos 8 with: ipa-server-4.9.6-10.module_el8.5.0+1055+c415bbe9.x86_64 sssd-ipa-2.5.2-2.el8_5.3.x86_64 krb5-libs-1.18.2-14.el8.x86_64 I've tried higher 'debug_level' for other bits in '/etc/sssd/sssd.conf' but there it nothing 'abnormal' there - or I've gone blind. All & any suggestions on how to troubleshoot/fix this very much appreciated. many thanks, L.