Hate to say that we're running out of options. I had a CentOS 7 system similar to yours, with LDAP authentication. I added three lines to sssd.conf (for access provider, etc), restarted sssd, and users with no "host" attribute were denied. I didn't actually test users with a host attribute that didn't match, or with deny rules. So maybe there's a bug that needs to be looked at? Does authentication work for users that have no "host" attribute at all?
yes, it works for users that have no "host" attribute at all
I have installed CentOS7 64bit with KDE. I did not do any 'yum update' or install of extra packages so far.
Update, see if that makes a difference.
i did it, rebooted it. No differnce
After that you'll probably have to turn up logging in sssd and check its logs to see what it's doing.
That's a good hint. I'll do that tomorrow.
With kind regards, ulrich