[CentOS] ldap host attribute is ignored

Fri May 15 16:23:19 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 05/15/2015 03:07 AM, Ulrich Hiller wrote:
> the uid is below 2000. If you want to know the real number: it is 1026.

I'm happy to help, but I have to point out that we've been chasing this 
problem for ten days now, and the problem would be been pretty obvious 
if you had not obscured the uidNumber to begin with.

Please don't obscure information that isn't security-sensitive.

Your uidNumber is not sensitive.  Your Samba SID is not sensitive. 
These things can't be used to launch an attack on your system. 
Obscuring them wastes your time, above all.

> But when i set the 2000 to 1000:
> account     sufficient    pam_succeed_if.so uid < 1000 quiet
> i cannot login at all. "Permission denied"

What do the logs say?  If the "secure" log doesn't clarify the problem, 
then set debugging on sssd to 7 and check that log as well.