I'm using realmd to join the domain. I had tried changing a bunch of the settings, but I narrowed it down to the idmapping causing the problem.
My sssd.config looks like this (DOMAIN is the domain I'm trying to authenticate in);
Code:
[sssd]
debug_level =9
domains = DOMAIN
services = nss, pam
config_file_version = 2
[domain/DOMAIN]
debug_level = 9
ad_domain = DOMAIN
krb5_realm = DOMAIN
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
ldap_idmap_range_min = 100000
ldap_idmap_range_max = 2000100000
ldap_idmap_range_size = 100000
These are mostly defaults, except for the idmap_range values, I've been experimenting with all sorts of values and can't get anything to work.