On 05/15/2015 03:07 AM, Ulrich Hiller wrote: > the uid is below 2000. If you want to know the real number: it is 1026. I'm happy to help, but I have to point out that we've been chasing this problem for ten days now, and the problem would be been pretty obvious if you had not obscured the uidNumber to begin with. Please don't obscure information that isn't security-sensitive. Your uidNumber is not sensitive. Your Samba SID is not sensitive. These things can't be used to launch an attack on your system. Obscuring them wastes your time, above all. > But when i set the 2000 to 1000: > account sufficient pam_succeed_if.so uid < 1000 quiet > i cannot login at all. "Permission denied" What do the logs say? If the "secure" log doesn't clarify the problem, then set debugging on sssd to 7 and check that log as well.