> > Hate to say that we're running out of options. I had a CentOS 7 system > similar to yours, with LDAP authentication. I added three lines to > sssd.conf (for access provider, etc), restarted sssd, and users with no > "host" attribute were denied. I didn't actually test users with a host > attribute that didn't match, or with deny rules. So maybe there's a bug > that needs to be looked at? Does authentication work for users that > have no "host" attribute at all? yes, it works for users that have no "host" attribute at all > >> I have installed CentOS7 64bit with KDE. >> I did not do any 'yum update' or install of extra packages so far. > > Update, see if that makes a difference. i did it, rebooted it. No differnce > > After that you'll probably have to turn up logging in sssd and check its > logs to see what it's doing. That's a good hint. I'll do that tomorrow. With kind regards, ulrich