[root@LINUX10 ~]# cat /etc/sssd/sssd.conf

[sssd]
default_domain_suffix = ad.domain.lu
domains = ad.domain.lu
config_file_version = 2
services = nss, pam

[domain/ad.domain.lu]
ad_domain = ad.domain.lu
krb5_realm = AD.DOMAIN.LU
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = simple
simple_allow_groups = LINUX-ALL-SUDO@ad.domain.lu, LINUX-MYSQL-USER@ad.domain.lu

Add to the end of file /etc/sssd/sssd.conf the following lines

[pam]
debug_level = 9

Logs are located into /var/log/sssd/, and also /var/log/secure

Add debug to /etc/pam.d/*

auth sufficient pam_duo.so debug

logs will be located into

*.debug /var/log/debug.log

# sssd -d4

[sssd] [ldb] (3): server_sort:Unable to register control with rootdse!
[sssd] [confdb_get_domains] (0): No domains configured, fatal error!
[sssd] [get_monitor_config] (0): No domains configured.

https://jfearn.fedorapeople.org/fdocs/en-US/Fedora_Draft_Documentation/0.1/html/System_Administrators_Guide/SSSD-Troubleshooting.htmlhttps://jfearn.fedorapeople.org/fdocs/en-US/Fedora_Draft_Documentation/0.1/html/System_Administrators_Guide/SSSD-Troubleshooting.html

To clear sssd cache for single user

# sss_cache -u user1

To clear sssd cache for all users

# sss_cache -E

Before doing this it is suggested that the SSSD service be stopped.

# systemctl stop sssd

After this we want to delete all files within the /var/lib/sss/db/ directory.

# rm -rf /var/lib/sss/db/*

Once complete we can start SSSD back up again.

# systemctl restart sssd