Lets get this straight, you have a user called 'root' in /etc/passwd
and another user called 'root' in AD, is this correct ???
You should name your central user something else. SSSD will
deliberately
not authenticate root because root should be authenticated by pam_unix.
Hi How about deleting the user called root in AD, choosing another domain user called adroot. Then use: username map = /some/file to make adroot map to root in /some/file?
adroot is now a domain user with uid 0
Possibly one can do that, but this is just a bad workaround for a bad assumption in SSSD, namly that there can not be any system out there who would like to auth "root" with SSSD.
Jocke
PS. Keep me on CC