Re: samba4+sssd+centos6

As I mentioned before, I have a CentOS 6.3 system using SSSD (only) bound to 
the (separate) samba4 DC as an LDAP/krb5 server. Client is using Samba 
3.5.10.

I have successfully joined the client to the domain. Keytab is fine, 
kerberos works, ldapsearch works, etc. DNS is good. The machine entry in 
the DC database looks fine, and the userPrincipleName is correct. However, 
any attempt to look up a user (eg with getent, id, ssh login, etc) fails 
and leaves this evidence of a failed SASL bind in the client's sssd log:

(Thu Aug 16 13:58:37 2012) [sssd[be[SAMBA4]]] [sasl_bind_send] (0x0100):
 	Executing sasl bind mech: GSSAPI, user:
 	host/gulp.icse.cornell.edu <at> TITAN.TEST.CORNELL.EDU
(Thu Aug 16 13:58:38 2012) [sssd[be[SAMBA4]]] [sasl_bind_send] (0x0020):
 	ldap_sasl_bind failed (53)[Server is unwilling to perform]

and from the samba log on the DC, it looks as if everything proceeds OK 
until the connection is suddenly dropped. I don't see what the reason
for this is; a level 10 log is at:

 	http://www.cbe.cornell.edu/~smt/samba4.log

(the DC is s6a.titan.test.cornell.edu, and the client is gulp.icse.cornell.edu,
on the same LAN segment. The kerberos realm is TITAN.TEST.CORNELL.EDU).

I'd appreciate it if someone could take a look at this debug log and try 
to pinpoint the cause, because I surely can't see it. TIA!

Steve