Been wrestling and researching this thing like mad. Heard that SSSD is buggy. Anyone else have experience doing LDAP auth against active domain?

I might just have to toss in the towel and stick to REHL5 for now.

I have Redhat 5 playing nice as it authenticates against windows server 2008. But I ran into issues trying to get Redhat 6 to do it as well.

Here is where I stand on my redhat 6 box:

I have my certificates working between the windows and the redhat box.

From Root user I can SU to an Active Directory user.
getent works. I can see all the users info.
ldapsearch works with the CA certificate so my SSL handshake is working.
I do not suspect cert issues

But when I try to login as active directory on my Redhat 6 box I get told I used an invalid password. The password works just fine on the windows server, so I didn't fat finger anything. I am just confused as to why I can have getent and ldapsearching but can not login.

I have turned off iptables on redhat and the firewall on 2008 server to see if that would change the situation but no luck.

I noted that in Redhat 6 I need to config SSSD rather then NSCD.

Let me know if you need to see my:

ldap.conf
nsswitch.conf
sssd.conf
var messages

to provide further light and guidance on what I maybe doing wrong or leaving out in my configurations