Não é possível fazer login no Ubuntu como usuário do domínio “nenhuma entrada passwd para o usuário” (SSSD, KRB5, Samba) '

Eu segui este guia para participar do meu Ubuntu 14.04 servidor para o meu domínio. Eu tenho tudo funcionando - o servidor se juntou AD bem, eu posso kinit muito bem, e DNS dinâmico está funcionando muito bem. No entanto, quando eu faço login no Linux e tento su como um usuário de domínio, ele falha ...

Exemplo:

su domainuser
No passwd entry for user 'domainuser'

su timdomain\domainuser
No passwd entry for user 'timdomain\domainuser'

su timdomain.local\domainuser
No passwd entry for user 'timdomain.local\domainuser'

su TIMDOMAIN.LOCAL\domainuser
No passwd entry for user 'TIMDOMAIN.LOCAL\domainuser'

KRB5.conf

[libdefaults]
    default_realm = TIMDOMAIN.LOCAL


    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

    v4_instance_resolve = false
    v4_name_convert = {
            host = {
                    rcmd = host
                    ftp = ftp
            }
            plain = {
                    something = something-else
            }
    }
    fcc-mit-ticketflags = true

[realms]
    TIMDOMAIN.LOCAL = {
            kdc = dc01.timdomain.local
            admin_server = dc01.timdomain.local
            default_domain = timdomain.local
                    }

[domain_realm]
    .timdomain.local = DC01.TIMDOMAIN.LOCAL
    timdomain.local = DC01.TIMDOMAIN.LOCAL
[login]
    krb4_convert = true
    krb4_get_tickets = false

SSSD.conf

[sssd]
services = nss, pam
config_file_version = 2
domains = TIMDOMAIN.LOCAL

[domain\TIMDOMAIN.LOCAL]
id_provider = ad
overridehomedir = /home/%d/%u
access_provider = simple

smb.conf

[global]
   workgroup = TIMDOMAIN
   client signing = yes
   client use spnego = yes
   kerberos method = secrets and keytab
   realm = TIMDOMAIN.LOCAL
   security = ads

   server string = %h server (Samba, Ubuntu)
   dns proxy = no

   log file = /var/log/samba/log.%m

   max log size = 1000

   syslog = 0

   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   passdb backend = tdbsam

   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes

   map to guest = bad user
   usershare allow guests = yes


[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

nsswitch.conf

passwd:         compat sss
group:          compat sss
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis sss
sudoers:        files sss

~