The scenario is an IPA with an AD trust. The users belong to AD. IPA is a Rocky Linux 8, and AD is a Samba 4.14.10 over Rocky Linux 8 too.

We have a couple of IPA host clients to test. One is another Rocky Linux 8, and the other is an Ubuntu 20.04. Everything works fine: AD users can login into the clients. The only problem is, after some time of inactivity on the clients (not sure how much time), AD users cannot login anymore, but just for a while (some seconds, or a minute). In that period, executing an "id user" with an AD user in the client, gives me nothing.

In Rocky Linux client, it seems that everything start to works again after SSSD Kerberos Cache Manager is started (which is done automatically), as can be seen in the following log from journalctl:

Dec 07 12:52:08 rockyprueba.xx.xx sshd[12054]: Invalid user usupru2 from 10.X.X.X port 56778
Dec 07 12:52:09 rockyprueba.xx.xx sshd[12054]: Postponed keyboard-interactive for invalid user usupru2 from 10.X.X.X port 56778 ssh2 [preauth]
Dec 07 12:52:12 rockyprueba.xx.xx sshd[12056]: pam_unix(sshd:auth): check pass; user unknown
Dec 07 12:52:12 rockyprueba.xx.xx sshd[12056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
Dec 07 12:52:14 rockyprueba.xx.xx sshd[12054]: error: PAM: Authentication failure for illegal user usupru2 from 10.X.X.X
Dec 07 12:52:14 rockyprueba.xx.xx sshd[12054]: Failed keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 56778 ssh2
Dec 07 12:52:14 rockyprueba.xx.xx sshd[12054]: Postponed keyboard-interactive for invalid user usupru2 from 10.X.X.X port 56778 ssh2 [preauth]
Dec 07 12:52:19 rockyprueba.xx.xx sshd[12057]: pam_unix(sshd:auth): check pass; user unknown
Dec 07 12:52:19 rockyprueba.xx.xx sshd[12057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
Dec 07 12:52:21 rockyprueba.xx.xx sshd[12054]: error: PAM: Authentication failure for illegal user usupru2 from 10.X.X.X
Dec 07 12:52:21 rockyprueba.xx.xx sshd[12054]: Failed keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 56778 ssh2
Dec 07 12:52:21 rockyprueba.xx.xx sshd[12054]: Postponed keyboard-interactive for invalid user usupru2 from 10.X.X.X port 56778 ssh2 [preauth]
Dec 07 12:52:32 rockyprueba.xx.xx sshd[12058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X  user=usupru2
Dec 07 12:52:32 rockyprueba.xx.xx krb5_child[12061]: Preauthentication failed
Dec 07 12:52:32 rockyprueba.xx.xx krb5_child[12061]: Preauthentication failed
Dec 07 12:52:32 rockyprueba.xx.xx sshd[12058]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X user=usupru2
Dec 07 12:52:32 rockyprueba.xx.xx sshd[12058]: pam_sss(sshd:auth): received for user usupru2: 7 (Authentication failure)
Dec 07 12:52:34 rockyprueba.xx.xx sshd[12054]: error: PAM: Authentication failure for illegal user usupru2 from 10.X.X.X
Dec 07 12:52:34 rockyprueba.xx.xx sshd[12054]: Failed keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 56778 ssh2
Dec 07 12:52:36 rockyprueba.xx.xx sshd[12054]: Connection closed by invalid user usupru2 10.X.X.X port 56778 [preauth]
Dec 07 12:52:40 rockyprueba.xx.xx systemd[1]: Starting SSSD Kerberos Cache Manager...
Dec 07 12:52:40 rockyprueba.xx.xx systemd[1]: Started SSSD Kerberos Cache Manager.
Dec 07 12:52:40 rockyprueba.xx.xx sssd_kcm[12068]: Starting up
Dec 07 12:52:40 rockyprueba.xx.xx sshd[12064]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X user=usupru2
Dec 07 12:52:41 rockyprueba.xx.xx sshd[12062]: Accepted keyboard-interactive/pam for usupru2 from 10.X.X.X port 56786 ssh2

Whereas in Ubuntu I can see the following related lines in the auth log:

Dec  9 10:15:52 ubuntuprueba sshd[66229]: Invalid user usupru2 from 10.X.X.X port 43534
Dec  9 10:15:57 ubuntuprueba sshd[66229]: Postponed keyboard-interactive for invalid user usupru2 from 10.X.X.X port 43534 ssh2 [preauth]
Dec  9 10:16:12 ubuntuprueba sshd[66231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X  user=usupru2
Dec  9 10:16:12 ubuntuprueba sshd[66231]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X user=usupru2
Dec  9 10:16:12 ubuntuprueba sshd[66231]: pam_sss(sshd:auth): received for user usupru2: 17 (Failure setting user credentials)
Dec  9 10:16:14 ubuntuprueba sshd[66229]: error: PAM: Authentication failure for illegal user usupru2 from 10.X.X.X
Dec  9 10:16:14 ubuntuprueba sshd[66229]: Failed keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 43534 ssh2
Dec  9 10:16:14 ubuntuprueba sshd[66229]: Postponed keyboard-interactive for invalid user usupru2 from 10.X.X.X port 43534 ssh2 [preauth]
Dec  9 10:17:01 ubuntuprueba CRON[66257]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  9 10:17:01 ubuntuprueba CRON[66257]: pam_unix(cron:session): session closed for user root
Dec  9 10:18:29 ubuntuprueba sshd[66300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X  user=usupru2
Dec  9 10:18:29 ubuntuprueba sshd[66300]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X user=usupru2
Dec  9 10:18:29 ubuntuprueba sshd[66298]: Accepted keyboard-interactive/pam for usupru2 from 10.X.X.X port 43578 ssh2
Dec  9 10:18:29 ubuntuprueba sshd[66298]: pam_unix(sshd:session): session opened for user usupru2 by (uid=0)

Any help is appreciated. Thanks very much.