Thank you again for assisting. I did a little more digging myself and realized something
wrong about my /etc/pam.d/system-auth and /etc/pam.d/password-auth files. The auth line
for pam_sss.so had both use_first_pass and forward_pass. It seems to me that these counter
each other in some way. Once I took off use_first_pass, password logins to the domain
controllers and to my solaris 11 clients are working. I'm no longer getting an error
7, I'm instead getting successes in /var/log/secure.
Only issue now is it seems my pam configuration on Solaris must be incorrect or there is a
major bug - while the password works, I cannot open a session. Trying to su into an
account while on the system as root gives me some assertion error and then aborted. The
login with user@domain works (which is not what I want to use).
Solaris 10 on the other hand gives me "no legal authentication methods". Might
be a pam/nsswitch misconfiguration. I'll report back if I figure it out.