[Freeipa-users] Re: issues ssh'ing as AD user to freeipa client

Hello We have made the recommended changes by updating ignore_group_members = True subdomain_inherit = ignore_group members in the [domain/...] section on IPA servers and clients and updated refresh_expired_interval = 4000 Unfortunately we are still unable to log in to IPA clients using AD user accounts. Sanitized logs from the freeipa client are available here https://privatebin.net/?92fe7e1e98968463#BVdn5hR2L5gkt3ryfvvzygWDhs2DsAYk... I see frequent entries indicating SSSD is offline, however when I view the status it appears to be online. Heidi