home dir and shell for Active Directory authenticated users

This issue was solved by moving the entries

override_homedir = /home/%u
default_shell = /bin/bash

from the [sssd] section of sssd.conf to [domain/lab.local]

There are two parts of the equation. One is in SSSD and the Name Service Switch interface in particular. That part reports what the home directory is on the system and you can test it with "getent passwd $username". As long as that command gives you accurate answers, then SSSD is working as it should.

The other part is creating the home directories actually. I would recommend to use oddjob and pam_oddjob_mkhomedir there over old pam_mkhomedir. In my experience, it plays better with SELinux.

Look into /var/log/secure for error messages from the PAM modules..