I also found this bug on a FAI installed machine. It makes the SSSD daemon behaving weirdly:
* suddenly missing user names (whoami giving errors) * inconsistent uid <-> username mapping (spuriously) * spurious login failures Following are typical error messages in /var/log/auth.log: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=testhost.example.com user=test-user ... pam_sss(sshd:setcred): Request to sssd failed. Public socket has wrong ownership or permissions It was very difficult to find the actual bug, namely default ACLs on /var/lib/sss. Unsetting the default ACl via setfacl --remove-default -R /var/lib/sss fixes the problem after restarting SSSD. Kind regards, Markus