Unix: When AD authorization is not working

 [root@db2tst601 ~]# systemctl status sssd

● sssd.service - System Security Services Daemon

   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)

   Active: failed (Result: exit-code) since Tue 2025-07-15 17:30:04 CDT; 2h 22min ago

  Process: 49817 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=1/FAILURE)

 Main PID: 49817 (code=exited, status=1/FAILURE)

Jul 15 17:28:26 db2tst601 sssd_nss[1663851]: Starting up

Jul 15 17:28:27 db2tst601 sssd[49817]: Child [49890] ('TMW.COM':'%BE_TMW.COM') was terminated by own WATCHDOG. Consult corresponding logs to figure out the reason.

Jul 15 17:28:27 db2tst601 sssd_be[1664041]: Starting up

Jul 15 17:28:29 db2tst601 sssd_nss[1664043]: Starting up

Jul 15 17:28:33 db2tst601 sssd[49817]: Exiting the SSSD. Could not restart critical service [nss].

Jul 15 17:29:42 db2tst601 sssd_be[1664041]: Shutting down (status = 0)

Jul 15 17:29:43 db2tst601 sssd_pam[857047]: Shutting down (status = 0)

Jul 15 17:29:45 db2tst601 sssd_pac[50031]: Shutting down (status = 0)

Jul 15 17:30:04 db2tst601 systemd[1]: sssd.service: Main process exited, code=exited, status=1/FAILURE

Jul 15 17:30:04 db2tst601 systemd[1]: sssd.service: Failed with result 'exit-code'.

[root@db2tst601 ~]# systemctl start sssd

[root@db2tst601 ~]# systemctl status sssd

● sssd.service - System Security Services Daemon

   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)

   Active: active (running) since Tue 2025-07-15 19:52:59 CDT; 4s ago

 Main PID: 2684126 (sssd)

    Tasks: 6 (limit: 615049)

   Memory: 178.7M

   CGroup: /system.slice/sssd.service

           ├─2684126 /usr/sbin/sssd -i --logger=files

           ├─2684127 /usr/libexec/sssd/sssd_be --domain TMW.COM --uid 0 --gid 0 --logger=files

           ├─2684129 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files

           ├─2684130 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

           ├─2684131 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files

           └─2684632 /usr/libexec/sssd/krb5_child --dumpable=1 --debug-microseconds=0 --debug-timestamps=1 --debug-fd=32 --debug-level=0x0010 --chain-id=25 --sss-creds-password --canonicalize --check-pac=42 --realm=TMW.COM -->

Jul 15 19:52:55 db2tst601 systemd[1]: Starting System Security Services Daemon...

Jul 15 19:52:56 db2tst601 sssd[2684126]: Starting up

Jul 15 19:52:57 db2tst601 sssd_be[2684127]: Starting up

Jul 15 19:52:59 db2tst601 sssd_pac[2684131]: Starting up

Jul 15 19:52:59 db2tst601 sssd_nss[2684129]: Starting up

Jul 15 19:52:59 db2tst601 sssd_pam[2684130]: Starting up

Jul 15 19:52:59 db2tst601 systemd[1]: Started System Security Services Daemon.

-----------------

Sometimes you need to stop it first then start it:

[root@db2tst601 db_refresh]# systemctl status sssd

● sssd.service - System Security Services Daemon

   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)

   Active: active (running) since Thu 2025-07-17 20:58:24 CDT; 1 weeks 0 days ago

 Main PID: 2978 (sssd)

    Tasks: 5 (limit: 615049)

   Memory: 342.5M

   CGroup: /system.slice/sssd.service

           ├─   2978 /usr/sbin/sssd -i --logger=files

           ├─   2980 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files

           ├─   2981 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

           ├─   2982 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files

           └─3258258 /usr/libexec/sssd/sssd_be --domain TMW.COM --uid 0 --gid 0 --logger=files

Jul 24 23:00:19 db2tst601 krb5_child[2724000]: Pre-authentication failed: Cannot read password

Jul 24 23:14:21 db2tst601 krb5_child[2817683]: Pre-authentication failed: Cannot read password

Jul 25 00:00:00 db2tst601 krb5_child[3129399]: Pre-authentication failed: Cannot read password

Jul 25 00:03:14 db2tst601 krb5_child[3155195]: Pre-authentication failed: Cannot read password

Jul 25 00:17:14 db2tst601 krb5_child[3249606]: Pre-authentication failed: Cannot read password

Jul 25 00:18:54 db2tst601 sssd[2978]: Child [2979] ('TMW.COM':'%BE_TMW.COM') was terminated by own WATCHDOG. Consult corresponding logs to figure out the reason.

Jul 25 00:19:02 db2tst601 sssd_be[3258258]: Starting up

Jul 25 00:22:18 db2tst601 sssd[3280341]: couldn't get address for 'ns.us-east4.gcedns-prod.internal': not found

Jul 25 00:22:19 db2tst601 sssd[3280346]: couldn't get address for 'ns.us-east4.gcedns-prod.internal': not found

Jul 25 00:22:19 db2tst601 sssd[3280351]: couldn't get address for 'ns.global.gcedns-prod.internal': not found

[root@db2tst601 db_refresh]# systemctl stop sssd

[root@db2tst601 db_refresh]#  systemctl start sssd

[root@db2tst601 db_refresh]# systemctl status sssd

● sssd.service - System Security Services Daemon

   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)

   Active: active (running) since Fri 2025-07-25 00:25:39 CDT; 986ms ago

 Main PID: 3301884 (sssd)

    Tasks: 6 (limit: 615049)

   Memory: 57.4M

   CGroup: /system.slice/sssd.service

           ├─3301884 /usr/sbin/sssd -i --logger=files

           ├─3302316 /usr/libexec/sssd/sssd_be --domain TMW.COM --uid 0 --gid 0 --logger=files

           ├─3302318 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files

           ├─3302319 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

           ├─3302320 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files

           └─3302321 /usr/libexec/sssd/ldap_child --dumpable=1 --debug-microseconds=0 --debug-timestamps=1 --debug-fd=29 --debug-level=0x0010

Jul 25 00:25:34 db2tst601 systemd[1]: Starting System Security Services Daemon...

Jul 25 00:25:36 db2tst601 sssd[3301884]: Starting up

Jul 25 00:25:37 db2tst601 sssd_be[3302316]: Starting up

Jul 25 00:25:39 db2tst601 sssd_pam[3302319]: Starting up

Jul 25 00:25:39 db2tst601 sssd_nss[3302318]: Starting up

Jul 25 00:25:39 db2tst601 sssd_pac[3302320]: Starting up

Jul 25 00:25:39 db2tst601 systemd[1]: Started System Security Services Daemon.