CoreOS sssd.service failed to start

Latest Fedora CoreOS image 20250331.x
Trying to setup sssd service for Micrsoft Active Directory connection. Used manual Join a CoreOS VM to Microsoft Entra Domain Services - Microsoft Entra ID | Microsoft Learn, changed domain et cetera to ours of course.

First some issues that file sssd.conf was not 600.
But trying to start sssd.service gives Error (2 [No such file or directory]) retrieving domain [OURDOMAIN.COM], skipping!

But no clue in logs which file or directory is meant. Any tips / or who has it running against a local Active Directory?

That error usually comes up when SSSD can’t find or access something it needs, but the logs don’t always make it clear.

Make sure /etc/sssd/sssd.conf exists, is owned by root:root, and has chmod 600.

Check the [domain/...] section in the config must exactly match the domain name (including case).

Check if /etc/krb5.keytab exists and is readable, run klist -k to verify contents.

CoreOS might not have all the NSS or PAM pieces configured unless you’ve added/handled it manually.

You can also try running SSSD_LOG_LEVEL=10 sssd -i to get more verbose output in the terminal.

EDIT:

Also make sure it’s not related to SELinux, firewall or even DNS.

Changed owner (was root:sssd) to root:root, 600 OK. Still issue.
Will look after nss and pam because out of the box nothing done with that.

/etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam
domains = MYDOMAIN.EU

[domain/MYDOMAIN]
id_provider = ad
auth_provider = ad
chpass_provider = ad

ldap_uri = ldap://mydomain.eu
ldap_search_base = dc=mydomain,dc=eu
ldap_schema = rfc2307bis
ldap_sasl_mech = GSSAPI
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
fallback_homedir = /home/%d/%u

krb5_server = mydomain.eu
krb5_realm = MYDOMAIN.EU

Folders under /var/lib/sss and /etc/sssd being owned by sssd:sssd . After changing to root:root the [No such file or folder] error is gone but sill an error.
And also the process seems to change owners:

core@vm:~$ systemctl status sssd.service
× sssd.service - System Security Services Daemon
     Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf, 50-keep-warm.conf
     Active: failed (Result: exit-code) since Thu 2025-04-24 15:17:08 CEST; 5min ago
 Invocation: 4cb2a9036be640cb9593654145931ce3
    Process: 2049 ExecStartPre=/bin/chown -f -R -H root:sssd /etc/sssd (code=exited, status=0/SUCCESS)
    Process: 2051 ExecStartPre=/bin/chmod -f -R g+r /etc/sssd (code=exited, status=0/SUCCESS)
    Process: 2053 ExecStartPre=/bin/chmod -f g+x /etc/sssd (code=exited, status=0/SUCCESS)
    Process: 2055 ExecStartPre=/bin/chmod -f g+x /etc/sssd/conf.d (code=exited, status=0/SUCCESS)
    Process: 2057 ExecStartPre=/bin/chmod -f g+x /etc/sssd/pki (code=exited, status=0/SUCCESS)
    Process: 2059 ExecStartPre=/bin/sh -c /bin/chown -f -h sssd:sssd /var/lib/sss/db/*.ldb (code=exited, status=0/SUCCE>
    Process: 2061 ExecStartPre=/bin/chown -f -R -h sssd:sssd /var/lib/sss/gpo_cache (code=exited, status=0/SUCCESS)
    Process: 2063 ExecStartPre=/bin/sh -c /bin/chown -f -h sssd:sssd /var/log/sssd/*.log (code=exited, status=0/SUCCESS)
    Process: 2065 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=8)
   Main PID: 2065 (code=exited, status=8)
   Mem peak: 1.8M
        CPU: 93ms

Apr 24 15:17:08 vm systemd[1]: Starting sssd.service - System Security Services Daemon...
Apr 24 15:17:08 vm systemd[1]: sssd.service: Main process exited, code=exited, status=8/n/a
Apr 24 15:17:08 vm systemd[1]: sssd.service: Failed with result 'exit-code'.
Apr 24 15:17:08 vm systemd[1]: Failed to start sssd.service - System Security Services Daemon.

And after reboot the folder owners are again sssd:sssd.