I repeated it with focal, and right after the join, id user@<REALM> worked, and I have no /etc/krb5.conf. There must be something else going on over there.
Can you please make these changes: - sudo apt install sssd-dbug (if not already installed) - /etc/sssd/sssd.conf: [sssd] services = nss, pam, ifp <--- add "ifp" debug_level = 6 <--- add [nss] <--- add debug_level = 6 <--- add [pam] <--- add debug_level = 6 <--- add [domain/...] debug_level = 6 <--- add Then restart sssd: sudo systemctl restart sssd Now the /var/log/sssd/sssd_nss.log file shall have debug info. With the "ifp" service, you can now use sssctl commands like these: root@focal-sssd-desktop-team:~# sssctl domain-list ad1.example.com ad2.example.com root@focal-sssd-desktop-team:~# sssctl domain-status ad1.example.com Online status: Online Active servers: AD Global Catalog: not connected AD Domain Controller: server1.ad1.example.com Discovered AD Global Catalog servers: None so far. Discovered AD Domain Controller servers: - server1.ad1.example.com root@focal-sssd-desktop-team:~# sssctl user-checks [email protected] user: [email protected] action: acct service: system-auth SSSD nss user lookup result: - user name: [email protected] - user id: 1725801106 - group id: 1725800513 - gecos: John Smith - home directory: /home/[email protected] - shell: /bin/bash SSSD InfoPipe user lookup result: - name: [email protected] - uidNumber: 1725801106 - gidNumber: 1725800513 - gecos: John Smith - homeDirectory: not set - loginShell: not set testing pam_acct_mgmt pam_acct_mgmt: Permission denied PAM Environment: - no env - root@focal-sssd-desktop-team:~# sssctl user-show [email protected] Name: [email protected] Cache entry creation date: 08/28/20 18:37:19 Cache entry last update time: 08/28/20 18:47:32 Cache entry expiration time: 08/28/20 20:17:32 Initgroups expiration time: 08/28/20 20:17:32 Cached in InfoPipe: No -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893438 Title: Cannot resolve users without an existing /etc/krb5.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1893438/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
