oops! please excuse previous reply re: SHA1.
John.
It would be very helpful if you could include your sssd.conf. I
strongly suspect
that you have a typo in your configuration somewhere.
I have included sssd.conf file. I have tried to keep it as simple as possible but
have tried several iterations on it as well.
-------------------------
[domain/default]
debug_level = 9
ldap_id_use_start_tls = True
ldap_search_base = ou=internal,dc=parc,dc=com
krb5_realm =
EXAMPLE.COM
krb5_server =
kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri =
ldap://pldap.parc.com/
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = demand
[sssd]
services = nss, pam
config_file_version = 2
enumerate = True
domains = default
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]