On 05/11/2015 10:06 AM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. Hate to say that we're running out of options. I had a CentOS 7 system similar to yours, with LDAP authentication. I added three lines to sssd.conf (for access provider, etc), restarted sssd, and users with no "host" attribute were denied. I didn't actually test users with a host attribute that didn't match, or with deny rules. So maybe there's a bug that needs to be looked at? Does authentication work for users that have no "host" attribute at all? > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. Update, see if that makes a difference. After that you'll probably have to turn up logging in sssd and check its logs to see what it's doing.