Hi, added, but no success. My sssd.conf looks now so: [sssd] config_file_version = 2 services = nss,pam domains = default # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. [nss] filter_groups = root filter_users = root [pam] # Section created by YaST [domain/default] ldap_uri = ldap://ldap.mpia-hd.mpg.de ldap_search_base = o=mpia ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/ssl/certs chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=people,o=mpia ldap_group_search_base = ou=group,o=mpia access_provider = ldap #ldap_access_filter = memberOf=ou=people,o=mpia ldap_access_order = host ldap_user_authorized_host = host and my nsswitch,conf: passwd: files ldap shadow: files ldap group: files ldap #initgroups: files #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss ldap publickey: nisplus automount: files sss ldap aliases: files nisplus I get a "user unknown". With passwd: files sss ldap shadow: files sss ldap group: files sss ldap in nsswitch.conf all ldap users can login, independently from the host attribute. With kind regards, ulrich On 05/05/2015 08:58 PM, Ashish Yadav wrote: > Hi, > > I am confused about what to do now. >> Do i have to configure anything else in /etc/pam.d apart from system-auth? >> > > IMO, you have to configure sssd.conf properly. > > Please add "ldap_user_authorized_host = host" in your sssd.conf which you > have not configured. > After that please check again. > > For more information, please refer below link. > > <https://lists.fedorahosted.org/pipermail/sssd-users/2015-May/003001.html> > > --Regards > Ashishkumar S. Yadav > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >